lsasrv.pdb
Static task
static1
1 signatures
General
-
Target
lsasrv.dll
-
Size
1.6MB
-
MD5
0ba5b13fb0f72e26d7d5004cac66e33f
-
SHA1
152465a452106a1d565154bea941c6c3f02560d2
-
SHA256
fadf9adcf6e1203bd6162b2ef7385799ee02bd556a38f9b3f2649750508832fc
-
SHA512
11c40b2e419c501147552fd006f47d28ed11d74043609ce277012ea387cb2357e769e623cf4dda684a26c9d9919e057f4cd04c68f18a6cabc18b08524e001a82
-
SSDEEP
24576:Xuryl65EHiGsvCdNkxKeAJHz2eLtefPm2zjqpAaW/LJrq:Xun6avCdh1KeRwS1Cq
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource lsasrv.dll
Files
-
lsasrv.dll.dll windows:10 windows x64 arch:x64
5db2d894e2def5d8ec1fe839703d718e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
api-ms-win-crt-string-l1-1-0
memset
wcscmp
wcsnlen
api-ms-win-crt-runtime-l1-1-0
_initterm
_initterm_e
api-ms-win-crt-private-l1-1-0
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__ultow
_o__ultow_s
_o__wcsicmp
_o__wcsnicmp
_o__wsplitpath_s
_o__wtoi
_o__wtol
_o_bsearch_s
_o_free
memmove
_o_malloc
_o_mbstowcs
_o_memcpy_s
_o_qsort
_o_qsort_s
_o_strtok
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstoul
_o__execute_onexit_table
_o__errno
_CxxThrowException
__CxxFrameHandler3
_o__crt_atexit
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
wcsrchr
wcschr
_local_unwind
memcmp
memcpy
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExW
FreeLibrary
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameW
api-ms-win-core-synch-l1-1-0
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseMutex
InitializeSRWLock
WaitForSingleObject
InitializeCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
AcquireSRWLockShared
EnterCriticalSection
ReleaseSRWLockShared
CreateEventW
SetEvent
ResetEvent
ReleaseSemaphore
DeleteCriticalSection
OpenEventW
AcquireSRWLockExclusive
api-ms-win-core-heap-l1-1-0
HeapSetInformation
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
api-ms-win-core-threadpool-l1-2-0
SetThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CloseThreadpoolWait
api-ms-win-core-processthreads-l1-1-0
GetProcessTimes
SetThreadStackGuarantee
OpenThreadToken
TlsAlloc
TerminateProcess
TlsGetValue
TlsSetValue
SetProcessShutdownParameters
GetCurrentProcessId
CreateThread
GetCurrentThread
SetThreadToken
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-string-l1-1-0
CompareStringW
GetStringTypeW
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
FileTimeToSystemTime
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
OpenProcess
GetProcessMitigationPolicy
api-ms-win-core-psapi-l1-1-0
QueryFullProcessImageNameW
rpcrt4
I_RpcMapWin32Status
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
NdrClientCall3
RpcBindingInqMaxCalls
RpcBindingFree
RpcExceptionFilter
RpcRevertToSelf
I_RpcBindingInqLocalClientPID
RpcImpersonateClient
RpcServerInqCallAttributesW
NdrServerCall2
NdrServerCallAll
RpcServerRegisterIf2
RpcServerRegisterIf
RpcServerUseProtseqEpW
RpcServerRegisterAuthInfoW
I_RpcBindingInqClientTokenAttributes
RpcServerInqDefaultPrincNameW
UuidEqual
MesEncodeIncrementalHandleCreate
I_RpcOpenClientThread
I_RpcOpenClientProcess
NdrMesTypeAlignSize3
NdrMesTypeEncode3
NdrMesTypeDecode3
RpcRevertToSelfEx
I_RpcBindingIsClientLocal
I_RpcBindingInqTransportType
RpcServerInqBindings
UuidFromStringW
RpcUserFree
MesDecodeIncrementalHandleCreate
MesIncrementalHandleReset
RpcBindingInqAuthClientW
RpcBindingToStringBindingW
RpcBindingSetAuthInfoW
RpcSsGetContextBinding
RpcBindingServerFromClient
MesHandleFree
RpcStringBindingParseW
RpcBindingVectorFree
RpcMgmtEnableIdleCleanup
RpcServerRegisterIf3
RpcEpRegisterW
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-security-base-l1-1-0
GetLengthSid
IsTokenRestricted
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetSidIdentifierAuthority
FreeSid
AllocateLocallyUniqueId
DuplicateTokenEx
AllocateAndInitializeSid
GetAclInformation
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
PrivilegeCheck
CopySid
AdjustTokenPrivileges
GetWindowsAccountDomainSid
EqualDomainSid
ImpersonateSelf
AccessCheck
DuplicateToken
SetTokenInformation
ImpersonateLoggedOnUser
CreateWellKnownSid
CheckTokenMembership
IsWellKnownSid
RevertToSelf
api-ms-win-core-memory-l1-1-0
VirtualQuery
VirtualFree
VirtualAlloc
VirtualProtect
api-ms-win-core-memory-l1-1-1
VirtualLock
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetSystemDirectoryW
GetWindowsDirectoryW
GetComputerNameExW
GetSystemInfo
GetTickCount
GetSystemWindowsDirectoryW
GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime
api-ms-win-core-file-l1-1-0
ReadFile
WriteFile
DeleteFileW
CreateFileW
SetFileAttributesW
GetFileSize
CreateDirectoryW
FindFirstFileW
CompareFileTime
FileTimeToLocalFileTime
FindFirstChangeNotificationW
FindNextChangeNotification
GetFileType
GetFileSizeEx
FindNextFileW
FindCloseChangeNotification
FindClose
SetFilePointer
FindFirstFileExW
api-ms-win-core-file-l2-1-0
MoveFileExW
ReadDirectoryChangesW
api-ms-win-core-io-l1-1-0
GetOverlappedResult
api-ms-win-core-io-l1-1-1
CancelIo
api-ms-win-core-registry-l1-1-0
RegQueryValueExA
RegDeleteValueW
RegLoadKeyW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
RegCloseKey
RegDeleteKeyExA
RegQueryInfoKeyA
RegDeleteTreeW
RegSetValueExA
RegUnLoadKeyW
RegEnumKeyExW
RegGetValueW
RegFlushKey
RegCreateKeyExA
RegDeleteKeyExW
RegQueryValueExW
RegCreateKeyExW
api-ms-win-core-errorhandling-l1-1-2
RaiseFailFastException
sspicli
CredUnmarshalTargetInfo
SspiUnmarshalAuthIdentityInternal
LsaRegisterPolicyChangeNotification
SspiValidateAuthIdentity
SspiFreeAuthIdentity
LsaRegisterLogonProcess
SspiCopyAuthIdentity
SspiEncodeStringsAsAuthIdentity
LsaLookupAuthenticationPackage
LsaCallAuthenticationPackage
LsaDeregisterLogonProcess
LogonUserExExW
SecCacheSspiPackages
SeciAllocateAndSetCallFlags
SeciFreeCallContext
SspiEncryptAuthIdentityEx
SspiLocalFree
SspiMarshalAuthIdentity
SspiDecryptAuthIdentityEx
LsaFreeReturnBuffer
LsaLogonUser
LsaConnectUntrusted
SspiUnmarshalAuthIdentity
api-ms-win-core-registry-l1-1-1
RegSetKeyValueW
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
SearchPathW
GetEnvironmentVariableW
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceExecuteOnce
ws2_32
ntohl
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
api-ms-win-core-console-l1-1-0
SetConsoleCtrlHandler
api-ms-win-core-sysinfo-l1-2-0
VerSetConditionMask
api-ms-win-service-winsvc-l1-1-0
RegisterServiceCtrlHandlerW
api-ms-win-service-core-l1-1-0
SetServiceStatus
StartServiceCtrlDispatcherW
api-ms-win-security-base-l1-2-0
CheckTokenMembershipEx
api-ms-win-eventing-provider-l1-1-0
EventSetInformation
EventRegister
EventProviderEnabled
EventWriteTransfer
EventUnregister
EventActivityIdControl
wldap32
ord79
ord142
ord208
ord26
ord13
ord73
ord140
ord41
ord88
ord14
ord145
api-ms-win-core-kernel32-legacy-l1-1-0
MoveFileW
WTSGetActiveConsoleSessionId
DnsHostnameToComputerNameW
api-ms-win-core-threadpool-legacy-l1-1-0
UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
QueueUserWorkItem
api-ms-win-core-string-obsolete-l1-1-0
lstrlenA
lstrcmpiW
api-ms-win-core-privateprofile-l1-1-0
GetProfileStringA
api-ms-win-core-kernel32-private-l1-1-0
CheckElevationEnabled
api-ms-win-security-grouppolicy-l1-1-0
IsSyncForegroundPolicyRefresh
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-threadpool-private-l1-1-0
RegisterWaitForSingleObjectEx
api-ms-win-service-private-l1-1-0
I_ScIsSecurityProcess
api-ms-win-security-capability-l1-1-0
CapabilityCheck
ntdll
NtQueryInformationProcess
NtOpenProcess
NtAllocateVirtualMemory
NtWriteVirtualMemory
NtReadVirtualMemory
NtFreeVirtualMemory
RtlImpersonateSelfEx
RtlCheckTokenCapability
RtlCapabilityCheck
DbgPrint
NtPrivilegedServiceAuditAlarm
RtlTestProtectedAccess
RtlValidSid
EtwEventEnabled
RtlSidHashInitialize
RtlSidHashLookup
RtlCreateSecurityDescriptor
RtlAddMandatoryAce
RtlSetSaclSecurityDescriptor
NtSetSecurityObject
RtlGetDeviceFamilyInfoEnum
NtCreateSection
NtMapViewOfSection
NtWaitForSingleObject
RtlpConvertAbsoluteToRelativeSecurityAttribute
RtlpConvertRelativeToAbsoluteSecurityAttribute
NtCreateToken
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtCreateTokenEx
NtOpenKey
NtSetValueKey
NtFlushKey
NtPrivilegeObjectAuditAlarm
RtlImpersonateSelf
RtlTryEnterCriticalSection
RtlIsElevatedRid
NtFilterToken
RtlQueryInformationAcl
RtlGetSuiteMask
RtlVerifyVersionInfo
RtlPublishWnfStateData
NtEnumerateValueKey
RtlCopyString
RtlEqualString
NtReplyPort
RtlMakeSelfRelativeSD
RtlAllocateHeap
NtCreateTransaction
NtCommitTransaction
NtRollbackTransaction
RtlGetDaclSecurityDescriptor
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlOwnerAcesPresent
RtlIntegerToUnicodeString
NtEnumerateKey
NtOpenKeyTransacted
NtQueryValueKey
NtQueryKey
NtDeleteKey
NtCreateKeyTransacted
NtCreateKey
NtDeleteValueKey
RtlInitializeSRWLock
NtAdjustPrivilegesToken
NtOpenProcessToken
RtlNewSecurityObject
RtlFreeHeap
RtlValidRelativeSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlSetSecurityObject
NtAccessCheckAndAuditAlarm
RtlGetAce
RtlMapGenericMask
RtlDeleteAce
NtAccessCheck
RtlEqualDomainName
RtlpNtOpenKey
RtlpNtEnumerateSubKey
RtlAppendUnicodeStringToString
NtQueryObject
NtShutdownSystem
EtwEventUnregister
NtDeleteObjectAuditAlarm
EtwEventWriteTransfer
RtlGetThreadPreferredUILanguages
RtlSetThreadPreferredUILanguages
LdrLoadDll
RtlInitializeRXact
RtlAddAce
RtlUnicodeStringToInteger
NtCloseObjectAuditAlarm
NtAccessCheckByTypeAndAuditAlarm
RtlAreAllAccessesGranted
RtlpNtQueryValueKey
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
NtQuerySystemInformation
RtlInsertElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlStartRXact
RtlApplyRXact
RtlAbortRXact
RtlAddActionToRXact
RtlStringFromGUID
WinSqmSetString
RtlSizeHeap
NtOpenSession
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
RtlGUIDFromString
RtlReleaseResource
RtlConvertSidToUnicodeString
NtClose
RtlCopyUnicodeString
RtlGetLastNtStatus
RtlCompareUnicodeString
RtlDeleteCriticalSection
RtlLengthSid
RtlEqualSid
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlUpcaseUnicodeStringToOemString
RtlInitUnicodeStringEx
RtlInitializeCriticalSection
NtSetInformationToken
NtDuplicateToken
NtSetInformationThread
RtlSidDominates
NtQueryInformationToken
NtOpenThreadToken
RtlGetCurrentServiceSessionId
EtwLogTraceEvent
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
RtlInitUnicodeString
EtwTraceMessage
RtlEqualUnicodeString
RtlCreateUnicodeStringFromAsciiz
WinSqmIncrementDWORD
EtwEventActivityIdControl
RtlAppendUnicodeToString
RtlFreeSid
RtlAllocateAndInitializeSid
RtlAdjustPrivilege
RtlIdentifierAuthoritySid
RtlAddAccessAllowedAce
RtlCreateAcl
NtRaiseHardError
RtlTimeFieldsToTime
NtSetEvent
NtOpenEvent
NtCreateEvent
RtlSetSystemBootStatus
RtlIsStateSeparationEnabled
EtwEventRegister
EtwEventSetInformation
RtlLengthSidAsUnicodeString
wcsncmp
wcsstr
_strcmpi
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
EtwRegisterSecurityProvider
EtwWriteUMSecurityEvent
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
RtlEthernetAddressToStringW
RtlGetSaclSecurityDescriptor
RtlFindAceByType
RtlQueryTimeZoneInformation
RtlImageNtHeader
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
RtlInitializeSid
RtlLengthRequiredSid
RtlEqualPrefixSid
RtlCheckTokenMembershipEx
TpReleaseTimer
TpWaitForTimer
TpIsTimerSet
TpSetTimer
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlRunDecodeUnicodeString
RtlAvlRemoveNode
RtlPrefixUnicodeString
RtlCopySid
NtImpersonateAnonymousToken
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlGetLastWin32Error
RtlConvertExclusiveToShared
RtlConvertSharedToExclusive
RtlCopyLuid
NtAllocateLocallyUniqueId
RtlGetNtProductType
RtlDeleteResource
RtlInitializeResource
TpAllocTimer
RtlInitializeCriticalSectionAndSpinCount
RtlLookupElementGenericTableAvl
RtlAvlInsertNodeEx
NtDuplicateObject
RtlInitString
RtlIsMultiSessionSku
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlAnsiStringToUnicodeString
NtPrivilegeCheck
RtlAcquireResourceExclusive
EtwEventWrite
RtlAcquireResourceShared
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlCreateServiceSid
RtlIntegerToChar
RtlFindCharInUnicodeString
RtlCreateUnicodeString
RtlDosPathNameToRelativeNtPathName_U
NtLoadKey
RtlReleaseRelativeName
NtUnloadKey
RtlInitAnsiString
RtlNtStatusToDosError
RtlFindMessage
RtlFreeUnicodeString
msasn1
ASN1BEREncRemoveZeroBits
ASN1DecSetError
ASN1BERDecExplicitTag
ASN1BERDecPeekTag
ASN1BEREncU32
ASN1BERDecOctetString
ASN1BERDecNotEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecEndOfContents
ASN1objectidentifier_free
ASN1EncSetError
ASN1DEREncCharString
ASN1BEREncEndOfContents
ASN1BERDecSkip
ASN1Free
ASN1DecAlloc
ASN1DEREncOctetString
ASN1BERDecBitString
ASN1BERDecObjectIdentifier
ASN1BEREncObjectIdentifier
ASN1BERDecZeroCharString
ASN1DEREncBitString
ASN1BERDecU32Val
ASN1_CreateModule
ASN1bitstring_free
ASN1ztcharstring_free
ASN1_CreateEncoder
ASN1_CreateDecoder
ASN1_CloseEncoder
ASN1_CloseDecoder
ASN1_Decode
ASN1_Encode
ASN1_FreeDecoded
ASN1_FreeEncoded
ASN1octetstring_free
api-ms-win-stateseparation-helpers-l1-1-0
GetPersistedRegistryLocationW
api-ms-win-security-base-private-l1-1-1
CreateAppContainerToken
api-ms-win-core-datetime-l1-1-0
GetDateFormatW
GetTimeFormatW
api-ms-win-eventing-controller-l1-1-0
ControlTraceW
EnableTraceEx2
StartTraceW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
InitializeLsaExtension
IsTraceLevelEnabled
LsaDbLookupSidChainRequest
LsaIAddNamesToLogonSession
LsaIAdjustTokenObjectIntegrity
LsaIAdtAuditingEnabledByCategory
LsaIAdtAuditingEnabledBySubCategory
LsaIAllocateHeap
LsaIAllocateHeapZero
LsaIAllowProtectedCredLogon
LsaIAuditAccountLogon
LsaIAuditAccountLogonEx
LsaIAuditInitializeParametersAndWriteEvent
LsaIAuditKdcEvent
LsaIAuditKerberosLogon
LsaIAuditLogonEx
LsaIAuditLogonUsingExplicitCreds
LsaIAuditNotifyPackageLoad
LsaIAuditPasswordAccessEvent
LsaIAuditReplay
LsaIAuditSamEvent
LsaICallPackage
LsaICallPackageEx
LsaICallPackagePassthrough
LsaICancelNotification
LsaIChangeSecretCipherKey
LsaICheckProtectedUserByTokenInfo
LsaICheckRestrictedMode
LsaIClearOldSyskey
LsaICryptProtectData
LsaICryptProtectDataEx
LsaICryptUnprotectData
LsaICryptUnprotectDataEx
LsaIDereferenceCredHandle
LsaIDeriveCredentialKey
LsaIDsNotifiedObjectChange
LsaIEfsAcceptSmartcardCredentials
LsaIEqualLogonProcessName
LsaIEqualSupplementalTokenInfo
LsaIEventWritePackageNoCredential
LsaIEventWritePackageNotCacheLogonUser
LsaIExtractTargetInfo
LsaIFilterInboundNamespace
LsaIFilterNamespace
LsaIFilterSids
LsaIFlushIdentityCacheForSid
LsaIForestTrustFindMatch
LsaIFreeFilterInboundNamespaceResult
LsaIFreeForestTrustInfo
LsaIFreeHeap
LsaIFreeReturnBuffer
LsaIFreeSupplementalTokenInfo
LsaIFree_LSAI_PRIVATE_DATA
LsaIFree_LSAI_SECRET_ENUM_BUFFER
LsaIFree_LSAPR_ACCOUNT_ENUM_BUFFER
LsaIFree_LSAPR_CR_CIPHER_VALUE
LsaIFree_LSAPR_POLICY_DOMAIN_INFORMATION
LsaIFree_LSAPR_POLICY_INFORMATION
LsaIFree_LSAPR_PRIVILEGE_ENUM_BUFFER
LsaIFree_LSAPR_PRIVILEGE_SET
LsaIFree_LSAPR_REFERENCED_DOMAIN_LIST
LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR
LsaIFree_LSAPR_TRANSLATED_NAMES
LsaIFree_LSAPR_TRANSLATED_SIDS
LsaIFree_LSAPR_TRUSTED_DOMAIN_INFO
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER_EX
LsaIFree_LSAPR_TRUST_INFORMATION
LsaIFree_LSAPR_UNICODE_STRING
LsaIFree_LSAPR_UNICODE_STRING_BUFFER
LsaIFree_LSAP_SITENAME_INFO
LsaIFree_LSAP_SITE_INFO
LsaIFree_LSAP_SUBNET_INFO
LsaIFree_LSAP_UPN_SUFFIXES
LsaIFree_LSA_FOREST_TRUST_COLLISION_INFORMATION
LsaIFree_LSA_FOREST_TRUST_INFORMATION
LsaIGetCallInfo
LsaIGetCcgClient
LsaIGetClientOsInfo
LsaIGetForestTrustInformation
LsaIGetLogonGuid
LsaIGetNameFromLuid
LsaIGetNbAndDnsDomainNames
LsaIGetNego2Package
LsaIGetRemoteCredGuardLogonBuffer
LsaIGetRemoteCredGuardSupplementalCreds
LsaIGetSiteName
LsaIGetSupplementalTokenInfo
LsaIGetTokenInformationForLocalUser
LsaIHealthCheck
LsaIImpersonateClient
LsaIInitializeNetlogonFuncPtrs
LsaIIsContainerized
LsaIIsDomainWithinForest
LsaIIsDsPaused
LsaIIsInEmulatedDomainJoinMode
LsaIIsLastInteractiveLogonInfoEnabled
LsaIIsLocalHost
LsaIIsMachineSecureByDefault
LsaIIsSuppressChannelBindingInfo
LsaIIsTargetPrivate
LsaIIsTrustedDomainsEnabled
LsaIIsUserMSA
LsaIKerberosRegisterTrustNotification
LsaILookupUserAccountType
LsaILookupWellKnownName
LsaIModifyPerformanceCounter
LsaINoConnectedUserPolicy
LsaINoMoreWin2KDomain
LsaINotifyChangeNotification
LsaINotifyGCStatusChange
LsaINotifyNetlogonParametersChangeW
LsaINotifyNewPassword
LsaINotifyPasswordChanged
LsaIOpenPolicyTrusted
LsaIQueryForestTrustInfo
LsaIQueryForestTrustInformation
LsaIQueryInformationPolicyTrusted
LsaIQueryPackageAttrInLogonSession
LsaIQuerySiteInfo
LsaIQuerySubnetInfo
LsaIQueryUpnSuffixes
LsaIReferenceCredHandle
LsaIRegisterLogonSessionCallback
LsaIRegisterNotification
LsaIRegisterPolicyChangeNotificationCallback
LsaIRenewCertificate
LsaIReplicateClientObject
LsaIRetrieveCurrentUserSid
LsaISafeMode
LsaISamIndicatedDsStarted
LsaISanitizeSAMName
LsaISetClientDnsHostName
LsaISetLogonGuidInLogonSession
LsaISetLogonInfo
LsaISetNewSyskey
LsaISetPackageAttrInLogonSession
LsaISetSupplementalTokenInfo
LsaISetTokenDacl
LsaISetUserFlags
LsaITransformAuthorizationData
LsaIUnregisterAllPolicyChangeNotificationCallback
LsaIUnregisterLogonSessionCallback
LsaIUnregisterPolicyChangeNotificationCallback
LsaIUpdateForestTrustInformation
LsaIUpdateKerbMaxTokenSize
LsaIUpdateLogonSession
LsaIValidateTargetInfo
LsaIVerifyCachability
LsaIVerifyCachabilityEx
LsaIWasLogonNotifiedOfProfileLoad
LsaIWriteAuditEvent
LsaIWriteKdcAuthenticationEvent
LsapAdtAuditingEnabledByLogonId
LsapAdtAuditingEnabledBySubCategory
LsapAdtAuditingEnabledHint
LsapAdtGetCallerProcessInfo
LsapAdtInitParametersArray
LsapAdtWriteLog
LsapAllocateLsaHeap
LsapAllocatePrivateHeap
LsapAuOpenSam
LsapAuditFailed
LsapBuildPrivilegeAuditString
LsapCheckBootMode
LsapCloseHandle
LsapCompareDomainNames
LsapCrServerGetSessionKey
LsapCrServerGetSessionKeySafe
LsapDbAcquireLockEx
LsapDbApplyTransaction
LsapDbBuildObjectCaches
LsapDbCloseHandle
LsapDbCloseObject
LsapDbCopyUnicodeAttribute
LsapDbCopyUnicodeAttributeNoAlloc
LsapDbCreateObject
LsapDbDeleteAttributesObject
LsapDbDeleteObject
LsapDbDereferenceHandle
LsapDbDereferenceObject
LsapDbEnumerateSids
LsapDbEnumerateTrustedDomainsEx
LsapDbExpAcquireReadLockTrustedDomainList
LsapDbExpAcquireWriteLockTrustedDomainList
LsapDbExpConvertReadLockTrustedDomainListToExclusive
LsapDbExpConvertWriteLockTrustedDomainListToShared
LsapDbExpIsCacheBuilding
LsapDbExpIsCacheValid
LsapDbExpIsLockedTrustedDomainList
LsapDbExpMakeCacheBuilding
LsapDbExpMakeCacheInvalid
LsapDbExpMakeCacheValid
LsapDbExpReleaseLockTrustedDomainList
LsapDbFreeAttributes
LsapDbFreeTrustedDomainsEx
LsapDbGetDbObjectTypeName
LsapDbGetDbPolicyHandle
LsapDbGetSecretType
LsapDbInitializeAttribute
LsapDbIsStatusConnectionFailure
LsapDbLookupAddListReferencedDomains
LsapDbLookupCreateListReferencedDomains
LsapDbLookupGetDomainInfo
LsapDbLookupListReferencedDomains
LsapDbLookupMergeDisjointReferencedDomains
LsapDbLookupNameChainRequest
LsapDbLookupNamesInPrimaryDomain
LsapDbLookupSidsInPrimaryDomain
LsapDbMakeGuidAttribute
LsapDbMakeSidAttribute
LsapDbMakeUnicodeAttribute
LsapDbOpenObject
LsapDbQueryInformationPolicy
LsapDbReadAttribute
LsapDbReadAttributesObject
LsapDbReferenceObject
LsapDbReleaseLockEx
LsapDbSecretIsMachineAcc
LsapDbSidToLogicalNameObject
LsapDbSlowEnumerateTrustedDomains
LsapDbUpdateCountCompUnmappedNames
LsapDbVerifyHandle
LsapDbVerifyInfoQueryTrustedDomain
LsapDbVerifyInfoSetTrustedDomain
LsapDbWriteAttributesObject
LsapDomainRenameHandlerForLogonSessions
LsapDsInitializeDsStateInfo
LsapDsUnitializeDsStateInfo
LsapDssetupInitializeGetPrimaryDomainInformationOpState
LsapDuplicateSid
LsapDuplicateString
LsapFreeLsaHeap
LsapFreePrivateHeap
LsapFreeString
LsapGetAccountDomainHandle
LsapGetCapeNamesForCap
LsapGetGlobalRestrictAnonymous
LsapGetHourlyLogLevel
LsapGetLogonSessionAccountInfoEx
LsapGetLookupRestrictIsolatedNameLevel
LsapGetPolicyHandle
LsapGetWellKnownSid
LsapInitLsa
LsapInitializeLsaDb
LsapIsBuiltinDomain
LsapIsSamOpened
LsapOpenSam
LsapQueryClientInfo
LsapRemoveTrailingDot
LsapRpcCopySid
LsapRpcCopyUnicodeString
LsapRtlValidateControllerTrustedDomain
LsapRtlValidateControllerTrustedDomainByHandle
LsapSetErrorInfo
LsapSidListSize
LsapTraceEvent
LsapTraceEventWithData
LsapTruncateUnicodeString
LsarClose
LsarCreateSecret
LsarDeleteObject
LsarEnumerateTrustedDomainsEx
LsarLookupSids
LsarOpenPolicy
LsarOpenSecret
LsarQueryDomainInformationPolicy
LsarQueryInformationPolicy
LsarQuerySecret
LsarQueryTrustedDomainInfoByName
LsarRetrievePrivateData
LsarSetInformationPolicy
LsarSetSecret
LsarSetTrustedDomainInfoByName
LsarStorePrivateData
QueryLsaInterface
ServiceInit
SpmpEventWrite
TracePrint
TracePrintCallerInformation
_fgs__LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2
_fgs__LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2
_fgs__LSAPR_TRUSTED_ENUM_BUFFER
_fgs__LSAPR_TRUSTED_ENUM_BUFFER_EX
_fgs__LSAPR_TRUST_INFORMATION
_fgu__LSAPR_TRUSTED_DOMAIN_INFO
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 311KB - Virtual size: 310KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ