LastUpdate[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

LastUpdate.rar
Size

9.1MB
MD5

ccd6d40188ec009f1906712369c85cf0
SHA1

1819f0853be50cd6ddfad36ecef4c03a3df1bd10
SHA256

1718df3d270353ed2d11de6a5474a395623607be4b7de9d933ada7115df9932e
SHA512

09d3b23502be844c7aeb5731fd8a3029bf662f4e8b98e7f88fd06c5c4a8488d0972eb29a953d569b27630a65d3325ac24ba129f9ebf959e5f3e796d6ee4935ad
SSDEEP

196608:XGMSdfC9xhiNN7b14mn9bHljBPMCKGARCbl+lPyz+QL3F:XGMSIHFSjBExGARIl+Ez+QL1

Score

3^/10

Malware Config

Signatures

Unsigned PE 43 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LastUpdate/AntiDebugging.dll
unpack001/LastUpdate/MinegamesAdministrationTool.dll
unpack001/LastUpdate/MinegamesAdministrationTool.exe
unpack001/LastUpdate/runtimes/unix/lib/net5.0/System.Management.Automation.dll
unpack001/LastUpdate/runtimes/unix/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
unpack001/LastUpdate/runtimes/win-arm/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
unpack001/LastUpdate/runtimes/win-arm/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
unpack001/LastUpdate/runtimes/win-arm/native/Microsoft.Management.Infrastructure.Native.Unmanaged.dll
unpack001/LastUpdate/runtimes/win-arm/native/mi.dll
unpack001/LastUpdate/runtimes/win-arm/native/miutils.dll
unpack001/LastUpdate/runtimes/win-arm64/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
unpack001/LastUpdate/runtimes/win10-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
unpack001/LastUpdate/runtimes/win10-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
unpack001/LastUpdate/runtimes/win10-x64/native/Microsoft.Management.Infrastructure.Native.Unmanaged.dll
unpack001/LastUpdate/runtimes/win10-x64/native/mi.dll
unpack001/LastUpdate/runtimes/win10-x64/native/miutils.dll
unpack001/LastUpdate/runtimes/win10-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
unpack001/LastUpdate/runtimes/win10-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
unpack001/LastUpdate/runtimes/win10-x86/native/Microsoft.Management.Infrastructure.Native.Unmanaged.dll
unpack001/LastUpdate/runtimes/win10-x86/native/mi.dll
unpack001/LastUpdate/runtimes/win10-x86/native/miutils.dll
unpack001/LastUpdate/runtimes/win7-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
unpack001/LastUpdate/runtimes/win7-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
unpack001/LastUpdate/runtimes/win7-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
unpack001/LastUpdate/runtimes/win7-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
unpack001/LastUpdate/runtimes/win8-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
unpack001/LastUpdate/runtimes/win8-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
unpack001/LastUpdate/runtimes/win8-x64/native/mi.dll
unpack001/LastUpdate/runtimes/win8-x64/native/miutils.dll
unpack001/LastUpdate/runtimes/win8-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
unpack001/LastUpdate/runtimes/win8-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
unpack001/LastUpdate/runtimes/win8-x86/native/mi.dll
unpack001/LastUpdate/runtimes/win8-x86/native/miutils.dll
unpack001/LastUpdate/runtimes/win81-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
unpack001/LastUpdate/runtimes/win81-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
unpack001/LastUpdate/runtimes/win81-x64/native/Microsoft.Management.Infrastructure.Native.Unmanaged.dll
unpack001/LastUpdate/runtimes/win81-x64/native/mi.dll
unpack001/LastUpdate/runtimes/win81-x64/native/miutils.dll
unpack001/LastUpdate/runtimes/win81-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
unpack001/LastUpdate/runtimes/win81-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
unpack001/LastUpdate/runtimes/win81-x86/native/Microsoft.Management.Infrastructure.Native.Unmanaged.dll
unpack001/LastUpdate/runtimes/win81-x86/native/mi.dll
unpack001/LastUpdate/runtimes/win81-x86/native/miutils.dll

Files

LastUpdate.rar
.rar
LastUpdate/AntiDebugging.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/IMPORTANT.txt
LastUpdate/Microsoft.ApplicationInsights.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1e:7b:f4:d3:ef:e2:85:ec:b4:ed:2a:80:fb:e3:d1:80:34:4e:60:c6:25:4b:35:e1:b7:36:7d:c1:88:88:38
Signer

Actual PE Digest

61:1e:7b:f4:d3:ef:e2:85:ec:b4:ed:2a:80:fb:e3:d1:80:34:4e:60:c6:25:4b:35:e1:b7:36:7d:c1:88:88:38

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/MinegamesAdministrationTool.deps.json
LastUpdate/MinegamesAdministrationTool.dll
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/MinegamesAdministrationTool.dll.config
LastUpdate/MinegamesAdministrationTool.exe
.exe windows:6 windows x64

ea4dd374d22e48fdcffcc7ad5e323053

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetFullPathNameW
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
LoadLibraryExW
FreeLibrary
RaiseException
RtlPcToFileHeader
EnterCriticalSection
FindFirstFileExW
OutputDebugStringW
LoadLibraryA
GetModuleHandleW
RtlUnwindEx
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
GetStringTypeW

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_errno
_cexit
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo_noreturn
_configure_wide_argv
_initialize_wide_environment
exit
terminate
_get_initial_wide_environment
_initterm
_register_onexit_function
_initterm_e
_initialize_onexit_table
_exit
_crt_atexit
abort
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__p__commode
_set_fmode
__stdio_common_vsprintf_s
setvbuf
_wfopen
__stdio_common_vfwprintf
fflush
__acrt_iob_func
fputwc
fputws

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc
calloc

api-ms-win-crt-string-l1-1-0

wcsncmp
strcspn
wcsnlen
strcpy_s
_wcsdup

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstoul

api-ms-win-crt-locale-l1-1-0

_lock_locales
setlocale
__pctype_func
___lc_locale_name_func
___lc_codepage_func
___mb_cur_max_func
_unlock_locales
_configthreadlocale
localeconv

api-ms-win-crt-math-l1-1-0

frexp
__setusermatherr

api-ms-win-crt-time-l1-1-0

_gmtime64
wcsftime
_time64

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/MinegamesAdministrationTool.pdb
LastUpdate/MinegamesAdministrationTool.runtimeconfig.dev.json
LastUpdate/MinegamesAdministrationTool.runtimeconfig.json
LastUpdate/Newtonsoft.Json.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27-04-2018 12:41

Not After

27-04-2028 12:41

Subject

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Not Before

25-10-2018 00:00

Not After

29-10-2021 12:00

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:13:59:16:4c:8e:cc:8d:d3:88:7d:1a:11:9d:63:ed:f6:04:94:fb:56:bd:8b:f7:8e:fa:42:fe:6b:9b:a5:ad
Signer

Actual PE Digest

69:13:59:16:4c:8e:cc:8d:d3:88:7d:1a:11:9d:63:ed:f6:04:94:fb:56:bd:8b:f7:8e:fa:42:fe:6b:9b:a5:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 667KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/System.Management.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:71:4e:5b:e8:1a:d5:69:38:22:8d:8b:bf:d4:ab:44:5a:64:cb:23:5b:e4:79:67:f6:10:6d:25:ff:18:30:42
Signer

Actual PE Digest

76:71:4e:5b:e8:1a:d5:69:38:22:8d:8b:bf:d4:ab:44:5a:64:cb:23:5b:e4:79:67:f6:10:6d:25:ff:18:30:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/System.Security.Cryptography.Pkcs.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:1f:04:25:84:59:55:35:70:36:52:3d:64:d2:b4:be:ba:0d:1c:ea:c2:df:7c:18:2b:54:6b:a0:e7:8c:93:b5
Signer

Actual PE Digest

81:1f:04:25:84:59:55:35:70:36:52:3d:64:d2:b4:be:ba:0d:1c:ea:c2:df:7c:18:2b:54:6b:a0:e7:8c:93:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/linux-arm/native/libpsl-native.so
.elf linux arm
LastUpdate/runtimes/linux-arm64/native/libpsl-native.so
.elf linux aarch64
LastUpdate/runtimes/linux-musl-x64/native/libpsl-native.so
.elf linux x64
LastUpdate/runtimes/linux-x64/native/libmi.so
.elf linux x64
LastUpdate/runtimes/linux-x64/native/libpsl-native.so
.elf linux x64
LastUpdate/runtimes/linux-x64/native/libpsrpclient.so
.elf linux x64
LastUpdate/runtimes/osx/native/libmi.dylib
.macho macos
LastUpdate/runtimes/osx/native/libpsl-native.dylib
.macho macos
LastUpdate/runtimes/osx/native/libpsrpclient.dylib
.macho macos
LastUpdate/runtimes/unix/lib/net5.0/System.Management.Automation.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/unix/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win-arm/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
.dll windows:4 windows

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win-arm/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win-arm/native/Microsoft.Management.Infrastructure.Native.Unmanaged.dll
.dll windows:10 windows

fe5b87c535c15f7049ce39d6c00b6907

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
memset

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpool
CloseThreadpoolWork
CreateThreadpoolWork
CreateThreadpool
SetThreadpoolThreadMaximum
FreeLibraryWhenCallbackReturns
LeaveCriticalSectionWhenCallbackReturns
SetThreadpoolThreadMinimum

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenThreadToken
SetThreadToken
GetCurrentThread
TerminateProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

mi

mi_clientFT_V1

Exports

Exports

GetAddr_OperationCallbacks_ClassObjectNeededCallback
GetAddr_OperationCallbacks_FreeIncludedFileBufferCallback
GetAddr_OperationCallbacks_GetIncludedFileBufferCallback
GetAddr_OperationCallbacks_NativeClassCallback
GetAddr_OperationCallbacks_NativeIndicationCallback
GetAddr_OperationCallbacks_NativeInstanceCallback
GetAddr_OperationCallbacks_NativePromptUserCallback
GetAddr_OperationCallbacks_NativeStreamedParameterResultCallback
GetAddr_OperationCallbacks_NativeWriteErrorCallback
GetAddr_OperationCallbacks_NativeWriteMessageCallback
GetAddr_OperationCallbacks_NativeWriteProgressCallback
GetAddr_SessionHandle_OnReleaseHandleCompleted
MI_ApplicationWrapper_Initialize
MI_ApplicationWrapper_ScheduleCleanupCallback
MI_ApplicationWrapper_SetAppDomainIsUnloading
MI_Helpers_GetCurrentSecurityToken
MI_Helpers_IsClrShuttingDown
MI_Helpers_SetClrIsNotShuttingDown
MI_Helpers_SetClrIsShuttingDown
MI_OperationWrapper_DecrementCount_AndDontWorryAboutLifetimeOfMiDotNetDll
MI_OperationWrapper_DecrementCount_AndManageLifetimeOfMiDotNetDll
MI_OperationWrapper_GetClass
MI_OperationWrapper_GetIndication
MI_OperationWrapper_GetInstance
MI_OperationWrapper_Initialize
MI_OperationWrapper_ScheduleDrainingWorkIfNeeded
MI_OperationWrapper_SetupDrainingIfNeeded
UnmanagedMI_GetMiClientFT_V1
UnmanagedMI_GetMiEvaluatorFT_V1
UnmanagedMI_GetMiMonitoringFT_V1
UnmanagedMI_GetMiReactiveExtensionsFT_V1

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win-arm/native/PowerShell.Core.Instrumentation.dll
.dll windows:6 windows

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:5b:63:bf:b4:2e:49:57:c5:ec:4c:9d:06:6f:53:8b:70:42:17:48:d5:bc:ee:d0:05:c7:e2:22:2f:a6:2e:f7
Signer

Actual PE Digest

d2:5b:63:bf:b4:2e:49:57:c5:ec:4c:9d:06:6f:53:8b:70:42:17:48:d5:bc:ee:d0:05:c7:e2:22:2f:a6:2e:f7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win-arm/native/mi.dll
.dll windows:10 windows

0eeae8bee19d1019ff166d14915113e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcslen
wcscpy_s
wcstoul
swprintf_s
_set_output_format
_ui64tow_s
_i64tow_s
_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
wcscmp
memset
_wcsicmp
memcpy

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThread
SetThreadToken
OpenThreadToken
TerminateProcess

api-ms-win-security-base-l1-1-0

ImpersonateSelf
RevertToSelf

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetProcAddress
FreeLibrary
LoadLibraryExW
DisableThreadLibraryCalls

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

ntdll

RtlEqualSid

miutils

Instance_SetElementArrayItem
OSC_Type_GetSize
XMLDOM_Parse
RCClass_AddMethodParameterQualifierArray
RCClass_AddElementArray
RCClass_New
RCClass_AddElementQualifier
RCClass_AddClassQualifierArray
RCClass_AddElementQualifierArrayItem
OSC_StringToMiValue
RCClass_AddMethodParameter
Instance_IsDynamic
RCClass_AddClassQualifier
RCClass_AddMethodQualifier
RCClass_AddElementQualifierArray
RCClass_AddMethodParameterQualifier
RCClass_AddMethodQualifierArrayItem
Instance_SetElementArray
RCClass_AddClassQualifierArrayItem
Config_GetRegString
Instance_InitDynamic
PublishDebugMessage
SubscriptionDeliveryOptions_Create
MiErrorCategoryFromWindowsError
RtlDeleteCachedFastLock
RtlQueueAcquireCachedFastLockExclusive
RtlReleaseCachedFastLockExclusive
Instance_New
RtlInitializeCachedFastLock
DestinationOptions_Create
Class_New
RtlInterlockedCompareWait
RtlInterlockedWakeAll
CimErrorFromErrorCode
OperationOptions_Create
DestinationOptions_Duplicate
DestinationOptions_MigrateOptions
OperationOptions_MigrateOptions
SubscriptionDeliveryOptions_MigrateOptions
Options_FindValue
RtlQueueAcquireCachedFastLockShared
Config_GetProtocolHandlerDetails
RtlReleaseCachedFastLockShared
RtlTryAcquireCachedFastLockShared
RCClass_AddMethod
MI_Hash
RCClass_AddElement
RCClass_AddElementArrayItem
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifierArray
XMLDOM_Free

Exports

Exports

MI_Application_InitializeV1
mi_clientFT_V1

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win-arm/native/miutils.dll
.dll windows:10 windows

e3f53f99594a106c58fd299097af5552

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_i64tow_s
wcscmp
wcschr
_wcsdup
swscanf_s
_vsnwprintf
_onexit
wcsstr
__dllonexit
_wtoi
__CxxFrameHandler3
_ui64tow_s
_unlock
_lock
wcscpy_s
??1type_info@@UAA@XZ
?terminate@@YAXXZ
?what@exception@@UBAPBDXZ
__C_specific_handler
_initterm
malloc
_swprintf_c
_amsg_exit
_wcsnicmp
_XcptFilter
??1exception@@UAA@XZ
free
getenv
strlen
_wcstoui64
memmove
memcpy
wcstod
_purecall
??0exception@@QAA@ABV0@@Z
_CxxThrowException
??0exception@@QAA@ABQBD@Z
fwprintf
??0exception@@QAA@ABQBDH@Z
memset
memcmp
__iob_func
wcstoul
_wcsicmp
_wcstoi64
wcstol
wcslen

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegGetValueW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
WaitForSingleObject
CreateEventW
InitializeCriticalSection
SetEvent
DeleteCriticalSection
EnterCriticalSection
ResetEvent

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount64

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetProcessId
TerminateProcess
SwitchToThread

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-localization-l1-2-0

GetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoCreateInstance
StringFromGUID2

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

ntdll

RtlGetCurrentProcessorNumber

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??0CAutoSetActivityId@@QAA@XZ
??0CCritSec@@QAA@XZ
??0DynamicSchema@@QAA@XZ
??0IndicationSchema@@QAA@XZ
??0StaticSchema@@QAA@XZ
??0WMISchema@@QAA@XZ
??0WMISchema@@QAA@_N@Z
??1CAutoSetActivityId@@QAA@XZ
??1CCritSec@@QAA@XZ
??1WMISchema@@UAA@XZ
??4CAutoSetActivityId@@QAAAAV0@ABV0@@Z
??4CCritSec@@QAAAAV0@ABV0@@Z
?CreateInstance@DynamicSchema@@UAAJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?CreateInstance@IndicationSchema@@UAAJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?CreateInstance@StaticSchema@@UAAJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?DeInitialize@WMISchema@@QAAJXZ
?GetFlags@MiSchema@@UBAJXZ
?GetMiClass@DynamicSchema@@UAAJPBG00PAPBU_MI_Class@@@Z
?GetMiClass@IndicationSchema@@UAAJPBG00PAPBU_MI_Class@@@Z
?GetMiClass@StaticSchema@@UAAJPBG00PAPBU_MI_Class@@@Z
?GetNoneCachedWmiClass@WMISchema@@UAAJPBGPAUIWbemServices@@AAV?$CComPtr@UIWbemClassObject@@@ATL@@PAUIConversionContext@@@Z
?GetWmiClass@WMISchema@@UAAJPBG0AAV?$CComPtr@UIWbemClassObject@@@ATL@@PAUIConversionContext@@@Z
?GetWmiIWbemServices@WMISchema@@UAAJPBGAAV?$CComPtr@UIWbemServices@@@ATL@@@Z
?Initialize@StaticSchema@@QAAJPBU_MI_Module@@@Z
?Initialize@WMISchema@@QAAX_N@Z
?SetFlags@MiSchema@@MAAJJ@Z
CimErrorFromErrorCode
CimError_Construct
CimStatusCodeFromWindowsError
CimTypeToType
ClassCache_AddClass
ClassCache_Delete
ClassCache_GetClass
ClassCache_New
Class_New
CompareInstance
CompareValue
Config_GetProtocolHandlerDetails
Config_GetRegString
CreateConversionContext
DestinationOptions_Create
DestinationOptions_Duplicate
DestinationOptions_MigrateOptions
FindClassDecl
FindMethodDecl
FindQualifierInWMIObject
GetCorrelationId
GetMethodParameters
GetReferenceFromWMIObjectPath
InstanceToWMIEvent
InstanceToWMIExtendedStatus
InstanceToWMIObject
Instance_Clone
Instance_Construct
Instance_GetResourceURI
Instance_InitDynamic
Instance_IsDynamic
Instance_MatchKeys
Instance_New
Instance_SetElementArray
Instance_SetElementArrayItem
Instance_SetResourceURI
Instance_SetServerName
IsLifeCycleIndicationQuery
MI_Hash
MiErrorCategoryFromWindowsError
OSC_Batch_Destroy
OSC_Batch_Get
OSC_Batch_Strdup
OSC_StringToMiValue
OSC_Type_GetSize
OperationOptions_CopyOptions
OperationOptions_Create
OperationOptions_MigrateOptions
OptionsValueToContextValue
Options_FindValue
ParametersToWMIObject
PropertySet_New
PropertyToVariant
PublishClientOperationInfo
PublishDebugInfo
PublishDebugMessage
PublishProviderResult
PublishProviderWriteError
PublishProviderWriteMessage
QualifierFlavorToWMI
RCClass_AddClassQualifier
RCClass_AddClassQualifierArray
RCClass_AddClassQualifierArrayItem
RCClass_AddElement
RCClass_AddElementArray
RCClass_AddElementArrayItem
RCClass_AddElementQualifier
RCClass_AddElementQualifierArray
RCClass_AddElementQualifierArrayItem
RCClass_AddMethod
RCClass_AddMethodParameter
RCClass_AddMethodParameterQualifier
RCClass_AddMethodParameterQualifierArray
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifier
RCClass_AddMethodQualifierArray
RCClass_AddMethodQualifierArrayItem
RCClass_New
ResultFromHRESULT
ResultToHRESULT
RtlDeleteCachedFastLock
RtlInitializeCachedFastLock
RtlInterlockedCompareWait
RtlInterlockedWakeAll
RtlQueueAcquireCachedFastLockExclusive
RtlQueueAcquireCachedFastLockShared
RtlQueueAcquireFastLockExclusive
RtlQueueAcquireFastLockShared
RtlReleaseCachedFastLockExclusive
RtlReleaseCachedFastLockShared
RtlReleaseFastLockExclusive
RtlReleaseFastLockShared
RtlTryAcquireCachedFastLockShared
RtlTryAcquireFastLockExclusive
RtlTryAcquireFastLockShared
RtlpInitFastLock
RtlpReleaseIdleSlots
SetCorrelationIdToWbemContext
SetModifiedPropertyNamesToContext
SetProperties
SubscriptionDeliveryOptions_Create
SubscriptionDeliveryOptions_MigrateOptions
TypeToCimType
ValueClear
ValueToVariant
VariantArrayToSafeArray
VariantToValue
WMIEventToCIMIndication
WMIExtendedObjectToInstance
WMIObjectToClass
WMIObjectToInstance
WMIQualifierFlavorToMI
WriteWBEM_MC_CLIENT_REQUEST_FAILURE
XMLDOM_Free
XMLDOM_Parse
XML_FormatError
XML_Init
XML_Next
XML_PutError
XML_RegisterNameSpace
XML_SetText
XML_StripWhitespace

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win-arm/native/pwrshplugin.dll
.dll windows:6 windows

3d5f350c2af6d422ae9bedd7c5aa88e2

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:d1:25:29:69:1d:e7:06:b9:b3:56:fc:ef:c0:1d:e9:d5:94:1d:82:b6:ea:2f:ec:fe:32:36:31:18:a2:7a:ff
Signer

Actual PE Digest

a8:d1:25:29:69:1d:e7:06:b9:b3:56:fc:ef:c0:1d:e9:d5:94:1d:82:b6:ea:2f:ec:fe:32:36:31:18:a2:7a:ff

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
RaiseException
DecodePointer
LocalFree
DeleteCriticalSection
LoadLibraryExW
LoadLibraryExA
GetModuleHandleExA
GetProcAddress
FreeLibrary
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
GetModuleHandleW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
InitializeSListHead
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
ExpandEnvironmentStringsW
GetModuleFileNameW
ExpandEnvironmentStringsA
FormatMessageW
WideCharToMultiByte
GetModuleFileNameA
LeaveCriticalSection
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
LCMapStringEx
GetStringTypeW
MultiByteToWideChar
InitOnceExecuteOnce
CloseHandle
CreateFileW

ole32

CoInitializeEx
CoUninitialize

wsmsvc

WSManPluginOperationComplete

api-ms-win-crt-stdio-l1-1-0

_fseeki64
fsetpos
fopen_s
__stdio_common_vswprintf_s
ungetc
fgetpos
fwrite
fclose
fgetwc
fgetc
ungetwc
fputwc
fflush
setvbuf
_wfsopen
fseek

api-ms-win-crt-convert-l1-1-0

_itow_s
wcstoul

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_callnewh
free

api-ms-win-crt-string-l1-1-0

_wcsdup
islower
isupper
strlen
isspace
_wcsnicmp
strcpy_s
__strncnt
wcsnlen
strcmp
wcslen

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
abort
terminate
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_errno

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

advapi32

RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW

api-ms-win-crt-locale-l1-1-0

_unlock_locales
__pctype_func
___mb_cur_max_func
setlocale
_lock_locales
___lc_locale_name_func
___lc_codepage_func

Exports

Exports

GetCLRVersionForPSVersion
WSManPluginCommand
WSManPluginConnect
WSManPluginReceive
WSManPluginReleaseCommandContext
WSManPluginReleaseShellContext
WSManPluginSend
WSManPluginShell
WSManPluginShutdown
WSManPluginSignal
WSManPluginStartup

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win-arm64/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
LastUpdate/runtimes/win-arm64/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win-arm64/native/Microsoft.Management.Infrastructure.Native.Unmanaged.dll
LastUpdate/runtimes/win-arm64/native/PowerShell.Core.Instrumentation.dll
LastUpdate/runtimes/win-arm64/native/mi.dll
LastUpdate/runtimes/win-arm64/native/miutils.dll
LastUpdate/runtimes/win-arm64/native/pwrshplugin.dll
LastUpdate/runtimes/win-x64/native/PowerShell.Core.Instrumentation.dll
.dll windows:6 windows x64

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:83:7a:e0:32:52:7c:fe:ef:e2:c3:08:be:78:61:89:cb:b9:e7:52:a5:99:51:48:ca:57:2d:18:7c:3b:98:f9
Signer

Actual PE Digest

1b:83:7a:e0:32:52:7c:fe:ef:e2:c3:08:be:78:61:89:cb:b9:e7:52:a5:99:51:48:ca:57:2d:18:7c:3b:98:f9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win-x64/native/pwrshplugin.dll
.dll windows:6 windows x64

04e5ce7acd82eac881c5faffb08861ba

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:18:ef:f3:b5:16:47:a2:7d:81:45:c3:ff:07:91:98:01:33:96:d2:d6:2c:43:7c:bc:68:3e:c3:1d:c9:da:a0
Signer

Actual PE Digest

c8:18:ef:f3:b5:16:47:a2:7d:81:45:c3:ff:07:91:98:01:33:96:d2:d6:2c:43:7c:bc:68:3e:c3:1d:c9:da:a0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
RaiseException
DecodePointer
LocalFree
DeleteCriticalSection
LoadLibraryExW
LoadLibraryExA
GetModuleHandleExA
GetProcAddress
FreeLibrary
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
SwitchToThread
ExpandEnvironmentStringsW
OutputDebugStringW
GetModuleFileNameW
LeaveCriticalSection
ExpandEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
CreateFileW
MultiByteToWideChar
GetStringTypeW
FormatMessageW
GetCurrentThreadId
EnterCriticalSection

ole32

CoUninitialize
CoInitializeEx

wsmsvc

WSManPluginOperationComplete

api-ms-win-crt-stdio-l1-1-0

fopen_s
fflush
fputwc
ungetwc
fgetc
fgetwc
fclose
fgetpos
setvbuf
ungetc
fsetpos
__stdio_common_vswprintf_s
fwrite
_fseeki64
_wfsopen
fseek

api-ms-win-crt-convert-l1-1-0

wcstoul
_itow_s

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
_callnewh

api-ms-win-crt-string-l1-1-0

isupper
_wcsnicmp
_wcsdup
islower
wcsncmp
strcpy_s
__strncnt
wcsnlen
isspace

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
terminate
abort
_errno
_initialize_onexit_table
_initterm_e

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-crt-locale-l1-1-0

setlocale
___lc_locale_name_func
_unlock_locales
_lock_locales
___mb_cur_max_func
__pctype_func
___lc_codepage_func

Exports

Exports

GetCLRVersionForPSVersion
WSManPluginCommand
WSManPluginConnect
WSManPluginReceive
WSManPluginReleaseCommandContext
WSManPluginReleaseShellContext
WSManPluginSend
WSManPluginShell
WSManPluginShutdown
WSManPluginSignal
WSManPluginStartup

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win-x86/native/PowerShell.Core.Instrumentation.dll
.dll windows:6 windows x86

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:06:6e:51:af:f2:40:83:22:f9:11:15:b6:1b:e4:60:6f:d5:58:6f:c3:fc:9f:cf:87:bc:96:da:97:89:96:81
Signer

Actual PE Digest

4d:06:6e:51:af:f2:40:83:22:f9:11:15:b6:1b:e4:60:6f:d5:58:6f:c3:fc:9f:cf:87:bc:96:da:97:89:96:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win-x86/native/pwrshplugin.dll
.dll windows:6 windows x86

3079f38667b8315e34405f43b5fbe9fc

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:d0:cf:cd:75:74:5c:5b:32:97:43:33:2b:cb:2b:02:df:7a:56:3f:a9:85:a6:37:ad:1a:8d:e7:76:80:c0:f0
Signer

Actual PE Digest

de:d0:cf:cd:75:74:5c:5b:32:97:43:33:2b:cb:2b:02:df:7a:56:3f:a9:85:a6:37:ad:1a:8d:e7:76:80:c0:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
RaiseException
DecodePointer
LocalFree
DeleteCriticalSection
LoadLibraryExW
LoadLibraryExA
GetModuleHandleExA
GetProcAddress
FreeLibrary
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
FormatMessageW
InitializeSListHead
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToThread
GetStringTypeW
MultiByteToWideChar
CreateFileW
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
ExpandEnvironmentStringsA
GetModuleFileNameW
ExpandEnvironmentStringsW
LCMapStringW
OutputDebugStringW
InitializeCriticalSectionEx
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
EnterCriticalSection

ole32

CoUninitialize
CoInitializeEx

wsmsvc

WSManPluginOperationComplete

api-ms-win-crt-stdio-l1-1-0

_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fgetc
ungetwc
fputwc
fflush
fopen_s
fclose
__stdio_common_vswprintf_s
fgetwc
_wfsopen
fseek

api-ms-win-crt-convert-l1-1-0

wcstoul
_itow_s

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc
_callnewh

api-ms-win-crt-string-l1-1-0

isupper
_wcsnicmp
_wcsdup
islower
wcsncmp
strcpy_s
__strncnt
wcsnlen
isspace

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_crt_atexit
abort
terminate
_initterm_e
_initterm
_cexit
_register_onexit_function
_seh_filter_dll
_errno

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-crt-locale-l1-1-0

_unlock_locales
___lc_codepage_func
setlocale
__pctype_func
___mb_cur_max_func
___lc_locale_name_func
_lock_locales

Exports

Exports

GetCLRVersionForPSVersion
WSManPluginCommand
WSManPluginConnect
WSManPluginReceive
WSManPluginReleaseCommandContext
WSManPluginReleaseShellContext
WSManPluginSend
WSManPluginShell
WSManPluginShutdown
WSManPluginSignal
WSManPluginStartup

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win/lib/net5.0/Microsoft.PowerShell.CoreCLR.Eventing.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:dc:ef:d8:78:34:38:37:21:f5:49:3a:a5:61:22:52:19:de:ca:2f:e4:05:a1:f8:95:fc:11:0f:ed:2a:ee:50
Signer

Actual PE Digest

cb:dc:ef:d8:78:34:38:37:21:f5:49:3a:a5:61:22:52:19:de:ca:2f:e4:05:a1:f8:95:fc:11:0f:ed:2a:ee:50

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win/lib/net5.0/System.Management.Automation.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:93:27:81:d6:09:1d:35:7d:5b:1c:74:56:20:0d:de:c9:01:20:10:36:b0:2a:a9:9d:3c:af:cd:53:2a:a2:9d
Signer

Actual PE Digest

87:93:27:81:d6:09:1d:35:7d:5b:1c:74:56:20:0d:de:c9:01:20:10:36:b0:2a:a9:9d:3c:af:cd:53:2a:a2:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win/lib/netcoreapp2.0/System.Management.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:83:70:bd:2e:a3:b1:f5:1f:e4:a1:88:fb:c8:b9:ea:27:8f:a2:55:9d:7b:dd:f8:00:11:98:5d:59:89:7d:1a
Signer

Actual PE Digest

68:83:70:bd:2e:a3:b1:f5:1f:e4:a1:88:fb:c8:b9:ea:27:8f:a2:55:9d:7b:dd:f8:00:11:98:5d:59:89:7d:1a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win/lib/netcoreapp3.0/System.Security.Cryptography.Pkcs.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:6e:8a:a2:f6:2a:a5:b5:7b:b0:8b:84:20:e3:52:55:f6:b5:79:ef:3b:0c:c4:bd:8d:f8:6a:b2:b1:a1:eb:77
Signer

Actual PE Digest

36:6e:8a:a2:f6:2a:a5:b5:7b:b0:8b:84:20:e3:52:55:f6:b5:79:ef:3b:0c:c4:bd:8d:f8:6a:b2:b1:a1:eb:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win10-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
.dll windows:4 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win10-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win10-x64/native/Microsoft.Management.Infrastructure.Native.Unmanaged.dll
.dll windows:10 windows x64

889e142d0bd55b4c29238e1fa4121fe4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

__C_specific_handler
malloc
_amsg_exit
_XcptFilter
free
_initterm
memset

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMinimum
LeaveCriticalSectionWhenCallbackReturns
CloseThreadpoolWork
SetThreadpoolThreadMaximum
CloseThreadpool
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CreateThreadpool

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcess
SetThreadToken
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

mi

mi_clientFT_V1

Exports

Exports

GetAddr_OperationCallbacks_ClassObjectNeededCallback
GetAddr_OperationCallbacks_FreeIncludedFileBufferCallback
GetAddr_OperationCallbacks_GetIncludedFileBufferCallback
GetAddr_OperationCallbacks_NativeClassCallback
GetAddr_OperationCallbacks_NativeIndicationCallback
GetAddr_OperationCallbacks_NativeInstanceCallback
GetAddr_OperationCallbacks_NativePromptUserCallback
GetAddr_OperationCallbacks_NativeStreamedParameterResultCallback
GetAddr_OperationCallbacks_NativeWriteErrorCallback
GetAddr_OperationCallbacks_NativeWriteMessageCallback
GetAddr_OperationCallbacks_NativeWriteProgressCallback
GetAddr_SessionHandle_OnReleaseHandleCompleted
MI_ApplicationWrapper_Initialize
MI_ApplicationWrapper_ScheduleCleanupCallback
MI_ApplicationWrapper_SetAppDomainIsUnloading
MI_Helpers_GetCurrentSecurityToken
MI_Helpers_IsClrShuttingDown
MI_Helpers_SetClrIsNotShuttingDown
MI_Helpers_SetClrIsShuttingDown
MI_OperationWrapper_DecrementCount_AndDontWorryAboutLifetimeOfMiDotNetDll
MI_OperationWrapper_DecrementCount_AndManageLifetimeOfMiDotNetDll
MI_OperationWrapper_GetClass
MI_OperationWrapper_GetIndication
MI_OperationWrapper_GetInstance
MI_OperationWrapper_Initialize
MI_OperationWrapper_ScheduleDrainingWorkIfNeeded
MI_OperationWrapper_SetupDrainingIfNeeded
UnmanagedMI_GetMiClientFT_V1
UnmanagedMI_GetMiEvaluatorFT_V1
UnmanagedMI_GetMiMonitoringFT_V1
UnmanagedMI_GetMiReactiveExtensionsFT_V1

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win10-x64/native/mi.dll
.dll windows:10 windows x64

89d27046cb786351e771526caf261b26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
wcstoul
swprintf_s
_wcsicmp
_set_output_format
_ui64tow_s
_i64tow_s
_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
memset
wcscpy_s
wcscmp

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetCurrentThread
TerminateProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-security-base-l1-1-0

ImpersonateSelf
RevertToSelf

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadStringW
DisableThreadLibraryCalls
LoadLibraryExW
GetProcAddress

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

ntdll

RtlEqualSid

miutils

Instance_SetElementArrayItem
RCClass_AddElementQualifier
XMLDOM_Parse
RCClass_AddMethodParameterQualifierArray
RCClass_AddElementArray
OSC_Type_GetSize
RCClass_New
RCClass_AddElementQualifierArrayItem
OSC_StringToMiValue
RCClass_AddMethodParameter
Instance_IsDynamic
RCClass_AddClassQualifier
RCClass_AddMethodQualifier
RCClass_AddElementQualifierArray
RCClass_AddMethodParameterQualifier
RCClass_AddClassQualifierArray
RCClass_AddMethodQualifierArrayItem
Instance_SetElementArray
RCClass_AddClassQualifierArrayItem
Config_GetRegString
Instance_InitDynamic
PublishDebugMessage
SubscriptionDeliveryOptions_Create
MiErrorCategoryFromWindowsError
RtlDeleteCachedFastLock
RtlQueueAcquireCachedFastLockExclusive
RtlReleaseCachedFastLockExclusive
Instance_New
RtlInitializeCachedFastLock
DestinationOptions_Create
Class_New
RtlInterlockedCompareWait
RtlInterlockedWakeAll
CimErrorFromErrorCode
OperationOptions_Create
DestinationOptions_Duplicate
DestinationOptions_MigrateOptions
OperationOptions_MigrateOptions
SubscriptionDeliveryOptions_MigrateOptions
Options_FindValue
RtlQueueAcquireCachedFastLockShared
Config_GetProtocolHandlerDetails
RtlReleaseCachedFastLockShared
RtlTryAcquireCachedFastLockShared
RCClass_AddMethod
MI_Hash
RCClass_AddElement
RCClass_AddElementArrayItem
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifierArray
XMLDOM_Free

Exports

Exports

MI_Application_InitializeV1
mi_clientFT_V1

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win10-x64/native/miutils.dll
.dll windows:10 windows x64

82388c8c95b6a41c7ce3802cba3f3228

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

__C_specific_handler
?terminate@@YAXXZ
_initterm
??1type_info@@UEAA@XZ
malloc
_lock
_amsg_exit
_XcptFilter
memmove
__dllonexit
memcpy
_CxxThrowException
_onexit
_wtoi
wcscpy_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
_i64tow_s
free
_ui64tow_s
wcsstr
_wcstoui64
_unlock
wcschr
_wcsdup
swscanf_s
_vsnwprintf
__CxxFrameHandler3
fwprintf
memset
wcstod
_swprintf_c
??0exception@@QEAA@AEBQEBD@Z
_wcsnicmp
memcmp
wcstoul
__iob_func
_wcsicmp
_wcstoi64
wcstol
getenv
wcscmp

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
ResetEvent
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObject

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetComputerNameExW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

SwitchToThread
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetProcessId
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
LoadStringW
GetProcAddress
LoadLibraryExW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadPreferredUILanguages

api-ms-win-core-com-l1-1-0

CoCreateGuid
StringFromGUID2
CoCreateInstance

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

RtlGetCurrentProcessorNumber

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??0CAutoSetActivityId@@QEAA@XZ
??0CCritSec@@QEAA@XZ
??0DynamicSchema@@QEAA@XZ
??0IndicationSchema@@QEAA@XZ
??0StaticSchema@@QEAA@XZ
??0WMISchema@@QEAA@XZ
??0WMISchema@@QEAA@_N@Z
??1CAutoSetActivityId@@QEAA@XZ
??1CCritSec@@QEAA@XZ
??1WMISchema@@UEAA@XZ
??4CAutoSetActivityId@@QEAAAEAV0@AEBV0@@Z
??4CCritSec@@QEAAAEAV0@AEBV0@@Z
?CreateInstance@DynamicSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?CreateInstance@IndicationSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?CreateInstance@StaticSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?DeInitialize@WMISchema@@QEAAJXZ
?GetFlags@MiSchema@@UEBAJXZ
?GetMiClass@DynamicSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetMiClass@IndicationSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetMiClass@StaticSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetNoneCachedWmiClass@WMISchema@@UEAAJPEBGPEAUIWbemServices@@AEAV?$CComPtr@UIWbemClassObject@@@ATL@@PEAUIConversionContext@@@Z
?GetWmiClass@WMISchema@@UEAAJPEBG0AEAV?$CComPtr@UIWbemClassObject@@@ATL@@PEAUIConversionContext@@@Z
?GetWmiIWbemServices@WMISchema@@UEAAJPEBGAEAV?$CComPtr@UIWbemServices@@@ATL@@@Z
?Initialize@StaticSchema@@QEAAJPEBU_MI_Module@@@Z
?Initialize@WMISchema@@QEAAX_N@Z
?SetFlags@MiSchema@@MEAAJJ@Z
CimErrorFromErrorCode
CimError_Construct
CimStatusCodeFromWindowsError
CimTypeToType
ClassCache_AddClass
ClassCache_Delete
ClassCache_GetClass
ClassCache_New
Class_New
CompareInstance
CompareValue
Config_GetProtocolHandlerDetails
Config_GetRegString
CreateConversionContext
DestinationOptions_Create
DestinationOptions_Duplicate
DestinationOptions_MigrateOptions
FindClassDecl
FindMethodDecl
FindQualifierInWMIObject
GetCorrelationId
GetMethodParameters
GetReferenceFromWMIObjectPath
InstanceToWMIEvent
InstanceToWMIExtendedStatus
InstanceToWMIObject
Instance_Clone
Instance_Construct
Instance_GetResourceURI
Instance_InitDynamic
Instance_IsDynamic
Instance_MatchKeys
Instance_New
Instance_SetElementArray
Instance_SetElementArrayItem
Instance_SetResourceURI
Instance_SetServerName
IsLifeCycleIndicationQuery
MI_Hash
MiErrorCategoryFromWindowsError
OSC_Batch_Destroy
OSC_Batch_Get
OSC_Batch_Strdup
OSC_StringToMiValue
OSC_Type_GetSize
OperationOptions_CopyOptions
OperationOptions_Create
OperationOptions_MigrateOptions
OptionsValueToContextValue
Options_FindValue
ParametersToWMIObject
PropertySet_New
PropertyToVariant
PublishClientOperationInfo
PublishDebugInfo
PublishDebugMessage
PublishProviderResult
PublishProviderWriteError
PublishProviderWriteMessage
QualifierFlavorToWMI
RCClass_AddClassQualifier
RCClass_AddClassQualifierArray
RCClass_AddClassQualifierArrayItem
RCClass_AddElement
RCClass_AddElementArray
RCClass_AddElementArrayItem
RCClass_AddElementQualifier
RCClass_AddElementQualifierArray
RCClass_AddElementQualifierArrayItem
RCClass_AddMethod
RCClass_AddMethodParameter
RCClass_AddMethodParameterQualifier
RCClass_AddMethodParameterQualifierArray
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifier
RCClass_AddMethodQualifierArray
RCClass_AddMethodQualifierArrayItem
RCClass_New
ResultFromHRESULT
ResultToHRESULT
RtlDeleteCachedFastLock
RtlInitializeCachedFastLock
RtlInterlockedCompareWait
RtlInterlockedWakeAll
RtlQueueAcquireCachedFastLockExclusive
RtlQueueAcquireCachedFastLockShared
RtlQueueAcquireFastLockExclusive
RtlQueueAcquireFastLockShared
RtlReleaseCachedFastLockExclusive
RtlReleaseCachedFastLockShared
RtlReleaseFastLockExclusive
RtlReleaseFastLockShared
RtlTryAcquireCachedFastLockShared
RtlTryAcquireFastLockExclusive
RtlTryAcquireFastLockShared
RtlpInitFastLock
RtlpReleaseIdleSlots
SetCorrelationIdToWbemContext
SetModifiedPropertyNamesToContext
SetProperties
SubscriptionDeliveryOptions_Create
SubscriptionDeliveryOptions_MigrateOptions
TypeToCimType
ValueClear
ValueToVariant
VariantArrayToSafeArray
VariantToValue
WMIEventToCIMIndication
WMIExtendedObjectToInstance
WMIObjectToClass
WMIObjectToInstance
WMIQualifierFlavorToMI
WriteWBEM_MC_CLIENT_REQUEST_FAILURE
XMLDOM_Free
XMLDOM_Parse
XML_FormatError
XML_Init
XML_Next
XML_PutError
XML_RegisterNameSpace
XML_SetText
XML_StripWhitespace

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win10-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
.dll windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win10-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win10-x86/native/Microsoft.Management.Infrastructure.Native.Unmanaged.dll
.dll windows:10 windows x86

76db6a07de705b9942c01c1011ba54f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler4_common
_initterm
malloc
_amsg_exit
_XcptFilter
free
memset

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpool
CloseThreadpool
CloseThreadpoolWork
SubmitThreadpoolWork
LeaveCriticalSectionWhenCallbackReturns

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenThreadToken
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentThread
SetThreadToken

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

mi

mi_clientFT_V1

Exports

Exports

GetAddr_OperationCallbacks_ClassObjectNeededCallback
GetAddr_OperationCallbacks_FreeIncludedFileBufferCallback
GetAddr_OperationCallbacks_GetIncludedFileBufferCallback
GetAddr_OperationCallbacks_NativeClassCallback
GetAddr_OperationCallbacks_NativeIndicationCallback
GetAddr_OperationCallbacks_NativeInstanceCallback
GetAddr_OperationCallbacks_NativePromptUserCallback
GetAddr_OperationCallbacks_NativeStreamedParameterResultCallback
GetAddr_OperationCallbacks_NativeWriteErrorCallback
GetAddr_OperationCallbacks_NativeWriteMessageCallback
GetAddr_OperationCallbacks_NativeWriteProgressCallback
GetAddr_SessionHandle_OnReleaseHandleCompleted
MI_ApplicationWrapper_Initialize
MI_ApplicationWrapper_ScheduleCleanupCallback
MI_ApplicationWrapper_SetAppDomainIsUnloading
MI_Helpers_GetCurrentSecurityToken
MI_Helpers_IsClrShuttingDown
MI_Helpers_SetClrIsNotShuttingDown
MI_Helpers_SetClrIsShuttingDown
MI_OperationWrapper_DecrementCount_AndDontWorryAboutLifetimeOfMiDotNetDll
MI_OperationWrapper_DecrementCount_AndManageLifetimeOfMiDotNetDll
MI_OperationWrapper_GetClass
MI_OperationWrapper_GetIndication
MI_OperationWrapper_GetInstance
MI_OperationWrapper_Initialize
MI_OperationWrapper_ScheduleDrainingWorkIfNeeded
MI_OperationWrapper_SetupDrainingIfNeeded
UnmanagedMI_GetMiClientFT_V1
UnmanagedMI_GetMiEvaluatorFT_V1
UnmanagedMI_GetMiMonitoringFT_V1
UnmanagedMI_GetMiReactiveExtensionsFT_V1

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win10-x86/native/mi.dll
.dll windows:10 windows x86

ca358acac35c29fdfc8047efe439e817

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_wcsicmp
wcstoul
swprintf_s
_set_output_format
_ui64tow_s
_i64tow_s
_XcptFilter
_amsg_exit
wcscpy_s
malloc
_initterm
_except_handler4_common
memcpy
free
memset

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
SetThreadToken
TerminateProcess
OpenThreadToken

api-ms-win-security-base-l1-1-0

ImpersonateSelf
RevertToSelf

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetProcAddress
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ntdll

RtlEqualSid

miutils

RCClass_AddElementQualifier
Instance_SetElementArrayItem
RCClass_New
RCClass_AddClassQualifierArray
OSC_StringToMiValue
RCClass_AddMethodParameter
RCClass_AddElementArray
Instance_IsDynamic
RCClass_AddClassQualifier
RCClass_AddMethodQualifier
RCClass_AddElementQualifierArray
RCClass_AddMethodParameterQualifierArray
RCClass_AddMethodParameterQualifier
RCClass_AddMethodQualifierArrayItem
XMLDOM_Parse
Instance_SetElementArray
RCClass_AddElementQualifierArrayItem
RCClass_AddClassQualifierArrayItem
XMLDOM_Free
Config_GetRegString
Instance_InitDynamic
PublishDebugMessage
_SubscriptionDeliveryOptions_Create@12
MiErrorCategoryFromWindowsError
RtlDeleteCachedFastLock
RtlQueueAcquireCachedFastLockExclusive
RtlReleaseCachedFastLockExclusive
Instance_New
RtlInitializeCachedFastLock
_DestinationOptions_Create@8
Class_New
RtlInterlockedCompareWait
RtlInterlockedWakeAll
CimErrorFromErrorCode
_OperationOptions_Create@12
_DestinationOptions_Duplicate@8
_DestinationOptions_MigrateOptions@16
_OperationOptions_MigrateOptions@8
_SubscriptionDeliveryOptions_MigrateOptions@8
_Options_FindValue@8
RtlQueueAcquireCachedFastLockShared
Config_GetProtocolHandlerDetails
RtlReleaseCachedFastLockShared
RtlTryAcquireCachedFastLockShared
RCClass_AddMethod
MI_Hash
RCClass_AddElement
RCClass_AddElementArrayItem
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifierArray
OSC_Type_GetSize

Exports

Exports

MI_Application_InitializeV1
mi_clientFT_V1

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win10-x86/native/miutils.dll
.dll windows:10 windows x86

1e1553896e45c39109a8ca817d84d472

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

?what@exception@@UBEPBDXZ
_wcsdup
swscanf_s
_vsnwprintf
??1exception@@UAE@XZ
_purecall
??0exception@@QAE@ABQBDH@Z
wcschr
__CxxFrameHandler3
wcsstr
??0exception@@QAE@ABV0@@Z
wcscpy_s
fwprintf
_wtoi
memcmp
_except_handler4_common
_onexit
_swprintf_c
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_wcsnicmp
_initterm
malloc
_ui64tow_s
getenv
_amsg_exit
_wcstoui64
_XcptFilter
memmove
wcstod
_i64tow_s
memcpy
_CxxThrowException
??0exception@@QAE@ABQBD@Z
free
wcstoul
_wcsicmp
__iob_func
_wcstoi64
wcstol
memset

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateEventW
LeaveCriticalSection
SetEvent
EnterCriticalSection
DeleteCriticalSection
ResetEvent
InitializeCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetComputerNameExW
GetSystemInfo
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetProcessId
SwitchToThread
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-localization-l1-2-0

GetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoCreateGuid
StringFromGUID2

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

RtlGetCurrentProcessorNumber

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??0CAutoSetActivityId@@QAE@XZ
??0CCritSec@@QAE@XZ
??0DynamicSchema@@QAE@XZ
??0IndicationSchema@@QAE@XZ
??0StaticSchema@@QAE@XZ
??0WMISchema@@QAE@XZ
??0WMISchema@@QAE@_N@Z
??1CAutoSetActivityId@@QAE@XZ
??1CCritSec@@QAE@XZ
??1WMISchema@@UAE@XZ
??4CAutoSetActivityId@@QAEAAV0@ABV0@@Z
??4CCritSec@@QAEAAV0@ABV0@@Z
?CreateInstance@DynamicSchema@@UAGJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?CreateInstance@IndicationSchema@@UAGJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?CreateInstance@StaticSchema@@UAGJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?DeInitialize@WMISchema@@QAGJXZ
?GetFlags@MiSchema@@UBGJXZ
?GetMiClass@DynamicSchema@@UAGJPBG00PAPBU_MI_Class@@@Z
?GetMiClass@IndicationSchema@@UAGJPBG00PAPBU_MI_Class@@@Z
?GetMiClass@StaticSchema@@UAGJPBG00PAPBU_MI_Class@@@Z
?GetNoneCachedWmiClass@WMISchema@@UAGJPBGPAUIWbemServices@@AAV?$CComPtr@UIWbemClassObject@@@ATL@@PAUIConversionContext@@@Z
?GetWmiClass@WMISchema@@UAGJPBG0AAV?$CComPtr@UIWbemClassObject@@@ATL@@PAUIConversionContext@@@Z
?GetWmiIWbemServices@WMISchema@@UAGJPBGAAV?$CComPtr@UIWbemServices@@@ATL@@@Z
?Initialize@StaticSchema@@QAGJPBU_MI_Module@@@Z
?Initialize@WMISchema@@QAEX_N@Z
?SetFlags@MiSchema@@MAGJJ@Z
CimErrorFromErrorCode
CimError_Construct
CimStatusCodeFromWindowsError
ClassCache_AddClass
ClassCache_Delete
ClassCache_GetClass
ClassCache_New
Class_New
Config_GetProtocolHandlerDetails
Config_GetRegString
CreateConversionContext
GetCorrelationId
Instance_Clone
Instance_Construct
Instance_GetResourceURI
Instance_InitDynamic
Instance_IsDynamic
Instance_MatchKeys
Instance_New
Instance_SetElementArray
Instance_SetElementArrayItem
Instance_SetResourceURI
Instance_SetServerName
MI_Hash
MiErrorCategoryFromWindowsError
OSC_Batch_Destroy
OSC_Batch_Get
OSC_Batch_Strdup
OSC_StringToMiValue
OSC_Type_GetSize
PropertySet_New
PublishClientOperationInfo
PublishDebugInfo
PublishDebugMessage
PublishProviderResult
PublishProviderWriteError
PublishProviderWriteMessage
RCClass_AddClassQualifier
RCClass_AddClassQualifierArray
RCClass_AddClassQualifierArrayItem
RCClass_AddElement
RCClass_AddElementArray
RCClass_AddElementArrayItem
RCClass_AddElementQualifier
RCClass_AddElementQualifierArray
RCClass_AddElementQualifierArrayItem
RCClass_AddMethod
RCClass_AddMethodParameter
RCClass_AddMethodParameterQualifier
RCClass_AddMethodParameterQualifierArray
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifier
RCClass_AddMethodQualifierArray
RCClass_AddMethodQualifierArrayItem
RCClass_New
ResultFromHRESULT
ResultToHRESULT
RtlDeleteCachedFastLock
RtlInitializeCachedFastLock
RtlInterlockedCompareWait
RtlInterlockedWakeAll
RtlQueueAcquireCachedFastLockExclusive
RtlQueueAcquireCachedFastLockShared
RtlQueueAcquireFastLockExclusive
RtlQueueAcquireFastLockShared
RtlReleaseCachedFastLockExclusive
RtlReleaseCachedFastLockShared
RtlReleaseFastLockExclusive
RtlReleaseFastLockShared
RtlTryAcquireCachedFastLockShared
RtlTryAcquireFastLockExclusive
RtlTryAcquireFastLockShared
RtlpInitFastLock
RtlpReleaseIdleSlots
SetCorrelationIdToWbemContext
SetModifiedPropertyNamesToContext
WriteWBEM_MC_CLIENT_REQUEST_FAILURE
XMLDOM_Free
XMLDOM_Parse
XML_FormatError
XML_Init
XML_Next
XML_PutError
XML_RegisterNameSpace
XML_SetText
XML_StripWhitespace
_CimTypeToType@8
_CompareInstance@12
_CompareValue@12
_DestinationOptions_Create@8
_DestinationOptions_Duplicate@8
_DestinationOptions_MigrateOptions@16
_FindClassDecl@8
_FindMethodDecl@8
_FindQualifierInWMIObject@16
_GetMethodParameters@32
_GetReferenceFromWMIObjectPath@16
_InstanceToWMIEvent@16
_InstanceToWMIExtendedStatus@16
_InstanceToWMIObject@24
_IsLifeCycleIndicationQuery@12
_OperationOptions_CopyOptions@8
_OperationOptions_Create@12
_OperationOptions_MigrateOptions@8
_OptionsValueToContextValue@24
_Options_FindValue@8
_ParametersToWMIObject@40
_PropertyToVariant@20
_QualifierFlavorToWMI@4
_SetProperties@24
_SubscriptionDeliveryOptions_Create@12
_SubscriptionDeliveryOptions_MigrateOptions@8
_TypeToCimType@4
_ValueClear@8
_ValueToVariant@24
_VariantArrayToSafeArray@12
_VariantToValue@28
_WMIEventToCIMIndication@12
_WMIExtendedObjectToInstance@20
_WMIObjectToClass@20
_WMIObjectToInstance@28
_WMIQualifierFlavorToMI@8

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win7-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
.dll windows:4 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win7-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win7-x64/native/Microsoft.Management.Infrastructure.Native.Unmanaged.dll
.dll windows:10 windows x64

75c4d40beb411f9a40d53ad0f1940796

Code Sign

33:00:00:00:b9:bc:0f:4e:57:e3:66:65:38:00:00:00:00:00:b9
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:6BF6-2D52-92C1,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:78:25:5a:b5:cd:23:c6:5f:95:00:01:00:00:01:78
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c3:0e:9b:a7:d8:b2:dc:f7:2c:00:00:00:00:00:c3
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b2:dc:33:45:83:a1:ad:bb:48:b3:58:38:03:ad:20:04:68:38:cc:79:0a:39:af:6f:97:bf:15:7e:80:01:ff:ca
Signer

Actual PE Digest

b2:dc:33:45:83:a1:ad:bb:48:b3:58:38:03:ad:20:04:68:38:cc:79:0a:39:af:6f:97:bf:15:7e:80:01:ff:ca

Digest Algorithm

sha256

PE Digest Matches

true

79:5f:25:10:99:b6:2e:9b:6a:8c:98:44:13:ad:f0:b6:af:9f:bb:1e
Signer

Actual PE Digest

79:5f:25:10:99:b6:2e:9b:6a:8c:98:44:13:ad:f0:b6:af:9f:bb:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
memset

advapi32

SetThreadToken
OpenThreadToken

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetCurrentThreadId
UnhandledExceptionFilter
DeleteCriticalSection
CloseThreadpoolWork
CloseThreadpool
CreateThreadpool
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetThreadpoolThreadMinimum
GetLastError
SetThreadpoolThreadMaximum
SubmitThreadpoolWork
GetCurrentProcessId
FreeLibrary
FreeLibraryWhenCallbackReturns
LoadLibraryExW
CreateThreadpoolWork
LeaveCriticalSectionWhenCallbackReturns
GetCurrentThread
CloseHandle
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime

mi

mi_clientFT_V1

Exports

Exports

GetAddr_OperationCallbacks_ClassObjectNeededCallback
GetAddr_OperationCallbacks_FreeIncludedFileBufferCallback
GetAddr_OperationCallbacks_GetIncludedFileBufferCallback
GetAddr_OperationCallbacks_NativeClassCallback
GetAddr_OperationCallbacks_NativeIndicationCallback
GetAddr_OperationCallbacks_NativeInstanceCallback
GetAddr_OperationCallbacks_NativePromptUserCallback
GetAddr_OperationCallbacks_NativeStreamedParameterResultCallback
GetAddr_OperationCallbacks_NativeWriteErrorCallback
GetAddr_OperationCallbacks_NativeWriteMessageCallback
GetAddr_OperationCallbacks_NativeWriteProgressCallback
GetAddr_SessionHandle_OnReleaseHandleCompleted
MI_ApplicationWrapper_Initialize
MI_ApplicationWrapper_ScheduleCleanupCallback
MI_ApplicationWrapper_SetAppDomainIsUnloading
MI_Helpers_GetCurrentSecurityToken
MI_Helpers_IsClrShuttingDown
MI_Helpers_SetClrIsNotShuttingDown
MI_Helpers_SetClrIsShuttingDown
MI_OperationWrapper_DecrementCount_AndDontWorryAboutLifetimeOfMiDotNetDll
MI_OperationWrapper_DecrementCount_AndManageLifetimeOfMiDotNetDll
MI_OperationWrapper_GetClass
MI_OperationWrapper_GetIndication
MI_OperationWrapper_GetInstance
MI_OperationWrapper_Initialize
MI_OperationWrapper_ScheduleDrainingWorkIfNeeded
MI_OperationWrapper_SetupDrainingIfNeeded
UnmanagedMI_GetMiClientFT_V1
UnmanagedMI_GetMiEvaluatorFT_V1
UnmanagedMI_GetMiMonitoringFT_V1
UnmanagedMI_GetMiReactiveExtensionsFT_V1

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win7-x64/native/mi.dll
.dll windows:10 windows x64

7e46b68755f726e74cc8c282ca8838cd

Code Sign

33:00:00:00:c1:09:f8:02:41:bb:4d:aa:dc:00:00:00:00:00:c1
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:12E7-3064-6112,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:78:25:5a:b5:cd:23:c6:5f:95:00:01:00:00:01:78
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c3:0e:9b:a7:d8:b2:dc:f7:2c:00:00:00:00:00:c3
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:7e:ed:85:68:74:68:6a:b9:08:b5:4a:e3:65:35:ad:ad:87:f3:a1:bc:9e:85:47:44:57:ef:c7:29:a8:3e:c4
Signer

Actual PE Digest

96:7e:ed:85:68:74:68:6a:b9:08:b5:4a:e3:65:35:ad:ad:87:f3:a1:bc:9e:85:47:44:57:ef:c7:29:a8:3e:c4

Digest Algorithm

sha256

PE Digest Matches

true

c9:d7:50:48:0f:fc:0f:d9:44:8e:f9:13:86:62:e4:75:09:3e:c3:da
Signer

Actual PE Digest

c9:d7:50:48:0f:fc:0f:d9:44:8e:f9:13:86:62:e4:75:09:3e:c3:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

wcscmp
memset
wcscpy_s
wcstoul
swprintf_s
_set_output_format
_ui64tow_s
_i64tow_s
_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
_wcsicmp
memcpy

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
UnhandledExceptionFilter
Sleep
DisableThreadLibraryCalls
LocalFree
WideCharToMultiByte
HeapFree
HeapAlloc
GetProcessHeap
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LoadLibraryExW
QueryPerformanceCounter
GetLastError
GetCurrentThread
CloseHandle
SetLastError
InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList
GetProcAddress
FreeLibrary
FormatMessageW

advapi32

RevertToSelf
OpenProcessToken
SetThreadToken
OpenThreadToken
ImpersonateSelf

user32

LoadStringW

ntdll

RtlEqualSid

miutils

DestinationOptions_Duplicate
OSC_Type_GetSize
RCClass_AddClassQualifierArray
Instance_SetElementArrayItem
RCClass_AddElementQualifier
XMLDOM_Parse
RCClass_AddMethodParameterQualifierArray
RCClass_AddElementArray
RCClass_New
RCClass_AddElementQualifierArrayItem
OSC_StringToMiValue
RCClass_AddMethodParameter
Instance_IsDynamic
RCClass_AddClassQualifier
RCClass_AddMethodQualifier
RCClass_AddElementQualifierArray
RCClass_AddMethodParameterQualifier
RCClass_AddMethodQualifierArrayItem
Instance_SetElementArray
Config_GetRegString
Instance_InitDynamic
PublishDebugMessage
SubscriptionDeliveryOptions_Create
MiErrorCategoryFromWindowsError
RtlDeleteCachedFastLock
RtlQueueAcquireCachedFastLockExclusive
RtlReleaseCachedFastLockExclusive
Instance_New
RtlInitializeCachedFastLock
DestinationOptions_Create
Class_New
RtlInterlockedCompareWait
RtlInterlockedWakeAll
CimErrorFromErrorCode
OperationOptions_Create
DestinationOptions_MigrateOptions
OperationOptions_MigrateOptions
SubscriptionDeliveryOptions_MigrateOptions
Options_FindValue
RtlQueueAcquireCachedFastLockShared
Config_GetProtocolHandlerDetails
RtlReleaseCachedFastLockShared
RtlTryAcquireCachedFastLockShared
RCClass_AddMethod
MI_Hash
RCClass_AddElement
RCClass_AddElementArrayItem
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifierArray
XMLDOM_Free
RCClass_AddClassQualifierArrayItem

Exports

Exports

MI_Application_InitializeV1
mi_clientFT_V1

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win7-x64/native/miutils.dll
.dll windows:10 windows x64

7e81074a3801322f6e3a83091b8b451f

Code Sign

33:00:00:00:be:a4:0f:f5:c9:a5:0e:e1:30:00:00:00:00:00:be
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:843D-37F6-F104,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:78:25:5a:b5:cd:23:c6:5f:95:00:01:00:00:01:78
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c3:0e:9b:a7:d8:b2:dc:f7:2c:00:00:00:00:00:c3
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:8b:4b:61:6a:18:16:12:36:ac:ca:ca:b0:c8:78:7c:60:6d:0e:35:6c:03:66:58:f8:bb:c0:9c:76:58:f5:5e
Signer

Actual PE Digest

38:8b:4b:61:6a:18:16:12:36:ac:ca:ca:b0:c8:78:7c:60:6d:0e:35:6c:03:66:58:f8:bb:c0:9c:76:58:f5:5e

Digest Algorithm

sha256

PE Digest Matches

true

e2:f4:90:08:fc:53:63:21:bf:f8:15:07:6a:33:f5:44:e7:3b:e7:35
Signer

Actual PE Digest

e2:f4:90:08:fc:53:63:21:bf:f8:15:07:6a:33:f5:44:e7:3b:e7:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memcpy
memcmp
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_wtoi
wcscpy_s
memmove_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
memcpy_s
_i64tow_s
free
_ui64tow_s
wcsstr
wcschr
_wcsdup
swscanf_s
_vsnwprintf
fwprintf
_swprintf_c
_wcsnicmp
getenv
_wcstoui64
wcstod
wcstoul
_wcsicmp
_wcstoi64
??1exception@@UEAA@XZ
wcstol
__iob_func
memset
wcscmp

kernel32

RtlLookupFunctionEntry
RtlCaptureContext
Sleep
InitializeCriticalSection
GetSystemTimeAsFileTime
FormatMessageW
LoadLibraryExW
FreeLibrary
RtlVirtualUnwind
GetSystemDirectoryW
LocalAlloc
ExpandEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetProcessId
GetCurrentProcessId
GetCurrentProcess
LocalFree
HeapReAlloc
GetCurrentThreadId
GetTickCount
GetThreadPreferredUILanguages
SystemTimeToFileTime
GetSystemInfo
FileTimeToSystemTime
GetComputerNameExW
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
GetCurrentProcessorNumber
GetModuleHandleW
SwitchToThread
ResetEvent
DeleteCriticalSection
HeapFree
MultiByteToWideChar
HeapAlloc
GetProcessHeap
GetProcAddress
WaitForSingleObject
CreateEventW
GetTickCount64
SetEvent
CloseHandle
GetLastError

advapi32

RegCloseKey
RegOpenKeyExW
RegGetValueW
RegQueryValueExW
EventWrite
EventUnregister
EventRegister
RegEnumKeyExW

user32

LoadStringW

oleaut32

VariantInit
SafeArrayDestroy
SafeArrayGetDim
SysAllocStringByteLen
SafeArrayGetElement
VariantClear
VariantChangeType
SysAllocStringLen
SafeArrayGetLBound
SysFreeString
SysStringLen
VariantCopy
SafeArrayPutElement
SysAllocString
SafeArrayGetUBound
VarBstrCat
SafeArrayCreate

ole32

CoCreateGuid
CoCreateInstance
StringFromGUID2

crypt32

CryptUnprotectMemory
CryptProtectMemory

Exports

Exports

??0CAutoSetActivityId@@QEAA@XZ
??0CCritSec@@QEAA@XZ
??0DynamicSchema@@QEAA@XZ
??0IndicationSchema@@QEAA@XZ
??0StaticSchema@@QEAA@XZ
??0WMISchema@@QEAA@XZ
??0WMISchema@@QEAA@_N@Z
??1CAutoSetActivityId@@QEAA@XZ
??1CCritSec@@QEAA@XZ
??1WMISchema@@UEAA@XZ
??4CAutoSetActivityId@@QEAAAEAV0@AEBV0@@Z
??4CCritSec@@QEAAAEAV0@AEBV0@@Z
?CreateInstance@DynamicSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?CreateInstance@IndicationSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?CreateInstance@StaticSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?DeInitialize@WMISchema@@QEAAJXZ
?GetFlags@MiSchema@@UEBAJXZ
?GetMiClass@DynamicSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetMiClass@IndicationSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetMiClass@StaticSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetNoneCachedWmiClass@WMISchema@@UEAAJPEBGPEAUIWbemServices@@AEAV?$CComPtr@UIWbemClassObject@@@ATL@@PEAUIConversionContext@@@Z
?GetWmiClass@WMISchema@@UEAAJPEBG0AEAV?$CComPtr@UIWbemClassObject@@@ATL@@PEAUIConversionContext@@@Z
?GetWmiIWbemServices@WMISchema@@UEAAJPEBGAEAV?$CComPtr@UIWbemServices@@@ATL@@@Z
?Initialize@StaticSchema@@QEAAJPEBU_MI_Module@@@Z
?Initialize@WMISchema@@QEAAX_N@Z
?SetFlags@MiSchema@@MEAAJJ@Z
CimErrorFromErrorCode
CimError_Construct
CimStatusCodeFromWindowsError
CimTypeToType
ClassCache_AddClass
ClassCache_Delete
ClassCache_GetClass
ClassCache_New
Class_New
CompareInstance
CompareValue
Config_GetProtocolHandlerDetails
Config_GetRegString
CreateConversionContext
DestinationOptions_Create
DestinationOptions_Duplicate
DestinationOptions_MigrateOptions
FindClassDecl
FindMethodDecl
FindQualifierInWMIObject
GetCorrelationId
GetMethodParameters
GetReferenceFromWMIObjectPath
InstanceToWMIEvent
InstanceToWMIExtendedStatus
InstanceToWMIObject
Instance_Clone
Instance_Construct
Instance_GetResourceURI
Instance_InitDynamic
Instance_IsDynamic
Instance_MatchKeys
Instance_New
Instance_SetElementArray
Instance_SetElementArrayItem
Instance_SetResourceURI
Instance_SetServerName
IsLifeCycleIndicationQuery
MI_Hash
MiErrorCategoryFromWindowsError
OSC_Batch_Destroy
OSC_Batch_Get
OSC_Batch_Strdup
OSC_StringToMiValue
OSC_Type_GetSize
OperationOptions_CopyOptions
OperationOptions_Create
OperationOptions_MigrateOptions
OptionsValueToContextValue
Options_FindValue
ParametersToWMIObject
PropertySet_New
PropertyToVariant
PublishClientOperationInfo
PublishDebugInfo
PublishDebugMessage
PublishProviderResult
PublishProviderWriteError
PublishProviderWriteMessage
QualifierFlavorToWMI
RCClass_AddClassQualifier
RCClass_AddClassQualifierArray
RCClass_AddClassQualifierArrayItem
RCClass_AddElement
RCClass_AddElementArray
RCClass_AddElementArrayItem
RCClass_AddElementQualifier
RCClass_AddElementQualifierArray
RCClass_AddElementQualifierArrayItem
RCClass_AddMethod
RCClass_AddMethodParameter
RCClass_AddMethodParameterQualifier
RCClass_AddMethodParameterQualifierArray
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifier
RCClass_AddMethodQualifierArray
RCClass_AddMethodQualifierArrayItem
RCClass_New
ResultFromHRESULT
ResultToHRESULT
RtlDeleteCachedFastLock
RtlInitializeCachedFastLock
RtlInterlockedCompareWait
RtlInterlockedWakeAll
RtlQueueAcquireCachedFastLockExclusive
RtlQueueAcquireCachedFastLockShared
RtlQueueAcquireFastLockExclusive
RtlQueueAcquireFastLockShared
RtlReleaseCachedFastLockExclusive
RtlReleaseCachedFastLockShared
RtlReleaseFastLockExclusive
RtlReleaseFastLockShared
RtlTryAcquireCachedFastLockShared
RtlTryAcquireFastLockExclusive
RtlTryAcquireFastLockShared
RtlpInitFastLock
RtlpReleaseIdleSlots
SetCorrelationIdToWbemContext
SetModifiedPropertyNamesToContext
SetProperties
SubscriptionDeliveryOptions_Create
SubscriptionDeliveryOptions_MigrateOptions
TypeToCimType
ValueClear
ValueToVariant
VariantArrayToSafeArray
VariantToValue
WMIEventToCIMIndication
WMIExtendedObjectToInstance
WMIObjectToClass
WMIObjectToInstance
WMIQualifierFlavorToMI
WriteWBEM_MC_CLIENT_REQUEST_FAILURE
XMLDOM_Free
XMLDOM_Parse
XML_FormatError
XML_Init
XML_Next
XML_PutError
XML_RegisterNameSpace
XML_SetText
XML_StripWhitespace

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win7-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
.dll windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win7-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win7-x86/native/Microsoft.Management.Infrastructure.Native.Unmanaged.dll
.dll windows:10 windows x86

7207edb58792fc3603a9e3d2aed89897

Code Sign

33:00:00:00:bb:b6:77:24:71:4a:20:00:20:00:00:00:00:00:bb
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:0DE8-2DC5-3CA9,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:78:25:5a:b5:cd:23:c6:5f:95:00:01:00:00:01:78
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c3:0e:9b:a7:d8:b2:dc:f7:2c:00:00:00:00:00:c3
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:82:37:3b:22:d3:04:d1:c3:fd:0a:b1:f0:72:bd:c4:64:72:d9:d4:53:16:36:4a:9c:32:87:1b:ad:b5:0e:39
Signer

Actual PE Digest

a4:82:37:3b:22:d3:04:d1:c3:fd:0a:b1:f0:72:bd:c4:64:72:d9:d4:53:16:36:4a:9c:32:87:1b:ad:b5:0e:39

Digest Algorithm

sha256

PE Digest Matches

true

38:fd:4a:d8:0b:8f:3f:1e:c8:d9:30:22:f7:9b:ff:f9:18:45:fe:25
Signer

Actual PE Digest

38:fd:4a:d8:0b:8f:3f:1e:c8:d9:30:22:f7:9b:ff:f9:18:45:fe:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
malloc
_amsg_exit
_XcptFilter
_except_handler4_common
free
memset

advapi32

SetThreadToken
OpenThreadToken

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
SubmitThreadpoolWork
CloseThreadpoolWork
CloseThreadpool
CreateThreadpool
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetThreadpoolThreadMinimum
GetLastError
SetThreadpoolThreadMaximum
Sleep
DeleteCriticalSection
FreeLibrary
FreeLibraryWhenCallbackReturns
LoadLibraryExW
CreateThreadpoolWork
LeaveCriticalSectionWhenCallbackReturns
GetCurrentThread
CloseHandle

mi

mi_clientFT_V1

Exports

Exports

GetAddr_OperationCallbacks_ClassObjectNeededCallback
GetAddr_OperationCallbacks_FreeIncludedFileBufferCallback
GetAddr_OperationCallbacks_GetIncludedFileBufferCallback
GetAddr_OperationCallbacks_NativeClassCallback
GetAddr_OperationCallbacks_NativeIndicationCallback
GetAddr_OperationCallbacks_NativeInstanceCallback
GetAddr_OperationCallbacks_NativePromptUserCallback
GetAddr_OperationCallbacks_NativeStreamedParameterResultCallback
GetAddr_OperationCallbacks_NativeWriteErrorCallback
GetAddr_OperationCallbacks_NativeWriteMessageCallback
GetAddr_OperationCallbacks_NativeWriteProgressCallback
GetAddr_SessionHandle_OnReleaseHandleCompleted
MI_ApplicationWrapper_Initialize
MI_ApplicationWrapper_ScheduleCleanupCallback
MI_ApplicationWrapper_SetAppDomainIsUnloading
MI_Helpers_GetCurrentSecurityToken
MI_Helpers_IsClrShuttingDown
MI_Helpers_SetClrIsNotShuttingDown
MI_Helpers_SetClrIsShuttingDown
MI_OperationWrapper_DecrementCount_AndDontWorryAboutLifetimeOfMiDotNetDll
MI_OperationWrapper_DecrementCount_AndManageLifetimeOfMiDotNetDll
MI_OperationWrapper_GetClass
MI_OperationWrapper_GetIndication
MI_OperationWrapper_GetInstance
MI_OperationWrapper_Initialize
MI_OperationWrapper_ScheduleDrainingWorkIfNeeded
MI_OperationWrapper_SetupDrainingIfNeeded
UnmanagedMI_GetMiClientFT_V1
UnmanagedMI_GetMiEvaluatorFT_V1
UnmanagedMI_GetMiMonitoringFT_V1
UnmanagedMI_GetMiReactiveExtensionsFT_V1

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win7-x86/native/mi.dll
.dll windows:10 windows x86

ed69bba4ce7caa0a71678423f6bc8518

Code Sign

33:00:00:00:c1:09:f8:02:41:bb:4d:aa:dc:00:00:00:00:00:c1
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:12E7-3064-6112,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:78:25:5a:b5:cd:23:c6:5f:95:00:01:00:00:01:78
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c3:0e:9b:a7:d8:b2:dc:f7:2c:00:00:00:00:00:c3
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:41:3e:94:d2:ed:fe:2a:b8:02:7c:e8:f4:26:be:af:11:ac:6a:23:e0:50:6e:7d:68:d6:6e:20:09:96:9a:e7
Signer

Actual PE Digest

91:41:3e:94:d2:ed:fe:2a:b8:02:7c:e8:f4:26:be:af:11:ac:6a:23:e0:50:6e:7d:68:d6:6e:20:09:96:9a:e7

Digest Algorithm

sha256

PE Digest Matches

true

73:78:7e:4a:a5:32:d5:83:18:f0:fe:8b:52:34:6b:a3:da:97:4d:87
Signer

Actual PE Digest

73:78:7e:4a:a5:32:d5:83:18:f0:fe:8b:52:34:6b:a3:da:97:4d:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
_i64tow_s
_ui64tow_s
_set_output_format
swprintf_s
wcstoul
wcscpy_s
_wcsicmp
memset

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
LocalFree
FormatMessageW
LoadLibraryExW
GetTickCount
FreeLibrary
GetProcAddress
HeapFree
HeapAlloc
GetProcessHeap
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
SetLastError
GetLastError
GetCurrentThread
CloseHandle
WideCharToMultiByte
InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

advapi32

ImpersonateSelf
OpenProcessToken
SetThreadToken
OpenThreadToken
RevertToSelf

user32

LoadStringW

ntdll

RtlEqualSid

miutils

RCClass_AddMethodQualifier
RCClass_AddClassQualifier
RCClass_AddElementQualifierArray
RCClass_AddMethodParameterQualifier
Instance_IsDynamic
RCClass_AddMethodParameter
OSC_StringToMiValue
RCClass_AddElementQualifierArrayItem
RCClass_New
RCClass_AddElementArray
RCClass_AddMethodParameterQualifierArray
XMLDOM_Parse
RCClass_AddElementQualifier
Instance_SetElementArrayItem
RCClass_AddClassQualifierArray
OSC_Type_GetSize
RCClass_AddMethodQualifierArrayItem
Instance_SetElementArray
Config_GetRegString
RCClass_AddClassQualifierArrayItem
Instance_InitDynamic
PublishDebugMessage
_SubscriptionDeliveryOptions_Create@12
MiErrorCategoryFromWindowsError
RtlDeleteCachedFastLock
RtlQueueAcquireCachedFastLockExclusive
RtlReleaseCachedFastLockExclusive
Instance_New
RtlInitializeCachedFastLock
_DestinationOptions_Create@8
Class_New
RtlInterlockedCompareWait
RtlInterlockedWakeAll
CimErrorFromErrorCode
_OperationOptions_Create@12
_DestinationOptions_Duplicate@8
_DestinationOptions_MigrateOptions@16
_OperationOptions_MigrateOptions@8
_SubscriptionDeliveryOptions_MigrateOptions@8
_Options_FindValue@8
RtlQueueAcquireCachedFastLockShared
Config_GetProtocolHandlerDetails
RtlReleaseCachedFastLockShared
RtlTryAcquireCachedFastLockShared
RCClass_AddMethod
MI_Hash
RCClass_AddElement
RCClass_AddElementArrayItem
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifierArray
XMLDOM_Free

Exports

Exports

MI_Application_InitializeV1
mi_clientFT_V1

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win7-x86/native/miutils.dll
.dll windows:10 windows x86

01be2a75abfee7056be63784e2c91536

Code Sign

33:00:00:00:b9:bc:0f:4e:57:e3:66:65:38:00:00:00:00:00:b9
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:6BF6-2D52-92C1,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:78:25:5a:b5:cd:23:c6:5f:95:00:01:00:00:01:78
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c3:0e:9b:a7:d8:b2:dc:f7:2c:00:00:00:00:00:c3
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:75:de:d9:85:cb:ba:26:e7:b1:bc:c4:6e:1e:ac:5a:4f:50:e1:78:c5:ab:f6:89:7e:63:45:31:c1:7a:0e:c6
Signer

Actual PE Digest

a1:75:de:d9:85:cb:ba:26:e7:b1:bc:c4:6e:1e:ac:5a:4f:50:e1:78:c5:ab:f6:89:7e:63:45:31:c1:7a:0e:c6

Digest Algorithm

sha256

PE Digest Matches

true

fe:34:a9:93:bd:e5:1c:3d:bd:17:02:1c:ca:6d:46:22:02:fa:14:86
Signer

Actual PE Digest

fe:34:a9:93:bd:e5:1c:3d:bd:17:02:1c:ca:6d:46:22:02:fa:14:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
malloc
?terminate@@YAXXZ
__CxxFrameHandler3
_XcptFilter
_initterm
??1type_info@@UAE@XZ
_CxxThrowException
memcmp
__iob_func
_wtoi
wcscpy_s
memmove_s
_lock
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_purecall
memcpy_s
_i64tow_s
free
_ui64tow_s
wcsstr
wcschr
_wcsdup
swscanf_s
_vsnwprintf
fwprintf
_swprintf_c
_unlock
__dllonexit
_onexit
_wcsnicmp
getenv
_wcstoui64
wcstod
wcstoul
_wcsicmp
_wcstoi64
wcstol
_amsg_exit
_except_handler4_common
memset

kernel32

LoadLibraryExW
FreeLibrary
Sleep
GetSystemDirectoryW
LocalAlloc
ExpandEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcAddress
TerminateProcess
GetProcessId
QueryPerformanceCounter
GetCurrentProcess
LocalFree
HeapReAlloc
GetCurrentProcessId
GetCurrentThreadId
GetThreadPreferredUILanguages
SystemTimeToFileTime
FileTimeToSystemTime
GetComputerNameExW
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
DeleteCriticalSection
GetLastError
MultiByteToWideChar
InitializeCriticalSection
GetSystemTimeAsFileTime
FormatMessageW
GetSystemInfo
DisableThreadLibraryCalls
GetCurrentProcessorNumber
SwitchToThread
ResetEvent
CloseHandle
HeapFree
GetTickCount
HeapAlloc
GetProcessHeap
WaitForSingleObject
CreateEventW
GetTickCount64
SetEvent

advapi32

RegCloseKey
RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegEnumKeyExW
EventUnregister
EventRegister
EventWrite

user32

LoadStringW

oleaut32

SysAllocStringByteLen
VariantChangeType
SafeArrayGetDim
SafeArrayDestroy
VariantInit
VariantClear
SafeArrayGetUBound
SysAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysStringLen
SafeArrayGetLBound
VariantCopy
SysFreeString
SafeArrayPutElement
SysAllocString
VarBstrCat

ole32

CoCreateGuid
CoCreateInstance
StringFromGUID2

crypt32

CryptProtectMemory
CryptUnprotectMemory

Exports

Exports

??0CAutoSetActivityId@@QAE@XZ
??0CCritSec@@QAE@XZ
??0DynamicSchema@@QAE@XZ
??0IndicationSchema@@QAE@XZ
??0StaticSchema@@QAE@XZ
??0WMISchema@@QAE@XZ
??0WMISchema@@QAE@_N@Z
??1CAutoSetActivityId@@QAE@XZ
??1CCritSec@@QAE@XZ
??1WMISchema@@UAE@XZ
??4CAutoSetActivityId@@QAEAAV0@ABV0@@Z
??4CCritSec@@QAEAAV0@ABV0@@Z
?CreateInstance@DynamicSchema@@UAGJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?CreateInstance@IndicationSchema@@UAGJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?CreateInstance@StaticSchema@@UAGJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?DeInitialize@WMISchema@@QAGJXZ
?GetFlags@MiSchema@@UBGJXZ
?GetMiClass@DynamicSchema@@UAGJPBG00PAPBU_MI_Class@@@Z
?GetMiClass@IndicationSchema@@UAGJPBG00PAPBU_MI_Class@@@Z
?GetMiClass@StaticSchema@@UAGJPBG00PAPBU_MI_Class@@@Z
?GetNoneCachedWmiClass@WMISchema@@UAGJPBGPAUIWbemServices@@AAV?$CComPtr@UIWbemClassObject@@@ATL@@PAUIConversionContext@@@Z
?GetWmiClass@WMISchema@@UAGJPBG0AAV?$CComPtr@UIWbemClassObject@@@ATL@@PAUIConversionContext@@@Z
?GetWmiIWbemServices@WMISchema@@UAGJPBGAAV?$CComPtr@UIWbemServices@@@ATL@@@Z
?Initialize@StaticSchema@@QAGJPBU_MI_Module@@@Z
?Initialize@WMISchema@@QAEX_N@Z
?SetFlags@MiSchema@@MAGJJ@Z
CimErrorFromErrorCode
CimError_Construct
CimStatusCodeFromWindowsError
ClassCache_AddClass
ClassCache_Delete
ClassCache_GetClass
ClassCache_New
Class_New
Config_GetProtocolHandlerDetails
Config_GetRegString
CreateConversionContext
GetCorrelationId
Instance_Clone
Instance_Construct
Instance_GetResourceURI
Instance_InitDynamic
Instance_IsDynamic
Instance_MatchKeys
Instance_New
Instance_SetElementArray
Instance_SetElementArrayItem
Instance_SetResourceURI
Instance_SetServerName
MI_Hash
MiErrorCategoryFromWindowsError
OSC_Batch_Destroy
OSC_Batch_Get
OSC_Batch_Strdup
OSC_StringToMiValue
OSC_Type_GetSize
PropertySet_New
PublishClientOperationInfo
PublishDebugInfo
PublishDebugMessage
PublishProviderResult
PublishProviderWriteError
PublishProviderWriteMessage
RCClass_AddClassQualifier
RCClass_AddClassQualifierArray
RCClass_AddClassQualifierArrayItem
RCClass_AddElement
RCClass_AddElementArray
RCClass_AddElementArrayItem
RCClass_AddElementQualifier
RCClass_AddElementQualifierArray
RCClass_AddElementQualifierArrayItem
RCClass_AddMethod
RCClass_AddMethodParameter
RCClass_AddMethodParameterQualifier
RCClass_AddMethodParameterQualifierArray
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifier
RCClass_AddMethodQualifierArray
RCClass_AddMethodQualifierArrayItem
RCClass_New
ResultFromHRESULT
ResultToHRESULT
RtlDeleteCachedFastLock
RtlInitializeCachedFastLock
RtlInterlockedCompareWait
RtlInterlockedWakeAll
RtlQueueAcquireCachedFastLockExclusive
RtlQueueAcquireCachedFastLockShared
RtlQueueAcquireFastLockExclusive
RtlQueueAcquireFastLockShared
RtlReleaseCachedFastLockExclusive
RtlReleaseCachedFastLockShared
RtlReleaseFastLockExclusive
RtlReleaseFastLockShared
RtlTryAcquireCachedFastLockShared
RtlTryAcquireFastLockExclusive
RtlTryAcquireFastLockShared
RtlpInitFastLock
RtlpReleaseIdleSlots
SetCorrelationIdToWbemContext
SetModifiedPropertyNamesToContext
WriteWBEM_MC_CLIENT_REQUEST_FAILURE
XMLDOM_Free
XMLDOM_Parse
XML_FormatError
XML_Init
XML_Next
XML_PutError
XML_RegisterNameSpace
XML_SetText
XML_StripWhitespace
_CimTypeToType@8
_CompareInstance@12
_CompareValue@12
_DestinationOptions_Create@8
_DestinationOptions_Duplicate@8
_DestinationOptions_MigrateOptions@16
_FindClassDecl@8
_FindMethodDecl@8
_FindQualifierInWMIObject@16
_GetMethodParameters@32
_GetReferenceFromWMIObjectPath@16
_InstanceToWMIEvent@16
_InstanceToWMIExtendedStatus@16
_InstanceToWMIObject@24
_IsLifeCycleIndicationQuery@12
_OperationOptions_CopyOptions@8
_OperationOptions_Create@12
_OperationOptions_MigrateOptions@8
_OptionsValueToContextValue@24
_Options_FindValue@8
_ParametersToWMIObject@40
_PropertyToVariant@20
_QualifierFlavorToWMI@4
_SetProperties@24
_SubscriptionDeliveryOptions_Create@12
_SubscriptionDeliveryOptions_MigrateOptions@8
_TypeToCimType@4
_ValueClear@8
_ValueToVariant@24
_VariantArrayToSafeArray@12
_VariantToValue@28
_WMIEventToCIMIndication@12
_WMIExtendedObjectToInstance@20
_WMIObjectToClass@20
_WMIObjectToInstance@28
_WMIQualifierFlavorToMI@8

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win8-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
.dll windows:4 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win8-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win8-x64/native/mi.dll
.dll windows:6 windows x64

bb90fa1152c26d374f1fb52e0a6fb2c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
wcscpy_s
swprintf_s
_set_output_format
_wcsicmp
_ui64tow_s
_i64tow_s
_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
wcstoul
memset

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-1

SetThreadToken
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentThread
GetCurrentProcess
OpenThreadToken

api-ms-win-security-base-l1-2-0

ImpersonateSelf
RevertToSelf

api-ms-win-core-errorhandling-l1-1-1

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-interlocked-l1-2-0

InterlockedPopEntrySList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-libraryloader-l1-1-1

DisableThreadLibraryCalls
LoadStringW
LoadLibraryExW
GetProcAddress
FreeLibrary

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-2-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

ntdll

RtlEqualSid

miutils

RCClass_AddMethod
RCClass_AddMethodQualifierArray
RCClass_AddClassQualifierArray
RCClass_AddMethodParameterQualifierArray
OSC_Type_GetSize
XMLDOM_Parse
RCClass_AddClassQualifierArrayItem
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddElementArray
XMLDOM_Free
Instance_IsDynamic
RCClass_AddMethodQualifier
RCClass_AddElementQualifierArray
Instance_SetElementArrayItem
MI_Hash
RCClass_AddMethodParameterQualifier
RCClass_AddElement
RCClass_AddClassQualifier
RCClass_AddMethodParameter
CimErrorFromErrorCode
RtlInitializeCachedFastLock
MiErrorCategoryFromWindowsError
RtlQueueAcquireCachedFastLockExclusive
Instance_New
SubscriptionDeliveryOptions_Create
Config_GetRegString
RtlDeleteCachedFastLock
RtlInterlockedCompareWait
RtlReleaseCachedFastLockExclusive
DestinationOptions_Create
RtlInterlockedWakeAll
OperationOptions_Create
Instance_InitDynamic
PublishDebugMessage
DestinationOptions_Duplicate
DestinationOptions_MigrateOptions
SubscriptionDeliveryOptions_MigrateOptions
OperationOptions_MigrateOptions
Options_FindValue
RtlTryAcquireCachedFastLockShared
RtlReleaseCachedFastLockShared
Config_GetProtocolHandlerDetails
RtlQueueAcquireCachedFastLockShared
OSC_StringToMiValue
RCClass_New
Instance_SetElementArray
RCClass_AddElementQualifier
RCClass_AddElementArrayItem
RCClass_AddElementQualifierArrayItem
RCClass_AddMethodQualifierArrayItem

Exports

Exports

MI_Application_InitializeV1
mi_clientFT_V1

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win8-x64/native/miutils.dll
.dll windows:6 windows x64

e1affd03a6f8386979b9a28f894bb73c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
__dllonexit
_wcstoi64
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
_wcsicmp
_CxxThrowException
_wtoi
wcscpy_s
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
memmove_s
_wcsdup
_i64tow_s
swscanf_s
_ui64tow_s
_vsnwprintf
wcstol
wcsstr
free
__CxxFrameHandler3
wcstod
wcschr
_iob
fwprintf
_swprintf_c
_wcsnicmp
memcpy
memcmp
wcstoul
_wcstoui64
memset

api-ms-win-core-heap-l1-2-0

HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-synch-l1-2-0

CreateEventW
SetEvent
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
ResetEvent
WaitForSingleObject
Sleep
EnterCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-2-0

GetSystemInfo
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetComputerNameExW

api-ms-win-core-processthreads-l1-1-1

GetCurrentThreadId
GetProcessId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
SwitchToThread

api-ms-win-core-libraryloader-l1-1-1

GetModuleHandleW
GetProcAddress
LoadStringW
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-localization-l1-2-0

GetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateGuid
CoCreateInstance

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-2-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

ntdll

RtlGetCurrentProcessorNumber

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

??0CAutoSetActivityId@@QEAA@XZ
??0CCritSec@@QEAA@XZ
??0DynamicSchema@@QEAA@XZ
??0IndicationSchema@@QEAA@XZ
??0StaticSchema@@QEAA@XZ
??0WMISchema@@QEAA@XZ
??0WMISchema@@QEAA@_N@Z
??1CAutoSetActivityId@@QEAA@XZ
??1CCritSec@@QEAA@XZ
??1WMISchema@@UEAA@XZ
??4CAutoSetActivityId@@QEAAAEAV0@AEBV0@@Z
??4CCritSec@@QEAAAEAV0@AEBV0@@Z
?CreateInstance@DynamicSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?CreateInstance@IndicationSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?CreateInstance@StaticSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?DeInitialize@WMISchema@@QEAAJXZ
?GetFlags@MiSchema@@UEBAJXZ
?GetMiClass@DynamicSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetMiClass@IndicationSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetMiClass@StaticSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetNoneCachedWmiClass@WMISchema@@UEAAJPEBGPEAUIWbemServices@@AEAV?$CComPtr@UIWbemClassObject@@@ATL@@PEAUIConversionContext@@@Z
?GetWmiClass@WMISchema@@UEAAJPEBG0AEAV?$CComPtr@UIWbemClassObject@@@ATL@@PEAUIConversionContext@@@Z
?GetWmiIWbemServices@WMISchema@@UEAAJPEBGAEAV?$CComPtr@UIWbemServices@@@ATL@@@Z
?Initialize@StaticSchema@@QEAAJPEBU_MI_Module@@@Z
?SetFlags@MiSchema@@MEAAJJ@Z
CimErrorFromErrorCode
CimError_Construct
CimStatusCodeFromWindowsError
CimTypeToType
ClassCache_AddClass
ClassCache_Delete
ClassCache_GetClass
ClassCache_New
Class_New
CompareInstance
CompareValue
Config_GetProtocolHandlerDetails
Config_GetRegString
CreateConversionContext
DestinationOptions_Create
DestinationOptions_Duplicate
DestinationOptions_MigrateOptions
FindClassDecl
FindMethodDecl
FindQualifierInWMIObject
GetCorrelationId
GetMethodParameters
GetReferenceFromWMIObjectPath
InstanceToWMIEvent
InstanceToWMIExtendedStatus
InstanceToWMIObject
Instance_Clone
Instance_Construct
Instance_GetResourceURI
Instance_InitDynamic
Instance_IsDynamic
Instance_MatchKeys
Instance_New
Instance_SetElementArray
Instance_SetElementArrayItem
Instance_SetResourceURI
Instance_SetServerName
IsLifeCycleIndicationQuery
MI_Hash
MiErrorCategoryFromWindowsError
OSC_Batch_Destroy
OSC_Batch_Get
OSC_Batch_Strdup
OSC_StringToMiValue
OSC_Type_GetSize
OperationOptions_CopyOptions
OperationOptions_Create
OperationOptions_MigrateOptions
OptionsValueToContextValue
Options_FindValue
ParametersToWMIObject
PropertySet_New
PropertyToVariant
PublishClientOperationInfo
PublishDebugInfo
PublishDebugMessage
PublishProviderResult
PublishProviderWriteError
PublishProviderWriteMessage
QualifierFlavorToWMI
RCClass_AddClassQualifier
RCClass_AddClassQualifierArray
RCClass_AddClassQualifierArrayItem
RCClass_AddElement
RCClass_AddElementArray
RCClass_AddElementArrayItem
RCClass_AddElementQualifier
RCClass_AddElementQualifierArray
RCClass_AddElementQualifierArrayItem
RCClass_AddMethod
RCClass_AddMethodParameter
RCClass_AddMethodParameterQualifier
RCClass_AddMethodParameterQualifierArray
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifier
RCClass_AddMethodQualifierArray
RCClass_AddMethodQualifierArrayItem
RCClass_New
ResultFromHRESULT
ResultToHRESULT
RtlDeleteCachedFastLock
RtlInitializeCachedFastLock
RtlInterlockedCompareWait
RtlInterlockedWakeAll
RtlQueueAcquireCachedFastLockExclusive
RtlQueueAcquireCachedFastLockShared
RtlQueueAcquireFastLockExclusive
RtlQueueAcquireFastLockShared
RtlReleaseCachedFastLockExclusive
RtlReleaseCachedFastLockShared
RtlReleaseFastLockExclusive
RtlReleaseFastLockShared
RtlTryAcquireCachedFastLockShared
RtlTryAcquireFastLockExclusive
RtlTryAcquireFastLockShared
RtlpInitFastLock
SetCorrelationIdToWbemContext
SetModifiedPropertyNamesToContext
SetProperties
SubscriptionDeliveryOptions_Create
SubscriptionDeliveryOptions_MigrateOptions
TypeToCimType
ValueClear
ValueToVariant
VariantArrayToSafeArray
VariantToValue
WMIEventToCIMIndication
WMIExtendedObjectToInstance
WMIObjectToClass
WMIObjectToInstance
WMIQualifierFlavorToMI
WriteWBEM_MC_CLIENT_REQUEST_FAILURE
XMLDOM_Free
XMLDOM_Parse
XML_FormatError
XML_Init
XML_Next
XML_PutError
XML_RegisterNameSpace
XML_SetText
XML_StripWhitespace

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win8-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
.dll windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win8-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win8-x86/native/mi.dll
.dll windows:6 windows x86

bfdecafea42090f77cc919fbcd2f3831

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
wcscpy_s
swprintf_s
_set_output_format
_wcsicmp
_ui64tow_s
_i64tow_s
_XcptFilter
_amsg_exit
free
malloc
_initterm
_except_handler4_common
wcstoul
memset

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-interlocked-l1-2-0

InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
InterlockedCompareExchange
InterlockedCompareExchange64
InterlockedIncrement
InterlockedDecrement
InterlockedExchange

api-ms-win-core-processthreads-l1-1-1

GetCurrentProcess
SetThreadToken
OpenThreadToken
GetCurrentThread
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-security-base-l1-2-0

RevertToSelf
ImpersonateSelf

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-1-1

LoadLibraryExW
GetProcAddress
LoadStringW
DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

ntdll

RtlEqualSid

miutils

RCClass_AddMethod
RCClass_AddMethodQualifierArray
RCClass_AddClassQualifierArray
RCClass_AddMethodParameterQualifierArray
Instance_SetElementArrayItem
RCClass_AddClassQualifierArrayItem
OSC_Type_GetSize
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddElementArray
XMLDOM_Free
Instance_IsDynamic
RCClass_AddMethodQualifier
RCClass_AddElementQualifierArray
MI_Hash
XMLDOM_Parse
RCClass_AddMethodParameterQualifier
RCClass_AddElement
RCClass_AddClassQualifier
RCClass_AddMethodParameter
CimErrorFromErrorCode
RtlInitializeCachedFastLock
MiErrorCategoryFromWindowsError
RtlQueueAcquireCachedFastLockExclusive
Instance_New
_SubscriptionDeliveryOptions_Create@12
Config_GetRegString
RtlDeleteCachedFastLock
RtlInterlockedCompareWait
RtlReleaseCachedFastLockExclusive
_DestinationOptions_Create@8
RtlInterlockedWakeAll
_OperationOptions_Create@12
Instance_InitDynamic
PublishDebugMessage
_DestinationOptions_Duplicate@8
_DestinationOptions_MigrateOptions@16
_SubscriptionDeliveryOptions_MigrateOptions@8
_OperationOptions_MigrateOptions@8
_Options_FindValue@8
RtlTryAcquireCachedFastLockShared
RtlReleaseCachedFastLockShared
Config_GetProtocolHandlerDetails
RtlQueueAcquireCachedFastLockShared
OSC_StringToMiValue
RCClass_New
Instance_SetElementArray
RCClass_AddElementQualifier
RCClass_AddElementArrayItem
RCClass_AddElementQualifierArrayItem
RCClass_AddMethodQualifierArrayItem

Exports

Exports

MI_Application_InitializeV1
mi_clientFT_V1

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win8-x86/native/miutils.dll
.dll windows:6 windows x86

3e627856adb39a4c2cd88d6e3af6b95f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

?what@exception@@UBEPBDXZ
wcsstr
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_vsnwprintf
_purecall
free
??0exception@@QAE@ABQBD@Z
_ui64tow_s
wcschr
swscanf_s
??0exception@@QAE@ABV0@@Z
memcpy_s
wcscpy_s
_wtoi
_iob
_except_handler4_common
_onexit
__dllonexit
memmove_s
_unlock
fwprintf
_lock
_swprintf_c
_i64tow_s
??1type_info@@UAE@XZ
_wcsnicmp
?terminate@@YAXXZ
_wcstoui64
_initterm
_wcstoi64
_wcsdup
_wcsicmp
malloc
_amsg_exit
wcstod
_XcptFilter
wcstol
__CxxFrameHandler3
memcpy
memcmp
wcstoul
_CxxThrowException
memset

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-interlocked-l1-2-0

InterlockedDecrement
InterlockedCompareExchange
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange

api-ms-win-core-synch-l1-2-0

SetEvent
ResetEvent
CreateEventW
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
Sleep
InitializeCriticalSection
EnterCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-2-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount64
GetSystemInfo
GetTickCount
GetComputerNameExW

api-ms-win-core-processthreads-l1-1-1

GetCurrentProcessId
GetCurrentProcess
GetProcessId
SwitchToThread
GetCurrentThreadId
TerminateProcess

api-ms-win-core-libraryloader-l1-1-1

GetModuleHandleW
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
LoadStringW

api-ms-win-core-localization-l1-2-0

GetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateInstance
CoCreateGuid

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWrite

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

ntdll

RtlGetCurrentProcessorNumber

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

??0CAutoSetActivityId@@QAE@XZ
??0CCritSec@@QAE@XZ
??0DynamicSchema@@QAE@XZ
??0IndicationSchema@@QAE@XZ
??0StaticSchema@@QAE@XZ
??0WMISchema@@QAE@XZ
??0WMISchema@@QAE@_N@Z
??1CAutoSetActivityId@@QAE@XZ
??1CCritSec@@QAE@XZ
??1WMISchema@@UAE@XZ
??4CAutoSetActivityId@@QAEAAV0@ABV0@@Z
??4CCritSec@@QAEAAV0@ABV0@@Z
?CreateInstance@DynamicSchema@@UAGJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?CreateInstance@IndicationSchema@@UAGJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?CreateInstance@StaticSchema@@UAGJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?DeInitialize@WMISchema@@QAGJXZ
?GetFlags@MiSchema@@UBGJXZ
?GetMiClass@DynamicSchema@@UAGJPBG00PAPBU_MI_Class@@@Z
?GetMiClass@IndicationSchema@@UAGJPBG00PAPBU_MI_Class@@@Z
?GetMiClass@StaticSchema@@UAGJPBG00PAPBU_MI_Class@@@Z
?GetNoneCachedWmiClass@WMISchema@@UAGJPBGPAUIWbemServices@@AAV?$CComPtr@UIWbemClassObject@@@ATL@@PAUIConversionContext@@@Z
?GetWmiClass@WMISchema@@UAGJPBG0AAV?$CComPtr@UIWbemClassObject@@@ATL@@PAUIConversionContext@@@Z
?GetWmiIWbemServices@WMISchema@@UAGJPBGAAV?$CComPtr@UIWbemServices@@@ATL@@@Z
?Initialize@StaticSchema@@QAGJPBU_MI_Module@@@Z
?SetFlags@MiSchema@@MAGJJ@Z
CimErrorFromErrorCode
CimError_Construct
CimStatusCodeFromWindowsError
ClassCache_AddClass
ClassCache_Delete
ClassCache_GetClass
ClassCache_New
Class_New
Config_GetProtocolHandlerDetails
Config_GetRegString
CreateConversionContext
GetCorrelationId
Instance_Clone
Instance_Construct
Instance_GetResourceURI
Instance_InitDynamic
Instance_IsDynamic
Instance_MatchKeys
Instance_New
Instance_SetElementArray
Instance_SetElementArrayItem
Instance_SetResourceURI
Instance_SetServerName
MI_Hash
MiErrorCategoryFromWindowsError
OSC_Batch_Destroy
OSC_Batch_Get
OSC_Batch_Strdup
OSC_StringToMiValue
OSC_Type_GetSize
PropertySet_New
PublishClientOperationInfo
PublishDebugInfo
PublishDebugMessage
PublishProviderResult
PublishProviderWriteError
PublishProviderWriteMessage
RCClass_AddClassQualifier
RCClass_AddClassQualifierArray
RCClass_AddClassQualifierArrayItem
RCClass_AddElement
RCClass_AddElementArray
RCClass_AddElementArrayItem
RCClass_AddElementQualifier
RCClass_AddElementQualifierArray
RCClass_AddElementQualifierArrayItem
RCClass_AddMethod
RCClass_AddMethodParameter
RCClass_AddMethodParameterQualifier
RCClass_AddMethodParameterQualifierArray
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifier
RCClass_AddMethodQualifierArray
RCClass_AddMethodQualifierArrayItem
RCClass_New
ResultFromHRESULT
ResultToHRESULT
RtlDeleteCachedFastLock
RtlInitializeCachedFastLock
RtlInterlockedCompareWait
RtlInterlockedWakeAll
RtlQueueAcquireCachedFastLockExclusive
RtlQueueAcquireCachedFastLockShared
RtlQueueAcquireFastLockExclusive
RtlQueueAcquireFastLockShared
RtlReleaseCachedFastLockExclusive
RtlReleaseCachedFastLockShared
RtlReleaseFastLockExclusive
RtlReleaseFastLockShared
RtlTryAcquireCachedFastLockShared
RtlTryAcquireFastLockExclusive
RtlTryAcquireFastLockShared
RtlpInitFastLock
SetCorrelationIdToWbemContext
SetModifiedPropertyNamesToContext
WriteWBEM_MC_CLIENT_REQUEST_FAILURE
XMLDOM_Free
XMLDOM_Parse
XML_FormatError
XML_Init
XML_Next
XML_PutError
XML_RegisterNameSpace
XML_SetText
XML_StripWhitespace
_CimTypeToType@8
_CompareInstance@12
_CompareValue@12
_DestinationOptions_Create@8
_DestinationOptions_Duplicate@8
_DestinationOptions_MigrateOptions@16
_FindClassDecl@8
_FindMethodDecl@8
_FindQualifierInWMIObject@16
_GetMethodParameters@32
_GetReferenceFromWMIObjectPath@16
_InstanceToWMIEvent@16
_InstanceToWMIExtendedStatus@16
_InstanceToWMIObject@24
_IsLifeCycleIndicationQuery@12
_OperationOptions_CopyOptions@8
_OperationOptions_Create@12
_OperationOptions_MigrateOptions@8
_OptionsValueToContextValue@24
_Options_FindValue@8
_ParametersToWMIObject@40
_PropertyToVariant@20
_QualifierFlavorToWMI@4
_SetProperties@24
_SubscriptionDeliveryOptions_Create@12
_SubscriptionDeliveryOptions_MigrateOptions@8
_TypeToCimType@4
_ValueClear@8
_ValueToVariant@24
_VariantArrayToSafeArray@12
_VariantToValue@28
_WMIEventToCIMIndication@12
_WMIExtendedObjectToInstance@20
_WMIObjectToClass@20
_WMIObjectToInstance@28
_WMIQualifierFlavorToMI@8

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win81-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
.dll windows:4 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win81-x64/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win81-x64/native/Microsoft.Management.Infrastructure.Native.Unmanaged.dll
.dll windows:6 windows x64

fce40492be9144dcc09d7f08f33fe3ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
malloc
_amsg_exit
_XcptFilter
__C_specific_handler
free
memset

api-ms-win-core-threadpool-l1-2-0

CloseThreadpool
CreateThreadpoolWork
LeaveCriticalSectionWhenCallbackReturns
FreeLibraryWhenCallbackReturns
CreateThreadpool
SubmitThreadpoolWork
CloseThreadpoolWork
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-2-0

Sleep
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-2

OpenThreadToken
GetCurrentProcess
GetCurrentProcessId
SetThreadToken
GetCurrentThread
TerminateProcess
GetCurrentThreadId

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

mi

mi_clientFT_V1

Exports

Exports

GetAddr_OperationCallbacks_ClassObjectNeededCallback
GetAddr_OperationCallbacks_FreeIncludedFileBufferCallback
GetAddr_OperationCallbacks_GetIncludedFileBufferCallback
GetAddr_OperationCallbacks_NativeClassCallback
GetAddr_OperationCallbacks_NativeIndicationCallback
GetAddr_OperationCallbacks_NativeInstanceCallback
GetAddr_OperationCallbacks_NativePromptUserCallback
GetAddr_OperationCallbacks_NativeStreamedParameterResultCallback
GetAddr_OperationCallbacks_NativeWriteErrorCallback
GetAddr_OperationCallbacks_NativeWriteMessageCallback
GetAddr_OperationCallbacks_NativeWriteProgressCallback
GetAddr_SessionHandle_OnReleaseHandleCompleted
MI_ApplicationWrapper_Initialize
MI_ApplicationWrapper_ScheduleCleanupCallback
MI_ApplicationWrapper_SetAppDomainIsUnloading
MI_Helpers_GetCurrentSecurityToken
MI_Helpers_IsClrShuttingDown
MI_Helpers_SetClrIsNotShuttingDown
MI_Helpers_SetClrIsShuttingDown
MI_OperationWrapper_DecrementCount_AndDontWorryAboutLifetimeOfMiDotNetDll
MI_OperationWrapper_DecrementCount_AndManageLifetimeOfMiDotNetDll
MI_OperationWrapper_GetClass
MI_OperationWrapper_GetIndication
MI_OperationWrapper_GetInstance
MI_OperationWrapper_Initialize
MI_OperationWrapper_ScheduleDrainingWorkIfNeeded
MI_OperationWrapper_SetupDrainingIfNeeded
UnmanagedMI_GetMiClientFT_V1
UnmanagedMI_GetMiEvaluatorFT_V1
UnmanagedMI_GetMiMonitoringFT_V1
UnmanagedMI_GetMiReactiveExtensionsFT_V1

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 94B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win81-x64/native/mi.dll
.dll windows:6 windows x64

e7595d8b4d7f1963c8c4776b67c4b8b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
memset
wcstoul
wcscpy_s
swprintf_s
_wcsicmp
_set_output_format
_ui64tow_s
_i64tow_s
_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
wcscmp

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
OpenThreadToken
GetCurrentThreadId
SetThreadToken
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId

api-ms-win-security-base-l1-2-0

ImpersonateSelf
RevertToSelf

api-ms-win-core-errorhandling-l1-1-1

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-interlocked-l1-2-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
LoadStringW
LoadLibraryExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

ntdll

RtlEqualSid

miutils

DestinationOptions_MigrateOptions
OSC_Type_GetSize
Instance_SetElementArrayItem
RCClass_AddMethod
RCClass_AddMethodQualifierArray
RCClass_AddClassQualifierArray
RCClass_AddMethodParameterQualifierArray
XMLDOM_Parse
RCClass_AddClassQualifierArrayItem
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddElementArray
XMLDOM_Free
Instance_IsDynamic
RCClass_AddMethodQualifier
RCClass_AddElementQualifierArray
MI_Hash
RCClass_AddMethodParameterQualifier
RCClass_AddElement
CimErrorFromErrorCode
RtlInitializeCachedFastLock
MiErrorCategoryFromWindowsError
RtlQueueAcquireCachedFastLockExclusive
Instance_New
SubscriptionDeliveryOptions_Create
Config_GetRegString
RtlDeleteCachedFastLock
RtlInterlockedCompareWait
RtlReleaseCachedFastLockExclusive
DestinationOptions_Create
RtlInterlockedWakeAll
OperationOptions_Create
RCClass_AddClassQualifier
PublishDebugMessage
DestinationOptions_Duplicate
Instance_InitDynamic
SubscriptionDeliveryOptions_MigrateOptions
OperationOptions_MigrateOptions
Options_FindValue
RtlTryAcquireCachedFastLockShared
RtlReleaseCachedFastLockShared
Config_GetProtocolHandlerDetails
RtlQueueAcquireCachedFastLockShared
OSC_StringToMiValue
RCClass_New
Instance_SetElementArray
RCClass_AddElementQualifier
RCClass_AddElementArrayItem
RCClass_AddElementQualifierArrayItem
RCClass_AddMethodQualifierArrayItem
RCClass_AddMethodParameter

Exports

Exports

MI_Application_InitializeV1
mi_clientFT_V1

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win81-x64/native/miutils.dll
.dll windows:6 windows x64

b392b010bd401b9710658614deefbc88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

free
swscanf_s
wcsstr
wcschr
memmove_s
_wcsdup
_i64tow_s
_iob
_purecall
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_onexit
__dllonexit
_unlock
_ui64tow_s
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
_initterm
fwprintf
malloc
_amsg_exit
_swprintf_c
_XcptFilter
__CxxFrameHandler3
_wcsnicmp
_CxxThrowException
_wcstoui64
_wtoi
_wcstoi64
_vsnwprintf
_wcsicmp
wcscpy_s
memcpy_s
??0exception@@QEAA@AEBV0@@Z
wcstod
??0exception@@QEAA@AEBQEBDH@Z
wcstol
memset
memcpy
wcstoul
??0exception@@QEAA@AEBQEBD@Z
memcmp
wcscmp

api-ms-win-core-heap-l1-2-0

HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW
RegQueryValueExW

api-ms-win-core-synch-l1-2-0

ResetEvent
CreateEventW
LeaveCriticalSection
InitializeCriticalSection
SetEvent
WaitForSingleObject
EnterCriticalSection
Sleep
DeleteCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-2-1

GetComputerNameExW
GetTickCount64
GetSystemDirectoryW
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-2

GetProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
SwitchToThread
GetCurrentProcessId

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
DisableThreadLibraryCalls
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryExW

api-ms-win-core-localization-l1-2-1

FormatMessageW
GetThreadPreferredUILanguages

api-ms-win-core-com-l1-1-1

CoCreateInstance
StringFromGUID2
CoCreateGuid

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWrite
EventRegister

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

ntdll

RtlGetCurrentProcessorNumber

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

??0CAutoSetActivityId@@QEAA@XZ
??0CCritSec@@QEAA@XZ
??0DynamicSchema@@QEAA@XZ
??0IndicationSchema@@QEAA@XZ
??0StaticSchema@@QEAA@XZ
??0WMISchema@@QEAA@XZ
??0WMISchema@@QEAA@_N@Z
??1CAutoSetActivityId@@QEAA@XZ
??1CCritSec@@QEAA@XZ
??1WMISchema@@UEAA@XZ
??4CAutoSetActivityId@@QEAAAEAV0@AEBV0@@Z
??4CCritSec@@QEAAAEAV0@AEBV0@@Z
?CreateInstance@DynamicSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?CreateInstance@IndicationSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?CreateInstance@StaticSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?DeInitialize@WMISchema@@QEAAJXZ
?GetFlags@MiSchema@@UEBAJXZ
?GetMiClass@DynamicSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetMiClass@IndicationSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetMiClass@StaticSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetNoneCachedWmiClass@WMISchema@@UEAAJPEBGPEAUIWbemServices@@AEAV?$CComPtr@UIWbemClassObject@@@ATL@@PEAUIConversionContext@@@Z
?GetWmiClass@WMISchema@@UEAAJPEBG0AEAV?$CComPtr@UIWbemClassObject@@@ATL@@PEAUIConversionContext@@@Z
?GetWmiIWbemServices@WMISchema@@UEAAJPEBGAEAV?$CComPtr@UIWbemServices@@@ATL@@@Z
?Initialize@StaticSchema@@QEAAJPEBU_MI_Module@@@Z
?SetFlags@MiSchema@@MEAAJJ@Z
CimErrorFromErrorCode
CimError_Construct
CimStatusCodeFromWindowsError
CimTypeToType
ClassCache_AddClass
ClassCache_Delete
ClassCache_GetClass
ClassCache_New
Class_New
CompareInstance
CompareValue
Config_GetProtocolHandlerDetails
Config_GetRegString
CreateConversionContext
DestinationOptions_Create
DestinationOptions_Duplicate
DestinationOptions_MigrateOptions
FindClassDecl
FindMethodDecl
FindQualifierInWMIObject
GetCorrelationId
GetMethodParameters
GetReferenceFromWMIObjectPath
InstanceToWMIEvent
InstanceToWMIExtendedStatus
InstanceToWMIObject
Instance_Clone
Instance_Construct
Instance_GetResourceURI
Instance_InitDynamic
Instance_IsDynamic
Instance_MatchKeys
Instance_New
Instance_SetElementArray
Instance_SetElementArrayItem
Instance_SetResourceURI
Instance_SetServerName
IsLifeCycleIndicationQuery
MI_Hash
MiErrorCategoryFromWindowsError
OSC_Batch_Destroy
OSC_Batch_Get
OSC_Batch_Strdup
OSC_StringToMiValue
OSC_Type_GetSize
OperationOptions_CopyOptions
OperationOptions_Create
OperationOptions_MigrateOptions
OptionsValueToContextValue
Options_FindValue
ParametersToWMIObject
PropertySet_New
PropertyToVariant
PublishClientOperationInfo
PublishDebugInfo
PublishDebugMessage
PublishProviderResult
PublishProviderWriteError
PublishProviderWriteMessage
QualifierFlavorToWMI
RCClass_AddClassQualifier
RCClass_AddClassQualifierArray
RCClass_AddClassQualifierArrayItem
RCClass_AddElement
RCClass_AddElementArray
RCClass_AddElementArrayItem
RCClass_AddElementQualifier
RCClass_AddElementQualifierArray
RCClass_AddElementQualifierArrayItem
RCClass_AddMethod
RCClass_AddMethodParameter
RCClass_AddMethodParameterQualifier
RCClass_AddMethodParameterQualifierArray
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifier
RCClass_AddMethodQualifierArray
RCClass_AddMethodQualifierArrayItem
RCClass_New
ResultFromHRESULT
ResultToHRESULT
RtlDeleteCachedFastLock
RtlInitializeCachedFastLock
RtlInterlockedCompareWait
RtlInterlockedWakeAll
RtlQueueAcquireCachedFastLockExclusive
RtlQueueAcquireCachedFastLockShared
RtlQueueAcquireFastLockExclusive
RtlQueueAcquireFastLockShared
RtlReleaseCachedFastLockExclusive
RtlReleaseCachedFastLockShared
RtlReleaseFastLockExclusive
RtlReleaseFastLockShared
RtlTryAcquireCachedFastLockShared
RtlTryAcquireFastLockExclusive
RtlTryAcquireFastLockShared
RtlpInitFastLock
SetCorrelationIdToWbemContext
SetModifiedPropertyNamesToContext
SetProperties
SubscriptionDeliveryOptions_Create
SubscriptionDeliveryOptions_MigrateOptions
TypeToCimType
ValueClear
ValueToVariant
VariantArrayToSafeArray
VariantToValue
WMIEventToCIMIndication
WMIExtendedObjectToInstance
WMIObjectToClass
WMIObjectToInstance
WMIQualifierFlavorToMI
WriteWBEM_MC_CLIENT_REQUEST_FAILURE
XMLDOM_Free
XMLDOM_Parse
XML_FormatError
XML_Init
XML_Next
XML_PutError
XML_RegisterNameSpace
XML_SetText
XML_StripWhitespace

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win81-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.Native.dll
.dll windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win81-x86/lib/netstandard1.6/Microsoft.Management.Infrastructure.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win81-x86/native/Microsoft.Management.Infrastructure.Native.Unmanaged.dll
.dll windows:6 windows x86

d3ebc3f2c1366051d584c7dbd2a42ac3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler4_common
_initterm
malloc
_amsg_exit
_XcptFilter
free
memset

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
SubmitThreadpoolWork
SetThreadpoolThreadMaximum
CreateThreadpool
CreateThreadpoolWork
CloseThreadpoolWork
SetThreadpoolThreadMinimum
LeaveCriticalSectionWhenCallbackReturns
CloseThreadpool

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary

api-ms-win-core-synch-l1-2-0

EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
Sleep
DeleteCriticalSection

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-2

OpenThreadToken
GetCurrentThreadId
SetThreadToken
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThread

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

mi

mi_clientFT_V1

Exports

Exports

GetAddr_OperationCallbacks_ClassObjectNeededCallback
GetAddr_OperationCallbacks_FreeIncludedFileBufferCallback
GetAddr_OperationCallbacks_GetIncludedFileBufferCallback
GetAddr_OperationCallbacks_NativeClassCallback
GetAddr_OperationCallbacks_NativeIndicationCallback
GetAddr_OperationCallbacks_NativeInstanceCallback
GetAddr_OperationCallbacks_NativePromptUserCallback
GetAddr_OperationCallbacks_NativeStreamedParameterResultCallback
GetAddr_OperationCallbacks_NativeWriteErrorCallback
GetAddr_OperationCallbacks_NativeWriteMessageCallback
GetAddr_OperationCallbacks_NativeWriteProgressCallback
GetAddr_SessionHandle_OnReleaseHandleCompleted
MI_ApplicationWrapper_Initialize
MI_ApplicationWrapper_ScheduleCleanupCallback
MI_ApplicationWrapper_SetAppDomainIsUnloading
MI_Helpers_GetCurrentSecurityToken
MI_Helpers_IsClrShuttingDown
MI_Helpers_SetClrIsNotShuttingDown
MI_Helpers_SetClrIsShuttingDown
MI_OperationWrapper_DecrementCount_AndDontWorryAboutLifetimeOfMiDotNetDll
MI_OperationWrapper_DecrementCount_AndManageLifetimeOfMiDotNetDll
MI_OperationWrapper_GetClass
MI_OperationWrapper_GetIndication
MI_OperationWrapper_GetInstance
MI_OperationWrapper_Initialize
MI_OperationWrapper_ScheduleDrainingWorkIfNeeded
MI_OperationWrapper_SetupDrainingIfNeeded
UnmanagedMI_GetMiClientFT_V1
UnmanagedMI_GetMiEvaluatorFT_V1
UnmanagedMI_GetMiMonitoringFT_V1
UnmanagedMI_GetMiReactiveExtensionsFT_V1

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win81-x86/native/mi.dll
.dll windows:6 windows x86

18230876dd1ce54fd3f86cbdc99fd37b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
wcscpy_s
swprintf_s
_wcsicmp
_set_output_format
_ui64tow_s
_i64tow_s
_XcptFilter
_amsg_exit
free
malloc
_initterm
_except_handler4_common
wcstoul
memset

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
SetThreadToken
GetCurrentProcessId
TerminateProcess
GetCurrentThread
GetCurrentProcess
OpenThreadToken

api-ms-win-security-base-l1-2-0

RevertToSelf
ImpersonateSelf

api-ms-win-core-errorhandling-l1-1-1

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-interlocked-l1-2-0

InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
LoadStringW
LoadLibraryExW
FreeLibrary

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

ntdll

RtlEqualSid

miutils

OSC_Type_GetSize
RCClass_AddMethodQualifierArray
RCClass_AddClassQualifierArray
RCClass_AddMethodParameterQualifierArray
RCClass_AddMethod
Instance_SetElementArrayItem
XMLDOM_Parse
RCClass_AddClassQualifierArrayItem
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddElementArray
XMLDOM_Free
Instance_IsDynamic
RCClass_AddMethodQualifier
RCClass_AddElementQualifierArray
MI_Hash
RCClass_AddMethodParameterQualifier
RCClass_AddElement
RCClass_AddClassQualifier
RCClass_AddMethodParameter
CimErrorFromErrorCode
RtlInitializeCachedFastLock
MiErrorCategoryFromWindowsError
RtlQueueAcquireCachedFastLockExclusive
Instance_New
_SubscriptionDeliveryOptions_Create@12
Config_GetRegString
RtlDeleteCachedFastLock
RtlInterlockedCompareWait
RtlReleaseCachedFastLockExclusive
_DestinationOptions_Create@8
RtlInterlockedWakeAll
_OperationOptions_Create@12
Instance_InitDynamic
PublishDebugMessage
_DestinationOptions_Duplicate@8
_DestinationOptions_MigrateOptions@16
_SubscriptionDeliveryOptions_MigrateOptions@8
_OperationOptions_MigrateOptions@8
_Options_FindValue@8
RtlTryAcquireCachedFastLockShared
RtlReleaseCachedFastLockShared
Config_GetProtocolHandlerDetails
RtlQueueAcquireCachedFastLockShared
OSC_StringToMiValue
RCClass_New
Instance_SetElementArray
RCClass_AddElementQualifier
RCClass_AddElementArrayItem
RCClass_AddElementQualifierArrayItem
RCClass_AddMethodQualifierArrayItem

Exports

Exports

MI_Application_InitializeV1
mi_clientFT_V1

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LastUpdate/runtimes/win81-x86/native/miutils.dll
.dll windows:6 windows x86

e6cc8f0cadc3ef5fa913e3611f52da82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcsstr
_wcsdup
free
memmove_s
_purecall
_wcsicmp
_i64tow_s
wcschr
?what@exception@@UBEPBDXZ
_vsnwprintf
_iob
??1exception@@UAE@XZ
??0exception@@QAE@XZ
swscanf_s
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
fwprintf
_initterm
malloc
_swprintf_c
_amsg_exit
_XcptFilter
_wcsnicmp
__CxxFrameHandler3
_wcstoui64
_CxxThrowException
_wcstoi64
_ui64tow_s
_wtoi
wcscpy_s
wcstod
memcpy_s
wcstol
??0exception@@QAE@ABV0@@Z
memcpy
memcmp
wcstoul
??0exception@@QAE@ABQBD@Z
memset

api-ms-win-core-heap-l1-2-0

HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW
RegQueryValueExW

api-ms-win-core-synch-l1-2-0

DeleteCriticalSection
WaitForSingleObject
SetEvent
Sleep
CreateEventW
LeaveCriticalSection
InitializeCriticalSection
ResetEvent
EnterCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-2-1

GetSystemInfo
GetComputerNameExW
GetTickCount64
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
TerminateProcess
SwitchToThread
GetCurrentProcess
GetProcessId
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
DisableThreadLibraryCalls
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryExW

api-ms-win-core-localization-l1-2-1

GetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-com-l1-1-1

CoCreateInstance
StringFromGUID2
CoCreateGuid

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWrite

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

ntdll

RtlGetCurrentProcessorNumber

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

??0CAutoSetActivityId@@QAE@XZ
??0CCritSec@@QAE@XZ
??0DynamicSchema@@QAE@XZ
??0IndicationSchema@@QAE@XZ
??0StaticSchema@@QAE@XZ
??0WMISchema@@QAE@XZ
??0WMISchema@@QAE@_N@Z
??1CAutoSetActivityId@@QAE@XZ
??1CCritSec@@QAE@XZ
??1WMISchema@@UAE@XZ
??4CAutoSetActivityId@@QAEAAV0@ABV0@@Z
??4CCritSec@@QAEAAV0@ABV0@@Z
?CreateInstance@DynamicSchema@@UAGJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?CreateInstance@IndicationSchema@@UAGJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?CreateInstance@StaticSchema@@UAGJPBGPAUIWbemClassObject@@KPBU_MI_PropertySet@@_NAAPAU_MI_Instance@@PAUIConversionContext@@@Z
?DeInitialize@WMISchema@@QAGJXZ
?GetFlags@MiSchema@@UBGJXZ
?GetMiClass@DynamicSchema@@UAGJPBG00PAPBU_MI_Class@@@Z
?GetMiClass@IndicationSchema@@UAGJPBG00PAPBU_MI_Class@@@Z
?GetMiClass@StaticSchema@@UAGJPBG00PAPBU_MI_Class@@@Z
?GetNoneCachedWmiClass@WMISchema@@UAGJPBGPAUIWbemServices@@AAV?$CComPtr@UIWbemClassObject@@@ATL@@PAUIConversionContext@@@Z
?GetWmiClass@WMISchema@@UAGJPBG0AAV?$CComPtr@UIWbemClassObject@@@ATL@@PAUIConversionContext@@@Z
?GetWmiIWbemServices@WMISchema@@UAGJPBGAAV?$CComPtr@UIWbemServices@@@ATL@@@Z
?Initialize@StaticSchema@@QAGJPBU_MI_Module@@@Z
?SetFlags@MiSchema@@MAGJJ@Z
CimErrorFromErrorCode
CimError_Construct
CimStatusCodeFromWindowsError
ClassCache_AddClass
ClassCache_Delete
ClassCache_GetClass
ClassCache_New
Class_New
Config_GetProtocolHandlerDetails
Config_GetRegString
CreateConversionContext
GetCorrelationId
Instance_Clone
Instance_Construct
Instance_GetResourceURI
Instance_InitDynamic
Instance_IsDynamic
Instance_MatchKeys
Instance_New
Instance_SetElementArray
Instance_SetElementArrayItem
Instance_SetResourceURI
Instance_SetServerName
MI_Hash
MiErrorCategoryFromWindowsError
OSC_Batch_Destroy
OSC_Batch_Get
OSC_Batch_Strdup
OSC_StringToMiValue
OSC_Type_GetSize
PropertySet_New
PublishClientOperationInfo
PublishDebugInfo
PublishDebugMessage
PublishProviderResult
PublishProviderWriteError
PublishProviderWriteMessage
RCClass_AddClassQualifier
RCClass_AddClassQualifierArray
RCClass_AddClassQualifierArrayItem
RCClass_AddElement
RCClass_AddElementArray
RCClass_AddElementArrayItem
RCClass_AddElementQualifier
RCClass_AddElementQualifierArray
RCClass_AddElementQualifierArrayItem
RCClass_AddMethod
RCClass_AddMethodParameter
RCClass_AddMethodParameterQualifier
RCClass_AddMethodParameterQualifierArray
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifier
RCClass_AddMethodQualifierArray
RCClass_AddMethodQualifierArrayItem
RCClass_New
ResultFromHRESULT
ResultToHRESULT
RtlDeleteCachedFastLock
RtlInitializeCachedFastLock
RtlInterlockedCompareWait
RtlInterlockedWakeAll
RtlQueueAcquireCachedFastLockExclusive
RtlQueueAcquireCachedFastLockShared
RtlQueueAcquireFastLockExclusive
RtlQueueAcquireFastLockShared
RtlReleaseCachedFastLockExclusive
RtlReleaseCachedFastLockShared
RtlReleaseFastLockExclusive
RtlReleaseFastLockShared
RtlTryAcquireCachedFastLockShared
RtlTryAcquireFastLockExclusive
RtlTryAcquireFastLockShared
RtlpInitFastLock
SetCorrelationIdToWbemContext
SetModifiedPropertyNamesToContext
WriteWBEM_MC_CLIENT_REQUEST_FAILURE
XMLDOM_Free
XMLDOM_Parse
XML_FormatError
XML_Init
XML_Next
XML_PutError
XML_RegisterNameSpace
XML_SetText
XML_StripWhitespace
_CimTypeToType@8
_CompareInstance@12
_CompareValue@12
_DestinationOptions_Create@8
_DestinationOptions_Duplicate@8
_DestinationOptions_MigrateOptions@16
_FindClassDecl@8
_FindMethodDecl@8
_FindQualifierInWMIObject@16
_GetMethodParameters@32
_GetReferenceFromWMIObjectPath@16
_InstanceToWMIEvent@16
_InstanceToWMIExtendedStatus@16
_InstanceToWMIObject@24
_IsLifeCycleIndicationQuery@12
_OperationOptions_CopyOptions@8
_OperationOptions_Create@12
_OperationOptions_MigrateOptions@8
_OptionsValueToContextValue@24
_Options_FindValue@8
_ParametersToWMIObject@40
_PropertyToVariant@20
_QualifierFlavorToWMI@4
_SetProperties@24
_SubscriptionDeliveryOptions_Create@12
_SubscriptionDeliveryOptions_MigrateOptions@8
_TypeToCimType@4
_ValueClear@8
_ValueToVariant@24
_VariantArrayToSafeArray@12
_VariantToValue@28
_WMIEventToCIMIndication@12
_WMIExtendedObjectToInstance@20
_WMIObjectToClass@20
_WMIObjectToInstance@28
_WMIQualifierFlavorToMI@8

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 39KB - Virtual size: 39KB

.rsrc Size: 337KB - Virtual size: 337KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

61:1e:7b:f4:d3:ef:e2:85:ec:b4:ed:2a:80:fb:e3:d1:80:34:4e:60:c6:25:4b:35:e1:b7:36:7d:c1:88:88:38Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 337KB - Virtual size: 337KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 12B

ea4dd374d22e48fdcffcc7ad5e323053

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 2KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23Certificate

Extended Key Usages

Key Usages

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7eCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

.text
Size: 39KB - Virtual size: 39KB

.rsrc
Size: 337KB - Virtual size: 337KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

61:1e:7b:f4:d3:ef:e2:85:ec:b4:ed:2a:80:fb:e3:d1:80:34:4e:60:c6:25:4b:35:e1:b7:36:7d:c1:88:88:38
Signer

.text
Size: 337KB - Virtual size: 337KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 2KB - Virtual size: 1KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

69:13:59:16:4c:8e:cc:8d:d3:88:7d:1a:11:9d:63:ed:f6:04:94:fb:56:bd:8b:f7:8e:fa:42:fe:6b:9b:a5:ad
Signer

.text
Size: 667KB - Virtual size: 666KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

76:71:4e:5b:e8:1a:d5:69:38:22:8d:8b:bf:d4:ab:44:5a:64:cb:23:5b:e4:79:67:f6:10:6d:25:ff:18:30:42
Signer

.text
Size: 58KB - Virtual size: 57KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

81:1f:04:25:84:59:55:35:70:36:52:3d:64:d2:b4:be:ba:0d:1c:ea:c2:df:7c:18:2b:54:6b:a0:e7:8c:93:b5
Signer

.text
Size: 218KB - Virtual size: 218KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 7.1MB - Virtual size: 7.1MB

.rsrc
Size: 126KB - Virtual size: 125KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 210KB - Virtual size: 210KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 136KB - Virtual size: 134KB