Setup[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.rar
Size

39.7MB
MD5

7388546c55ff51a063d69f6564f5ef7d
SHA1

d3c4a1f967efcb0483ee9e98c7ad348a87c8eeb2
SHA256

70105d16f9988bc8cf7dd0456873b90ce7dd542f6b9aae0b1c2e37d32f324a1c
SHA512

da48b734f108325d8056a16c48e6dc1ad63114b8b2b3c87f07e7ceb5d5c24656db18617276868694f0f7347246891812b3f5b0267c230b82bb4651a0ebfb6de0
SSDEEP

786432:x8xZrLAbO1tUSzhds6FgZpd8jYmRICWl8PvGVGCUUSlCPdvO:xMcSxdtFgvuUmRglwFXUEedvO

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PROPAMAT/HologramWorld.dll
unpack001/PROPAMAT/mshtml.dll
unpack001/Setup.exe
unpack001/Templates/Hydrogen.dll
unpack001/Templates/edgehtml.dll

Files

Setup.rar
.rar

Password: 1234
PROPAMAT/HologramWorld.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

824cffff2cbdd76a3d842387b66e90ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp_win

?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?_Xbad_function_call@std@@YAXXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
_Strcoll
_Strxfrm
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?swap@?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?swap@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
??Bid@locale@std@@QEAA_KXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Throw_C_error@std@@YAXH@Z

api-ms-win-crt-math-l1-1-0

expf
fmodf
_isnan
cosf
atanf
atan2f
modff
log10f
_fdtest
tanf
logf

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__free_base
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__strtod_l
_o__strtoi64_l
_o__strtoui64_l
memmove
_o__wcstoi64
_o__wfopen
_o_fclose
_o_fflush
_o_fread
_o_free
_o_fseek
_o_ftell
_o_isalpha
_o_isxdigit
_o_malloc
_o_nextafterf
_o_pow
_o_powf
_o_realloc
_o_roundf
_o_strcpy_s
_o_strncpy_s
_o_strtod
_o_strtol
_o_strtoul
_o_terminate
_o_tolower
_o_wcscpy_s
_o_wcstod
_o_wcstol
__CxxFrameHandler3
__C_specific_handler
_CxxThrowException
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o__create_locale
_o__configure_narrow_argv
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
_o__execute_onexit_table
strstr
strchr
strrchr
_o__errno
_o__aligned_malloc
_o__aligned_free
__RTDynamicCast
_o___acrt_iob_func
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strncmp
memset
strcmp

coremessaging

CoreUICreate
CoreUICallCreateEndpointHost
CoreUICallSend
CoreUICallReceive

coreuicomponents

CoreUIFactoryCreate

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

ResetEvent
WaitForMultipleObjectsEx
CreateEventW
SleepEx
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
SetEvent
CreateEventExW
TryAcquireSRWLockShared
OpenEventW
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
EnterCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetErrorMode

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup
CloseThreadpoolWork
CloseThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
SetThreadpoolWait
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolWaitCallbacks

api-ms-win-core-processthreads-l1-1-0

CreateThread
SetThreadPriority
TerminateProcess
GetCurrentProcessId
QueueUserAPC
ResumeThread
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetProcessId
OpenProcessToken
ProcessIdToSessionId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

DuplicateHandle
SetHandleInformation
CloseHandle

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
InitializeConditionVariable
InitOnceComplete
WakeConditionVariable
InitOnceBeginInitialize
Sleep
WakeAllConditionVariable

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
VirtualProtect
VirtualQuery

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegGetValueA
RegGetValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLogicalProcessorInformationEx
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processthreads-l1-1-3

SetThreadIdealProcessor

api-ms-win-core-processtopology-obsolete-l1-1-0

SetThreadAffinityMask

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-file-l1-1-0

FindNextFileW
CreateFileW
WriteFile
GetTempFileNameW
CreateDirectoryW
DeleteFileW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
CreateFileA
SetFilePointerEx
GetFullPathNameW
FlushFileBuffers
FindClose
ReadFile

api-ms-win-core-file-l2-1-0

MoveFileExW
ReadDirectoryChangesW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-0

GetTempPathW
CreateFile2

api-ms-win-core-io-l1-1-1

CancelIo

ws2_32

sendto
socket
inet_ntoa
send
WSAStartup
setsockopt
WSACreateEvent
inet_pton
WSAGetLastError
recvfrom
closesocket
htons
recv
WSAEventSelect
GetHostNameW
ioctlsocket
inet_ntop
accept
__WSAFDIsSet
select
ntohs
getsockname
listen
bind
connect
FreeAddrInfoW
GetAddrInfoW
WSASocketW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime
VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptReleaseContext
CryptGenRandom

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAce
CopySid
IsValidSid
InitializeSecurityDescriptor
CheckTokenMembership
GetLengthSid
FreeSid
GetTokenInformation

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-core-memory-l1-1-1

CreateFileMappingFromApp
MapViewOfFileFromApp

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

dwrite

DWriteCreateFactory

dxgi

CreateDXGIFactory2

d3d11

CreateDirect3D11DeviceFromDXGIDevice
D3D11CreateDevice

d3d12

ord102
D3D12SerializeRootSignature
ord101

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-security-accesshlpr-l1-1-0

QueryTransientObjectSecurityDescriptor
FreeTransientObjectSecurityDescriptor

ntdll

NtAlpcConnectPort
NtAlpcCancelMessage
NtCompleteConnectPort
NtAlpcAcceptConnectPort
NtAlpcOpenSenderProcess
NtAlpcSendWaitReceivePort
AlpcGetMessageAttribute
NtAlpcCreatePort
RtlInitUnicodeString
DbgPrintEx
RtlGetDeviceFamilyInfoEnum
NtQueryInformationProcess
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData

api-ms-win-rtcore-ntuser-window-l1-1-0

IsWindow
KillTimer
GetWindowRect
SetTimer

api-ms-win-core-psm-app-l1-1-0

PsmRegisterAppStateChangeNotification
PsmUnregisterAppStateChangeNotification

api-ms-win-crt-time-l1-1-0

_time64
clock

api-ms-win-security-appcontainer-l1-1-0

GetAppContainerNamedObjectPath

api-ms-win-core-namedpipe-ansi-l1-1-0

WaitNamedPipeA

api-ms-win-core-io-l1-1-0

GetOverlappedResult

mfplat

MFCreateMediaType
MFCreateAttributes
MFShutdown
MFCreateWaveFormatExFromMFMediaType
MFStartup

mfreadwrite

MFCreateSourceReaderFromURL

xaudio2_9

ord2
ord1
ord6
ord5

Exports

Exports

CreateDebugOverlay
GetSharedWorldFactory

Sections

.text
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PROPAMAT/d3d10warp.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

113eae7f46ac04ade26e10c730a6e454

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:c6:d2:12:69:e5:10:78:7f:64:68:f7:68:02:0d:5f:f5:ad:ec:f2:64:ba:63:94:c0:2e:fd:59:9e:31:30:aa
Signer

Actual PE Digest

4f:c6:d2:12:69:e5:10:78:7f:64:68:f7:68:02:0d:5f:f5:ad:ec:f2:64:ba:63:94:c0:2e:fd:59:9e:31:30:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__splitpath_s
_o__stricmp
__intrinsic_setjmp
_o_abort
_o_acos
_o_asin
_o_atan
_o_atan2
_o_atoi
_o_calloc
_o_ceil
_o_cos
_o_cosh
_o_exp
_o_exp2
_o_fabs
_o_floor
_o_fmod
_o_free
_o_isalnum
_o_isalpha
_o_isdigit
_o_isprint
_o_log
_o_log10
_o_log2
_o_malloc
_o_mbstowcs_s
_o_modf
_o_pow
_o_powf
_o_qsort
_o_qsort_s
_o_sin
_o_sinh
_o_sqrt
_o_strcpy_s
_o_tan
_o_tanh
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
memchr
_o__fpclass
_o__get_osfhandle
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
__CxxFrameHandler3
wcsrchr
longjmp
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler4
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset
strncmp

ntdll

RtlAddGrowableFunctionTable
EtwEventRegister
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventUnregister
EtwEventWrite
RtlCreateServiceSid
RtlInitUnicodeString
RtlCaptureStackBackTrace
RtlDeleteGrowableFunctionTable

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore
ReleaseSRWLockShared
CreateEventW
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
CreateMutexExW
ReleaseMutex
AcquireSRWLockShared
DeleteCriticalSection
SetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventA
ResetEvent

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

CreateProcessA
GetCurrentProcess
TerminateProcess
OpenProcessToken
ExitThread
DeleteProcThreadAttributeList
TlsGetValue
TlsFree
OpenThreadToken
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
SwitchToThread
GetCurrentThreadId
GetCurrentProcessId
CreateThread
GetProcessTimes
GetProcessId
GetCurrentThread
ExitProcess
TlsAlloc
GetThreadPriority

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemDirectoryA
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
FlushInstructionCache
OpenProcess

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-memory-l1-1-0

VirtualProtect
CreateFileMappingW
MapViewOfFile
VirtualFree
VirtualFreeEx
VirtualAllocEx
VirtualAlloc
VirtualQueryEx
ReadProcessMemory
VirtualProtectEx
WriteProcessMemory
UnmapViewOfFile
VirtualQuery

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
GetConsoleScreenBufferInfo

api-ms-win-core-console-l1-1-0

GetConsoleMode

msvcp_win

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?uncaught_exception@std@@YA_NXZ
_Xtime_get_ticks
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPEADK@Z

api-ms-win-crt-math-l1-1-0

fminf
fmaxf
ceilf
floorf
sqrtf
_finite

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolWork
CloseThreadpool
SetThreadpoolThreadMinimum
CloseThreadpoolTimer
SetThreadpoolThreadMaximum
SetThreadpoolTimer
CreateThreadpool
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber

rpcrt4

RpcAsyncInitializeHandle
RpcBindingBind
RpcAsyncGetCallStatus
RpcExceptionFilter
RpcBindingCreateW
RpcBindingUnbind
RpcServerListen
RpcEpRegisterA
RpcServerRegisterIf3
RpcServerUseProtseqEpW
RpcBindingVectorFree
RpcServerUnregisterIf
RpcEpUnregister
RpcServerInqBindings
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcAsyncAbortCall
RpcAsyncCompleteCall
RpcServerTestCancel
RpcBindingFree
RpcRevertToSelf
RpcImpersonateClient
RpcServerInqCallAttributesA
NdrAsyncServerCall
NdrServerCallAll
Ndr64AsyncServerCallAll
NdrServerCall2
NdrClientCall3
Ndr64AsyncClientCall
RpcAsyncCancelCall

api-ms-win-core-wow64-l1-1-1

IsWow64Process2
GetSystemWow64Directory2A

api-ms-win-core-psapi-ansi-l1-1-0

K32GetModuleFileNameExA

api-ms-win-security-base-l1-1-0

GetLengthSid
InitializeAcl
GetTokenInformation
AddAccessAllowedAce

api-ms-win-security-sddl-ansi-l1-1-0

ConvertSidToStringSidA
ConvertStringSidToSidA

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoCreateGuid

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
ReadFile

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe
WaitNamedPipeW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventProviderEnabled
EventWriteTransfer
EventUnregister

api-ms-win-core-xstate-l2-1-0

GetEnabledXStateFeatures

api-ms-win-core-processthreads-l1-1-2

GetThreadInformation
SetThreadInformation

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

D3D11RefGetLastCreation
D3DLayerGetInterface
OpenAdapter
OpenAdapter10_2
OpenAdapter12
OpenDisplayAdapter1
QueryDListForApplication1
VSD3DDebugConnectionBuffer

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 847KB - Virtual size: 847KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PROPAMAT/mshtml.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

a1964081fa46daae3201398b60d0563a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

wcspbrk
strncpy_s
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
_initterm
tanf
_statusfp
_beginthreadex
fwprintf
_flushall
fclose
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__CxxFrameHandler3
malloc
free
realloc
strtoul
strpbrk
bsearch_s
modf
wcstod
wcstok_s
towlower
_wtoi64
_aligned_free
_aligned_malloc
_stricmp
iswgraph
_itoa_s
swprintf_s
bsearch
_finite
_wtoi
_isnan
_ui64tow_s
_wcstoui64
_wtof
iswalnum
iswdigit
iswalpha
_wcslwr_s
_i64tow_s
wcscat_s
_ultow_s
__C_specific_handler
qsort
wcscpy_s
_vsnprintf
_wcsupr
_wcslwr
tolower
wcsncpy_s
strstr
strchr
strncmp
wcsrchr
_wcsupr_s
_itow_s
abort
wcstol
wcsncmp
_wtol
_wcsnicmp
memmove_s
memcpy_s
_errno
wcstoul
rand_s
fflush
strnlen
wcscspn
wcstombs_s
towupper
iswlower
strrchr
_strnicmp
isalpha
isxdigit
isdigit
wcsncat_s
_fpclass
_mbsicmp
_mbscspn
_mbsspn
_mbsstr
isspace
_mbschr
_ismbcdigit
_mbscmp
iswcntrl
_ultoa_s
swscanf_s
_wcsrev
wcsspn
exit
fprintf
_fileno
_isatty
fwrite
atof
atoi
strtol
qsort_s
rand
sin
powf
memset
memmove
memcpy
wcsstr
_ltow
_ltow_s
_clearfp
_controlfp_s
iswascii
calloc
_resetstkoflw
_wcsicmp
wcsnlen
sinf
sqrt
sqrtf
strcmp
tan
_vsnprintf_s
wcschr
_vsnwprintf
__iob_func
iswspace
iswpunct
_purecall
_HUGE
_CxxThrowException
_setjmp
acosf
asinf
atan2
atan2f
ceil
ceilf
cos
cosf
floor
floorf
fmod
fmodf
memcmp
wcscmp

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameA
DebugBreak
GetProcAddress
IsDebuggerPresent
OutputDebugStringW
SetLastError
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
OpenSemaphoreW
QueryPerformanceCounter
GetProfileIntA
GlobalFree
GetTickCount
PowerSetRequest
PowerClearRequest
PowerCreateRequest
LoadLibraryExW
MulDiv
GetTickCount64
GetSystemTimeAsFileTime
CreateMutexExW
CreateSemaphoreExW
CreateThreadpoolTimer
WideCharToMultiByte
GlobalSize
GlobalLock
GlobalUnlock
IsDBCSLeadByteEx
MultiByteToWideChar
OpenProcess
GetCPInfo
GetSystemInfo
GetSystemDefaultLocaleName
GetUserDefaultLocaleName
GlobalMemoryStatusEx
FormatMessageW
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SubmitThreadpoolWork
GetFullPathNameW
SetFilePointer
WriteFile
ReadFile
GlobalAlloc
GetTempPathW
GetTempFileNameW
CreateFileW
GetFileSize
DeleteFileW
GetSystemTime
SystemTimeToFileTime
FindFirstFileW
FindClose
CopyFileW
GetFileType
WaitForMultipleObjectsEx
CreateEventExW
Sleep
ResolveLocaleName
GetLocaleInfoEx
GetUserGeoID
GetGeoInfoW
IsValidLocaleName
GetEnvironmentVariableW
SetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
CreateMutexW
GetFileAttributesW
InitOnceExecuteOnce
CompareStringEx
GetSystemTimeAdjustment
GetVersionExW
TrySubmitThreadpoolCallback
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
LoadLibraryW
ResumeThread
GetUserDefaultLCID
GetLocalTime
GetACP
LocaleNameToLCID
LCIDToLocaleName
GetUserDefaultUILanguage
IsValidCodePage
GetExitCodeThread
ResetEvent
lstrcmpiA
lstrcmpA
InitOnceInitialize
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
QueryDepthSList
CompareFileTime
TerminateThread
GetActiveProcessorCount
GetFileTime
DeleteFiber
SwitchToFiber
CreateFiber
ConvertThreadToFiber
ConvertFiberToThread
CompareStringOrdinal
SetEndOfFile
CreateFileMappingW
FlushViewOfFile
lstrcmpW
GetLocaleInfoW
GetDiskFreeSpaceW
FileTimeToSystemTime
CompareStringW
LCMapStringW
GetFileSizeEx
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetCurrentThread
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
SetThreadPreferredUILanguages
GetCommandLineW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
HeapSetInformation
GetStringTypeExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
SleepConditionVariableSRW
WaitForSingleObjectEx
WerGetFlags
WerSetFlags
InitializeCriticalSectionEx
ReleaseSemaphore
GetLastError
ReleaseMutex
RaiseException
InitializeSRWLock
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
FlsSetValue
HeapDestroy
MapViewOfFile
OpenFileMappingW
GetCurrentProcessId
HeapCreate
FlsAlloc
InitializeCriticalSection
TlsAlloc
AddAtomW
TlsSetValue
TlsGetValue
GetModuleFileNameW
LocalFree
LocalAlloc
FindAtomW
DeleteAtom
UnmapViewOfFile
TlsFree
FlsFree
RaiseFailFastException
GetModuleHandleW
DeleteCriticalSection
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetEvent
FreeLibrary
CreateThread
CreateEventW
GetModuleHandleExW
FreeLibraryAndExitThread
CloseHandle
WaitForSingleObject
GetCurrentProcess
ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx
QueueUserWorkItem
GlobalFlags
FindResourceExA
LocalSize
GlobalReAlloc
WTSGetActiveConsoleSessionId
LCMapStringEx
ResolveDelayLoadedAPI
DelayLoadFailureHook
QueryPerformanceFrequency

api-ms-win-downlevel-advapi32-l1-1-0

EventRegister
EventActivityIdControl
EventWrite
EventWriteTransfer
RegCreateKeyExW
RegSetValueExW
DuplicateTokenEx
EventWriteEx
OpenProcessToken
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegDeleteTreeW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
EventUnregister
CreateProcessAsUserW
OpenThreadToken
GetTokenInformation

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-downlevel-shlwapi-l1-1-0

StrStrIW
StrCmpNIA
IsInternetESCEnabled
PathCreateFromUrlW
PathQuoteSpacesW
StrChrNIW
StrCmpNICW
UrlEscapeW
UrlCombineW
StrCmpNIW
StrCmpICW
UrlUnescapeW
PathRemoveFileSpecW
HashData
StrCmpNCW
PathGetArgsW
StrCmpICA
StrStrA
PathRemoveBlanksW
UrlIsW
UrlCreateFromPathW
QISearch
StrChrW
PathStripPathW
StrCmpW
StrCpyNW
StrStrW
StrCmpCW
StrCmpNW
StrToIntExW
PathIsFileSpecW
ParseURLW
PathFileExistsW
StrTrimW
PathFindExtensionW
UrlGetLocationW
SHLoadIndirectString
StrPBrkW
PathIsRelativeW
PathGetCharTypeW
StrToInt64ExW
PathSearchAndQualifyW
PathUnquoteSpacesW
IsCharSpaceW
StrStrIA
StrCmpNICA
UrlApplySchemeW
PathIsURLW
StrToIntW
GetAcceptLanguagesW
StrChrA
UrlGetPartW
StrCmpCA
UrlCanonicalizeW
PathFindFileNameW
StrCmpIW
PathIsUNCW
StrCSpnW
PathGetDriveNumberW
StrDupW

api-ms-win-downlevel-user32-l1-1-0

CharLowerBuffW
CharLowerW
CharUpperW
CharNextW
LoadStringW
CharLowerA
IsCharAlphaNumericW
IsCharAlphaW

gdi32

DeleteDC
SetWorldTransform
SetGraphicsMode
CreateDIBSection
ExtTextOutW
SetTextAlign
GetTextColor
GetBkColor
SetStretchBltMode
StretchDIBits
SetDIBits
GetCurrentObject
GetClipRgn
ExtSelectClipRgn
SetBrushOrgEx
CreatePatternBrush
CreateBitmap
Ellipse
Polyline
Polygon
LineTo
MoveToEx
PatBlt
CreatePen
SetDCPenColor
ExtCreatePen
UnrealizeObject
SetBkMode
CreateHatchBrush
SetDCBrushColor
SetROP2
GetFontUnicodeRanges
GetGlyphOutlineW
GetCharWidthW
GetFontData
GetOutlineTextMetricsW
AddFontMemResourceEx
GetTextFaceW
RemoveFontMemResourceEx
StretchBlt
GdiFlush
Rectangle
CreateSolidBrush
GetTextCharsetInfo
TranslateCharsetInfo
ExtEscape
EndDoc
StartDocW
CreateEnhMetaFileW
CloseEnhMetaFile
GetEnhMetaFileW
EqualRgn
ExtCreateRegion
GetRegionData
OffsetViewportOrgEx
RealizePalette
SelectPalette
GetPaletteEntries
DeleteObject
SelectObject
GetObjectType
GetDeviceCaps
CreateRectRgn
BitBlt
GetPixel
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
GetRandomRgn
OffsetRgn
GetClipBox
SetViewportOrgEx
CombineRgn
GetRgnBox
RestoreDC
SaveDC
GetViewportOrgEx
CreatePolygonRgn
EnumFontFamiliesExW
EnumFontsW
CreateFontIndirectW
GetTextCharset
SelectClipRgn
DeleteMetaFile
CreateMetaFileW
SetMapMode
SetWindowOrgEx
SetWindowExtEx
CloseMetaFile
SetViewportExtEx
PlayMetaFile
GetWindowOrgEx
GetWindowExtEx
LPtoDP
SetTextColor
SetBkColor
GetStockObject
IntersectClipRect
GetTextMetricsW
GetTextExtentPoint32W
GetObjectW
GetDIBits
GetNearestPaletteIndex
EnumObjects
GetEnhMetaFileHeader
GetDIBColorTable
SetDIBColorTable
SetMetaFileBitsEx
SetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
DeleteEnhMetaFile
AbortDoc
StartPage
EndPage
CreateICW
CreateDCW

user32

CheckMenuRadioItem
CreatePopupMenu
AppendMenuW
GetMenuStringW
ToUnicodeEx
SubtractRect
UnionRect
MsgWaitForMultipleObjects
GetCaretBlinkTime
GetComboBoxInfo
DrawFocusRect
SendMessageA
ScrollDC
GetLayeredWindowAttributes
CreateCaret
DestroyCaret
SetCaretPos
GetLastInputInfo
EnumDisplaySettingsW
DisplayConfigGetDeviceInfo
GetDisplayConfigBufferSizes
RegisterClassW
GetWindowTextW
FindWindowW
GetLastActivePopup
DrawFrameControl
ShowCaret
HideCaret
GetCaretPos
GetKeyboardLayout
InsertMenuItemW
GetMenuItemInfoW
SetWindowsHookExW
PostThreadMessageW
GetSysColorBrush
IsDlgButtonChecked
CallWindowProcW
RemovePropW
GetUpdateRect
FindWindowExW
IsWindowVisible
CopyRect
CallNextHookEx
QueryDisplayConfig
InflateRect
GetUpdateRgn
InvalidateRgn
GetWindowDC
LockWindowUpdate
DestroyIcon
AdjustWindowRectEx
BringWindowToTop
GetSystemMenu
GetWindowLongA
SetWindowLongA
GetShellWindow
GetKeyboardLayoutList
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
RegisterClipboardFormatA
GetClassInfoExW
UnregisterClassW
GetDpiForSystem
LoadBitmapW
TrackPopupMenu
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
SetRect
GetKeyboardLayoutNameW
DestroyCursor
GetIconInfo
ChildWindowFromPoint
MessageBeep
UpdateLayeredWindow
GetClassInfoW
SetCursorPos
SetRectEmpty
GetWindowRgn
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
InSendMessage
SetMenuItemInfoW
ShowCursor
TrackPopupMenuEx
DestroyAcceleratorTable
TranslateAcceleratorW
AttachThreadInput
IsClipboardFormatAvailable
GetClipboardFormatNameW
GetWindowPlacement
GetWindowLongPtrA
GetTopWindow
RemoveMenu
MoveWindow
UnhookWindowsHookEx
UnregisterClassA
GetDlgItem
LoadIconW
SendDlgItemMessageW
LoadImageW
GetWindow
SetWindowLongPtrW
DefWindowProcW
PostMessageW
GetParent
SetActiveWindow
GetWindowLongPtrW
GetKeyState
GetWindowThreadProcessId
GetDCEx
ReleaseDC
RegisterClipboardFormatW
RegisterWindowMessageW
GetDoubleClickTime
IsWindow
DestroyWindow
GetClientRect
FillRect
AllowSetForegroundWindow
GetClassNameW
IsWinEventHookInstalled
NotifyWinEvent
SetTimer
GetDesktopWindow
TranslateMessage
MessageBoxW
DialogBoxParamW
SetWindowTextW
EndDialog
GetFocus
ValidateRect
SetCursor
LoadCursorW
SendMessageW
KillTimer
EnumChildWindows
IsIconic
GetAncestor
GetSystemMetrics
GetMessageExtraInfo
GetCursorInfo
ChildWindowFromPointEx
ScreenToClient
GetCursorPos
WindowFromPoint
IsChild
MapWindowPoints
GetAsyncKeyState
GetMenuState
InsertMenuW
DeleteMenu
LoadMenuW
GetSubMenu
EnableMenuItem
DestroyMenu
GetCapture
ReleaseCapture
IsWindowUnicode
UpdateWindow
EnableWindow
SendMessageTimeoutW
EnumWindows
GetSysColor
GetForegroundWindow
WinHelpW
SetDlgItemTextW
CheckDlgButton
GetDlgItemTextW
InSendMessageEx
ShowWindow
SetWindowPos
SetForegroundWindow
SetFocus
ClientToScreen
SystemParametersInfoW
MonitorFromWindow
GetActiveWindow
GetWindowRect
GetMessagePos
PtInRect
GetKeyboardState
MapVirtualKeyExW
ToAsciiEx
IsRectEmpty
IntersectRect
LoadAcceleratorsW
CopyAcceleratorTableW
VkKeyScanW
GetMenuItemCount
GetMenuItemID
CheckMenuItem
MonitorFromRect
GetMonitorInfoW
GetMessageW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
PostQuitMessage
MonitorFromPoint
GetDC
RedrawWindow
CreateAcceleratorTableW
OffsetRect
EqualRect
SetWindowRgn
SetPropW
SetParent
CreateWindowExW
SetLayeredWindowAttributes
SetCapture
GetWindowLongW
SetWindowLongW
IsWindowEnabled
GetCursor
LoadCursorA
GetPropW
InvalidateRect
ValidateRgn
BeginPaint
EndPaint
WindowFromDC
GetMessageTime
WaitMessage
RegisterClassExW

iertutil

ord32
ord764
ord209
ord690
ord19
ord21
ord775
CreateIUriBuilder
ord700
ord18
ord96
ord25
ord681
GetIUriPriv
ord820
ord26
CreateUriWithFragment
ord174
ord56
ord58
ord793
ord688
ord606
ord139
ord325
ord916
ord656
ord661
ord665
ord651
ord655
ord682
ord667
ord650
ord678
ord660
ord677
ord658
ord662
ord652
ord663
ord654
ord54
ord110
ord151
ord111
ord17
ord44
ord30
ord134
IntlPercentEncodeNormalize
ord466
ord597
ord594
ord792
ord177
ord603
ord779
ord781
ord774
ord765
ord138
ord607
ord281
ord282
ord35
ord42
GetPortFromUrlScheme
ord210
ord398
ord50
ord82
ord679
ord791
ord796
ord49
CreateUri
ord701
ord657
ord600
ord605

ntdll

NtQueryLicenseValue
NtCreateFile
RtlInitUnicodeString
NtQuerySystemInformation
RtlDllShutdownInProgress
NtClose

rpcrt4

RpcAsyncInitializeHandle
Ndr64AsyncClientCall
NdrClientCall3
RpcBindingCreateW
RpcBindingFree
RpcAsyncCancelCall
RpcAsyncCompleteCall
I_RpcExceptionFilter
UuidCreate
RpcBindingBind

api-ms-win-core-path-l1-1-0

PathCchAddBackslash
PathCchCanonicalize
PathCchAppend
PathCchCombine

sspicli

GetUserNameExW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
FlushFileBuffers
GetFileInformationByHandle
CreateDirectoryW
GetDiskFreeSpaceExW
GetFullPathNameA
GetFileAttributesExW
FileTimeToLocalFileTime
SetFilePointerEx
GetLongPathNameW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetLogicalProcessorInformation
GetVersionExA

api-ms-win-core-libraryloader-l1-2-0

LoadResource
SizeofResource
FindResourceExW
LockResource
LoadLibraryExA

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsA
GetStdHandle
SearchPathW

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx

api-ms-win-core-synch-l1-1-0

TryAcquireSRWLockExclusive
TryEnterCriticalSection
OpenEventW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx
DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMaximum
DisassociateCurrentThreadFromCallback
CloseThreadpool
CreateThreadpool

api-ms-win-core-handle-l1-1-0

DuplicateHandle

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
GetThreadPreferredUILanguages
GetSystemDefaultLCID
GetUserPreferredUILanguages
GetUserDefaultLangID
IsDBCSLeadByte

api-ms-win-core-string-l1-1-0

GetStringTypeW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualProtect
VirtualFree

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-core-com-l1-1-0

IIDFromString
ProgIDFromCLSID
CoGetStandardMarshal

api-ms-win-core-memory-l1-1-1

ResetWriteWatch
VirtualUnlock
GetWriteWatch

api-ms-win-core-string-l2-1-0

IsCharUpperW
IsCharLowerW
CharPrevW

api-ms-win-core-processthreads-l1-1-0

SuspendThread
SwitchToThread
GetProcessTimes
OpenThread
ProcessIdToSessionId
SetThreadPriority
GetProcessIdOfThread
GetProcessId

api-ms-win-core-heap-l1-1-0

HeapUnlock
HeapSize
HeapLock
HeapReAlloc

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetProductInfo

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-heap-l2-1-0

LocalReAlloc

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

api-ms-win-core-realtime-l1-1-0

QueryProcessCycleTime
QueryThreadCycleTime

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-datetime-l1-1-2

GetDurationFormatEx

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadsFromDll

winhttp

WinHttpGetIEProxyConfigForCurrentUser

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-processthreads-l1-1-1

GetThreadContext

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

kernelbase

EnumUILanguagesW
lstrlenW
lstrlenA
StrToIntA
OpenGlobalizationUserSettingsKey
GetSystemDefaultUILanguage
GetNumberFormatW

api-ms-win-downlevel-shell32-l1-1-0

CommandLineToArgvW

Exports

Exports

ClearPhishingFilterData
ConvertAndEscapePostData
CreateCoreWebView
CreateHTMLPropertyPage
DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
GetColorValueFromString
GetWebPlatformObject
IEIsXMLNSRegistered
IERegisterXMLNS
InitializeLocalHtmlEngine
MatchExactGetIDsOfNames
PrintHTML
RunHTMLApplication
ShowHTMLDialog
ShowHTMLDialogEx
ShowModalDialog
ShowModelessHTMLDialog
TravelLogCreateInstance
TravelLogStgCreateInstance
UninitializeLocalHtmlEngine

Sections

.text
Size: 15.8MB - Virtual size: 15.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 179KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 908KB - Virtual size: 907KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 538KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup.exe
.exe windows:6 windows x64 arch:x64

Password: 1234

ac28712de60df63f58b610d1b9874f49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHFileOperationW
SHGetFolderPathW

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateFileW
CreateProcessW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FindResourceA
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesW
GetFileSizeEx
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTempPathW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LoadResource
LockResource
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

Sections

.text
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

./7zip/7
Size: - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

./7zip/7
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

./7zip/7
Size: 11.8MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Templates/Hydrogen.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

b372ca9b03dc5769e17d5b119c6433bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp_win

??1_Lockit@std@@QEAA@XZ
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
??0_Lockit@std@@QEAA@H@Z
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_XGetLastError@std@@YAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?_Xbad_alloc@std@@YAXXZ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Cnd_broadcast
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Throw_C_error@std@@YAXH@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_wait
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
_Cnd_init_in_situ
_Mtx_init_in_situ
_Strcoll
_Cnd_destroy_in_situ
_Mtx_destroy_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_lock
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__strtod_l
_o__strtoi64_l
_o__strtoui64_l
_o__unlock_file
_o__wfopen
memmove
_o_atoi
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fputc
_o_fread
_o_free
_o_fseek
_o_fsetpos
_o_ftell
_o_fwrite
_o_isxdigit
_o_malloc
_o_mbstowcs_s
_o_nextafterf
_o_pow
_o_powf
_o_realloc
_o_roundf
_o_setvbuf
_o_strcpy_s
_o_strncpy_s
_o_strtod
_o_strtol
_o_strtoul
_o_terminate
_o_tolower
_o_ungetc
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
memcpy
strrchr
_o__execute_onexit_table
_o__errno
strchr
strstr
_o__fseeki64
_o__free_base
_o__crt_atexit
_o__create_locale
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__get_stream_buffer_pointers
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
__std_type_info_hash
__std_type_info_compare
__RTtypeid
__RTDynamicCast
memchr
memcmp

api-ms-win-crt-string-l1-1-0

memset
strcmp
strncmp

hrtfapo

ord1
ord2

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringLen
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateString

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateError
RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW
RoFailFastWithErrorContext

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoMarshalInterface
CoUnmarshalInterface
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-processthreads-l1-1-0

GetProcessId
CreateThread
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
ProcessIdToSessionId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-1-0

CreateEventExW
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
OpenEventW
TryAcquireSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockShared
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
InitializeCriticalSectionEx
ReleaseSemaphore
WaitForMultipleObjectsEx

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableCS
InitializeConditionVariable
InitOnceComplete
InitOnceExecuteOnce
Sleep

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoActivateInstance
RoGetActivationFactory
RoInitialize

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-file-l1-1-0

FindClose
FindNextFileW
FlushFileBuffers
SetFilePointerEx
GetFileAttributesExW
SetFileAttributesW
RemoveDirectoryW
CreateFileA
DeleteFileW
FindFirstFileExW
WriteFile
CreateDirectoryW
ReadFile

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetSystemTimePreciseAsFileTime

ws2_32

select
__WSAFDIsSet
accept
inet_ntop
ioctlsocket
GetHostNameW
getsockname
sendto
recvfrom
WSACreateEvent
WSAEventSelect
ntohs
listen
bind
connect
FreeAddrInfoW
GetAddrInfoW
setsockopt
WSAStartup
inet_pton
closesocket
socket
recv
htons
send
WSAGetLastError
inet_ntoa

mfplat

MFShutdown
MFStartup
MFCreateWaveFormatExFromMFMediaType
MFCreateMediaType
MFCreateAttributes

mfreadwrite

MFCreateSourceReaderFromURL

xaudio2_9

ord5
ord6
ord1
ord2

api-ms-win-core-registry-l1-1-0

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegGetValueW
RegCloseKey
RegQueryValueExA
RegGetValueA
RegOpenKeyExW

coremessaging

CoreUICallCreateEndpointHost
CoreUICallSend
CoreUICallReceive
CoreUICreate

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

FreeSid
InitializeSecurityDescriptor
EqualSid
GetTokenInformation
IsValidSid
CheckTokenMembership
AllocateAndInitializeSid
CopySid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl

api-ms-win-ro-typeresolution-l1-1-0

RoResolveNamespace

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile

api-ms-win-core-memory-l1-1-1

MapViewOfFileFromApp
CreateFileMappingFromApp

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolTimer
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolWaitCallbacks

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

dwrite

DWriteCreateFactory

dxgi

CreateDXGIFactory2

d3d11

D3D11CreateDevice
CreateDirect3D11DeviceFromDXGIDevice

d3d12

ord102
ord101
D3D12SerializeRootSignature

api-ms-win-security-provider-l1-1-0

GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo

api-ms-win-core-psm-app-l1-1-0

PsmRegisterAppStateChangeNotification
PsmUnregisterAppStateChangeNotification

ntdll

NtAlpcCancelMessage
NtCompleteConnectPort
NtAlpcAcceptConnectPort
NtAlpcOpenSenderProcess
NtAlpcCreatePort
RtlInitUnicodeString
RtlPublishWnfStateData
NtAlpcConnectPort
AlpcGetMessageAttribute
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
NtAlpcSendWaitReceivePort

api-ms-win-rtcore-ntuser-window-l1-1-0

KillTimer
SetTimer

api-ms-win-crt-time-l1-1-0

clock
_time64

api-ms-win-crt-math-l1-1-0

expf
fmodf
atanf
atan2f
log10f
modff
logf
cosf
_fdtest
tanf

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportUnhandledError

api-ms-win-security-provider-ansi-l1-1-0

SetEntriesInAclA
GetExplicitEntriesFromAclA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

rometadata

MetaDataGetDispenser

api-ms-win-security-appcontainer-l1-1-0

GetAppContainerNamedObjectPath

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe

api-ms-win-core-namedpipe-ansi-l1-1-0

WaitNamedPipeA

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-io-l1-1-1

CancelIo

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.7MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 628KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Templates/edgehtml.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

92dbd485a8f15640c0fff7b2a7c647e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

__mb_cur_max
?what@exception@@UEBAPEBDXZ
_strlwr_s
strcpy_s
wcstombs_s
strrchr
towupper
iswxdigit
_wcsdup
??8type_info@@QEBAHAEBV0@@Z
__crtCompareStringW
__crtCompareStringA
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
___lc_handle_func
setlocale
toupper
memcpy
memmove
___mb_cur_max_func
___lc_codepage_func
_ismbblead
ldexp
strcspn
??0bad_cast@@QEAA@PEBD@Z
localeconv
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
memset
__pctype_func
isupper
islower
_Getmonths
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_Gettnames
_Strftime
isspace
memchr
___lc_collate_cp_func
memcmp
sqrt
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
isdigit
isxdigit
isalpha
swscanf_s
iswspace
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__CxxFrameHandler3
wcsncat_s
_mbsicmp
_mbscspn
_mbsspn
_mbsstr
strchr
strtol
_mbschr
_ismbcdigit
strncpy_s
_mbscmp
calloc
mbstowcs
_ultoa_s
_resetstkoflw
iswascii
iswpunct
realloc
free
malloc
_controlfp_s
_errno
_set_errno
time
_wtoi64
_stricmp
towlower
wcstok_s
_wcsrev
_wcsupr
tolower
iswcntrl
_aligned_malloc
_aligned_free
_ltow
strncmp
_fpclass
fmod
floorf
floor
expf
exp
cosf
cos
_isnan
modf
abort
_i64tow_s
__ExceptionPtrCopy
__ExceptionPtrRethrow
__ExceptionPtrToBool
__ExceptionPtrDestroy
__ExceptionPtrCreate
sprintf_s
_wcsupr_s
_itow_s
_wcstoui64
_ui64tow_s
_wcslwr
_wcslwr_s
iswalnum
wcsrchr
wcstol
wcsncpy_s
wcsstr
wcscat_s
wcscpy_s
vswprintf_s
isalnum
wcstod
wcstoul
qsort
bsearch_s
qsort_s
iswalpha
iswdigit
_finite
_ltow_s
_ultow_s
wcsnlen
_wtol
swprintf_s
bsearch
_wtof
_wtoi
wcsncmp
_wcsnicmp
wcschr
tanf
??1type_info@@UEAA@XZ
_vsnprintf
_onexit
__dllonexit
_unlock
_lock
_wcsicmp
fmodf
__C_specific_handler
??0exception@@QEAA@AEBQEBD@Z
_vsnwprintf
memcpy_s
_purecall
iswprint
_statusfp
_clearfp
iswlower
strtoul
wcsspn
wcscspn
fwrite
strnlen
wcstok
__uncaught_exception
memmove_s
tan
sqrtf
sinf
sin
log
powf
log10f
logf
_HUGE
_Getdays
_CxxThrowException
pow
strstr
__iob_func
acos
acosf
asin
asinf
atan
atan2
atan2f
atanf
ceil
ceilf
wcscmp

chakra

RecyclerNativeHeapRootAddRef
RecyclerNativeHeapAllocTraced
RecyclerNativeHeapAllocTracedFinalized
JsVarToExtension
RecyclerNativeHeapCollectGarbageInThread
JsCreateThreadService
MemProtectHeapRootAlloc
RecyclerNativeHeapGetRealAddressFromInterior
MemProtectHeapCreate
RecyclerNativeHeapCreateWeakReference
RecyclerNativeHeapGetStrongReference
RecyclerNativeHeapAddExternalMemoryUsage
RecyclerNativeHeapRootRelease
JsDiscardBackgroundParse
MemProtectHeapNotifyCurrentThreadDetach
MemProtectHeapUnrootAndZero
MemProtectHeapDestroy
MemProtectHeapSynchronizeWithCollector
MemProtectHeapUnprotectCurrentThread
MemProtectHeapReportHeapSize
MemProtectHeapProtectCurrentThread
MemProtectHeapDisableCollection
MemProtectHeapRootRealloc
JsQueueBackgroundParse

iertutil

ord151
ord79
ord110
ord600
ord681
ord134
ord178
ord177
ord792
ord325
ord793
ord57
ord682
ord111
ord700
ord701
ord791
ord910
ord870
ord58
CreateUri
ord56
CreateIUriBuilder
ord911
ord690
ord139
ord138
CreateUriWithFragment
ord85
ord74
ord102
ord174
ord466
ord82
ord76
ord49
ord688
ord661
ord651
ord655
ord657
ord650
ord678
ord653
ord660
ord677
ord658
ord652
ord663
ord654
ord163
ord597
ord594
ord26
ord820
ord795
ord398
ord796
ord209
ord32
GetIUriPriv
GetPortFromUrlScheme
ord81

ntdll

NtPowerInformation
RtlReleaseSRWLockExclusive
NtQueryInformationProcess
NtQuerySystemInformation
RtlAcquireSRWLockExclusive
RtlNtStatusToDosError
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlDllShutdownInProgress
VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetSuiteMask
NtClose

winhttp

WinHttpGetIEProxyConfigForCurrentUser

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
LoadStringW
FreeLibrary
SizeofResource
LockResource
LoadLibraryExA
FindResourceExW
LoadResource
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak
OutputDebugStringA

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventActivityIdControl
EventSetInformation
EventWriteEx
EventWriteTransfer
EventWrite
EventProviderEnabled

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
WaitForSingleObject
CreateEventExW
ReleaseSemaphore
AcquireSRWLockShared
OpenSemaphoreW
ResetEvent
InitializeSRWLock
SetEvent
CreateEventW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
OpenEventW
WaitForMultipleObjectsEx
CreateMutexW
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
AcquireSRWLockExclusive

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
SetErrorMode
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
TerminateProcess
CreateProcessW
CreateThread
GetCurrentThread
GetCurrentProcess
OpenProcessToken
GetThreadPriority
ResumeThread
OpenThread
CreateProcessAsUserW
SetThreadPriority
GetCurrentProcessId
GetProcessIdOfThread
GetProcessId
TlsAlloc
TlsSetValue
TlsGetValue
GetExitCodeProcess
TlsFree
GetProcessTimes
ExitProcess
OpenThreadToken
GetCurrentThreadId
QueueUserAPC

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetUserDefaultLocaleName
IsValidLocaleName
GetLocaleInfoEx
SetThreadPreferredUILanguages
LocaleNameToLCID
GetUserDefaultLangID
GetCPInfo
GetGeoInfoW
GetUserGeoID
IsValidCodePage
GetUserDefaultLCID
GetSystemDefaultLCID
FormatMessageW
ResolveLocaleName
IsDBCSLeadByteEx
IsDBCSLeadByte
GetACP
LCMapStringEx
GetThreadUILanguage

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapAlloc
GetProcessHeap
HeapFree
HeapSetInformation
HeapDestroy

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsSetValue
FlsAlloc

api-ms-win-core-memory-l1-1-0

FlushViewOfFile
VirtualFree
VirtualProtect
VirtualQuery
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualAlloc
MapViewOfFileEx
OpenFileMappingW

api-ms-win-core-atoms-l1-1-0

FindAtomW
AddAtomW
DeleteAtom

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemWindowsDirectoryW
GetLocalTime
GetTickCount64
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetLogicalProcessorInformation
GetVersionExA
GetSystemTimeAdjustment
GlobalMemoryStatusEx
GetVersionExW
GetSystemInfo

api-ms-win-core-synch-l1-2-0

WaitOnAddress
InitOnceExecuteOnce
InitOnceComplete
Sleep
InitOnceInitialize
SleepConditionVariableSRW
WakeAllConditionVariable
WakeByAddressAll
SleepConditionVariableCS
InitializeConditionVariable
InitOnceBeginInitialize

api-ms-win-core-path-l1-1-0

PathCchCanonicalizeEx
PathCchAddExtension
PathCchCombine
PathCchAppendEx
PathCchCanonicalize
PathCchRemoveExtension
PathCchAppend
PathAllocCombine
PathCchCombineEx

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCW
SHExpandEnvironmentStringsW
PathGetDriveNumberW
IsCharSpaceW
PathUnquoteSpacesW
PathSearchAndQualifyW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathGetCharTypeW
PathFindExtensionW
PathIsFileSpecW
PathIsRelativeW
PathMatchSpecW
PathStripPathW

api-ms-win-core-file-l1-1-0

ReadFile
FileTimeToLocalFileTime
FindNextFileW
CreateFileW
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationW
GetFileAttributesW
CompareFileTime
RemoveDirectoryW
SetFileAttributesW
SetFilePointerEx
GetFileSize
FindClose
FindFirstFileW
GetFullPathNameW
SetFilePointer
GetDiskFreeSpaceExW
CreateDirectoryW
GetLongPathNameW
GetFileTime
GetFullPathNameA
GetFileAttributesExW
GetFileType
GetFileSizeEx
FindFirstFileExW
WriteFile
GetTempFileNameW
SetEndOfFile
DeleteFileW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpICW
StrStrIA
StrStrA
StrDupW
QISearch
StrCmpNICW
StrCSpnW
StrCmpW
StrRStrIW
StrToIntA
StrCmpIW
StrTrimW
StrChrNW
StrStrW
StrToInt64ExW
StrToIntW
StrToIntExW
StrCmpCW
StrStrIW
StrChrW
StrChrNIW
StrCmpICA
StrCmpNICA
StrCmpNCW
StrCmpNW
StrCmpNIW
StrChrA
StrPBrkW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
GetMonitorInfoW
EnumDisplaySettingsW
SystemParametersInfoW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
GetComputerNameW
RegisterWaitForSingleObject

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWorkCallbacks
TrySubmitThreadpoolCallback
CloseThreadpoolWork
SetThreadpoolTimer
CreateThreadpool
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpoolTimer
CloseThreadpool
CloseThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer
CallbackMayRunLong
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup
SetThreadpoolWait
CloseThreadpoolCleanupGroupMembers

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerW
CharUpperW
IsCharAlphaNumericW
CharLowerBuffW

api-ms-win-core-url-l1-1-0

UrlUnescapeW
UrlApplySchemeW
UrlCanonicalizeW
UrlGetLocationW
UrlCombineW
HashData
UrlEscapeW
ParseURLW
PathCreateFromUrlW
GetAcceptLanguagesW
UrlGetPartW
UrlIsW
UrlIsNoHistoryW
PathIsURLW
UrlCreateFromPathW

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName
GetSystemDefaultLocaleName

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerCreateRequest
VerifyVersionInfoW
PowerClearRequest

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess

api-ms-win-security-base-l1-1-0

IsValidSid
GetLengthSid
InitializeAcl
GetTokenInformation
AddAccessAllowedAce
GetSidSubAuthorityCount
GetSidSubAuthority
DuplicateTokenEx
CopySid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree
GlobalFree
GlobalAlloc

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW
LoadLibraryA

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteTreeW
RegOpenKeyExA
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpA
lstrcmpW
lstrcmpiW
lstrlenW

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringEx
MultiByteToWideChar
CompareStringOrdinal
CompareStringW
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalFlags
GlobalUnlock
LocalSize
GlobalSize
GlobalReAlloc

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

GetClipboardFormatNameW
RegisterClipboardFormatA
IsClipboardFormatAvailable
SetClipboardData
RegisterClipboardFormatW
CloseClipboard
EmptyClipboard
OpenClipboard

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
CreateActCtxW
ActivateActCtx
DeactivateActCtx

api-ms-win-rtcore-ole32-clipboard-l1-1-0

OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard

api-ms-win-rtcore-ntuser-draw-l1-1-0

RedrawWindow

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

RegisterPowerSettingNotification
UnregisterPowerSettingNotification

api-ms-win-security-isolatedcontainer-l1-1-0

IsProcessInIsolatedContainer

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-ntuser-rectangle-l1-1-0

PtInRect
IsRectEmpty
IntersectRect
SetRect

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetCurrentDirectoryW

api-ms-win-core-privateprofile-l1-1-0

GetProfileIntA
WritePrivateProfileStringW
GetProfileIntW

api-ms-win-core-com-private-l1-1-0

CoRegisterInitializeSpy
CoRegisterMessageFilter
CoRevokeInitializeSpy

rpcrt4

RpcStringFreeW
UuidCreate
I_RpcExceptionFilter
RpcBindingBind
NdrAsyncServerCall
Ndr64AsyncServerCallAll
RpcBindingCreateW
RpcServerUnregisterIf
RpcMgmtStopServerListening
UuidToStringW
RpcBindingFree
RpcStringFreeA
RpcBindingVectorFree
RpcEpRegisterNoReplaceW
RpcExceptionFilter
RpcServerInqBindingsEx
RpcServerRegisterIf3
RpcServerUseProtseqEpW
I_RpcBindingInqLocalClientPID
RpcServerInqBindingHandle
RpcAsyncInitializeHandle
RpcStringBindingComposeA
RpcAsyncCompleteCall
UuidFromStringW
NdrClientCall3
RpcBindingSetAuthInfoA
Ndr64AsyncClientCall
RpcBindingFromStringBindingA
RpcAsyncCancelCall

api-ms-win-core-file-l1-2-0

GetTempPathW
CreateFile2

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-mm-time-l1-1-0

timeEndPeriod
timeBeginPeriod

api-ms-win-core-job-l1-1-0

IsProcessInJob

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetSystemTimePreciseAsFileTime

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
MoveFileExW

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPopEntrySList
QueryDepthSList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-fibers-l2-1-0

DeleteFiber
ConvertThreadToFiber
CreateFiber
SwitchToFiber
ConvertFiberToThread

api-ms-win-core-marshal-l1-1-0

CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
HWND_UserUnmarshal
CLIPFORMAT_UserUnmarshal
HWND_UserSize
HWND_UserMarshal64
CLIPFORMAT_UserFree
HWND_UserUnmarshal64
HWND_UserSize64
CLIPFORMAT_UserUnmarshal64
HWND_UserFree64
HWND_UserFree
CLIPFORMAT_UserSize64
CLIPFORMAT_UserFree64
HWND_UserMarshal
CLIPFORMAT_UserMarshal64

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerFrameTouchInfo
GetCurrentInputMessageSource
GetPointerInfo
GetPointerFrameInfoHistory

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetNumberFormatW
GetSystemDefaultUILanguage
EnumUILanguagesW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-registry-l2-1-0

RegEnumKeyW

api-ms-win-shlwapi-winrt-storage-l1-1-1

IUnknown_GetWindow
StrRetToBufW

api-ms-win-core-realtime-l1-1-0

QueryProcessCycleTime
QueryThreadCycleTime

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-interlocked-l1-2-0

InterlockedPushListSListEx

api-ms-win-shell-namespace-l1-1-0

ILFindLastID
ILFree
SHBindToParent

api-ms-win-core-stringansi-l1-1-0

CharLowerA

api-ms-win-security-cryptoapi-l1-1-0

CryptGenRandom
CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptContextAddRef

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
ResolveDelayLoadsFromDll

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation
SetThreadDescription

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

rometadata

MetaDataGetDispenser

api-ms-win-base-util-l1-1-0

IsTextUnicode

api-ms-win-ole32-ie-l1-1-0

OleRun
CoInitialize
ReleaseStgMedium
CreateBindCtx

kernelbase

OpenGlobalizationUserSettingsKey

rmclient

HamDisconnectForExtendedExecution
HamAddDependency
HamConnectForExtendedExecution

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

api-ms-win-core-localization-ansi-l1-1-0

GetStringTypeExA

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-memory-l1-1-1

VirtualUnlock

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-windowserrorreporting-l1-1-0

WerUnregisterMemoryBlock
WerRegisterMemoryBlock

Exports

Exports

CIGTestHookLoadLibraryWorkerThread
ClearPhishingFilterData
ClearTemporaryWebDataAsync
ConvertAndEscapePostData
CreateCoreWebView
CreateDiagnosticsToolObject
CreateHTMLPropertyPage
DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
Fetch_CreateOriginAgnosticFetch
GetColorValueFromString
GetWebPlatformObject
InitializeLocalHtmlEngine
MatchExactGetIDsOfNames
ShowHTMLDialog
ShowHTMLDialogEx
ShowModalDialog
ShowModelessHTMLDialog
Streams_CreateByteChunk
Streams_CreateDefaultSizedByteChunk
Streams_CreateDefaultSizedWideCharChunk
Streams_CreateReadableStream
Streams_CreateReadableStreamFromFileHandle
Streams_CreateReadableStreamFromFilePath
Streams_CreateWideCharChunk
Streams_CreateWritableStream
TravelLogCreateInstance
UninitializeLocalHtmlEngine

Sections

.text
Size: 17.5MB - Virtual size: 17.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 636KB - Virtual size: 635KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

824cffff2cbdd76a3d842387b66e90ec

Headers

DLL Characteristics

File Characteristics

Imports

msvcp_win

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

coremessaging

coreuicomponents

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-file-l1-2-0

api-ms-win-core-io-l1-1-1

ws2_32

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-shcore-stream-winrt-l1-1-0

api-ms-win-core-memory-l1-1-1

api-ms-win-core-featurestaging-l1-1-0

dwrite

dxgi

d3d11

d3d12

api-ms-win-core-string-l1-1-0

api-ms-win-security-accesshlpr-l1-1-0

ntdll

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-core-psm-app-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-security-appcontainer-l1-1-0

api-ms-win-core-namedpipe-ansi-l1-1-0

api-ms-win-core-io-l1-1-0

mfplat

mfreadwrite

xaudio2_9

Exports

Exports

Sections

.text
Size: 11.3MB - Virtual size: 11.3MB

.rdata
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 1.7MB - Virtual size: 1.8MB

.pdata
Size: 333KB - Virtual size: 332KB

.didat
Size: 512B - Virtual size: 312B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 517KB - Virtual size: 517KB

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

4f:c6:d2:12:69:e5:10:78:7f:64:68:f7:68:02:0d:5f:f5:ad:ec:f2:64:ba:63:94:c0:2e:fd:59:9e:31:30:aa
Signer