ghub-main[.]zip[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

ghub-main.zip.7z
Size

10.3MB
MD5

0e515b2ce22502bc222e894e7a0d775f
SHA1

7f99fc4cb3064777cb1b272dff489af6086d8159
SHA256

774e3967b822539cb0a145c0ae24a0869fc412c87a336b0e6f038255eed9dafc
SHA512

2718c9a595ac431237cb5cb6cd3e0d602b5e78d97a229ff4ba1814c14a63d8467bdf4a051c36abebfd9dc9a34eb7cc7c96fd8c244da6cc27b696d0bfd882ee2f
SSDEEP

196608:xpyDY7UI8+3xdagspSda7Q28pFfAMGGTGGXKLdeimI/Nxc:yDY7p8WbspS328pyMttKLdBX/N

Score

N/A

Malware Config

Signatures

Files

ghub-main.zip.7z
.7z

Password: infected
ghub-main.zip
.zip
ghub-main/lghub.zip
.zip
lghub/Configuration/System32/AUDIOKSE.dll
.dll regsvr32 windows x64

2c9f5a71fe99cd124be3d57b64d7df6c

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:23

Not After

01-09-2022 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:d1:08:91:81:16:e3:ae:d3:52:e7:6a:28:be:d0:a3:a8:40:81:03:c1:35:36:ca:30:49:70:c4:15:78:1f:cc
Signer

Actual PE Digest

5e:d1:08:91:81:16:e3:ae:d3:52:e7:6a:28:be:d0:a3:a8:40:81:03:c1:35:36:ca:30:49:70:c4:15:78:1f:cc

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

28-11-2022 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memcpy
memcmp
log10f
pow
strcmp
realloc
_errno
_CxxThrowException
_onexit
__dllonexit
_wfopen
_unlock
feof
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
fread
_wtol
_wcslwr
??1type_info@@UEAA@XZ
wcsstr
__CxxFrameHandler3
wcsrchr
_resetstkoflw
_purecall
wcscat_s
wcscpy_s
free
malloc
wcsncpy_s
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
memset
wcsnlen
strnlen
fclose
fseek
tolower
_strnicmp
strncmp
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
RtlGetPersistedStateLocation
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlExtendMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlNtStatusToDosError
RtlFreeMemoryBlockLookaside
RtlVirtualUnwind
RtlLockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
RtlUnlockMemoryBlockLookaside
NtQueryInformationProcess
RtlAllocateMemoryBlockLookaside
RtlDeleteFunctionTable
RtlAddFunctionTable
ShipAssert

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleHandleW
SizeofResource
GetModuleFileNameA
LoadResource
FindResourceExW
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

SetWaitableTimer
WaitForMultipleObjectsEx
SetEvent
ResetEvent
CreateEventW
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CancelWaitableTimer
CreateEventA
CreateMutexExW
LeaveCriticalSection
CreateWaitableTimerExW
OpenSemaphoreW
WaitForSingleObjectEx
CreateEventExW
CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetCurrentThreadId
GetCurrentProcess
CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadLocale
SetThreadLocale

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent
RegisterTraceGuidsW
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceEnableFlags

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoGetMalloc
CoCreateInstance
PropVariantClear

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegGetValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceInitialize

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-memory-l1-1-0

VirtualAlloc
CreateFileMappingW
VirtualProtect
MapViewOfFile
UnmapViewOfFile
VirtualFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetWindowsDirectoryW
GetTickCount
GetTickCount64
GlobalMemoryStatusEx
GetVersionExW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx

api-ms-win-core-file-l1-1-0

CreateFileW
GetDiskFreeSpaceW
GetFileSize

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW

mmdevapi

ord5

avrt

AvSetMmThreadCharacteristicsA
AvSetMmThreadPriority
AvQuerySystemResponsiveness
AvRevertMmThreadCharacteristics

api-ms-win-core-psapi-l1-1-0

K32GetDeviceDriverBaseNameW
K32GetDeviceDriverFileNameW
K32EnumDeviceDrivers

api-ms-win-devices-query-l1-1-0

DevCreateObjectQuery
DevCloseObjectQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/AudioHandlers.dll
.dll windows x64

664a23a4dad925d3ad6b81e0e11730ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o_bsearch_s
_o_free
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
_o___stdio_common_vswprintf
_o__cexit
_o___stdio_common_vsnprintf_s
_o__callnewh
_o___std_type_info_destroy_list
_o__execute_onexit_table
_o__errno
_o___std_exception_destroy
_o__crt_atexit
_o___std_exception_copy
_o__configure_narrow_argv
_o__aligned_malloc
_o__aligned_free
__std_terminate
_CxxThrowException
__CxxFrameHandler3
memcmp
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LockResource
SizeofResource
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
FreeResource
LoadStringW
DisableThreadLibraryCalls
FindResourceExW
GetModuleHandleExW
LoadResource
FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
SetEvent
ResetEvent
CreateEventW
WaitForSingleObjectEx
DeleteCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
CreateMutexExW
OpenSemaphoreW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
CreateThread
SetThreadPriority

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLCID

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-com-l1-1-0

PropVariantClear
CoWaitForMultipleHandles
CoGetMalloc
CoIncrementMTAUsage
StringFromGUID2
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoCreateFreeThreadedMarshaler
StringFromCLSID
CoTaskMemFree
CoGetApartmentType
CoTaskMemRealloc
CoDecrementMTAUsage
CoCreateInstance

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpIW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOnFile

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-rtcore-ntuser-window-l1-1-0

FindWindowW
EnumWindows
AllowSetForegroundWindow
IsWindowVisible
SendMessageW
GetWindowLongW
GetWindowThreadProcessId
IsWindow
GetWindow

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord348

mmdevapi

ord28
ord25

api-ms-win-mm-misc-l1-1-0

mmioRead
mmioClose
mmioOpenW
mmioDescend

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_counter
_Query_perf_frequency

api-ms-win-devices-query-l1-1-0

DevGetObjects
DevFreeObjects
DevGetObjectProperties
DevFreeObjectProperties

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

sinf

Exports

Exports

DllCanUnloadNow
GetSetting

Sections

.text
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/AudioSrvPolicyManager.dll
.dll windows x64

5d1c4d39581dcf969214a8809ea2713a

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:23

Not After

01-09-2022 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:3b:d9:4a:df:70:a3:60:39:cc:69:de:eb:47:b7:52:69:9c:ad:79:47:3d:94:b9:f9:85:00:48:5f:02:8d:4c
Signer

Actual PE Digest

a4:3b:d9:4a:df:70:a3:60:39:cc:69:de:eb:47:b7:52:69:9c:ad:79:47:3d:94:b9:f9:85:00:48:5f:02:8d:4c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

28-11-2022 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

_Mtx_destroy_in_situ
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_init_in_situ

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o__wcsicoll
_o__wtoi
_o_calloc
_o_free
_o_log10
_o_malloc
_o_pow
_o_terminate
_o_wcsncpy_s
_o_wmemcpy_s
wcsstr
wcschr
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_type_info_compare
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcpy

mmdevapi

ord12
ord23
ord21

powrprof

PowerSettingUnregisterNotification
PowerSettingRegisterNotificationEx
PowerSettingRegisterNotification
GetPwrCapabilities

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetProcAddress
LoadResource
DisableThreadLibraryCalls
SizeofResource
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
FindResourceExW
FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
OpenSemaphoreW
WaitForSingleObject
EnterCriticalSection
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
SetEvent
CreateSemaphoreExW
CreateMutexExW
ResetEvent
CreateEventW
InitializeSRWLock
InitializeCriticalSectionEx
LeaveCriticalSection
AcquireSRWLockShared
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapSize
HeapDestroy
HeapReAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
OpenProcessToken
CreateThread
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc

api-ms-win-core-io-l1-1-0

PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort

rpcrt4

RpcImpersonateClient
I_RpcBindingInqLocalClientPID
RpcRevertToSelf
RpcServerInqCallAttributesW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegOpenCurrentUser
RegQueryValueExW
RegCreateKeyExW
RegGetValueW
RegGetKeySecurity
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegSetKeySecurity
RegDeleteTreeW
RegCloseKey

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForThreadpoolWorkCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWaitCallbacks
CloseThreadpool
CreateThreadpoolWait
CloseThreadpoolWait
SetThreadpoolWait

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
AddAce
MakeSelfRelativeSD
CopySid
InitializeSid
GetSidLengthRequired
GetAclInformation
EqualSid
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSecurityDescriptorLength
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
GetTokenInformation
GetAce
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetLengthSid
GetSecurityDescriptorDacl
MakeAbsoluteSD
InitializeSecurityDescriptor
AddAccessAllowedAceEx
AllocateAndInitializeSid
SetKernelObjectSecurity
InitializeAcl

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-string-l2-1-0

IsCharAlphaW
IsCharAlphaNumericW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

ntdll

RtlDllShutdownInProgress
RtlFreeHeap
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
NtQueryInformationToken
NtOpenThreadToken
RtlInitUnicodeString
RtlQueryTokenHostIdAsUlong64
RtlQueryPackageClaims
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlFreeSid
RtlGetAppContainerParent
RtlGetAppContainerSidType
NtAcquireProcessActivityReference
NtQueryInformationProcess
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlGetActiveConsoleId
RtlGetCurrentServiceSessionId
RtlPublishWnfStateData
RtlEqualWnfChangeStamps

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

ActivatePolicyManager
HHOSTEDAPPMANAGERCONTEXTRundown
PbmAllowMediaPlaybackForApp
PbmCastingAppStateChanged
PbmGetSoundLevel
PbmIsPlaying
PbmLaunchBackgroundTask
PbmPlayToStreamStateChanged
PbmRegisterAppClosureNotification
PbmRegisterAppManagerNotification
PbmRegisterPlaybackManagerNotifications
PbmReportAppClosing
PbmReportAppInteractivityChange
PbmReportApplicationState
PbmReportHostedAppStateChange
PbmSetScreenReaderState
PbmSetSmtcSubscriptionState
PbmSwitchSoftNonInteractiveAppsToHardNonInteractive
PbmUnregisterAppClosureNotification
PbmUnregisterAppManagerNotification
PbmUnregisterPlaybackManagerNotifications
TS_AudioProtocolNotifyRundown
TS_RegisterAudioProtocolNotification
TS_SessionChanged
TS_SessionGetAudioProtocol
TS_UnregisterAudioProtocolNotification

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/AuditPolicyGPInterop.dll
.dll windows x64

db1d7f062895f306b38b454940121c13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_purecall
_callnewh
malloc
_CxxThrowException
_XcptFilter
memcpy
realloc
_errno
??1type_info@@UEAA@XZ
__CxxFrameHandler3
free
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
wcsncpy_s
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
memcpy_s
_amsg_exit
__RTDynamicCast
memcmp
memset

oleaut32

SysAllocString
LoadRegTypeLi
VarUI4FromStr
LoadTypeLi
SysStringLen
SysFreeString

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibrary
FindResourceExW
SizeofResource
LoadResource
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-security-base-l1-1-0

MakeSelfRelativeSD
MapGenericMask
GetSecurityDescriptorLength
SetSecurityDescriptorControl
InitializeSecurityDescriptor

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

aclui

ord3

kernel32

lstrcmpiW

user32

UnregisterClassA

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/AuthBroker.dll
.dll regsvr32 windows x64

32fb571d6c3fe7bb2a8c88620d65e8ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

free
_initterm
_vsnwprintf
_XcptFilter
malloc
__CxxFrameHandler3
_lock
_unlock
memcpy
memcmp
__C_specific_handler
_amsg_exit
memmove_s
__dllonexit
_purecall
memcpy_s
_onexit
_callnewh
memset

rpcrt4

CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
NdrOleAllocate
CStdStubBuffer_QueryInterface
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_Connect
NdrStubForwardingFunction
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
I_RpcBindingInqLocalClientPID
CStdStubBuffer_DebugServerQueryInterface
NdrStubCall3
NdrOleFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
LoadStringW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
EnterCriticalSection
ReleaseSRWLockExclusive
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSRWLockShared
CreateMutexW
LeaveCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObject
CreateMutexExW
AcquireSRWLockShared
CreateEventW
SetEvent
InitializeCriticalSectionEx
DeleteCriticalSection
OpenSemaphoreW
CreateEventExW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserMarshal64
WindowsCompareStringOrdinal
HSTRING_UserFree
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
HSTRING_UserUnmarshal
WindowsStringHasEmbeddedNull
HSTRING_UserSize
HSTRING_UserMarshal
WindowsIsStringEmpty
HSTRING_UserSize64
WindowsGetStringLen
WindowsDuplicateString
WindowsCreateString
HSTRING_UserUnmarshal64
HSTRING_UserFree64

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CloseThreadpoolTimer
SubmitThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
SetThreadToken
OpenProcessToken
DeleteProcThreadAttributeList
TlsAlloc
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
TlsFree
TlsSetValue
CreateProcessW
CreateThread
GetCurrentThreadId
GetCurrentThread
OpenThreadToken
GetExitCodeProcess
GetProcessId
GetProcessIdOfThread
OpenThread
GetCurrentProcessId
ResumeThread
GetCurrentProcess
TerminateProcess

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
RoTransformError
SetRestrictedErrorInfo

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-com-midlproxystub-l1-1-0

CStdStubBuffer2_QueryInterface
CStdStubBuffer2_Disconnect
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient4
NdrProxyForwardingFunction3
ObjectStublessClient21
ObjectStublessClient11
CStdStubBuffer2_Connect
ObjectStublessClient16
ObjectStublessClient18
ObjectStublessClient20
CStdStubBuffer2_CountRefs
ObjectStublessClient10
ObjectStublessClient3
ObjectStublessClient17
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient19
ObjectStublessClient5
ObjectStublessClient13
ObjectStublessClient7
ObjectStublessClient15

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-security-base-l1-1-0

CopySid
ImpersonateLoggedOnUser
GetLengthSid
GetSidSubAuthorityCount
FreeSid
AllocateAndInitializeSid
GetTokenInformation

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-file-l1-1-0

CreateFileW

authz

AuthzInitializeResourceManager
AuthzAccessCheck
AuthzFreeResourceManager
AuthzFreeContext
AuthzInitializeContextFromSid

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-appcontainer-l1-1-0

GetAppContainerNamedObjectPath

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-wow64-l1-1-0

Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize
RoActivateInstance

winhttp

WinHttpCrackUrl
WinHttpCreateUrl

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-url-l1-1-0

ParseURLW

api-ms-win-security-provider-l1-1-0

GetSecurityInfo

api-ms-win-core-marshal-l1-1-0

HWND_UserMarshal64
HWND_UserUnmarshal64
HWND_UserMarshal
HWND_UserSize
HWND_UserUnmarshal
HWND_UserFree
HWND_UserSize64
HWND_UserFree64

combase

ord140

ntdll

RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlEqualSid
WinSqmAddToStream
_wcsnicmp
RtlIsStateSeparationEnabled
_wcsicmp
RtlAllocateAndInitializeSidEx
RtlDeriveCapabilitySidsFromName
RtlInitUnicodeString
RtlInitializeCriticalSection
wcstoul

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AuthBrokerClearThreadClientContext
AuthBrokerCreateClientContext
AuthBrokerFreeClientContext
AuthBrokerSetThreadClientContext
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllInstall
DllRegisterServer
FindCallingThreadImmersiveWindow
PurgeAuthHostSsoCache

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/AuthBrokerUI.dll
.dll windows x64

c757d7bae8f7bee20d966b8a7cd9d5b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_onexit
_initterm
__dllonexit
_vsnwprintf
_amsg_exit
memcpy_s
_unlock
_lock
malloc
__CxxFrameHandler3
__C_specific_handler
memset
_callnewh
_XcptFilter
free
_purecall
wcscmp

ntdll

RtlDeleteCriticalSection
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForMultipleObjectsEx
OpenSemaphoreW
WaitForSingleObjectEx
ResetEvent
CreateMutexExW
SetEvent
CreateEventW
WaitForSingleObject
CreateSemaphoreExW
ReleaseMutex

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

shcore

ord244

authbroker

FindCallingThreadImmersiveWindow

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW

oleaut32

SysStringLen
SysFreeString

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CreateWndMgmt
DirectUIInitProc
DirectUIInitThread
DirectUIUnInitProc
DirectUIUnInitThread
FreeWndMgmt
WabCreateWebRuntimeCoreControl
WabCreateWebRuntimeCoreVisualViewport
WabImmDisableLegacyIME

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/AuthExt.dll
.dll windows x64

7d741e8deb1ad01973eec6f385c0f89a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memmove
_vsnwprintf
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
_purecall
_callnewh
memcpy_s
__CxxFrameHandler3
memset

shell32

DuplicateIcon

shlwapi

ord278

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
LoadStringW
GetProcAddress

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
OpenSemaphoreW
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemRealloc
CoGetMalloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ntdll

RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification

propsys

PSCreateMemoryPropertyStore

user32

RegisterDeviceNotificationW
DestroyWindow
SystemParametersInfoW
RegisterPowerSettingNotification
DestroyIcon
DefWindowProcA
DefWindowProcW
IsWindowUnicode
GetWindowLongPtrW
UnregisterDeviceNotification
UnregisterPowerSettingNotification
SetWindowLongPtrW
GetSysColor

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/AuthFWGP.dll
.dll regsvr32 windows x64

ac903dd308939b1de6e2edc954fb7082

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

free
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_callnewh
malloc
_purecall
memset

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
TerminateProcess
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetModuleFileNameW
FreeResource
HeapFree
GlobalAlloc
GlobalFree
HeapAlloc
GetProcessHeap
GetLastError
Sleep

user32

LoadImageW
LoadIconW
LoadStringW
LoadBitmapW
RegisterClipboardFormatW

api-ms-win-core-com-l1-1-0

StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/SyncRes.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/WWAHost.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/Windows.Media.Speech.UXRes.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/audioresourceregistrar.dll
.dll windows x64

d6f7e64c81971ecd513474f51a1f2513

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o_calloc
_o_free
_o_malloc
_o_wcstoul
_o_wmemcpy_s
__C_specific_handler
_CxxThrowException
_o__cexit
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__callnewh
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
wcscmp
memset

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
OpenMutexW
CreateMutexW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
FindResourceExW
GetProcAddress
DisableThreadLibraryCalls
LoadResource
LockResource
SizeofResource

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

devobj

DevObjDestroyDeviceInfoList
DevObjOpenDevRegKey
DevObjCreateDeviceInfoList
DevObjGetClassDevs
DevObjEnumDeviceInfo

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapSize
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-com-l1-1-0

CLSIDFromString

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

xmllite

CreateXmlReader

Exports

Exports

GetKeywordDetectorRequiredResources
Register

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/auditcse.dll
.dll windows x64

c5f926b8cbae0a5a83ebbf22a4a1c921

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp110_win

?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
tolower
memcpy
memcmp
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
memmove
fclose
_wfopen_s
feof
fgetws
_wtoi
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
__CxxFrameHandler3
??3@YAXPEAX@Z
_CxxThrowException
__RTDynamicCast

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
DisableThreadLibraryCalls
FreeLibraryAndExitThread
LoadLibraryExW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetCurrentThread
TerminateProcess
OpenThreadToken
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

userenv

ProcessGroupPolicyCompletedEx

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
AdjustTokenPrivileges
PrivilegeCheck
RevertToSelf
ImpersonateSelf
GetSecurityDescriptorSacl

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCloseKey

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l2-1-2

CopyFileW

oleaut32

SafeArrayPutElement
SysAllocString
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantInit
SysFreeString
SafeArrayDestroy

api-ms-win-core-com-l1-1-0

CoCreateGuid

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventEnabled
EventWrite
EventRegister

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

advapi32

AuditFree
AuditEnumerateSubCategories
LsaSetCAPs
AuditSetGlobalSaclW
AuditSetPerUserPolicy
AuditSetSystemPolicy
AuditLookupSubCategoryNameW

shell32

SHCreateDirectoryExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

GenerateGroupPolicy
GenerateGroupPolicyCap
ProcessGroupPolicyEx
ProcessGroupPolicyExCap

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/auditpolmsg.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/authentication.dll
.dll windows x64

21a9b4b7bc6547458b49ef86d8c15d9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vsnprintf_s
__CxxFrameHandler4
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateSemaphoreExW
CreateEventExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
RevertToSelf
CheckTokenMembership
ImpersonateLoggedOnUser

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ext-ms-win-session-usermgr-l1-1-0

UMgrQueryUserToken

Exports

Exports

AuthzGetAccountType
AuthzRequestTicketWithWindow
AuthzRequestTicketWithoutWindow
GetAccountType
RequestTicketWithWindow
RequestTicketWithoutWindow

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/authfwcfg.dll
.dll windows x64

698eda7c7b72c637420872a2e143b13d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcscpy_s
_wcsicmp
_purecall
??3@YAXPEAX@Z
_vsnwprintf
wcstok_s
?what@exception@@UEBAPEBDXZ
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memcmp
isdigit
isalnum
memset
abort
_wsetlocale
__crtLCMapStringW
_wcsdup
memchr
tolower
isspace
__uncaught_exception
_unlock
_lock
setlocale
calloc
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
_errno
___mb_cur_max_func
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
localeconv
ldexp
_wcsnicmp
??_V@YAXPEAX@Z
_itow_s
iswdigit
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
free
malloc
_vsnprintf
__CxxFrameHandler3

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

bcrypt

BCryptGetFipsAlgorithmMode

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx
CoCreateGuid
StringFromGUID2

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetComputerNameExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-base-l1-1-0

FreeSid
CheckTokenMembership
AllocateAndInitializeSid

ntdll

RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
WinSqmAddToStream

ws2_32

htonl

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

netsh.exe

RegisterContext
RegisterHelper
PrintMessageFromModule
PrintError
PrintMessage
MatchTagsInCmdLine
MatchToken

fwpolicyiomgr

FwCopyPortsContents

firewallapi

FWSetFirewallRule
FWRestoreGPODefaults
FWRestoreDefaults
FWExportPolicy
FWImportPolicy
FWClosePolicyStore
FwBstrToPorts
FWFreeFirewallRule
FWFreeConnectionSecurityRule
FWEnumPhase2SAs
FWEnumPhase1SAs
FWFreeAuthenticationSets
FWCopyAuthenticationSet
FWEnumAuthenticationSets
FWFreeCryptoSets
FWCopyCryptoSet
FWFreeConnectionSecurityRules
FWCopyConnectionSecurityRule
FWEnumConnectionSecurityRules
FWFreeFirewallRules
FWCopyFirewallRule
FWEnumFirewallRules
FWGetGlobalConfig
FWOpenPolicyStore
FWStatusMessageFromStatusCode
FWDeletePhase2SAs
FWDeletePhase1SAs
FWFreePhase2SAs
FWFreePhase1SAs
FWDeleteFirewallRule
FWAddFirewallRule
FWVerifyFirewallRule
FWEnumMainModeRules
FWSetMainModeRule
FWDeleteMainModeRule
FWFreeMainModeRules
FWAddMainModeRule
FWVerifyMainModeRule
FwGetAddressesAsString
FWSetCryptoSet
FwCopyWFAddressesContents
FWSetConnectionSecurityRule
FWEnumCryptoSets
FWDeleteCryptoSet
FWDeleteAuthenticationSet
FWDeleteConnectionSecurityRule
FWAddConnectionSecurityRule
FWAddAuthenticationSet
FWAddCryptoSet
FWFreeAuthenticationSet
FwFreeAddresses
FWVerifyConnectionSecurityRule
FWVerifyAuthenticationSet
FwStringToAddresses
FWFreeProducts
FWEnumProducts
FwIsRemoteManagementEnabled
FWGetConfig
FWFreeCryptoSet
FWVerifyCryptoSet
FWSetGlobalConfig
FWSetConfig

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetResourceString
InitHelperDll

Sections

.text
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/comctl32.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/comdlg32.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/fms.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/mlang.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/msimsg.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/quickassist.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/System32/windows.ui.xaml.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/AuthBroker.dll
.dll regsvr32 windows x64

32fb571d6c3fe7bb2a8c88620d65e8ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

free
_initterm
_vsnwprintf
_XcptFilter
malloc
__CxxFrameHandler3
_lock
_unlock
memcpy
memcmp
__C_specific_handler
_amsg_exit
memmove_s
__dllonexit
_purecall
memcpy_s
_onexit
_callnewh
memset

rpcrt4

CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
NdrOleAllocate
CStdStubBuffer_QueryInterface
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_Connect
NdrStubForwardingFunction
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
I_RpcBindingInqLocalClientPID
CStdStubBuffer_DebugServerQueryInterface
NdrStubCall3
NdrOleFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
LoadStringW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
EnterCriticalSection
ReleaseSRWLockExclusive
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSRWLockShared
CreateMutexW
LeaveCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObject
CreateMutexExW
AcquireSRWLockShared
CreateEventW
SetEvent
InitializeCriticalSectionEx
DeleteCriticalSection
OpenSemaphoreW
CreateEventExW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserMarshal64
WindowsCompareStringOrdinal
HSTRING_UserFree
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
HSTRING_UserUnmarshal
WindowsStringHasEmbeddedNull
HSTRING_UserSize
HSTRING_UserMarshal
WindowsIsStringEmpty
HSTRING_UserSize64
WindowsGetStringLen
WindowsDuplicateString
WindowsCreateString
HSTRING_UserUnmarshal64
HSTRING_UserFree64

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CloseThreadpoolTimer
SubmitThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
SetThreadToken
OpenProcessToken
DeleteProcThreadAttributeList
TlsAlloc
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
TlsFree
TlsSetValue
CreateProcessW
CreateThread
GetCurrentThreadId
GetCurrentThread
OpenThreadToken
GetExitCodeProcess
GetProcessId
GetProcessIdOfThread
OpenThread
GetCurrentProcessId
ResumeThread
GetCurrentProcess
TerminateProcess

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
RoTransformError
SetRestrictedErrorInfo

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-com-midlproxystub-l1-1-0

CStdStubBuffer2_QueryInterface
CStdStubBuffer2_Disconnect
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient4
NdrProxyForwardingFunction3
ObjectStublessClient21
ObjectStublessClient11
CStdStubBuffer2_Connect
ObjectStublessClient16
ObjectStublessClient18
ObjectStublessClient20
CStdStubBuffer2_CountRefs
ObjectStublessClient10
ObjectStublessClient3
ObjectStublessClient17
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient19
ObjectStublessClient5
ObjectStublessClient13
ObjectStublessClient7
ObjectStublessClient15

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-security-base-l1-1-0

CopySid
ImpersonateLoggedOnUser
GetLengthSid
GetSidSubAuthorityCount
FreeSid
AllocateAndInitializeSid
GetTokenInformation

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-file-l1-1-0

CreateFileW

authz

AuthzInitializeResourceManager
AuthzAccessCheck
AuthzFreeResourceManager
AuthzFreeContext
AuthzInitializeContextFromSid

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-appcontainer-l1-1-0

GetAppContainerNamedObjectPath

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-wow64-l1-1-0

Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize
RoActivateInstance

winhttp

WinHttpCrackUrl
WinHttpCreateUrl

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-url-l1-1-0

ParseURLW

api-ms-win-security-provider-l1-1-0

GetSecurityInfo

api-ms-win-core-marshal-l1-1-0

HWND_UserMarshal64
HWND_UserUnmarshal64
HWND_UserMarshal
HWND_UserSize
HWND_UserUnmarshal
HWND_UserFree
HWND_UserSize64
HWND_UserFree64

combase

ord140

ntdll

RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlEqualSid
WinSqmAddToStream
_wcsnicmp
RtlIsStateSeparationEnabled
_wcsicmp
RtlAllocateAndInitializeSidEx
RtlDeriveCapabilitySidsFromName
RtlInitUnicodeString
RtlInitializeCriticalSection
wcstoul

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AuthBrokerClearThreadClientContext
AuthBrokerCreateClientContext
AuthBrokerFreeClientContext
AuthBrokerSetThreadClientContext
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllInstall
DllRegisterServer
FindCallingThreadImmersiveWindow
PurgeAuthHostSsoCache

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/win/AuthBrokerUI.dll
.dll windows x64

c757d7bae8f7bee20d966b8a7cd9d5b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_onexit
_initterm
__dllonexit
_vsnwprintf
_amsg_exit
memcpy_s
_unlock
_lock
malloc
__CxxFrameHandler3
__C_specific_handler
memset
_callnewh
_XcptFilter
free
_purecall
wcscmp

ntdll

RtlDeleteCriticalSection
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForMultipleObjectsEx
OpenSemaphoreW
WaitForSingleObjectEx
ResetEvent
CreateMutexExW
SetEvent
CreateEventW
WaitForSingleObject
CreateSemaphoreExW
ReleaseMutex

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

shcore

ord244

authbroker

FindCallingThreadImmersiveWindow

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW

oleaut32

SysStringLen
SysFreeString

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CreateWndMgmt
DirectUIInitProc
DirectUIInitThread
DirectUIUnInitProc
DirectUIUnInitThread
FreeWndMgmt
WabCreateWebRuntimeCoreControl
WabCreateWebRuntimeCoreVisualViewport
WabImmDisableLegacyIME

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/win/AuthExt.dll
.dll windows x64

7d741e8deb1ad01973eec6f385c0f89a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memmove
_vsnwprintf
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
_purecall
_callnewh
memcpy_s
__CxxFrameHandler3
memset

shell32

DuplicateIcon

shlwapi

ord278

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
LoadStringW
GetProcAddress

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
OpenSemaphoreW
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemRealloc
CoGetMalloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ntdll

RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification

propsys

PSCreateMemoryPropertyStore

user32

RegisterDeviceNotificationW
DestroyWindow
SystemParametersInfoW
RegisterPowerSettingNotification
DestroyIcon
DefWindowProcA
DefWindowProcW
IsWindowUnicode
GetWindowLongPtrW
UnregisterDeviceNotification
UnregisterPowerSettingNotification
SetWindowLongPtrW
GetSysColor

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/win/AuthFWGP.dll
.dll regsvr32 windows x64

ac903dd308939b1de6e2edc954fb7082

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

free
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_callnewh
malloc
_purecall
memset

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
TerminateProcess
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetModuleFileNameW
FreeResource
HeapFree
GlobalAlloc
GlobalFree
HeapAlloc
GetProcessHeap
GetLastError
Sleep

user32

LoadImageW
LoadIconW
LoadStringW
LoadBitmapW
RegisterClipboardFormatW

api-ms-win-core-com-l1-1-0

StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/win/AuthFWSnapin.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/win/AuthFWWizFwk.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/win/auditpolmsg.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/authentication.dll
.dll windows x64

21a9b4b7bc6547458b49ef86d8c15d9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vsnprintf_s
__CxxFrameHandler4
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateSemaphoreExW
CreateEventExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
RevertToSelf
CheckTokenMembership
ImpersonateLoggedOnUser

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ext-ms-win-session-usermgr-l1-1-0

UMgrQueryUserToken

Exports

Exports

AuthzGetAccountType
AuthzRequestTicketWithWindow
AuthzRequestTicketWithoutWindow
GetAccountType
RequestTicketWithWindow
RequestTicketWithoutWindow

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/win/authfwcfg.dll
.dll windows x64

698eda7c7b72c637420872a2e143b13d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcscpy_s
_wcsicmp
_purecall
??3@YAXPEAX@Z
_vsnwprintf
wcstok_s
?what@exception@@UEBAPEBDXZ
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memcmp
isdigit
isalnum
memset
abort
_wsetlocale
__crtLCMapStringW
_wcsdup
memchr
tolower
isspace
__uncaught_exception
_unlock
_lock
setlocale
calloc
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
_errno
___mb_cur_max_func
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
localeconv
ldexp
_wcsnicmp
??_V@YAXPEAX@Z
_itow_s
iswdigit
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
free
malloc
_vsnprintf
__CxxFrameHandler3

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

bcrypt

BCryptGetFipsAlgorithmMode

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx
CoCreateGuid
StringFromGUID2

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetComputerNameExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-base-l1-1-0

FreeSid
CheckTokenMembership
AllocateAndInitializeSid

ntdll

RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
WinSqmAddToStream

ws2_32

htonl

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

netsh.exe

RegisterContext
RegisterHelper
PrintMessageFromModule
PrintError
PrintMessage
MatchTagsInCmdLine
MatchToken

fwpolicyiomgr

FwCopyPortsContents

firewallapi

FWSetFirewallRule
FWRestoreGPODefaults
FWRestoreDefaults
FWExportPolicy
FWImportPolicy
FWClosePolicyStore
FwBstrToPorts
FWFreeFirewallRule
FWFreeConnectionSecurityRule
FWEnumPhase2SAs
FWEnumPhase1SAs
FWFreeAuthenticationSets
FWCopyAuthenticationSet
FWEnumAuthenticationSets
FWFreeCryptoSets
FWCopyCryptoSet
FWFreeConnectionSecurityRules
FWCopyConnectionSecurityRule
FWEnumConnectionSecurityRules
FWFreeFirewallRules
FWCopyFirewallRule
FWEnumFirewallRules
FWGetGlobalConfig
FWOpenPolicyStore
FWStatusMessageFromStatusCode
FWDeletePhase2SAs
FWDeletePhase1SAs
FWFreePhase2SAs
FWFreePhase1SAs
FWDeleteFirewallRule
FWAddFirewallRule
FWVerifyFirewallRule
FWEnumMainModeRules
FWSetMainModeRule
FWDeleteMainModeRule
FWFreeMainModeRules
FWAddMainModeRule
FWVerifyMainModeRule
FwGetAddressesAsString
FWSetCryptoSet
FwCopyWFAddressesContents
FWSetConnectionSecurityRule
FWEnumCryptoSets
FWDeleteCryptoSet
FWDeleteAuthenticationSet
FWDeleteConnectionSecurityRule
FWAddConnectionSecurityRule
FWAddAuthenticationSet
FWAddCryptoSet
FWFreeAuthenticationSet
FwFreeAddresses
FWVerifyConnectionSecurityRule
FWVerifyAuthenticationSet
FwStringToAddresses
FWFreeProducts
FWEnumProducts
FwIsRemoteManagementEnabled
FWGetConfig
FWFreeCryptoSet
FWVerifyCryptoSet
FWSetGlobalConfig
FWSetConfig

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetResourceString
InitHelperDll

Sections

.text
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/APHostRes.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/SyncRes.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/WWAHost.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/Windows.Management.SecureAssessment.Diagnostics.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/Windows.Media.Speech.UXRes.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/cdosys.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/comctl32.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/comdlg32.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/fms.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/mlang.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/msimsg.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/msprivs.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/quickassist.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/Configuration/win/el-GR/windows.ui.xaml.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lghub/lghub.exe
.exe windows x86

3e04b7fd8a1addc99c7a70f06b375a65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundW

ole32

CreateStreamOnHGlobal

msimg32

GradientFill

user32

IsDialogMessageW
CharUpperBuffW

shell32

DragFinish

gdi32

CreateCompatibleBitmap

winspool.drv

ClosePrinter

kernel32

Sleep
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.3Xk
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.r/@
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.y&P
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

2c9f5a71fe99cd124be3d57b64d7df6c

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

5e:d1:08:91:81:16:e3:ae:d3:52:e7:6a:28:be:d0:a3:a8:40:81:03:c1:35:36:ca:30:49:70:c4:15:78:1f:ccSigner

Signature Validations

Verification

28-11-2022 11:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-memory-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

mmdevapi

avrt

api-ms-win-core-psapi-l1-1-0

api-ms-win-devices-query-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 296KB

RT_CODE Size: 512B - Virtual size: 344B

RT_BSS Size: - Virtual size: 40B

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 4KB - Virtual size: 11KB

.pdata Size: 11KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 176B

RT_CONST Size: 4KB - Virtual size: 3KB

RT_DATA Size: 512B - Virtual size: 80B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

664a23a4dad925d3ad6b81e0e11730ca

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

5e:d1:08:91:81:16:e3:ae:d3:52:e7:6a:28:be:d0:a3:a8:40:81:03:c1:35:36:ca:30:49:70:c4:15:78:1f:cc
Signer

28-11-2022 11:52
Valid: false

.text
Size: 296KB - Virtual size: 296KB

RT_CODE
Size: 512B - Virtual size: 344B

RT_BSS
Size: - Virtual size: 40B

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 4KB - Virtual size: 11KB

.pdata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 176B

RT_CONST
Size: 4KB - Virtual size: 3KB

RT_DATA
Size: 512B - Virtual size: 80B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 258KB - Virtual size: 258KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

a4:3b:d9:4a:df:70:a3:60:39:cc:69:de:eb:47:b7:52:69:9c:ad:79:47:3d:94:b9:f9:85:00:48:5f:02:8d:4c
Signer

28-11-2022 11:52
Valid: false