file[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.zip
Size

7.7MB
MD5

a25c1970f50f508b3f434f9a929bb0bb
SHA1

289a3d493bdfecbe88cbeb9ff51ae967e2270286
SHA256

dec836cd87167f5bd99be179fe40fe4eba1e5ca4093aa7b53575a113dffd3e2b
SHA512

48350fad158503917b7062d6bfdbb165e54def3992bb9dc0b5d229bc1ffeb11a7d077c837cb258d5f230fd26c80e93a4724d366a6772d653c1c30e7b8b4d7e7b
SSDEEP

196608:RSivuaCasUHXPe//P5NTA9mPlKCNy+VzYZ+o:RSimB1egbTAmtKCNL2z

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack002/rasapi32/SystemSettings.Handlers.dll
unpack002/rasapi32/icu.dll
unpack002/rasapi32/rasapi32.dll
unpack002/rasapi32/wevtsvc.dll
unpack002/setup.exe
unpack002/wevtsvc/wevtsvc.dll
unpack002/wevtsvc/win32spl.dll

Files

file.zip
.zip

Password: 2024
password.jpg
setup.zip
.zip

Password: 2024
rasapi32/SystemSettings.Handlers.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

a85b9adaebf974dc2564089a91050e4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SystemSettings.Handlers.pdb

Imports

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoSetProxyBlanket
CoCreateInstanceEx
CoGetApartmentType
IIDFromString
PropVariantClear
CoMarshalInterThreadInterfaceInStream
CoGetObjectContext
CoCreateInstance
CoTaskMemRealloc

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcessId
OpenProcessToken
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateSemaphoreExW
ResetEvent
WaitForSingleObjectEx
InitializeCriticalSectionEx
CreateMutexExW
EnterCriticalSection
ReleaseSemaphore
AcquireSRWLockShared
DeleteCriticalSection
ReleaseSRWLockExclusive
CreateEventW
SetEvent
AcquireSRWLockExclusive
OpenSemaphoreW
InitializeSRWLock
LeaveCriticalSection
ReleaseMutex
CreateEventExW
ReleaseSRWLockShared

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable
Sleep

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegCreateKeyExW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringOrdinal
CompareStringEx

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsConcatString
WindowsIsStringEmpty
WindowsGetStringLen
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsCreateString

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
GetProcAddress
FindStringOrdinal

api-ms-win-core-string-l2-1-0

CharLowerBuffW
CharUpperW

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

rpcrt4

RpcStringFreeW
UuidToStringW

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-file-l1-1-0

GetFileAttributesW

advapi32

GetSecurityInfo
SetSecurityInfo
RegEnumKeyW

user32

SetWindowLongPtrW
GetProcessDefaultLayout
GetWindowLongPtrW
SendMessageW
DefWindowProcW
AllowSetForegroundWindow
GetWindowRect

shlwapi

ord219
SHSetValueW
SHRegGetValueW
AssocCreate
StrStrIW
PathFindFileNameW

shell32

ord764
SHAssocEnumHandlers
ord2
ord765
ord916
SHCreateItemInKnownFolder
ShellExecuteExW
ord4
SHCreateAssociationRegistration

shcore

ord244
ord188

ntdll

WinSqmSetDWORD
WinSqmIncrementDWORD
EtwTraceMessage

api-ms-win-devices-query-l1-1-0

DevCreateObjectQueryFromId
DevFreeObjects
DevCloseObjectQuery
DevSetObjectProperties
DevCreateObjectQuery

api-ms-win-devices-query-l1-1-1

DevGetObjectsEx
DevCreateObjectQueryEx

windows.storage

ord916
ILFree
SHChangeNotify
SHParseDisplayName

kernel32

SystemTimeToFileTime
GetCurrentThread
GetPackagesByPackageFamily
ParseApplicationUserModelId
GetTickCount
LocalFree
GetWindowsDirectoryW
FileTimeToSystemTime
LocalAlloc

msvcrt

??3@YAXPEAX@Z
__CxxFrameHandler3
memcpy_s
wcsncmp
_purecall
??_V@YAXPEAX@Z
_wcsicmp
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?terminate@@YAXXZ
??0exception@@QEAA@AEBV0@@Z
__ExceptionPtrCopy
__ExceptionPtrDestroy
__ExceptionPtrCreate
__ExceptionPtrRethrow
wcschr
__ExceptionPtrCurrentException
_vsnprintf_s
_set_errno
_get_errno
wcsstr
_ui64tow_s
_initterm
_amsg_exit
_XcptFilter
_onexit
__C_specific_handler
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
memmove
memcpy
?what@exception@@UEBAPEBDXZ
_wcsnicmp
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_CxxThrowException
wcslen
memset
toupper
swscanf
memmove_s
wcscat_s
wcscpy_s
_wcsupr
free
malloc
_vsnwprintf
??0exception@@QEAA@AEBQEBDH@Z
memcmp

wincorlib

??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
??0ChangedStateException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?GetType@Object@Platform@@QE$AAAPE$AAVType@2@XZ
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
??0Delegate@Platform@@QE$AAA@XZ
??0DisconnectedException@Platform@@QE$AAA@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
??0Object@Platform@@QE$AAA@XZ
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?ToString@float64@default@@QEAAPE$AAVString@Platform@@XZ
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z

ole32

CoCreateFreeThreadedMarshaler
CreateBindCtx

api-ms-win-security-base-l1-1-0

AddAce
InitializeAcl
GetTokenInformation
GetAclInformation
DeleteAce
GetAce
GetLengthSid
EqualSid

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

combase

ord65

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
GetSetting

Sections

.text
Size: 847KB - Virtual size: 847KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 354KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rasapi32/icu.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

e932e3f0df205f2040dca6c08ecc3666

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

icu.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__dsign
_o__dtest
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o___timezone
_o__wcsicmp
_o_abort
_o_asin
_o_atan
_o_atan2
_o_atoi
_o_atol
_o_ceil
_o_cos
_o_floor
_o_fmod
_o_free
_o_isspace
_o_log
_o_malloc
_o_pow
_o_qsort
_o_realloc
_o_round
_o_sin
_o_sqrt
_o_strtod
_o_strtol
_o_strtoul
_o_tan
__C_specific_handler
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__RTDynamicCast
strchr
__std_type_info_compare
__RTtypeid
strstr
strrchr
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strncpy
strcmp
memset
strncmp

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

msvcp_win

_Mtx_lock
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_destroy_in_situ
?_XGetLastError@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_init_in_situ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_init_in_situ
_Cnd_wait
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
?__ExceptionPtrToBool@@YA_NPEBX@Z

api-ms-win-crt-utility-l1-1-0

div

api-ms-win-crt-math-l1-1-0

trunc

api-ms-win-core-localization-l1-2-0

ResolveLocaleName
LocaleNameToLCID
GetLocaleInfoEx
GetUserGeoID
GetGeoInfoW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDynamicTimeZoneInformation

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx
GetCurrencyFormatEx

Exports

Exports

UCNV_FROM_U_CALLBACK_ESCAPE
UCNV_FROM_U_CALLBACK_SKIP
UCNV_FROM_U_CALLBACK_STOP
UCNV_FROM_U_CALLBACK_SUBSTITUTE
UCNV_TO_U_CALLBACK_ESCAPE
UCNV_TO_U_CALLBACK_SKIP
UCNV_TO_U_CALLBACK_STOP
UCNV_TO_U_CALLBACK_SUBSTITUTE
u_UCharsToChars
u_austrcpy
u_austrncpy
u_catclose
u_catgets
u_catopen
u_charAge
u_charDigitValue
u_charDirection
u_charFromName
u_charMirror
u_charName
u_charType
u_charsToUChars
u_cleanup
u_countChar32
u_digit
u_enumCharNames
u_enumCharTypes
u_errorName
u_foldCase
u_forDigit
u_formatMessage
u_formatMessageWithError
u_getBidiPairedBracket
u_getCombiningClass
u_getDataVersion
u_getFC_NFKC_Closure
u_getIntPropertyMaxValue
u_getIntPropertyMinValue
u_getIntPropertyValue
u_getNumericValue
u_getPropertyEnum
u_getPropertyName
u_getPropertyValueEnum
u_getPropertyValueName
u_getUnicodeVersion
u_getVersion
u_hasBinaryProperty
u_init
u_isIDIgnorable
u_isIDPart
u_isIDStart
u_isISOControl
u_isJavaIDPart
u_isJavaIDStart
u_isJavaSpaceChar
u_isMirrored
u_isUAlphabetic
u_isULowercase
u_isUUppercase
u_isUWhiteSpace
u_isWhitespace
u_isalnum
u_isalpha
u_isbase
u_isblank
u_iscntrl
u_isdefined
u_isdigit
u_isgraph
u_islower
u_isprint
u_ispunct
u_isspace
u_istitle
u_isupper
u_isxdigit
u_memcasecmp
u_memchr
u_memchr32
u_memcmp
u_memcmpCodePointOrder
u_memcpy
u_memmove
u_memrchr
u_memrchr32
u_memset
u_parseMessage
u_parseMessageWithError
u_setMemoryFunctions
u_shapeArabic
u_strCaseCompare
u_strCompare
u_strCompareIter
u_strFindFirst
u_strFindLast
u_strFoldCase
u_strFromJavaModifiedUTF8WithSub
u_strFromUTF32
u_strFromUTF32WithSub
u_strFromUTF8
u_strFromUTF8Lenient
u_strFromUTF8WithSub
u_strFromWCS
u_strHasMoreChar32Than
u_strToJavaModifiedUTF8
u_strToLower
u_strToTitle
u_strToUTF32
u_strToUTF32WithSub
u_strToUTF8
u_strToUTF8WithSub
u_strToUpper
u_strToWCS
u_strcasecmp
u_strcat
u_strchr
u_strchr32
u_strcmp
u_strcmpCodePointOrder
u_strcpy
u_strcspn
u_strlen
u_strncasecmp
u_strncat
u_strncmp
u_strncmpCodePointOrder
u_strncpy
u_strpbrk
u_strrchr
u_strrchr32
u_strrstr
u_strspn
u_strstr
u_strtok_r
u_tolower
u_totitle
u_toupper
u_uastrcpy
u_uastrncpy
u_unescape
u_unescapeAt
u_versionFromString
u_versionFromUString
u_versionToString
u_vformatMessage
u_vformatMessageWithError
u_vparseMessage
u_vparseMessageWithError
ubidi_close
ubidi_countParagraphs
ubidi_countRuns
ubidi_getBaseDirection
ubidi_getClassCallback
ubidi_getCustomizedClass
ubidi_getDirection
ubidi_getLength
ubidi_getLevelAt
ubidi_getLevels
ubidi_getLogicalIndex
ubidi_getLogicalMap
ubidi_getLogicalRun
ubidi_getParaLevel
ubidi_getParagraph
ubidi_getParagraphByIndex
ubidi_getProcessedLength
ubidi_getReorderingMode
ubidi_getReorderingOptions
ubidi_getResultLength
ubidi_getText
ubidi_getVisualIndex
ubidi_getVisualMap
ubidi_getVisualRun
ubidi_invertMap
ubidi_isInverse
ubidi_isOrderParagraphsLTR
ubidi_open
ubidi_openSized
ubidi_orderParagraphsLTR
ubidi_reorderLogical
ubidi_reorderVisual
ubidi_setClassCallback
ubidi_setContext
ubidi_setInverse
ubidi_setLine
ubidi_setPara
ubidi_setReorderingMode
ubidi_setReorderingOptions
ubidi_writeReordered
ubidi_writeReverse
ubiditransform_close
ubiditransform_open
ubiditransform_transform
ublock_getCode
ubrk_close
ubrk_countAvailable
ubrk_current
ubrk_first
ubrk_following
ubrk_getAvailable
ubrk_getBinaryRules
ubrk_getLocaleByType
ubrk_getRuleStatus
ubrk_getRuleStatusVec
ubrk_isBoundary
ubrk_last
ubrk_next
ubrk_open
ubrk_openBinaryRules
ubrk_openRules
ubrk_preceding
ubrk_previous
ubrk_refreshUText
ubrk_safeClone
ubrk_setText
ubrk_setUText
ucal_add
ucal_clear
ucal_clearField
ucal_clone
ucal_close
ucal_countAvailable
ucal_equivalentTo
ucal_get
ucal_getAttribute
ucal_getAvailable
ucal_getCanonicalTimeZoneID
ucal_getDSTSavings
ucal_getDayOfWeekType
ucal_getDefaultTimeZone
ucal_getFieldDifference
ucal_getGregorianChange
ucal_getKeywordValuesForLocale
ucal_getLimit
ucal_getLocaleByType
ucal_getMillis
ucal_getNow
ucal_getTZDataVersion
ucal_getTimeZoneDisplayName
ucal_getTimeZoneID
ucal_getTimeZoneIDForWindowsID
ucal_getTimeZoneTransitionDate
ucal_getType
ucal_getWeekendTransition
ucal_getWindowsTimeZoneID
ucal_inDaylightTime
ucal_isSet
ucal_isWeekend
ucal_open
ucal_openCountryTimeZones
ucal_openTimeZoneIDEnumeration
ucal_openTimeZones
ucal_roll
ucal_set
ucal_setAttribute
ucal_setDate
ucal_setDateTime
ucal_setDefaultTimeZone
ucal_setGregorianChange
ucal_setMillis
ucal_setTimeZone
ucasemap_close
ucasemap_getBreakIterator
ucasemap_getLocale
ucasemap_getOptions
ucasemap_open
ucasemap_setBreakIterator
ucasemap_setLocale
ucasemap_setOptions
ucasemap_toTitle
ucasemap_utf8FoldCase
ucasemap_utf8ToLower
ucasemap_utf8ToTitle
ucasemap_utf8ToUpper
ucnv_cbFromUWriteBytes
ucnv_cbFromUWriteSub
ucnv_cbFromUWriteUChars
ucnv_cbToUWriteSub
ucnv_cbToUWriteUChars
ucnv_close
ucnv_compareNames
ucnv_convert
ucnv_convertEx
ucnv_countAliases
ucnv_countAvailable
ucnv_countStandards
ucnv_detectUnicodeSignature
ucnv_fixFileSeparator
ucnv_flushCache
ucnv_fromAlgorithmic
ucnv_fromUChars
ucnv_fromUCountPending
ucnv_fromUnicode
ucnv_getAlias
ucnv_getAliases
ucnv_getAvailableName
ucnv_getCCSID
ucnv_getCanonicalName
ucnv_getDefaultName
ucnv_getDisplayName
ucnv_getFromUCallBack
ucnv_getInvalidChars
ucnv_getInvalidUChars
ucnv_getMaxCharSize
ucnv_getMinCharSize
ucnv_getName
ucnv_getNextUChar
ucnv_getPlatform
ucnv_getStandard
ucnv_getStandardName
ucnv_getStarters
ucnv_getSubstChars
ucnv_getToUCallBack
ucnv_getType
ucnv_getUnicodeSet
ucnv_isAmbiguous
ucnv_isFixedWidth
ucnv_open
ucnv_openAllNames
ucnv_openCCSID
ucnv_openPackage
ucnv_openStandardNames
ucnv_openU
ucnv_reset
ucnv_resetFromUnicode
ucnv_resetToUnicode
ucnv_safeClone
ucnv_setDefaultName
ucnv_setFallback
ucnv_setFromUCallBack
ucnv_setSubstChars
ucnv_setSubstString
ucnv_setToUCallBack
ucnv_toAlgorithmic
ucnv_toUChars
ucnv_toUCountPending
ucnv_toUnicode
ucnv_usesFallback
ucnvsel_close
ucnvsel_open
ucnvsel_openFromSerialized
ucnvsel_selectForString
ucnvsel_selectForUTF8
ucnvsel_serialize
ucol_cloneBinary
ucol_close
ucol_closeElements
ucol_countAvailable
ucol_equal
ucol_getAttribute
ucol_getAvailable
ucol_getBound
ucol_getContractionsAndExpansions
ucol_getDisplayName
ucol_getEquivalentReorderCodes
ucol_getFunctionalEquivalent
ucol_getKeywordValues
ucol_getKeywordValuesForLocale
ucol_getKeywords
ucol_getLocaleByType
ucol_getMaxExpansion
ucol_getMaxVariable
ucol_getOffset
ucol_getReorderCodes
ucol_getRules
ucol_getRulesEx
ucol_getSortKey
ucol_getStrength
ucol_getTailoredSet
ucol_getUCAVersion
ucol_getVariableTop
ucol_getVersion
ucol_greater
ucol_greaterOrEqual
ucol_keyHashCode
ucol_mergeSortkeys
ucol_next
ucol_nextSortKeyPart
ucol_open
ucol_openAvailableLocales
ucol_openBinary
ucol_openElements
ucol_openRules
ucol_previous
ucol_primaryOrder
ucol_reset
ucol_safeClone
ucol_secondaryOrder
ucol_setAttribute
ucol_setMaxVariable
ucol_setOffset
ucol_setReorderCodes
ucol_setStrength
ucol_setText
ucol_strcoll
ucol_strcollIter
ucol_strcollUTF8
ucol_tertiaryOrder
ucsdet_close
ucsdet_detect
ucsdet_detectAll
ucsdet_enableInputFilter
ucsdet_getAllDetectableCharsets
ucsdet_getConfidence
ucsdet_getLanguage
ucsdet_getName
ucsdet_getUChars
ucsdet_isInputFilterEnabled
ucsdet_open
ucsdet_setDeclaredEncoding
ucsdet_setText
ucurr_countCurrencies
ucurr_forLocale
ucurr_forLocaleAndDate
ucurr_getDefaultFractionDigits
ucurr_getDefaultFractionDigitsForUsage
ucurr_getKeywordValuesForLocale
ucurr_getName
ucurr_getNumericCode
ucurr_getPluralName
ucurr_getRoundingIncrement
ucurr_getRoundingIncrementForUsage
ucurr_isAvailable
ucurr_openISOCurrencies
ucurr_register
ucurr_unregister
udat_adoptNumberFormat
udat_adoptNumberFormatForFields
udat_applyPattern
udat_clone
udat_close
udat_countAvailable
udat_countSymbols
udat_format
udat_formatCalendar
udat_formatCalendarForFields
udat_formatForFields
udat_get2DigitYearStart
udat_getAvailable
udat_getBooleanAttribute
udat_getCalendar
udat_getContext
udat_getLocaleByType
udat_getNumberFormat
udat_getNumberFormatForField
udat_getSymbols
udat_isLenient
udat_open
udat_parse
udat_parseCalendar
udat_set2DigitYearStart
udat_setBooleanAttribute
udat_setCalendar
udat_setContext
udat_setLenient
udat_setNumberFormat
udat_setSymbols
udat_toCalendarDateField
udat_toPattern
udatpg_addPattern
udatpg_clone
udatpg_close
udatpg_getAppendItemFormat
udatpg_getAppendItemName
udatpg_getBaseSkeleton
udatpg_getBestPattern
udatpg_getBestPatternWithOptions
udatpg_getDateTimeFormat
udatpg_getDecimal
udatpg_getFieldDisplayName
udatpg_getPatternForSkeleton
udatpg_getSkeleton
udatpg_open
udatpg_openBaseSkeletons
udatpg_openEmpty
udatpg_openSkeletons
udatpg_replaceFieldTypes
udatpg_replaceFieldTypesWithOptions
udatpg_setAppendItemFormat
udatpg_setAppendItemName
udatpg_setDateTimeFormat
udatpg_setDecimal
udtitvfmt_close
udtitvfmt_format
udtitvfmt_open
uenum_close
uenum_count
uenum_next
uenum_openCharStringsEnumeration
uenum_openUCharStringsEnumeration
uenum_reset
uenum_unext
ufieldpositer_close
ufieldpositer_next
ufieldpositer_open
ufmt_close
ufmt_getArrayItemByIndex
ufmt_getArrayLength
ufmt_getDate
ufmt_getDecNumChars
ufmt_getDouble

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 586KB - Virtual size: 585KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rasapi32/rasapi32.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

fbb9028adc12656452d39431b148cb20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rasapi32.pdb

Imports

msvcrt

_purecall
_strlwr
strstr
_ltow
_stricmp
swscanf_s
wcsncpy_s
atol
wcstombs_s
_wcsupr_s
_vsnprintf
_XcptFilter
_amsg_exit
_initterm
wcscat_s
wcsncat_s
_lock
_wfopen_s
fclose
__CxxFrameHandler3
??1exception@@UEAA@XZ
_strdup
??0exception@@QEAA@AEBV0@@Z
calloc
_mbscspn
??1type_info@@UEAA@XZ
_unlock
__C_specific_handler
__dllonexit
malloc
_onexit
memset
wcsncmp
memmove
memcpy
memcmp
_local_unwind
_CxxThrowException
_wtol
_callnewh
_wcsnicmp
free
memmove_s
??0exception@@QEAA@XZ
wcsstr
_wcslwr
_vsnwprintf
wcscpy_s
_wcsicmp
memcpy_s
wcstoul
wcscmp

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegOpenKeyExW
RegDeleteValueW
RegGetValueW
RegQueryValueExW
RegQueryValueExA
RegEnumKeyExW
RegSetValueExW
RegEnumValueW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
SetEvent
WaitForSingleObject
OpenEventA
LeaveCriticalSection
OpenSemaphoreW
CreateEventA
WaitForSingleObjectEx
AcquireSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockExclusive
OpenMutexW
CreateMutexW
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSemaphore
CreateSemaphoreExW
OpenEventW
CreateEventW

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
TlsAlloc
GetCurrentProcessId
TlsGetValue
SetThreadToken
TlsFree
CreateThread
GetCurrentThreadId
SetThreadStackGuarantee
GetCurrentThread
OpenThreadToken
GetCurrentProcess
TerminateProcess
ResumeThread
OpenProcessToken

ntdll

_ultoa_s
wcschr
strtoul
wcspbrk
qsort
strrchr
_vsnprintf_s
NtQueryInformationToken
wcsnlen
RtlGUIDFromString
strchr
_ltoa
_strnicmp
RtlIpv6StringToAddressW
EtwTraceMessage
DbgPrint
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
EtwCheckCoverage
RtlQueryWnfStateData
NtSetInformationProcess
RtlIpv4AddressToStringA
RtlIpv4AddressToStringW
RtlIsStateSeparationEnabled
wcstok_s
RtlIpv6AddressToStringW
RtlIpv6AddressToStringA
RtlNtStatusToDosError
NtClose
NtQueryValueKey
NtOpenKey
NtSetValueKey
RtlInitUnicodeString

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalAlloc
LocalFree
GlobalFree

api-ms-win-security-base-l1-1-0

FreeSid
GetTokenInformation
DuplicateToken
GetSecurityDescriptorOwner
AllocateAndInitializeSid
GetSecurityDescriptorDacl
AdjustTokenPrivileges
CheckTokenMembership
ImpersonateLoggedOnUser
RevertToSelf
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
SetSecurityDescriptorOwner
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorGroup

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA
IsDBCSLeadByte

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetProcAddress
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW
LoadStringA
LoadLibraryExW

api-ms-win-core-registry-l2-1-0

RegConnectRegistryW
RegEnumKeyW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW
GetSystemWindowsDirectoryW
GetSystemTime
GetSystemDirectoryW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-eventlog-legacy-l1-1-0

RegisterEventSourceW
DeregisterEventSource
ReportEventW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl
EventSetInformation

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpiW
lstrcmpW
lstrlenW
lstrcmpA
lstrlenA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l1-1-0

SetEndOfFile
CreateFileW
GetFileAttributesW
CreateFileA
FindFirstFileW
FindNextFileW
GetFullPathNameW
SetFilePointer
WriteFile
GetFinalPathNameByHandleW
GetFileInformationByHandle
ReadFile
DeleteFileW
GetFileType
SetFileInformationByHandle
CreateDirectoryW
CompareFileTime
FindClose

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
WideCharToMultiByte
GetStringTypeExW
MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
ExpandEnvironmentStringsW
GetCommandLineW
ExpandEnvironmentStringsA

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
CreateThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-stringansi-l1-1-0

IsCharAlphaA
CharNextA
IsCharAlphaNumericA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalReAlloc
GlobalSize

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

rasman

RasSetKey
RasGetKey
RasGetUnicodeDeviceName
RasSetPortUserData
RasDoIke
RasIsTrustedCustomDll
RasInitialize
RasGetPortUserData
RasmanUninitialize
RasFreeBuffer
RasPortCancelReceive
RasGetInfo
RasSetConnectionUserData
RasSendCreds
RasPortReceive
RasPortSetInfo
RasGetBuffer
RasPortSend
RasPortReceiveEx
RasPortDisconnect

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-eventing-controller-l1-1-0

StartTraceW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

api-ms-win-core-psapi-ansi-l1-1-0

K32GetModuleBaseNameA

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsGetStringLen
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ComputeHashFromEntryName
DDMComputeLuid
DDMFreeDialingParam
DDMFreePhonebookContext
DDMFreeRemoteEndpoint
DDMGetAddressesFromPhonebook
DDMGetEapInfo
DDMGetEapUserIdentityW
DDMGetPhoneBookContext
DDMGetPhonebookInfo
DDMGetProtocolStartParams
DDMGetRasDialParams
DDMGetRasDialingParams
DDMGetTunnelEndpoints
DDMRasPbkEntryCleanup
DDMUpdateProtocolConfigInfoFromEntry
DwCloneEntry
DwEnumEntryDetails
DwEnumEntryDetailsEx
DwRasUninitialize
GetAutoTriggerProfileInfo
IsActiveAutoTriggerConnection
IsActiveAutoTriggerConnectionEx
RasAutoDialSharedConnection
RasAutodialAddressToNetwork
RasAutodialEntryToNetwork
RasClearConnectionStatistics
RasClearLinkStatistics
RasCompleteDialMachineCleanup
RasConfigUserProxySettingsW
RasConnectionNotificationA
RasConnectionNotificationW
RasCreatePhonebookEntryA
RasCreatePhonebookEntryW
RasDeleteEntryA
RasDeleteEntryW
RasDeleteSubEntryA
RasDeleteSubEntryW
RasDialA
RasDialW
RasEditPhonebookEntryA
RasEditPhonebookEntryW
RasEnumAutodialAddressesA
RasEnumAutodialAddressesW
RasEnumConnectionsA
RasEnumConnectionsW
RasEnumDevicesA
RasEnumDevicesW
RasEnumEntriesA
RasEnumEntriesW
RasFreeEapUserIdentityA
RasFreeEapUserIdentityW
RasFreeEntryAdvancedProperties
RasGetAutoTriggerConnectStatus
RasGetAutodialAddressA
RasGetAutodialAddressW
RasGetAutodialEnableA
RasGetAutodialEnableW
RasGetAutodialParamA
RasGetAutodialParamW
RasGetConnectStatusA
RasGetConnectStatusW
RasGetConnectionErrorStringW
RasGetConnectionStatistics
RasGetCountryInfoA
RasGetCountryInfoW
RasGetCredentialsA
RasGetCredentialsW
RasGetCustomAuthDataA
RasGetCustomAuthDataW
RasGetEapUserDataA
RasGetEapUserDataW
RasGetEapUserIdentityA
RasGetEapUserIdentityW
RasGetEntryAdvancedProperties
RasGetEntryDialParamsA
RasGetEntryDialParamsW
RasGetEntryHrasconnW
RasGetEntryPropertiesA
RasGetEntryPropertiesW
RasGetErrorStringA
RasGetErrorStringW
RasGetHport
RasGetLinkStatistics
RasGetNapStatus
RasGetPCscf
RasGetPbkPath
RasGetProjectionInfoA
RasGetProjectionInfoEx
RasGetProjectionInfoW
RasGetSubEntryHandleA
RasGetSubEntryHandleW
RasGetSubEntryPropertiesA
RasGetSubEntryPropertiesW
RasHandleTriggerConnDisconnect
RasHangUpA
RasHangUpW
RasInvokeEapUI
RasIsPublicPhonebook
RasIsSharedConnection
RasNQMStateEnteredNotification
RasQueryRedialOnLinkFailure
RasQuerySharedAutoDial
RasQuerySharedConnection
RasRegisterEntryChangeNotification
RasRemoveToastNotification
RasRenameEntryA
RasRenameEntryW
RasRestoreDefaultLegacyProxySettings
RasScriptExecute
RasScriptGetIpAddress
RasScriptInit
RasScriptReceive
RasScriptSend
RasScriptTerm
RasSetAutoTriggerProfile
RasSetAutoTriggerProfileEx
RasSetAutodialAddressA
RasSetAutodialAddressW
RasSetAutodialEnableA
RasSetAutodialEnableW
RasSetAutodialParamA
RasSetAutodialParamW
RasSetCredentialsA
RasSetCredentialsW
RasSetCustomAuthDataA
RasSetCustomAuthDataW
RasSetEapUserDataA
RasSetEapUserDataAEx
RasSetEapUserDataW
RasSetEapUserDataWEx
RasSetEntryAdvancedProperties
RasSetEntryDialParamsA
RasSetEntryDialParamsW
RasSetEntryPropertiesA
RasSetEntryPropertiesW
RasSetOldPassword
RasSetPerConnectionProxy
RasSetSharedAutoDial
RasSetSubEntryPropertiesA
RasSetSubEntryPropertiesW
RasShowToastNotificationEx
RasTriggerConnection
RasTriggerConnectionEx
RasTriggerDisconnection
RasTriggerDisconnectionEx
RasUnregisterEntryChangeNotification
RasUpdateConnection
RasValidateEntryNameA
RasValidateEntryNameW
RasWriteSharedPbkOptions
UnInitializeRAS

Sections

.text
Size: 866KB - Virtual size: 865KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rasapi32/wevtsvc.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

a905ef31a7398e7354ddfcec5cc82a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wevtsvc.pdb

Imports

msvcp_win

_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z

api-ms-win-crt-string-l1-1-0

wcsspn
wcsncmp
wcspbrk
strncmp
wcscspn
strnlen
memset
wcscmp
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__strnicmp
_o__ui64tow_s
_o__ultow_s
_o__wcsicmp
_o__wcsnicmp
_o__wcstoi64
_o__wcstoui64
_o__wfopen
memmove
_o__wtof
_o__wtoi
_o__wtoi64
_o__wtol
_o_bsearch
_o_calloc
_o_fclose
_o_fgetws
_o_free
_o_iswalnum
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_malloc
_o_memcpy_s
_o_qsort
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstok_s
_o_wcstol
_o_wcstoul
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
wcsrchr
wcsstr
__CxxFrameHandler3
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__i64tow_s
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
strrchr
strchr
wcschr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__crt_atexit
_o__configure_narrow_argv
_CxxThrowException
memcmp
memcpy
_o__cexit

ntdll

NtQuerySystemInformation
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlReleaseSRWLockExclusive
NtDeleteFile
RtlAcquireSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlEthernetAddressToStringW
RtlIpv6AddressToStringW
RtlAnsiStringToUnicodeString
NtOpenProcess
RtlInitUnicodeString
NtDuplicateObject
RtlEnumerateGenericTableAvl
RtlInitializeGenericTableAvl
RtlGetPersistedStateLocation
RtlSetLastWin32Error
NtReadFile
NtWriteFile
NtClose
RtlComputeCrc32
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlGetLastNtStatus
NtSetInformationFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlSecondsSince1970ToTime
RtlNtStatusToDosError
NtQueryVolumeInformationFile
NtCreateFile
RtlDeleteCriticalSection
RtlTimeToSecondsSince1970
NtQueryAttributesFile
RtlNtStatusToDosErrorNoTeb
RtlLengthSid
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlGetVersion
NtQuerySystemTime

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSize
HeapReAlloc
HeapDestroy
HeapAlloc
HeapFree

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle

rpcrt4

NdrAsyncServerCall
I_RpcMapWin32Status
RpcAsyncCompleteCall
RpcBindingVectorFree
RpcServerUseProtseqExW
RpcServerUseProtseqEpW
RpcServerUnregisterIfEx
RpcBindingToStringBindingW
Ndr64AsyncServerCallAll
NdrServerCall2
RpcServerRegisterIf3
RpcStringFreeW
RpcStringBindingParseW
RpcServerRegisterIfEx
RpcImpersonateClient
RpcRevertToSelf
RpcServerRegisterAuthInfoW
UuidCreate
RpcEpUnregister
RpcEpRegisterW
RpcServerInqCallAttributesW
RpcServerInqBindings
NdrServerCallAll
RpcRevertToSelfEx
I_RpcBindingInqLocalClientPID
I_RpcBindingIsClientLocal
RpcServerSubscribeForNotification
RpcServerUnsubscribeForNotification

api-ms-win-core-perfcounters-l1-1-0

PerfStopProvider
PerfSetCounterRefValue
PerfSetCounterSetInfo
PerfCreateInstance
PerfStartProviderEx
PerfDeleteInstance

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceBeginInitialize
Sleep
InitializeConditionVariable
InitOnceComplete

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventProviderEnabled
EventSetInformation
EventUnregister
EventActivityIdControl

api-ms-win-core-registry-l1-1-0

RegGetKeySecurity
RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegNotifyChangeKeyValue
RegDeleteKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW

api-ms-win-security-base-l1-1-0

AccessCheck
PrivilegeCheck
AccessCheckAndAuditAlarmW
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
GetAclInformation
InitializeAcl
GetLengthSid
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
AdjustTokenPrivileges
IsValidSecurityDescriptor
IsValidSid
AllocateAndInitializeSid
MapGenericMask
AddAce
IsWellKnownSid
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
CreateWellKnownSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
FreeSid
MakeSelfRelativeSD
GetAce
GetTokenInformation

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
OpenEventW
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockShared
WaitForMultipleObjectsEx
InitializeSRWLock
InitializeCriticalSectionEx
LeaveCriticalSection
TryAcquireSRWLockExclusive
CreateEventW
CancelWaitableTimer
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
ResetEvent
CreateWaitableTimerExW
CreateMutexExW
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
SetWaitableTimer
SetEvent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetProcAddress
GetModuleFileNameW
SizeofResource
FreeResource
LockResource
GetModuleHandleExW
FindResourceExW
GetModuleFileNameA
LoadLibraryExW
LoadResource

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
StartThreadpoolIo
WaitForThreadpoolTimerCallbacks
CloseThreadpoolIo
CreateThreadpoolIo
CloseThreadpoolTimer
WaitForThreadpoolIoCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
CancelThreadpoolIo
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

CreateThread
TlsAlloc
SetThreadToken
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken
TerminateProcess
TlsFree
GetCurrentThread
TlsSetValue
GetCurrentProcessId
TlsGetValue

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLangID
GetThreadLocale
SetThreadPreferredUILanguages
GetThreadPreferredUILanguages
SetThreadUILanguage
GetThreadUILanguage
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-kernel32-legacy-l1-1-0

PulseEvent

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GlobalMemoryStatusEx
GetComputerNameExW
GetLocalTime
GetSystemTimeAsFileTime
GetTickCount64
GetSystemTime
GetVersionExW

api-ms-win-core-file-l1-1-0

SetFilePointer
GetDiskFreeSpaceExW
FlushFileBuffers
ReadFile
CreateDirectoryW
WriteFile
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetTempFileNameW
DeleteFileW
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileSizeEx
CreateFileW
CompareFileTime
GetFileSize
GetFileAttributesExW
GetFileAttributesW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-file-l1-2-0

GetTempPathW

userenv

EnterCriticalPolicySection
RegisterGPNotification
UnregisterGPNotification
LeaveCriticalPolicySection

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-service-core-l1-1-3

GetServiceRegistryStateKey

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

ws2_32

WSAStartup
WSAGetLastError
setsockopt
ntohl
WSASocketW
ntohs
WSAAddressToStringW
WSASend
WSAIoctl
listen
WSACleanup
WSAStringToAddressW
WSARecv
closesocket
getpeername
bind

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetEnvironmentVariableW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptGetProperty
BCryptCreateHash

api-ms-win-core-state-helpers-l1-1-0

GetRegistryValueWithFallbackW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-service-core-l1-1-4

GetServiceDirectory

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobalsEx

Sections

.text
Size: 940KB - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 206KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows:6 windows x86 arch:x86

Password: 2024

d79dd35f147f0bd91cc18a6615fcfa5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb

Imports

kernel32

WriteFile
DeleteFileW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateEventExW
WaitForSingleObject
CreateProcessW
GetLastError
GetExitCodeProcess
SetEvent
RemoveDirectoryW
GetProcAddress
GetModuleHandleW
GetWindowsDirectoryW
CreateDirectoryW
GetTempPathW
GetTempFileNameW
MoveFileW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
CreateEventW
FindClose
FindFirstFileW
GetFullPathNameW
InitializeCriticalSection
lstrcpynW
CreateThread
LoadLibraryExW
GetCurrentProcess
Sleep
WideCharToMultiByte
GetDiskFreeSpaceExW
DecodePointer
GetExitCodeThread
GetCurrentProcessId
FreeLibrary
GetSystemDirectoryW
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
lstrcmpiW
LoadLibraryW
GetDriveTypeW
CompareStringW
FindNextFileW
GetLogicalDriveStringsW
GetFileSize
GetFileAttributesW
GetShortPathNameW
GetFinalPathNameByHandleW
SetFileAttributesW
GetFileTime
CopyFileW
ReadFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
MultiByteToWideChar
GetSystemInfo
WaitForMultipleObjects
GetVersionExW
CreateSemaphoreW
ReleaseSemaphore
GlobalMemoryStatus
GetModuleHandleA
GetProcessAffinityMask
VirtualProtect
VirtualQuery
LoadLibraryExA
GetStringTypeW
LocalFree
LocalAlloc
SetUnhandledExceptionFilter
FileTimeToSystemTime
GetEnvironmentVariableW
GetSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FormatMessageW
GetEnvironmentStringsW
InitializeCriticalSectionEx
LoadLibraryA
GetModuleFileNameA
GetCurrentThread
GetConsoleOutputCP
CloseHandle
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process
SetConsoleTextAttribute
GetStdHandle
GetConsoleScreenBufferInfo
OutputDebugStringW
GetTickCount
GetCommandLineW
SetCurrentDirectoryW
SetEndOfFile
EnumResourceLanguagesW
GetSystemDefaultLangID
GetUserDefaultLangID
GetLocalTime
ResetEvent
GlobalFree
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
CreateNamedPipeW
ConnectNamedPipe
TerminateThread
CompareFileTime
CopyFileExW
OpenEventW
PeekNamedPipe
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetSystemTimeAsFileTime
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ReadConsoleW
WriteConsoleW
FlushFileBuffers
CreateFileW

imagehlp

SymGetModuleBase
SymFunctionTableAccess
SymGetLineFromAddr
SymSetSearchPath
SymCleanup
SymInitialize
SymSetOptions
StackWalk

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 690KB - Virtual size: 689KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wevtsvc/Licenses/OEM/Professional/license.rtf
.rtf
wevtsvc/Licenses/Volume/Professional/license.rtf
.rtf
wevtsvc/Licenses/_Default/Professional/license.rtf
.rtf
wevtsvc/wevtsvc.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

a905ef31a7398e7354ddfcec5cc82a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wevtsvc.pdb

Imports

msvcp_win

_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z

api-ms-win-crt-string-l1-1-0

wcsspn
wcsncmp
wcspbrk
strncmp
wcscspn
strnlen
memset
wcscmp
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__strnicmp
_o__ui64tow_s
_o__ultow_s
_o__wcsicmp
_o__wcsnicmp
_o__wcstoi64
_o__wcstoui64
_o__wfopen
memmove
_o__wtof
_o__wtoi
_o__wtoi64
_o__wtol
_o_bsearch
_o_calloc
_o_fclose
_o_fgetws
_o_free
_o_iswalnum
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_malloc
_o_memcpy_s
_o_qsort
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstok_s
_o_wcstol
_o_wcstoul
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
wcsrchr
wcsstr
__CxxFrameHandler3
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__i64tow_s
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
strrchr
strchr
wcschr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__crt_atexit
_o__configure_narrow_argv
_CxxThrowException
memcmp
memcpy
_o__cexit

ntdll

NtQuerySystemInformation
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlReleaseSRWLockExclusive
NtDeleteFile
RtlAcquireSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlEthernetAddressToStringW
RtlIpv6AddressToStringW
RtlAnsiStringToUnicodeString
NtOpenProcess
RtlInitUnicodeString
NtDuplicateObject
RtlEnumerateGenericTableAvl
RtlInitializeGenericTableAvl
RtlGetPersistedStateLocation
RtlSetLastWin32Error
NtReadFile
NtWriteFile
NtClose
RtlComputeCrc32
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlGetLastNtStatus
NtSetInformationFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlSecondsSince1970ToTime
RtlNtStatusToDosError
NtQueryVolumeInformationFile
NtCreateFile
RtlDeleteCriticalSection
RtlTimeToSecondsSince1970
NtQueryAttributesFile
RtlNtStatusToDosErrorNoTeb
RtlLengthSid
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlGetVersion
NtQuerySystemTime

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSize
HeapReAlloc
HeapDestroy
HeapAlloc
HeapFree

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle

rpcrt4

NdrAsyncServerCall
I_RpcMapWin32Status
RpcAsyncCompleteCall
RpcBindingVectorFree
RpcServerUseProtseqExW
RpcServerUseProtseqEpW
RpcServerUnregisterIfEx
RpcBindingToStringBindingW
Ndr64AsyncServerCallAll
NdrServerCall2
RpcServerRegisterIf3
RpcStringFreeW
RpcStringBindingParseW
RpcServerRegisterIfEx
RpcImpersonateClient
RpcRevertToSelf
RpcServerRegisterAuthInfoW
UuidCreate
RpcEpUnregister
RpcEpRegisterW
RpcServerInqCallAttributesW
RpcServerInqBindings
NdrServerCallAll
RpcRevertToSelfEx
I_RpcBindingInqLocalClientPID
I_RpcBindingIsClientLocal
RpcServerSubscribeForNotification
RpcServerUnsubscribeForNotification

api-ms-win-core-perfcounters-l1-1-0

PerfStopProvider
PerfSetCounterRefValue
PerfSetCounterSetInfo
PerfCreateInstance
PerfStartProviderEx
PerfDeleteInstance

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceBeginInitialize
Sleep
InitializeConditionVariable
InitOnceComplete

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventProviderEnabled
EventSetInformation
EventUnregister
EventActivityIdControl

api-ms-win-core-registry-l1-1-0

RegGetKeySecurity
RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegNotifyChangeKeyValue
RegDeleteKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW

api-ms-win-security-base-l1-1-0

AccessCheck
PrivilegeCheck
AccessCheckAndAuditAlarmW
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
GetAclInformation
InitializeAcl
GetLengthSid
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
AdjustTokenPrivileges
IsValidSecurityDescriptor
IsValidSid
AllocateAndInitializeSid
MapGenericMask
AddAce
IsWellKnownSid
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
CreateWellKnownSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
FreeSid
MakeSelfRelativeSD
GetAce
GetTokenInformation

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
OpenEventW
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockShared
WaitForMultipleObjectsEx
InitializeSRWLock
InitializeCriticalSectionEx
LeaveCriticalSection
TryAcquireSRWLockExclusive
CreateEventW
CancelWaitableTimer
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
ResetEvent
CreateWaitableTimerExW
CreateMutexExW
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
SetWaitableTimer
SetEvent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetProcAddress
GetModuleFileNameW
SizeofResource
FreeResource
LockResource
GetModuleHandleExW
FindResourceExW
GetModuleFileNameA
LoadLibraryExW
LoadResource

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
StartThreadpoolIo
WaitForThreadpoolTimerCallbacks
CloseThreadpoolIo
CreateThreadpoolIo
CloseThreadpoolTimer
WaitForThreadpoolIoCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
CancelThreadpoolIo
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

CreateThread
TlsAlloc
SetThreadToken
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken
TerminateProcess
TlsFree
GetCurrentThread
TlsSetValue
GetCurrentProcessId
TlsGetValue

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLangID
GetThreadLocale
SetThreadPreferredUILanguages
GetThreadPreferredUILanguages
SetThreadUILanguage
GetThreadUILanguage
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-kernel32-legacy-l1-1-0

PulseEvent

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GlobalMemoryStatusEx
GetComputerNameExW
GetLocalTime
GetSystemTimeAsFileTime
GetTickCount64
GetSystemTime
GetVersionExW

api-ms-win-core-file-l1-1-0

SetFilePointer
GetDiskFreeSpaceExW
FlushFileBuffers
ReadFile
CreateDirectoryW
WriteFile
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetTempFileNameW
DeleteFileW
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileSizeEx
CreateFileW
CompareFileTime
GetFileSize
GetFileAttributesExW
GetFileAttributesW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-file-l1-2-0

GetTempPathW

userenv

EnterCriticalPolicySection
RegisterGPNotification
UnregisterGPNotification
LeaveCriticalPolicySection

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-service-core-l1-1-3

GetServiceRegistryStateKey

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

ws2_32

WSAStartup
WSAGetLastError
setsockopt
ntohl
WSASocketW
ntohs
WSAAddressToStringW
WSASend
WSAIoctl
listen
WSACleanup
WSAStringToAddressW
WSARecv
closesocket
getpeername
bind

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetEnvironmentVariableW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptGetProperty
BCryptCreateHash

api-ms-win-core-state-helpers-l1-1-0

GetRegistryValueWithFallbackW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-service-core-l1-1-4

GetServiceDirectory

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobalsEx

Sections

.text
Size: 940KB - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 206KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wevtsvc/win32spl.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

8b131f6c824bbfd621b1af5c1e0b0060

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

win32spl.pdb

Imports

msvcrt

wcstol
wcscpy_s
wcstoul
tolower
_wcsnicmp
_wtol
wcsnlen
wcsstr
_wcsicmp
wcsncmp
??_V@YAXPEAX@Z
_itow_s
qsort
malloc
_purecall
memmove_s
??0exception@@QEAA@AEBV0@@Z
_callnewh
_CxxThrowException
_wcstoi64
_get_errno
memcpy
??3@YAXPEAX@Z
??1exception@@UEAA@XZ
memmove
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_set_errno
_wcsdup
_open
_errno
_read
_write
_close
_lseek
_wopen
_stricmp
swprintf_s
sprintf_s
wcsrchr
isdigit
isupper
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
localeconv
strcspn
__uncaught_exception
setlocale
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__pctype_func
calloc
islower
??8type_info@@QEBAHAEBV0@@Z
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
abort
memset
memchr
memcmp
sqrt
_XcptFilter
_amsg_exit
free
_initterm
?terminate@@YAXXZ
wcschr
_wtof
strchr
_wcslwr
__CxxFrameHandler3
iswspace
strcpy_s
wcstok_s
wcscat_s
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
__C_specific_handler
wcscmp

ntdll

NtSetInformationThread
NtOpenThreadToken
RtlFreeHeap
RtlInitUnicodeString
NtSetInformationToken
RtlAllocateHeap
WinSqmIncrementDWORD
WinSqmAddToStreamEx
WinSqmSetDWORD
WinSqmIsOptedIn
EtwEventWrite
EtwEventEnabled
EtwEventUnregister
EtwEventRegister
RtlValidRelativeSecurityDescriptor
RtlIsThreadWithinLoaderCallout
NtFsControlFile
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
TpAllocPool
TpSetPoolMinThreads
TpSetPoolMaxThreads
NtOpenProcessToken
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
RtlInitAnsiString
RtlOemStringToUnicodeString
RtlUnicodeToOemN
RtlxUnicodeStringToOemSize
NtImpersonateAnonymousToken
NtCreateFile
TpReleaseWait
TpWaitForWait
TpReleaseWork
TpWaitForWork
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
RtlNtStatusToDosError
TpSimpleTryPost
TpSetWait
TpCallbackMayRunLong
TpReleasePool
TpReleaseAlpcCompletion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VerSetConditionMask
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
NtClose

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-file-l1-1-0

LocalFileTimeToFileTime
FindNextFileW
FindFirstFileW
RemoveDirectoryW
SetFileTime
SetFileAttributesW
FindClose
DeleteFileW
SetFilePointerEx
WriteFile
CreateFileW
ReadFile
SetEndOfFile
CreateDirectoryW
GetFileSize
GetFileAttributesW
CompareFileTime
GetFullPathNameW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
LoadStringW
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages
FormatMessageW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

rpcrt4

RpcAsyncCompleteCall
RpcSmDestroyClientContext
NdrClientCall3
RpcStringFreeW
NdrMesProcEncodeDecode3
MesEncodeIncrementalHandleCreate
MesDecodeIncrementalHandleCreate
Ndr64AsyncClientCall
RpcBindingSetObject
RpcEpResolveBinding
RpcAsyncInitializeHandle
I_RpcExceptionFilter
RpcBindingSetOption
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
MesHandleFree
RpcBindingFree

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
SetThreadToken
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
TerminateProcess
GetCurrentThreadId
ExitProcess

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockShared
CreateSemaphoreExW
ReleaseSemaphore
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
CreateEventW
CreateMutexExW
InitializeCriticalSection
CreateEventExW
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
WaitForSingleObjectEx
ReleaseMutex
LeaveCriticalSection

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
IsThreadpoolTimerSet
CloseThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenCurrentUser
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyExW
RegEnumKeyExW

api-ms-win-security-base-l1-1-0

MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AddAccessDeniedAceEx
CheckTokenMembership
SetTokenInformation
AddAccessAllowedAceEx
IsWellKnownSid
GetTokenInformation
DuplicateTokenEx
CopySid
CreateWellKnownSid
RevertToSelf
ImpersonateLoggedOnUser
InitializeAcl
EqualSid
GetLengthSid
GetSecurityDescriptorLength
AllocateAndInitializeSid
IsTokenRestricted
IsValidSecurityDescriptor

oleaut32

GetRecordInfoFromTypeInfo
SafeArrayCopyData
VariantCopy
LoadTypeLi
VariantCopyInd
VariantChangeType
SysAllocStringLen
BSTR_UserMarshal64
SetErrorInfo
LoadRegTypeLi
LPSAFEARRAY_UserSize64
BSTR_UserSize64
BSTR_UserFree64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal64
BSTR_UserMarshal
BSTR_UserUnmarshal
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserFree64
SafeArrayGetElement
SysStringLen
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayDestroy
BSTR_UserSize
SafeArrayCreateVector
BSTR_UserFree
LPSAFEARRAY_UserSize
VariantClear
SysAllocString
BSTR_UserUnmarshal64
LPSAFEARRAY_UserFree
SafeArrayPtrOfIndex
SysFreeString
VariantInit
LPSAFEARRAY_UserUnmarshal

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemInfo
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-security-lsalookup-l1-1-0

LookupAccountNameLocalW
LookupAccountSidLocalW

spoolss

CacheIsNameInNodeList
IsNamedPipeRpcCall
SetJobW
GetPrinterDriverW
CallRouterFindFirstPrinterChangeNotification
SetPortW
GetJobW
GetPrinterDriverDirectoryW
GetServerPolicy
GetJobNamedPropertyValue
AllocSplStr
RouterCreatePrintAsyncNotificationChannel
SplRegisterForSessionEvents
SplUnregisterForSessionEvents
ReplyPrinterChangeNotification
PartialReplyPrinterChangeNotification
SpoolerRefreshPrinterChangeNotification
SpoolerFindClosePrinterChangeNotification
SpoolerFindFirstPrinterChangeNotification
GetPrinterW
OpenPrinter2W
AppendPrinterNotifyInfoData
RouterAllocPrinterNotifyInfo
RouterFreePrinterNotifyInfo
ReplyPrinterChangeNotificationEx
DllFreeSplStr
FreePrintPropertyValue
EnumPrintersW
MIDL_user_allocate1
MIDL_user_free1
IsNameTheLocalMachineOrAClusterSpooler
DeletePrinterConnectionW
RevertToPrinterSelf
ImpersonatePrinterClient
OpenPrinterW
ClosePrinter
DllFreeSplMem
DllAllocSplMem
CallDrvDevModeConversion
AllowRemoteCalls
GetPrinterDataW

localspl

SplAddPrinter
SplAddMonitor
SplCopyNumberOfFiles
SplEnumPrinterDrivers
SplIsCompatibleDriver
SplEnumPrinters
SplEnumPorts
SplXcvData
SplIsDriverInstalled
SplOpenPrinter
SplSetJobNamedProperty
SplDeleteJobNamedProperty
SplSetForm
SplDoesCSRPrinterDevnodeExist
SplGetDriverUpdateStatus
SplRegeneratePrintDeviceCapabilities
SplAddForm
SplDeleteForm
SplSetJobError
SplPrintSupportOperation
SplIppCreateJobOnPrinter
SplIppGetJobAttributes
SplIppSetJobAttributes
SplCloseSpooler
SplDeleteSpooler
SplCreateSpooler
SplNotifyServerStatus
SplGetPrintClassObject_4CSR
SplIsLocalDriverAvailable
SplSetDriverUpdateStatus
SplAddPrinterDriverEx
SplGetUserPropertyBag
SplSetJob
SplEnumJobs
SplDeletePrinterWithJobs
SplGetPrinter
SplSetPrinter
SplSetJobExtra
SplGetDriverDir
SplSetCSRPrinterDevnode
LocalAddForm
SplCopyFileEvent
SplLoadLibraryTheCopyFileModule
SplGetJobExtra
LocalDeleteForm
LocalEnumForms
SplEnumForms
SplGetForm
SplMonitorIsInstalled
SplGetPrintClassObject
SplDeletePrintProcCacheData
SplEnumPrintProcCacheData
SplGetLocalDevMode
SplSetPrintProcCacheData
SplGetPrintProcCacheData
SplEnumPrinterKey
SplEnumPrinterDataEx
SplEnumPrinterData
SplDeletePrinterKey
SplDeletePrinterDataEx
SplDeletePrinterData
SplSetPrinterDataEx
SplSetPrinterData
SplGetPrinterDataEx
SplGetPrinterData
SplGetPrinterDriver
SplGetPrinterDriverEx
SplResetPrinter
SplDeletePrinterIC
SplPlayGdiScriptOnPrinterIC
SplCreatePrinterIC
SplEnumJobNamedProperties
SplGetJobNamedPropertyValue
SplReportJobProcessingProgress
SplGetJob
SplScheduleJob
SplAddJob
SplAbortPrinter
LocalReadPrinter
SplWritePrinter
SplEndDocPrinter
SplEndPagePrinter
SplStartPagePrinter
SplStartDocPrinter
SplClosePrinter
SplAddCSRPrinter
SplEnableCSRPrinterDeviceInterface
SplDriverEvent

shlwapi

SHCreateStreamOnFileW

setupapi

SetupDiCreateDeviceInfoListExW
SetupDiOpenDeviceInfoW
SetupDiGetDevicePropertyW
SetupDiDestroyDeviceInfoList
CMP_WaitNoPendingInstallEvents
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW

cfgmgr32

SwDeviceSetLifetime
SwDeviceClose
SwDeviceCreate

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery
DevCreateObjectQuery
DevCreateObjectQueryFromId

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime
GetComputerNameW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

kernelbase

LocalAlloc
LocalReAlloc
GetIsEdpEnabled

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetTimeZoneInformation

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

iphlpapi

GetAdaptersAddresses

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
RegisterEventSourceW
ReportEventW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileSectionW
GetPrivateProfileStringW

Exports

Exports

DllMain
InitializePrintMonitor2
InitializePrintProvidor

Sections

.text
Size: 884KB - Virtual size: 883KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

Password: 2024

a85b9adaebf974dc2564089a91050e4f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-string-l2-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

oleaut32

api-ms-win-core-synch-l1-2-1

rpcrt4

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l1-1-0

advapi32

user32

shlwapi

shell32

shcore

ntdll

api-ms-win-devices-query-l1-1-0

api-ms-win-devices-query-l1-1-1

windows.storage

kernel32

msvcrt

wincorlib

ole32

api-ms-win-security-base-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

combase

Exports

Exports

Sections

.text Size: 847KB - Virtual size: 847KB

.rdata Size: 354KB - Virtual size: 354KB

.data Size: 77KB - Virtual size: 81KB

.pdata Size: 45KB - Virtual size: 45KB

.didat Size: 512B - Virtual size: 32B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 17KB

Password: 2024

e932e3f0df205f2040dca6c08ecc3666

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

.text
Size: 847KB - Virtual size: 847KB

.rdata
Size: 354KB - Virtual size: 354KB

.data
Size: 77KB - Virtual size: 81KB

.pdata
Size: 45KB - Virtual size: 45KB

.didat
Size: 512B - Virtual size: 32B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 17KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 586KB - Virtual size: 585KB

.data
Size: 40KB - Virtual size: 50KB

.pdata
Size: 66KB - Virtual size: 66KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB