TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Overview
overview
7Static
static
1setup.exe
windows7-x64
7setup.exe
windows10-2004-x64
7verifier.dll
windows7-x64
1verifier.dll
windows10-2004-x64
1version.dll
windows7-x64
1version.dll
windows10-2004-x64
3vulkan-1.dll
windows7-x64
3vulkan-1.dll
windows10-2004-x64
3wuapi.dll
windows7-x64
1wuapi.dll
windows10-2004-x64
1Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
6 signatures
150 seconds
Behavioral task
behavioral3
Sample
verifier.dll
Resource
win7-20221111-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
verifier.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
version.dll
Resource
win7-20221111-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
version.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral7
Sample
vulkan-1.dll
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
vulkan-1.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral9
Sample
wuapi.dll
Resource
win7-20220901-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
wuapi.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
file.zip
-
Size
6.2MB
-
MD5
dc59039f7c036c0899f65fe86b67a762
-
SHA1
d15c019a741adc9e82c2080e30401cd0c0218ca7
-
SHA256
ab93a71fe88d03697b7867acab35f3ba1ee322793a5125425e539a210282a881
-
SHA512
87a4c4119991375a189016cc57c68188df34be1abc7bffb80b77699dd0966f0974ea20cb985d18e45e3749ac422d695f4dd4ce79faa932ecb2cfff2ccbc6d64f
-
SSDEEP
98304:+dcD/BYCgdXveSlhaCvpZ2rjepNn+Woag/htosv1keW8aid3hs39ruhQMlv24UO8:+dU/GNfzjRXojepWag/hrv11U39rnxO8
Score
1/10
Malware Config
Signatures
Files
-
file.zip.zip
-
setup.exe.exe windows x86
e569e6f445d32ba23766ad67d1e3787f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale
comctl32
InitCommonControls
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
user32
CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW
oleaut32
SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate
netapi32
NetWkstaGetInfo
NetApiBufferFree
advapi32
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW
Exports
Exports
Sections
.text Size: 718KB - Virtual size: 718KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 27KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 154B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 24B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 93B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 195KB - Virtual size: 195KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
verifier.dll.dll windows x64
8bf144f6fdf48da3cc6073dd4bd7b5d4
Code Sign
33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:24Not After02/05/2020, 21:24SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d5:74:c3:ea:7c:d0:b3:3b:38:49:1e:e7:bb:99:67:72:6c:c0:9d:be:e0:54:e0:99:31:b5:3a:95:05:af:a0:28Signer
Actual PE Digestd5:74:c3:ea:7c:d0:b3:3b:38:49:1e:e7:bb:99:67:72:6c:c0:9d:be:e0:54:e0:99:31:b5:3a:95:05:af:a0:28Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US02/02/2023, 17:58 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntdll
RtlDllShutdownInProgress
RtlCompareUnicodeString
NtQuerySystemTime
RtlAllocateHeap
RtlRandom
NtQueryPerformanceCounter
RtlInitUnicodeString
RtlCaptureStackBackTrace
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
DbgPrint
RtlDeleteCriticalSection
NtFreeVirtualMemory
RtlGetUserInfoHeap
RtlDestroyHeap
RtlValidateHeap
RtlInitializeGenericTableAvl
RtlInitializeSRWLock
DbgPrintEx
NtQueryVirtualMemory
RtlDeleteElementGenericTableAvl
NtQuerySystemInformation
NtOpenEvent
RtlUpcaseUnicodeChar
NtQueryInformationProcess
RtlReleaseSRWLockExclusive
RtlLookupElementGenericTableAvl
RtlAcquireSRWLockExclusive
NtAllocateVirtualMemory
RtlInsertElementGenericTableAvl
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtReadVirtualMemory
RtlEnumerateGenericTableAvl
RtlInitializeCriticalSectionEx
RtlSizeHeap
RtlSetUserFlagsHeap
NtQueryEvent
NtProtectVirtualMemory
RtlSetUserValueHeap
RtlFreeHeap
RtlFlushSecureMemoryCache
RtlSetHeapInformation
RtlCreateHeap
RtlUnlockHeap
RtlLockHeap
RtlRaiseException
LdrLockLoaderLock
LdrUnlockLoaderLock
RtlCaptureContext
RtlReportException
NtTerminateProcess
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
RtlDecodePointer
RtlInitAnsiString
RtlEncodePointer
RtlFreeAnsiString
LdrFindResource_U
RtlUnicodeStringToAnsiString
LdrAccessResource
LdrQueryImageFileKeyOption
LdrQueryImageFileExecutionOptions
RtlImageNtHeader
EtwEventWriteTransfer
RtlSetEnvironmentVariable
EtwEventUnregister
EtwEventRegister
NtWriteVirtualMemory
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memmove
__C_specific_handler
_vsnwprintf
_wcsicmp
_vsnprintf
sscanf_s
wcstoul
RtlVerifyVersionInfo
wcsstr
_stricmp
VerSetConditionMask
RtlQueryHeapInformation
NtOpenThread
NtSuspendThread
NtClose
LdrQueryProcessModuleInformation
RtlNtStatusToDosError
NtResumeThread
RtlAddVectoredExceptionHandler
RtlEqualUnicodeString
LdrGetDllHandle
RtlDeleteResource
RtlAcquireResourceShared
NtDelayExecution
RtlAcquirePebLock
RtlReleaseResource
RtlInitializeResource
RtlAcquireResourceExclusive
RtlRemoveVectoredExceptionHandler
NtQueryInformationThread
RtlFindClearBitsAndSet
NtQueryObject
RtlReleasePebLock
RtlInterlockedPushEntrySList
RtlSplay
RtlDelete
RtlInitializeSListHead
RtlpWaitForCriticalSection
RtlInitializeCriticalSectionAndSpinCount
RtlTryEnterCriticalSection
RtlConvertExclusiveToShared
RtlRaiseStatus
RtlConvertSharedToExclusive
RtlInterlockedPopEntrySList
LdrFindEntryForAddress
iswspace
RtlEnumerateGenericTableWithoutSplayingAvl
_wcsnicmp
RtlQueryDepthSList
NtCreateEvent
RtlDeregisterWait
NtSetEvent
RtlRegisterWait
NtOpenProcessTokenEx
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtOpenKey
RtlConvertSidToUnicodeString
NtQueryInformationToken
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtGetContextThread
RtlDeregisterWaitEx
RtlWalkFrameChain
NtClearEvent
RtlFreeUnicodeString
RtlSetThreadPoolStartFunc
RtlCheckForOrphanedCriticalSections
NtWaitForMultipleObjects
NtCreateKey
NtWaitForSingleObject
NtCreateSection
NtUnmapViewOfSection
NtOpenSection
NtMapViewOfSection
__chkstk
memcpy
memset
Exports
Exports
AVrfAPILookupCallback
VerifierAddFreeMemoryCallback
VerifierCheckPageHeapAllocation
VerifierCreateRpcPageHeap
VerifierDeleteFreeMemoryCallback
VerifierDestroyRpcPageHeap
VerifierDisableFaultInjectionExclusionRange
VerifierDisableFaultInjectionTargetRange
VerifierEnableFaultInjectionExclusionRange
VerifierEnableFaultInjectionTargetRange
VerifierEnumerateResource
VerifierForceNormalHeap
VerifierGetInfoForException
VerifierGetMemoryForDump
VerifierGetPropertyValueByName
VerifierGetProviderHelper
VerifierIsAddressInAnyPageHeap
VerifierIsCurrentThreadHoldingLocks
VerifierIsDllEntryActive
VerifierIsPerUserSettingsEnabled
VerifierQueryRuntimeFlags
VerifierRedirectStopFunctions
VerifierSetFaultInjectionProbability
VerifierSetFlags
VerifierSetRuntimeFlags
VerifierStopMessage
Sections
.text Size: 163KB - Virtual size: 163KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 30KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
version.dll.dll windows x64
34340c2c4e9aa6ef6ad12bb695fc695b
Code Sign
33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/03/2020, 18:30Not After03/03/2021, 18:30SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
99:36:00:2d:63:8d:dc:7d:27:9e:21:e3:d8:be:62:5d:4e:6c:68:50:b8:56:3b:19:e3:ff:44:56:61:da:3d:17Signer
Actual PE Digest99:36:00:2d:63:8d:dc:7d:27:9e:21:e3:d8:be:62:5d:4e:6c:68:50:b8:56:3b:19:e3:ff:44:56:61:da:3d:17Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US02/02/2023, 17:58 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcrt
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_vsnprintf
memcmp
api-ms-win-core-errorhandling-l1-1-0
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
api-ms-win-core-version-l1-1-0
VerQueryValueW
VerFindFileW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
api-ms-win-core-localization-l1-2-0
IsDBCSLeadByte
api-ms-win-core-version-l1-1-1
GetFileVersionInfoW
GetFileVersionInfoSizeW
api-ms-win-core-file-l1-1-0
CreateFileW
DeleteFileA
GetFileSize
DeleteFileW
GetFullPathNameA
SetFileTime
GetFileTime
GetFileAttributesW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-processthreads-l1-1-0
TlsFree
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
TerminateProcess
TlsAlloc
TlsGetValue
GetCurrentProcess
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
GetProcAddress
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-versionansi-l1-1-0
GetFileVersionInfoExA
VerFindFileA
GetFileVersionInfoSizeExA
VerQueryValueA
api-ms-win-core-versionansi-l1-1-1
GetFileVersionInfoSizeA
GetFileVersionInfoA
api-ms-win-core-version-private-l1-1-0
GetFileVersionInfoByHandle
kernelbase
lstrcmpiA
lstrcmpiW
lstrlenW
ntdll
RtlAllocateHeap
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
NlsMbCodePageTag
kernel32
_lwrite
_lread
_lopen
_lclose
_lcreat
_llseek
LZCreateFileW
LZCloseFile
LZInit
LZCopy
LZClose
MoveFileW
Exports
Exports
GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 708B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
vulkan-1.dll.dll windows x64
01f8e4c6f5b71d53ba85860813f6d82c
Code Sign
09:26:8f:aa:1a:d6:89:4d:17:9e:5b:87:a2:f0:64:62Certificate
IssuerCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11/09/2017, 00:00Not After09/08/2020, 12:00SubjectCN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2014, 00:00Not After22/10/2024, 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2021, 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
09:26:8f:aa:1a:d6:89:4d:17:9e:5b:87:a2:f0:64:62Certificate
IssuerCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11/09/2017, 00:00Not After09/08/2020, 12:00SubjectCN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/10/2019, 00:00Not After17/10/2030, 00:00SubjectCN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d5:57:ba:c0:59:76:66:45:f3:41:99:21:c1:8d:c6:be:dc:de:17:7f:da:14:01:0b:52:32:3f:68:1d:d2:98:84Signer
Actual PE Digestd5:57:ba:c0:59:76:66:45:f3:41:99:21:c1:8d:c6:be:dc:de:17:7f:da:14:01:0b:52:32:3f:68:1d:d2:98:84Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedtrueVerification
Signing CertificateCN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US03/08/2020, 23:01 Valid: true
Chain 1
CN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US
CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US
CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
23:ea:11:96:3b:fe:43:c9:9f:b4:57:b6:c4:8d:1e:67:18:40:28:55Signer
Actual PE Digest23:ea:11:96:3b:fe:43:c9:9f:b4:57:b6:c4:8d:1e:67:18:40:28:55Digest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedtrueVerification
Signing CertificateCN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US03/08/2020, 23:01 Valid: true
Chain 1
CN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US
CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US
CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
cfgmgr32
CM_Open_DevNode_Key
CM_Locate_DevNodeW
CM_Get_Sibling
CM_Get_DevNode_Status
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Get_Device_IDW
CM_Get_Child
kernel32
GetCurrentProcess
IsWow64Process
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExA
LoadLibraryA
WideCharToMultiByte
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
CloseHandle
OutputDebugStringA
GetEnvironmentVariableA
GetSystemDirectoryA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ReadFile
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetFileSizeEx
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetCurrentThread
HeapReAlloc
GetTimeZoneInformation
MultiByteToWideChar
GetFileAttributesExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
FlushFileBuffers
WriteFile
GetConsoleCP
SetStdHandle
CreateFileW
GetStringTypeW
RaiseException
HeapSize
SetEndOfFile
WriteConsoleW
OutputDebugStringW
advapi32
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
Exports
Exports
vkAcquireNextImage2KHR
vkAcquireNextImageKHR
vkAllocateCommandBuffers
vkAllocateDescriptorSets
vkAllocateMemory
vkBeginCommandBuffer
vkBindBufferMemory
vkBindBufferMemory2
vkBindImageMemory
vkBindImageMemory2
vkCmdBeginQuery
vkCmdBeginRenderPass
vkCmdBeginRenderPass2
vkCmdBindDescriptorSets
vkCmdBindIndexBuffer
vkCmdBindPipeline
vkCmdBindVertexBuffers
vkCmdBlitImage
vkCmdClearAttachments
vkCmdClearColorImage
vkCmdClearDepthStencilImage
vkCmdCopyBuffer
vkCmdCopyBufferToImage
vkCmdCopyImage
vkCmdCopyImageToBuffer
vkCmdCopyQueryPoolResults
vkCmdDispatch
vkCmdDispatchBase
vkCmdDispatchIndirect
vkCmdDraw
vkCmdDrawIndexed
vkCmdDrawIndexedIndirect
vkCmdDrawIndexedIndirectCount
vkCmdDrawIndirect
vkCmdDrawIndirectCount
vkCmdEndQuery
vkCmdEndRenderPass
vkCmdEndRenderPass2
vkCmdExecuteCommands
vkCmdFillBuffer
vkCmdNextSubpass
vkCmdNextSubpass2
vkCmdPipelineBarrier
vkCmdPushConstants
vkCmdResetEvent
vkCmdResetQueryPool
vkCmdResolveImage
vkCmdSetBlendConstants
vkCmdSetDepthBias
vkCmdSetDepthBounds
vkCmdSetDeviceMask
vkCmdSetEvent
vkCmdSetLineWidth
vkCmdSetScissor
vkCmdSetStencilCompareMask
vkCmdSetStencilReference
vkCmdSetStencilWriteMask
vkCmdSetViewport
vkCmdUpdateBuffer
vkCmdWaitEvents
vkCmdWriteTimestamp
vkCreateBuffer
vkCreateBufferView
vkCreateCommandPool
vkCreateComputePipelines
vkCreateDescriptorPool
vkCreateDescriptorSetLayout
vkCreateDescriptorUpdateTemplate
vkCreateDevice
vkCreateDisplayModeKHR
vkCreateDisplayPlaneSurfaceKHR
vkCreateEvent
vkCreateFence
vkCreateFramebuffer
vkCreateGraphicsPipelines
vkCreateImage
vkCreateImageView
vkCreateInstance
vkCreatePipelineCache
vkCreatePipelineLayout
vkCreateQueryPool
vkCreateRenderPass
vkCreateRenderPass2
vkCreateSampler
vkCreateSamplerYcbcrConversion
vkCreateSemaphore
vkCreateShaderModule
vkCreateSharedSwapchainsKHR
vkCreateSwapchainKHR
vkCreateWin32SurfaceKHR
vkDestroyBuffer
vkDestroyBufferView
vkDestroyCommandPool
vkDestroyDescriptorPool
vkDestroyDescriptorSetLayout
vkDestroyDescriptorUpdateTemplate
vkDestroyDevice
vkDestroyEvent
vkDestroyFence
vkDestroyFramebuffer
vkDestroyImage
vkDestroyImageView
vkDestroyInstance
vkDestroyPipeline
vkDestroyPipelineCache
vkDestroyPipelineLayout
vkDestroyQueryPool
vkDestroyRenderPass
vkDestroySampler
vkDestroySamplerYcbcrConversion
vkDestroySemaphore
vkDestroyShaderModule
vkDestroySurfaceKHR
vkDestroySwapchainKHR
vkDeviceWaitIdle
vkEndCommandBuffer
vkEnumerateDeviceExtensionProperties
vkEnumerateDeviceLayerProperties
vkEnumerateInstanceExtensionProperties
vkEnumerateInstanceLayerProperties
vkEnumerateInstanceVersion
vkEnumeratePhysicalDeviceGroups
vkEnumeratePhysicalDevices
vkFlushMappedMemoryRanges
vkFreeCommandBuffers
vkFreeDescriptorSets
vkFreeMemory
vkGetBufferDeviceAddress
vkGetBufferMemoryRequirements
vkGetBufferMemoryRequirements2
vkGetBufferOpaqueCaptureAddress
vkGetDescriptorSetLayoutSupport
vkGetDeviceGroupPeerMemoryFeatures
vkGetDeviceGroupPresentCapabilitiesKHR
vkGetDeviceGroupSurfacePresentModesKHR
vkGetDeviceMemoryCommitment
vkGetDeviceMemoryOpaqueCaptureAddress
vkGetDeviceProcAddr
vkGetDeviceQueue
vkGetDeviceQueue2
vkGetDisplayModeProperties2KHR
vkGetDisplayModePropertiesKHR
vkGetDisplayPlaneCapabilities2KHR
vkGetDisplayPlaneCapabilitiesKHR
vkGetDisplayPlaneSupportedDisplaysKHR
vkGetEventStatus
vkGetFenceStatus
vkGetImageMemoryRequirements
vkGetImageMemoryRequirements2
vkGetImageSparseMemoryRequirements
vkGetImageSparseMemoryRequirements2
vkGetImageSubresourceLayout
vkGetInstanceProcAddr
vkGetPhysicalDeviceDisplayPlaneProperties2KHR
vkGetPhysicalDeviceDisplayPlanePropertiesKHR
vkGetPhysicalDeviceDisplayProperties2KHR
vkGetPhysicalDeviceDisplayPropertiesKHR
vkGetPhysicalDeviceExternalBufferProperties
vkGetPhysicalDeviceExternalFenceProperties
vkGetPhysicalDeviceExternalSemaphoreProperties
vkGetPhysicalDeviceFeatures
vkGetPhysicalDeviceFeatures2
vkGetPhysicalDeviceFormatProperties
vkGetPhysicalDeviceFormatProperties2
vkGetPhysicalDeviceImageFormatProperties
vkGetPhysicalDeviceImageFormatProperties2
vkGetPhysicalDeviceMemoryProperties
vkGetPhysicalDeviceMemoryProperties2
vkGetPhysicalDevicePresentRectanglesKHR
vkGetPhysicalDeviceProperties
vkGetPhysicalDeviceProperties2
vkGetPhysicalDeviceQueueFamilyProperties
vkGetPhysicalDeviceQueueFamilyProperties2
vkGetPhysicalDeviceSparseImageFormatProperties
vkGetPhysicalDeviceSparseImageFormatProperties2
vkGetPhysicalDeviceSurfaceCapabilities2KHR
vkGetPhysicalDeviceSurfaceCapabilitiesKHR
vkGetPhysicalDeviceSurfaceFormats2KHR
vkGetPhysicalDeviceSurfaceFormatsKHR
vkGetPhysicalDeviceSurfacePresentModesKHR
vkGetPhysicalDeviceSurfaceSupportKHR
vkGetPhysicalDeviceWin32PresentationSupportKHR
vkGetPipelineCacheData
vkGetQueryPoolResults
vkGetRenderAreaGranularity
vkGetSemaphoreCounterValue
vkGetSwapchainImagesKHR
vkInvalidateMappedMemoryRanges
vkMapMemory
vkMergePipelineCaches
vkQueueBindSparse
vkQueuePresentKHR
vkQueueSubmit
vkQueueWaitIdle
vkResetCommandBuffer
vkResetCommandPool
vkResetDescriptorPool
vkResetEvent
vkResetFences
vkResetQueryPool
vkSetEvent
vkSignalSemaphore
vkTrimCommandPool
vkUnmapMemory
vkUpdateDescriptorSetWithTemplate
vkUpdateDescriptorSets
vkWaitForFences
vkWaitSemaphores
Sections
.text Size: 777KB - Virtual size: 776KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 200KB - Virtual size: 200KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.cfguard Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 1024B - Virtual size: 786B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.00cfg Size: 512B - Virtual size: 283B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
wuapi.dll.dll regsvr32 windows x64
bdd516f68fe2b04b258a7916ceb9d16a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcp_win
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-crt-string-l1-1-0
memset
api-ms-win-crt-runtime-l1-1-0
_initterm
_initterm_e
api-ms-win-crt-private-l1-1-0
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wtol
_o_free
_o_iswspace
_o_malloc
_o_mbstowcs_s
_o_qsort
_o_strcpy_s
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstombs_s
_o_wcstoul
__CxxFrameHandler3
_CxxThrowException
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
wcsstr
_o__cexit
_o__callnewh
wcsrchr
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strrchr
strchr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
FreeLibrary
LockResource
LoadStringW
SizeofResource
GetModuleHandleExW
LoadResource
FindResourceExW
GetProcAddress
GetModuleFileNameW
api-ms-win-core-synch-l1-1-0
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexExW
ResetEvent
OpenEventW
InitializeCriticalSection
WaitForSingleObjectEx
CreateEventW
LeaveCriticalSection
ReleaseMutex
DeleteCriticalSection
CreateSemaphoreExW
WaitForSingleObject
EnterCriticalSection
ReleaseSemaphore
OpenSemaphoreW
SetEvent
api-ms-win-core-heap-l1-1-0
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
api-ms-win-core-processthreads-l1-1-0
OpenProcessToken
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
GetCurrentProcess
CreateThread
CreateProcessW
GetCurrentThreadId
TerminateProcess
api-ms-win-core-localization-l1-2-0
SetThreadLocale
FormatMessageW
GetThreadLocale
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
DebugBreak
OutputDebugStringW
api-ms-win-core-handle-l1-1-0
CloseHandle
DuplicateHandle
rpcrt4
NdrDllGetClassObject
NdrDllCanUnloadNow
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
CStdStubBuffer_IsIIDSupported
NdrStubCall3
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
UuidToStringW
RpcStringFreeW
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
UuidToStringA
UuidFromStringW
UuidCreate
IUnknown_Release_Proxy
UuidCreateNil
UuidCompare
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
RpcStringFreeA
NdrCStdStubBuffer2_Release
NdrStubForwardingFunction
CStdStubBuffer_Invoke
RpcServerInqCallAttributesW
api-ms-win-core-com-midlproxystub-l1-1-0
ObjectStublessClient9
NdrProxyForwardingFunction10
ObjectStublessClient10
NdrProxyForwardingFunction9
ObjectStublessClient8
NdrProxyForwardingFunction12
NdrProxyForwardingFunction21
NdrProxyForwardingFunction3
NdrProxyForwardingFunction7
CStdStubBuffer2_Connect
ObjectStublessClient24
ObjectStublessClient4
ObjectStublessClient19
CStdStubBuffer2_QueryInterface
ObjectStublessClient13
NdrProxyForwardingFunction5
NdrProxyForwardingFunction11
ObjectStublessClient7
CStdStubBuffer2_Disconnect
NdrProxyForwardingFunction6
NdrProxyForwardingFunction19
ObjectStublessClient23
NdrProxyForwardingFunction14
ObjectStublessClient15
NdrProxyForwardingFunction16
ObjectStublessClient18
NdrProxyForwardingFunction18
ObjectStublessClient3
NdrProxyForwardingFunction17
ObjectStublessClient22
NdrProxyForwardingFunction8
CStdStubBuffer2_CountRefs
NdrProxyForwardingFunction4
ObjectStublessClient12
ObjectStublessClient11
NdrProxyForwardingFunction13
NdrProxyForwardingFunction20
ObjectStublessClient14
NdrProxyForwardingFunction15
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventUnregister
EventSetInformation
EventProviderEnabled
EventWriteTransfer
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-registry-l1-1-0
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegOpenCurrentUser
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
CompareStringW
MultiByteToWideChar
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceBeginInitialize
InitOnceComplete
api-ms-win-shcore-thread-l1-1-0
GetProcessReference
api-ms-win-security-base-l1-1-0
AllocateAndInitializeSid
CopySid
CheckTokenMembership
FreeSid
DuplicateToken
ImpersonateSelf
AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
IsValidSid
GetLengthSid
DuplicateTokenEx
GetTokenInformation
api-ms-win-security-sddl-l1-1-0
ConvertSidToStringSidW
ConvertStringSidToSidW
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
GlobalFree
GlobalAlloc
api-ms-win-core-localization-obsolete-l1-2-0
GetNumberFormatW
GetUserDefaultUILanguage
CompareStringA
crypt32
CertFindCertificateInStore
CryptProtectData
CryptUnprotectData
CertGetCertificateContextProperty
CertVerifyCertificateChainPolicy
CryptHashPublicKeyInfo
CertOpenStore
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertControlStore
CertCloseStore
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-threadpool-legacy-l1-1-0
DeleteTimerQueueTimer
CreateTimerQueueTimer
api-ms-win-core-sysinfo-l1-1-0
GetSystemWindowsDirectoryW
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime
api-ms-win-core-privateprofile-l1-1-0
GetPrivateProfileStringW
api-ms-win-core-sidebyside-l1-1-0
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx
api-ms-win-core-shlwapi-legacy-l1-1-0
PathIsRelativeW
PathIsRootW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
OpenProcess
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-memory-l1-1-0
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
api-ms-win-service-winsvc-l1-1-0
QueryServiceStatus
api-ms-win-service-management-l1-1-0
CloseServiceHandle
OpenServiceW
StartServiceW
OpenSCManagerW
api-ms-win-service-management-l2-1-0
ChangeServiceConfig2W
QueryServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW
api-ms-win-core-shlwapi-obsolete-l1-1-0
StrRChrW
StrChrW
api-ms-win-core-sysinfo-l1-2-0
GetNativeSystemInfo
api-ms-win-stateseparation-helpers-l1-1-0
GetPersistedRegistryLocationW
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
SystemTimeToFileTime
api-ms-win-core-file-l1-1-0
GetDriveTypeW
ReadFile
GetFileType
CreateDirectoryW
CreateFileW
LocalFileTimeToFileTime
GetFileAttributesW
SetFileTime
SetFilePointer
GetFileSizeEx
WriteFile
GetVolumePathNameW
api-ms-win-core-datetime-l1-1-1
GetDateFormatEx
api-ms-win-core-wow64-l1-1-0
Wow64DisableWow64FsRedirection
IsWow64Process
Wow64RevertWow64FsRedirection
api-ms-win-core-kernel32-legacy-l1-1-0
DosDateTimeToFileTime
api-ms-win-core-file-l1-2-0
GetVolumeNameForVolumeMountPointW
api-ms-win-core-version-l1-1-0
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW
api-ms-win-core-libraryloader-l1-2-1
FindResourceW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 558KB - Virtual size: 558KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 207KB - Virtual size: 206KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 83KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ