Setuр[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setuр.rar
Size

22.3MB
MD5

fc1ef274b20c1346c3d9ac22c5f6e824
SHA1

bf6cb4123d71ea1a10682d95e00824b38a379e10
SHA256

629e3c89c341554921c0d4638f5bade49ecc285322bcaaac7e876175982d9a4c
SHA512

8c828a09aa8cb1e9761f91d44002be9060d0172be548b7b963bd17e93cd6da0d241690de226fd70888ddcc9bf56574f6391125e6210c6b895b911ea78a3eb8e7
SSDEEP

393216:KTF+HL+ftDqIge0Kw56Eb/0uz2bZ90zfp2pa82GlS+0ss1QJJNsXZ0kApl9PpQ7o:MsrMdqPQEb/0u+Pkhyb2mSrss1QJJNsa

Score

9^/10

infostealer_generic

Malware Config

Signatures

Find unpacked information stealer based on possible SQL query to retrieve broswer data 1 IoCs

Detects infostealer.

infostealer_generic

resource	yara_rule
static1/unpack001/Setuр/x64/browserexport.exe	infostealer_generic_browser_sql

Unsigned PE 60 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setuр/libs/XInputUap.dll
unpack001/Setuр/libs/XpsDocumentTargetPrint.dll
unpack001/Setuр/libs/XpsGdiConverter.dll
unpack001/Setuр/libs/XpsPrint.dll
unpack001/Setuр/libs/xmlfilter.dll
unpack001/Setuр/libs/xmlprovi.dll
unpack001/Setuр/libs/xolehlp.dll
unpack001/Setuр/x64/BTAGService.dll
unpack001/Setuр/x64/BluetoothApis.dll
unpack001/Setuр/x64/BluetoothDesktopHandlers.dll
unpack001/Setuр/x64/BootMenuUX.dll
unpack001/Setuр/x64/BrokerLib.dll
unpack001/Setuр/x64/BrowserSettingSync.dll
unpack001/Setuр/x64/BthAvctpSvc.dll
unpack001/Setuр/x64/BthAvrcp.dll
unpack001/Setuр/x64/BthAvrcpAppSvc.dll
unpack001/Setuр/x64/WinFax.dll
unpack001/Setuр/x64/WinHvEmulation.dll
unpack001/Setuр/x64/WinHvPlatform.dll
unpack001/Setuр/x64/WinMsoIrmProtector.dll
unpack001/Setuр/x64/WinOpcIrmProtector.dll
unpack001/Setuр/x64/Windows.WARP.JITService.exe
unpack001/Setuр/x64/Windows.Web.Diagnostics.dll
unpack001/Setuр/x64/Windows.Web.Http.dll
unpack001/Setuр/x64/Windows.Web.dll
unpack001/Setuр/x64/WindowsActionDialog.exe
unpack001/Setuр/x64/WindowsCodecsExt.dll
unpack001/Setuр/x64/WindowsDefaultHeatProcessor.dll
unpack001/Setuр/x64/WindowsInternal.ComposableShell.ComposerFramework.dll
unpack001/Setuр/x64/WindowsInternal.ComposableShell.DesktopHosting.dll
unpack001/Setuр/x64/WindowsInternal.Shell.CompUiActivation.dll
unpack001/Setuр/x64/WindowsIoTCsp.dll
unpack001/Setuр/x64/WindowsUpdateElevatedInstaller.exe
unpack001/Setuр/x64/Winlangdb.dll
unpack001/Setuр/x64/blbres.dll
unpack001/Setuр/x64/bnmanager.dll
unpack001/Setuр/x64/bootcfg.exe
unpack001/Setuр/x64/bootim.exe
unpack001/Setuр/x64/bootux.dll
unpack001/Setuр/x64/bridgeres.dll
unpack001/Setuр/x64/bridgeunattend.exe
unpack001/Setuр/x64/browcli.dll
unpack001/Setuр/x64/browserexport.exe
unpack001/Setuр/x64/browseui.dll
unpack001/Setuр/x64/windowslivelogin.dll
unpack001/Setuр/x64/windowsperformancerecordercontrol.dll
unpack001/Setuр/x64/windowsudk.shellcommon.dll
unpack001/Setuр/x64/winethc.dll
unpack001/Setuр/x64/winhttpcom.dll
unpack001/Setuр/x64/wininet.dll
unpack001/Setuр/x64/wininetlui.dll
unpack001/Setuр/x64/winipcfile.dll
unpack001/Setuр/x64/winipcsecproc.dll
unpack001/Setuр/x64/winipsec.dll
unpack001/Setuр/x64/winjson.dll
unpack001/Setuр/x64/winlogon.exe
unpack001/Setuр/x64/winlogonext.dll
unpack001/Setuр/x64/winml.dll
unpack001/Setuр/x64/winmsipc.dll
unpack001/Setuр/x64/winnlsres.dll

Files

Setuр.rar
.rar

Password: 2023
Setuр/Setup.exe
.exe windows:4 windows x64 arch:x64

Password: 2023

671e5013d47799d1ae091c24607c92b4

Code Sign

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/05/2023, 19:03

Not After

08/05/2024, 19:03

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b0:5b:c2:e7:52:58:24:23:e8:2d:69:e2:38:69:14:74:9c:21:05:75:91:dc:b2:fa:c3:c6:c9:4b:f3:95:56:fb
Signer

Actual PE Digest

b0:5b:c2:e7:52:58:24:23:e8:2d:69:e2:38:69:14:74:9c:21:05:75:91:dc:b2:fa:c3:c6:c9:4b:f3:95:56:fb

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount64
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fmode
_fstat64
_initterm
_ismbblead
_lseeki64
_onexit
_read
_setjmp
_strdup
_time64
_ultoa
_wfopen
_wfopen_s
_write
abort
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getenv
getwc
iswctype
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
rand
realloc
setlocale
setvbuf
signal
srand
strcat
strchr
strcmp
strcoll
strerror
strftime
strlen
strncmp
strtoul
strxfrm
towlower
towupper
ungetwc
ungetc
vfprintf
wcscat_s
wcscoll
wcscpy_s
wcsftime
wcslen
wcsxfrm

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 544KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 978B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/libs/XInputUap.dll
.dll windows:10 windows x64 arch:x64

Password: 2023

ba5cafa611966aacf9d4221b03f1679e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
malloc
free
__C_specific_handler
_XcptFilter
_purecall
_onexit
__CxxFrameHandler3
_lock
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
_unlock
_amsg_exit
__dllonexit
memcpy_s
_vsnwprintf
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
CreateMutexExW
WaitForSingleObjectEx
LeaveCriticalSection
ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection
OpenSemaphoreW
InitializeCriticalSectionEx
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

Exports

Exports

DllMain
XInputEnable
XInputGetAudioDeviceIds
XInputGetBatteryInformation
XInputGetCapabilities
XInputGetKeystroke
XInputGetState
XInputSetState

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/libs/XpsDocumentTargetPrint.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2023

462d18eea38c83f5e26842c54a4a845c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

srand
memmove_s
??0exception@@QEAA@AEBQEBDH@Z
rand
time
wcscpy_s
memcmp
memcpy
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
malloc
_XcptFilter
_CxxThrowException
_wcsicmp
_callnewh
swprintf_s
strncmp
??1type_info@@UEAA@XZ
wcsrchr
_vsnprintf
strcspn
localeconv
sprintf_s
_strtoi64
_strtoui64
ldiv
_errno
__pctype_func
___lc_handle_func
___lc_codepage_func
__mb_cur_max
setlocale
__uncaught_exception
__crtGetStringTypeW
__crtLCMapStringW
isupper
__crtLCMapStringA
___mb_cur_max_func
islower
isspace
tolower
memchr
abort
isalnum
isdigit
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
_purecall
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
SetEvent
WaitForSingleObject
CreateSemaphoreExW
LeaveCriticalSection
InitializeCriticalSection
CreateEventW
InitializeCriticalSectionAndSpinCount
ReleaseMutex
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
InitializeCriticalSectionEx
ReleaseSRWLockShared
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventWrite
EventUnregister
EventRegister
EventEnabled
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetProcessTimes

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstanceEx
CoGetMalloc
CoUninitialize
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemAlloc
CoCreateGuid
StringFromCLSID
CoInitializeEx

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolWork
CloseThreadpoolTimer
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree

oleaut32

SetErrorInfo
SysAllocStringLen
SysAllocString
VariantInit
SysFreeString
VariantClear
SysStringLen

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

rpcrt4

NdrDllGetClassObject
NdrDllUnregisterProxy
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
NdrDllRegisterProxy
NdrOleFree
IUnknown_Release_Proxy
NdrOleAllocate
NdrCStdStubBuffer2_Release
IUnknown_QueryInterface_Proxy
NdrStubCall3
RpcServerInqCallAttributesW
UuidCreateSequential
UuidToStringW
RpcStringFreeW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileAttributesW
DeleteFileW
WriteFile

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

WinSqmIncrementDWORD
NtQueryInformationToken
WinSqmIsOptedIn
RtlNtStatusToDosError
RtlGetAppContainerSidType
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockShared
RtlInitializeSRWLock
RtlAcquireSRWLockShared

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-shlwapi-ie-l1-1-0

PathIsDirectoryW

xpsservices

ord9
ord8

combase

CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerRelease
ord4
CStdStubBuffer_Disconnect
ord6
CStdStubBuffer2_Disconnect
ord32
ord33
CStdStubBuffer_QueryInterface
ord2
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer2_CountRefs
CStdStubBuffer_Invoke
CStdStubBuffer2_Connect
CStdStubBuffer_Connect
ord3
CStdStubBuffer_IsIIDSupported
ord34
CStdStubBuffer2_QueryInterface
ord35
CStdStubBuffer_CountRefs

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

xmllite

CreateXmlReader

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/libs/XpsGdiConverter.dll
.dll windows:10 windows x64 arch:x64

Password: 2023

7d229aee6f417a0016cbdfcdcc0ba99b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

powf
sin
_XcptFilter
??8type_info@@QEBAHAEBV0@@Z
fmodf
floorf
floor
cos
ceilf
ceil
memmove
memcpy
??0exception@@QEAA@AEBQEBD@Z
rand
srand
_vsnprintf_s
??0exception@@QEAA@XZ
_purecall
memcmp
_vsnwprintf
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_amsg_exit
_initterm
__C_specific_handler
??1type_info@@UEAA@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
sqrt
_callnewh
_unlock
atan
memcpy_s
memset
wcsnlen
_lock
malloc
free
acosf
asinf
sqrtf

kernel32

InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
SleepConditionVariableSRW
WakeAllConditionVariable
VirtualQuery
FreeLibrary
LoadLibraryW
InitOnceComplete
InitOnceBeginInitialize
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetSystemDefaultLCID
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
GetSystemInfo
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
DisableThreadLibraryCalls
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
QueryPerformanceFrequency
VerifyVersionInfoW
VerSetConditionMask
GetCurrentProcessId
GetTickCount64

user32

FillRect

gdi32

CreateSolidBrush
SetMiterLimit
ExtCreatePen
GetMiterLimit
GetPolyFillMode
FillPath
BeginPath
PolyDraw
SelectClipPath
SetPolyFillMode
CreateRectRgn
EndPath
LineTo
SelectClipRgn
MoveToEx
GetTextMetricsW
ExtTextOutW
SaveDC
ModifyWorldTransform
StartPage
CreateDIBSection
CreateCompatibleDC
SetGraphicsMode
AbortDoc
EndDoc
GdiFlush
ResetDCW
StretchDIBits
CreateDCW
GetStockObject
GetDeviceCaps
DeleteDC
ExtEscape
SetStretchBltMode
RestoreDC
StartDocW
EndPage
SetWorldTransform
AddFontMemResourceEx
SelectObject
GetTextFaceW
GetTextAlign
SetTextColor
GetTextColor
DeleteObject
RemoveFontMemResourceEx
CreateFontIndirectW
SetTextAlign
SetBkMode

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
VariantInit

shlwapi

PathIsRelativeW

shell32

SHGetKnownFolderPath

prntvpt

ord4
ord2
ord10
ord8
ord1

advapi32

RegQueryValueExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
EventWrite
EventWriteTransfer
EventSetInformation
EventEnabled
EventRegister
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags
EventUnregister

d3d11

D3D11CreateDevice

d2d1

ord5
ord1

dwrite

DWriteCreateFactory

Sections

.text
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/libs/XpsPrint.dll
.dll windows:10 windows x64 arch:x64

Password: 2023

6eca595c8c82f810b21eb481ad76799c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

tolower
_amsg_exit
_initterm
islower
_wsetlocale
__crtLCMapStringA
__crtLCMapStringW
_wcsdup
memchr
ldexp
__C_specific_handler
?terminate@@YAXXZ
abort
__dllonexit
_onexit
___mb_cur_max_func
_vsnwprintf
memcpy_s
??3@YAXPEAX@Z
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__CxxFrameHandler3
_vsnprintf_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_XcptFilter
memcmp
isalnum
isdigit
??0exception@@QEAA@AEBQEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
memset
calloc
___lc_codepage_func
___lc_handle_func
isupper
__pctype_func
__uncaught_exception
setlocale
_unlock
_lock
_errno
wcsrchr
_vsnprintf
_finite
_vsnwprintf_l
wcstod
_isnan
memmove
memcpy
_CxxThrowException
_callnewh
strncmp
swprintf_s
_wtof
ldiv
malloc
memmove_s
wcscpy_s
??1type_info@@UEAA@XZ
??_V@YAXPEAX@Z
_wcsicmp
sprintf_s
isspace
free
localeconv
strcspn
??0bad_cast@@QEAA@AEBV0@@Z
_ismbblead

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibraryAndExitThread
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
FreeLibrary

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSRWLockExclusive
SetEvent
InitializeCriticalSection
InitializeCriticalSectionEx
CreateEventW
DeleteCriticalSection
ReleaseSRWLockShared
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
EnterCriticalSection
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx
ResetEvent
AcquireSRWLockExclusive
ReleaseMutex
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventEnabled
EventWrite

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
SetThreadToken
ResumeThread
GetCurrentThread
OpenThreadToken
CreateThread
ExitProcess
GetCurrentThreadId
GetCurrentProcess
GetProcessTimes
TlsSetValue
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateGuid
CoCreateInstanceEx
CoSetProxyBlanket
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
CoGetMalloc
CoUninitialize
StringFromCLSID
CoTaskMemAlloc

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceBeginInitialize
InitOnceComplete
Sleep
SleepConditionVariableSRW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree

oleaut32

VariantInit
SysAllocStringLen
SysStringLen
VariantClear
SetErrorInfo
SysFreeString
SysAllocString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

SetFilePointer
CreateFileW
GetFileAttributesW
FindNextFileW
FlushFileBuffers
FindFirstFileW
WriteFile
DeleteFileW
FindClose
ReadFile
CreateDirectoryW
SetFilePointerEx
SetEndOfFile

api-ms-win-security-base-l1-1-0

GetTokenInformation

rpcrt4

UuidCreateSequential
UuidToStringW
RpcServerInqCallAttributesW
RpcStringFreeW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

RtlReleaseSRWLockShared
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
WinSqmIncrementDWORD
NtQueryInformationToken
RtlNtStatusToDosError
RtlGetAppContainerSidType
RtlAcquireSRWLockShared
WinSqmIsOptedIn

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-shlwapi-ie-l1-1-0

PathIsDirectoryW

xpsservices

ord8
ord9

winspool.drv

ord361
ord362
GetPrintExecutionData

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

urlmon

CreateUri

xmllite

CreateXmlReader

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
UnregisterWaitEx
QueueUserWorkItem

Exports

Exports

StartXpsPrintJob
StartXpsPrintJob1

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/libs/xmlfilter.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2023

9c6c869862163d621c2d7c68bc01df4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
_lock
_unlock
__dllonexit
_wcsnicmp
_onexit
_callnewh
wcscat_s
memmove
__C_specific_handler
iswspace
_purecall
free
malloc
_CxxThrowException
realloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memcpy
wcsncpy_s
_errno
__CxxFrameHandler3
?terminate@@YAXXZ
wcscpy_s
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
_initterm
memset

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
SizeofResource
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleFileNameW
LoadResource

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSection
ReleaseMutex
CreateEventExW
WaitForSingleObjectEx
OpenSemaphoreW
DeleteCriticalSection
CreateSemaphoreExW
SetEvent
WaitForSingleObject
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantClear
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
SysFreeString

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExA
GetTickCount

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/libs/xmllite.dll
.dll windows:10 windows x64 arch:x64

Password: 2023

d2e0f3f026362c9bf4ba56fa26b36d50

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:01:74:45:90:a8:77:4f:3c:2a:45:ca:4e:47:8f:6a:4b:42:bb:2e:a7:06:d1:fd:8a:8b:f2:e6:a8:08:fc:c0
Signer

Actual PE Digest

a9:01:74:45:90:a8:77:4f:3c:2a:45:ca:4e:47:8f:6a:4b:42:bb:2e:a7:06:d1:fd:8a:8b:f2:e6:a8:08:fc:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Imports

msvcrt

_purecall
_callnewh
__C_specific_handler
_initterm
malloc
_XcptFilter
memmove
free
_amsg_exit
_vsnwprintf
memcmp
memcpy
memset

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

GetCPInfo

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-memory-l1-1-0

VirtualQuery

Exports

Exports

CreateXmlReader
CreateXmlReaderInputWithEncodingCodePage
CreateXmlReaderInputWithEncodingName
CreateXmlWriter
CreateXmlWriterOutputWithEncodingCodePage
CreateXmlWriterOutputWithEncodingName

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/libs/xmlprovi.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2023

24d8349f9b6586bff7025b9e2cce6bac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

wcschr
__C_specific_handler
memcpy

msvcrt

free
malloc
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
__CxxFrameHandler3
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ

atl

ord22
ord30
ord18
ord15
ord21
ord16
ord23
ord32

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
lstrlenA
MultiByteToWideChar
lstrlenW
InitializeCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
TerminateProcess
GetCurrentProcess

rtutils

TracePrintfA
TraceDeregisterW
TraceRegisterExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/libs/xolehlp.dll
.dll windows:10 windows x64 arch:x64

8c66b484e9dcdd20cbcb519baff6097e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExA
RegQueryValueExW

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
LockResource
GetProcAddress
GetModuleHandleA
LoadStringW
LoadLibraryExA
FreeLibrary
LoadLibraryExW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CoGetObjectContext
CoCreateInstance

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

msvcrt

_wfopen
strchr
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
??1type_info@@UEAA@XZ
??1exception@@UEAA@XZ
_onexit
__dllonexit
_CxxThrowException
_local_unwind
?terminate@@YAXXZ
memcmp
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memcpy
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
malloc
free
_vsnprintf
fopen
fflush
fclose
fprintf
fwprintf
__CxxFrameHandler3
_vsnwprintf
_wcsicmp
_stricmp
mbstowcs
wcsrchr
_purecall
_waccess
wcscpy_s
_ultow
memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlReportException
RtlCaptureContext
RtlNtStatusToDosError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TlsFree
TlsGetValue
GetCurrentThreadId
TlsAlloc
GetCurrentProcessId
GetCurrentProcess
GetExitCodeProcess
CreateProcessW
OpenProcessToken
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryA
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetLocalTime

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

SetFileAttributesW
DeleteFileW
CreateFileW
GetFullPathNameW
FindNextFileW
FindFirstFileW
FindClose
CreateDirectoryW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-synch-l1-1-0

ResetEvent
InitializeCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
SetEvent
CreateEventA
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

kernel32

UnregisterWaitEx
QueueUserWorkItem

Exports

Exports

DtcGetTransactionManager
DtcGetTransactionManagerC
DtcGetTransactionManagerEx
DtcGetTransactionManagerExA
DtcGetTransactionManagerExW
FreezeLocalTransactionManagers
GetDtcLocaleResourceHandle
ThawLocalTransactionManagers

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/BOOTVID.DLL
.dll windows:10 windows x64 arch:x64

174830160c3729cf56cae35b0101c7d5

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:96:2e:73:94:17:21:70:77:88:8f:56:1d:0a:2e:3a:9b:de:18:6f:1a:d0:f6:df:48:1a:e3:f0:6e:85:b5:9b
Signer

Actual PE Digest

38:96:2e:73:94:17:21:70:77:88:8f:56:1d:0a:2e:3a:9b:de:18:6f:1a:d0:f6:df:48:1a:e3:f0:6e:85:b5:9b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

MmMapIoSpaceEx
HalPrivateDispatchTable
MmUnmapIoSpace

Exports

Exports

VidBitBlt
VidBitBltEx
VidBufferToScreenBlt
VidCleanUp
VidDisplayString
VidDisplayStringXY
VidInitialize
VidResetDisplay
VidScreenToBufferBlt
VidSetScrollRegion
VidSetTextColor
VidSolidColorFill

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 366B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/BTAGService.dll
.dll windows:10 windows x64 arch:x64

b6827caa2b996e9bc9c5eab92c561d75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp_win

?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPEBD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__strnicmp
_o__wcsnicmp
_o__wtoi
memmove
_o__wtol
_o_bsearch
_o_free
_o_isdigit
_o_isprint
_o_isspace
_o_iswdigit
_o_malloc
_o_qsort
_o_realloc
_o_strcat_s
_o_strtok
_o_strtol
_o_strtoul
_o_terminate
_o_toupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o___stdio_common_vswprintf
_o__execute_onexit_table
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o__errno
_o___stdio_common_vsprintf
wcsstr
wcschr
_o_atoi
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strstr
strchr
_o__configure_narrow_argv
__std_type_info_compare
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
memcpy
memcmp

api-ms-win-crt-string-l1-1-0

strncmp
wcsncmp
strnlen
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
LoadResource
FreeLibrary
LockResource
FindResourceExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
InitializeSRWLock
ResetEvent
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
SetEvent
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
CreateEventExW
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
CreateEventW
EnterCriticalSection
CreateSemaphoreExW
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolWait
SetThreadpoolTimer
TrySubmitThreadpoolCallback
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWork
SetThreadpoolTimerEx
SubmitThreadpoolWork
CreateThreadpoolWait
CloseThreadpoolCleanupGroupMembers
WaitForThreadpoolWorkCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
OpenThreadToken
TerminateProcess
CreateThread
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoAddRefServerProcess
CoRevertToSelf
CreateStreamOnHGlobal
CoMarshalInterface
CoSetProxyBlanket
CoTaskMemRealloc
CoIncrementMTAUsage
CoTaskMemAlloc
CoDisconnectObject
CoDisconnectContext
CoResumeClassObjects
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoReleaseMarshalData
CoRegisterClassObject
CoRevokeClassObject
CoGetMalloc
CoReleaseServerProcess
CoCreateGuid
CoImpersonateClient
CoDecrementMTAUsage

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventProviderEnabled
EventSetInformation

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
RoOriginateError
GetRestrictedErrorInfo
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoRegisterActivationFactories
RoRevokeActivationFactories
RoInitialize

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
HSTRING_UserUnmarshal64
HSTRING_UserUnmarshal
HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsDuplicateString

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait
RegisterWaitForSingleObject

api-ms-win-core-synch-l1-2-0

WaitOnAddress
Sleep
InitOnceExecuteOnce
WakeByAddressAll

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

combase

ord66
ord168
ord68
ord67

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

rpcrt4

CStdStubBuffer_Invoke
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer2_Release
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
NdrStubCall3
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
NdrDllGetClassObject
NdrDllCanUnloadNow

api-ms-win-core-com-midlproxystub-l1-1-0

NdrProxyForwardingFunction5
CStdStubBuffer2_Connect
NdrProxyForwardingFunction4
ObjectStublessClient22
ObjectStublessClient19
ObjectStublessClient6
CStdStubBuffer2_QueryInterface
ObjectStublessClient13
ObjectStublessClient8
CStdStubBuffer2_CountRefs
CStdStubBuffer2_Disconnect
ObjectStublessClient24
ObjectStublessClient23
ObjectStublessClient12
ObjectStublessClient9
ObjectStublessClient15
NdrProxyForwardingFunction3
ObjectStublessClient26
ObjectStublessClient20
ObjectStublessClient18
ObjectStublessClient7
ObjectStublessClient27
ObjectStublessClient17
ObjectStublessClient14
ObjectStublessClient10
ObjectStublessClient3
ObjectStublessClient11
ObjectStublessClient16
ObjectStublessClient21
ObjectStublessClient25

api-ms-win-security-base-l1-1-0

ImpersonateSelf
DuplicateTokenEx
GetSidSubAuthority
RevertToSelf
GetSidSubAuthorityCount
CopySid
GetLengthSid
IsValidSid
GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
RoOriginateLanguageException

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

ws2_32

WSAStartup
WSAGetLastError
WSACleanup
WSALookupServiceEnd
connect
WSASocketW
bind
getsockname
getpeername
setsockopt
listen
WSAEventSelect
WSAEnumNetworkEvents
accept
closesocket
WSARecv
recv
send
WSALookupServiceNextW
WSAAddressToStringW
WSALookupServiceBeginW
WSASetServiceW
WSACreateEvent
WSASend
WSASetEvent
WSAGetOverlappedResult

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegNotifyChangeKeyValue
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

CancelIoEx
DeviceIoControl
GetOverlappedResult

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
NtQuerySystemInformation
RtlInitUnicodeString
RtlQueryPackageIdentity
NtQueryWnfStateData
NtQueryInformationToken
RtlConvertSidToUnicodeString
RtlPublishWnfStateData
EtwTraceMessage
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlSubscribeWnfStateChangeNotification

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties
DevFindProperty
DevGetObjectProperties
DevGetObjects
DevFreeObjects
DevCreateObjectQuery
DevCloseObjectQuery

api-ms-win-security-capability-l1-1-0

CapabilityCheck
RpcClientCapabilityCheck

api-ms-win-shcore-stream-l1-1-0

IStream_Write

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
UnregisterWaitEx
QueueUserWorkItem
DeleteTimerQueueTimer

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

callhistoryclient

UdmCreateDataSession
UdmCreateSyncCallbackHandler

pimstore

FindMatchingContactEx

phoneom

PhoneRemoveListener
PhoneAPIInitialize
PhoneGetLines
PhoneGetDefaultOutgoingLine
PhoneGetProviderLineServiceInfo
PhoneGetProviderLineInfo
PhoneGetState
PhoneFreeCallInfo
PhoneAddListener
PhoneDial
PhoneEnd
PhoneAcceptIncomingEx
PhoneRejectIncoming
PhoneSetHold
PhonePrivate
PhoneDropAccept
PhoneConference
PhoneSwap
PhoneSendDTMF
PhoneIsActionAvailable
PhoneAPIUninitialize

bcrypt

BCryptCreateHash
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Register_Notification
CM_Get_Device_Interface_PropertyW
CM_MapCrToWin32Err

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

devobj

DevObjGetClassDevs
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail
DevObjCreateDeviceInfoList

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

oleaut32

SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/BluetoothApis.dll
.dll windows:10 windows x64 arch:x64

80b20b2e5999a4d3296c31be629bac1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
memcpy
memmove
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__dllonexit
_amsg_exit
?what@exception@@UEBAPEBDXZ
wcstombs
_onexit
memcmp
_vsnprintf_s
wcsncmp
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__CxxFrameHandler3
_wcsicmp
_XcptFilter
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
swscanf
free
malloc
__C_specific_handler
??0exception@@QEAA@AEBQEBD@Z
_unlock
_initterm
_lock
memset

ntdll

RtlCompareMemory
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlUnicodeToUTF8N

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadLocale

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateEventW
SetEvent
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
CreateMutexExW
ReleaseSemaphore
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateEventExW
ReleaseSRWLockShared

rpcrt4

RpcBindingSetAuthInfoExW
NdrClientCall3
RpcBindingFromStringBindingW
RpcBindingFree
RpcBindingUnbind
RpcStringFreeW
RpcBindingBind
RpcBindingCreateW
RpcStringBindingComposeW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-com-l1-1-0

CLSIDFromString
StringFromGUID2
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeEx

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

oleaut32

SysAllocString
SysFreeString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW
PathFileExistsW

devobj

DevObjGetClassDevs
DevObjOpenDevRegKey
DevObjCreateDeviceInfoList
DevObjEnumDeviceInfo
DevObjDestroyDeviceInfoList
DevObjUninstallDevice
DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail
DevObjGetDeviceInstanceId

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWorkCallbacks
CloseThreadpoolCleanupGroup
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Unregister_Notification

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BluetoothAddressToString
BluetoothDisconnectDevice
BluetoothEnableDiscovery
BluetoothEnableIncomingConnections
BluetoothEnumerateInstalledServices
BluetoothEnumerateInstalledServicesEx
BluetoothEnumerateLocalServices
BluetoothFindBrowseGroupClose
BluetoothFindClassIdClose
BluetoothFindDeviceClose
BluetoothFindFirstBrowseGroup
BluetoothFindFirstClassId
BluetoothFindFirstDevice
BluetoothFindFirstProfileDescriptor
BluetoothFindFirstProtocolDescriptorStack
BluetoothFindFirstProtocolEntry
BluetoothFindFirstRadio
BluetoothFindFirstService
BluetoothFindFirstServiceEx
BluetoothFindNextBrowseGroup
BluetoothFindNextClassId
BluetoothFindNextDevice
BluetoothFindNextProfileDescriptor
BluetoothFindNextProtocolDescriptorStack
BluetoothFindNextProtocolEntry
BluetoothFindNextRadio
BluetoothFindNextService
BluetoothFindProfileDescriptorClose
BluetoothFindProtocolDescriptorStackClose
BluetoothFindProtocolEntryClose
BluetoothFindRadioClose
BluetoothFindServiceClose
BluetoothGATTAbortReliableWrite
BluetoothGATTBeginReliableWrite
BluetoothGATTEndReliableWrite
BluetoothGATTGetCharacteristicValue
BluetoothGATTGetCharacteristics
BluetoothGATTGetDescriptorValue
BluetoothGATTGetDescriptors
BluetoothGATTGetIncludedServices
BluetoothGATTGetServices
BluetoothGATTRegisterEvent
BluetoothGATTSetCharacteristicValue
BluetoothGATTSetDescriptorValue
BluetoothGATTUnregisterEvent
BluetoothGetDeviceInfo
BluetoothGetLocalServiceInfo
BluetoothGetRadioInfo
BluetoothGetServicePnpInstance
BluetoothIsConnectable
BluetoothIsDiscoverable
BluetoothIsVersionAvailable
BluetoothRegisterForAuthentication
BluetoothRegisterForAuthenticationEx
BluetoothRemoveDevice
BluetoothSdpEnumAttributes
BluetoothSdpGetAttributeValue
BluetoothSdpGetContainerElementData
BluetoothSdpGetElementData
BluetoothSdpGetString
BluetoothSendAuthenticationResponse
BluetoothSendAuthenticationResponseEx
BluetoothSetLocalServiceInfo
BluetoothSetServiceState
BluetoothSetServiceStateEx
BluetoothUnregisterAuthentication
BluetoothUpdateDeviceRecord
BthpCheckForUnsupportedGuid
BthpCleanupBRDeviceNode
BthpCleanupDeviceLocalServices
BthpCleanupDeviceRemoteServices
BthpCleanupLEDeviceNodes
BthpEnableA2DPIfPresent
BthpEnableAllServices
BthpEnableConnectableAndDiscoverable
BthpEnableRadioSoftware
BthpFindPnpInfo
BthpGATTCloseSession
BthpInnerRecord
BthpIsBluetoothServiceRunning
BthpIsConnectableByDefault
BthpIsDiscoverable
BthpIsDiscoverableByDefault
BthpIsRadioSoftwareEnabled
BthpIsTopOfServiceGroup
BthpMapStatusToErr
BthpNextRecord
BthpRegisterForAuthentication
BthpSetServiceState
BthpSetServiceStateEx
BthpTranspose16Bits
BthpTranspose32Bits
BthpTransposeAndExtendBytes
DllCanUnloadNow
FindNextOpenVCOMPort
InstallIncomingComPort
ShouldForceAuthentication

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/BluetoothDesktopHandlers.dll
.dll windows:10 windows x64 arch:x64

bc6f2fb06806d537e61ddf304b9b96f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
_XcptFilter
_amsg_exit
__dllonexit
_purecall
_unlock
memmove
bsearch_s
_vsnprintf_s
__CxxFrameHandler3
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
free
malloc
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
_initterm
__C_specific_handler
?terminate@@YAXXZ
??_V@YAXPEAX@Z
_lock
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
OpenSemaphoreW
CreateMutexExW
WaitForSingleObjectEx
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
CreateThread
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoUninitialize

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetSetting

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/BluetoothPairingSystemToastIcon.contrast-black.png
.png
Setuр/x64/BluetoothPairingSystemToastIcon.contrast-high.png
.png
Setuр/x64/BluetoothPairingSystemToastIcon.contrast-white.png
.png
Setuр/x64/BluetoothPairingSystemToastIcon.png
.png
Setuр/x64/BluetoothSystemToastIcon.contrast-white.png
.png
Setuр/x64/BluetoothSystemToastIcon.png
.png
Setuр/x64/BootMenuUX.dll
.dll windows:10 windows x64 arch:x64

44c73f92a16eef085a6b46c9d89f485c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

wcsrchr
_errno
wcschr
memcpy_s
wcstoul
?terminate@@YAXXZ
memcmp
memcpy
memmove
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_vsnwprintf
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
qsort_s
_wcsicmp
_wcsnicmp
memset

ntdll

NtSetInformationFile
RtlReAllocateHeap
DbgPrintEx
NtYieldExecution
RtlRaiseStatus
RtlInitAnsiString
RtlUnicodeStringToAnsiString
ZwOpenKey
ZwClose
ZwQueryValueKey
ZwEnumerateKey
RtlpNtQueryValueKey
RtlCopyUnicodeString
RtlAppendUnicodeToString
ZwQueryKey
RtlFreeHeap
RtlReleasePrivilege
RtlAcquirePrivilege
RtlAdjustPrivilege
RtlAllocateHeap
RtlInitUnicodeString
RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlpSetPreferredUILanguages
NtShutdownSystem

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
PropVariantClear

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegUnLoadKeyW
RegLoadKeyW

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemInfo
GetWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
CompareStringEx

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId

api-ms-win-core-firmware-l1-1-0

GetFirmwareEnvironmentVariableW
SetFirmwareEnvironmentVariableW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FreeLibrary
LoadLibraryExA
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-registry-l2-1-0

RegEnumKeyW

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages
GetLocaleInfoEx
GetThreadPreferredUILanguages
LocaleNameToLCID

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
EnterCriticalSection
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockExclusive
CreateMutexExW
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
ReleaseSemaphore
DeleteCriticalSection
WaitForSingleObject
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
SetEvent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

bootux

ord2
ord4
ord6
ord7
ord8

reagent

WinReGetCustomization
WinReGetConfig
WinReRestoreLogFiles
WinReSetRecoveryAction
WinReQueueRecoveryBoot

bcd

BcdSetElementData
BcdOpenSystemStore
BcdCloseStore
BcdGetElementData
BcdQueryObject
BcdCloseObject
BcdOpenObject

user32

GetKeyboardLayoutNameW
SystemParametersInfoW
SetSysColors
GetKeyboardLayout

uxtheme

ord95

crypt32

CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CryptDecodeObjectEx
CryptBinaryToStringW
CertDuplicateCertificateContext
CertFreeCertificateContext
CertFindExtension

wdscore

ConstructPartialMsgVW
CurrentIP
WdsSetupLogMessageW

bcrypt

BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptEncrypt
BCryptDecrypt
BCryptHashData
BCryptSetProperty
BCryptCreateHash
BCryptGenerateSymmetricKey
BCryptGetProperty

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-file-l1-1-0

FindClose
DeleteFileW
GetFileInformationByHandle
SetFileInformationByHandle
SetFileAttributesW
GetFinalPathNameByHandleW
FindNextFileW
CompareFileTime
GetLongPathNameW
CreateDirectoryW
GetFullPathNameW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetFileAttributesW
CreateFileW
GetVolumePathNameW
GetFileSize
ReadFile
FindFirstFileW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-localization-obsolete-l1-2-0

EnumUILanguagesW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-eventing-controller-l1-1-0

ControlTraceW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
CopyFileExW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

cryptsp

SystemFunction031
SystemFunction007
SystemFunction027

Exports

Exports

CreateAdvancedOptionsButton
CreateAdvancedRecoveryToolsButtonCollection
CreateAdvancedStartupButton
CreateAdvancedStartupLaunchPage
CreateBareMetalRecoveryButton
CreateBasicResetFinalChecksPage
CreateBasicResetLandingPage
CreateBasicSystemResetButton
CreateBasicSystemResetLaunchPage
CreateBitlockerLandingPage
CreateBlackWallpaperButton
CreateBootableDeviceButtonCollection
CreateBootableOSButtonCollection
CreateCSRTFinalPage
CreateClearWallpaperPage
CreateCloudRecoveryButton
CreateDefaultOSButton
CreateDefaultOSButtonCollection
CreateDefaultOSListButton
CreateDeviceListButton
CreateDirectFactoryResetButton
CreateDownloadCloudPBRConfirmButton
CreateFactoryResetFinalChecksPage
CreateFactoryResetLandingPage
CreateFactorySystemResetButton
CreateFactorySystemResetLaunchPage
CreateFirmwareSettingsButton
CreateFiveMinuteTimeoutAction
CreateFiveSecondTimeoutAction
CreateFlightRemovalConfirmButton
CreateFlightRemovalProgressPage
CreateKeyboardLayoutButtonCollection
CreateLanguageButtonCollection
CreateOSListButton
CreateOneMinuteTimeoutAction
CreatePBRCancelButton
CreatePBRFactoryResetKeepPackagesButton
CreatePBRFactoryResetNotKeepPackagesButton
CreatePBRFinalPage
CreatePBRResetButtonCollection
CreatePBRResetPage
CreatePBRUsePayloadButton
CreatePBRUseReconstructionButton
CreatePBRfactoryResetAllVolumesButton
CreatePBRfactoryResetBareMetalDisabled
CreatePBRfactoryResetBareMetalEnabled
CreatePBRfactoryResetCancelOperationButton
CreatePBRfactoryResetContinueChecksButton
CreatePBRfactoryResetDataEraseDisabled
CreatePBRfactoryResetDataEraseEnabled
CreatePBRfactoryResetOsOnlyButton
CreatePasswordButton
CreatePasswordPage
CreatePayloadWiFiNetworksCollection
CreateRecoveryToolsListButton
CreateRestartButton
CreateSelectOSPage
CreateSetWallpaperPage
CreateShutdownButton
CreateSkippableSelectOSPage
CreateTenSecondTimeoutAction
CreateThirtySecondTimeoutAction
CreateTopLevelRecoveryToolsButtonCollection
CreateTopLevelRecoveryToolsPage
CreateUninstallPage
CreateUninstallQualityUpdateConfirmButton
CreateUninstallToolsButtonCollection
CreateUserNameButtonCollection
CreateUserSelectionPage
CreateWiFiConnectButton
CreateWiFiInitPage
CreateWiFiNetworkButtonCollection
CreateWinReSkipPage
CreateWinReTargetOSButtonCollection
CreateWinReTargetOSPage
CreateZeroSecondTimeoutAction
InitializePasswordDatabase
InitializeSRTSyncInterface
InitializeSyncInterface
UtilBcdCloseSystemStore
UtilGetCurrentKeyboardLayout

Sections

.text
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/BrokerLib.dll
.dll windows:10 windows x64 arch:x64

906c3cfa764430717e3dc81ac923b50a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

__C_specific_handler
_initterm
??1type_info@@UEAA@XZ
memcpy_s
free
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
malloc
_unlock
__dllonexit
_onexit
memmove
memcpy
memcmp
__CxxFrameHandler3
wcsnlen
??0exception@@QEAA@AEBQEBDH@Z
_purecall
memmove_s
??0exception@@QEAA@AEBV0@@Z
?terminate@@YAXXZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??3@YAXPEAX@Z
_vsnprintf_s
_lock
toupper
_vsnwprintf
memset

ntdll

RtlLookupFunctionEntry
NtUpdateWnfStateData
ZwUpdateWnfStateData
TpSetWait
RtlRbInsertNodeEx
TpReleaseWait
NtQueryInformationProcess
TpSetWaitEx
RtlRunOnceExecuteOnce
NtDuplicateObject
RtlRbRemoveNode
TpAllocWait
TpWaitForWait
RtlValidSid
RtlCaptureContext
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlWaitForWnfMetaNotification
RtlInitializeSidEx
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
NtQueryInformationToken
RtlSetDaclSecurityDescriptor
NtCreateWnfStateName
RtlVirtualUnwind
RtlLengthSecurityDescriptor
NtQueryWnfStateData
RtlInitUnicodeString
RtlQueryPackageIdentity
RtlPublishWnfStateData
RtlNtStatusToDosErrorNoTeb
RtlEqualSid
RtlStringFromGUIDEx
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlFreeHeap
RtlInitUnicodeStringEx
NtClose
RtlLengthSid
NtOpenKey
NtDeleteWnfStateName
RtlSubscribeWnfStateChangeNotification
RtlInitializeSRWLock
RtlAllocateHeap
RtlUnsubscribeWnfStateChangeNotification
RtlNtStatusToDosError
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlSetOwnerSecurityDescriptor

api-ms-win-security-base-l1-1-0

GetLengthSid
CreateWellKnownSid
GetTokenInformation
IsValidSid

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle

api-ms-win-core-string-l1-1-0

CompareStringEx

rpcrt4

RpcServerUnregisterIfEx
RpcBindingVectorFree
RpcObjectSetType
I_RpcBindingInqLocalClientPID
RpcServerUseProtseqW
RpcServerRegisterIf3
RpcServerInqCallAttributesW
NdrServerCallAll
NdrServerCall2
RpcBindingInqObject
UuidIsNil
RpcImpersonateClient
RpcRevertToSelf
RpcEpUnregister
RpcEpRegisterW
RpcServerInqBindings

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
TerminateProcess
GetCurrentThread

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

WaitOnAddress
Sleep
WakeByAddressAll

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnterCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
CreateSemaphoreExW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BrBufferFree
BrCheckCallerCapabilities
BrCheckCallerCapabilities2
BrCheckCallerIsAppContainer
BrCreateBrokerInstance
BrCreateBrokerInstance2
BrCreateBrokeredEvent
BrCreateBrokeredEvent2
BrDecQuota
BrDeleteBrokerInstance
BrDeleteBrokeredEvent
BrDeleteBrokeredEvent2
BrFindBrokeredEvent
BrFindBrokeredEvent2
BrGetBrokeredAppState
BrGetBrokeredAppState2
BrGetBrokeredAppStateName
BrGetBrokeredEventInfo2
BrGetBrokeredEventState
BrGetPackageFullNameForBrokeredEvent
BrGetQuota
BrIncQuota
BrInitializeBrokerInstance
BrInitializeBrokerInstance2
BrLockBroker
BrQueryBrokeredApplicationState
BrQueryBrokeredEvents
BrQueryBrokeredEvents2
BrRegisterBrokeredEvent
BrRegisterStateChangeCallbacks
BrSendActivatorControl
BrSetBrokeredAppStateName
BrSignalBrokerEvent
BrSignalBrokerEvent2
BrSignalBrokerEvent2Ex
BrUnlockBroker
BrUnregisterBrokeredEvent

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/BrowserSettingSync.dll
.dll windows:10 windows x64 arch:x64

245ac8a46b28aaf2764b9a1ee9653c70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
memmove_s
realloc
??1type_info@@UEAA@XZ
malloc
_XcptFilter
_purecall
_amsg_exit
_lock
_initterm
__CxxFrameHandler3
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
__dllonexit
__C_specific_handler
_unlock
free
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
?terminate@@YAXXZ
wcstok_s
iswalnum
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
memset

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-stream-l1-1-0

SHOpenRegStream2W
IStream_Copy
SHCreateMemStream
IStream_Write
IStream_Read
IStream_Size
IStream_Reset

shlwapi

PathRelativePathToW
ord187
ord219
ord600
AssocGetPerceivedType
UrlEscapeW
ord599
StrChrW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateMutexExW
AcquireSRWLockShared
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
InitializeSRWLock
AcquireSRWLockExclusive
InitializeCriticalSectionEx
WaitForSingleObject
OpenSemaphoreW
ReleaseSRWLockShared
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
CreateProcessW
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-path-l1-1-0

PathCchCombine
PathAllocCanonicalize

api-ms-win-core-file-l1-1-0

FindFirstFileW
CompareFileTime
FindNextFileW
RemoveDirectoryW
FindClose

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegDeleteKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

sspicli

GetUserNameExW

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/BthAvctpSvc.dll
.dll windows:10 windows x64 arch:x64

35de41bb80a62bb405adde5c09a274d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp_win

??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
__std_type_info_compare
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
ResetEvent
CreateEventExW
ReleaseMutex
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
ReleaseSemaphore
EnterCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
CreateSemaphoreExW
CreateEventW
SetEvent
OpenSemaphoreW
InitializeSRWLock
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CloseThreadpoolWork
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CreateThreadpoolWait
TrySubmitThreadpoolCallback
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateThread
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

CStdStubBuffer_Connect
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
NdrDllCanUnloadNow
CStdStubBuffer_Disconnect
NdrCStdStubBuffer_Release
IUnknown_AddRef_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
IUnknown_Release_Proxy
CStdStubBuffer_Invoke
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
CStdStubBuffer_CountRefs

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoReleaseServerProcess
CoResumeClassObjects
CoTaskMemAlloc
CoCreateInstance
CoDecrementMTAUsage
CoAddRefServerProcess
CoRevokeClassObject
CoFreeUnusedLibrariesEx
CLSIDFromString
CoIncrementMTAUsage
CoDisconnectContext
CoImpersonateClient
CoCreateFreeThreadedMarshaler
PropVariantClear
CoRevertToSelf
CoSetProxyBlanket
CoRegisterClassObject

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsDuplicateString

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories
RoInitialize
RoUninitialize

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegGetValueW
RegCloseKey

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient5
ObjectStublessClient3
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient4
ObjectStublessClient6
ObjectStublessClient7

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties
DevFindProperty
DevGetObjectProperties
DevCloseObjectQuery

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

combase

ord67
ord68
ord66

ntdll

EtwTraceMessage
RtlInitUnicodeString

wpprecorderum

WppAutoLogStop
WppAutoLogStart
WppAutoLogTrace

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

propsys

PSCreateMemoryPropertyStore

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult
CancelIoEx

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Unregister_Notification
CM_Get_Device_Interface_PropertyW
CM_Register_Notification

api-ms-win-core-io-l1-1-1

CancelIo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/BthAvrcp.dll
.dll windows:10 windows x64 arch:x64

e83baef4e557ed7b3aa78d6e9367e7fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__configure_narrow_argv
_o_free
_o_log10
_o_malloc
_o_pow
_o_qsort
_o_realloc
_o_round
_o_strcat_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
__std_type_info_compare
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o__cexit
_o__callnewh
_o___std_type_info_destroy_list
__std_terminate
__CxxFrameHandler4
memmove
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strnlen
memset

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties
DevGetObjectProperties
DevFindProperty
DevFreeObjects
DevCloseObjectQuery
DevGetObjects

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
DisableThreadLibraryCalls
FindResourceExW
LockResource
LoadResource

api-ms-win-core-synch-l1-2-0

WaitOnAddress
InitOnceExecuteOnce
WakeByAddressAll

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
ResetEvent
CreateEventW
SetEvent
EnterCriticalSection
CreateEventExW
CreateSemaphoreExW
LeaveCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
InitializeCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWorkCallbacks
SetThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolTimer
SubmitThreadpoolWork
CreateThreadpoolWork
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SetThreadpoolTimerEx
CloseThreadpoolCleanupGroup

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlCompareMemory

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsConcatString
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString

ws2_32

htons
htonl
ntohl
ntohs

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoCreateGuid
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoGetMalloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-rtcore-ntuser-window-l1-1-0

UnregisterClassW
RegisterClassW
PostMessageW
CreateWindowExW
DefWindowProcW

ntdll

RtlPublishWnfStateData
RtlInitUnicodeString
NtQuerySystemInformation

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl
CancelIoEx

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Unregister_Notification
CM_Get_Device_Interface_PropertyW
CM_Register_Notification

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-service-management-l1-1-0

StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle

rpcrt4

NdrClientCall3
RpcStringFreeW
RpcBindingFree
RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW

api-ms-win-service-winsvc-l1-1-0

ControlService

oleaut32

BSTR_UserMarshal64
BSTR_UserSize64
BSTR_UserFree64
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserUnmarshal64
BSTR_UserFree
SysFreeString
BSTR_UserSize

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-service-private-l1-1-2

QueryUserServiceName

api-ms-win-service-private-l1-1-0

WaitServiceState

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

bcrypt

BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptDestroyHash
BCryptOpenAlgorithmProvider

devobj

DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail
DevObjGetClassDevs
DevObjCreateDeviceInfoList
DevObjDestroyDeviceInfoList

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/BthAvrcpAppSvc.dll
.dll windows:10 windows x64 arch:x64

40dbb6ba396c6ccb2fba859be4658c98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__exit
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__crt_atexit
_o__wcsicmp
_o_free
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

SetEvent
EnterCriticalSection
InitializeCriticalSection
InitializeSRWLock
CreateEventExW
WaitForSingleObject
CreateEventW
LeaveCriticalSection
DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

rpcrt4

NdrServerCall2
RpcEpUnregister
RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcServerInqBindings
NdrServerCallAll
RpcServerRegisterIf3
RpcServerUnregisterIfEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoDecrementMTAUsage
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoUninitialize
CoWaitForMultipleHandles
CoIncrementMTAUsage

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

oleaut32

BSTR_UserUnmarshal64
BSTR_UserSize
BSTR_UserFree
SysAllocString
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserSize64
BSTR_UserMarshal64

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
CreateServiceW
OpenSCManagerW
DeleteService

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
UnregisterWaitEx

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WinFax.dll
.dll windows:10 windows x64 arch:x64

7c0bf03190cb1dd5f9c90cf0a8d6a35c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memset
__C_specific_handler
free
malloc
_initterm
_XcptFilter
_amsg_exit
_vsnwprintf
_wcsicmp
_stricmp
wcscmp

kernel32

TerminateProcess
HeapFree
HeapAlloc
HeapDestroy
GetProcessHeap
LoadLibraryW
GetCurrentProcess
GetComputerNameW
FreeLibrary
GetComputerNameA
OutputDebugStringW
GetVersionExW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
GetLastError
SetLastError
GetProcAddress
ResolveDelayLoadedAPI
DelayLoadFailureHook

advapi32

UnregisterTraceGuids
RegSetValueExW
RegOpenKeyExW
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW

winspool.drv

ClosePrinter
EnumPrintersW
AddPrinterW
GetPrinterW
SetPrinterW
OpenPrinterW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHChangeNotify

Exports

Exports

FaxAbort
FaxAccessCheck
FaxClose
FaxCompleteJobParamsA
FaxCompleteJobParamsW
FaxConnectFaxServerA
FaxConnectFaxServerW
FaxEnableRoutingMethodA
FaxEnableRoutingMethodW
FaxEnumGlobalRoutingInfoA
FaxEnumGlobalRoutingInfoW
FaxEnumJobsA
FaxEnumJobsW
FaxEnumPortsA
FaxEnumPortsW
FaxEnumRoutingMethodsA
FaxEnumRoutingMethodsW
FaxFreeBuffer
FaxGetConfigurationA
FaxGetConfigurationW
FaxGetDeviceStatusA
FaxGetDeviceStatusW
FaxGetJobA
FaxGetJobW
FaxGetLoggingCategoriesA
FaxGetLoggingCategoriesW
FaxGetPageData
FaxGetPortA
FaxGetPortW
FaxGetRoutingInfoA
FaxGetRoutingInfoW
FaxInitializeEventQueue
FaxOpenPort
FaxPrintCoverPageA
FaxPrintCoverPageW
FaxRegisterRoutingExtensionW
FaxRegisterServiceProviderW
FaxSendDocumentA
FaxSendDocumentForBroadcastA
FaxSendDocumentForBroadcastW
FaxSendDocumentW
FaxSetConfigurationA
FaxSetConfigurationW
FaxSetGlobalRoutingInfoA
FaxSetGlobalRoutingInfoW
FaxSetJobA
FaxSetJobW
FaxSetLoggingCategoriesA
FaxSetLoggingCategoriesW
FaxSetPortA
FaxSetPortW
FaxSetRoutingInfoA
FaxSetRoutingInfoW
FaxStartPrintJobA
FaxStartPrintJobW
FaxUnregisterServiceProviderW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WinHvEmulation.dll
.dll windows:10 windows x64 arch:x64

c91a81e4fd3f26d3bc2af89ddd8bb69d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
__C_specific_handler
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
_CxxThrowException
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockExclusive
EnterCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
WaitForSingleObject
AcquireSRWLockShared
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
ReleaseMutex
CreateSemaphoreExW
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

Exports

Exports

WHvEmulatorCreateEmulator
WHvEmulatorDestroyEmulator
WHvEmulatorTryIoEmulation
WHvEmulatorTryMmioEmulation

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WinHvPlatform.dll
.dll windows:10 windows x64 arch:x64

64c9fdbc9119671f27649b41ecb9c51f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_terminate
__CxxFrameHandler3
__current_exception
__AdjustPointer
__processing_throw
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlPcToFileHeader

ext-ms-win-cng-rng-l1-1-1

ProcessPrngGuid

vid

VidGetPartitionProperty
VidMapHypercallDoorbellPage
VidAssertVirtualProcessorInterrupt
VidDeletePartition
VidCreateMmioGpaDoorbell
VidExoAccessVaFault
VidSetVirtualProcessorState
VidSetPartitionProperty
VidGetExoSystemInformation
VidExoMapGpaRange
VidExoControlGpaAccessTracking
VidTranslateGvaToGpa
VidExoUnmapGpaRange
VidGetExoPartitionProperty
VidDestroyMmioGpaDoorbell
VidCreateExoPartition
VidInstallExoIntercept
VidRegisterCpuidResult
VidGetVirtualProcessorState
VidExoGetLocalInterruptControllerState
VidDispatchVirtualProcessor
VidGetVirtualProcessorXsaveState
VidGetHvPartitionId
VidExoSetLocalInterruptControllerState
VidStartVirtualProcessor
VidMapVpStatePage
VidSetVirtualProcessorXsaveState
VidMessageSlotHandleAndGetNext
VidMessageSlotMap
VidMapHvLocalStatsPage

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
AcquireSRWLockShared
OpenSemaphoreW
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventExW
EnterCriticalSection
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObjectEx
CreateSemaphoreExW
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
WaitOnAddress
WakeByAddressAll

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

WHvCancelRunVirtualProcessor
WHvCreatePartition
WHvCreateVirtualProcessor
WHvDeletePartition
WHvDeleteVirtualProcessor
WHvGetCapability
WHvGetPartitionCounters
WHvGetPartitionProperty
WHvGetVirtualProcessorCounters
WHvGetVirtualProcessorInterruptControllerState
WHvGetVirtualProcessorInterruptControllerState2
WHvGetVirtualProcessorRegisters
WHvGetVirtualProcessorXsaveState
WHvMapGpaRange
WHvQueryGpaRangeDirtyBitmap
WHvRegisterPartitionDoorbellEvent
WHvRequestInterrupt
WHvResumePartitionTime
WHvRunVirtualProcessor
WHvSetPartitionProperty
WHvSetVirtualProcessorInterruptControllerState
WHvSetVirtualProcessorInterruptControllerState2
WHvSetVirtualProcessorRegisters
WHvSetVirtualProcessorXsaveState
WHvSetupPartition
WHvSuspendPartitionTime
WHvTranslateGva
WHvUnmapGpaRange
WHvUnregisterPartitionDoorbellEvent

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WinMsoIrmProtector.dll
.dll regsvr32 windows:10 windows x64 arch:x64

5ca8c00138c16b571ec0d96535c6b914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_callnewh
??0exception@@QEAA@AEBQEBD@Z
_errno
realloc
_XcptFilter
_lock
??0exception@@QEAA@AEBV0@@Z
_unlock
??1type_info@@UEAA@XZ
memmove
__dllonexit
_onexit
wcscat_s
memcpy
?terminate@@YAXXZ
_CxxThrowException
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_initterm
_amsg_exit
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
wcsncmp
_purecall
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
memset

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
LoadResource
GetProcAddress
SizeofResource
GetModuleHandleW
FindResourceExW
GetModuleFileNameW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-com-l2-1-1

StgOpenStorage
StgIsStorageILockBytes
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WinOpcIrmProtector.dll
.dll regsvr32 windows:10 windows x64 arch:x64

f44635c14c6f5e19b66e4d9cfc4086cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_callnewh
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
realloc
_initterm
_lock
_amsg_exit
_unlock
??0exception@@QEAA@AEBQEBD@Z
__dllonexit
_onexit
??0exception@@QEAA@AEBV0@@Z
wcscat_s
_XcptFilter
memmove
memcpy
??1exception@@UEAA@XZ
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_errno
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
wcsncmp
_purecall
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
memset

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
LoadResource
GetProcAddress
SizeofResource
GetModuleHandleW
FindResourceExW
GetModuleFileNameW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-com-l2-1-1

StgIsStorageILockBytes
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WinREAgent.dll
.dll windows:10 windows x64 arch:x64

6f1765057431491665e1a2053ffd7a83

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:7f:9d:ee:7f:33:7f:7e:63:b7:fa:c5:a6:93:d6:8e:01:9a:f0:8c:a0:d8:1a:dd:89:0d:b2:d7:1e:10:5c:47
Signer

Actual PE Digest

14:7f:9d:ee:7f:33:7f:7e:63:b7:fa:c5:a6:93:d6:8e:01:9a:f0:8c:a0:d8:1a:dd:89:0d:b2:d7:1e:10:5c:47

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_wcsnicmp
wcsrchr
memcmp
_vsnwprintf
wcschr
_wcsicmp
strncpy_s
strtol
_set_errno
strchr
sprintf_s
_wtoi64
_wtol
memcpy
_errno
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
calloc
_purecall
_vscwprintf
vswprintf_s
__C_specific_handler
memmove_s
memcpy_s
memset

kernel32

GetSystemDirectoryW
TerminateProcess
GetCurrentProcess
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TlsSetValue
TlsGetValue
TlsAlloc
CompareStringW
CopyFile2
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
OutputDebugStringW
MoveFileTransactedW
CreateEventW
LocalFree
SetEvent
SetEnvironmentVariableW
GetModuleHandleW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
MultiByteToWideChar
WaitForSingleObject
GetSystemWindowsDirectoryW
HeapAlloc
GetProcessHeap
HeapFree
FindResourceExW
LoadResource
LockResource
SizeofResource
FreeLibrary
GetLastError
GetDiskFreeSpaceExW
DeleteFileW
SetFileAttributesW
DeviceIoControl
GetCurrentDirectoryW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetFinalPathNameByHandleW
GetLongPathNameW
GetFullPathNameW
CreateDirectoryW
RaiseException

user32

UnregisterClassA

oleaut32

SysAllocString
SysFreeString

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetProcAddress

api-ms-win-core-file-l1-1-0

GetFileAttributesW
FindClose
FindNextFileW
CreateFileW
FindFirstFileW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError

crypt32

CertVerifyCertificateChainPolicy

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

dismapi

DismGetImageInfo
DismDelete
DismAddPackage
DismMountImage
DismUnmountImage
DismInitialize
DismOpenSession
DismShutdown
DismCloseSession

wdscore

ConstructPartialMsgVW
WdsInitialize
CurrentIP
WdsTerminate
WdsSetupLogMessageW

wimgapi

WIMUnmountImage

advapi32

OpenThreadToken
SetFileSecurityW
GetFileSecurityW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetAce
AddAccessAllowedAce
InitializeAcl
CopySid
GetLengthSid
GetTokenInformation
EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemFree

reagent

WinReHashWimFile
WinReGetConfig

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

rpcrt4

UuidCreate

ktmw32

CreateTransaction
CommitTransaction

ntdll

RtlSetThreadErrorMode
NtSetInformationFile
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError

bcrypt

BCryptCloseAlgorithmProvider

Exports

Exports

CreateWinREServicingManager

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/Windows.WARP.JITService.exe
.exe windows:10 windows x64 arch:x64

44b86d624a0039683abd4da90f8b815d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_terminate
__C_specific_handler
_o___p__commode
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___p___wargv
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___p___argc
__std_terminate
__CxxFrameHandler4
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExA
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateEventW
SetEvent
ReleaseSRWLockShared
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-security-base-l1-1-0

AddAccessAllowedAce
GetLengthSid
InitializeAcl

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-service-core-l1-1-0

SetServiceStatus

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
ReportEventW
RegisterEventSourceW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/Windows.Web.Diagnostics.dll
.dll windows:10 windows x64 arch:x64

c3fb894ca9538168c7db74f53fd4f0ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
__uncaught_exception
abort
memset
_wcsdup
__crtLCMapStringW
_wsetlocale
_errno
memcmp
_callnewh
calloc
_wtoi
_wcsicmp
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
??_V@YAXPEAX@Z
memmove_s
_ismbblead
___lc_codepage_func
___mb_cur_max_func
??3@YAXPEAX@Z
_wcsnicmp
wcsstr
___lc_handle_func
__pctype_func
memmove
memcpy
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_purecall
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_vsnwprintf
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
__CxxFrameHandler3
_CxxThrowException
realloc
localeconv
vswprintf_s
strcspn
sprintf_s
wcstoul
setlocale
wcscmp

api-ms-win-core-kernel32-legacy-l1-1-0

WaitForMultipleObjects

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseMutex
OpenSemaphoreW
ReleaseSemaphore
CreateMutexExW
SetEvent
ReleaseSRWLockShared
CreateSemaphoreExW
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
InitializeSRWLock
CreateEventExW
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

rpcrt4

CStdStubBuffer_CountRefs
CStdStubBuffer_Connect
IUnknown_AddRef_Proxy
CStdStubBuffer_IsIIDSupported
NdrStubCall3
IUnknown_QueryInterface_Proxy
NdrStubForwardingFunction
CStdStubBuffer_Disconnect
RpcStringFreeW
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
UuidToStringW
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllCanUnloadNow
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
NdrOleFree

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
QueryAllTracesW
StopTraceW

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
CloseTrace
OpenTraceW

api-ms-win-eventing-tdh-l1-1-0

TdhGetProperty

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient7
ObjectStublessClient13
CStdStubBuffer2_QueryInterface
ObjectStublessClient15
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
CStdStubBuffer2_Connect
CStdStubBuffer2_CountRefs
ObjectStublessClient17
NdrProxyForwardingFunction4
ObjectStublessClient10
ObjectStublessClient16
ObjectStublessClient3
NdrProxyForwardingFunction3
CStdStubBuffer2_Disconnect

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/Windows.Web.Http.dll
.dll regsvr32 windows:10 windows x64 arch:x64

936af4ce1358b84d92e33f15abf532f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_purecall
memmove_s
_wcsicmp
memcmp
_onexit
__dllonexit
_unlock
_lock
swscanf_s
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_vsnwprintf
_callnewh
_itow_s
memcpy_s
wcschr
iswalnum
__CxxFrameHandler3
_ultow_s
malloc
free
iswdigit
realloc
swprintf_s
memcpy
memset

ntdll

NtSetInformationThread
NtOpenThreadToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateHeap
RtlInitUnicodeString
RtlCopyUnicodeString
RtlFreeHeap
NtQuerySecurityAttributesToken
RtlCompareMemory
RtlUpcaseUnicodeChar
RtlQueryPackageClaims
RtlNtStatusToDosError

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
LoadStringW
GetProcAddress

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsConcatString
WindowsSubstring
WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsStringHasEmbeddedNull
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserUnmarshal64
HSTRING_UserUnmarshal
WindowsReplaceString
WindowsCreateString
WindowsGetStringLen
HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize
WindowsDeleteString
HSTRING_UserSize64
WindowsSubstringWithSpecifiedLength
WindowsDuplicateString

api-ms-win-core-com-l1-1-0

CoReleaseMarshalData
CoIncrementMTAUsage
CoCreateInstance
CoDecrementMTAUsage
CreateStreamOnHGlobal
CoMarshalInterface
GetHGlobalFromStream
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoCreateGuid
CoWaitForMultipleObjects

api-ms-win-core-localization-l1-2-0

IdnToAscii
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
SetThreadToken
OpenThreadToken
GetCurrentThreadId
OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-synch-l1-1-0

SetEvent
LeaveCriticalSection
CreateEventW
InitializeCriticalSection
TryAcquireSRWLockExclusive
InitializeSRWLock
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObject
CreateMutexExW
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitializeCriticalSectionEx
ReleaseSemaphore
ReleaseMutex
EnterCriticalSection
WaitForSingleObjectEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
FreeLibraryWhenCallbackReturns
SetThreadpoolWait
CloseThreadpoolWait
CallbackMayRunLong
CreateThreadpoolWait
CreateThreadpoolTimer

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoTransformError
GetRestrictedErrorInfo
RoOriginateErrorW

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-security-base-l1-1-0

RevertToSelf
DuplicateTokenEx
GetTokenInformation

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
Sleep
WakeAllConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
InitOnceInitialize

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
CompareStringW
WideCharToMultiByte

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

rpcrt4

IUnknown_Release_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrStubForwardingFunction
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
UuidToStringW
RpcStringFreeW

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock
GlobalHandle

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient23
ObjectStublessClient15
ObjectStublessClient20
ObjectStublessClient18
ObjectStublessClient19
ObjectStublessClient14
ObjectStublessClient3
ObjectStublessClient10
ObjectStublessClient9
ObjectStublessClient13
ObjectStublessClient11
ObjectStublessClient16
CStdStubBuffer2_Connect
NdrProxyForwardingFunction3
ObjectStublessClient21
ObjectStublessClient24
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
CStdStubBuffer2_QueryInterface
ObjectStublessClient7
CStdStubBuffer2_Disconnect
CStdStubBuffer2_CountRefs
ObjectStublessClient25
ObjectStublessClient12
ObjectStublessClient17
ObjectStublessClient22
ObjectStublessClient8

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString

api-ms-win-core-normalization-l1-1-0

NormalizeString

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 806KB - Virtual size: 805KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 542KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/Windows.Web.dll
.dll regsvr32 windows:10 windows x64 arch:x64

dc0511cf8b7b29aa982e0dd330c1e045

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_callnewh
_purecall
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_lock
_itoa_s
_ecvt_s
_finite
_unlock
memcmp
_wtof
__dllonexit
free
_onexit
memcpy_s
_vsnwprintf
realloc
malloc
__CxxFrameHandler3
memset
memcpy
_itow_s
_wcsicmp
memmove_s
wcscmp

ntdll

NtSetInformationThread
NtOpenThreadToken
RtlAllocateHeap
RtlInitUnicodeString
RtlCopyUnicodeString
RtlFreeHeap
NtQuerySecurityAttributesToken
RtlCompareMemory
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
OpenThreadToken
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentThread

api-ms-win-security-base-l1-1-0

GetTokenInformation
RevertToSelf

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
WaitForSingleObject
AcquireSRWLockExclusive
CreateMutexExW
LeaveCriticalSection
CreateSemaphoreExW
SetEvent
DeleteCriticalSection
InitializeSRWLock
InitializeCriticalSectionEx
CreateEventW
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObjectEx
ReleaseMutex
AcquireSRWLockShared
ReleaseSRWLockShared
OpenSemaphoreW
ReleaseSemaphore

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CreateThreadpoolWork
CallbackMayRunLong
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
FreeLibraryWhenCallbackReturns
CloseThreadpoolTimer
TrySubmitThreadpoolCallback
CreateThreadpoolWait
CreateThreadpoolTimer

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByteEx
FormatMessageW
IsDBCSLeadByte

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW
FindResourceExW
SizeofResource
LoadResource
LockResource
LoadStringW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

rpcrt4

CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
NdrStubForwardingFunction
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
UuidToStringW
UuidCreate
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
RpcStringFreeW
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrStubCall3

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetLocalTime
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient3
CStdStubBuffer2_CountRefs
CStdStubBuffer2_Disconnect
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient6
NdrProxyForwardingFunction3
ObjectStublessClient4
CStdStubBuffer2_Connect
ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient16
ObjectStublessClient10
ObjectStublessClient17
ObjectStublessClient9
ObjectStublessClient11
ObjectStublessClient8
ObjectStublessClient18
ObjectStublessClient15
ObjectStublessClient7
ObjectStublessClient13

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

iertutil

ord781
ord775
ord774
ord792
CreateUri
ord765
ord779

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-0

GetStringTypeExA

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrToIntA
StrCmpW
StrStrNIW
StrCmpIW
StrCmpICA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WindowsActionDialog.exe
.exe windows:10 windows x64 arch:x64

f42f7a5425cb00e71d7c4716f98bca8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReleaseMutex
CreateEventW
FormatMessageW
GetTickCount64
GetLastError
OutputDebugStringW
SetEvent
CloseThreadpoolTimer
WaitForSingleObjectEx
OpenSemaphoreW
OpenEventW
SetThreadpoolTimer
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
CloseHandle
GetModuleFileNameA

msvcp110_win

?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
memcpy
_cexit
_exit
__C_specific_handler
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
_CxxThrowException
__CxxFrameHandler3
memmove
__setusermatherr
??3@YAXPEAX@Z
exit
memset

ole32

CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeEx

ntdll

RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize

oleaut32

SysFreeString
SysStringLen

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibrary

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx

user32

MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
TranslateMessage

dui70

InitThread
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?_ZeroRelease@Value@DirectUI@@AEAAXXZ
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
UnInitProcessPriv
UnInitThread
InitProcessPriv

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WindowsCodecs.dll
.dll windows:10 windows x64 arch:x64

62db43e556757c48fbd68e2603546987

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:af:5f:d7:39:31:b9:a2:39:3a:04:13:6c:3a:bc:8e:b8:d4:91:c4:33:c4:3e:04:0d:98:5c:93:11:79:be:e8
Signer

Actual PE Digest

34:af:5f:d7:39:31:b9:a2:39:3a:04:13:6c:3a:bc:8e:b8:d4:91:c4:33:c4:3e:04:0d:98:5c:93:11:79:be:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

toupper
_finite
realloc
memmove
_wcsicmp
ceilf
atan2
_purecall
exp
_setjmp
qsort
memcpy
_vsnwprintf
memcmp
_aligned_malloc
_aligned_free
_wcsnicmp
memset
??8type_info@@QEBAHAEBV0@@Z
_stricmp
wcsstr
_isnan
strcmp
_onexit
__dllonexit
strncmp
??1type_info@@UEAA@XZ
memcpy_s
ldexp
fprintf
_unlock
_lock
sqrt
rand
strstr
__C_specific_handler
powf
_aligned_realloc
floorf
calloc
log
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
memmove_s
strcpy_s
wcscmp

oleaut32

VariantChangeType
BSTR_UserUnmarshal
VariantInit
VariantClear
VariantCopy
LPSAFEARRAY_UserMarshal
SysStringLen
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserSize
BSTR_UserMarshal

api-ms-win-core-marshal-l1-1-0

HICON_UserSize
CLIPFORMAT_UserFree
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserSize
CLIPFORMAT_UserUnmarshal
HICON_UserMarshal
HPALETTE_UserUnmarshal
HBITMAP_UserFree
HPALETTE_UserFree
HBITMAP_UserMarshal
HPALETTE_UserMarshal
HPALETTE_UserSize
HICON_UserUnmarshal
HICON_UserFree
HBITMAP_UserUnmarshal
HBITMAP_UserSize

rpcrt4

CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrStubForwardingFunction
NdrStubCall2
NdrClientCall2
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
IUnknown_QueryInterface_Proxy
NdrCStdStubBuffer_Release
CStdStubBuffer_Disconnect
NdrOleFree
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
NdrOleAllocate
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
RpcRaiseException

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient4
ObjectStublessClient3

api-ms-win-core-synch-l1-1-0

SleepEx
CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex
ReleaseSRWLockShared
DeleteCriticalSection
CreateMutexExW
InitializeCriticalSectionEx
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
LeaveCriticalSection

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventProviderEnabled
EventSetInformation

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
SetThreadToken
GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
GetCurrentProcess
GetCurrentThread
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetVersionExW
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-com-l1-1-0

StringFromGUID2
PropVariantClear
CoTaskMemAlloc
CoLockObjectExternal
CoCreateInstance
GetHGlobalFromStream
CreateStreamOnHGlobal
PropVariantCopy
CoTaskMemFree
CoGetApartmentType
IIDFromString

api-ms-win-core-file-l1-1-0

GetFileSize
GetFileInformationByHandle
SetEndOfFile
SetFilePointer
WriteFile
SetFilePointerEx
GetFileType
CreateFileW
ReadFile

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
MapViewOfFileEx
VirtualFree
UnmapViewOfFile

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

ntdll

DbgPrintEx
RtlSetBits
RtlInitializeBitMap
WinSqmAddToStream
WinSqmIsOptedIn

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalLock
GlobalUnlock

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
GlobalFree

bcrypt

BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptFinishHash

api-ms-win-base-util-l1-1-0

IsTextUnicode

api-ms-win-core-normalization-l1-1-0

GetStringScripts

api-ms-win-core-stringansi-l1-1-0

IsCharAlphaNumericA

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx

api-ms-win-core-kernel32-legacy-l1-1-0

CreateFileMappingA

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllGetClassObject
IEnumString_Next_WIC_Proxy
IEnumString_Reset_WIC_Proxy
IPropertyBag2_Write_Proxy
IWICBitmapClipper_Initialize_Proxy
IWICBitmapCodecInfo_DoesSupportAnimation_Proxy
IWICBitmapCodecInfo_DoesSupportLossless_Proxy
IWICBitmapCodecInfo_DoesSupportMultiframe_Proxy
IWICBitmapCodecInfo_GetContainerFormat_Proxy
IWICBitmapCodecInfo_GetDeviceManufacturer_Proxy
IWICBitmapCodecInfo_GetDeviceModels_Proxy
IWICBitmapCodecInfo_GetFileExtensions_Proxy
IWICBitmapCodecInfo_GetMimeTypes_Proxy
IWICBitmapDecoder_CopyPalette_Proxy
IWICBitmapDecoder_GetColorContexts_Proxy
IWICBitmapDecoder_GetDecoderInfo_Proxy
IWICBitmapDecoder_GetFrameCount_Proxy
IWICBitmapDecoder_GetFrame_Proxy
IWICBitmapDecoder_GetMetadataQueryReader_Proxy
IWICBitmapDecoder_GetPreview_Proxy
IWICBitmapDecoder_GetThumbnail_Proxy
IWICBitmapEncoder_Commit_Proxy
IWICBitmapEncoder_CreateNewFrame_Proxy
IWICBitmapEncoder_GetEncoderInfo_Proxy
IWICBitmapEncoder_GetMetadataQueryWriter_Proxy
IWICBitmapEncoder_Initialize_Proxy
IWICBitmapEncoder_SetPalette_Proxy
IWICBitmapEncoder_SetThumbnail_Proxy
IWICBitmapFlipRotator_Initialize_Proxy
IWICBitmapFrameDecode_GetColorContexts_Proxy
IWICBitmapFrameDecode_GetMetadataQueryReader_Proxy
IWICBitmapFrameDecode_GetThumbnail_Proxy
IWICBitmapFrameEncode_Commit_Proxy
IWICBitmapFrameEncode_GetMetadataQueryWriter_Proxy
IWICBitmapFrameEncode_Initialize_Proxy
IWICBitmapFrameEncode_SetColorContexts_Proxy
IWICBitmapFrameEncode_SetResolution_Proxy
IWICBitmapFrameEncode_SetSize_Proxy
IWICBitmapFrameEncode_SetThumbnail_Proxy
IWICBitmapFrameEncode_WriteSource_Proxy
IWICBitmapLock_GetDataPointer_STA_Proxy
IWICBitmapLock_GetStride_Proxy
IWICBitmapScaler_Initialize_Proxy
IWICBitmapSource_CopyPalette_Proxy
IWICBitmapSource_CopyPixels_Proxy
IWICBitmapSource_GetPixelFormat_Proxy
IWICBitmapSource_GetResolution_Proxy
IWICBitmapSource_GetSize_Proxy
IWICBitmap_Lock_Proxy
IWICBitmap_SetPalette_Proxy
IWICBitmap_SetResolution_Proxy
IWICColorContext_InitializeFromMemory_Proxy
IWICComponentFactory_CreateMetadataWriterFromReader_Proxy
IWICComponentFactory_CreateQueryWriterFromBlockWriter_Proxy
IWICComponentInfo_GetAuthor_Proxy
IWICComponentInfo_GetCLSID_Proxy
IWICComponentInfo_GetFriendlyName_Proxy
IWICComponentInfo_GetSpecVersion_Proxy
IWICComponentInfo_GetVersion_Proxy
IWICFastMetadataEncoder_Commit_Proxy
IWICFastMetadataEncoder_GetMetadataQueryWriter_Proxy
IWICFormatConverter_Initialize_Proxy
IWICImagingFactory_CreateBitmapClipper_Proxy
IWICImagingFactory_CreateBitmapFlipRotator_Proxy
IWICImagingFactory_CreateBitmapFromHBITMAP_Proxy
IWICImagingFactory_CreateBitmapFromHICON_Proxy
IWICImagingFactory_CreateBitmapFromMemory_Proxy
IWICImagingFactory_CreateBitmapFromSource_Proxy
IWICImagingFactory_CreateBitmapScaler_Proxy
IWICImagingFactory_CreateBitmap_Proxy
IWICImagingFactory_CreateComponentInfo_Proxy
IWICImagingFactory_CreateDecoderFromFileHandle_Proxy
IWICImagingFactory_CreateDecoderFromFilename_Proxy
IWICImagingFactory_CreateDecoderFromStream_Proxy
IWICImagingFactory_CreateEncoder_Proxy
IWICImagingFactory_CreateFastMetadataEncoderFromDecoder_Proxy
IWICImagingFactory_CreateFastMetadataEncoderFromFrameDecode_Proxy
IWICImagingFactory_CreateFormatConverter_Proxy
IWICImagingFactory_CreatePalette_Proxy
IWICImagingFactory_CreateQueryWriterFromReader_Proxy
IWICImagingFactory_CreateQueryWriter_Proxy
IWICImagingFactory_CreateStream_Proxy
IWICMetadataBlockReader_GetCount_Proxy
IWICMetadataBlockReader_GetReaderByIndex_Proxy
IWICMetadataQueryReader_GetContainerFormat_Proxy
IWICMetadataQueryReader_GetEnumerator_Proxy
IWICMetadataQueryReader_GetLocation_Proxy
IWICMetadataQueryReader_GetMetadataByName_Proxy
IWICMetadataQueryWriter_RemoveMetadataByName_Proxy
IWICMetadataQueryWriter_SetMetadataByName_Proxy
IWICPalette_GetColorCount_Proxy
IWICPalette_GetColors_Proxy
IWICPalette_GetType_Proxy
IWICPalette_HasAlpha_Proxy
IWICPalette_InitializeCustom_Proxy
IWICPalette_InitializeFromBitmap_Proxy
IWICPalette_InitializeFromPalette_Proxy
IWICPalette_InitializePredefined_Proxy
IWICPixelFormatInfo_GetBitsPerPixel_Proxy
IWICPixelFormatInfo_GetChannelCount_Proxy
IWICPixelFormatInfo_GetChannelMask_Proxy
IWICStream_InitializeFromIStream_Proxy
IWICStream_InitializeFromMemory_Proxy
WICConvertBitmapSource
WICCreateBitmapFromSection
WICCreateBitmapFromSectionEx
WICCreateColorContext_Proxy
WICCreateImagingFactory_Proxy
WICGetMetadataContentSize
WICMapGuidToShortName
WICMapSchemaToName
WICMapShortNameToGuid
WICMatchMetadataContent
WICSerializeMetadataContent
WICSetEncoderFormat_Proxy

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WindowsCodecsExt.dll
.dll windows:10 windows x64 arch:x64

e92a0bb73c92cca4ab77549c182e2a2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_wcsicmp
wcsncmp
_vsnwprintf
realloc
ldexp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
frexp
malloc
_purecall
memcmp
free
memset

ntdll

RtlInitializeBitMap
DbgPrintEx
RtlCaptureStackBackTrace
RtlSetBits
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoGetApartmentType
CreateStreamOnHGlobal
CoCreateInstance
PropVariantClear
CoLockObjectExternal
GetHGlobalFromStream
CoTaskMemFree

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

oleaut32

SysFreeString
VariantInit
VariantClear
SysStringLen
VariantChangeType
SysAllocString
SysAllocStringLen

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
SleepEx
EnterCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalSize
GlobalUnlock

windowscodecs

WICMatchMetadataContent
WICMapSchemaToName

Exports

Exports

DllGetClassObject
IWICColorTransform_Initialize_Proxy
WICCreateColorTransform_Proxy

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WindowsCodecsRaw.dll
.dll windows:10 windows x64 arch:x64

3e017d2a373236275eed4a9a07ef23d3

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:85:e5:82:97:d1:62:cd:b3:06:5d:c3:d8:66:13:70:85:5f:d6:dd:0b:4d:56:18:5d:83:2a:04:90:dd:ec:e8
Signer

Actual PE Digest

f1:85:e5:82:97:d1:62:cd:b3:06:5d:c3:d8:66:13:70:85:5f:d6:dd:0b:4d:56:18:5d:83:2a:04:90:dd:ec:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
strncmp
strcmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__execute_onexit_table
_o__gmtime64_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__mktime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__strdup
_o__stricmp
_o___stdio_common_vswprintf
_o__strnicmp
memmove
_o__swab
_o__errno
_o_atoi
_o_calloc
_o_fclose
_o_fopen_s
_o_fread
_o_free
_o_fseek
_o_ftell
_o_isdigit
_o_isspace
_o_log
_o_malloc
_o_pow
_o_powf
_o_qsort
_o_sqrt
_o_strcat_s
_o_strcpy_s
_o_strftime
_o_strncpy_s
_o_terminate
_o_tolower
_o_toupper
_o_wmemcpy_s
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vfscanf
_o__aligned_malloc
_o__aligned_free
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf_s
memchr
memcmp
memcpy

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
LeaveCriticalSection
ReleaseSRWLockShared
InitializeSRWLock

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
PropVariantClear
CreateStreamOnHGlobal
PropVariantCopy
CoCreateInstance

api-ms-win-core-libraryloader-l1-2-0

LockResource
SizeofResource
DisableThreadLibraryCalls
LoadResource
FindResourceExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

propsys

PropVariantCompareEx
PropVariantChangeType
PSCreateMemoryPropertyStore

oleaut32

VariantInit
SystemTimeToVariantTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetCurrentProcessorNumber

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSize
HeapAlloc
HeapReAlloc
HeapFree
HeapDestroy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-ntuser-rectangle-l1-1-0

IntersectRect

mscms

CreateMultiProfileTransform
DeleteColorTransform
CloseColorProfile
TranslateBitmapBits
OpenColorProfileW

kernel32

OutputDebugStringA
UnmapViewOfFile
CreateFileA
CloseHandle
GetSystemInfo
GetFileSizeEx
CreateFileMappingW
QueryPerformanceFrequency
CreateThreadpoolWork
SubmitThreadpoolWork
GetActiveProcessorCount
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
MapViewOfFile

gdi32

CombineRgn
CreateRectRgn
GetRegionData
DeleteObject
GetRgnBox

advapi32

CryptGenRandom
CryptAcquireContextW
CryptReleaseContext

ws2_32

ntohs
htonl

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

logf
floorf
expf
ceilf
cosf
sqrtf

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 777KB - Virtual size: 777KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27.5MB - Virtual size: 27.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WindowsCodecsRaw.txt
Setuр/x64/WindowsDefaultHeatProcessor.dll
.dll windows:10 windows x64 arch:x64

843bedfa66960fb334665a35596ae240

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
__C_specific_handler
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
EnterCriticalSection
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-crt-math-l1-1-0

sqrtf
atan2f
ceilf

Exports

Exports

CreateHeatProcessor

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WindowsInternal.ComposableShell.ComposerFramework.dll
.dll windows:10 windows x64 arch:x64

278c0c4d1a76a9d93a8852ebc88eaa05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
CreateThread
TerminateProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThread
GetCurrentThreadId

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetProcAddress

ntdll

RtlQueryRegistryValuesEx
RtlPublishWnfStateData

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockShared
ReleaseMutex
OpenSemaphoreW
CreateSemaphoreExW
InitializeCriticalSectionEx
ReleaseSemaphore
LeaveCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockShared
CreateEventW
ReleaseSRWLockExclusive
WaitForSingleObject
CreateEventExW
WaitForMultipleObjectsEx
ResetEvent
InitializeCriticalSectionAndSpinCount
SetEvent
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsConcatString
WindowsCreateStringReference
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsGetStringLen
WindowsDuplicateString

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoGetCallContext
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-ntuser-sysparams-l1-1-0

DisplayConfigGetDeviceInfo
EnumDisplayMonitors
GetMonitorInfoW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW
RegEnumKeyExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-shcore-scaling-l1-1-1

GetScaleFactorForMonitor

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-gdi-dpiinfo-l1-1-0

GetCurrentDpiInfo

api-ms-win-rtcore-ntuser-private-l1-1-8

ord2637

wincorlib

??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z
?ToString@uint32@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@int64@default@@QEAAPE$AAVString@Platform@@XZ
??0FailureException@Platform@@QE$AAA@PE$AAVString@1@@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
??0Delegate@Platform@@QE$AAA@XZ
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0Object@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?get@Empty@Rect@Foundation@Windows@@SA?AV234@XZ
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?Union@Rect@Foundation@Windows@@QEAAXV123@@Z
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
??0ChangedStateException@Platform@@QE$AAA@XZ

api-ms-win-crt-private-l1-1-0

memmove
memcpy
memcmp
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
wcsstr
__std_terminate
__CxxFrameHandler4
_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsnicmp
_o_free
_o_malloc
_o_pow
_o_sqrt

api-ms-win-crt-string-l1-1-0

wcslen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

msvcp_win

?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Cnd_destroy_in_situ
_Mtx_destroy_in_situ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Mtx_init_in_situ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Xbad_function_call@std@@YAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
_Cnd_broadcast
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
_Cnd_init_in_situ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_wait
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_IsNonBlockingThread@_Task_impl_base@details@Concurrency@@SA_NXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ

ext-ms-win-rtcore-ntuser-sysparams-l1-1-0

MonitorFromPoint

ext-ms-win-rtcore-minuser-display-l1-1-0

ord2621

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 486KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WindowsInternal.ComposableShell.DesktopHosting.dll
.dll windows:10 windows x64 arch:x64

fec4eb3e27e9c0d7c0f363b0bd68222f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseSRWLockExclusive
ReleaseMutex
AcquireSRWLockShared
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockExclusive
DeleteCriticalSection
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
CreateSemaphoreExW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoGetContextToken

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsDuplicateString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

wincorlib

??0ChangedStateException@Platform@@QE$AAA@XZ
??0DisconnectedException@Platform@@QE$AAA@XZ
??0Delegate@Platform@@QE$AAA@XZ
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?__abi_FailFast@@YAXXZ
?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
??0Exception@Platform@@QE$AAA@H@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0Object@Platform@@QE$AAA@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z

api-ms-win-crt-private-l1-1-0

__C_specific_handler
memcmp
memcpy
__CxxFrameHandler3
_CxxThrowException
wcsstr
__std_terminate
__CxxFrameHandler4
_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o_free
_o_malloc
memmove

api-ms-win-crt-string-l1-1-0

wcslen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WindowsInternal.Shell.CompUiActivation.dll
.dll windows:10 windows x64 arch:x64

8956979c4ae91af1addac7f1e86f5d95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObjectEx
CreateSemaphoreExW
CreateMutexExW
ReleaseSemaphore
AcquireSRWLockExclusive
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead

msvcp_win

?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsDuplicateString
WindowsDeleteStringBuffer
WindowsDeleteString
WindowsPreallocateStringBuffer
WindowsGetStringRawBuffer
WindowsPromoteStringBuffer

oleaut32

SysStringLen
SysFreeString

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoIncrementMTAUsage
CoTaskMemAlloc
CoGetObjectContext

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoTransformError
GetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-com-l1-1-1

RoGetAgileReference

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WindowsIoTCsp.dll
.dll windows:10 windows x64 arch:x64

0ee969ca372a37aeaa20672d047d3549

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ

msvcrt

memcpy_s
_wcsicmp
toupper
__C_specific_handler
memmove
free
_amsg_exit
_XcptFilter
_callnewh
malloc
??3@YAXPEAX@Z
__CxxFrameHandler3
_initterm

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc

oleaut32

VariantInit
SysAllocString

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegGetValueW
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WindowsManagementServiceWinRt.ProxyStub.dll
.dll windows:10 windows x64 arch:x64

a8ac205b0ceca6373eb1eefdb5bd93ef

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:7c:0e:d4:ab:3f:d8:21:d5:ae:f8:b3:8b:df:9b:6f:bd:2a:e2:83:58:e0:f8:84:64:32:55:b7:ab:40:c2:0d
Signer

Actual PE Digest

0e:7c:0e:d4:ab:3f:d8:21:d5:ae:f8:b3:8b:df:9b:6f:bd:2a:e2:83:58:e0:f8:84:64:32:55:b7:ab:40:c2:0d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memcmp
_o___std_type_info_destroy_list
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

rpcrt4

NdrStubCall3
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Connect
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrStubForwardingFunction
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserMarshal
HSTRING_UserSize64
HSTRING_UserFree
HSTRING_UserFree64
HSTRING_UserSize
HSTRING_UserUnmarshal
HSTRING_UserUnmarshal64
HSTRING_UserMarshal64

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient10
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
CStdStubBuffer2_QueryInterface
ObjectStublessClient7
CStdStubBuffer2_Disconnect
ObjectStublessClient3
CStdStubBuffer2_CountRefs
ObjectStublessClient11
NdrProxyForwardingFunction3
CStdStubBuffer2_Connect

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetProxyDllInfo

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/WindowsSecurityIcon.png
.png
Setuр/x64/WindowsUpdateElevatedInstaller.exe
.exe windows:10 windows x64 arch:x64

464bece13e769d1ab0e5d1a6d49aad1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent

api-ms-win-crt-runtime-l1-1-0

_initterm
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o___std_exception_destroy
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__CxxFrameHandler4
_CxxThrowException
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegGetValueW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/Winlangdb.dll
.dll windows:10 windows x64 arch:x64

ac406ea68bafbadfa5be4ecdf652f53d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp_win

?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xbad_function_call@std@@YAXXZ
?id@?$collate@G@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?tolower@?$ctype@G@std@@QEBAGG@Z
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
_Wcscoll
_Wcsxfrm
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_realloc
__C_specific_handler
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
wcschr
strchr
__std_terminate
__CxxFrameHandler4
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
LoadStringW
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
WaitForSingleObjectEx
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
ResolveLocaleName
IsValidLocaleName
GetUserPreferredUILanguages
FormatMessageW
LocaleNameToLCID
FindNLSStringEx
GetUserDefaultLocaleName

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringLen

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-string-l1-1-0

CompareStringEx
CompareStringOrdinal

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-localization-l1-2-1

EnumSystemLocalesEx

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

api-ms-win-core-localization-private-l1-1-0

LoadStringByReference

api-ms-win-security-base-l1-1-0

CopySid
IsWellKnownSid
GetTokenInformation
GetLengthSid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

kernelbase

OpenGlobalizationUserSettingsKey

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

NtClose

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

Bcp47GetEnglishName
Bcp47GetLocalizedName
Bcp47GetLocalizedScript
Bcp47GetNativeName
EnsureLanguageProfileExists
GetLanguageNames
GetLocaleFromLanguageAndRegion
GetRegionalFormatList
IsoScriptGetLocalizedName
LanguagesDatabaseGetChildLanguages
LanguagesDatabaseGetLeafLanguages
LanguagesDatabaseHasChildren
LanguagesDatabaseHasLocalizedContent
SetUserLanguages
SetUserLanguagesCore
SetUserLanguagesNoSpeller

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/blbres.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setuр/x64/bnmanager.dll
.dll windows:10 windows x64 arch:x64

a6971dc86c72889e7e8dd61cd8b3f5fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_purecall
free
malloc
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_callnewh
__CxxFrameHandler3
_CxxThrowException
_vsnprintf_s
memcpy_s
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
??1type_info@@UEAA@XZ
_lock
_onexit
??0exception@@QEAA@AEBV0@@Z
__dllonexit
??1exception@@UEAA@XZ
_vsnwprintf
??0exception@@QEAA@XZ
_unlock
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
DisableThreadLibraryCalls
LoadStringW
GetProcAddress

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/boot.sdi
Setuр/x64/bootcfg.exe
.exe windows:10 windows x64 arch:x64

f3adcd04b0bf69589b2b3643d6cf3803

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_memicmp
fflush
__iob_func
_vsnwprintf
wcstok
_errno
wcstod
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
wcstol
wcstoul
_fileno
__set_app_type
__wgetmainargs
_amsg_exit
_get_osfhandle
fprintf
?terminate@@YAXXZ
_XcptFilter
wcsncpy_s
wcsrchr
_ltow
wcsstr
_wfopen
_itow
wcschr
fclose
_wchmod
memset

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-registry-l2-1-0

RegConnectRegistryW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrW
StrChrW
StrRChrW
StrStrIW
StrCmpNW
StrChrIW

api-ms-win-core-file-l1-1-0

ReadFile
GetFileSize
GetFileType
SetFileAttributesW
GetFileAttributesW
CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapValidate
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapSetInformation

api-ms-win-core-privateprofile-l1-1-1

WritePrivateProfileSectionW

api-ms-win-core-string-l2-1-0

CharUpperW
CharLowerW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
ExitProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleFileNameW
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetGetLastErrorW

netapi32

NetServerGetInfo
NetApiBufferFree

ws2_32

WSAGetLastError
GetNameInfoW
WSAStartup
FreeAddrInfoW
WSACleanup
GetAddrInfoW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrlenW

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
GetThreadLocale
FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

ntdll

RtlVerifyVersionInfo

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-console-l1-1-0

SetConsoleMode
GetConsoleMode
WriteConsoleW
ReadConsoleW
GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

sspicli

GetUserNameExW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/bootim.exe
.exe windows:10 windows x64 arch:x64

518ddf1b5d2eaa775607e0d8b554c455

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

GetSystemMetrics

msvcrt

_wcmdln
_fmode
_XcptFilter
_wtol
_commode
__C_specific_handler
_initterm
_wcsnicmp
wcschr
memset
_lock
_amsg_exit
_unlock
__dllonexit
_wcsicmp
memcpy_s
__setusermatherr
_cexit
_onexit
_exit
_vsnwprintf
exit
?terminate@@YAXXZ
__set_app_type
__wgetmainargs

bootux

ord9
ord12

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetProcessPreferredUILanguages

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrToIntExW

ntdll

RtlNtStatusToDosError
NtQuerySystemInformation

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/bootsect.exe
.exe windows:10 windows x64 arch:x64

a26cb263b9dc97b5627f1e68caac6231

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

97:10:60:7b:a1:0d:d6:97:8d:e0:4e:13:d7:be:32:23:b7:21:90:f3:d5:26:d4:e8:f8:17:b5:3f:4c:39:56:c6
Signer

Actual PE Digest

97:10:60:7b:a1:0d:d6:97:8d:e0:4e:13:d7:be:32:23:b7:21:90:f3:d5:26:d4:e8:f8:17:b5:3f:4c:39:56:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventUnregister
EventRegister
EventWriteTransfer
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

GetModuleHandleExW
SetFilePointer
GetLastError
GetProcAddress
FreeLibrary
GetConsoleOutputCP
GetStdHandle
GetModuleFileNameW
LocalAlloc
GetConsoleMode
FormatMessageW
QueryDosDeviceW
LocalFree
WideCharToMultiByte
GetFileType
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
ReadFile
WriteFile
WriteConsoleW
SetLastError
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
CreateFileW
GetVersionExW
SearchPathW
UnmapViewOfFile
CloseHandle
FindResourceExW
LoadResource
CreateFileMappingW
MapViewOfFile
LoadLibraryExW

msvcrt

_snwscanf_s
bsearch
wcsncmp
wcsstr
wcsnlen
memcpy
?terminate@@YAXXZ
_fmode
__C_specific_handler
_initterm
memset
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
iswxdigit
_vsnwprintf
_wcsnicmp
_stricmp
swprintf_s
isalpha
wcscpy_s
_wcsicmp
_wcslwr
_commode

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
NtWaitForSingleObject
RtlFreeHeap
NtQueryDirectoryObject
NtCreateEvent
NtOpenDirectoryObject
NtDeviceIoControlFile
NtQuerySymbolicLinkObject
RtlAllocateHeap
NtOpenSymbolicLinkObject
NtResetEvent
NtOpenFile
NtQueryVolumeInformationFile
RtlNtStatusToDosError
NtFsControlFile
NtClose
RtlInitUnicodeString
NtQuerySystemInformation
RtlCaptureContext
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtEnumerateBootEntries
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
RtlImpersonateSelf
NtOpenKey

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/bootstr.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:74:8b:44:d9:10:ee:10:fd:a7:fb:cb:5b:13:d3:91:0b:e8:e0:6a:29:d8:9d:07:29:7f:94:84:f6:24:ca:e6
Signer

Actual PE Digest

0b:74:8b:44:d9:10:ee:10:fd:a7:fb:cb:5b:13:d3:91:0b:e8:e0:6a:29:d8:9d:07:29:7f:94:84:f6:24:ca:e6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setuр/x64/bootux.dll
.dll windows:10 windows x64 arch:x64

3743d57b7a85109e8946ad01b46bbecc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_lock
_initterm
malloc
sqrt
__C_specific_handler
__CxxFrameHandler3
_XcptFilter
free
memset
iscntrl
wcschr
_wtoi
_callnewh
_onexit
memcpy_s
__dllonexit
_amsg_exit
_unlock
memmove
floorf
ceil
_purecall
_vsnwprintf
wcscmp

api-ms-win-shcore-scaling-l1-1-0

GetScaleFactorForDevice

api-ms-win-shcore-thread-l1-1-0

SHCreateThread
SHGetThreadRef

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_Set

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx

shcore

ord228

shell32

SHFileOperationW
ord47
SHGetFolderPathW

shlwapi

StrCmpW
PathFileExistsW
StrToIntExW
PathFindFileNameW
StrRStrIW
PathGetDriveNumberW
StrCmpIW
ord460
StrChrW
PathFindExtensionW
PathAppendW
PathRemoveFileSpecW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
LockResource
FindResourceExW
LoadResource
FreeLibrary
LoadStringW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForSingleObject
ReleaseMutex
OpenSemaphoreW
ReleaseSemaphore
CreateEventExW
CreateSemaphoreExW
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSRWLockShared
WaitForMultipleObjectsEx
CreateEventW
SetEvent
ResetEvent
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
TlsFree
TlsAlloc
TlsGetValue

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetLogicalDriveStringsW
CreateFileW
CreateDirectoryW
GetFileAttributesExW
WriteFile
DeleteFileW

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey

api-ms-win-eventing-controller-l1-1-0

StopTraceW
StartTraceW
EnableTraceEx2

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-atoms-l1-1-0

GetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
CreateActCtxW
ActivateActCtx
ReleaseActCtx

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

uiautomationcore

UiaRaiseAutomationEvent

gdi32

CreateFontIndirectW
DeleteObject
CreateCompatibleDC
SelectObject
GetDeviceCaps
CreateDIBSection
GetStockObject
StretchDIBits
GetObjectW
DeleteDC

ntdll

WinSqmSetDWORD

ole32

CoInitialize

user32

UpdateWindow
InvalidateRect
FillRect
GetClientRect
SystemParametersInfoW
TranslateMessage
RegisterWindowMessageW
FindWindowW
GetMonitorInfoW
RemovePropW
MonitorFromPoint
DispatchMessageW
GetSystemMetrics
GetMessageW
DrawTextW
SetForegroundWindow
PostQuitMessage
SetPropW
ShowWindow
GetCursorPos
ReleaseDC
MapWindowPoints
GetDC
SetCursor
LoadCursorW
MsgWaitForMultipleObjectsEx
PeekMessageW
GetAncestor
PostMessageW
IsWindow

uxtheme

GetCurrentThemeName

dui70

?ActivateTooltip@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?EventFromEventId@Schema@DirectUI@@SA?AW4Event@12@H@Z
?WantEvent@EventManager@DirectUI@@SA_NW4Event@Schema@2@@Z
?FWantAnyEvent@EventManager@DirectUI@@SA_NPEAVElement@2@@Z
?SetX@Element@DirectUI@@QEAAJH@Z
?GetExtent@Element@DirectUI@@QEAAPEBUtagSIZE@@PEAPEAVValue@2@@Z
?SetMargin@Element@DirectUI@@QEAAJHHHH@Z
?GetMargin@Element@DirectUI@@QEAAPEBUtagRECT@@PEAPEAVValue@2@@Z
?_Fill@Element@DirectUI@@IEAAXPEAUHDC__@@KHHHH_N@Z
?SetXMLFromResourceWithTheme@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@00@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJPEBGPEAUHINSTANCE__@@1@Z
?SetRootWindowForTheming@DUIXmlParser@DirectUI@@QEAAXPEAUHWND__@@@Z
?GetSheet@DUIXmlParser@DirectUI@@QEAAJPEBGPEAPEAVValue@2@@Z
DuiCreateObject
?AdviseEventRemoved@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z
?AdviseEventAdded@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z
?get_FragmentRoot@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderFragmentRoot@@@Z
?SetFocus@ElementProvider@DirectUI@@UEAAJXZ
?GetEmbeddedFragmentRoots@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z
?get_BoundingRectangle@ElementProvider@DirectUI@@UEAAJPEAUUiaRect@@@Z
?GetRuntimeId@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z
?Navigate@ElementProvider@DirectUI@@UEAAJW4NavigateDirection@@PEAPEAUIRawElementProviderFragment@@@Z
?ShowContextMenu@ElementProvider@DirectUI@@UEAAJXZ
?get_HostRawElementProvider@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderSimple@@@Z
?GetPropertyValue@ElementProvider@DirectUI@@UEAAJHPEAUtagVARIANT@@@Z
?get_ProviderOptions@ElementProvider@DirectUI@@UEAAJPEAW4ProviderOptions@@@Z
?AddRef@ElementProvider@DirectUI@@UEAAKXZ
?QueryInterface@ElementProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?TossElement@ElementProvider@DirectUI@@UEAAXXZ
?GetElement@ElementProvider@DirectUI@@UEAAPEDVElement@2@XZ
??0ElementProvider@DirectUI@@QEAA@XZ
?CreatePatternProvider@Schema@DirectUI@@SAJW4Pattern@12@PEAVElementProvider@2@PEAPEAUIUnknown@@@Z
?IsPatternSupported@ElementProxy@DirectUI@@IEAAJW4Pattern@Schema@2@PEA_N@Z
?Init@ElementProxy@DirectUI@@MEAAXPEAVElement@2@@Z
?DoMethod@ElementProxy@DirectUI@@UEAAJHPEAD@Z
?GetProperty@ElementProxy@DirectUI@@IEAAJPEAUtagVARIANT@@H@Z
??1ElementProvider@DirectUI@@UEAA@XZ
?Release@ElementProvider@DirectUI@@UEAAKXZ
?Init@ElementProvider@DirectUI@@MEAAJPEAVElement@2@PEAVInvokeHelper@2@@Z
??1AutoLock@DirectUI@@QEAA@XZ
??0AutoLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?DoInvoke@ElementProvider@DirectUI@@IEAAJHZZ
?PatternFromPatternId@Schema@DirectUI@@SA?AW4Pattern@12@H@Z
?GetForegroundColorRef@RichText@DirectUI@@UEAAJPEAK@Z
?GetClassInfoW@RichText@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?OnHosted@RichText@DirectUI@@UEAAXPEAVElement@2@@Z
?Paint@RichText@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@RichText@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnPropertyChanged@RichText@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
??1RichText@DirectUI@@UEAA@XZ
??0RichText@DirectUI@@QEAA@XZ
?Initialize@RichText@DirectUI@@QEAAJPEAVElement@2@PEAK@Z
?SetDWriteFontCollection@RichText@DirectUI@@QEAAXPEAUIDWriteFontCollection@@@Z
?SetBackgroundColor@Element@DirectUI@@QEAAJK@Z
?SetLineSpacing@RichText@DirectUI@@QEAAJH@Z
?SetConstrainLayout@RichText@DirectUI@@QEAAJH@Z
?SetBaseline@RichText@DirectUI@@QEAAJH@Z
?GetContentAlign@Element@DirectUI@@QEAAHXZ
?SetContentAlign@Element@DirectUI@@QEAAJH@Z
?SetOverhang@Element@DirectUI@@QEAAJ_N@Z
?GetRawValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?GetElementScaledInt@Value@DirectUI@@QEAAHPEAVElement@2@@Z
?LineSpacingProp@RichText@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetContentSize@RichText@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEBGGGPEAUHINSTANCE__@@_N2@Z
?HeightProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?WidthProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetWidth@Element@DirectUI@@QEAAHXZ
?DestroyAll@Element@DirectUI@@QEAAJ_N@Z
??1AccessibleButton@DirectUI@@UEAA@XZ
?OnReceivedDialogFocus@Button@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnLostDialogFocus@Button@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?DefaultAction@Button@DirectUI@@UEAAJXZ
?OnPropertyChanged@AccessibleButton@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
??0AccessibleButton@DirectUI@@QEAA@XZ
?GetClassInfoPtr@AccessibleButton@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@AccessibleButton@DirectUI@@QEAAJPEAVElement@2@PEAK@Z
?Register@AccessibleButton@DirectUI@@SAJXZ
?Create@BorderLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?Create@ModernProgressRing@DirectUI@@SAJPEAVElement@2@PEAKPEAPEAV32@@Z
?IDProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?CreateAtom@Value@DirectUI@@SAPEAV12@G@Z
?Create@FlowLayout@DirectUI@@SAJ_NIIIPEAPEAVLayout@2@@Z
?ClassProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetTreatRightMouseButtonAsLeft@TouchButton@DirectUI@@QEAAJ_N@Z
?SetHandleEnter@TouchButton@DirectUI@@QEAAJ_N@Z
?Create@TouchButton@DirectUI@@SAJIPEAVElement@2@PEAKPEAPEAV32@@Z
?GetHeight@Element@DirectUI@@QEAAHXZ
?PressedProp@TouchButton@DirectUI@@SAPEBUPropertyInfo@2@XZ
?Click@TouchButton@DirectUI@@SA?AVUID@@XZ
?Context@Button@DirectUI@@SA?AVUID@@XZ
?GetBoolFalse@Value@DirectUI@@SAPEAV12@XZ
GetScaleFactor
?GetBorderThickness@Element@DirectUI@@QEAAPEBUtagRECT@@PEAPEAVValue@2@@Z
?OnInput@Button@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetPressed@Button@DirectUI@@QEAA_NXZ
?GetCaptured@Button@DirectUI@@QEAA_NXZ
?SetCaptured@Button@DirectUI@@QEAAJ_N@Z
?CreateBool@Value@DirectUI@@SAPEAV12@_N@Z
?PressedProp@Button@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetPressed@Button@DirectUI@@QEAAJ_N@Z
?GetClassInfoPtr@ModernProgressRing@DirectUI@@SAPEAUIClassInfo@2@XZ
?Create@ElementProvider@DirectUI@@SAJPEAVElement@2@PEAVInvokeHelper@2@PEAPEAV12@@Z
?Create@HWNDElementProvider@DirectUI@@SAJPEAVHWNDElement@2@PEAVInvokeHelper@2@PEAPEAV12@@Z
?Find@ElementProviderManager@DirectUI@@SAPEAVElementProvider@2@PEAVElement@2@@Z
?GetInvokeHelper@InvokeManager@DirectUI@@SAJPEAPEAVInvokeHelper@2@@Z
?SetY@Element@DirectUI@@QEAAJH@Z
?Create@VerticalFlowLayout@DirectUI@@SAJ_NIIIPEAPEAVLayout@2@@Z
?LayoutPosProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetAccRole@Element@DirectUI@@QEAAJH@Z
?GetAccName@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetPasswordCharacter@TouchEditBase@DirectUI@@QEAAJH@Z
?SetMaxLength@TouchEditBase@DirectUI@@QEAAJH@Z
?Create@TouchEdit2@DirectUI@@SAJPEAVElement@2@PEAKPEAPEAV32@@Z
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?SetInputScope@TouchEdit2@DirectUI@@QEAAJW4__MIDL___MIDL_itf_inputscope_0000_0000_0001@@@Z
?Enter@TouchEditBase@DirectUI@@SA?AVUID@@XZ
?Paste@TouchEditBase@DirectUI@@SA?AVUID@@XZ
?SetCaretPosition@TouchEdit2@DirectUI@@QEAAJJ@Z
?GetSelection@TouchEdit2@DirectUI@@QEAAJPEAJ0@Z
?GetEncodedContentString@Element@DirectUI@@QEAAJPEAG_K@Z
?KeyWithinProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetIntZero@Value@DirectUI@@SAPEAV12@XZ
?CreateInt@Value@DirectUI@@SAPEAV12@HW4DynamicScaleValue@@@Z
?SetAccDesc@Element@DirectUI@@QEAAJPEBG@Z
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
UnicodeToMultiByte
?Register@Element@DirectUI@@SAJXZ
?CreateInstance@CSafeElementProxy@@SAJPEAVElement@DirectUI@@PEAPEAV1@@Z
?GetFactory@RichText@DirectUI@@QEAAPEAUIDWriteFactory@@XZ
?Create@RichText@DirectUI@@SAJPEAVElement@2@PEAKPEAPEAV32@@Z
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?RemoveAll@Element@DirectUI@@QEAAJXZ
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?IsRoot@Element@DirectUI@@QEAAHXZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetID@Element@DirectUI@@QEAAJPEBG@Z
?BackgroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetBackgroundStdColor@Element@DirectUI@@QEAAJH@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
?GetClass@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoW@Element@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?Detach@CSafeElementProxy@@QEAAXXZ
?GetRoot@Element@DirectUI@@QEAAPEAV12@XZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetClassInfoPtr@TouchHWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
??0Element@DirectUI@@QEAA@XZ
??1Element@DirectUI@@UEAA@XZ
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?BroadcastEvent@Element@DirectUI@@QEAAXPEAUEvent@2@@Z
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
?RemoveListener@Element@DirectUI@@QEAAXPEAUIElementListener@2@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?_PostEvent@Element@DirectUI@@AEAAXPEAUEvent@2@H@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?SyncDestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
UnInitThread
UnInitProcessPriv
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
??0NativeHWNDHost@DirectUI@@QEAA@XZ
?Initialize@NativeHWNDHost@DirectUI@@QEAAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@I@Z
??1NativeHWNDHost@DirectUI@@UEAA@XZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?CreateStyleParser@HWNDElement@DirectUI@@UEAAJPEAPEAVDUIXmlParser@2@@Z
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?GetClassInfoPtr@TouchButton@DirectUI@@SAPEAUIClassInfo@2@XZ
StrToID
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Create@Element@DirectUI@@SAJIPEAV12@PEAKPEAPEAV12@@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?_OnUIStateChanged@TouchHWNDElement@DirectUI@@MEAAXGG@Z
??1TouchHWNDElement@DirectUI@@UEAA@XZ
??0TouchHWNDElement@DirectUI@@QEAA@XZ
?DismissIHMAsync@TouchHWNDElement@DirectUI@@QEAAJXZ
?OnDestroy@TouchHWNDElement@DirectUI@@UEAAXXZ
?IsMSAAEnabled@TouchHWNDElement@DirectUI@@UEAA_NXZ
?WndProc@TouchHWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?OnPropertyChanged@TouchHWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnKeyFocusMoved@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@0@Z
?OnEvent@TouchHWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnInput@TouchHWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?MessageCallback@TouchHWNDElement@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?Initialize@TouchHWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?SetFlags@TouchHWNDElement@DirectUI@@QEAAJW4TouchHWNDElementFlags@2@0@Z
?GetClassInfoW@TouchHWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?RemoveTooltip@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?CreateHostWindow@NativeHWNDHost@DirectUI@@UEAAPEAUHWND__@@KPEBG0KHHHHPEAU3@PEAUHMENU__@@PEAUHINSTANCE__@@PEAX@Z
?UpdateTooltip@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?SetFont@Element@DirectUI@@QEAAJPEBG@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetHeight@Element@DirectUI@@QEAAJH@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?GetFontQuality@Element@DirectUI@@QEAAHXZ
?GetFontWeight@Element@DirectUI@@QEAAHXZ
?GetFontSize@Element@DirectUI@@QEAAHXZ
?GetFontFace@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?Release@Value@DirectUI@@QEAAXXZ
InitProcessPriv
InitThread

duser

DeleteHandle
MapGadgetPoints
CreateAction
GetGadgetRect
InvalidateGadget
DUserSendEvent
InitGadgets
DUserPostEvent
DrawGadgetTree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/bopomofo.uce
Setuр/x64/bridgeres.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setuр/x64/bridgeunattend.exe
.exe windows:10 windows x64 arch:x64

43414f81fc52caf520b560a4956a39cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

CreateEventW
GetLastError
CloseHandle
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

msvcrt

_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_callnewh
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
memmove_s
wcschr
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
__CxxFrameHandler3
_CxxThrowException
_exit
memset

ole32

CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitialize
CoTaskMemFree
CoSetProxyBlanket

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/browcli.dll
.dll windows:10 windows x64 arch:x64

26705ea03e96f283df5cdb2ca559c103

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UEAA@XZ
_wcsnicmp
wcscat_s
isdigit
strcpy_s
__RTDynamicCast
memcpy
_itow_s
wcsncpy_s
qsort
strchr
wcscpy_s
_initterm
malloc
free
_amsg_exit
_XcptFilter
??3@YAXPEAX@Z
_wcsicmp
__C_specific_handler
memset

rpcrt4

RpcStringFreeW
NdrClientCall3
RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingFree

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObjectEx

api-ms-win-core-handle-l1-1-0

CloseHandle

ntdll

RtlInitializeResource
RtlNtStatusToDosError
RtlInitAnsiString
RtlOemStringToUnicodeString
RtlUnicodeToOemN
RtlxUnicodeStringToOemSize
NtOpenThreadToken
NtImpersonateAnonymousToken
NtCreateFile
NtFsControlFile
NtSetInformationThread
RtlAcquireResourceExclusive
RtlGetLastNtStatus
RtlReleaseResource
RtlDeleteResource
NtOpenFile
NtDeviceIoControlFile
RtlCopyUnicodeString
NtClose
RtlInitUnicodeString

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

Exports

Exports

I_BrowserDebugCall
I_BrowserDebugTrace
I_BrowserQueryEmulatedDomains
I_BrowserQueryOtherDomains
I_BrowserQueryStatistics
I_BrowserResetNetlogonState
I_BrowserResetStatistics
I_BrowserServerEnum
I_BrowserSetNetlogonState
NetBrowserStatisticsGet
NetServerEnum
NetServerEnumEx

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/browser_broker.exe
.exe windows:10 windows x64 arch:x64

0f55a2f5c27203431ab9fd8c11d1fe1e

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:39:5d:38:87:6e:2b:17:05:70:b3:3b:4b:79:20:9c:28:02:c4:00:be:50:32:78:04:61:87:f2:1a:30:19:7b
Signer

Actual PE Digest

db:39:5d:38:87:6e:2b:17:05:70:b3:3b:4b:79:20:9c:28:02:c4:00:be:50:32:78:04:61:87:f2:1a:30:19:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsnicmp
_o_exit
_o_terminate
_o_wcstok_s
_o_wcstol
__C_specific_handler
_o___stdio_common_vswprintf
_o___p__commode

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateEventW
ReleaseMutex
CreateMutexExW
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObjectEx
WaitForSingleObject
SetEvent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetErrorMode
SetLastError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
CreateThread
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

rpcrt4

UuidFromStringW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteEx
EventUnregister

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects

api-ms-win-rtcore-ntuser-window-l1-1-0

TranslateMessage
DispatchMessageW
PeekMessageW

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/browserbroker.dll
.dll windows:10 windows x64 arch:x64

3c35e35b005b5087b2aad98358f4dc78

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:5c:4e:ce:43:94:a5:2e:d0:df:5d:1b:21:d2:94:87:83:f9:74:1a:06:cc:09:4c:f5:cd:a1:39:a8:8f:88:dd
Signer

Actual PE Digest

fa:5c:4e:ce:43:94:a5:2e:d0:df:5d:1b:21:d2:94:87:83:f9:74:1a:06:cc:09:4c:f5:cd:a1:39:a8:8f:88:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcspbrk
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o_free
_o_malloc
_o_memcpy_s
_o_toupper
_o_wcscat_s
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
wcsrchr
wcsstr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

iertutil

ord650
ord655
ord651
ord870
ord594
ord597
ord685
ord134
ord67
ord61
ord76
ord70
ord74
ord64
ord81
ord78
ord88
ord73
ord86
ord85
ord87
ord91
ord79
ord793
ord794
ord140
ord301
ord791
CreateUri
ord654
ord795
ord792
ord144
ord797
ord302
ord796
ord398

api-ms-win-core-shlwapi-legacy-l1-1-0

PathStripToRootW
PathStripPathW
PathIsRootW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
PathIsPrefixW
PathRemoveBackslashW
PathRelativePathToW
PathIsRelativeW

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrDupW
StrStrW
StrTrimW
StrCmpICW
StrCmpNICW
StrToInt64ExW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
CopyFileW

api-ms-win-downlevel-shlwapi-l2-1-0

SHCreateStreamOnFileEx
SHStrDupW
SHAnsiToUnicode
SHRegGetValueW
IStream_Size
IStream_WriteStr
IStream_Reset
SHOpenRegStream2W
IStream_Read
IStream_Write
SHCreateStreamOnFileW

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects

api-ms-win-rtcore-ntuser-window-l1-1-0

AllowSetForegroundWindow
PostMessageW
SendMessageTimeoutW
FindWindowExW
SetForegroundWindow
GetParent
PeekMessageW
TranslateMessage
GetWindowThreadProcessId
DispatchMessageW
DestroyWindow
DefWindowProcW

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlQueryPackageClaims

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-com-l1-1-0

CoImpersonateClient
CLSIDFromString
CoWaitForMultipleHandles
CoTaskMemAlloc
CoInitializeEx
CoRegisterClassObject
CoCreateFreeThreadedMarshaler
CoRevokeClassObject
CoCreateInstance
StringFromGUID2
CoRevertToSelf
CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ResetEvent
CreateEventExW
InitializeSRWLock
SetEvent
ReleaseSRWLockShared
CreateSemaphoreExW
LeaveCriticalSection
ReleaseMutex
CreateMutexExW
ReleaseSemaphore
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
CreateEventW
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
WaitForSingleObject

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
ResumeThread
GetCurrentThreadId
TerminateProcess
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
GetExitCodeProcess
TlsGetValue
TlsSetValue
TlsAlloc
CreateThread
TlsFree
GetCurrentProcess
OpenProcessToken

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapSize

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
LoadLibraryExW
GetModuleFileNameA
FreeLibrary
GetModuleHandleW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation
EventProviderEnabled
EventWriteEx

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteTreeW
RegCreateKeyExW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-file-l1-1-0

GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
GetLongPathNameW
GetFinalPathNameByHandleW
FindClose
FindNextFileW
FindFirstFileW
CreateDirectoryW
ReadFile
CreateFileW
GetFullPathNameW
GetFileTime
WriteFile
RemoveDirectoryW
GetTempFileNameW
SetFileAttributesW
DeleteFileW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-path-l1-1-0

PathCchCanonicalize
PathCchCombineEx
PathCchCanonicalizeEx
PathCchCombine
PathCchStripPrefix
PathCchFindExtension
PathCchRemoveExtension
PathCchRenameExtension
PathCchAddBackslash
PathCchAppend
PathCchRemoveBackslash
PathCchRemoveFileSpec

api-ms-win-core-file-l1-2-0

GetTempPathW
CreateFile2

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
AllocateAndInitializeSid
GetSidSubAuthority
AddAce
GetSidSubAuthorityCount
FreeSid
InitializeSecurityDescriptor
GetKernelObjectSecurity
InitializeAcl
GetSidIdentifierAuthority
EqualSid
GetLengthSid
AddAccessAllowedAceEx
GetAce
GetSecurityDescriptorSacl
CopySid
SetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorDacl
AddMandatoryAce
GetTokenInformation
SetKernelObjectSecurity

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetTickCount64
GetTickCount
GetSystemTime
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-file-l2-1-0

MoveFileExW
CopyFile2
ReOpenFile

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-security-isolatedcontainer-l1-1-0

IsProcessInIsolatedContainer

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceInitialize

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

rpcrt4

RpcStringFreeW
RpcServerInqBindingHandle
I_RpcBindingInqLocalClientPID
UuidToStringW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileIntW
GetPrivateProfileStringW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-url-l1-1-0

UrlCombineW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-shcore-stream-l1-1-0

IStream_ReadStr

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

COMServerDllMain

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/browserexport.exe
.exe windows:10 windows x64 arch:x64

40aaf38944f0933c0eb6654302549f58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?widen@?$ctype@G@std@@QEBAGD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exception@std@@YA_NXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??0_Lockit@std@@QEAA@H@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??1_Lockit@std@@QEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

memcpy
_CxxThrowException
__C_specific_handler
__CxxFrameHandler4
__std_terminate
_o___p___argc
_o___p___wargv
_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__fseeki64
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__unlock_file
_o__wcsicmp
_o__wcsnicmp
_o_calloc
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_malloc
_o_memcpy_s
_o_setvbuf
_o_terminate
_o_ungetc
_o_ungetwc

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

IIDFromString
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoTaskMemFree

api-ms-win-core-file-l1-1-0

ReadFile
FindFirstFileW
DeleteFileW
SetFileAttributesW
FindClose
GetFileSize

api-ms-win-core-file-l1-2-0

GetTempPathW
CreateFile2

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
CreateProcessAsUserW
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

crypt32

CryptUnprotectData

api-ms-win-security-base-l1-1-0

GetSidLengthRequired
GetTokenInformation
InitializeSid
GetSidSubAuthority
SetTokenInformation
DuplicateTokenEx

api-ms-win-core-synch-l1-1-0

ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
WaitForSingleObjectEx
OpenSemaphoreW
WaitForSingleObject

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteEx
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

wininet

InternetGetCookieEx2
InternetFreeCookies

winsqlite3

sqlite3_prepare_v2
sqlite3_column_blob
sqlite3_step
sqlite3_finalize
sqlite3_column_int64
sqlite3_column_text16
sqlite3_open16
sqlite3_close
sqlite3_column_bytes

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

iertutil

ord597
ord398
ord793
ord791
ord796
ord820
ord683
ord650
ord653
ord594

msiso

ord207

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/browseui.dll
.dll windows:10 windows x64 arch:x64

d21f89594675bbd0f8f499eaaaa143fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
memcpy
_wcsicmp
memcmp
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

DllGetVersion

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/windowsdefenderapplicationguardcsp.dll
.dll windows:10 windows x64 arch:x64

6a5f4fb5c881c1018d517a8c9c70813e

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:ac:17:d5:05:16:d3:f1:de:0a:03:b3:b2:c1:3e:1e:3c:3d:6e:7e:3a:ea:6b:a4:ab:b8:09:14:39:3e:3c:e1
Signer

Actual PE Digest

74:ac:17:d5:05:16:d3:f1:de:0a:03:b3:b2:c1:3e:1e:3c:3d:6e:7e:3a:ea:6b:a4:ab:b8:09:14:39:3e:3c:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_memcpy_s
_o_toupper
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
CreateProcessW
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayCreate
SafeArrayDestroy
VariantInit
VariantClear
SysFreeString
SysAllocString
SafeArrayUnlock

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateGuid
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventProviderEnabled
EventSetInformation
EventUnregister

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseMutex
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockExclusive
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObjectEx
CreateMutexExW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceExW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetTickCount

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

policymanager

EnterprisePolicyManagerStore_PublishAnyDelayedWnfs
EnterprisePolicyManagerStore_GetProviderContextSidAreaPolicyValue
EnterprisePolicyManagerStore_EvaluatePoliciesUpdateCurrent
EnterprisePolicyManagerStore_SetProviderContextSidAreaPolicyValue
EnterprisePolicyManagerStore_DeleteProviderContextSidAreaPolicy

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

slc

SLGetWindowsInformationDWORD

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/windowslivelogin.dll
.dll regsvr32 windows:10 windows x64 arch:x64

2c3f70bd78ede9ccd3e679ab785c4d91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_vsnwprintf
wcsncpy_s
malloc
memmove_s
_vsnprintf_s
??0exception@@QEAA@XZ
memcpy_s
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
free
_purecall
_unlock
__CxxFrameHandler3
_wcsicmp
_lock
?terminate@@YAXXZ
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
??1exception@@UEAA@XZ
_CxxThrowException
__C_specific_handler
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
wcscspn
wcsspn
wcsstr
_wcslwr_s
_localtime64_s
wcsftime
_time64
_vscwprintf
vswprintf_s
_set_errno
wcstol
toupper
calloc
strrchr
iswspace
wcsrchr
??0exception@@QEAA@AEBV0@@Z
memcmp
wcscmp

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
LoadResource
FindResourceExW
LockResource
GetProcAddress
SizeofResource

api-ms-win-core-synch-l1-1-0

CreateEventW
ResetEvent
DeleteCriticalSection
CreateEventExW
WaitForMultipleObjectsEx
ReleaseMutex
AcquireSRWLockShared
WaitForSingleObjectEx
WaitForSingleObject
SetEvent
InitializeCriticalSection
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
InitializeCriticalSectionEx
CreateSemaphoreExW
LeaveCriticalSection
CreateMutexExW
ReleaseSemaphore
AcquireSRWLockExclusive
EnterCriticalSection

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoUninitialize
CoGetCallerTID
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteKeyExW
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
RegEnumValueW
RegOpenCurrentUser
RegSetKeySecurity
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLocaleName
GetThreadPreferredUILanguages

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenThreadToken
GetProcessIdOfThread
OpenProcessToken
TerminateProcess
GetCurrentThread
GetCurrentProcessId
OpenThread
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapDestroy
HeapFree
HeapAlloc
HeapSize

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
SleepConditionVariableSRW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

rpcrt4

MesDecodeBufferHandleCreate
RpcAsyncCompleteCall
MesHandleFree
Ndr64AsyncClientCall
RpcSsDestroyClientContext
RpcAsyncCancelCall
MesBufferHandleReset
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
NdrMesTypeAlignSize3
NdrMesTypeEncode3
RpcBindingFree
I_RpcBindingInqLocalClientPID
RpcBindingSetAuthInfoExW
MesEncodeFixedBufferHandleCreate
RpcStringFreeW
UuidCreate
RpcStringBindingComposeW

crypt32

CryptUnprotectMemory
CryptStringToBinaryW
CryptProtectMemory
CryptUnprotectData
CryptProtectData

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid
IsValidSid
RevertToSelf
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
ImpersonateLoggedOnUser

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-url-l1-1-0

UrlGetPartW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/windowsperformancerecordercontrol.dll
.dll regsvr32 windows:10 windows x64 arch:x64

08c094415b4948c70ce40b675628b35e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
wcsnlen
wcscmp
wcspbrk
wcsspn
wcscspn
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__gmtime64
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__memicmp
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__ultow_s
memmove
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wcstoui64
_o__wfullpath
_o__wtof
_o__wtoi
_o_calloc
_o_ceil
_o_free
_o_iswdigit
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_towlower
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstol
_o_wcstoul
_o_wmemcpy_s
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsrchr
wcschr
__C_specific_handler
__CxxFrameHandler3
memchr
memcmp
memcpy
strrchr
wcsstr

api-ms-win-core-libraryloader-l1-1-0

FindResourceExW
LoadResource
GetModuleFileNameA
DisableThreadLibraryCalls
LockResource
GetProcAddress
SizeofResource
GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
ReleaseSRWLockShared
CreateMutexExW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
AcquireSRWLockShared
CreateEventW
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObject
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
SetEvent
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapDestroy
HeapAlloc
HeapFree
HeapSize
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

oleaut32

SysAllocStringByteLen
LoadRegTypeLi
SysStringLen
VarBstrCmp
SysAllocString
SysStringByteLen
SysAllocStringLen
LoadTypeLi
SysFreeString

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
TerminateProcess
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
CreateProcessW
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateGuid
StringFromIID
CoUninitialize
IIDFromString
CoInitializeEx
CoCreateInstance
StringFromGUID2

api-ms-win-core-file-l1-1-0

FindClose
FindFirstFileExW
CreateDirectoryW
SetFilePointer
FindNextFileW
DeleteFileW
QueryDosDeviceW
FindNextVolumeW
FindFirstVolumeW
CreateFileW
GetFileAttributesW
FindVolumeClose
WriteFile
FindFirstFileW
ReadFile
GetFileSize
GetTempFileNameW
GetFileTime
RemoveDirectoryW
SetFilePointerEx

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegQueryValueExW
RegEnumKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetTempPathW

api-ms-win-eventing-controller-l1-1-0

TraceSetInformation
QueryAllTracesW
EnumerateTraceGuidsEx
ControlTraceW
StartTraceW
TraceQueryInformation

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-eventing-consumer-l1-1-0

OpenTraceW
CloseTrace
ProcessTrace

api-ms-win-eventing-legacy-l1-1-0

EnableTraceEx

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetEnvironmentVariableW

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
TraceEvent

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-wow64-l1-1-0

Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GlobalMemoryStatusEx
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW

ntdll

RtlNtStatusToDosError
NtSetSystemInformation
NtSetIntervalProfile
NtQuerySystemInformation
RtlSetHeapInformation
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlGetDeviceFamilyInfoEnum
RtlImageDirectoryEntryToData
RtlImageRvaToVa
RtlInitUnicodeString
RtlGUIDFromString
RtlGetVersion
RtlAdjustPrivilege

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
LoadLibraryW
FindResourceW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathAppendW
PathRemoveBackslashW
PathAddExtensionW
PathAddBackslashW

api-ms-win-crt-utility-l1-1-0

ldiv

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-memory-l1-1-0

MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

bcrypt

BCryptHashData
BCryptFinishHash
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptGetProperty

rpcrt4

UuidFromStringW

xmllite

CreateXmlReader
CreateXmlReaderInputWithEncodingName

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
WPRCControlLogging
WPRCCreateInstance
WPRCCreateInstanceUnderInstanceName
WPRCDisableBuiltinProfiles
WPRCFormatError
WPRCQueryBuiltInProfiles
WPRCReleaseInstanceByName
WPRCRemoveLogging

Sections

.text
Size: 601KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/windowsudk.shellcommon.dll
.dll windows:10 windows x64 arch:x64

f0bd102815929bcc0a22b5f1d3c8216b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wtoi
memmove
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcstoul
__C_specific_handler
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__get_errno
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
__CxxFrameHandler3
strchr

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
CreateEventExW
InitializeCriticalSectionEx
EnterCriticalSection
ReleaseSRWLockExclusive
ResetEvent
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
DeleteCriticalSection
SetEvent
CreateEventW
InitializeCriticalSection
WaitForMultipleObjectsEx
InitializeSRWLock
CreateMutexExW
OpenSemaphoreW
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcess
GetCurrentThread
TerminateProcess
GetProcessId
GetExitCodeProcess
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

LocaleNameToLCID
FormatMessageW
ResolveLocaleName

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-com-l1-1-0

PropVariantClear
CoTaskMemRealloc
CoGetCallContext
CoGetCallerTID
CLSIDFromString
CoRevertToSelf
CoWaitForMultipleHandles
CoCreateInstance
CoIncrementMTAUsage
StringFromGUID2
CoEnableCallCancellation
CoDisableCallCancellation
CoCreateGuid
CoCancelCall
CoDisconnectContext
CoGetObjectContext
CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories
RoUninitialize
RoInitialize
RoActivateInstance
RoGetActivationFactory

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetVersionExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList

bcp47langs

LcidFromBcp47
Bcp47GetNlsForm

coreuicomponents

CoreUIFactoryCreate

dictationmanager

CreateDictationManager

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CloseThreadpoolWait
CloseThreadpoolTimer
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
DuplicateToken
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
CheckTokenMembership

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegSetValueExW
RegOpenCurrentUser
RegGetValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-shcore-registry-l1-1-0

SHGetValueW

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

userenv

GetProfileType

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-appmodel-runtime-internal-l1-1-7

AddDependencyToProcessPackageGraph

ntdll

NtQueryInformationToken
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
NtQueryInformationProcess
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteStringBuffer
WindowsCreateString
WindowsDuplicateString
WindowsDeleteString
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsGetStringLen

oleaut32

SysAllocString
SysStringLen
SysFreeString

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoFailFastWithErrorContext
RoTransformError
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-shlwapi-legacy-l1-1-0

PathParseIconLocationW

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

coremessaging

MsgRelease
CoreUICreate
MsgStringCreateShared

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-rtcore-ntuser-window-l1-1-0

SendMessageW
SendNotifyMessageW
EnumWindows
GetWindowThreadProcessId

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-shell-namespace-l1-1-0

SHCreateItemFromIDList
SHCreateItemFromParsingName

combase

ord66
ord140
ord147
ord168
ord69

shcore

ord127
ord190

twinapi.appcore

ord7
ord2
ord3

msvcp_win

?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
_Wcscoll
_Wcsxfrm
??Bios_base@std@@QEBA_NXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?good@ios_base@std@@QEBA_NXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?uncaught_exception@std@@YA_NXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?width@ios_base@std@@QEBA_JXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?id@?$collate@_W@std@@2V0locale@2@A
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xbad_function_call@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
_Cnd_init_in_situ
_Mtx_init_in_situ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
??1facet@locale@std@@MEAA@XZ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0facet@locale@std@@IEAA@_K@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Cnd_wait
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Cnd_destroy_in_situ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
_Mtx_destroy_in_situ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1_Lockit@std@@QEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Cnd_broadcast
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1_Locinfo@std@@QEAA@XZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_XGetLastError@std@@YAXXZ
?flags@ios_base@std@@QEBAHXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winethc.dll
.dll regsvr32 windows:10 windows x64 arch:x64

3acaa8683a196ef04c6149c6b1d2b3ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

wcsncmp
_vscwprintf
vswprintf_s
_vsnwprintf
iswdigit
_wtoi
wcscpy_s
wcscat_s
_callnewh
__C_specific_handler
_XcptFilter
_amsg_exit
_initterm
_errno
realloc
_lock
_purecall
memcpy_s
free
malloc
wcsncpy_s
toupper
wcsnlen
_unlock
__dllonexit
_onexit
memset
memmove
memcpy
wcscmp

ntdll

RtlCaptureContext
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlVirtualUnwind
RtlLookupFunctionEntry

kernel32

GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetTickCount
Sleep
OutputDebugStringA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LocalAlloc
GetModuleFileNameA
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsW
GetSystemTimeAsFileTime
GlobalFree
GlobalAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
WaitForSingleObject
GetExitCodeProcess
CloseHandle
WaitForSingleObjectEx
CreateThread
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
UnhandledExceptionFilter

advapi32

OpenThreadToken
EventProviderEnabled
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
EventUnregister
EventRegister
SetThreadToken
GetLengthSid
GetTokenInformation
EventWriteTransfer
EventWrite
EventActivityIdControl
CreateProcessWithTokenW
DuplicateTokenEx
IsValidSid
RegDeleteValueW
RegCreateKeyExW
EventSetInformation

user32

UnregisterClassA
LoadStringW
CloseDesktop
SetThreadDesktop
CreateDesktopW
GetThreadDesktop
CharNextW

oleaut32

LoadTypeLi
VarUI4FromStr
UnRegisterTypeLi
SysStringLen
RegisterTypeLi
SysFreeString
SysAllocString

shlwapi

PathIsUNCW

ws2_32

ioctlsocket
FreeAddrInfoW
GetAddrInfoW
WSACleanup
__WSAFDIsSet
select
htons
WSAStartup
WSAGetLastError
socket
bind
closesocket
connect

wininet

InternetSetOptionW
InternetInitializeAutoProxyDll
InternetGetConnectedStateExW
InternetCrackUrlW

winhttp

WinHttpSendRequest
WinHttpReceiveResponse
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpDetectAutoProxyConfigUrl
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpSetOption
WinHttpQueryHeaders
WinHttpGetDefaultProxyConfiguration
WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpConnect

dnsapi

DnsGetProxyInformation
DnsFreeProxyName

nlaapi

NlaCloseQuery
NlaDeleteDataSet
NlaQueryNetData
NlaDeleteTypeSet
NlaOpenQuery
NlaAddToTypeSet
NlaCreateTypeSet
NlaQueryNetSignatures

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
StringFromGUID2
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ForceProxyDetectionOnNextRun
SetAutoDetectProxyFlagForUser

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winhttp.dll
.dll windows:10 windows x64 arch:x64

900f8c09b2cb3c88bf2a6a5fddf2ab39

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:8b:0b:2a:e1:69:b6:b8:42:34:e1:13:88:29:c6:67:ae:81:79:46:89:db:40:31:54:0e:c2:eb:e7:50:eb:52
Signer

Actual PE Digest

44:8b:0b:2a:e1:69:b6:b8:42:34:e1:13:88:29:c6:67:ae:81:79:46:89:db:40:31:54:0e:c2:eb:e7:50:eb:52

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-string-l1-1-0

wcsnlen
wcscmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__strtoui64
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
memmove
_o__wtoi
_o_iscntrl
_o_isdigit
_o_isspace
_o_iswdigit
_o_iswspace
_o_qsort
_o_rand
_o_tolower
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok
_o_wcstok_s
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
wcschr
wcsstr
wcsrchr
memcmp
memcpy

ntdll

RtlInitUnicodeString
RtlSubscribeWnfStateChangeNotification
RtlGetDeviceFamilyInfoEnum
NtQueryLicenseValue
RtlGetVersion
RtlIpv4AddressToStringExW
RtlPublishWnfStateData
RtlGUIDFromString
NtOpenFile
RtlDllShutdownInProgress
NtSetInformationObject
RtlVirtualUnwind
RtlIpv6AddressToStringExW
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlCaptureContext
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlConvertSidToUnicodeString
RtlMoveMemory
EtwTraceMessageVa
EtwUnregisterTraceGuids
RtlValidSid
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlLengthSid
RtlAllocateHeap
RtlIpv4AddressToStringW
RtlFreeUnicodeString
RtlFreeHeap
NtCreateFile
RtlCanonicalizeDomainName
RtlLookupFunctionEntry

api-ms-win-core-synch-l1-1-0

CreateMutexExW
CreateSemaphoreExW
OpenSemaphoreW
CreateEventA
TryAcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseMutex
CreateEventExA
ReleaseSemaphore
ReleaseSRWLockShared
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ResetEvent
WaitForMultipleObjectsEx
WaitForSingleObjectEx
SetEvent
InitializeSRWLock
CreateEventW

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalAlloc
LocalFree
GlobalFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapSize
HeapFree

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegSetValueExW
RegDeleteKeyExW
RegDeleteValueW
RegQueryInfoKeyA
RegGetValueW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegGetValueA

api-ms-win-security-credentials-l1-1-0

CredReadDomainCredentialsW
CredEnumerateW
CredWriteW
CredDeleteW
CredReadW
CredFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

CreateFileW
FindClose
WriteFile
GetFileSizeEx
ReadFile
LocalFileTimeToFileTime
DeleteFileW
SetFilePointer
RemoveDirectoryW
SetFileAttributesW
SetEndOfFile
FindNextFileW
FindFirstFileW
CompareFileTime
CreateDirectoryW
GetFileAttributesW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceInitialize
Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

FormatMessageW
IdnToAscii

api-ms-win-core-processthreads-l1-1-0

DeleteProcThreadAttributeList
CreateProcessAsUserW
InitializeProcThreadAttributeList
SetThreadToken
GetCurrentThreadId
CreateThread
GetCurrentProcess
OpenProcessToken
GetCurrentThread
OpenThreadToken
UpdateProcThreadAttribute
TerminateProcess
GetCurrentProcessId
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
ResumeThread

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetModuleHandleExA
FreeLibrary
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CallbackMayRunLong
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
WaitForThreadpoolWaitCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolCleanupGroup
CreateThreadpoolWork

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWrite
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-wow64-l1-1-1

Wow64SetThreadDefaultGuestMachine

api-ms-win-security-base-l1-1-0

CheckTokenMembership
EqualSid
ImpersonateLoggedOnUser
GetSidSubAuthorityCount
GetTokenInformation
GetSidSubAuthority
IsValidSid
RevertToSelf
AddAccessAllowedAce
GetAce
SetTokenInformation
CreateRestrictedToken
DuplicateTokenEx
AccessCheck
InitializeAcl
AddMandatoryAce
CopySid
GetLengthSid

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetProcessMitigationPolicy

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW
StrStrA
StrCmpNICA
StrCmpNCA
StrStrIA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcmpiW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalReAlloc

api-ms-win-core-url-l1-1-0

UrlCanonicalizeW
UrlUnescapeA
UrlCombineW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualAlloc
UnmapViewOfFile
VirtualFree
OpenFileMappingW
CreateFileMappingW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

kernelbase

AppContainerUnregisterSid
SubscribeWdagEnabledStateChange
GetIsWdagEnabled
AppContainerRegisterSid
UnsubscribeEdpEnabledStateChange
SubscribeEdpEnabledStateChange
UnsubscribeWdagEnabledStateChange
GetIsEdpEnabled

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Private1
SvchostPushServiceGlobals
WinHttpAddRequestHeaders
WinHttpAddRequestHeadersEx
WinHttpAutoProxySvcMain
WinHttpCheckPlatform
WinHttpCloseHandle
WinHttpConnect
WinHttpConnectionDeletePolicyEntries
WinHttpConnectionDeleteProxyInfo
WinHttpConnectionFreeNameList
WinHttpConnectionFreeProxyInfo
WinHttpConnectionFreeProxyList
WinHttpConnectionGetNameList
WinHttpConnectionGetProxyInfo
WinHttpConnectionGetProxyList
WinHttpConnectionSetPolicyEntries
WinHttpConnectionSetProxyInfo
WinHttpConnectionUpdateIfIndexTable
WinHttpCrackUrl
WinHttpCreateProxyResolver
WinHttpCreateUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpFreeProxyResult
WinHttpFreeProxyResultEx
WinHttpFreeProxySettings
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetProxyForUrlEx
WinHttpGetProxyForUrlEx2
WinHttpGetProxyForUrlHvsi
WinHttpGetProxyResult
WinHttpGetProxyResultEx
WinHttpGetProxySettingsVersion
WinHttpGetTunnelSocket
WinHttpOpen
WinHttpOpenRequest
WinHttpPacJsWorkerMain
WinHttpProbeConnectivity
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpReadData
WinHttpReadProxySettings
WinHttpReadProxySettingsHvsi
WinHttpReceiveResponse
WinHttpResetAutoProxy
WinHttpSaveProxyCredentials
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetDefaultProxyConfiguration
WinHttpSetOption
WinHttpSetProxySettingsPerUser
WinHttpSetSecureLegacyServersAppCompat
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
WinHttpWebSocketClose
WinHttpWebSocketCompleteUpgrade
WinHttpWebSocketQueryCloseStatus
WinHttpWebSocketReceive
WinHttpWebSocketSend
WinHttpWebSocketShutdown
WinHttpWriteData
WinHttpWriteProxySettings

Sections

.text
Size: 782KB - Virtual size: 782KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winhttpcom.dll
.dll windows:10 windows x64 arch:x64

5313b02dc7795ebe1aa20a507a2396b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__ltow
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__C_specific_handler
wcschr
_o___std_type_info_destroy_list
_o__cexit
_o__callnewh

ntdll

EtwGetTraceLoggerHandle
RtlLookupFunctionEntry
EtwRegisterTraceGuidsW
RtlVirtualUnwind
EtwTraceMessageVa
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
RtlCaptureContext
RtlNtStatusToDosError
EtwUnregisterTraceGuids

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventA
SetEvent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
SetThreadToken
GetCurrentThread

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-0

GetHGlobalFromStream
CreateStreamOnHGlobal
CoCreateInstance

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-security-base-l1-1-0

RevertToSelf

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrChrW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolWait
FreeLibraryWhenCallbackReturns

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/wininet.dll
.dll regsvr32 windows:10 windows x64 arch:x64

8f2adb9f59f915ba37a117c6317dab73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_amsg_exit
_XcptFilter
__C_specific_handler
_lock
wcstok_s
qsort
_itow
_strnicmp
_wtoi
tolower
_vscwprintf
_unlock
strchr
strcmp
wcscpy_s
wcschr
_wcsnicmp
_atoi64
wcsstr
_itoa_s
wcsrchr
bsearch
wcsncmp
memmove_s
memcpy_s
_strlwr
__dllonexit
_initterm
memset
memmove
memcpy
memcmp
memchr
iscntrl
ispunct
wcsncpy_s
isalnum
isspace
isalpha
isxdigit
isdigit
_onexit
__isascii
strncmp
_vsnwprintf
iswdigit
strcspn
strpbrk
_vsnprintf
?terminate@@YAXXZ
toupper
_wcslwr_s
__CxxFrameHandler3
_stricmp
_wcsicmp
_purecall
free
malloc
_itow_s
wcscmp

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
VirtualFree
VirtualAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64
GetTickCount
GetSystemDirectoryW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateEventW
EnterCriticalSection
SetEvent
ResetEvent
CreateEventA
CreateMutexExW
OpenSemaphoreW
LeaveCriticalSection
ReleaseMutex
InitializeCriticalSectionEx
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
WaitForMultipleObjectsEx
InitializeCriticalSection
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
TryAcquireSRWLockExclusive
CreateEventExA
DeleteCriticalSection
WaitForSingleObjectEx

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadStringA
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExW
GetModuleHandleExA
GetModuleFileNameA
FreeLibraryAndExitThread
FreeLibrary
LoadLibraryExA
GetProcAddress
GetModuleFileNameW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSize
HeapReAlloc
HeapDestroy

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
Sleep
WakeAllConditionVariable
InitOnceExecuteOnce
InitializeConditionVariable
SleepConditionVariableSRW

api-ms-win-core-file-l1-1-0

GetFileAttributesExW
RemoveDirectoryW
SetFileAttributesW
FindNextFileW
FindFirstFileW
CreateDirectoryW
SetEndOfFile
SetFilePointerEx
GetFileTime
GetShortPathNameW
SetFileInformationByHandle
GetFileSizeEx
GetDiskFreeSpaceExW
CompareFileTime
GetVolumeInformationW
GetVolumePathNameW
GetDriveTypeW
CreateFileA
DeleteFileW
FindFirstFileExW
WriteFile
SetFilePointer
CreateFileW
ReadFile
GetFileSize
GetFileAttributesW
FindClose
LocalFileTimeToFileTime
GetDiskFreeSpaceExA
GetLongPathNameW

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventRegister
EventWriteTransfer
EventUnregister
EventProviderEnabled
EventActivityIdControl
EventSetInformation

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessageVa

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenCurrentUser
RegQueryInfoKeyW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExA
RegSetValueExA
RegDeleteTreeA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegGetValueA
RegGetValueW
RegDeleteValueW
RegDeleteTreeW
RegSetValueExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalAlloc
GlobalFree

api-ms-win-core-localization-l1-2-0

IdnToAscii
FormatMessageW
IsDBCSLeadByteEx
GetLocaleInfoW
IdnToUnicode
IsValidCodePage
GetCPInfoExW
GetCPInfo
FormatMessageA
IsDBCSLeadByte

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenThreadToken
OpenProcessToken
CreateThread
ProcessIdToSessionId
TerminateProcess
GetCurrentProcess
SwitchToThread
TlsFree
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsAlloc
GetCurrentThread

api-ms-win-core-datetime-l1-1-0

GetDateFormatA
GetTimeFormatA

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
TrySubmitThreadpoolCallback
CallbackMayRunLong
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
CreateThreadpoolIo
CloseThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetSystemTimePreciseAsFileTime
GetNativeSystemInfo

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-io-l1-1-0

PostQueuedCompletionStatus
CreateIoCompletionPort
GetOverlappedResult
DeviceIoControl
GetQueuedCompletionStatus

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-security-appcontainer-l1-1-0

GetAppContainerNamedObjectPath

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-url-l1-1-0

UrlUnescapeA
PathCreateFromUrlW
UrlCanonicalizeW
UrlCombineW
UrlCanonicalizeA
UrlCombineA

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
MoveFileW
SetFileCompletionNotificationModes
WTSGetActiveConsoleSessionId

api-ms-win-core-registry-l2-1-0

RegEnumKeyW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAddBackslashA

api-ms-win-core-stringansi-l1-1-0

CharLowerA
CharUpperA
CharNextA

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIA
StrCmpNICW
StrStrIA
StrRChrW
StrToIntA
StrCmpNA
StrCmpNIW
StrChrW
StrCmpICA
StrStrIW
StrCmpNICA
StrChrNW
StrStrA
StrChrA
StrRChrA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcmpiA
lstrcmpW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock
GlobalReAlloc

ntdll

NtClose
NtCreateFile
RtlReportExceptionEx
NtSetInformationFile
RtlQueryPackageClaims
RtlFreeHeap
RtlAllocateHeap
NtQueryLicenseValue
RtlInitUnicodeString
RtlGetPersistedStateLocation
RtlGetLastNtStatus
RtlGetDeviceFamilyInfoEnum
RtlGetVersion
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlFreeSid
RtlGetAppContainerParent
RtlGetAppContainerSidType
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlIpv6AddressToStringExA
RtlIpv6AddressToStringA
RtlIpv4AddressToStringA
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExA
RtlIpv4StringToAddressExA
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
NtQueryVolumeInformationFile
NtQueryInformationToken
EtwGetTraceLoggerHandle
RtlNtStatusToDosError
NtQueryWnfStateData
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
NtSetInformationObject

kernelbase

GetIsEdpEnabled
SubscribeEdpEnabledStateChange
UnsubscribeEdpEnabledStateChange
GetIsWdagEnabled
SubscribeWdagEnabledStateChange
UnsubscribeWdagEnabledStateChange
GetPackageSecurityProperty
GetPackageSecurityContext

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AppCacheCheckManifest
AppCacheCloseHandle
AppCacheCreateAndCommitFile
AppCacheDeleteGroup
AppCacheDeleteIEGroup
AppCacheDuplicateHandle
AppCacheFinalize
AppCacheFreeDownloadList
AppCacheFreeGroupList
AppCacheFreeIESpace
AppCacheFreeSpace
AppCacheGetDownloadList
AppCacheGetFallbackUrl
AppCacheGetGroupList
AppCacheGetIEGroupList
AppCacheGetInfo
AppCacheGetManifestUrl
AppCacheLookup
CommitUrlCacheEntryA
CommitUrlCacheEntryBinaryBlob
CommitUrlCacheEntryW
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryExW
CreateUrlCacheEntryW
CreateUrlCacheGroup
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DeleteWpadCacheForNetworks
DetectAutoProxyUrl
DispatchAPICall
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetProxyDllInfo
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryBinaryBlob
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpCloseDependencyHandle
HttpDuplicateDependencyHandle
HttpEndRequestA
HttpEndRequestW
HttpGetServerCredentials
HttpGetTunnelSocket
HttpIndicatePageLoadComplete
HttpIsHostHstsEnabled
HttpOpenDependencyHandle
HttpOpenRequestA
HttpOpenRequestW
HttpPushClose
HttpPushEnable
HttpPushWait
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
HttpWebSocketClose
HttpWebSocketCompleteUpgrade
HttpWebSocketQueryCloseStatus
HttpWebSocketReceive
HttpWebSocketSend
HttpWebSocketShutdown
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetConvertUrlFromWireToWideChar
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetFreeCookies
InternetFreeProxyInfoList
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieEx2
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGetProxyForUrl
InternetGetSecurityInfoByURL
InternetGetSecurityInfoByURLA
InternetGetSecurityInfoByURLW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetSetCookieA
InternetSetCookieEx2
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetSecureLegacyServersAppCompat
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
ParseX509EncodedCertificateForListBoxEntry
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
ReadUrlCacheEntryStream
ReadUrlCacheEntryStreamEx
RegisterUrlCacheNotification
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath
UrlCacheCheckEntriesExist
UrlCacheCloseEntryHandle
UrlCacheContainerSetEntryMaximumAge
UrlCacheCreateContainer
UrlCacheFindFirstEntry
UrlCacheFindNextEntry
UrlCacheFreeEntryInfo
UrlCacheFreeGlobalSpace
UrlCacheGetContentPaths
UrlCacheGetEntryInfo
UrlCacheGetGlobalCacheSize
UrlCacheGetGlobalLimit
UrlCacheReadEntryStream
UrlCacheReloadSettings
UrlCacheRetrieveEntryFile
UrlCacheRetrieveEntryStream
UrlCacheServer
UrlCacheSetGlobalLimit
UrlCacheUpdateEntryExtraData
UrlZonesDetach
_GetFileExtensionFromUrl

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/wininetlui.dll
.dll windows:10 windows x64 arch:x64

21e7fc7acd53fc5b2900471ddf863396

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_vsnwprintf
malloc
__C_specific_handler
free
_amsg_exit
_XcptFilter
_initterm
memset

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessageVa

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-com-l1-1-0

CoCreateInstance

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

InternetErrorDlgEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/wininit.exe
.exe windows:10 windows x64 arch:x64

5dd14afab46b0c83ea7a6093d7355fa9

Code Sign

33:00:00:03:f5:63:96:7a:c8:12:4e:1d:25:00:00:00:00:03:f5
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/10/2022, 19:43

Not After

11/10/2023, 19:43

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:48:99:31:e0:4e:7e:47:04:d2:78:96:c0:19:47:c3:94:70:80:d9:33:d8:8e:81:d2:89:57:20:85:1c:36:fe
Signer

Actual PE Digest

0e:48:99:31:e0:4e:7e:47:04:d2:78:96:c0:19:47:c3:94:70:80:d9:33:d8:8e:81:d2:89:57:20:85:1c:36:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-string-l1-1-0

wcsnlen
wcscmp
memset
wcsncmp
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__ultow_s
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wcsupr
memmove
_o_exit
_o_free
_o_strcpy_s
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstoul
wcsstr
_o__get_narrow_winmain_command_line
_o__exit
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___p__commode
__C_specific_handler
wcschr
wcsrchr
memcmp
memcpy

ntdll

RtlSubscribeWnfStateChangeNotification
NtDeleteWnfStateName
NtCreateWnfStateName
NtOpenThreadToken
RtlCapabilityCheckForSingleSessionSku
RtlIsMultiSessionSku
RtlRemovePrivileges
NtOpenProcessToken
NtShutdownSystem
NtSetThreadExecutionState
CsrClientCallServer
RtlDeregisterWaitEx
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryInformationProcess
RtlInitializeCriticalSection
RtlDestroyEnvironment
RtlGetCurrentServiceSessionId
NtSetValueKey
NtCreateKey
RtlRegisterWait
NtClose
NtCreateUserProcess
RtlCreateProcessParametersEx
NtAllocateLocallyUniqueId
RtlDosPathNameToNtPathName_U_WithStatus
NtCreateEvent
NtQuerySystemEnvironmentValueEx
RtlInitUnicodeString
RtlAllocateHeap
RtlUnhandledExceptionFilter
RtlFreeHeap
RtlGetSystemBootStatus
RtlNtStatusToDosError
RtlAllocateAndInitializeSid
EtwEventEnabled
RtlCreateSecurityDescriptor
RtlCreateAcl
NtPrivilegeCheck
RtlSetDaclSecurityDescriptor
RtlLengthSid
NtAdjustPrivilegesToken
NtPrivilegeObjectAuditAlarm
EtwEventWrite
NtQuerySystemInformation
RtlLeaveCriticalSection
RtlGetActiveConsoleId
RtlEnterCriticalSection
NtSetInformationProcess
RtlSetThreadIsCritical
RtlSetProcessIsCritical
NtOpenEvent
EtwEventWriteStartScenario
EtwEventActivityIdControl
ZwQuerySystemInformation
RtlAppendUnicodeToString
RtlFreeUnicodeString
RtlGetCurrentDirectory_U
ZwSetSystemInformation
RtlUnlockBootStatusData
ZwClose
ZwDeviceIoControlFile
ZwCreateFile
ZwOpenFile
RtlAppendUnicodeStringToString
RtlWriteRegistryValue
ZwUnloadDriver
ZwLoadDriver
ZwCreateKey
ZwDeleteKey
ZwOpenKey
RtlPublishWnfStateData
EtwEventWriteTransfer
EtwEventSetInformation
EtwEventRegister
NtPowerInformation
RtlCompareUnicodeString
RtlInitUnicodeStringEx
RtlQueryEnvironmentVariable_U
RtlSetEnvironmentVariable
RtlFreeSid
EtwEventUnregister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
NtQueryInformationToken
EtwGetTraceEnableFlags
RtlCreateEnvironment
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlAdjustPrivilege
WinSqmIsOptedIn
WinSqmAddToStream
NtSystemDebugControl
RtlGUIDFromString
RtlStringFromGUID
ZwQueryAttributesFile
ZwWaitForSingleObject
ZwQueryKey
ZwReleaseMutant
ZwOpenMutant
ZwQuerySymbolicLinkObject
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
ZwLoadKey
RtlAddAccessAllowedAceEx
ZwDeleteValueKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetSecurityObject
ZwUnloadKey
ZwSetValueKey
LdrGetProcedureAddress
LdrGetDllHandle
ZwQueryInformationProcess
RtlInitAnsiString
ZwQueryInformationFile
ZwOpenProcess
ZwAllocateUuids
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
RtlImpersonateSelf
RtlCaptureContext
NtOpenSymbolicLinkObject
NtOpenKey
NtQuerySymbolicLinkObject
NtDeviceIoControlFile
NtOpenFile
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetEvent

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
OpenProcessToken
GetCurrentProcessId
GetCurrentThread
CreateProcessAsUserW
UpdateProcThreadAttribute
CreateRemoteThread
InitializeProcThreadAttributeList
GetExitCodeProcess
ResumeThread
SetThreadPriority
GetStartupInfoW
TerminateProcess
CreateThread
GetCurrentProcess
SetPriorityClass
GetCurrentThreadId
DeleteProcThreadAttributeList

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
GetProcessHeap
HeapFree
HeapCreate
HeapDestroy

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadLibraryExA
FindResourceExW
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
LoadResource
LockResource

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
ReleaseMutex
WaitForMultipleObjectsEx
AcquireSRWLockExclusive
ReleaseSemaphore
DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CreateSemaphoreExW
InitializeCriticalSection
WaitForSingleObject
OpenSemaphoreW
CreateEventW
SetEvent
ResetEvent
CreateMutexExW
LeaveCriticalSection
SleepEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegSetValueExW
RegDeleteTreeW
RegCloseKey
RegCreateKeyExW
RegGetValueW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetWindowsDirectoryW
GetComputerNameExW
GetLocalTime
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

ReadFile
CreateDirectoryW
CreateFileW
GetDriveTypeW
DeleteFileW
FindNextVolumeW
FindClose
GetFileAttributesW
GetShortPathNameW
FindFirstFileW
FindFirstVolumeW
FindVolumeClose

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-security-base-l1-1-0

CheckTokenMembership
ImpersonateLoggedOnUser
RevertToSelf
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetTokenInformation
EqualSid
GetSecurityDescriptorGroup
SetTokenInformation
SetFileSecurityW
SetKernelObjectSecurity
GetSecurityDescriptorSacl
DuplicateTokenEx
GetSecurityDescriptorDacl
CreateWellKnownSid

rpcrt4

RpcServerRegisterAuthInfoW
RpcServerUseProtseqW
UuidFromStringW
RpcBindingVectorFree
RpcEpRegisterW
RpcServerInqBindings
RpcServerInqDefaultPrincNameW
RpcServerUnregisterIf
I_RpcExceptionFilter
NdrClientCall3
RpcServerRegisterIf3
RpcBindingSetAuthInfoExW
RpcExceptionFilter
NdrServerCallAll
Ndr64AsyncServerCallAll
NdrAsyncServerCall
RpcServerTestCancel
NdrServerCall2
I_RpcBindingIsClientLocal
RpcAsyncAbortCall
RpcBindingFromStringBindingW
RpcImpersonateClient
RpcStringBindingComposeW
RpcRevertToSelf
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerListen
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcEpUnregister
Ndr64AsyncClientCall
RpcBindingUnbind
RpcBindingServerFromClient
RpcServerInqCallAttributesW
RpcAsyncCancelCall
RpcBindingFree
RpcBindingCopy
RpcAsyncCompleteCall
RpcStringFreeW
RpcBindingBind
RpcAsyncInitializeHandle
RpcBindingCreateW
RpcMgmtIsServerListening

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
ControlTraceW
EnableTraceEx2

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

profapi

ord102
ord101
ord104

kernelbase

WTSGetServiceSessionId

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventProviderEnabled
EventUnregister

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/wininitext.dll
.dll windows:10 windows x64 arch:x64

fe0759c21b6c6aed369fe31c269210a3

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:b1:83:20:fd:a0:33:3b:33:2e:45:a5:fa:b9:56:04:76:28:8b:42:b1:65:68:69:de:73:0f:c6:25:86:5d:a0
Signer

Actual PE Digest

41:b1:83:20:fd:a0:33:3b:33:2e:45:a5:fa:b9:56:04:76:28:8b:42:b1:65:68:69:de:73:0f:c6:25:86:5d:a0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_XcptFilter
toupper
memmove
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_vsnwprintf
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
InitializeProcThreadAttributeList
TerminateProcess
CreateThread
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentThreadId
ResumeThread
GetCurrentProcess
CreateProcessW
CreateProcessAsUserW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSRWLockExclusive
OpenEventW
AcquireSRWLockExclusive
CreateEventW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

SetTokenInformation
GetTokenInformation
GetSecurityDescriptorDacl
FreeSid
CreateRestrictedToken
GetLengthSid
AdjustTokenPrivileges

sspicli

LogonUserExExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

userenv

CreateAppContainerProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-security-lsalookup-l1-1-0

LsaLookupManageSidNameMapping
LsaLookupFreeMemory

ntdll

RtlCopySid
RtlLengthSid
RtlGetDaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAce
RtlSetEnvironmentVariable
RtlInitUnicodeString
TpSimpleTryPost
RtlFreeSid
RtlSetSaclSecurityDescriptor
RtlAddMandatoryAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlNtStatusToDosError
RtlAllocateAndInitializeSid
EtwTraceMessage

advapi32

RegOpenKeyW

user32

SetThreadDesktop
SwitchDesktop
SetWindowStationUser
CloseDesktop
CloseWindowStation
SetUserObjectSecurity
LoadLocalFonts
UpdatePerUserSystemParameters
RegisterLogonProcess
CreateWindowStationW
CreateDesktopW
SetProcessWindowStation

kernelbase

WTSGetServiceSessionId
AppContainerDeriveSidFromMoniker

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
EventProviderEnabled

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

GetLoggedOnUserCount
LaunchUmfdHostWithVirtualAccountWorker
PrimaryTerminalAndHookWorker
StartLoadingFontsWorker
UIStartupWorker
WaitForWinstationShutdown
WinStationSystemShutdownStartedWorker

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winipcfile.dll
.dll windows:10 windows x64 arch:x64

51d93d533ac94342b0021a01d1966ca8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

strcspn
localeconv
swprintf_s
_errno
sprintf_s
wcsncmp
calloc
fclose
fseek
??0bad_cast@@QEAA@AEBV0@@Z
_wcsnicmp
wcsstr
fputc
fflush
fgetc
fwrite
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
wcsnlen
strnlen
setlocale
__pctype_func
isupper
___lc_handle_func
___lc_codepage_func
___mb_cur_max_func
_ismbblead
islower
_wcsdup
??8type_info@@QEBAHAEBV0@@Z
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
_wfsopen
abort
memset
??0bad_cast@@QEAA@PEBD@Z
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1bad_cast@@UEAA@XZ
__uncaught_exception
_vsnprintf_s
strchr
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
_purecall
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_vsnprintf
_XcptFilter
_wsplitpath_s
_wcsicmp
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
_amsg_exit
free
_initterm
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
??3@YAXPEAX@Z
towlower
__RTDynamicCast

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWrite
EventEnabled
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
AddDllDirectory
GetProcAddress
LoadLibraryExA
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
RemoveDllDirectory

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
InitOnceBeginInitialize
WakeAllConditionVariable
InitOnceComplete

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseSemaphore
WaitForSingleObject
OpenSemaphoreW
ReleaseMutex
EnterCriticalSection
ReleaseSRWLockExclusive
CreateMutexExW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
AcquireSRWLockExclusive
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
HeapReAlloc
HeapSize

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateGuid
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CLSIDFromString
CoInitializeEx

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages
FormatMessageW
GetUserPreferredUILanguages
LocaleNameToLCID

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemInfo
GetSystemWindowsDirectoryW
GetSystemTime
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-file-l1-1-0

GetFullPathNameW
GetFileAttributesExW
ReadFile
FlushFileBuffers
WriteFile
LockFileEx
SetFilePointerEx
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetVolumeInformationW
SetEndOfFile
UnlockFileEx
GetFileInformationByHandle
DeleteFileW

api-ms-win-core-com-l2-1-1

CreateILockBytesOnHGlobal

api-ms-win-core-file-l2-1-0

ReplaceFileW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorControl
AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-registry-l2-1-0

RegEnumKeyW

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

Sections

.text
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winipcsecproc.dll
.dll windows:10 windows x64 arch:x64

402cb0dfdab8f09c9dcd4c31795c259b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_wcsdup
sprintf_s
_vsnprintf_s
memcpy_s
__crtLCMapStringW
_wsetlocale
___lc_handle_func
?terminate@@YAXXZ
__RTDynamicCast
??1type_info@@UEAA@XZ
wcscpy_s
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
strcspn
localeconv
_errno
_wcstoi64
calloc
wcsncmp
setlocale
__uncaught_exception
__pctype_func
___lc_codepage_func
___mb_cur_max_func
_ismbblead
abort
memset
memcmp
_unlock
_vsnwprintf
_snwprintf_s
_lock
_initterm
wcstol
wcsstr
_amsg_exit
_XcptFilter
__dllonexit
_callnewh
_wcsicmp
memmove
??_V@YAXPEAX@Z
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
_purecall
malloc
free
??3@YAXPEAX@Z
__C_specific_handler
wcstombs_s
_vsnprintf
_onexit

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapSize
HeapSetInformation
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

CreateFileW
GetDriveTypeW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
ReadFile
CompareFileTime
WriteFile
GetFileTime
SetFileTime
GetLogicalDriveStringsW
SetFilePointer
DeleteFileW
GetVolumeInformationW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
CreateMutexW
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateEventW
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseMutex

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext
CryptGenKey
CryptGetHashParam
CryptSignHashW
CryptImportKey
CryptAcquireContextW
CryptDestroyHash
CryptContextAddRef
CryptSetHashParam
CryptHashData
CryptDeriveKey
CryptCreateHash
CryptExportKey
CryptVerifySignatureW
CryptDecrypt
CryptGetDefaultProviderW
CryptGenRandom
CryptEncrypt
CryptDuplicateKey
CryptGetKeyParam
CryptDestroyKey
CryptSetKeyParam

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
GetCurrentThreadId
OpenProcessToken
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-localization-l1-2-0

FormatMessageW

crypt32

CryptUnprotectData
CryptProtectData

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-com-l1-1-0

CoCreateGuid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

Exports

Exports

IpcSPAttest
IpcSPBindLicense
IpcSPCheckEnvironmentSecurity
IpcSPCloseHandle
IpcSPCommit
IpcSPCreateDecryptor
IpcSPCreateEnablingPrincipal
IpcSPCreateEncryptor
IpcSPCreateMachineCerts
IpcSPCreatePCE
IpcSPCreateSecurityProcessor
IpcSPDecrypt
IpcSPDecryptFinal
IpcSPDecryptUpdate
IpcSPDecryptWithRac
IpcSPEnableAndEncrypt
IpcSPEnablePublishingLicense
IpcSPEncrypt
IpcSPEncryptFinal
IpcSPEncryptUpdate
IpcSPGetBoundRightKey
IpcSPGetCurrentTime
IpcSPGetInfo
IpcSPGetProcAddress
IpcSPInitialize
IpcSPIsActivated
IpcSPLoadLibrary
IpcSPSign

Sections

.text
Size: 659KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winipsec.dll
.dll windows:10 windows x64 arch:x64

f9d309523108b05644323d0f1cfbf2a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_onexit
_lock
_initterm
_unlock
free
_amsg_exit
_XcptFilter
_vsnwprintf
memcmp
malloc
__C_specific_handler
memset

rpcrt4

RpcSsDestroyClientContext
RpcRaiseException
RpcBindingFree
RpcEpResolveBinding
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingSetAuthInfoW
RpcBindingFromStringBindingW
NdrClientCall3
RpcBindingSetOption

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

ntdll

DbgPrint

ws2_32

htonl
ntohl

api-ms-win-service-management-l1-1-0

OpenSCManagerW
StartServiceW
CloseServiceHandle
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

Exports

Exports

AddMMAuthMethods
AddMMFilter
AddMMFilterEx
AddMMPolicy
AddQMPolicy
AddSAs
AddTransportFilter
AddTransportFilterEx
AddTunnelFilter
CloseIKENegotiationHandle
CloseIKENotifyHandle
CloseMMFilterHandle
CloseTransportFilterHandle
CloseTunnelFilterHandle
DeleteMMAuthMethods
DeleteMMFilter
DeleteMMPolicy
DeleteMMSAs
DeleteQMPolicy
DeleteQMSAs
DeleteTransportFilter
DeleteTunnelFilter
DllMain
EnumIPSecInterfaces
EnumMMAuthMethods
EnumMMFilters
EnumMMFiltersEx
EnumMMPolicies
EnumMMSAs
EnumQMPolicies
EnumQMSAs
EnumTransportFilters
EnumTransportFiltersEx
EnumTunnelFilters
GetConfigurationVariables
GetMMAuthMethods
GetMMFilter
GetMMFilterEx
GetMMPolicy
GetMMPolicyByID
GetQMPolicy
GetQMPolicyByID
GetTransportFilter
GetTransportFilterEx
GetTunnelFilter
InitiateIKENegotiation
MatchMMFilter
MatchMMFilterEx
MatchTransportFilter
MatchTransportFilterEx
MatchTunnelFilter
OpenMMFilterHandle
OpenMMFilterHandleEx
OpenTransportFilterHandle
OpenTransportFilterHandleEx
OpenTunnelFilterHandle
QueryIKENegotiationStatus
QueryIKENotifyData
QueryIKEStatistics
QueryIPSecStatistics
QuerySpdPolicyState
RegisterIKENotifyClient
SPDApiBufferAllocate
SPDApiBufferFree
SetConfigurationVariables
SetMMAuthMethods
SetMMFilter
SetMMFilterEx
SetMMPolicy
SetQMPolicy
SetTransportFilter
SetTransportFilterEx
SetTunnelFilter

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winjson.dll
.dll windows:10 windows x64 arch:x64

0d52383791ba3ce46a4318d92b286d61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
ldexp
___mb_cur_max_func
__crtLCMapStringA
localeconv
__pctype_func
isupper
??0exception@@QEAA@AEBV0@@Z
??3@YAXPEAX@Z
___lc_handle_func
??1exception@@UEAA@XZ
___lc_codepage_func
free
?what@exception@@UEBAPEBDXZ
isspace
_purecall
islower
??0exception@@QEAA@AEBQEBDH@Z
abort
_XcptFilter
_amsg_exit
_initterm
__crtLCMapStringW
strtod
_onexit
__dllonexit
__uncaught_exception
setlocale
memmove
memcpy
_errno
strerror
??_V@YAXPEAX@Z
_unlock
memchr
_lock
__CxxFrameHandler3
tolower
_CxxThrowException
_callnewh
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
??0exception@@QEAA@AEBQEBD@Z
__C_specific_handler
malloc
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

winhttp

WinHttpCrackUrl
WinHttpSetStatusCallback
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpSendRequest
WinHttpQueryDataAvailable

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateEventW
DeleteCriticalSection
EnterCriticalSection
SetEvent

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

iphlpapi

ConvertInterfaceGuidToLuid
ConvertInterfaceLuidToIndex

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Exports

Exports

WinJsonCloseHandle
WinJsonSendRequest
WinJsonSendRequestAsync

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winload.efi
.dll windows:0 windows x64 arch:x64

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:42:6d:49:b4:fb:df:5d:a9:63:e1:0f:8f:3d:f0:31:17:aa:c4:39:8a:cd:89:12:8b:79:e6:62:14:da:25:39
Signer

Actual PE Digest

0f:42:6d:49:b4:fb:df:5d:a9:63:e1:0f:8f:3d:f0:31:17:aa:c4:39:8a:cd:89:12:8b:79:e6:62:14:da:25:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

AhCreateLoadOptionsString
AhGetArcDevice
ArchBuildKernelGdt
ArchGetGdtRegister
BlAllocateSlabPages
BlAmdSlGetTaCommands
BlAppCheckDependency
BlAppSetDependency
BlAppendBootOptionBoolean
BlAppendBootOptionString
BlAppendUnicodeToString
BlArchCpuId
BlArchDetectSmt
BlArchGetCpuVendor
BlArchGetPerformanceCounter
BlArchIsCpuIdFunctionSupported
BlArchIsFiveLevelPagingActive
BlArchIsShadowStackSupported
BlArchKernelSetup
BlArchQueryIoPortAccessSupported
BlArchSetSecrets
BlBdDebugTransitionsEnabled
BlBdDebuggerConnected
BlBdGetExtensionName
BlBdGetMacAddressFromSmBiosUuid
BlBdGetPciDevicePath
BlBdInitializeDeviceDescriptor
BlBdInitializeTransportExtension
BlBdLoadImageSymbols
BlBdPatchIdt
BlBdReleaseDebuggingDevice
BlBdSetupDebugDevice
BlBdSetupDebuggingDevice
BlBdStart
BlBdStop
BlBootOptionExists
BlBsdCloseLog
BlBsdLogEntry
BlCopyBootOptions
BlCopyStringToUnicodeString
BlCopyStringToWcharString
BlCopyUnicodeStringToUnicodeString
BlCopyWcharStringToString
BlDeviceClose
BlDeviceCompare
BlDeviceGetInformation
BlDeviceGetIoInformation
BlDeviceOpen
BlDisplayFreeOemBitmap
BlDisplayGetOemBitmap
BlDisplayInvalidateOemBitmap
BlEnNotifyEvent
BlFileClose
BlFileCopyFile
BlFileExists
BlFileGetInformation
BlFileLoad
BlFileOpen
BlFileReadAtOffsetEx
BlFileReadEx
BlFileSetInformation
BlFileWrite
BlFveCheckPermission
BlFwGetAcpiMemoryMap
BlFwGetSystemTable
BlFwQueryEfiRuntimeVaRange
BlFwReboot
BlFwServicesAvailable
BlGetApplicationEntry
BlGetApplicationIdentifier
BlGetBootDevice
BlGetBootOptionBoolean
BlGetBootOptionDevice
BlGetBootOptionInteger
BlGetBootOptionString
BlGetDevice
BlGetDeviceIdentifier
BlGetExecutionEnvironment
BlGetLogicalProcessorCount
BlGetProcessorApicIds
BlImgFindSection
BlImgGetNtHeader
BlImgGetPEImageSize
BlImgGetSigningPolicy
BlImgGetWhqlEnforcementDateTime
BlImgIsBootUpgradedPlatform
BlImgIsUpgradeInProgress
BlImgIsUpgradedPlatform
BlImgIsWhqlDeveloperTestModeEnabled
BlImgIsWhqlDisabledBySetting
BlImgIsWhqlEnabledBySetting
BlImgIsWinPE
BlImgLoadImageWithProgress2
BlImgLoadPEImageEx
BlImgLoadPEImageWithPolicyValidatedHash
BlImgParseOsRevocationList
BlImgQueryCodeIntegrityBootOptions
BlImgRegisterCodeIntegrityCatalogDirectory
BlImgRegisterCodeIntegrityCatalogs
BlImgRsaKnownAnswerTest
BlImgSetRestrictedSigning
BlImgSetSigningPolicy
BlImgSetSysDevWhqlPolicy
BlImgSha1KnownAnswerTest
BlImgSha1MonteCarloTest
BlImgTrustCustomSignersForDrivers
BlImgUnLoadImage
BlImgVerifyFontIntegrity
BlLdrBuildImagePath
BlLdrFreeDataTableEntry
BlLdrLoadDll
BlLdrLoadImage
BlLdrPreloadFile
BlLdrPreloadImage
BlLdrUnloadImage
BlLogDestroy
BlLogDiagWrite
BlLogEtwRegister
BlLogEtwWrite
BlLogEtwWriteTransfer
BlLogInitialize
BlMmAddEnclavePageRange
BlMmAddPersistentPageRange
BlMmAllocateHeap
BlMmAllocatePages
BlMmAllocatePagesInRange
BlMmAllocatePhysicalPages
BlMmAllocatePhysicalPagesInRange
BlMmAllocatePhysicalPagesInRangeNuma
BlMmAllocateVirtualPages
BlMmDisableStaticDescriptors
BlMmEnableStaticDescriptors
BlMmEnumerateAllocations
BlMmFlushTlb
BlMmFreeHeap
BlMmFreePages
BlMmFreePhysicalPages
BlMmFreeVirtualPages
BlMmGetAllocationPages
BlMmGetMemoryMap
BlMmInitMemoryMapHandle
BlMmMapPhysicalAddress
BlMmMapPhysicalAddressEx
BlMmQueryLargePageSize
BlMmQueryTranslationType
BlMmReleaseMemoryMap
BlMmRemapVirtualAddress
BlMmTranslateEfiMemoryType
BlMmTranslateVirtualAddress
BlMmUnmapVirtualAddress
BlMmUnmapVirtualAddressEx
BlNumaGetNumaMemoryRanges
BlObtainUnusedSlabPages
BlPdAllocateData
BlPdDestroyData
BlPdFreeData
BlPdPersistAllocations
BlPdQueryData
BlPdQueryDataAll
BlPdSaveData
BlPltReadPciConfig
BlRemoveBootOption
BlResourceFindDataFromImage
BlResourceFindMessage
BlResourceGetLanguageMapping
BlSIPolicyCheckPolicyOnDevice
BlSIPolicyDoesActivePolicyGrantPermission
BlSIPolicyLoadAndActivateTemporalPolicy
BlSealSecretToCurrentPcrValues
BlSecureBootGetNonVolatilePrivateVariable
BlSecureBootIgnoreSingleBootOption
BlSecureBootSetVolatilePrivateVariable
BlSetVirtualizationLaunched
BlSiAppLosingTpmAccess
BlSiCloseEnvironment
BlSiEnterInsecureStateEx
BlSiEnvironmentReady
BlSiFlushCurrentMeasurements
BlSiHandleHypervisorLaunchEvent
BlSiLeaveEnvironment
BlSiMeasureOsRevocationList
BlSiPaRecordConfigEvent
BlSiPaRecordDrtmConfigEvent
BlSiPaRecordEvent
BlSiSetDrtmEnvironmentUnsafe
BlStatusError
BlStatusPrint
BlStatusRegisterErrorHandler
BlSvnGetApplicationSvn
BlSvnGetChainStatus
BlSymCryptGetAesBlockCipher
BlSymCryptGetHmacSha256Algorithm
BlTblSetEntry
BlTcgFwSetAndLockMemoryOverwriteRequestControl
BlTimeGetRelativeTime
BlTimeQueryPerformanceCounter
BlTpmGetRandom
BlTpmShutdown
BlTpmStatus
BlTxtGetRlpParkPage
BlUpdateBootOptions
BlUtlCheckSum
BlUtlGetAcpiTable
BlUtlGetAcpiTableOverrides
BlUtlPopulateAcpiTableCache
BlUtlReleaseAcpiTable
BlUtlSetAcpiTableOverrides
BlUtlValidateMemoryRange
BlValidateAmeCertChain
BlVsmCheckSystemPolicy
BlVsmGetSystemPolicy
BlVsmKeysFindKeyMapByType
BlVsmKeysGetCurrentLKeyRefFromArray
BlVsmKeysGetCurrentLKeyRefFromPkg
BlVsmKeysReadAndUnsealLKeyPkg
BlVsmKeysSupportedByPlatform
BlpPdQueryData
BlpPdReleaseData
DbgLoadImageSymbols
DbgPrint
EfiGetMemoryAttributesTable
HvlQueryConnection
KdNetGetNetDataSize
KdNetGetParameters
LdrInitSecurityCookie
McGenEventWriteBoot
MinCrypL_HashMemory
MincryptSetWeakCryptoPolicy
OslGenRandomBytes
OslGetControlSubkey
OslGetDrtmSvn
OslGetExportRoutineInModule
OslGetLocalApicId
OslGetStringValueAtKey
OslGetValueAtKey
OslIsRunningInSecureKernel
OslLoadMicrocodeUpdate
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlAssert
RtlClearAllBits
RtlCompareMemory
RtlCompareUnicodeString
RtlCompareUnicodeStrings
RtlEqualUnicodeString
RtlFindClearBits
RtlFindExportedRoutineByName
RtlFindNextForwardRunClear
RtlFreeAnsiString
RtlFreeUnicodeString
RtlGUIDFromString
RtlImageDirectoryEntryToData
RtlInitAnsiString
RtlInitUnicodeString
RtlInitUnicodeStringEx
RtlInitializeBitMap
RtlInitializeBootFeatureConfigurations
RtlInitializeDelayedFeatureUsageReportBuffer
RtlIntegerToUnicodeString
RtlIpv6StringToAddressW
RtlNotifyFeatureUsage
RtlNumberOfSetBits
RtlPrefixUnicodeString
RtlQueryFeatureConfiguration
RtlQueryFeatureConfigurationChangeStamp
RtlRegisterFeatureConfigurationChangeNotification
RtlSecureZeroMemory
RtlSetBit
RtlSetBits
RtlSizeOfDelayedFeatureUsageReportBuffer
RtlStringFromGUID
RtlUnicodeStringToAnsiString
RtlUnicodeStringToInteger
RtlUnregisterFeatureConfigurationChangeNotification
RtlUpcaseUnicodeChar
RtlValidateDelayedFeatureUsageReportBuffer
RtlValidateFeatureConfigurationBuffer
RtlValidateFeatureUsageSubscriptionBuffer
SIPolicyClearAllActivePolicy
SIPolicyDeletePersistentVariable
SIPolicyGetOptions
SIPolicyGetPolicyHandle
SIPolicyGetPolicyInfoFromType
SIPolicyGetSerializedPolicies
SIPolicyGetSerializedPoliciesSize
SIPolicyHashActiveCodeExecutionPolicies
SIPolicyInvalidateEAsOnRebootEnabled
SIPolicyIsPolicyActive
SIPolicyIsSignedPolicyRequired
SIPolicySetTrialMode
SIPolicyUmciEnabled
SbArePolicyOptionsSet
SbDoesActivePolicyGrantPermission
SbFreeFileData
SbGetKernelPolicyPackage
SbGetSizeOfKernelPolicyPackage
SbIsDebugPolicyActive
SbIsEnabled
SbIsEnabled2
SbIsPolicyActive
SbIsTestRootTrusted
SbIsTestSigningBlocked
SbLoadFile
SbValidateSkuUnlockToken
SipaGetDataPointers
SipaQueueConfigEntry
SipaQueueConfigEntryToQueue
SipaReadPcrsByMask
SipapAppendEntry
SipapCreateQueue
SymCryptGcmAuthPart
SymCryptGcmDecryptFinal
SymCryptGcmDecryptPart
SymCryptGcmEncryptFinal
SymCryptGcmEncryptPart
SymCryptGcmExpandKey
SymCryptGcmInit
SymCryptHmacSha256
SymCryptHmacSha256ExpandKey
SymCryptHmacSha512Selftest
SymCryptInit
SymCryptMarvin32
SymCryptMarvin32ExpandSeed
SymCryptRdrandGet
SymCryptRdrandStatus
SymCryptRdseedGet
SymCryptRdseedStatus
SymCryptRngAesFips140_2Generate
SymCryptRngAesFips140_2Instantiate
SymCryptRngAesFips140_2Uninstantiate
SymCryptRngAesGenerateSelftest
SymCryptRngAesInstantiateSelftest
SymCryptRngAesReseedSelftest
SymCryptSha1
SymCryptSha256
SymCryptSha256Append
SymCryptSha256Init
SymCryptSha256Result
SymCryptSha512
SymCryptSha512Append
SymCryptSha512Init
SymCryptSha512Result
SymCryptSp800_108
TpmApiCheckSecureNVIndex20
TpmApiCreateSecureNVIndex20
TpmApiCreateSrk20
TpmApiGetKeyPublicProperty20
TpmApiGetTpmVersion
TpmApiReadPublic20
TpmApiSeal20Ex
TpmApiUnsealEx
__GSHandlerCheck
__chkstk
_snwscanf_s
_stricmp
_strupr
_vsnprintf
_wcsicmp
_wcsnicmp
_wcstoui64
_wcsupr
memcmp
memcpy
memmove
memset
qsort
rsa_construction_fips186_3
rsa_decryption
rsa_destruction
rsa_encryption
rsa_export
rsa_export_sizes
sprintf_s
strcat_s
strchr
strcmp
strcpy_s
strncmp
strnlen
strstr
swprintf_s
wcscat_s
wcscmp
wcscpy_s
wcsncmp
wcsnlen
wcsrchr
wcsstr

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: - Virtual size: 32B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGECONS
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winload.exe
.dll windows:0 windows x64 arch:x64

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:a6:44:c1:9f:e8:05:61:01:9e:41:8a:02:f1:66:09:89:c0:ce:d0:f4:a0:bd:8f:e0:01:88:f5:84:38:2b:0d
Signer

Actual PE Digest

8e:a6:44:c1:9f:e8:05:61:01:9e:41:8a:02:f1:66:09:89:c0:ce:d0:f4:a0:bd:8f:e0:01:88:f5:84:38:2b:0d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

AhCreateLoadOptionsString
AhGetArcDevice
ArchBuildKernelGdt
ArchGetGdtRegister
BlAllocateSlabPages
BlAmdSlGetTaCommands
BlAppCheckDependency
BlAppSetDependency
BlAppendBootOptionBoolean
BlAppendBootOptionString
BlAppendUnicodeToString
BlArchCpuId
BlArchDetectSmt
BlArchGetCpuVendor
BlArchGetPerformanceCounter
BlArchIsCpuIdFunctionSupported
BlArchIsFiveLevelPagingActive
BlArchIsShadowStackSupported
BlArchKernelSetup
BlArchQueryIoPortAccessSupported
BlArchSetSecrets
BlBdDebugTransitionsEnabled
BlBdDebuggerConnected
BlBdGetExtensionName
BlBdGetMacAddressFromSmBiosUuid
BlBdGetPciDevicePath
BlBdInitializeDeviceDescriptor
BlBdInitializeTransportExtension
BlBdLoadImageSymbols
BlBdPatchIdt
BlBdReleaseDebuggingDevice
BlBdSetupDebugDevice
BlBdSetupDebuggingDevice
BlBdStart
BlBdStop
BlBootOptionExists
BlBsdCloseLog
BlBsdLogEntry
BlCopyBootOptions
BlCopyStringToUnicodeString
BlCopyStringToWcharString
BlCopyUnicodeStringToUnicodeString
BlCopyWcharStringToString
BlDeviceClose
BlDeviceCompare
BlDeviceGetInformation
BlDeviceGetIoInformation
BlDeviceOpen
BlDisplayFreeOemBitmap
BlDisplayGetOemBitmap
BlDisplayInvalidateOemBitmap
BlEnNotifyEvent
BlFileClose
BlFileCopyFile
BlFileExists
BlFileGetInformation
BlFileLoad
BlFileOpen
BlFileReadAtOffsetEx
BlFileReadEx
BlFileSetInformation
BlFileWrite
BlFveCheckPermission
BlFwGetAcpiMemoryMap
BlFwGetSystemTable
BlFwQueryEfiRuntimeVaRange
BlFwReboot
BlFwServicesAvailable
BlGetApplicationEntry
BlGetApplicationIdentifier
BlGetBootDevice
BlGetBootOptionBoolean
BlGetBootOptionDevice
BlGetBootOptionInteger
BlGetBootOptionString
BlGetDevice
BlGetDeviceIdentifier
BlGetExecutionEnvironment
BlGetLogicalProcessorCount
BlGetProcessorApicIds
BlImgFindSection
BlImgGetNtHeader
BlImgGetPEImageSize
BlImgGetSigningPolicy
BlImgGetWhqlEnforcementDateTime
BlImgIsBootUpgradedPlatform
BlImgIsUpgradeInProgress
BlImgIsUpgradedPlatform
BlImgIsWhqlDeveloperTestModeEnabled
BlImgIsWhqlDisabledBySetting
BlImgIsWhqlEnabledBySetting
BlImgIsWinPE
BlImgLoadImageWithProgress2
BlImgLoadPEImageEx
BlImgLoadPEImageWithPolicyValidatedHash
BlImgParseOsRevocationList
BlImgQueryCodeIntegrityBootOptions
BlImgRegisterCodeIntegrityCatalogDirectory
BlImgRegisterCodeIntegrityCatalogs
BlImgRsaKnownAnswerTest
BlImgSetRestrictedSigning
BlImgSetSigningPolicy
BlImgSetSysDevWhqlPolicy
BlImgSha1KnownAnswerTest
BlImgSha1MonteCarloTest
BlImgTrustCustomSignersForDrivers
BlImgUnLoadImage
BlImgVerifyFontIntegrity
BlLdrBuildImagePath
BlLdrFreeDataTableEntry
BlLdrLoadDll
BlLdrLoadImage
BlLdrPreloadFile
BlLdrPreloadImage
BlLdrUnloadImage
BlLogDestroy
BlLogDiagWrite
BlLogEtwRegister
BlLogEtwWrite
BlLogEtwWriteTransfer
BlLogInitialize
BlMmAddEnclavePageRange
BlMmAddPersistentPageRange
BlMmAllocateHeap
BlMmAllocatePages
BlMmAllocatePagesInRange
BlMmAllocatePhysicalPages
BlMmAllocatePhysicalPagesInRange
BlMmAllocatePhysicalPagesInRangeNuma
BlMmAllocateVirtualPages
BlMmDisableStaticDescriptors
BlMmEnableStaticDescriptors
BlMmEnumerateAllocations
BlMmFlushTlb
BlMmFreeHeap
BlMmFreePages
BlMmFreePhysicalPages
BlMmFreeVirtualPages
BlMmGetAllocationPages
BlMmGetMemoryMap
BlMmInitMemoryMapHandle
BlMmMapPhysicalAddress
BlMmMapPhysicalAddressEx
BlMmQueryLargePageSize
BlMmQueryTranslationType
BlMmReleaseMemoryMap
BlMmRemapVirtualAddress
BlMmTranslateEfiMemoryType
BlMmTranslateVirtualAddress
BlMmUnmapVirtualAddress
BlMmUnmapVirtualAddressEx
BlNumaGetNumaMemoryRanges
BlObtainUnusedSlabPages
BlPdAllocateData
BlPdDestroyData
BlPdFreeData
BlPdPersistAllocations
BlPdQueryData
BlPdQueryDataAll
BlPdSaveData
BlPltReadPciConfig
BlRemoveBootOption
BlResourceFindDataFromImage
BlResourceFindMessage
BlResourceGetLanguageMapping
BlSIPolicyCheckPolicyOnDevice
BlSIPolicyDoesActivePolicyGrantPermission
BlSIPolicyLoadAndActivateTemporalPolicy
BlSealSecretToCurrentPcrValues
BlSecureBootGetNonVolatilePrivateVariable
BlSecureBootIgnoreSingleBootOption
BlSecureBootSetVolatilePrivateVariable
BlSetVirtualizationLaunched
BlSiAppLosingTpmAccess
BlSiCloseEnvironment
BlSiEnterInsecureStateEx
BlSiEnvironmentReady
BlSiFlushCurrentMeasurements
BlSiHandleHypervisorLaunchEvent
BlSiLeaveEnvironment
BlSiMeasureOsRevocationList
BlSiPaRecordConfigEvent
BlSiPaRecordDrtmConfigEvent
BlSiPaRecordEvent
BlSiSetDrtmEnvironmentUnsafe
BlStatusError
BlStatusPrint
BlStatusRegisterErrorHandler
BlSvnGetApplicationSvn
BlSvnGetChainStatus
BlSymCryptGetAesBlockCipher
BlSymCryptGetHmacSha256Algorithm
BlTblSetEntry
BlTcgFwSetAndLockMemoryOverwriteRequestControl
BlTimeGetRelativeTime
BlTimeQueryPerformanceCounter
BlTpmGetRandom
BlTpmShutdown
BlTpmStatus
BlTxtGetRlpParkPage
BlUpdateBootOptions
BlUtlCheckSum
BlUtlGetAcpiTable
BlUtlGetAcpiTableOverrides
BlUtlPopulateAcpiTableCache
BlUtlReleaseAcpiTable
BlUtlSetAcpiTableOverrides
BlUtlValidateMemoryRange
BlValidateAmeCertChain
BlVsmCheckSystemPolicy
BlVsmGetSystemPolicy
BlVsmKeysFindKeyMapByType
BlVsmKeysGetCurrentLKeyRefFromArray
BlVsmKeysGetCurrentLKeyRefFromPkg
BlVsmKeysReadAndUnsealLKeyPkg
BlVsmKeysSupportedByPlatform
BlpPdQueryData
BlpPdReleaseData
DbgLoadImageSymbols
DbgPrint
HvlQueryConnection
KdNetGetNetDataSize
KdNetGetParameters
LdrInitSecurityCookie
McGenEventWriteBoot
MinCrypL_HashMemory
MincryptSetWeakCryptoPolicy
OslGenRandomBytes
OslGetControlSubkey
OslGetDrtmSvn
OslGetExportRoutineInModule
OslGetLocalApicId
OslGetStringValueAtKey
OslGetValueAtKey
OslIsRunningInSecureKernel
OslLoadMicrocodeUpdate
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlAssert
RtlClearAllBits
RtlCompareMemory
RtlCompareUnicodeString
RtlCompareUnicodeStrings
RtlEqualUnicodeString
RtlFindClearBits
RtlFindExportedRoutineByName
RtlFindNextForwardRunClear
RtlFreeAnsiString
RtlFreeUnicodeString
RtlGUIDFromString
RtlImageDirectoryEntryToData
RtlInitAnsiString
RtlInitUnicodeString
RtlInitUnicodeStringEx
RtlInitializeBitMap
RtlInitializeBootFeatureConfigurations
RtlInitializeDelayedFeatureUsageReportBuffer
RtlIntegerToUnicodeString
RtlIpv6StringToAddressW
RtlNotifyFeatureUsage
RtlNumberOfSetBits
RtlPrefixUnicodeString
RtlQueryFeatureConfiguration
RtlQueryFeatureConfigurationChangeStamp
RtlRegisterFeatureConfigurationChangeNotification
RtlSecureZeroMemory
RtlSetBit
RtlSetBits
RtlSizeOfDelayedFeatureUsageReportBuffer
RtlStringFromGUID
RtlUnicodeStringToAnsiString
RtlUnicodeStringToInteger
RtlUnregisterFeatureConfigurationChangeNotification
RtlUpcaseUnicodeChar
RtlValidateDelayedFeatureUsageReportBuffer
RtlValidateFeatureConfigurationBuffer
RtlValidateFeatureUsageSubscriptionBuffer
SIPolicyClearAllActivePolicy
SIPolicyDeletePersistentVariable
SIPolicyGetOptions
SIPolicyGetPolicyHandle
SIPolicyGetPolicyInfoFromType
SIPolicyGetSerializedPolicies
SIPolicyGetSerializedPoliciesSize
SIPolicyHashActiveCodeExecutionPolicies
SIPolicyInvalidateEAsOnRebootEnabled
SIPolicyIsPolicyActive
SIPolicyIsSignedPolicyRequired
SIPolicySetTrialMode
SIPolicyUmciEnabled
SbArePolicyOptionsSet
SbDoesActivePolicyGrantPermission
SbFreeFileData
SbGetKernelPolicyPackage
SbGetSizeOfKernelPolicyPackage
SbIsDebugPolicyActive
SbIsEnabled
SbIsEnabled2
SbIsPolicyActive
SbIsTestRootTrusted
SbIsTestSigningBlocked
SbLoadFile
SbValidateSkuUnlockToken
SipaGetDataPointers
SipaQueueConfigEntry
SipaQueueConfigEntryToQueue
SipaReadPcrsByMask
SipapAppendEntry
SipapCreateQueue
SymCryptGcmAuthPart
SymCryptGcmDecryptFinal
SymCryptGcmDecryptPart
SymCryptGcmEncryptFinal
SymCryptGcmEncryptPart
SymCryptGcmExpandKey
SymCryptGcmInit
SymCryptHmacSha256
SymCryptHmacSha256ExpandKey
SymCryptHmacSha512Selftest
SymCryptInit
SymCryptMarvin32
SymCryptMarvin32ExpandSeed
SymCryptRdrandGet
SymCryptRdrandStatus
SymCryptRdseedGet
SymCryptRdseedStatus
SymCryptRngAesFips140_2Generate
SymCryptRngAesFips140_2Instantiate
SymCryptRngAesFips140_2Uninstantiate
SymCryptRngAesGenerateSelftest
SymCryptRngAesInstantiateSelftest
SymCryptRngAesReseedSelftest
SymCryptSha1
SymCryptSha256
SymCryptSha256Append
SymCryptSha256Init
SymCryptSha256Result
SymCryptSha512
SymCryptSha512Append
SymCryptSha512Init
SymCryptSha512Result
SymCryptSp800_108
TpmApiCheckSecureNVIndex20
TpmApiCreateSecureNVIndex20
TpmApiCreateSrk20
TpmApiGetKeyPublicProperty20
TpmApiGetTpmVersion
TpmApiReadPublic20
TpmApiSeal20Ex
TpmApiUnsealEx
__GSHandlerCheck
__chkstk
_snwscanf_s
_stricmp
_strupr
_vsnprintf
_wcsicmp
_wcsnicmp
_wcstoui64
_wcsupr
memcmp
memcpy
memmove
memset
qsort
rsa_construction_fips186_3
rsa_decryption
rsa_destruction
rsa_encryption
rsa_export
rsa_export_sizes
sprintf_s
strcat_s
strchr
strcmp
strcpy_s
strncmp
strnlen
strstr
swprintf_s
wcscat_s
wcscmp
wcscpy_s
wcsncmp
wcsnlen
wcsrchr
wcsstr

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winlogon.exe
.exe windows:10 windows x64 arch:x64

c399754881779489cbd0f5d180c41465

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcspbrk
iswspace
wcstok
wcsrchr
sprintf_s
wcscpy_s
wcsstr
_vsnprintf_s
free
malloc
memmove
rand
_local_unwind
memcpy
_CxxThrowException
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
_acmdln
_fmode
_commode
_lock
_unlock
__dllonexit
_vsnwprintf
_onexit
__CxxFrameHandler3
?terminate@@YAXXZ
memset
memcmp
wcschr
_callnewh
??1type_info@@UEAA@XZ
toupper
_get_errno
_set_errno
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_tolower
_wcsicmp
_wtoi
_wcsnicmp
_ultow
__C_specific_handler
memmove_s
_purecall
memcpy_s
_vscwprintf
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadStringW
GetModuleFileNameW
LockResource
LoadResource
FindResourceExW
GetModuleHandleW
LoadLibraryExW
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSRWLockExclusive
ReleaseSemaphore
ResetEvent
SleepEx
AcquireSRWLockExclusive
CreateSemaphoreExW
InitializeCriticalSection
WaitForSingleObject
OpenSemaphoreW
OpenEventW
TryEnterCriticalSection
SetEvent
WaitForSingleObjectEx
DeleteCriticalSection
CreateEventW
LeaveCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseMutex
CreateMutexW
AcquireSRWLockShared
CreateMutexExW
TryAcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapFree
HeapSize
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
SetErrorMode
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
SetThreadpoolThreadMinimum
WaitForThreadpoolTimerCallbacks
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
SetThreadpoolTimer
CreateThreadpool
CloseThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
CloseThreadpool
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentThread
OpenProcessToken
InitializeProcThreadAttributeList
SetThreadToken
ResumeThread
GetExitCodeProcess
GetCurrentProcess
SetPriorityClass
SetThreadPriority
CreateProcessAsUserW
GetCurrentThreadId
CreateThread
GetCurrentProcessId
CreateRemoteThread
GetProcessId
TerminateProcess
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegFlushKey
RegCloseKey
RegGetValueA
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyExW
RegOpenKeyExW
RegDeleteTreeW
RegSetKeySecurity
RegQueryValueExW
RegSetValueExW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegEnumValueW
RegGetValueW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW
EnableTraceEx2

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-memory-l1-1-1

VirtualUnlock
VirtualLock
SetProcessWorkingSetSizeEx
GetProcessWorkingSetSizeEx

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SetEnvironmentVariableW
SearchPathW
GetCommandLineW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTime
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount64
GetLocalTime
GetVersionExW

api-ms-win-security-base-l1-1-0

GetLengthSid
FreeSid
GetSidIdentifierAuthority
DuplicateToken
CheckTokenMembership
IsValidSid
EqualSid
ImpersonateLoggedOnUser
SetTokenInformation
AdjustTokenPrivileges
CreateRestrictedToken
GetTokenInformation
GetSecurityDescriptorDacl
AllocateAndInitializeSid
CopySid
CreateWellKnownSid
AllocateLocallyUniqueId
DuplicateTokenEx
RevertToSelf

rpcrt4

RpcMgmtIsServerListening
RpcAsyncInitializeHandle
RpcBindingCopy
RpcStringFreeW
Ndr64AsyncClientCall
RpcExceptionFilter
I_RpcMapWin32Status
RpcAsyncAbortCall
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcAsyncCancelCall
RpcStringBindingComposeW
UuidToStringW
UuidCreate
I_RpcBindingInqLocalClientPID
RpcImpersonateClient
RpcRevertToSelf
RpcBindingCreateW
UuidFromStringW
RpcBindingBind
RpcServerInqCallAttributesW
RpcServerTestCancel
RpcServerUseProtseqEpW
NdrServerCall2
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall
RpcRaiseException
RpcServerInqBindings
RpcEpRegisterW
RpcEpUnregister
RpcServerListen
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqW
I_RpcBindingIsClientLocal
RpcBindingVectorFree
RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
I_RpcExceptionFilter
NdrClientCall3
RpcBindingUnbind
RpcBindingFree
RpcAsyncCompleteCall

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoGetMalloc
CoTaskMemFree

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
CompareStringW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesW
GetShortPathNameW
CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
StartServiceW
OpenServiceW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx
NotifyServiceStatusChangeW
QueryServiceConfigW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlCompareMemory

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-security-credentials-l1-1-0

CredFree
CredUnmarshalCredentialW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW
LookupAccountSidW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventProviderEnabled
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-job-l2-1-0

QueryInformationJobObject
TerminateJobObject
SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW

api-ms-win-security-lsapolicy-l1-1-0

LsaStorePrivateData
LsaFreeMemory
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose

api-ms-win-core-appcompat-l1-1-0

BaseInitAppcompatCacheSupport

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-credentials-l2-1-0

CredReadByTokenHandle

api-ms-win-base-bootconfig-l1-1-0

NotifyBootConfigStatus

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
ReportEventW
GetEventLogInformation
RegisterEventSourceW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
DeleteTimerQueueTimer
CreateTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
UnregisterWait
RegisterWaitForSingleObject

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegCreateKeyW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

kernelbase

CreateProcessInternalW
AppContainerDeriveSidFromMoniker

ntdll

WinSqmIsOptedIn
NtCreateEvent
RtlAddAce
RtlSetDaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
NtAdjustPrivilegesToken
NtDuplicateToken
RtlUnhandledExceptionFilter
NtQueryInformationProcess
NtDeviceIoControlFile
WinSqmEndSession
RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDeleteResource
NtGetCachedSigningLevel
WinSqmSetString
NtOpenEvent
NtSetEvent
RtlGetCurrentServiceSessionId
NtDeleteWnfStateName
NtCreateWnfStateName
RtlQueryResourcePolicy
__isascii
isupper
_vsnprintf
RtlGetNtProductType
RtlSetSystemBootStatus
RtlRemovePrivileges
RtlpVerifyAndCommitUILanguageSettings
NtSetInformationProcess
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
NtShutdownSystem
RtlCompareUnicodeString
RtlCreateEnvironment
TpReleaseTimer
TpWaitForTimer
TpAllocTimer
TpSetTimer
NtOpenThreadToken
NtOpenFile
RtlAppendUnicodeToString
NtOpenDirectoryObject
RtlFreeSid
NtSetSecurityObject
RtlSetSaclSecurityDescriptor
RtlAddMandatoryAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlAllocateAndInitializeSid
RtlDestroyEnvironment
RtlCopySid
RtlNtStatusToDosErrorNoTeb
RtlSetEnvironmentVariable
RtlQueryEnvironmentVariable_U
RtlExpandEnvironmentStrings_U
RtlInitUnicodeStringEx
RtlGetAce
NtSetIRTimer
NtCreateIRTimer
NtSetInformationToken
NtCreateToken
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
TpAllocWait
WinSqmSetDWORD
TpPostWork
TpAllocWork
RtlUnsubscribeWnfNotificationWaitForCompletion
TpReleaseWork
TpWaitForWork
TpReleaseWait
TpWaitForWait
TpSetWait
NtFilterToken
NtInitiatePowerAction
RtlAdjustPrivilege
RtlPublishWnfStateData
RtlLengthSid
EtwEventWriteStartScenario
EtwEventWriteEndScenario
RtlInitUnicodeString
NtAllocateLocallyUniqueId
RtlDeregisterWait
RtlRegisterWait
RtlTimeToSecondsSince1980
WinSqmAddToStream
TpSimpleTryPost
RtlEqualSid
EtwEventEnabled
EtwEventWrite
RtlCopyLuid
NtPowerInformation
EtwEventActivityIdControl
RtlGetActiveConsoleId
RtlInitString
NtQuerySystemInformation
NtSystemDebugControl
NtQueryInformationToken
NtOpenProcessToken
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlDuplicateUnicodeString
NtClose
RtlOpenCurrentUser
RtlGetDeviceFamilyInfoEnum
EtwTraceMessage
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
EtwEventSetInformation
WinSqmStartSession

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 601KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winlogonext.dll
.dll windows:10 windows x64 arch:x64

e69d14c74de8e7df5587a714084a0e88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_wcsnicmp
malloc
_initterm
_amsg_exit
_XcptFilter
__C_specific_handler
free
memcpy

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

kernelbase

LocalAlloc

rpcrt4

NdrClientCall3
RpcBindingFree
RpcStringFreeW
I_RpcMapWin32Status
RpcBindingBind
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcBindingCreateW
RpcBindingFromStringBindingW

kernel32

GetComputerNameExW
LocalFree
GetLastError

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle
StartServiceW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

Exports

Exports

ConfigureUserArso
EnableDisableElevationForSessionWorker
NotifyInteractiveSessionLogoff
UpdateUserTokenSessionId
WinLogonExt

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winmde.dll
.dll regsvr32 windows:10 windows x64 arch:x64

30d9f815f3d0fe0f8f3741c9f2dc893e

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:4b:2a:de:25:d5:55:ad:40:78:2f:bc:c9:58:69:63:5f:98:c0:a8:8f:ba:61:ea:05:d9:8c:b3:ea:28:ed:3b
Signer

Actual PE Digest

15:4b:2a:de:25:d5:55:ad:40:78:2f:bc:c9:58:69:63:5f:98:c0:a8:8f:ba:61:ea:05:d9:8c:b3:ea:28:ed:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_XcptFilter
_callnewh
rand
towlower
iswxdigit
memmove
_onexit
_ui64tow_s
wcsstr
_i64tow_s
_vsnprintf
_ltoa_s
_i64toa_s
_amsg_exit
realloc
__CxxFrameHandler3
memset
_initterm
_ui64toa_s
_ultoa_s
_wtol
towupper
iswalpha
iswdigit
isalpha
isdigit
_ultow_s
wcschr
_vsnwprintf
bsearch
_errno
_lock
_unlock
memcpy
__C_specific_handler
_wcsicmp
_ltow_s
toupper
islower
_gcvt_s
_wcsnicmp
wcsncmp
__dllonexit
strnlen
memcmp
memchr
strncpy_s
strncmp
qsort
_purecall
memcpy_s
free
malloc
wcsncpy_s
wcscmp

api-ms-win-core-synch-l1-1-0

CreateWaitableTimerExW
ReleaseSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
SetEvent
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
WaitForSingleObject
CreateEventA
OpenEventW
CreateEventExW
OpenSemaphoreW
InitializeSRWLock
CreateSemaphoreExW
ResetEvent
SetWaitableTimer
ReleaseSemaphore
AcquireSRWLockShared
CreateEventW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventEnabled
EventUnregister
EventWriteTransfer

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
SizeofResource
GetProcAddress
GetModuleFileNameW
FreeLibrary
LoadResource
FindResourceExW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegSetValueExW
RegGetValueW
RegDeleteValueW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegCreateKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceExecuteOnce
Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetProcessTimes
TlsGetValue
TlsSetValue
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateThread

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak
OutputDebugStringA

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount
GetTickCount64

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize
WriteFile
GetFileAttributesExW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

ntdll

RtlInitUnicodeString
NtDeviceIoControlFile
NtQuerySystemInformation
NtClose
NtCreateFile

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait

sspicli

QueryContextAttributesW
EncryptMessage

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

d3d11

D3D11CreateDevice

rtworkq

RtwqCancelDeadline
RtwqSetLongRunning
RtwqCreateAsyncResult
RtwqInvokeCallback

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-toolhelp-l1-1-0

Process32FirstW
Process32NextW
CreateToolhelp32Snapshot

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
VirtualQueryEx
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MFCreateNetVRoot
MFCreateWMPMDEOpCenter
MFCreateWinMDEOpCenter

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winml.dll
.dll windows:10 windows x64 arch:x64

7c6e3bebfd329d7258d243d17e0737e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o_free
_o_malloc
_o_terminate
__C_specific_handler
_CxxThrowException
__CxxFrameHandler3
memmove
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

Exports

Exports

WinMLCreateRuntime

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winmm.dll
.dll windows:10 windows x64 arch:x64

053f233e499dd415931815dccef4f401

Code Sign

33:00:00:02:65:51:ae:1b:bd:00:5c:bf:bd:00:00:00:00:02:65
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:cd:62:dd:c6:b9:80:e2:03:56:cb:f4:20:1b:07:b1:1a:c9:95:87:c1:22:a9:95:27:5d:3d:b5:72:86:a9:a6
Signer

Actual PE Digest

2f:cd:62:dd:c6:b9:80:e2:03:56:cb:f4:20:1b:07:b1:1a:c9:95:87:c1:22:a9:95:27:5d:3d:b5:72:86:a9:a6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

memset
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
RtlGetActiveConsoleId
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteN
wcschr
iswdigit
towlower
__C_specific_handler
_vsnwprintf
NtQueryTimerResolution
NtCreateTimer
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtCancelTimer
NtClose
NtSetTimer
__chkstk
memcmp
memcpy
memmove
EtwTraceMessage

msvcrt

free
__CxxFrameHandler3
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
_onexit
malloc
__dllonexit
_callnewh

api-ms-win-mm-time-l1-1-0

timeEndPeriod
timeGetDevCaps
timeGetTime
timeGetSystemTime
timeBeginPeriod

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-synch-l1-1-0

OpenEventW
LeaveCriticalSection
CreateEventW
SleepEx
InitializeCriticalSection
EnterCriticalSection
SetEvent
CreateEventA
ResetEvent
DeleteCriticalSection
WaitForSingleObject

api-ms-win-core-processthreads-l1-1-0

ExitThread
GetCurrentThread
TlsFree
GetCurrentProcessId
SetThreadPriority
TerminateProcess
GetCurrentProcess
TlsAlloc
CreateThread
ProcessIdToSessionId
GetCurrentThreadId

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
FreeLibrary
GetProcAddress
LoadLibraryExA
DisableThreadLibraryCalls
LoadStringA
GetModuleFileNameW
LoadStringW
SizeofResource
FreeResource
LockResource
LoadResource

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-kernel32-legacy-l1-1-0

PulseEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
HeapFree

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
SetCurrentDirectoryW
GetCurrentDirectoryW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetErrorMode
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
GetProfileStringW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileW
GetFileTime
CompareFileTime
GetFileSize

api-ms-win-core-path-l1-1-0

PathCchStripToRoot
PathCchIsRoot

api-ms-win-core-util-l1-1-0

Beep

api-ms-win-core-kernel32-private-l1-1-2

CheckForReadOnlyResource

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount

api-ms-win-core-kernel32-private-l1-1-0

_lread

api-ms-win-core-localization-l1-2-0

GetACP

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

CloseDriver
DefDriverProc
DriverCallback
DrvGetModuleHandle
GetDriverModuleHandle
OpenDriver
PlaySound
PlaySoundA
PlaySoundW
SendDriverMessage
WOWAppExit
auxGetDevCapsA
auxGetDevCapsW
auxGetNumDevs
auxGetVolume
auxOutMessage
auxSetVolume
joyConfigChanged
joyGetDevCapsA
joyGetDevCapsW
joyGetNumDevs
joyGetPos
joyGetPosEx
joyGetThreshold
joyReleaseCapture
joySetCapture
joySetThreshold
mciDriverNotify
mciDriverYield
mciExecute
mciFreeCommandResource
mciGetCreatorTask
mciGetDeviceIDA
mciGetDeviceIDFromElementIDA
mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
mciGetDriverData
mciGetErrorStringA
mciGetErrorStringW
mciGetYieldProc
mciLoadCommandResource
mciSendCommandA
mciSendCommandW
mciSendStringA
mciSendStringW
mciSetDriverData
mciSetYieldProc
midiConnect
midiDisconnect
midiInAddBuffer
midiInClose
midiInGetDevCapsA
midiInGetDevCapsW
midiInGetErrorTextA
midiInGetErrorTextW
midiInGetID
midiInGetNumDevs
midiInMessage
midiInOpen
midiInPrepareHeader
midiInReset
midiInStart
midiInStop
midiInUnprepareHeader
midiOutCacheDrumPatches
midiOutCachePatches
midiOutClose
midiOutGetDevCapsA
midiOutGetDevCapsW
midiOutGetErrorTextA
midiOutGetErrorTextW
midiOutGetID
midiOutGetNumDevs
midiOutGetVolume
midiOutLongMsg
midiOutMessage
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutSetVolume
midiOutShortMsg
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamPause
midiStreamPosition
midiStreamProperty
midiStreamRestart
midiStreamStop
mixerClose
mixerGetControlDetailsA
mixerGetControlDetailsW
mixerGetDevCapsA
mixerGetDevCapsW
mixerGetID
mixerGetLineControlsA
mixerGetLineControlsW
mixerGetLineInfoA
mixerGetLineInfoW
mixerGetNumDevs
mixerMessage
mixerOpen
mixerSetControlDetails
mmDrvInstall
mmGetCurrentTask
mmTaskBlock
mmTaskCreate
mmTaskSignal
mmTaskYield
mmioAdvance
mmioAscend
mmioClose
mmioCreateChunk
mmioDescend
mmioFlush
mmioGetInfo
mmioInstallIOProcA
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRead
mmioRenameA
mmioRenameW
mmioSeek
mmioSendMessage
mmioSetBuffer
mmioSetInfo
mmioStringToFOURCCA
mmioStringToFOURCCW
mmioWrite
mmsystemGetVersion
sndPlaySoundA
sndPlaySoundW
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetSystemTime
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
waveInGetErrorTextW
waveInGetID
waveInGetNumDevs
waveInGetPosition
waveInMessage
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutBreakLoop
waveOutClose
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutGetErrorTextA
waveOutGetErrorTextW
waveOutGetID
waveOutGetNumDevs
waveOutGetPitch
waveOutGetPlaybackRate
waveOutGetPosition
waveOutGetVolume
waveOutMessage
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutSetPitch
waveOutSetPlaybackRate
waveOutSetVolume
waveOutUnprepareHeader
waveOutWrite

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guids
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winmmbase.dll
.dll windows:10 windows x64 arch:x64

cba5dd719abbc9c30cbbf24a5d2919b5

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:6c:85:f9:b3:89:18:05:5c:31:1a:cb:18:9a:35:d0:d6:70:20:b5:fa:74:de:ff:c9:d1:ac:e3:b6:27:9f:9d
Signer

Actual PE Digest

17:6c:85:f9:b3:89:18:05:5c:31:1a:cb:18:9a:35:d0:d6:70:20:b5:fa:74:de:ff:c9:d1:ac:e3:b6:27:9f:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_CxxThrowException
_amsg_exit
_XcptFilter
free
wcsncmp
mbstowcs
__C_specific_handler
__CxxFrameHandler3
wcschr
memcpy
wcsrchr
wcstol
_vsnwprintf
malloc
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteN
EtwTraceMessage

api-ms-win-core-heap-obsolete-l1-1-0

GlobalHandle
GlobalReAlloc
GlobalUnlock
GlobalLock

api-ms-win-core-processenvironment-l1-1-0

SearchPathW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapReAlloc

api-ms-win-core-file-l1-1-0

GetFullPathNameW
GetFileSize
GetFileAttributesW
DeleteFileW
GetTempFileNameW
CreateFileW

api-ms-win-core-stringansi-l1-1-0

CharUpperA

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsSetValue
ExitThread
CreateThread
TerminateProcess
GetCurrentThreadId
TlsFree
TlsAlloc
GetCurrentProcessId
SetThreadPriority
GetCurrentProcess
GetCurrentThread

api-ms-win-core-kernel32-private-l1-1-0

_lclose
_lwrite
_llseek
_lread

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree
GlobalAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
InitializeCriticalSection
CreateEventA
DeleteCriticalSection
CreateEventW
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
SetEvent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
GetLastError

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
LoadStringW
LoadLibraryExA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadStringA
DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-localization-l1-2-0

GetACP

api-ms-win-mm-time-l1-1-0

timeGetDevCaps
timeEndPeriod
timeBeginPeriod
timeGetTime

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CloseDriver
DefDriverProc
DriverCallback
DrvGetModuleHandle
GetDriverModuleHandle
OpenDriver
SendDriverMessage
auxGetDevCapsA
auxGetDevCapsW
auxGetNumDevs
auxGetVolume
auxOutMessage
auxSetVolume
midiConnect
midiDisconnect
midiInAddBuffer
midiInClose
midiInGetDevCapsA
midiInGetDevCapsW
midiInGetErrorTextA
midiInGetErrorTextW
midiInGetID
midiInGetNumDevs
midiInMessage
midiInOpen
midiInPrepareHeader
midiInReset
midiInStart
midiInStop
midiInUnprepareHeader
midiOutCacheDrumPatches
midiOutCachePatches
midiOutClose
midiOutGetDevCapsA
midiOutGetDevCapsW
midiOutGetErrorTextA
midiOutGetErrorTextW
midiOutGetID
midiOutGetNumDevs
midiOutGetVolume
midiOutLongMsg
midiOutMessage
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutSetVolume
midiOutShortMsg
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamPause
midiStreamPosition
midiStreamProperty
midiStreamRestart
midiStreamStop
mixerClose
mixerGetControlDetailsA
mixerGetControlDetailsW
mixerGetDevCapsA
mixerGetDevCapsW
mixerGetID
mixerGetLineControlsA
mixerGetLineControlsW
mixerGetLineInfoA
mixerGetLineInfoW
mixerGetNumDevs
mixerMessage
mixerOpen
mixerSetControlDetails
mmDrvInstall
mmGetCurrentTask
mmTaskBlock
mmTaskCreate
mmTaskSignal
mmTaskYield
mmioAdvance
mmioAscend
mmioClose
mmioCreateChunk
mmioDescend
mmioFlush
mmioGetInfo
mmioInstallIOProcA
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRead
mmioRenameA
mmioRenameW
mmioSeek
mmioSendMessage
mmioSetBuffer
mmioSetInfo
mmioStringToFOURCCA
mmioStringToFOURCCW
mmioWrite
sndOpenSound
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
waveInGetErrorTextW
waveInGetID
waveInGetNumDevs
waveInGetPosition
waveInMessage
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutBreakLoop
waveOutClose
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutGetErrorTextA
waveOutGetErrorTextW
waveOutGetID
waveOutGetNumDevs
waveOutGetPitch
waveOutGetPlaybackRate
waveOutGetPosition
waveOutGetVolume
waveOutMessage
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutSetPitch
waveOutSetPlaybackRate
waveOutSetVolume
waveOutUnprepareHeader
waveOutWrite
winmmbaseFreeMMEHandles
winmmbaseGetWOWHandle
winmmbaseHandle32FromHandle16
winmmbaseSetWOWHandle

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winmsipc.dll
.dll windows:10 windows x64 arch:x64

f794dfd416980495724bf2f981e544d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
??3@YAXPEAX@Z
??1exception@@UEAA@XZ
_vsnprintf
??0exception@@QEAA@XZ
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
memcpy
__CxxFrameHandler3
memmove
_wcsicmp
_wcsdup
??0exception@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
towlower
wcstol
iswspace
strcspn
localeconv
swprintf_s
_errno
wcscpy_s
strrchr
??8type_info@@QEBAHAEBV0@@Z
wcsstr
fwscanf_s
calloc
_wfopen_s
fclose
fseek
_strlwr_s
strncmp
_wcslwr_s
_ultoa_s
strstr
_wcsnicmp
_CxxThrowException
_time64
_ultow_s
_wtoi
_itow_s
realloc
wcstoul
wcstok_s
toupper
setlocale
__uncaught_exception
__pctype_func
isupper
___lc_codepage_func
___mb_cur_max_func
_ismbblead
islower
abort
memset
___lc_collate_cp_func
memcmp
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
___lc_handle_func
_callnewh
_wsetlocale
??0exception@@QEAA@AEBQEBD@Z
wcsncmp
wcsncpy_s
strnlen
?what@exception@@UEBAPEBDXZ
__crtLCMapStringA
__crtLCMapStringW
wcsnlen
sprintf_s
strchr
wcsrchr
isalpha
?name@type_info@@QEBAPEBDXZ
iswalnum
_mbsinc
_ismbcspace
_mbsrev
_mbscspn
_mbsstr
memmove_s
_vsnprintf_s
__RTDynamicCast
__crtCompareStringW
wcschr
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_vscwprintf
_amsg_exit
_XcptFilter
_purecall
_vsnwprintf_s
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
SizeofResource
LockResource
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
LoadResource
FindResourceExW
FreeLibrary
LoadLibraryExA

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceComplete

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
OpenProcessToken
OpenThreadToken
TlsAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
TlsGetValue

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount
GetSystemTime
GetSystemTimeAsFileTime
GetVersionExW
GetSystemInfo

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventEnabled
EventActivityIdControl
EventSetInformation
EventRegister
EventWrite

api-ms-win-core-synch-l1-1-0

CreateEventExW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
CreateEventW
ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
DeleteCriticalSection
ResetEvent
WaitForSingleObject
CreateSemaphoreExW
InitializeCriticalSectionEx
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
AcquireSRWLockExclusive
SetEvent
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoCreateGuid
StringFromGUID2
CLSIDFromString
CoInitializeEx

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FormatMessageW
LocaleNameToLCID
GetUserPreferredUILanguages
GetSystemPreferredUILanguages

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

bcrypt

BCryptCreateHash
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-file-l1-1-0

FindNextFileW
SetFilePointer
ReadFile
CreateDirectoryW
FindClose
CreateFileW
GetFileAttributesW
FindFirstFileW
WriteFile
SetEndOfFile
GetFileAttributesExW
CompareFileTime
SetFileAttributesW
DeleteFileW
GetFileSize

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

netutils

NetApiBufferFree

api-ms-win-rtcore-ntuser-window-l1-1-0

GetDesktopWindow

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyKey
CryptGetHashParam
CryptImportKey
CryptSetKeyParam
CryptDecrypt
CryptGenRandom
CryptEncrypt
CryptAcquireContextW
CryptVerifySignatureW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptSetHashParam
CryptDestroyHash

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetDynamicTimeZoneInformation
SystemTimeToFileTime

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetFolderPathW

wldap32

ord208
ord13
ord224
ord73
ord145
ord16
ord140
ord41
ord26

logoncli

DsGetDcNameW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

dnsapi

DnsQuery_W
DnsFree

api-ms-win-core-url-l1-1-0

PathIsURLW
UrlGetPartW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 785KB - Virtual size: 785KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winnlsres.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setuр/x64/winnsi.dll
.dll windows:10 windows x64 arch:x64

ad7c692fa9fcc8c643fd494188deca65

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:fc:ed:23:74:85:d6:ef:26:75:b6:1f:93:40:c9:b5:35:70:1f:f5:d2:f9:88:26:b5:5d:b0:8a:f7:35:df:a7
Signer

Actual PE Digest

d7:fc:ed:23:74:85:d6:ef:26:75:b6:1f:93:40:c9:b5:35:70:1f:f5:d2:f9:88:26:b5:5d:b0:8a:f7:35:df:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-crt-l1-1-0

__C_specific_handler
memset

api-ms-win-core-crt-l2-1-0

_initterm
_initterm_e

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlCaptureContext
RtlLookupFunctionEntry
RtlSubscribeWnfStateChangeNotification
RtlVirtualUnwind
NtQueryWnfStateData

rpcrt4

RpcBindingFree
RpcStringBindingComposeW
RpcBindingSetAuthInfoW
I_RpcExceptionFilter
RpcAsyncCancelCall
RpcStringFreeW
RpcAsyncCompleteCall
Ndr64AsyncClientCall
RpcAsyncInitializeHandle
RpcBindingFromStringBindingW

nsi

NsiSetAllParametersEx
NsiSetParameterEx
NsiGetAllParametersEx
NsiGetParameterEx
NsiGetAllParameters
NsiEnumerateObjectsAllParameters

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
CreateEventW
WaitForSingleObject
EnterCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

Exports

Exports

NsiConnectToServer
NsiDisconnectFromServer
NsiRpcDeregisterChangeNotification
NsiRpcDeregisterChangeNotificationEx
NsiRpcEnumerateObjectsAllParameters
NsiRpcGetAllParameters
NsiRpcGetAllParametersEx
NsiRpcGetParameter
NsiRpcGetParameterEx
NsiRpcRegisterChangeNotification
NsiRpcRegisterChangeNotificationEx
NsiRpcSetAllParameters
NsiRpcSetAllParametersEx
NsiRpcSetParameter
NsiRpcSetParameterEx

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setuр/x64/winresume.efi
.exe windows:0 windows x64 arch:x64

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:65:04:b9:c7:f7:2f:3f:5d:e6:d3:18:24:8a:82:05:1d:93:9a:33:ec:ba:af:f8:39:7c:51:21:c3:df:55:d2
Signer

Actual PE Digest

ac:65:04:b9:c7:f7:2f:3f:5d:e6:d3:18:24:8a:82:05:1d:93:9a:33:ec:ba:af:f8:39:7c:51:21:c3:df:55:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 2023

Password: 2023

671e5013d47799d1ae091c24607c92b4

Code Sign

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7cCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

b0:5b:c2:e7:52:58:24:23:e8:2d:69:e2:38:69:14:74:9c:21:05:75:91:dc:b2:fa:c3:c6:c9:4b:f3:95:56:fbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ole32

oleaut32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 544KB - Virtual size: 544KB

.rdata Size: 121KB - Virtual size: 120KB

.pdata Size: 49KB - Virtual size: 48KB

.xdata Size: 76KB - Virtual size: 75KB

.bss Size: - Virtual size: 3KB

.idata Size: 6KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 6KB - Virtual size: 5KB

/4 Size: 3KB - Virtual size: 2KB

/19 Size: 127KB - Virtual size: 126KB

/31 Size: 20KB - Virtual size: 20KB

/45 Size: 43KB - Virtual size: 43KB

/57 Size: 8KB - Virtual size: 8KB

/70 Size: 1024B - Virtual size: 978B

/81 Size: 14KB - Virtual size: 13KB

/97 Size: 51KB - Virtual size: 51KB

/113 Size: 2KB - Virtual size: 1KB

Password: 2023

ba5cafa611966aacf9d4221b03f1679e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 556B

Password: 2023

462d18eea38c83f5e26842c54a4a845c

Headers

DLL Characteristics

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

b0:5b:c2:e7:52:58:24:23:e8:2d:69:e2:38:69:14:74:9c:21:05:75:91:dc:b2:fa:c3:c6:c9:4b:f3:95:56:fb
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 544KB - Virtual size: 544KB

.rdata
Size: 121KB - Virtual size: 120KB

.pdata
Size: 49KB - Virtual size: 48KB

.xdata
Size: 76KB - Virtual size: 75KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 6KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 6KB - Virtual size: 5KB

/4
Size: 3KB - Virtual size: 2KB

/19
Size: 127KB - Virtual size: 126KB

/31
Size: 20KB - Virtual size: 20KB

/45
Size: 43KB - Virtual size: 43KB

/57
Size: 8KB - Virtual size: 8KB

/70
Size: 1024B - Virtual size: 978B

/81
Size: 14KB - Virtual size: 13KB

/97
Size: 51KB - Virtual size: 51KB

/113
Size: 2KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 556B

.text
Size: 283KB - Virtual size: 282KB

.rdata
Size: 93KB - Virtual size: 92KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 13KB - Virtual size: 13KB

.didat
Size: 512B - Virtual size: 208B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB