ABrodbeck 2022 Tax Return[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ABrodbeck 2022 Tax Return.zip
Size

2.0MB
MD5

11e818d442ec44e8e15bbc5764928659
SHA1

37acbc029423ac56d4cb2c75eb8c13cb3b054841
SHA256

6bed9804185f1127e59d7ab3d3daa62b603f4caec29ec3bdcd50d231ddeac551
SHA512

378798e6206a4e3ecb547b72c0d60c76cdfa895c1c7d2a080d6896b790b076644f6b7c549b07c07932e2f05eb94a2a989bda11788e26a7cf5822b43d589f08d3
SSDEEP

49152:+0RzpnYjwATCwKsNOdCc5hvWReLVgIxyRxwIgqIPnvNTAS12yE8:+wNYjwAO+O8ihvWoLHxOD+vNTAS5

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack005/adsn
unpack005/adtschem
unpack009/adsk
unpack009/ma

Files

ABrodbeck 2022 Tax Return.zip
.zip

Password: Brodbeck78
ABrodbeck/22.doc
.rar

Password: Brodbeck78
2022Data.zip
.zip

Password: Brodbeck78
22.doc
.zip

Password: Brodbeck78
20e
.zip

Password: Brodbeck78
adsn
.dll windows:6 windows x64 arch:x64

Password: Brodbeck78

8b36d78fcc03ea9a3a598e7be2b43ec2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_CxxThrowException
memcpy
memset
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcsrchr
_wcsnicmp
wcsncat_s
swprintf_s
wcschr
_ltow
_wtol
_itow_s
_purecall
wcscat_s
_wcsicmp
wcscpy_s
wcsncpy_s
wcscmp

ntdll

RtlSecondsSince1970ToTime
RtlRunDecodeUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlRunEncodeUnicodeString
RtlTimeToSecondsSince1970
RtlInitUnicodeString

api-ms-win-service-management-l1-1-0

StartServiceW
CreateServiceW
CloseServiceHandle
OpenServiceW
DeleteService
OpenSCManagerW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-winsvc-l1-2-0

ControlService
QueryServiceStatus

advapi32

GetUserNameW
EnumServicesStatusW
LookupAccountNameW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
GetLengthSid
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

activeds

ord7
ord16
ord21
ord23
ord22
ord17
ord18
ord14
ord15

ole32

CoTaskMemFree
CreatePointerMoniker
StringFromGUID2
CoCreateInstance
CLSIDFromString
StringFromCLSID
IIDFromString

winspool.drv

GetJobW
DeletePrinter
EnumPrintersW
EnumJobsW
GetPrinterW
SetJobW
SetPrinterW
OpenPrinterW
AddPrinterW
ClosePrinter

oleaut32

SafeArrayUnaccessData
CreateErrorInfo
SystemTimeToVariantTime
VariantTimeToSystemTime
DosDateTimeToVariantTime
VariantTimeToDosDateTime
SafeArrayAccessData
SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantInit
VariantClear
DispGetIDsOfNames
SetErrorInfo
DispInvoke
LoadRegTypeLi
VariantCopy
SysFreeString
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy

netutils

NetpwNameCompare
NetApiBufferFree

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

browcli

NetServerEnum

logoncli

NetGetAnyDCName
NetGetDCName

samcli

NetLocalGroupGetMembers
NetGroupDel
NetLocalGroupDel
NetGroupGetUsers
NetUserDel
NetGroupAdd
NetLocalGroupGetInfo
NetLocalGroupDelMembers
NetGroupDelUser
NetLocalGroupAddMembers
NetGroupAddUser
NetUserGetLocalGroups
NetGroupGetInfo
NetUserGetGroups
NetUserChangePassword
NetUserAdd
NetGroupSetInfo
NetLocalGroupSetInfo
NetUserGetInfo
NetUserSetInfo
NetQueryDisplayInformation
NetUserModalsSet
NetUserModalsGet
NetGroupEnum
NetLocalGroupEnum
NetLocalGroupAdd

srvcli

NetServerGetInfo
NetSessionGetInfo
NetSessionDel
NetSessionEnum
NetShareGetInfo
NetFileEnum
NetFileGetInfo
NetShareEnum
NetShareSetInfo
NetShareAdd
NetShareDel
NetServerSetInfo

wkscli

NetWkstaUserGetInfo
NetUseGetInfo
NetWkstaGetInfo

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
ResolveDelayLoadedAPI
DelayLoadFailureHook
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetProcAddress
LoadLibraryW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrlenW
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
FormatMessageW
FileTimeToDosDateTime
GetSystemDirectoryW
SystemTimeToTzSpecificLocalTime
GetComputerNameW
FreeLibrary
DeleteCriticalSection
RaiseException
InitializeCriticalSection
GetModuleHandleW
DisableThreadLibraryCalls
GetTickCount
CompareStringOrdinal
SystemTimeToFileTime
GetSystemTime
SetLastError
GetLastError
LocalAlloc
LocalFree
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adtschem
.dll windows:6 windows x64 arch:x64

Password: Brodbeck78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 713KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
advapi3
.dll windows:6 windows x64 arch:x64

Password: Brodbeck78

973a8cdb39a3db10c284afb640b793b3

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/06/2013, 21:43

Not After

17/09/2014, 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:c0:41:14:d5:af:90:50:02:cc:d6:a4:a3:f8:71:67:d3:2a:66:93:f7:25:fd:0c:9e:c8:16:8f:6b:22:a9:30
Signer

Actual PE Digest

c8:c0:41:14:d5:af:90:50:02:cc:d6:a4:a3:f8:71:67:d3:2a:66:93:f7:25:fd:0c:9e:c8:16:8f:6b:22:a9:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memmove
iswctype
_vsnwprintf
memset
memcpy
memcmp
__C_specific_handler
_vsnprintf
mbstowcs
iswalpha
_stricmp
_wcstoi64
_i64tow_s
_wcstoui64
_ui64tow_s
_ultow
wcscat_s
_wcsicmp
_errno
wcschr
wcscpy_s
wcstok_s
swscanf_s
wcsrchr
wcsncpy_s
wcsstr
swprintf_s
_wcsnicmp
wcsncmp
strstr
strchr
tolower
wcstoul
_ultow_s
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtSetSystemInformation
DbgPrint
RtlFreeAnsiString
RtlGetCurrentTransaction
ord1
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlIsTextUnicode
RtlLengthSid
NlsMbCodePageTag
NtQueryInformationToken
RtlxUnicodeStringToAnsiSize
RtlSubAuthoritySid
RtlGetThreadPreferredUILanguages
RtlSubAuthorityCountSid
RtlMakeSelfRelativeSD
RtlConvertSidToUnicodeString
RtlUnicodeStringToInteger
RtlAllocateHandle
RtlIsValidIndexHandle
RtlFreeHandle
NtOpenKey
NtQueryValueKey
NtClose
NtOpenThreadToken
NtOpenProcessToken
RtlEqualSid
RtlAddAccessAllowedAceEx
NtSetInformationToken
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtDuplicateToken
NtCompareTokens
RtlAllocateAndInitializeSid
RtlFreeSid
RtlIsGenericTableEmpty
RtlEnumerateGenericTableWithoutSplaying
RtlDuplicateUnicodeString
RtlExpandEnvironmentStrings_U
NtOpenFile
RtlCreateUnicodeString
NtQueryInformationProcess
RtlGetLastNtStatus
NtQueryKey
RtlValidSid
LdrLoadDll
RtlImageNtHeader
LdrUnloadDll
NtDeviceIoControlFile
NtQuerySystemInformation
EtwEventRegister
EtwEventWrite
NtCreateKey
NtSetValueKey
RtlDeleteElementGenericTable
RtlAppendUnicodeToString
NtDeleteKey
RtlInsertElementGenericTable
RtlCopySid
RtlInitializeHandleTable
RtlDestroyHandleTable
EtwEventUnregister
NtEnumerateKey
RtlIntegerToUnicodeString
RtlStringFromGUID
RtlAppendUnicodeStringToString
RtlFormatCurrentUserKeyPath
RtlInitializeGenericTable
RtlQueryRegistryValuesEx
RtlLookupElementGenericTable
RtlNumberGenericTableElements
RtlGUIDFromString
RtlUpcaseUnicodeChar
NtQueryVolumeInformationFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlPrefixUnicodeString
RtlDetermineDosPathNameType_U
NtQueryInformationFile
RtlGetFullPathName_U
RtlUnicodeToMultiByteN
RtlNtStatusToDosErrorNoTeb
RtlAnsiCharToUnicodeChar
RtlMultiByteToUnicodeN
RtlSetLastWin32Error
NtTraceControl
NtTraceEvent
EtwpGetCpuSpeed
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
RtlInitAnsiStringEx
RtlInitUnicodeStringEx
RtlCreateUnicodeStringFromAsciiz
NtRenameKey
RtlAddAce
RtlGetAce
RtlAddAccessDeniedAceEx
RtlSetDaclSecurityDescriptor
RtlFirstFreeAce
RtlValidAcl
RtlAddAuditAccessObjectAce
RtlGetSaclSecurityDescriptor
RtlAddAccessDeniedObjectAce
RtlSetGroupSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlxAnsiStringToUnicodeSize
RtlGetControlSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedObjectAce
RtlGetDaclSecurityDescriptor
RtlInitializeSid
RtlGetOwnerSecurityDescriptor
RtlAddAuditAccessAceEx
NtQuerySystemTime
RtlTimeToSecondsSince1970
RtlImpersonateSelf
RtlAdjustPrivilege
RtlCopyString
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
NtWaitForSingleObject
RtlGetVersion
NtQueryInformationThread
NtSetInformationThread
NtQuerySecurityObject
RtlRunOnceExecuteOnce
RtlRunOnceBeginInitialize
RtlDllShutdownInProgress
RtlRunOnceInitialize
NtQueryPerformanceCounter
NtWaitForMultipleObjects
WinSqmAddToStream
RtlCreateAcl
RtlValidRelativeSecurityDescriptor
NtCreateFile
NtWriteFile
NtReadFile
RtlWaitOnAddress
RtlWakeAddressAll
RtlQueryPerformanceCounter
RtlAddAccessAllowedAce
RtlAcquireSRWLockExclusive
RtlInsertElementGenericTableAvl
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlLookupElementGenericTableAvl
RtlReleaseSRWLockShared
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlReAllocateHeap
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlWakeAddressSingle
RtlDestroyQueryDebugBuffer
RtlEqualUnicodeString
RtlQueryProcessDebugInformation
NtQueryMutant
NtQueryObject
NtAlpcQueryInformation
RtlInitializeSRWLock
RtlCreateQueryDebugBuffer
RtlOpenCurrentUser
NtQueryMultipleValueKey
NtReplaceKey
NtSaveMergedKeys
NtSaveKey
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlGetNtProductType
RtlCopyUnicodeString
RtlOemStringToUnicodeString
RtlUnicodeToMultiByteSize
RtlUnicodeStringToAnsiString
RtlDosPathNameToNtPathName_U
RtlAllocateHeap
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlInitAnsiString
RtlInitUnicodeString
NtOpenKeyEx
NtSetInformationKey
RtlFreeHeap
RtlAnsiStringToUnicodeString
RtlInitializeCriticalSection
RtlDeleteCriticalSection

api-ms-win-eventing-controller-l1-1-0

TraceSetInformation
ControlTraceW
QueryAllTracesW
EventAccessQuery
EnumerateTraceGuidsEx
StartTraceW
EventAccessControl
StopTraceW
EventAccessRemove
EnableTraceEx2

api-ms-win-eventing-consumer-l1-1-0

CloseTrace
OpenTraceW
ProcessTrace

kernelbase

RegKrnGetHKEY_ClassesRootAddress
RegKrnGetClassesEnumTableAddressInternal
RegKrnGetTermsrvRegistryExtensionFlags
RegDeleteKeyExInternalW
RegOpenKeyExInternalW
RegCreateKeyExInternalW
CLOSE_LOCAL_HANDLE_INTERNAL
MapPredefinedHandleInternal
RegDeleteKeyExInternalA
RegCreateKeyExInternalA
RegOpenKeyExInternalA
RemapPredefinedHandleInternal
DisablePredefinedHandleTableInternal
GetPackagePath
PackageIdFromFullName
Sleep
lstrcmpiW
lstrcmpW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CreateProcessAsUserW
CreateProcessInternalA
AreFileApisANSI
lstrlenW
LocalReAlloc
LocalFree
LocalAlloc

sechost

QueryAllTracesA
StartTraceA
ControlTraceA

api-ms-win-service-core-l1-1-1

EnumDependentServicesW
QueryServiceDynamicInformation
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
EnumServicesStatusExW

api-ms-win-service-management-l1-1-0

CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
ControlServiceExW
OpenServiceW
StartServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceStatusEx
QueryServiceConfigW
NotifyServiceStatusChangeW
SetServiceObjectSecurity
ChangeServiceConfig2W
QueryServiceObjectSecurity
QueryServiceConfig2W

api-ms-win-service-private-l1-1-1

I_ScRpcBindW
I_ScRpcBindA
I_ScSetServiceBitsA
I_ScSetServiceBitsW
I_ScRegisterPreshutdownRestart
WaitServiceState

api-ms-win-service-winsvc-l1-2-0

OpenServiceA
QueryServiceConfig2A
ControlService
RegisterServiceCtrlHandlerW
QueryServiceConfigA
OpenSCManagerA
QueryServiceStatus
RegisterServiceCtrlHandlerExA
ChangeServiceConfigA
StartServiceA
CreateServiceA
RegisterServiceCtrlHandlerA
NotifyServiceStatusChangeA
ControlServiceExA
ChangeServiceConfig2A
StartServiceCtrlDispatcherA

api-ms-win-core-namedpipe-l1-2-0

ImpersonateNamedPipeClient

api-ms-win-core-processthreads-l1-1-2

OpenProcess
CreateThread
IsProcessorFeaturePresent
GetCurrentThread
OpenThread
GetProcessId
GetCurrentProcess
OpenProcessToken
OpenThreadToken
SetThreadToken
GetPriorityClass
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-security-base-l1-2-0

RevertToSelf
AddAccessAllowedAce
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
AllocateAndInitializeSid
AllocateLocallyUniqueId
InitializeAcl
SetKernelObjectSecurity
MakeAbsoluteSD
ImpersonateLoggedOnUser
DuplicateTokenEx
QuerySecurityAccessMask
CreatePrivateObjectSecurityEx
GetSecurityDescriptorLength
ImpersonateSelf
GetAce
AccessCheckByTypeResultList
CreatePrivateObjectSecurity
SetSecurityDescriptorDacl
IsTokenRestricted
AddAuditAccessObjectAce
AdjustTokenGroups
AddAccessDeniedAce
AreAllAccessesGranted
SetTokenInformation
PrivilegeCheck
InitializeSecurityDescriptor
GetPrivateObjectSecurity
DuplicateToken
CreatePrivateObjectSecurityWithMultipleInheritance
EqualPrefixSid
GetSidIdentifierAuthority
FreeSid
GetTokenInformation
PrivilegedServiceAuditAlarmW
AccessCheckByTypeResultListAndAuditAlarmW
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmW
ObjectCloseAuditAlarmW
SetFileSecurityW
GetFileSecurityW
ObjectDeleteAuditAlarmW
CopySid
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckAndAuditAlarmW
AccessCheckByTypeAndAuditAlarmW
IsValidSid
AddAccessDeniedObjectAce
AddAccessAllowedObjectAce
AccessCheckByType
AddAuditAccessAce
SetPrivateObjectSecurityEx
EqualSid
GetSecurityDescriptorControl
CreateRestrictedToken
GetAclInformation
GetKernelObjectSecurity
AccessCheck
AddAccessAllowedAceEx
GetSecurityDescriptorRMControl
SetSecurityDescriptorRMControl
GetSidSubAuthorityCount
MapGenericMask
GetSidLengthRequired
SetSecurityDescriptorGroup
InitializeSid
SetAclInformation
GetSecurityDescriptorSacl
ImpersonateAnonymousToken
MakeSelfRelativeSD
IsValidSecurityDescriptor
GetLengthSid
AddAccessDeniedAceEx
CheckTokenMembership
SetSecurityDescriptorSacl
AreAnyAccessesGranted
AdjustTokenPrivileges
DeleteAce
SetSecurityDescriptorControl
AddAuditAccessAceEx
GetWindowsAccountDomainSid
FindFirstFreeAce
ConvertToAutoInheritPrivateObjectSecurity
SetPrivateObjectSecurity
EqualDomainSid
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
CreateWellKnownSid
DestroyPrivateObjectSecurity
SetSecurityAccessMask
IsWellKnownSid
GetSidSubAuthority
IsValidAcl
AddAce

api-ms-win-security-base-private-l1-1-1

MakeAbsoluteSD2

api-ms-win-core-registry-l1-1-0

RegRestoreKeyW
RegLoadAppKeyW
RegCopyTreeW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExA
RegLoadAppKeyA
RegOpenUserClassesRoot
RegDeleteKeyExW
RegUnLoadKeyA
RegRestoreKeyA
RegDeleteTreeA
RegSetValueExA
RegCreateKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegLoadMUIStringW
RegSaveKeyExA
RegUnLoadKeyW
RegSetValueExW
RegLoadKeyW
RegDisablePredefinedCacheEx
RegEnumKeyExW
RegFlushKey
RegNotifyChangeKeyValue
RegDeleteKeyExA
RegSetKeySecurity
RegEnumValueW
RegLoadKeyA
RegEnumValueA
RegOpenCurrentUser
RegGetValueW
RegSaveKeyExW
RegDeleteTreeW
RegDeleteValueA
RegDeleteValueW
RegQueryInfoKeyA
RegGetValueA
RegGetKeySecurity
RegOpenKeyExA
RegLoadMUIStringA
RegQueryValueExW

api-ms-win-core-sysinfo-l1-2-1

GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime
GetLocalTime
GetNativeSystemInfo
GlobalMemoryStatusEx
GetSystemFirmwareTable
GetSystemWindowsDirectoryW
GetSystemTime
GetSystemDirectoryW

kernel32

GetFileAttributesExW
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
CloseHandle
FreeLibrary
LoadLibraryW
LeaveCriticalSection
GetLastError
EnterCriticalSection
GetFullPathNameW
SearchPathW
HeapAlloc
ResolveDelayLoadedAPI
DelayLoadFailureHook
HeapFree
SleepEx
GetProcessHeap
GetFileAttributesW
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
CreateEventW
GetThreadUILanguage
GetCommandLineW
GetModuleHandleExW
SetFilePointer
OutputDebugStringW
WriteFile
FormatMessageW
TermsrvDeleteKey
TermsrvOpenUserClasses
DuplicateHandle
DecodePointer
FreeLibraryAndExitThread
ReadProcessMemory
EncodePointer
CreateThreadpoolIo
FreeLibraryWhenCallbackReturns
CancelIoEx
CloseThreadpoolIo
MoveFileW
DeleteFileW
ExpandEnvironmentStringsW
GetModuleHandleW
GetFileSizeEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLongPathNameW
CompareFileTime
FindResourceExW
LoadResource
GetVolumePathNameW
DeleteCriticalSection
LoadLibraryExW
WaitForSingleObject
GetActiveProcessorCount
GetOverlappedResult
DeviceIoControl
GetVolumeInformationW
GetComputerNameW
ReleaseMutex
ExpandEnvironmentStringsA
GetModuleFileNameW
GetComputerNameA
LocalUnlock
LocalLock
CreateMutexW
InitializeCriticalSection
SizeofResource
StartThreadpoolIo
CancelThreadpoolIo
EnumUILanguagesW
GetFileMUIPath
SetErrorMode
SetFileInformationByHandle
CopyFileExW
FindClose
FindNextFileW
FindFirstFileExW
lstrcmpiA
GetFileSize
DosDateTimeToFileTime
FileTimeToDosDateTime
GetFileTime
ResetEvent
SetEvent
HeapReAlloc
LockResource
SetLastError

rpcrt4

RpcStringBindingComposeW
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExA
RpcBindingSetAuthInfoExW
NdrClientCall3
I_RpcExceptionFilter
I_RpcMapWin32Status
RpcEpResolveBinding
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingW
RpcSsDestroyClientContext
RpcBindingCreateW
RpcBindingBind
I_RpcSNCHOption
NdrClientCall2
UuidFromStringW
UuidToStringW
RpcExceptionFilter

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformationEffectiveYears
EnumDynamicTimeZoneInformation

api-ms-win-security-audit-l1-1-1

AuditSetSystemPolicy
AuditEnumeratePerUserPolicy
AuditQueryGlobalSaclW
AuditFree
AuditSetPerUserPolicy
AuditEnumerateSubCategories
AuditComputeEffectivePolicyBySid
AuditLookupCategoryNameW
AuditLookupSubCategoryNameW
AuditEnumerateCategories
AuditQueryPerUserPolicy
AuditSetGlobalSaclW
AuditQuerySecurity
AuditQuerySystemPolicy
AuditSetSecurity

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

A_SHAFinal
A_SHAInit
A_SHAUpdate
AbortSystemShutdownA
AbortSystemShutdownW
AccessCheck
AccessCheckAndAuditAlarmA
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmA
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmA
AccessCheckByTypeResultListAndAuditAlarmByHandleA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddConditionalAce
AddMandatoryAce
AddUsersToEncryptedFile
AddUsersToEncryptedFileEx
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
AuditComputeEffectivePolicyBySid
AuditComputeEffectivePolicyByToken
AuditEnumerateCategories
AuditEnumeratePerUserPolicy
AuditEnumerateSubCategories
AuditFree
AuditLookupCategoryGuidFromCategoryId
AuditLookupCategoryIdFromCategoryGuid
AuditLookupCategoryNameA
AuditLookupCategoryNameW
AuditLookupSubCategoryNameA
AuditLookupSubCategoryNameW
AuditQueryGlobalSaclA
AuditQueryGlobalSaclW
AuditQueryPerUserPolicy
AuditQuerySecurity
AuditQuerySystemPolicy
AuditSetGlobalSaclA
AuditSetGlobalSaclW
AuditSetPerUserPolicy
AuditSetSecurity
AuditSetSystemPolicy
BackupEventLogA
BackupEventLogW
BaseRegCloseKey
BaseRegCreateKey
BaseRegDeleteKeyEx
BaseRegDeleteValue
BaseRegFlushKey
BaseRegGetVersion
BaseRegLoadKey
BaseRegOpenKey
BaseRegRestoreKey
BaseRegSaveKeyEx
BaseRegSetKeySecurity
BaseRegSetValue
BaseRegUnLoadKey
BuildExplicitAccessWithNameA
BuildExplicitAccessWithNameW
BuildImpersonateExplicitAccessWithNameA
BuildImpersonateExplicitAccessWithNameW
BuildImpersonateTrusteeA
BuildImpersonateTrusteeW
BuildSecurityDescriptorA
BuildSecurityDescriptorW
BuildTrusteeWithNameA
BuildTrusteeWithNameW
BuildTrusteeWithObjectsAndNameA
BuildTrusteeWithObjectsAndNameW
BuildTrusteeWithObjectsAndSidA
BuildTrusteeWithObjectsAndSidW
BuildTrusteeWithSidA
BuildTrusteeWithSidW
CancelOverlappedAccess
ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CheckForHiberboot
CheckTokenMembership
ClearEventLogA
ClearEventLogW
CloseCodeAuthzLevel
CloseEncryptedFileRaw
CloseEventLog
CloseServiceHandle
CloseThreadWaitChainSession
CloseTrace
CommandLineFromMsiDescriptor
ComputeAccessTokenFromCodeAuthzLevel
ControlService
ControlServiceExA
ControlServiceExW
ControlTraceA
ControlTraceW
ConvertAccessToSecurityDescriptorA
ConvertAccessToSecurityDescriptorW
ConvertSDToStringSDDomainW
ConvertSDToStringSDRootDomainA
ConvertSDToStringSDRootDomainW
ConvertSecurityDescriptorToAccessA
ConvertSecurityDescriptorToAccessNamedA
ConvertSecurityDescriptorToAccessNamedW
ConvertSecurityDescriptorToAccessW
ConvertSecurityDescriptorToStringSecurityDescriptorA
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidA
ConvertSidToStringSidW
ConvertStringSDToSDDomainA
ConvertStringSDToSDDomainW
ConvertStringSDToSDRootDomainA
ConvertStringSDToSDRootDomainW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidA
ConvertStringSidToSidW
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreateCodeAuthzLevel
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessWithLogonW
CreateProcessWithTokenW
CreateRestrictedToken
CreateServiceA
CreateServiceW
CreateTraceInstanceId
CreateWellKnownSid
CredBackupCredentials
CredDeleteA
CredDeleteW
CredEncryptAndMarshalBinaryBlob
CredEnumerateA
CredEnumerateW
CredFindBestCredentialA
CredFindBestCredentialW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialA
CredIsMarshaledCredentialW
CredIsProtectedA
CredIsProtectedW
CredMarshalCredentialA
CredMarshalCredentialW
CredProfileLoaded
CredProfileLoadedEx
CredProfileUnloaded
CredProtectA
CredProtectW
CredReadA
CredReadByTokenHandle
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredRenameA
CredRenameW
CredRestoreCredentials
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredUnprotectA
CredUnprotectW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
CredpConvertCredential
CredpConvertOneCredentialSize
CredpConvertTargetInfo
CredpDecodeCredential
CredpEncodeCredential
CredpEncodeSecret
CryptAcquireContextA
CryptAcquireContextW
CryptContextAddRef
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptDuplicateHash
CryptDuplicateKey
CryptEncrypt
CryptEnumProviderTypesA
CryptEnumProviderTypesW
CryptEnumProvidersA
CryptEnumProvidersW
CryptExportKey
CryptGenKey
CryptGenRandom
CryptGetDefaultProviderA
CryptGetDefaultProviderW
CryptGetHashParam
CryptGetKeyParam
CryptGetProvParam
CryptGetUserKey
CryptHashData
CryptHashSessionKey
CryptImportKey
CryptReleaseContext
CryptSetHashParam
CryptSetKeyParam
CryptSetProvParam
CryptSetProviderA
CryptSetProviderExA
CryptSetProviderExW
CryptSetProviderW
CryptSignHashA
CryptSignHashW
CryptVerifySignatureA
CryptVerifySignatureW
DecryptFileA
DecryptFileW
DeleteAce
DeleteService
DeregisterEventSource
DestroyPrivateObjectSecurity
DuplicateEncryptionInfoFile
DuplicateToken
DuplicateTokenEx
ElfBackupEventLogFileA
ElfBackupEventLogFileW
ElfChangeNotify
ElfClearEventLogFileA
ElfClearEventLogFileW
ElfCloseEventLog
ElfDeregisterEventSource
ElfFlushEventLog
ElfNumberOfRecords
ElfOldestRecord
ElfOpenBackupEventLogA
ElfOpenBackupEventLogW
ElfOpenEventLogA
ElfOpenEventLogW
ElfReadEventLogA
ElfReadEventLogW
ElfRegisterEventSourceA
ElfRegisterEventSourceW
ElfReportEventA
ElfReportEventAndSourceW
ElfReportEventW
EnableTrace
EnableTraceEx
EnableTraceEx2
EncryptFileA
EncryptFileW
EncryptedFileKeyInfo
EncryptionDisable
EnumDependentServicesA
EnumDependentServicesW
EnumDynamicTimeZoneInformation
EnumServiceGroupW
EnumServicesStatusA
EnumServicesStatusExA
EnumServicesStatusExW
EnumServicesStatusW
EnumerateTraceGuids
EnumerateTraceGuidsEx
EqualDomainSid
EqualPrefixSid
EqualSid
EtwLogSysConfigExtension
EventAccessControl
EventAccessQuery
EventAccessRemove
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventSetInformation
EventUnregister
EventWrite
EventWriteEndScenario
EventWriteEx
EventWriteStartScenario
EventWriteString
EventWriteTransfer
FileEncryptionStatusA
FileEncryptionStatusW
FindFirstFreeAce
FlushEfsCache
FlushTraceA
FlushTraceW
FreeEncryptedFileKeyInfo
FreeEncryptedFileMetadata
FreeEncryptionCertificateHashList
FreeInheritedFromArray
FreeSid
GetAccessPermissionsForObjectA
GetAccessPermissionsForObjectW
GetAce
GetAclInformation
GetAuditedPermissionsFromAclA
GetAuditedPermissionsFromAclW
GetCurrentHwProfileA
GetCurrentHwProfileW
GetDynamicTimeZoneInformationEffectiveYears
GetEffectiveRightsFromAclA
GetEffectiveRightsFromAclW
GetEncryptedFileMetadata
GetEventLogInformation
GetExplicitEntriesFromAclA
GetExplicitEntriesFromAclW
GetFileSecurityA
GetFileSecurityW
GetInformationCodeAuthzLevelW
GetInformationCodeAuthzPolicyW
GetInheritanceSourceA
GetInheritanceSourceW
GetKernelObjectSecurity
GetLengthSid
GetLocalManagedApplicationData
GetLocalManagedApplications
GetManagedApplicationCategories
GetManagedApplications
GetMultipleTrusteeA
GetMultipleTrusteeOperationA
GetMultipleTrusteeOperationW
GetMultipleTrusteeW
GetNamedSecurityInfoA
GetNamedSecurityInfoExA
GetNamedSecurityInfoExW
GetNamedSecurityInfoW
GetNumberOfEventLogRecords
GetOldestEventLogRecord
GetOverlappedAccessResults
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSecurityInfo
GetSecurityInfoExA
GetSecurityInfoExW
GetServiceDisplayNameA
GetServiceDisplayNameW
GetServiceKeyNameA
GetServiceKeyNameW
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetStringConditionFromBinary
GetThreadWaitChain
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetTrusteeFormA
GetTrusteeFormW
GetTrusteeNameA
GetTrusteeNameW
GetTrusteeTypeA
GetTrusteeTypeW
GetUserNameA
GetUserNameW
GetWindowsAccountDomainSid
I_QueryTagInformation
I_ScGetCurrentGroupStateW
I_ScIsSecurityProcess
I_ScPnPGetServiceName
I_ScQueryServiceConfig
I_ScRegisterPreshutdownRestart
I_ScSendPnPMessage
I_ScSendTSMessage
I_ScSetServiceBitsA
I_ScSetServiceBitsW
I_ScValidatePnPService
IdentifyCodeAuthzLevelW
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
InitiateShutdownA
InitiateShutdownW
InitiateSystemShutdownA
InitiateSystemShutdownExA
InitiateSystemShutdownExW
InitiateSystemShutdownW
InstallApplication
IsTextUnicode
IsTokenRestricted
IsTokenUntrusted
IsValidAcl
IsValidRelativeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
LockServiceDatabase
LogonUserA
LogonUserExA
LogonUserExExW
LogonUserExW
LogonUserW
LookupAccountNameA
LookupAccountNameW
LookupAccountSidA
LookupAccountSidW
LookupPrivilegeDisplayNameA
LookupPrivilegeDisplayNameW
LookupPrivilegeNameA
LookupPrivilegeNameW
LookupPrivilegeValueA
LookupPrivilegeValueW
LookupSecurityDescriptorPartsA
LookupSecurityDescriptorPartsW
LsaAddAccountRights
LsaAddPrivilegesToAccount
LsaClearAuditLog
LsaClose
LsaCreateAccount
LsaCreateSecret
LsaCreateTrustedDomain
LsaCreateTrustedDomainEx
LsaDelete
LsaDeleteTrustedDomain
LsaEnumerateAccountRights
LsaEnumerateAccounts
LsaEnumerateAccountsWithUserRight
LsaEnumeratePrivileges
LsaEnumeratePrivilegesOfAccount
LsaEnumerateTrustedDomains
LsaEnumerateTrustedDomainsEx
LsaFreeMemory
LsaGetAppliedCAPIDs
LsaGetQuotasForAccount
LsaGetRemoteUserName
LsaGetSystemAccessAccount
LsaGetUserName
LsaICLookupNames
LsaICLookupNamesWithCreds
LsaICLookupSids
LsaICLookupSidsWithCreds
LsaLookupNames
LsaLookupNames2
LsaLookupPrivilegeDisplayName
LsaLookupPrivilegeName
LsaLookupPrivilegeValue
LsaLookupSids
LsaLookupSids2
LsaManageSidNameMapping
LsaNtStatusToWinError
LsaOpenAccount
LsaOpenPolicy
LsaOpenPolicySce
LsaOpenSecret
LsaOpenTrustedDomain
LsaOpenTrustedDomainByName
LsaQueryCAPs
LsaQueryDomainInformationPolicy
LsaQueryForestTrustInformation
LsaQueryInfoTrustedDomain
LsaQueryInformationPolicy
LsaQuerySecret
LsaQuerySecurityObject
LsaQueryTrustedDomainInfo
LsaQueryTrustedDomainInfoByName
LsaRemoveAccountRights
LsaRemovePrivilegesFromAccount
LsaRetrievePrivateData
LsaSetCAPs
LsaSetDomainInformationPolicy
LsaSetForestTrustInformation
LsaSetInformationPolicy
LsaSetInformationTrustedDomain
LsaSetQuotasForAccount
LsaSetSecret
LsaSetSecurityObject
LsaSetSystemAccessAccount
LsaSetTrustedDomainInfoByName
LsaSetTrustedDomainInformation
LsaStorePrivateData
MD4Final
MD4Init

Sections

.text
Size: 566KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ae
.zip

Password: Brodbeck78
20e
.zip
adsk
.dll windows:6 windows x64 arch:x64

8b36d78fcc03ea9a3a598e7be2b43ec2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

_CxxThrowException
memcpy
memset
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcsrchr
_wcsnicmp
wcsncat_s
swprintf_s
wcschr
_ltow
_wtol
_itow_s
_purecall
wcscat_s
_wcsicmp
wcscpy_s
wcsncpy_s
wcscmp

ntdll

RtlSecondsSince1970ToTime
RtlRunDecodeUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlRunEncodeUnicodeString
RtlTimeToSecondsSince1970
RtlInitUnicodeString

api-ms-win-service-management-l1-1-0

StartServiceW
CreateServiceW
CloseServiceHandle
OpenServiceW
DeleteService
OpenSCManagerW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-winsvc-l1-2-0

ControlService
QueryServiceStatus

advapi32

GetUserNameW
EnumServicesStatusW
LookupAccountNameW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
GetLengthSid
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

activeds

ord7
ord16
ord21
ord23
ord22
ord17
ord18
ord14
ord15

ole32

CoTaskMemFree
CreatePointerMoniker
StringFromGUID2
CoCreateInstance
CLSIDFromString
StringFromCLSID
IIDFromString

winspool.drv

GetJobW
DeletePrinter
EnumPrintersW
EnumJobsW
GetPrinterW
SetJobW
SetPrinterW
OpenPrinterW
AddPrinterW
ClosePrinter

oleaut32

SafeArrayUnaccessData
CreateErrorInfo
SystemTimeToVariantTime
VariantTimeToSystemTime
DosDateTimeToVariantTime
VariantTimeToDosDateTime
SafeArrayAccessData
SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantInit
VariantClear
DispGetIDsOfNames
SetErrorInfo
DispInvoke
LoadRegTypeLi
VariantCopy
SysFreeString
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy

netutils

NetpwNameCompare
NetApiBufferFree

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

browcli

NetServerEnum

logoncli

NetGetAnyDCName
NetGetDCName

samcli

NetLocalGroupGetMembers
NetGroupDel
NetLocalGroupDel
NetGroupGetUsers
NetUserDel
NetGroupAdd
NetLocalGroupGetInfo
NetLocalGroupDelMembers
NetGroupDelUser
NetLocalGroupAddMembers
NetGroupAddUser
NetUserGetLocalGroups
NetGroupGetInfo
NetUserGetGroups
NetUserChangePassword
NetUserAdd
NetGroupSetInfo
NetLocalGroupSetInfo
NetUserGetInfo
NetUserSetInfo
NetQueryDisplayInformation
NetUserModalsSet
NetUserModalsGet
NetGroupEnum
NetLocalGroupEnum
NetLocalGroupAdd

srvcli

NetServerGetInfo
NetSessionGetInfo
NetSessionDel
NetSessionEnum
NetShareGetInfo
NetFileEnum
NetFileGetInfo
NetShareEnum
NetShareSetInfo
NetShareAdd
NetShareDel
NetServerSetInfo

wkscli

NetWkstaUserGetInfo
NetUseGetInfo
NetWkstaGetInfo

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
ResolveDelayLoadedAPI
DelayLoadFailureHook
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetProcAddress
LoadLibraryW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrlenW
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
FormatMessageW
FileTimeToDosDateTime
GetSystemDirectoryW
SystemTimeToTzSpecificLocalTime
GetComputerNameW
FreeLibrary
DeleteCriticalSection
RaiseException
InitializeCriticalSection
GetModuleHandleW
DisableThreadLibraryCalls
GetTickCount
CompareStringOrdinal
SystemTimeToFileTime
GetSystemTime
SetLastError
GetLastError
LocalAlloc
LocalFree
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adva
.dll windows:6 windows x64 arch:x64

973a8cdb39a3db10c284afb640b793b3

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/06/2013, 21:43

Not After

17/09/2014, 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:c0:41:14:d5:af:90:50:02:cc:d6:a4:a3:f8:71:67:d3:2a:66:93:f7:25:fd:0c:9e:c8:16:8f:6b:22:a9:30
Signer

Actual PE Digest

c8:c0:41:14:d5:af:90:50:02:cc:d6:a4:a3:f8:71:67:d3:2a:66:93:f7:25:fd:0c:9e:c8:16:8f:6b:22:a9:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memmove
iswctype
_vsnwprintf
memset
memcpy
memcmp
__C_specific_handler
_vsnprintf
mbstowcs
iswalpha
_stricmp
_wcstoi64
_i64tow_s
_wcstoui64
_ui64tow_s
_ultow
wcscat_s
_wcsicmp
_errno
wcschr
wcscpy_s
wcstok_s
swscanf_s
wcsrchr
wcsncpy_s
wcsstr
swprintf_s
_wcsnicmp
wcsncmp
strstr
strchr
tolower
wcstoul
_ultow_s
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtSetSystemInformation
DbgPrint
RtlFreeAnsiString
RtlGetCurrentTransaction
ord1
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlIsTextUnicode
RtlLengthSid
NlsMbCodePageTag
NtQueryInformationToken
RtlxUnicodeStringToAnsiSize
RtlSubAuthoritySid
RtlGetThreadPreferredUILanguages
RtlSubAuthorityCountSid
RtlMakeSelfRelativeSD
RtlConvertSidToUnicodeString
RtlUnicodeStringToInteger
RtlAllocateHandle
RtlIsValidIndexHandle
RtlFreeHandle
NtOpenKey
NtQueryValueKey
NtClose
NtOpenThreadToken
NtOpenProcessToken
RtlEqualSid
RtlAddAccessAllowedAceEx
NtSetInformationToken
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtDuplicateToken
NtCompareTokens
RtlAllocateAndInitializeSid
RtlFreeSid
RtlIsGenericTableEmpty
RtlEnumerateGenericTableWithoutSplaying
RtlDuplicateUnicodeString
RtlExpandEnvironmentStrings_U
NtOpenFile
RtlCreateUnicodeString
NtQueryInformationProcess
RtlGetLastNtStatus
NtQueryKey
RtlValidSid
LdrLoadDll
RtlImageNtHeader
LdrUnloadDll
NtDeviceIoControlFile
NtQuerySystemInformation
EtwEventRegister
EtwEventWrite
NtCreateKey
NtSetValueKey
RtlDeleteElementGenericTable
RtlAppendUnicodeToString
NtDeleteKey
RtlInsertElementGenericTable
RtlCopySid
RtlInitializeHandleTable
RtlDestroyHandleTable
EtwEventUnregister
NtEnumerateKey
RtlIntegerToUnicodeString
RtlStringFromGUID
RtlAppendUnicodeStringToString
RtlFormatCurrentUserKeyPath
RtlInitializeGenericTable
RtlQueryRegistryValuesEx
RtlLookupElementGenericTable
RtlNumberGenericTableElements
RtlGUIDFromString
RtlUpcaseUnicodeChar
NtQueryVolumeInformationFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlPrefixUnicodeString
RtlDetermineDosPathNameType_U
NtQueryInformationFile
RtlGetFullPathName_U
RtlUnicodeToMultiByteN
RtlNtStatusToDosErrorNoTeb
RtlAnsiCharToUnicodeChar
RtlMultiByteToUnicodeN
RtlSetLastWin32Error
NtTraceControl
NtTraceEvent
EtwpGetCpuSpeed
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
RtlInitAnsiStringEx
RtlInitUnicodeStringEx
RtlCreateUnicodeStringFromAsciiz
NtRenameKey
RtlAddAce
RtlGetAce
RtlAddAccessDeniedAceEx
RtlSetDaclSecurityDescriptor
RtlFirstFreeAce
RtlValidAcl
RtlAddAuditAccessObjectAce
RtlGetSaclSecurityDescriptor
RtlAddAccessDeniedObjectAce
RtlSetGroupSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlxAnsiStringToUnicodeSize
RtlGetControlSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedObjectAce
RtlGetDaclSecurityDescriptor
RtlInitializeSid
RtlGetOwnerSecurityDescriptor
RtlAddAuditAccessAceEx
NtQuerySystemTime
RtlTimeToSecondsSince1970
RtlImpersonateSelf
RtlAdjustPrivilege
RtlCopyString
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
NtWaitForSingleObject
RtlGetVersion
NtQueryInformationThread
NtSetInformationThread
NtQuerySecurityObject
RtlRunOnceExecuteOnce
RtlRunOnceBeginInitialize
RtlDllShutdownInProgress
RtlRunOnceInitialize
NtQueryPerformanceCounter
NtWaitForMultipleObjects
WinSqmAddToStream
RtlCreateAcl
RtlValidRelativeSecurityDescriptor
NtCreateFile
NtWriteFile
NtReadFile
RtlWaitOnAddress
RtlWakeAddressAll
RtlQueryPerformanceCounter
RtlAddAccessAllowedAce
RtlAcquireSRWLockExclusive
RtlInsertElementGenericTableAvl
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlLookupElementGenericTableAvl
RtlReleaseSRWLockShared
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlReAllocateHeap
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlWakeAddressSingle
RtlDestroyQueryDebugBuffer
RtlEqualUnicodeString
RtlQueryProcessDebugInformation
NtQueryMutant
NtQueryObject
NtAlpcQueryInformation
RtlInitializeSRWLock
RtlCreateQueryDebugBuffer
RtlOpenCurrentUser
NtQueryMultipleValueKey
NtReplaceKey
NtSaveMergedKeys
NtSaveKey
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlGetNtProductType
RtlCopyUnicodeString
RtlOemStringToUnicodeString
RtlUnicodeToMultiByteSize
RtlUnicodeStringToAnsiString
RtlDosPathNameToNtPathName_U
RtlAllocateHeap
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlInitAnsiString
RtlInitUnicodeString
NtOpenKeyEx
NtSetInformationKey
RtlFreeHeap
RtlAnsiStringToUnicodeString
RtlInitializeCriticalSection
RtlDeleteCriticalSection

api-ms-win-eventing-controller-l1-1-0

TraceSetInformation
ControlTraceW
QueryAllTracesW
EventAccessQuery
EnumerateTraceGuidsEx
StartTraceW
EventAccessControl
StopTraceW
EventAccessRemove
EnableTraceEx2

api-ms-win-eventing-consumer-l1-1-0

CloseTrace
OpenTraceW
ProcessTrace

kernelbase

RegKrnGetHKEY_ClassesRootAddress
RegKrnGetClassesEnumTableAddressInternal
RegKrnGetTermsrvRegistryExtensionFlags
RegDeleteKeyExInternalW
RegOpenKeyExInternalW
RegCreateKeyExInternalW
CLOSE_LOCAL_HANDLE_INTERNAL
MapPredefinedHandleInternal
RegDeleteKeyExInternalA
RegCreateKeyExInternalA
RegOpenKeyExInternalA
RemapPredefinedHandleInternal
DisablePredefinedHandleTableInternal
GetPackagePath
PackageIdFromFullName
Sleep
lstrcmpiW
lstrcmpW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CreateProcessAsUserW
CreateProcessInternalA
AreFileApisANSI
lstrlenW
LocalReAlloc
LocalFree
LocalAlloc

sechost

QueryAllTracesA
StartTraceA
ControlTraceA

api-ms-win-service-core-l1-1-1

EnumDependentServicesW
QueryServiceDynamicInformation
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
EnumServicesStatusExW

api-ms-win-service-management-l1-1-0

CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
ControlServiceExW
OpenServiceW
StartServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceStatusEx
QueryServiceConfigW
NotifyServiceStatusChangeW
SetServiceObjectSecurity
ChangeServiceConfig2W
QueryServiceObjectSecurity
QueryServiceConfig2W

api-ms-win-service-private-l1-1-1

I_ScRpcBindW
I_ScRpcBindA
I_ScSetServiceBitsA
I_ScSetServiceBitsW
I_ScRegisterPreshutdownRestart
WaitServiceState

api-ms-win-service-winsvc-l1-2-0

OpenServiceA
QueryServiceConfig2A
ControlService
RegisterServiceCtrlHandlerW
QueryServiceConfigA
OpenSCManagerA
QueryServiceStatus
RegisterServiceCtrlHandlerExA
ChangeServiceConfigA
StartServiceA
CreateServiceA
RegisterServiceCtrlHandlerA
NotifyServiceStatusChangeA
ControlServiceExA
ChangeServiceConfig2A
StartServiceCtrlDispatcherA

api-ms-win-core-namedpipe-l1-2-0

ImpersonateNamedPipeClient

api-ms-win-core-processthreads-l1-1-2

OpenProcess
CreateThread
IsProcessorFeaturePresent
GetCurrentThread
OpenThread
GetProcessId
GetCurrentProcess
OpenProcessToken
OpenThreadToken
SetThreadToken
GetPriorityClass
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-security-base-l1-2-0

RevertToSelf
AddAccessAllowedAce
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
AllocateAndInitializeSid
AllocateLocallyUniqueId
InitializeAcl
SetKernelObjectSecurity
MakeAbsoluteSD
ImpersonateLoggedOnUser
DuplicateTokenEx
QuerySecurityAccessMask
CreatePrivateObjectSecurityEx
GetSecurityDescriptorLength
ImpersonateSelf
GetAce
AccessCheckByTypeResultList
CreatePrivateObjectSecurity
SetSecurityDescriptorDacl
IsTokenRestricted
AddAuditAccessObjectAce
AdjustTokenGroups
AddAccessDeniedAce
AreAllAccessesGranted
SetTokenInformation
PrivilegeCheck
InitializeSecurityDescriptor
GetPrivateObjectSecurity
DuplicateToken
CreatePrivateObjectSecurityWithMultipleInheritance
EqualPrefixSid
GetSidIdentifierAuthority
FreeSid
GetTokenInformation
PrivilegedServiceAuditAlarmW
AccessCheckByTypeResultListAndAuditAlarmW
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmW
ObjectCloseAuditAlarmW
SetFileSecurityW
GetFileSecurityW
ObjectDeleteAuditAlarmW
CopySid
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckAndAuditAlarmW
AccessCheckByTypeAndAuditAlarmW
IsValidSid
AddAccessDeniedObjectAce
AddAccessAllowedObjectAce
AccessCheckByType
AddAuditAccessAce
SetPrivateObjectSecurityEx
EqualSid
GetSecurityDescriptorControl
CreateRestrictedToken
GetAclInformation
GetKernelObjectSecurity
AccessCheck
AddAccessAllowedAceEx
GetSecurityDescriptorRMControl
SetSecurityDescriptorRMControl
GetSidSubAuthorityCount
MapGenericMask
GetSidLengthRequired
SetSecurityDescriptorGroup
InitializeSid
SetAclInformation
GetSecurityDescriptorSacl
ImpersonateAnonymousToken
MakeSelfRelativeSD
IsValidSecurityDescriptor
GetLengthSid
AddAccessDeniedAceEx
CheckTokenMembership
SetSecurityDescriptorSacl
AreAnyAccessesGranted
AdjustTokenPrivileges
DeleteAce
SetSecurityDescriptorControl
AddAuditAccessAceEx
GetWindowsAccountDomainSid
FindFirstFreeAce
ConvertToAutoInheritPrivateObjectSecurity
SetPrivateObjectSecurity
EqualDomainSid
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
CreateWellKnownSid
DestroyPrivateObjectSecurity
SetSecurityAccessMask
IsWellKnownSid
GetSidSubAuthority
IsValidAcl
AddAce

api-ms-win-security-base-private-l1-1-1

MakeAbsoluteSD2

api-ms-win-core-registry-l1-1-0

RegRestoreKeyW
RegLoadAppKeyW
RegCopyTreeW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExA
RegLoadAppKeyA
RegOpenUserClassesRoot
RegDeleteKeyExW
RegUnLoadKeyA
RegRestoreKeyA
RegDeleteTreeA
RegSetValueExA
RegCreateKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegLoadMUIStringW
RegSaveKeyExA
RegUnLoadKeyW
RegSetValueExW
RegLoadKeyW
RegDisablePredefinedCacheEx
RegEnumKeyExW
RegFlushKey
RegNotifyChangeKeyValue
RegDeleteKeyExA
RegSetKeySecurity
RegEnumValueW
RegLoadKeyA
RegEnumValueA
RegOpenCurrentUser
RegGetValueW
RegSaveKeyExW
RegDeleteTreeW
RegDeleteValueA
RegDeleteValueW
RegQueryInfoKeyA
RegGetValueA
RegGetKeySecurity
RegOpenKeyExA
RegLoadMUIStringA
RegQueryValueExW

api-ms-win-core-sysinfo-l1-2-1

GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime
GetLocalTime
GetNativeSystemInfo
GlobalMemoryStatusEx
GetSystemFirmwareTable
GetSystemWindowsDirectoryW
GetSystemTime
GetSystemDirectoryW

kernel32

GetFileAttributesExW
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
CloseHandle
FreeLibrary
LoadLibraryW
LeaveCriticalSection
GetLastError
EnterCriticalSection
GetFullPathNameW
SearchPathW
HeapAlloc
ResolveDelayLoadedAPI
DelayLoadFailureHook
HeapFree
SleepEx
GetProcessHeap
GetFileAttributesW
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
CreateEventW
GetThreadUILanguage
GetCommandLineW
GetModuleHandleExW
SetFilePointer
OutputDebugStringW
WriteFile
FormatMessageW
TermsrvDeleteKey
TermsrvOpenUserClasses
DuplicateHandle
DecodePointer
FreeLibraryAndExitThread
ReadProcessMemory
EncodePointer
CreateThreadpoolIo
FreeLibraryWhenCallbackReturns
CancelIoEx
CloseThreadpoolIo
MoveFileW
DeleteFileW
ExpandEnvironmentStringsW
GetModuleHandleW
GetFileSizeEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLongPathNameW
CompareFileTime
FindResourceExW
LoadResource
GetVolumePathNameW
DeleteCriticalSection
LoadLibraryExW
WaitForSingleObject
GetActiveProcessorCount
GetOverlappedResult
DeviceIoControl
GetVolumeInformationW
GetComputerNameW
ReleaseMutex
ExpandEnvironmentStringsA
GetModuleFileNameW
GetComputerNameA
LocalUnlock
LocalLock
CreateMutexW
InitializeCriticalSection
SizeofResource
StartThreadpoolIo
CancelThreadpoolIo
EnumUILanguagesW
GetFileMUIPath
SetErrorMode
SetFileInformationByHandle
CopyFileExW
FindClose
FindNextFileW
FindFirstFileExW
lstrcmpiA
GetFileSize
DosDateTimeToFileTime
FileTimeToDosDateTime
GetFileTime
ResetEvent
SetEvent
HeapReAlloc
LockResource
SetLastError

rpcrt4

RpcStringBindingComposeW
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExA
RpcBindingSetAuthInfoExW
NdrClientCall3
I_RpcExceptionFilter
I_RpcMapWin32Status
RpcEpResolveBinding
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingW
RpcSsDestroyClientContext
RpcBindingCreateW
RpcBindingBind
I_RpcSNCHOption
NdrClientCall2
UuidFromStringW
UuidToStringW
RpcExceptionFilter

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformationEffectiveYears
EnumDynamicTimeZoneInformation

api-ms-win-security-audit-l1-1-1

AuditSetSystemPolicy
AuditEnumeratePerUserPolicy
AuditQueryGlobalSaclW
AuditFree
AuditSetPerUserPolicy
AuditEnumerateSubCategories
AuditComputeEffectivePolicyBySid
AuditLookupCategoryNameW
AuditLookupSubCategoryNameW
AuditEnumerateCategories
AuditQueryPerUserPolicy
AuditSetGlobalSaclW
AuditQuerySecurity
AuditQuerySystemPolicy
AuditSetSecurity

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

A_SHAFinal
A_SHAInit
A_SHAUpdate
AbortSystemShutdownA
AbortSystemShutdownW
AccessCheck
AccessCheckAndAuditAlarmA
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmA
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmA
AccessCheckByTypeResultListAndAuditAlarmByHandleA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddConditionalAce
AddMandatoryAce
AddUsersToEncryptedFile
AddUsersToEncryptedFileEx
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
AuditComputeEffectivePolicyBySid
AuditComputeEffectivePolicyByToken
AuditEnumerateCategories
AuditEnumeratePerUserPolicy
AuditEnumerateSubCategories
AuditFree
AuditLookupCategoryGuidFromCategoryId
AuditLookupCategoryIdFromCategoryGuid
AuditLookupCategoryNameA
AuditLookupCategoryNameW
AuditLookupSubCategoryNameA
AuditLookupSubCategoryNameW
AuditQueryGlobalSaclA
AuditQueryGlobalSaclW
AuditQueryPerUserPolicy
AuditQuerySecurity
AuditQuerySystemPolicy
AuditSetGlobalSaclA
AuditSetGlobalSaclW
AuditSetPerUserPolicy
AuditSetSecurity
AuditSetSystemPolicy
BackupEventLogA
BackupEventLogW
BaseRegCloseKey
BaseRegCreateKey
BaseRegDeleteKeyEx
BaseRegDeleteValue
BaseRegFlushKey
BaseRegGetVersion
BaseRegLoadKey
BaseRegOpenKey
BaseRegRestoreKey
BaseRegSaveKeyEx
BaseRegSetKeySecurity
BaseRegSetValue
BaseRegUnLoadKey
BuildExplicitAccessWithNameA
BuildExplicitAccessWithNameW
BuildImpersonateExplicitAccessWithNameA
BuildImpersonateExplicitAccessWithNameW
BuildImpersonateTrusteeA
BuildImpersonateTrusteeW
BuildSecurityDescriptorA
BuildSecurityDescriptorW
BuildTrusteeWithNameA
BuildTrusteeWithNameW
BuildTrusteeWithObjectsAndNameA
BuildTrusteeWithObjectsAndNameW
BuildTrusteeWithObjectsAndSidA
BuildTrusteeWithObjectsAndSidW
BuildTrusteeWithSidA
BuildTrusteeWithSidW
CancelOverlappedAccess
ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CheckForHiberboot
CheckTokenMembership
ClearEventLogA
ClearEventLogW
CloseCodeAuthzLevel
CloseEncryptedFileRaw
CloseEventLog
CloseServiceHandle
CloseThreadWaitChainSession
CloseTrace
CommandLineFromMsiDescriptor
ComputeAccessTokenFromCodeAuthzLevel
ControlService
ControlServiceExA
ControlServiceExW
ControlTraceA
ControlTraceW
ConvertAccessToSecurityDescriptorA
ConvertAccessToSecurityDescriptorW
ConvertSDToStringSDDomainW
ConvertSDToStringSDRootDomainA
ConvertSDToStringSDRootDomainW
ConvertSecurityDescriptorToAccessA
ConvertSecurityDescriptorToAccessNamedA
ConvertSecurityDescriptorToAccessNamedW
ConvertSecurityDescriptorToAccessW
ConvertSecurityDescriptorToStringSecurityDescriptorA
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidA
ConvertSidToStringSidW
ConvertStringSDToSDDomainA
ConvertStringSDToSDDomainW
ConvertStringSDToSDRootDomainA
ConvertStringSDToSDRootDomainW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidA
ConvertStringSidToSidW
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreateCodeAuthzLevel
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessWithLogonW
CreateProcessWithTokenW
CreateRestrictedToken
CreateServiceA
CreateServiceW
CreateTraceInstanceId
CreateWellKnownSid
CredBackupCredentials
CredDeleteA
CredDeleteW
CredEncryptAndMarshalBinaryBlob
CredEnumerateA
CredEnumerateW
CredFindBestCredentialA
CredFindBestCredentialW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialA
CredIsMarshaledCredentialW
CredIsProtectedA
CredIsProtectedW
CredMarshalCredentialA
CredMarshalCredentialW
CredProfileLoaded
CredProfileLoadedEx
CredProfileUnloaded
CredProtectA
CredProtectW
CredReadA
CredReadByTokenHandle
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredRenameA
CredRenameW
CredRestoreCredentials
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredUnprotectA
CredUnprotectW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
CredpConvertCredential
CredpConvertOneCredentialSize
CredpConvertTargetInfo
CredpDecodeCredential
CredpEncodeCredential
CredpEncodeSecret
CryptAcquireContextA
CryptAcquireContextW
CryptContextAddRef
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptDuplicateHash
CryptDuplicateKey
CryptEncrypt
CryptEnumProviderTypesA
CryptEnumProviderTypesW
CryptEnumProvidersA
CryptEnumProvidersW
CryptExportKey
CryptGenKey
CryptGenRandom
CryptGetDefaultProviderA
CryptGetDefaultProviderW
CryptGetHashParam
CryptGetKeyParam
CryptGetProvParam
CryptGetUserKey
CryptHashData
CryptHashSessionKey
CryptImportKey
CryptReleaseContext
CryptSetHashParam
CryptSetKeyParam
CryptSetProvParam
CryptSetProviderA
CryptSetProviderExA
CryptSetProviderExW
CryptSetProviderW
CryptSignHashA
CryptSignHashW
CryptVerifySignatureA
CryptVerifySignatureW
DecryptFileA
DecryptFileW
DeleteAce
DeleteService
DeregisterEventSource
DestroyPrivateObjectSecurity
DuplicateEncryptionInfoFile
DuplicateToken
DuplicateTokenEx
ElfBackupEventLogFileA
ElfBackupEventLogFileW
ElfChangeNotify
ElfClearEventLogFileA
ElfClearEventLogFileW
ElfCloseEventLog
ElfDeregisterEventSource
ElfFlushEventLog
ElfNumberOfRecords
ElfOldestRecord
ElfOpenBackupEventLogA
ElfOpenBackupEventLogW
ElfOpenEventLogA
ElfOpenEventLogW
ElfReadEventLogA
ElfReadEventLogW
ElfRegisterEventSourceA
ElfRegisterEventSourceW
ElfReportEventA
ElfReportEventAndSourceW
ElfReportEventW
EnableTrace
EnableTraceEx
EnableTraceEx2
EncryptFileA
EncryptFileW
EncryptedFileKeyInfo
EncryptionDisable
EnumDependentServicesA
EnumDependentServicesW
EnumDynamicTimeZoneInformation
EnumServiceGroupW
EnumServicesStatusA
EnumServicesStatusExA
EnumServicesStatusExW
EnumServicesStatusW
EnumerateTraceGuids
EnumerateTraceGuidsEx
EqualDomainSid
EqualPrefixSid
EqualSid
EtwLogSysConfigExtension
EventAccessControl
EventAccessQuery
EventAccessRemove
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventSetInformation
EventUnregister
EventWrite
EventWriteEndScenario
EventWriteEx
EventWriteStartScenario
EventWriteString
EventWriteTransfer
FileEncryptionStatusA
FileEncryptionStatusW
FindFirstFreeAce
FlushEfsCache
FlushTraceA
FlushTraceW
FreeEncryptedFileKeyInfo
FreeEncryptedFileMetadata
FreeEncryptionCertificateHashList
FreeInheritedFromArray
FreeSid
GetAccessPermissionsForObjectA
GetAccessPermissionsForObjectW
GetAce
GetAclInformation
GetAuditedPermissionsFromAclA
GetAuditedPermissionsFromAclW
GetCurrentHwProfileA
GetCurrentHwProfileW
GetDynamicTimeZoneInformationEffectiveYears
GetEffectiveRightsFromAclA
GetEffectiveRightsFromAclW
GetEncryptedFileMetadata
GetEventLogInformation
GetExplicitEntriesFromAclA
GetExplicitEntriesFromAclW
GetFileSecurityA
GetFileSecurityW
GetInformationCodeAuthzLevelW
GetInformationCodeAuthzPolicyW
GetInheritanceSourceA
GetInheritanceSourceW
GetKernelObjectSecurity
GetLengthSid
GetLocalManagedApplicationData
GetLocalManagedApplications
GetManagedApplicationCategories
GetManagedApplications
GetMultipleTrusteeA
GetMultipleTrusteeOperationA
GetMultipleTrusteeOperationW
GetMultipleTrusteeW
GetNamedSecurityInfoA
GetNamedSecurityInfoExA
GetNamedSecurityInfoExW
GetNamedSecurityInfoW
GetNumberOfEventLogRecords
GetOldestEventLogRecord
GetOverlappedAccessResults
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSecurityInfo
GetSecurityInfoExA
GetSecurityInfoExW
GetServiceDisplayNameA
GetServiceDisplayNameW
GetServiceKeyNameA
GetServiceKeyNameW
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetStringConditionFromBinary
GetThreadWaitChain
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetTrusteeFormA
GetTrusteeFormW
GetTrusteeNameA
GetTrusteeNameW
GetTrusteeTypeA
GetTrusteeTypeW
GetUserNameA
GetUserNameW
GetWindowsAccountDomainSid
I_QueryTagInformation
I_ScGetCurrentGroupStateW
I_ScIsSecurityProcess
I_ScPnPGetServiceName
I_ScQueryServiceConfig
I_ScRegisterPreshutdownRestart
I_ScSendPnPMessage
I_ScSendTSMessage
I_ScSetServiceBitsA
I_ScSetServiceBitsW
I_ScValidatePnPService
IdentifyCodeAuthzLevelW
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
InitiateShutdownA
InitiateShutdownW
InitiateSystemShutdownA
InitiateSystemShutdownExA
InitiateSystemShutdownExW
InitiateSystemShutdownW
InstallApplication
IsTextUnicode
IsTokenRestricted
IsTokenUntrusted
IsValidAcl
IsValidRelativeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
LockServiceDatabase
LogonUserA
LogonUserExA
LogonUserExExW
LogonUserExW
LogonUserW
LookupAccountNameA
LookupAccountNameW
LookupAccountSidA
LookupAccountSidW
LookupPrivilegeDisplayNameA
LookupPrivilegeDisplayNameW
LookupPrivilegeNameA
LookupPrivilegeNameW
LookupPrivilegeValueA
LookupPrivilegeValueW
LookupSecurityDescriptorPartsA
LookupSecurityDescriptorPartsW
LsaAddAccountRights
LsaAddPrivilegesToAccount
LsaClearAuditLog
LsaClose
LsaCreateAccount
LsaCreateSecret
LsaCreateTrustedDomain
LsaCreateTrustedDomainEx
LsaDelete
LsaDeleteTrustedDomain
LsaEnumerateAccountRights
LsaEnumerateAccounts
LsaEnumerateAccountsWithUserRight
LsaEnumeratePrivileges
LsaEnumeratePrivilegesOfAccount
LsaEnumerateTrustedDomains
LsaEnumerateTrustedDomainsEx
LsaFreeMemory
LsaGetAppliedCAPIDs
LsaGetQuotasForAccount
LsaGetRemoteUserName
LsaGetSystemAccessAccount
LsaGetUserName
LsaICLookupNames
LsaICLookupNamesWithCreds
LsaICLookupSids
LsaICLookupSidsWithCreds
LsaLookupNames
LsaLookupNames2
LsaLookupPrivilegeDisplayName
LsaLookupPrivilegeName
LsaLookupPrivilegeValue
LsaLookupSids
LsaLookupSids2
LsaManageSidNameMapping
LsaNtStatusToWinError
LsaOpenAccount
LsaOpenPolicy
LsaOpenPolicySce
LsaOpenSecret
LsaOpenTrustedDomain
LsaOpenTrustedDomainByName
LsaQueryCAPs
LsaQueryDomainInformationPolicy
LsaQueryForestTrustInformation
LsaQueryInfoTrustedDomain
LsaQueryInformationPolicy
LsaQuerySecret
LsaQuerySecurityObject
LsaQueryTrustedDomainInfo
LsaQueryTrustedDomainInfoByName
LsaRemoveAccountRights
LsaRemovePrivilegesFromAccount
LsaRetrievePrivateData
LsaSetCAPs
LsaSetDomainInformationPolicy
LsaSetForestTrustInformation
LsaSetInformationPolicy
LsaSetInformationTrustedDomain
LsaSetQuotasForAccount
LsaSetSecret
LsaSetSecurityObject
LsaSetSystemAccessAccount
LsaSetTrustedDomainInfoByName
LsaSetTrustedDomainInformation
LsaStorePrivateData
MD4Final
MD4Init

Sections

.text
Size: 566KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ma
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 713KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
training.doc
.zip
22.doc
.zip
training.doc
.zip
ABrodbeck/ABrodbeck.pdf.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

Password: Brodbeck78

Password: Brodbeck78

Password: Brodbeck78

Password: Brodbeck78

Password: Brodbeck78

Password: Brodbeck78

8b36d78fcc03ea9a3a598e7be2b43ec2

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-winsvc-l1-2-0

advapi32

activeds

ole32

winspool.drv

oleaut32

netutils

dsrole

browcli

logoncli

samcli

srvcli

wkscli

mpr

kernel32

Exports

Exports

Sections

.text Size: 257KB - Virtual size: 256KB

.data Size: 35KB - Virtual size: 35KB

.pdata Size: 15KB - Virtual size: 14KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

Password: Brodbeck78

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 713KB - Virtual size: 712KB

Password: Brodbeck78

973a8cdb39a3db10c284afb640b793b3

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

c8:c0:41:14:d5:af:90:50:02:cc:d6:a4:a3:f8:71:67:d3:2a:66:93:f7:25:fd:0c:9e:c8:16:8f:6b:22:a9:30Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-eventing-controller-l1-1-0

api-ms-win-eventing-consumer-l1-1-0

kernelbase

sechost

api-ms-win-service-core-l1-1-1

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-private-l1-1-1

api-ms-win-service-winsvc-l1-2-0

api-ms-win-core-namedpipe-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-base-l1-2-0

api-ms-win-security-base-private-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

kernel32

.text
Size: 257KB - Virtual size: 256KB

.data
Size: 35KB - Virtual size: 35KB

.pdata
Size: 15KB - Virtual size: 14KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 713KB - Virtual size: 712KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c8:c0:41:14:d5:af:90:50:02:cc:d6:a4:a3:f8:71:67:d3:2a:66:93:f7:25:fd:0c:9e:c8:16:8f:6b:22:a9:30
Signer

.text
Size: 566KB - Virtual size: 565KB

.data
Size: 16KB - Virtual size: 17KB

.pdata
Size: 24KB - Virtual size: 24KB

.idata
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 257KB - Virtual size: 256KB

.data
Size: 35KB - Virtual size: 35KB

.pdata
Size: 15KB - Virtual size: 14KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c8:c0:41:14:d5:af:90:50:02:cc:d6:a4:a3:f8:71:67:d3:2a:66:93:f7:25:fd:0c:9e:c8:16:8f:6b:22:a9:30
Signer