OBS-main[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

OBS-main.zip
Size

8.1MB
MD5

3474615e5332d235ab2be35bb23dfa60
SHA1

18f898a5e407034db61b5ecae793a36da1cd8fa2
SHA256

869d968396f78e6886fb502b3ebb97fd3b24c9e691d6779e3195b6e6640062f1
SHA512

9de3d0c52420c8f9ce7cdb484d4cb9cdbb0a3a0b098ec6f78721091836c0ddc38ec96c99a99f4061cbc40a81caf0727a0cc85ef1704f97962a960973f23cad86
SSDEEP

196608:Y0idRtyHrt3mYAHzX8jPVk00/P3rMeKJnNKtH26QFTq:YBRwc5D8j+PfrMHZMWq

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack002/OBS/OBS.exe
unpack002/OBS/System32/System32/AcSpecfc.dll
unpack002/OBS/System32/System32/ActionCenter.dll
unpack002/OBS/System32/System32/acppage.dll
unpack002/OBS/System32/System32/acproxy.dll
unpack002/OBS/System32/win/AC3ACM.acm
unpack002/OBS/System32/win/AarSvc.dll
unpack002/OBS/System32/win/AboveLockAppHost.dll
unpack002/OBS/System32/win/aadcloudap.dll
unpack002/OBS/System32/win/aadjcsp.dll
unpack002/OBS/System32/win/aadtb.dll
unpack002/OBS/System32/win/accessibilitycpl.dll

Files

OBS-main.zip
.zip
OBS-main/OBS.zip
.zip
OBS/OBS.exe
.exe windows:5 windows x86

3e04b7fd8a1addc99c7a70f06b375a65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundW

ole32

CreateStreamOnHGlobal

msimg32

GradientFill

user32

IsDialogMessageW
CharUpperBuffW

shell32

DragFinish

gdi32

CreateCompatibleBitmap

winspool.drv

ClosePrinter

kernel32

Sleep
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

Exports

Exports

Qp�ހd��v��w� ::7<�")hǱ��i��*N��C��c��A��z7:H+n[��I��̫�0FC��E�N��!��#��]�qR�L�m� ��75�:|�.ӄ-n`�pV��Vד�b�õ1�h��_�ԱK�o1U�ǥ �֍��L�X{1_A�]�,��%�W�(N��Bwi8�嘾4��tqޮ��x��z1�^!�:� �@�}$�bI�:��"�OT��Ѭ�\�!mD��Sҷ�9(�8`ğ�mAǯ��'[2��7S�\��9T��8'�ח�hZ��5W��a��A��ɏ��dF��$��!q�A T�qHc��k_�RRp�+�C<v��k$��n��y��F�1��/#��q��[��h��X�Y�s�i)PF�>�M�$�`O�4�m% ��rEP� h;�o;�s��/fK��@��ez5Y�G��\@��8��~G�b�R'=s�YԱc ��+�-Gs,��)�\�j��z�� fD��i]Ձ΁�G�t��V��ճ�xO ��Wb��ȳ��F%_�3�"H�`�p��K�w��2�S{�<��`it��F&65/L�f��fq! �0��đ�v&Ȯ��P��>�e�faà;�%��M�0p�K�Ҹ��Dwק��{��а��*��C%�ޭSҐh&wfֹ��kb�i��]%�;:k�NSԗB�p�;�?j��7G��s��i�w�p� ��й��7Yg��MJ�E�}��V��^��x5��WD� �5��u�G"&�-СIߢ�<E�\ϏA�c��'T��I��˵��/��]�7��yٽ"k��4B��/� k��"֊�ZSS�-3O�9\�. _FFw"�iRb��J\K¶��6�2>��Zq׸fzulp�n(D��K� ��D"��®|m@#s8'��5��G��G��q��\�wjBL\�Xr�B&��R z�2 ��[6wˋG�J�h��6�ݖ.&� 0��6�$��(��Uz �8c�l�pa=�4PK֨�`�!E�� O01'��o��H!�iV �ft�T3�6�� #�.g��v�n��s��=�ǻB?)R߳9~�ʞNa*�UC�%n>D�r��G�� 9�D�=�~��S>z�(�4�W��z�T�ᘄ~<�NL2|�j��?��K�nT�r>z�؀g��hvDI=�=_�U�7m��Q1��tA �U�ա��0�9�b\�3o_DLS��Z��Y��:�7��n�Ѽ�[�3Ƒ��D��P1�*�x#��l�hPa��r>9�4b��OM�ܜ��e8��I�t��C�N��agZb��t�� Jܩ/�9n=*��{S��f�d��:��ܞ�w�ZD�Y L�L 9�-k��Y|m�4�[?c3:�F ��NX8D��Fe ��mu(��S�Ѓ��}29�a��%X��>�v%V�z[�D�'Ӥ��ko<W㹳;W��z��'l�^n�e��L 8!�۶��!G) �Rtu:ːIv\@w�e�R~M��SE��Ww�AZZ�y�2(Ē%�}��vc�W��F{��Y��WUY8��ĵ��{@�o��%EA�{�ʠAۼ��y�[\��#��b��@t��w%�=NobY�޽�\��^��#�5-\�^�y(��À��{�P��pŰ��(A��RE��=\c�O��L��AɜSA��s�bշ��u�G4��q��8\��w��X:�I!>�m��>8k㌉�|��3��T��_4��h�w��Y��|k��*m�,��.{U^��W?� ��x�?�'��E'��93R숷��솧��o��xy=��ed�f�� 绅^��8�XW:uK]��m�=�c E�)��WL��fQ)�W-��V�4!��'U ��8�� &gP�7��u;�Y�*�4��V_�$^�+y��g��O�/=o�� s�1�ޭR�V��g1��}k��5� ��c�s>~Q�n��~y{8Cǻ��ц��=N-�<�El�FD��r�=�q��1E��G��|��)��P� ��Dw~S\��j�4�]��Y��5T�$q��,��ƞߨ��[s�/F��X|�ɪ�G�=��䘧��P6��r�TV!N�w&��J��s�?�Ns�38��Y�Kؙ�e�$�u�p��0Q%�d�u�F��+�Lj#�- I��5��Z6U�œ��w��:�B^�*�u3U��9�r:ol.Am;�uf�B��e�o�k��/�rE�i��<�*"�� _�'�ʃ��V��N�v""4�^#�f?۾�^Zl�]�C?�ʪ��}��W<�n��n��m�Г�/O��y��RU��o��,�k��U�K��p�y�Hc��E��5�J��6�>��Q#}2��cR�-җd:1�|ޣ�k��A�v `>vcq��H��u:�M<{V?�L��C�^�b��@�a��<j��`\��L�@W�(w�+��c�LE5�É�ٝ|��uK��Ի�<��7Kj� ��3b��L1�ubR�قLN�+~�[��_��0I*��7�G�5|T>�7v�}�F� ��mV�sԠ>��%ۜp%f�1V�{�e-�?n��֋�e/�ƕ��>F�R��{��f%�S:̽'�h��e\�a�'Cw��K��R=�3�%�� w��lY��RrO�IQe��=(2��7��_yV"DL)�$N��(��{��{U�D��&?��Jx(^$��%��_�Z�r��6�k��A}D42G�SSX[g`�[��f�H��1�Y�n��<�B{��i�Ef<\��0n��J]{*49� n�%�@}R�O4��x��RK�EY

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ythjf0
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ythjf1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ythjf2
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OBS/System32/System32/AcSpecfc.dll
.dll windows:10 windows x64

b3bfa95749de4e2c5e46ae3c8021c66b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

apphelp

SE_COM_AddServer
SE_COM_HookObject
SE_COM_Lookup
SE_ShimDPF
SE_GetShimId
SE_COM_AddHook

msvcrt

memmove
__CxxFrameHandler3
_wcsicmp
_CxxThrowException
_XcptFilter
memcpy
wcsncmp
wcsrchr
_wcsnicmp
_vsnwprintf
__C_specific_handler
wcsspn
iswctype
towlower
wcschr
wcsstr
??1type_info@@UEAA@XZ
_initterm
malloc
free
_amsg_exit
memset
iswspace
_vscwprintf

ntdll

RtlAllocateHeap
RtlFreeHeap
NtQueryKey
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegGetValueW

sspicli

GetUserNameExW

kernel32

K32GetProcessImageFileNameW
CreateProcessW
CloseHandle
OpenProcess
K32EnumProcesses
Sleep
CreateThread
GetSystemDirectoryW
SearchPathW
GetExitCodeProcess
ExitProcess
ExpandEnvironmentStringsW
MoveFileW
WaitForSingleObject
GetLastError
SetEnvironmentVariableW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetFullPathNameW
GetLongPathNameW
GetWindowsDirectoryW
HeapFree
GetModuleFileNameW
GetFileAttributesW
MultiByteToWideChar
LocalAlloc
GetCurrentProcessId
GetModuleHandleA
LocalFree
GetVersionExW
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
GetProcessHeap
HeapAlloc
GetModuleHandleExW
FindClose
GetEnvironmentVariableW
GetProcAddress
GetModuleHandleW
GetCommandLineW
FindFirstFileW

advapi32

QueryServiceStatusEx
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
EventWriteTransfer
OpenProcessToken
ControlService

ole32

CoTaskMemAlloc
CoTaskMemFree

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

userenv

GetUserProfileDirectoryW
GetAllUsersProfileDirectoryW

msi

ord145

winspool.drv

OpenPrinterW
EnumFormsW

Exports

Exports

GetHookAPIs
NotifyShims

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OBS/System32/System32/AcpiServiceVnA64.dll
.dll windows:5 windows x64

6cefa17d843d835f0e37e4ffb94b3538

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:08:d9:bc:13:07:26:de:26:ee:4e:f2:8e:13:30:84
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31/07/2012, 00:00

Not After

03/08/2015, 23:59

Subject

CN=ASUSTeK Computer Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Quality Testing Department,O=ASUSTeK Computer Inc.,L=Taipei / Peitou,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:58:4c:08:4c:80:a1:c8:d5:61:00:00:00:00:00:58
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2017, 19:18

Not After

01/11/2018, 19:18

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:83:67:f3:d3:c6:e9:c4:91:87:fc:2e:92:99:af:fd:cf:88:83:7f:26:ee:6a:1b:05:9a:8e:44:b4:54:ed:cd
Signer

Actual PE Digest

be:83:67:f3:d3:c6:e9:c4:91:87:fc:2e:92:99:af:fd:cf:88:83:7f:26:ee:6a:1b:05:9a:8e:44:b4:54:ed:cd

Digest Algorithm

sha256

PE Digest Matches

true

77:52:ce:e2:af:e5:41:77:30:d9:4c:b1:e3:85:71:d9:8b:a0:c1:dc
Signer

Actual PE Digest

77:52:ce:e2:af:e5:41:77:30:d9:4c:b1:e3:85:71:d9:8b:a0:c1:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

user32

PostMessageA

oleaut32

VariantClear

kernel32

GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapReAlloc
WaitForSingleObject
CreateThread
OutputDebugStringA
SetEvent
TerminateThread
CreateEventA
LeaveCriticalSection
GetOverlappedResult
EnterCriticalSection
WaitForMultipleObjects
DeleteCriticalSection
CloseHandle
CreateFileA
WriteFile
ReadFile
CreateMailslotW
GetLastError
CallNamedPipeA
FlushFileBuffers
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapFree
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
GetModuleHandleW
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Exports

Exports

??0CAsusService64@@QEAA@XZ
??4CAsusService64@@QEAAAEAV0@AEBV0@@Z
?fnAsusService64@@YAHXZ
?nAsusService64@@3HA
AsSysSvr_GetPerformanceState
AsSysSvr_RegisterNotify
AsSysSvr_SetPerformanceState
AsSysSvr_UnregisterNotify

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OBS/System32/System32/ActionCenter.dll
.dll windows:10 windows x64

8e4e9e8fdc2cc18b434af6f8fb7eaab9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_callnewh
malloc
free
__C_specific_handler
_purecall
memcpy_s
memcpy
_XcptFilter
__dllonexit
_onexit
__CxxFrameHandler3
isdigit
_vsnwprintf
_amsg_exit
_lock
_initterm
memcmp
_unlock
memset
wcscmp

shell32

ShellExecuteExW
ord68
ord100
SHQueryUserNotificationState

shlwapi

HashData
StrCmpIW
StrChrW
StrStrW
PathParseIconLocationW
ord158
ord219
ord278
SHRegGetValueW
StrCmpW
ord631

rpcrt4

CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentThread

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
GetModuleHandleExW
LoadStringW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObject
OpenSemaphoreW
EnterCriticalSection
DeleteCriticalSection
ReleaseSRWLockShared
CreateSemaphoreExW
AcquireSRWLockExclusive
LeaveCriticalSection
WaitForSingleObjectEx
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive
CreateMutexExW
ReleaseSemaphore

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoUninitialize
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoInitializeEx
CoTaskMemFree
CoGetMalloc
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient7
ObjectStublessClient13
ObjectStublessClient5
ObjectStublessClient3
ObjectStublessClient11
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient12
ObjectStublessClient4
ObjectStublessClient14
ObjectStublessClient10
ObjectStublessClient9

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWork

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

crypt32

CryptUnprotectData
CryptProtectData

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-marshal-l1-1-0

HWND_UserSize64
HWND_UserFree64
HWND_UserUnmarshal64
HWND_UserFree
HWND_UserMarshal64
HWND_UserSize
HWND_UserMarshal
HWND_UserUnmarshal

comctl32

ord336
ord335
ord334
ord386
ord329
ord332
ord328

kernel32

FindActCtxSectionStringW
CreateActCtxW
QueryActCtxW
ActivateActCtx
DeactivateActCtx

ntdll

WinSqmAddToStream
WinSqmAddToStreamEx

user32

KillTimer
GetWindowLongPtrW
PostMessageW
SendMessageW
SetTimer
DefWindowProcW

wevtapi

EvtNext
EvtSeek
EvtQuery
EvtCreateRenderContext
EvtRender
EvtCreateBookmark
EvtUpdateBookmark
EvtSubscribe
EvtClose

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OBS/System32/System32/acppage.dll
.dll windows:10 windows x64

7cade2c589df042803fb315f09e4a0a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memcmp
sscanf_s
wcscat_s
_wcslwr
wcschr
wcsrchr
wcsncmp
__C_specific_handler
memmove
memcpy
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
wcscpy_s
_callnewh
malloc
free
_wcsnicmp
wcsstr
_wcsupr
_wcsicmp
_vsnwprintf
_purecall
memset

ntdll

ZwOpenKey
RtlInitUnicodeStringEx
ZwQueryValueKey
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
ZwClose
ZwEnumerateKey
RtlReAllocateHeap
NtQuerySection
RtlNtStatusToDosError
NtCreateSection
RtlImageRvaToVa
RtlImageDirectoryEntryToData
RtlFreeHeap
RtlAllocateHeap
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlIsPartialPlaceholder
RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetLocalTime
CreateFileMappingW
MapViewOfFile
FileTimeToSystemTime
GetFileTime
GetVersionExW
QueryActCtxW
UnmapViewOfFile
SystemTimeToFileTime
LoadLibraryExW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
FindFirstFileW
FindClose
GetLastError
lstrcmpiA
RegQueryValueExW
HeapFree
BasepGetExeArchType
EncodePointer
RegOpenKeyExW
CreateFileW
GetSystemDirectoryW
CloseHandle
LoadLibraryW
HeapAlloc
DecodePointer
CheckElevationEnabled
GetProcAddress
LocalFree
GetProcessHeap
CreateProcessW
RegCloseKey
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
FreeLibrary
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
ExpandEnvironmentStringsW
GetModuleHandleW

user32

DialogBoxParamW
SetWindowLongPtrW
SendMessageW
EndDialog
GetSystemMetrics
SetWindowTextW
GetWindowLongPtrW
SendDlgItemMessageW
SetThreadDpiAwarenessContext
IsWindowEnabled
GetDlgItem
GetParent
EnableWindow
GetWindowTextW
LoadStringA
LoadStringW
InsertMenuW

shlwapi

PathFindExtensionW
ord176
StrCmpIW
PathFindFileNameW

advapi32

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

shell32

SHGetPathFromIDListW
SHParseDisplayName
ord155
SHGetItemFromDataObject
SHChangeNotify
SHGetNameFromIDList
ShellExecuteW

ole32

HWND_UserMarshal64
HWND_UserMarshal
HWND_UserSize
HWND_UserSize64
HWND_UserUnmarshal64
HWND_UserFree
HWND_UserUnmarshal
ObjectStublessClient3
HWND_UserFree64
CoTaskMemFree
StringFromGUID2
CoGetObject
CoCreateInstance

rpcrt4

CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
NdrDllGetClassObject
NdrDllCanUnloadNow
CStdStubBuffer_Connect
NdrOleAllocate
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Invoke

sfc

SfcIsFileProtected

msi

ord173
ord201

aepic

PicFreeFileInfo
PicRetrieveFileInfo

apphelp

SdbInitDatabase
SdbQueryFlagMask
SdbGetMatchingExe
SdbGetPathSystemSdb
SdbReleaseDatabase

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetExeFromLnk

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OBS/System32/System32/acproxy.dll
.dll windows:10 windows x64

eee13c6d596c6e9cdf034c605eafec01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_initterm
__C_specific_handler
_amsg_exit
_XcptFilter
free

ntdll

RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
WinSqmIsOptedInEx
RtlAllocateHeap

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetDriveTypeW
FindNextVolumeW
ReadFile
FindFirstVolumeW
CreateFileW
Sleep
GetLastError
DeleteFileW
CloseHandle
FindVolumeClose

advapi32

RegisterEventSourceW
DeregisterEventSource
ReportEventW

ulib

??0DSTRING@@QEAA@XZ
??0FSTRING@@QEAA@XZ
?Resize@HMEM@@QEAAEKK@Z
?Acquire@HMEM@@UEAAPEAXKK@Z
?Initialize@HMEM@@QEAAEXZ
??1HMEM@@UEAA@XZ
??0HMEM@@QEAA@XZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
??1FSTRING@@UEAA@XZ
?Initialize@FSTRING@@QEAAPEAVWSTRING@@PEAGK@Z
?SPrintf@DSTRING@@UEAAEPEBGZZ
??1DSTRING@@UEAA@XZ
?UploadSqmFromFile@SQMEXPORT@@SAEPEAX@Z

ifsutil

?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?CleanupBackingStore@WRITEVIEW_BACKINGSTORE@@SAEPEAVWSTRING@@@Z

Exports

Exports

PerformAutochkOperations

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OBS/System32/System32/ta-in/RBDSTAMIL99.dic
OBS/System32/System32/ta-in/TransliterationComponentLayouts.dgml
.xml
OBS/System32/System32/ta-lk/RBDSTAMIL99.dic
OBS/System32/System32/ta-lk/TransliterationComponentLayouts.dgml
.xml
OBS/System32/win/AC3ACM.acm
.dll windows:4 windows x86

9843c35e91e5829c994e01e3a98b625f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapDestroy
LocalFree
LocalAlloc
GlobalFree
MultiByteToWideChar
GetACP
GlobalAlloc
VirtualAlloc
GetFileType
SetHandleCount
RtlUnwind
LCMapStringW
LCMapStringA
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
VirtualFree
HeapCreate
HeapFree
GetStringTypeW
GetStdHandle
HeapAlloc
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
HeapReAlloc
GetCPInfo
GetOEMCP
LoadLibraryA
GetStringTypeA

user32

LoadStringA

winmm

GetDriverModuleHandle
DefDriverProc

Exports

Exports

DriverProc

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OBS/System32/win/AarSvc.dll
.dll windows:10 windows x64

d8ca74bb6d5be179be2e3c6df86dabc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__errno
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_toupper
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
_o__execute_onexit_table
wcschr
_o__cexit
__std_terminate
__CxxFrameHandler4
_o__callnewh
__RTDynamicCast
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoInitializeSecurity
CoWaitForMultipleHandles
CoReleaseServerProcess
CoTaskMemAlloc
CoDecrementMTAUsage
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoRegisterClassObject
CoUninitialize
CoAddRefServerProcess
CoCreateFreeThreadedMarshaler
CoResumeClassObjects
CoDisconnectContext

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateEventW
ReleaseSRWLockExclusive
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateEventExW
ReleaseMutex
OpenSemaphoreW
ReleaseSRWLockShared
EnterCriticalSection
CreateMutexExW
AcquireSRWLockShared
InitializeSRWLock
CreateMutexW
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsCreateStringReference

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

TerminateThread
TerminateProcess
GetCurrentProcess
CreateThread
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize
RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
RoTransformError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

agentactivationruntime

?ReleaseAgentActivationRuntime@@YAXXZ
?GetLoggerInstance@@YAAEAVLogger@VoiceAgentServices@Microsoft@@XZ
?GetAgentActivationRuntime@@YA?AV?$shared_ptr@VIAgentActivationRuntime@VoiceAgentServices@Microsoft@@@std@@XZ
?CreateAgentActivationRuntime@@YA?AV?$shared_ptr@VIAgentActivationRuntime@VoiceAgentServices@Microsoft@@@std@@XZ

combase

ord66
ord68
ord69
ord67

systemeventsbrokerclient

SebEnumerateEventsByType
SebQueryEventPackage

msvcp_win

??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??Bid@locale@std@@QEAA_KXZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegGetValueW
RegCreateKeyExW
RegFlushKey
RegQueryValueExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegCreateKeyW

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OBS/System32/win/AboutSettingsHandlers.dll
.dll windows:10 windows x64

e09f704df246bd7113a6f23a90f2c139

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:bd:a4:aa:29:cf:26:db:9e:74:92:9d:48:29:ba:6d:36:40:c2:35:7a:ae:5c:b3:7c:b0:4b:cd:e5:13:fc:8f
Signer

Actual PE Digest

d0:bd:a4:aa:29:cf:26:db:9e:74:92:9d:48:29:ba:6d:36:40:c2:35:7a:ae:5c:b3:7c:b0:4b:cd:e5:13:fc:8f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
__C_specific_handler
_lock
?terminate@@YAXXZ
_initterm
free
_onexit
_XcptFilter
memset
_vsnwprintf
_purecall
??_V@YAXPEAX@Z
memcpy_s
memmove_s
realloc
_snwprintf_s
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_callnewh
??1type_info@@UEAA@XZ
__CxxFrameHandler3
bsearch_s
__dllonexit
_amsg_exit
??3@YAXPEAX@Z
memcmp
_unlock
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameW
FreeLibrary
GetProcAddress

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteStringBuffer
WindowsDeleteString
WindowsPreallocateStringBuffer
WindowsCreateString
WindowsPromoteStringBuffer
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDuplicateString

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetProcessId
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
CreateThread
GetExitCodeProcess
OpenThreadToken

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GlobalMemoryStatusEx
GetComputerNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoGetMalloc
CoIncrementMTAUsage
CoSetProxyBlanket
CoCreateInstance
CoGetClassObject
CoTaskMemRealloc
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoDecrementMTAUsage
CoWaitForMultipleHandles
CoUninitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSemaphore
OpenSemaphoreW
WaitForMultipleObjectsEx
ReleaseMutex
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventExW
CreateEventW
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateMutexExW
ResetEvent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize
RoActivateInstance

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventActivityIdControl
EventWriteTransfer
EventRegister

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegNotifyChangeKeyValue
RegGetValueW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-rtcore-ntuser-window-l1-1-0

SendMessageW
GetWindowThreadProcessId
EnumWindows

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-shcore-registry-l1-1-0

SHRegGetValueW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf

ntdll

NtQueryWnfStateData

oleaut32

SysAllocString
VariantClear
SysFreeString

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-shlwapi-winrt-storage-l1-1-1

StrFormatByteSizeEx

api-ms-win-core-libraryloader-l2-1-0

QueryOptionalDelayLoadedAPI

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

dsreg

DsrFreeJoinInfo
DsrIsDeviceJoined
DsrGetJoinInfo

shcore

ord232
ord233
ord230

winbrand

BrandingLoadString
EulaFreeBuffer
GetEULAFile

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetSetting

Sections

.text
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OBS/System32/win/AboveLockAppHost.dll
.dll windows:10 windows x64

7fd0bf8399fee6705eea5c9e3dced94e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
memcpy_s
memmove_s
_vsnwprintf
_purecall
?terminate@@YAXXZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
wcsrchr
_wcsicmp
wcscspn
toupper
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_callnewh
??1type_info@@UEAA@XZ
_amsg_exit
_XcptFilter
??3@YAXPEAX@Z
memcmp
__CxxFrameHandler3
??1exception@@UEAA@XZ
memset

shcore

IUnknown_QueryService
SHTaskPoolQueueTask
SHGetThreadRef

rpcrt4

IUnknown_AddRef_Proxy
NdrCStdStubBuffer2_Release
NdrStubCall3
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
NdrStubForwardingFunction
IUnknown_Release_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsCreateStringReference
HSTRING_UserFree64
WindowsSubstringWithSpecifiedLength
HSTRING_UserUnmarshal64
WindowsDuplicateString
WindowsCreateString
HSTRING_UserSize
WindowsGetStringRawBuffer
WindowsGetStringLen
HSTRING_UserSize64
HSTRING_UserFree
HSTRING_UserMarshal
HSTRING_UserUnmarshal
WindowsStringHasEmbeddedNull
WindowsDeleteString
HSTRING_UserMarshal64

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSRWLockShared
ReleaseMutex
OpenSemaphoreW
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObject
CreateEventW
InitializeSRWLock
WaitForSingleObjectEx
CreateSemaphoreExW
ReleaseSemaphore
SetEvent
DeleteCriticalSection
CreateMutexExW
AcquireSRWLockShared

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
GetProcAddress

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventUnregister
EventRegister
EventProviderEnabled
EventWriteTransfer

api-ms-win-core-com-l1-1-0

CoMarshalInterThreadInterfaceInStream
CoCreateFreeThreadedMarshaler
CoReleaseMarshalData
CoWaitForMultipleHandles
CoWaitForMultipleObjects
CoTaskMemRealloc
CoTaskMemAlloc
CoGetStdMarshalEx
CoGetCallContext
CoCreateInstance
CoTaskMemFree
CoGetApartmentType
CoGetMalloc
CoGetInterfaceAndReleaseStream

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegGetValueW
RegQueryInfoKeyW

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

ntdll

NtQueryWnfStateData
RtlPublishWnfStateData

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient8
ObjectStublessClient6
ObjectStublessClient4
CStdStubBuffer2_CountRefs
ObjectStublessClient18
ObjectStublessClient5
ObjectStublessClient20
ObjectStublessClient13
ObjectStublessClient7
ObjectStublessClient9
CStdStubBuffer2_Disconnect
CStdStubBuffer2_QueryInterface
ObjectStublessClient19
ObjectStublessClient16
NdrProxyForwardingFunction5
ObjectStublessClient17
ObjectStublessClient3
ObjectStublessClient21
NdrProxyForwardingFunction3
CStdStubBuffer2_Connect
ObjectStublessClient15
ObjectStublessClient11
ObjectStublessClient10
ObjectStublessClient14
ObjectStublessClient12
NdrProxyForwardingFunction4

api-ms-win-core-marshal-l1-1-0

HWND_UserMarshal
HWND_UserFree
HWND_UserSize64
HWND_UserFree64
HWND_UserUnmarshal64
HWND_UserSize
HWND_UserUnmarshal
HWND_UserMarshal64

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait
RegisterWaitForSingleObject

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

combase

ord140
ord79

kernel32

GetSystemAppDataKey
OpenStateExplicit
CloseState

user32

SetRectEmpty
SetWindowLongW
GetWindowLongW
SetLayeredWindowAttributes
GetShellWindow
SetWindowPos
GetWindowBand
IsIconic
IsZoomed
GetWindowRect
SetForegroundWindow
GetSystemMetrics
SetPropW
GetWindowThreadProcessId
PostMessageW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OBS/System32/win/aadWamExtension.dll
.dll windows:10 windows x64

07964b5222adf7f9697f2c858887cebf

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:c3:d2:50:8e:c7:c3:48:39:69:a7:a9:61:7a:8e:f3:bb:cf:50:fd:63:38:ba:79:a5:31:64:db:38:8d:be:32
Signer

Actual PE Digest

47:c3:d2:50:8e:c7:c3:48:39:69:a7:a9:61:7a:8e:f3:bb:cf:50:fd:63:38:ba:79:a5:31:64:db:38:8d:be:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_onexit
__CxxFrameHandler3
??1type_info@@UEAA@XZ
memset
_XcptFilter
_amsg_exit
malloc
_initterm
__C_specific_handler
?terminate@@YAXXZ
_lock
memcpy
free
_purecall
_vsnprintf_s
memcmp
_errno
??0exception@@QEAA@AEBV0@@Z
_callnewh
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
realloc
vswprintf_s
_vscwprintf
time
swscanf
memmove_s
_unlock
memcpy_s
_vsnwprintf
_wcsicmp
_CxxThrowException
isdigit
isxdigit
strtol
isalpha
_wtof
wcsnlen
swprintf_s
_vsnprintf
wcscmp

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetModuleHandleW
GetProcAddress
LockResource
LoadResource
FindResourceExW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateMutexExW
InitializeCriticalSectionEx
CreateSemaphoreExW
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
AcquireSRWLockExclusive
InitializeSRWLock
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObjectEx
ReleaseSRWLockShared
OpenSemaphoreW
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
GetProcessHeap
HeapSize
HeapDestroy
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SetThreadStackGuarantee
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventActivityIdControl
EventUnregister
EventSetInformation

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo

sspicli

LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

ntdll

RtlAllocateHeap
RtlInitString
RtlNtStatusToDosError
RtlImageNtHeader
RtlFreeHeap

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

rpcrt4

UuidCreate

crypt32

CryptStringToBinaryW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OBS/System32/win/aadcloudap.dll
.dll regsvr32 windows:10 windows x64

fe7d16e48099ae2800333706a2d4ae90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
_CxxThrowException
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
calloc
__C_specific_handler
isdigit
strtol
isxdigit
memcmp
_wtof
free
_wcsnicmp
malloc
_wcslwr
memmove_s
_vsnprintf_s
?what@exception@@UEBAPEBDXZ
_snwprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
swprintf
_wcserror
??1type_info@@UEAA@XZ
_errno
realloc
strcmp
memset
__CxxFrameHandler3
memmove
isalpha
memcpy
_beginthreadex
wcsncpy_s
_wcsicmp
difftime
time
wcsspn
wcscspn
_time64
vswprintf_s
_vscwprintf
wcschr
_wtol
iswspace
wcsstr
_wtoi
wcsncmp
_wcslwr_s
_gmtime64_s
_wcsupr_s
vsprintf_s
_vscprintf
rand
wcsrchr
wcspbrk
_vsnprintf
swprintf_s
_mbsinc
_wcsicoll
wcsnlen
wcscmp

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleFileNameA
FindResourceExW
LoadResource
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW
SizeofResource

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
InitializeCriticalSectionEx
CreateMutexExW
AcquireSRWLockShared
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
CreateSemaphoreExW
InitializeCriticalSection
CreateEventW
AcquireSRWLockExclusive
DeleteCriticalSection
SetEvent
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseSemaphore
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapSize
HeapReAlloc
HeapDestroy
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
SetThreadStackGuarantee
GetCurrentThreadId
SetThreadToken
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventUnregister

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringEx

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemInfo
GetTickCount

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-com-l1-1-0

StringFromGUID2

rpcrt4

MesBufferHandleReset
NdrMesTypeEncode3
NdrMesTypeAlignSize3
MesEncodeFixedBufferHandleCreate
NdrMesTypeDecode3
MesDecodeBufferHandleCreate
NdrMesTypeFree3
UuidToStringW
RpcStringFreeW
UuidFromStringW
UuidIsNil
UuidCreate
MesHandleFree

api-ms-win-security-base-l1-1-0

FreeSid
GetSecurityDescriptorControl
AllocateAndInitializeSid
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
CheckTokenMembership
RevertToSelf
SetSecurityDescriptorControl
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSidIdentifierAuthority
GetSecurityDescriptorLength
EqualSid

ws2_32

InetNtopW
FreeAddrInfoW
WSACleanup
WSAStartup
GetAddrInfoW

netutils

NetApiBufferFree

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptGetHashParam
CryptDestroyHash
CryptSignHashW
CryptHashData
CryptCreateHash
CryptGenRandom
CryptSetProvParam
CryptReleaseContext
CryptGetProvParam

sspicli

LsaDeregisterLogonProcess
LsaLogonUser
LsaFreeReturnBuffer
SeciAllocateAndSetCallFlags
LsaLookupAuthenticationPackage
SspiCopyAuthIdentity
LsaRegisterLogonProcess
SspiFreeAuthIdentity
SspiEncryptAuthIdentityEx
SspiMarshalAuthIdentity
SspiLocalFree
SeciFreeCallContext

api-ms-win-security-credentials-l1-1-0

CredUnprotectW
CredIsProtectedW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegLoadKeyW
RegFlushKey
RegUnLoadKeyW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenCurrentUser

bcrypt

BCryptExportKey
BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptEncrypt
BCryptCreateHash
BCryptSetProperty
BCryptGenerateSymmetricKey

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

wkscli

NetGetJoinInformation

wldap32

ord97
ord18
ord88
ord46
ord203
ord41
ord16
ord140
ord224
ord73
ord26
ord145

ntdll

RtlGetVersion
RtlPublishWnfStateData
RtlGetPersistedStateLocation
NtAllocateLocallyUniqueId
RtlInitString
NtClose
NtOpenThreadToken
RtlAllocateHeap
RtlCopySid
NtQueryInformationToken
RtlNtStatusToDosError
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
RtlLengthRequiredSid
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlLengthSid
RtlInitializeSid
RtlImageNtHeader
RtlEqualSid
RtlFreeHeap

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrChrNW
StrRStrIW

lsasrv

LsapDbLookupGetDomainInfo

msvcp110_win

?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CloudAPPluginInitialize
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 759KB - Virtual size: 758KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OBS/System32/win/aadjcsp.dll
.dll windows:10 windows x64

f21820724f17b824298b4c5044c69c3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp110_win

?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcrt

memmove
memcpy
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
memmove_s
memcmp
memset
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_CxxThrowException
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
_wcsicmp
toupper
__CxxFrameHandler3
_vsnprintf_s

aadtb

AADTBAcquireTokenEx
AADTBFreeString

dsreg

DsrIsDeviceJoined

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ResetEvent
OpenSemaphoreW
CreateMutexExW
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseMutex
WaitForSingleObject
DeleteCriticalSection
ReleaseSRWLockExclusive
CreateEventA
EnterCriticalSection
ReleaseSRWLockShared
ReleaseSemaphore
AcquireSRWLockExclusive
SetEvent
LeaveCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventActivityIdControl
EventRegister
EventProviderEnabled

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

wkscli

NetGetJoinInformation

iphlpapi

CancelMibChangeNotify2
NotifyNetworkConnectivityHintChange
GetNetworkConnectivityHint

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoGetMalloc
CoCreateInstance
CoTaskMemFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

oleaut32

VariantInit
SysFreeString
SysAllocString

netutils

NetApiBufferFree

api-ms-win-core-winrt-l1-1-0

RoInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

LocalAlloc

Exports

Exports

DllGetClassObject

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OBS/System32/win/aadtb.dll
.dll windows:10 windows x64

70f4288e9e404bb3c7e552766ee39c43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

cryptngc

NgcDecryptWithSymmetricPopKey
NgcImportSymmetricPopKey
NgcSignWithSymmetricPopKey
NgcEnumContainers

certenroll

ord51
ord50

dsreg

DsrFreeJoinInfoEx
DsrGetJoinInfoEx

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

crypt32

CryptSignAndEncodeCertificate
CryptExportPublicKeyInfo
CryptProtectData
CryptUnprotectData
CertGetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CryptEncodeObject
CertSetCertificateContextProperty
CryptHashCertificate
CertFreeCertificateContext
CertCreateCertificateContext
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertFindCertificateInStore
CertCloseStore
CertOpenStore

ncrypt

NCryptOpenStorageProvider
NCryptOpenKey
NCryptFinalizeKey
NCryptSetProperty
NCryptCreatePersistedKey
NCryptDeleteKey
NCryptFreeObject
NCryptSignHash

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
RtlImageNtHeader

gdi32

DeleteObject
GetObjectW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
AcquireSRWLockExclusive
OpenSemaphoreW
CreateEventExW
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
LeaveCriticalSection
WaitForSingleObjectEx
SetEvent
ResetEvent
DeleteCriticalSection
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventActivityIdControl
EventUnregister

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapAlloc

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
HSTRING_UserMarshal64
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringLen
HSTRING_UserSize64
WindowsCompareStringOrdinal
HSTRING_UserUnmarshal
HSTRING_UserFree64
WindowsDuplicateString
WindowsDeleteString
HSTRING_UserMarshal
HSTRING_UserUnmarshal64
HSTRING_UserSize
WindowsCreateStringReference
WindowsConcatString
WindowsCreateString
HSTRING_UserFree

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-com-l1-1-0

CoMarshalInterThreadInterfaceInStream
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoGetObjectContext
CoCreateGuid
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoGetCallContext
CoGetInterfaceAndReleaseStream
CoGetApartmentType

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptGetProvParam
CryptAcquireContextW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
SetThreadStackGuarantee
CreateProcessW
TerminateProcess
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
Sleep

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
CopySid
GetTokenInformation
GetLengthSid

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

rpcrt4

NdrOleFree
CStdStubBuffer_IsIIDSupported
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_AddRef
NdrDllGetClassObject
NdrDllCanUnloadNow
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
NdrStubForwardingFunction

api-ms-win-core-com-midlproxystub-l1-1-0

NdrProxyForwardingFunction3
CStdStubBuffer2_Disconnect
ObjectStublessClient7
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient10
CStdStubBuffer2_Connect
CStdStubBuffer2_CountRefs

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueW
RegDeleteTreeW
RegCloseKey
RegGetValueW
RegSetValueExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

sspicli

LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaFreeReturnBuffer
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

wincorlib

?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
??0ClassNotRegisteredException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0COMException@Platform@@QE$AAA@HPE$AAVString@1@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
??0Delegate@Platform@@QE$AAA@XZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
??0Object@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z

msvcrt

_vscwprintf
_purecall
__ExceptionPtrDestroy
__ExceptionPtrCopy
__ExceptionPtrCurrentException
__ExceptionPtrCreate
?terminate@@YAXXZ
wcsstr
??_V@YAXPEAX@Z
_wcsicmp
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__ExceptionPtrRethrow
wcsnlen
wcschr
??2@YAPEAX_KHPEBDH@Z
wcsrchr
?name@type_info@@QEBAPEBDXZ
__RTtypeid
malloc
swprintf_s
_wcslwr_s
wcspbrk
iswspace
__C_specific_handler
time
wcscspn
wcsspn
_wcsicoll
wcsncmp
_wcsnicmp
_wcsupr_s
difftime
_vsnwprintf
_vsnprintf_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
__ExceptionPtrCopyException
_wtol
_wtoi
??0exception@@QEAA@AEBQEBDH@Z
memcpy_s
wcslen
_CxxThrowException
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
_initterm
realloc
__CxxFrameHandler3
??3@YAXPEAX@Z
_callnewh
memcpy
memmove
_vsnprintf
wcscat_s
wcsncpy_s
__RTDynamicCast
_gmtime64_s
wcsftime
memcmp
vswprintf_s
memmove_s
_wcsdup
memset
free

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-capability-l1-1-0

CapabilityCheck

Exports

Exports

AADTBAcquireToken
AADTBAcquireTokenEx
AADTBFreeString
AADTBFreeStruct
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 797KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OBS/System32/win/accessibilitycpl.dll
.dll regsvr32 windows:10 windows x64

164af912471cbe0c60259e8ab08b3a77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

wcsspn
_vsnprintf_s
_wcslwr_s
__CxxFrameHandler3
wcscspn
wcsrchr
_ltow_s
_vsnwprintf
memcpy
memcmp
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memset
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
calloc
wcsstr
_wcsicmp
__C_specific_handler
malloc
free
vswprintf_s
_vscwprintf
memmove_s
_itow_s
memcpy_s
_wtoi
wcschr
wcscmp

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapReAlloc
HeapSize
HeapDestroy
HeapAlloc

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
SizeofResource
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress
FindResourceExW
LoadResource
LockResource
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError

oleaut32

VariantClear
SysAllocString

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegCloseKey
RegLoadMUIStringW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW
GetUserDefaultLCID

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
CreateMutexExW
CreateSemaphoreExW
OpenSemaphoreW
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ntdll

EtwEventWriteTransfer
EtwLogTraceEvent
WinSqmAddToStream
WinSqmIncrementDWORD
WinSqmSetDWORD
WinSqmIsOptedIn

kernel32

GetFileAttributesW
DeleteFileW
CompareStringOrdinal
LoadLibraryExW
OpenMutexW
OpenJobObjectW
IsProcessInJob
OOBEComplete
GetThreadUILanguage
GetProcessMitigationPolicy
LocalAlloc
ReleaseSRWLockShared
DeleteProcThreadAttributeList
CreateThreadpoolTimer
InitializeCriticalSectionEx
AcquireSRWLockShared
AcquireSRWLockExclusive
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
GetModuleFileNameW
DeactivateActCtx
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
LocalFree
ActivateActCtx
ReleaseActCtx
CreateActCtxW
ReleaseSRWLockExclusive
CreateProcessW
GetAtomNameW
GlobalLock
GlobalUnlock
K32EnumProcesses
ProcessIdToSessionId
OpenProcess
K32EnumProcessModules
K32GetModuleBaseNameW

shlwapi

SHStrDupW
ord156
ord174
ord24
ord176
ord514
ord256
ord437
ord172
ord278
ord158
ord204
ord219
ord199
ord618

shell32

ord25
SHParseDisplayName
SHGetStockIconInfo
ShellExecuteExW
ShellExecuteW
ord155
ord18
SHBindToObject

ole32

CoTaskMemAlloc
CoGetObject

user32

GetWindowLongPtrW
GetFocus
DestroyIcon
SetTimer
DestroyWindow
SystemParametersInfoW
UnregisterClassA
KillTimer
SendMessageW
DefWindowProcW
SendInput
GetKeyState
GetShellWindow
GetWindowThreadProcessId
GetUserObjectInformationW
GetThreadDesktop
SetDesktopColorTransform
SendNotifyMessageW

dui70

?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
?AddRef@XProvider@DirectUI@@UEAAKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1XProvider@DirectUI@@UEAA@XZ
??0XProvider@DirectUI@@QEAA@XZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?Register@Element@DirectUI@@SAJXZ
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
InitProcessPriv
InitThread
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
?CustomProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetClassInfoPtr@TouchSwitch@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetOnText@TouchSwitch@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetOffText@TouchSwitch@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetToggleValue@TouchSwitch@DirectUI@@QEAAHXZ
?SliderUpdated@TouchSlider@DirectUI@@SA?AVUID@@XZ
?RemoveListener@Element@DirectUI@@QEAAXPEAUIElementListener@2@@Z
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
?BackgroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?ForegroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
??1IDataEngine@DirectUI@@UEAA@XZ
??0IDataEngine@DirectUI@@QEAA@XZ
??1IDataEntry@DirectUI@@UEAA@XZ
??0IDataEntry@DirectUI@@QEAA@XZ
?GetClass@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetActive@Element@DirectUI@@QEAAJH@Z
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
??1Element@DirectUI@@UEAA@XZ
??0Element@DirectUI@@QEAA@XZ
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?Release@Value@DirectUI@@QEAAXXZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?SetWidth@Element@DirectUI@@QEAAJH@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?SetShortcut@Element@DirectUI@@QEAAJH@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?SetSelection@Combobox@DirectUI@@QEAAJH@Z
GetElementDataEntry
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
?SetDataEngine@Repeater@DirectUI@@QEAAXPEAUIDataEngine@2@@Z
?AddString@Combobox@DirectUI@@QEAAHPEBG@Z
?SelectionChange@Combobox@DirectUI@@SA?AVUID@@XZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?GetClassInfoPtr@ScrollViewer@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@CCTrackBar@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@CCSysLink@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@CCCheckBox@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@CCBase@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@Combobox@DirectUI@@SAPEAUIClassInfo@2@XZ
UnInitProcessPriv
UnInitThread
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z

dwmapi

DwmIsCompositionEnabled

sspicli

GetUserNameExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e04b7fd8a1addc99c7a70f06b375a65

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ole32

msimg32

user32

shell32

gdi32

winspool.drv

kernel32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 142KB - Virtual size: 141KB

.data Size: 4KB - Virtual size: 7KB

.ythjf0 Size: 3.3MB - Virtual size: 3.3MB

.ythjf1 Size: 1KB - Virtual size: 1KB

.ythjf2 Size: 3.0MB - Virtual size: 3.0MB

.rsrc Size: 451KB - Virtual size: 450KB

b3bfa95749de4e2c5e46ae3c8021c66b

Headers

DLL Characteristics

File Characteristics

Imports

apphelp

msvcrt

ntdll

api-ms-win-core-registry-l1-1-0

sspicli

kernel32

advapi32

ole32

shell32

userenv

msi

winspool.drv

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 512B - Virtual size: 96B

6cefa17d843d835f0e37e4ffb94b3538

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

7d:08:d9:bc:13:07:26:de:26:ee:4e:f2:8e:13:30:84Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

33:00:00:00:58:4c:08:4c:80:a1:c8:d5:61:00:00:00:00:00:58Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

be:83:67:f3:d3:c6:e9:c4:91:87:fc:2e:92:99:af:fd:cf:88:83:7f:26:ee:6a:1b:05:9a:8e:44:b4:54:ed:cdSigner

77:52:ce:e2:af:e5:41:77:30:d9:4c:b1:e3:85:71:d9:8b:a0:c1:dcSigner

Headers

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 142KB - Virtual size: 141KB

.data
Size: 4KB - Virtual size: 7KB

.ythjf0
Size: 3.3MB - Virtual size: 3.3MB

.ythjf1
Size: 1KB - Virtual size: 1KB

.ythjf2
Size: 3.0MB - Virtual size: 3.0MB

.rsrc
Size: 451KB - Virtual size: 450KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 512B - Virtual size: 96B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

7d:08:d9:bc:13:07:26:de:26:ee:4e:f2:8e:13:30:84
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

33:00:00:00:58:4c:08:4c:80:a1:c8:d5:61:00:00:00:00:00:58
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

be:83:67:f3:d3:c6:e9:c4:91:87:fc:2e:92:99:af:fd:cf:88:83:7f:26:ee:6a:1b:05:9a:8e:44:b4:54:ed:cd
Signer

77:52:ce:e2:af:e5:41:77:30:d9:4c:b1:e3:85:71:d9:8b:a0:c1:dc
Signer

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 158KB - Virtual size: 157KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 6KB - Virtual size: 6KB