f344c4852130dfeec9a070ac6c81078dd0a74bda08693a1f66a2c506e232272f

Sharing

Copy URL Twitter E-mail

General

Target

f344c4852130dfeec9a070ac6c81078dd0a74bda08693a1f66a2c506e232272f
Size

11.7MB
MD5

771f913f8d5fd24122083bda5825aa8c
SHA1

9a5689f1c7cb769cbf3eaa3ead6184fe1a742f43
SHA256

f344c4852130dfeec9a070ac6c81078dd0a74bda08693a1f66a2c506e232272f
SHA512

42588f4d147a3e5653dbada78f25205c7a3eadd2c3b183a0148831ebe16cdb40bf643332ea735859f827f8f3dc617d36b79cd1ea00dbf9c1b953eefac61e9c95
SSDEEP

196608:Vf476afDXbBreIiQOns/6tjwsBW9o+Jer1dYvYoZ3N+yrpQzfr5uyZOoBZGj07O:VS6a/YIiQjIwGW9o+J+1+9KfrwgOoTGN

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NTLite_65888/NTLitex64/NTLite.exe
unpack001/NTLite_65888/NTLitex64/Tools/7-zip/x64/7z.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-advapi32-l1-1-1.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-advapi32-l4-1-0.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-kernel32-l1-1-0.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-kernel32-l2-1-0.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-ole32-l1-1-1.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-user32-l1-1-1.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-version-l1-1-0.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-advapi32-l1-1-1.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-advapi32-l4-1-0.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-kernel32-l1-1-0.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-kernel32-l2-1-0.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-ole32-l1-1-1.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-user32-l1-1-1.dll
unpack001/NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-version-l1-1-0.dll
unpack001/NTLite_65888/NTLitex64/Tools/wimlib/x64/libwim-15.dll

Files

f344c4852130dfeec9a070ac6c81078dd0a74bda08693a1f66a2c506e232272f
.zip
NTLite_65888/32R下载站 - 免费软件_绿色软件_32R下载站是最安全的软件官方下载网站.url
NTLite_65888/NTLitex64/HWLists/Hyper-V VM.xml
.xml
NTLite_65888/NTLitex64/HWLists/Parallels VM.xml
.xml
NTLite_65888/NTLitex64/HWLists/VMware VM.xml
.xml
NTLite_65888/NTLitex64/HWLists/Virtual Box VM.xml
.xml
NTLite_65888/NTLitex64/Lang/Arabic.xml
NTLite_65888/NTLitex64/Lang/Chinese (Simplified).xml
NTLite_65888/NTLitex64/Lang/Chinese (Traditional).xml
NTLite_65888/NTLitex64/Lang/Czech.xml
NTLite_65888/NTLitex64/Lang/Dutch.xml
NTLite_65888/NTLitex64/Lang/Farsi.xml
NTLite_65888/NTLitex64/Lang/French.xml
NTLite_65888/NTLitex64/Lang/German.xml
NTLite_65888/NTLitex64/Lang/Greek.xml
NTLite_65888/NTLitex64/Lang/Hrvatski.xml
NTLite_65888/NTLitex64/Lang/Italian.xml
NTLite_65888/NTLitex64/Lang/Korean.xml
NTLite_65888/NTLitex64/Lang/Polish.xml
NTLite_65888/NTLitex64/Lang/Portuguese (Brazil).xml
.xml
NTLite_65888/NTLitex64/Lang/Russian.xml
NTLite_65888/NTLitex64/Lang/Spanish.xml
NTLite_65888/NTLitex64/Lang/Template.xml
NTLite_65888/NTLitex64/Lang/Turkish.xml
NTLite_65888/NTLitex64/Lang/Ukrainian.xml
NTLite_65888/NTLitex64/Lang/readme.txt
NTLite_65888/NTLitex64/License.txt
NTLite_65888/NTLitex64/NTLite.exe
.exe windows:6 windows x64 arch:x64

01b0ffeb652a78413e5e6e13b51ddf45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NTLite.pdb

Imports

kernel32

GetModuleHandleA

user32

CreateMenu

advapi32

RegisterEventSourceW

shell32

SHGetIconOverlayIndexA

Sections

Size: - Virtual size: 10.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 63B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
NTLite_65888/NTLitex64/Tools/7-zip/readme.txt
NTLite_65888/NTLitex64/Tools/7-zip/x64/7z.dll
.dll windows:4 windows x64 arch:x64

09c182b10b88cd78aa1b9a1fdb0142e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysStringLen
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
SysFreeString
SysAllocStringLen

user32

CharUpperW
CharPrevExA

advapi32

SystemFunction036

msvcrt

strcpy
memset
realloc
free
malloc
__CxxFrameHandler
strlen
strcat
strstr
_CxxThrowException
wcscmp
strcmp
memmove
memcpy
memcmp
_purecall
strchr
__C_specific_handler
_beginthreadex
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
Sleep
CreateEventW
WaitForSingleObject
VirtualFree
VirtualAlloc
SetEvent
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatusEx
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
CompareFileTime
WriteFile
ReadFile
GetFileAttributesW
GetModuleHandleA
FindFirstFileW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateFileW
SetFileAttributesW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
GetTempPathW
SetLastError
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-advapi32-l1-1-1.dll
.dll windows:6 windows x86 arch:x86

0b843de3a792415d23272c775ed89891

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AddAce
AdjustTokenPrivileges
CopySid
GetAclInformation
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSidLengthRequired
GetSidSubAuthority
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsValidSecurityDescriptor
IsValidSid
MakeAbsoluteSD
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegisterTraceGuidsW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
TraceEvent
UnregisterTraceGuids
AddAccessAllowedAce
AllocateAndInitializeSid
CheckTokenMembership
EqualSid
FreeSid
GetTokenInformation
OpenThreadToken
RegQueryInfoKeyW
EventWriteTransfer
EventActivityIdControl
EventUnregister
EventRegister
DuplicateTokenEx
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteTreeW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegGetValueW
RegLoadKeyW
RegQueryValueExW
RegSetValueExW
RegUnLoadKeyW
SetThreadToken

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
LCMapStringW
GetProcessHeap
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
DecodePointer

Exports

Exports

??4CDownlevelAdvapi32l111@@QAEAAV0@$$QAV0@@Z
??4CDownlevelAdvapi32l111@@QAEAAV0@ABV0@@Z
?AddAccessAllowedAce@CDownlevelAdvapi32l111@@QAGHPAU_ACL@@KKPAX@Z
?AddAce@CDownlevelAdvapi32l111@@QAGHPAU_ACL@@KKPAXK@Z
?AdjustTokenPrivileges@CDownlevelAdvapi32l111@@QAGHPAXHPAU_TOKEN_PRIVILEGES@@K1PAK@Z
?AllocateAndInitializeSid@CDownlevelAdvapi32l111@@QAGHPAU_SID_IDENTIFIER_AUTHORITY@@EKKKKKKKKPAPAX@Z
?CheckTokenMembership@CDownlevelAdvapi32l111@@QAGHPAX0PAH@Z
?CopySid@CDownlevelAdvapi32l111@@QAGHKPAX0@Z
?DuplicateTokenEx@CDownlevelAdvapi32l111@@QAGHPAXKPAU_SECURITY_ATTRIBUTES@@W4_SECURITY_IMPERSONATION_LEVEL@@W4_TOKEN_TYPE@@PAPAX@Z
?EqualSid@CDownlevelAdvapi32l111@@QAGHPAX0@Z
?EventActivityIdControl@CDownlevelAdvapi32l111@@QAGKKPAU_GUID@@@Z
?EventRegister@CDownlevelAdvapi32l111@@QAGKPBU_GUID@@P6GX0KE_K1PAU_EVENT_FILTER_DESCRIPTOR@@PAX@Z3PA_K@Z
?EventUnregister@CDownlevelAdvapi32l111@@QAGK_K@Z
?EventWriteTransfer@CDownlevelAdvapi32l111@@QAGK_KPBU_EVENT_DESCRIPTOR@@PBU_GUID@@2KPAU_EVENT_DATA_DESCRIPTOR@@@Z
?FreeSid@CDownlevelAdvapi32l111@@QAGPAXPAX@Z
?GetAclInformation@CDownlevelAdvapi32l111@@QAGHPAU_ACL@@PAXKW4_ACL_INFORMATION_CLASS@@@Z
?GetLengthSid@CDownlevelAdvapi32l111@@QAGKPAX@Z
?GetSecurityDescriptorControl@CDownlevelAdvapi32l111@@QAGHPAXPAGPAK@Z
?GetSecurityDescriptorDacl@CDownlevelAdvapi32l111@@QAGHPAXPAHPAPAU_ACL@@1@Z
?GetSecurityDescriptorGroup@CDownlevelAdvapi32l111@@QAGHPAXPAPAXPAH@Z
?GetSecurityDescriptorOwner@CDownlevelAdvapi32l111@@QAGHPAXPAPAXPAH@Z
?GetSecurityDescriptorSacl@CDownlevelAdvapi32l111@@QAGHPAXPAHPAPAU_ACL@@1@Z
?GetSidLengthRequired@CDownlevelAdvapi32l111@@QAGKE@Z
?GetSidSubAuthority@CDownlevelAdvapi32l111@@QAGPAKPAXK@Z
?GetTokenInformation@CDownlevelAdvapi32l111@@QAGHPAXW4_TOKEN_INFORMATION_CLASS@@0KPAK@Z
?GetTraceEnableFlags@CDownlevelAdvapi32l111@@QAGK_K@Z
?GetTraceEnableLevel@CDownlevelAdvapi32l111@@QAGE_K@Z
?GetTraceLoggerHandle@CDownlevelAdvapi32l111@@QAG_KPAX@Z
?InitializeAcl@CDownlevelAdvapi32l111@@QAGHPAU_ACL@@KK@Z
?InitializeSecurityDescriptor@CDownlevelAdvapi32l111@@QAGHPAXK@Z
?InitializeSid@CDownlevelAdvapi32l111@@QAGHPAXPAU_SID_IDENTIFIER_AUTHORITY@@E@Z
?IsValidSecurityDescriptor@CDownlevelAdvapi32l111@@QAGHPAX@Z
?IsValidSid@CDownlevelAdvapi32l111@@QAGHPAX@Z
?MakeAbsoluteSD@CDownlevelAdvapi32l111@@QAGHPAX0PAKPAU_ACL@@1210101@Z
?OpenProcessToken@CDownlevelAdvapi32l111@@QAGHPAXKPAPAX@Z
?OpenThreadToken@CDownlevelAdvapi32l111@@QAGHPAXKHPAPAX@Z
?RegCloseKey@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@@Z
?RegCreateKeyExW@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@PB_WKPA_WKKQAU_SECURITY_ATTRIBUTES@@PAPAU2@PAK@Z
?RegDeleteKeyExW@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@PB_WKK@Z
?RegDeleteTreeW@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@PB_W@Z
?RegEnumKeyExW@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@KPA_WPAK212PAU_FILETIME@@@Z
?RegEnumValueW@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@KPA_WPAK22PAE2@Z
?RegFlushKey@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@@Z
?RegGetValueW@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@PB_W1KPAKPAX2@Z
?RegLoadKeyW@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@PB_W1@Z
?RegOpenKeyExW@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@PB_WKKPAPAU2@@Z
?RegQueryInfoKeyW@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@PA_WPAK22222222PAU_FILETIME@@@Z
?RegQueryValueExW@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@PB_WPAK2PAE2@Z
?RegSetValueExW@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@PB_WKKPBEK@Z
?RegUnLoadKeyW@CDownlevelAdvapi32l111@@QAGJPAUHKEY__@@PB_W@Z
?RegisterTraceGuidsW@CDownlevelAdvapi32l111@@QAGKP6GKW4WMIDPREQUESTCODE@@PAXPAK1@Z1PBU_GUID@@KPAU_TRACE_GUID_REGISTRATION@@PB_W6PA_K@Z
?SetSecurityDescriptorDacl@CDownlevelAdvapi32l111@@QAGHPAXHPAU_ACL@@H@Z
?SetSecurityDescriptorGroup@CDownlevelAdvapi32l111@@QAGHPAX0H@Z
?SetSecurityDescriptorOwner@CDownlevelAdvapi32l111@@QAGHPAX0H@Z
?SetThreadToken@CDownlevelAdvapi32l111@@QAGHPAPAXPAX@Z
?TraceEvent@CDownlevelAdvapi32l111@@QAGK_KPAU_EVENT_TRACE_HEADER@@@Z
?UnregisterTraceGuids@CDownlevelAdvapi32l111@@QAGK_K@Z
AddAccessAllowedAce
AddAce
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
CopySid
DuplicateTokenEx
EqualSid
EventActivityIdControl
EventRegister
EventUnregister
EventWriteTransfer
FreeSid
GetAclInformation
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSidLengthRequired
GetSidSubAuthority
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsValidSecurityDescriptor
IsValidSid
MakeAbsoluteSD
OpenProcessToken
OpenThreadToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteTreeW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegGetValueW
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegUnLoadKeyW
RegisterTraceGuidsW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetThreadToken
TraceEvent
UnregisterTraceGuids

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-advapi32-l4-1-0.dll
.dll windows:6 windows x86 arch:x86

e0efcb6210a2d25cffe0d866e0998592

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

LookupPrivilegeValueW
InitiateSystemShutdownExW

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
LCMapStringW
GetProcessHeap
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
DecodePointer

Exports

Exports

??4CDownlevelAdvapi32L410@@QAEAAV0@$$QAV0@@Z
??4CDownlevelAdvapi32L410@@QAEAAV0@ABV0@@Z
?InitiateSystemShutdownExW@CDownlevelAdvapi32L410@@QAGHPA_W0KHHK@Z
?LookupPrivilegeValueW@CDownlevelAdvapi32L410@@QAGHPB_W0PAU_LUID@@@Z
InitiateSystemShutdownExW
LookupPrivilegeValueW

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-kernel32-l1-1-0.dll
.dll windows:6 windows x86 arch:x86

d446f0b2eb73645d6aeaa9714341eedb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CompareStringW
CopyFileExW
CreateDirectoryW
CreateFileMappingW
CreateFileW
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FindResourceExW
FormatMessageW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeW
GetFileAttributesW
GetFileInformationByHandle
GetFileType
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTempFileNameW
GetTickCount
GetVersionExW
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
IsWow64Process
LeaveCriticalSection
LoadLibraryExW
LoadResource
LockResource
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadFile
SearchPathW
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetLastError
SetThreadUILanguage
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
CreateEventW
CreateFileA
CreateMutexA
CreateMutexW
CreateProcessW
DebugBreak
DeleteFileA
DeleteFileW
DisableThreadLibraryCalls
DuplicateHandle
ExitProcess
ExpandEnvironmentStringsA
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentThread
GetEnvironmentStringsW
GetExitCodeProcess
GetFileSize
GetFileSizeEx
GetLocalTime
GetModuleFileNameA
GetNativeSystemInfo
GetSystemDirectoryW
GetTempPathW
GetThreadLocale
GetVersion
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetWindowsDirectoryW
IsDebuggerPresent
LoadLibraryExA
MoveFileExW
ReleaseMutex
SetThreadLocale
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualQuery
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetLocaleInfoW
GetNumberFormatW
GetTimeFormatW
GetModuleHandleA
AcquireSRWLockExclusive
GetFinalPathNameByHandleW
GetOverlappedResult
GetVolumePathNamesForVolumeNameW
ReleaseSRWLockExclusive
RemoveDirectoryW
VirtualProtect
CreateSemaphoreExW
CreateThread
GetSystemFirmwareTable
InitializeCriticalSectionEx
ReleaseSemaphore
VirtualAlloc
VirtualFree
WaitForMultipleObjectsEx
DeleteVolumeMountPointW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetFileTime
GetLogicalDrives
GetVolumeInformationW
LockFileEx
QueryDosDeviceW
SetEndOfFile
SetFilePointerEx
UnlockFileEx
VerSetConditionMask
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
LCMapStringW
GetStringTypeW
SetStdHandle
GetConsoleCP
DecodePointer

Exports

Exports

??4CDownlevelKernel32L1@@QAEAAV0@$$QAV0@@Z
??4CDownlevelKernel32L1@@QAEAAV0@ABV0@@Z
?AcquireSRWLockExclusive@CDownlevelKernel32L1@@QAGXPAU_RTL_SRWLOCK@@@Z
?CloseHandle@CDownlevelKernel32L1@@QAGHPAX@Z
?CompareStringW@CDownlevelKernel32L1@@QAGHKKPB_WH0H@Z
?CopyFileExW@CDownlevelKernel32L1@@QAGHPB_W0P6GKT_LARGE_INTEGER@@111KKPAX22@Z2PAHK@Z
?CreateDirectoryW@CDownlevelKernel32L1@@QAGHPB_WPAU_SECURITY_ATTRIBUTES@@@Z
?CreateEventW@CDownlevelKernel32L1@@QAGPAXPAU_SECURITY_ATTRIBUTES@@HHPB_W@Z
?CreateFileA@CDownlevelKernel32L1@@QAGPAXPBDKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z
?CreateFileMappingW@CDownlevelKernel32L1@@QAGPAXPAXPAU_SECURITY_ATTRIBUTES@@KKKPB_W@Z
?CreateFileW@CDownlevelKernel32L1@@QAGPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z
?CreateMutexA@CDownlevelKernel32L1@@QAGPAXPAU_SECURITY_ATTRIBUTES@@HPBD@Z
?CreateMutexW@CDownlevelKernel32L1@@QAGPAXPAU_SECURITY_ATTRIBUTES@@HPB_W@Z
?CreateProcessW@CDownlevelKernel32L1@@QAGHPB_WPA_WPAU_SECURITY_ATTRIBUTES@@2HKPAX0PAU_STARTUPINFOW@@PAU_PROCESS_INFORMATION@@@Z
?CreateSemaphoreExW@CDownlevelKernel32L1@@QAGPAXPAU_SECURITY_ATTRIBUTES@@JJPB_WKK@Z
?CreateThread@CDownlevelKernel32L1@@QAGPAXPAU_SECURITY_ATTRIBUTES@@KP6GKPAX@Z1KPAK@Z
?DebugBreak@CDownlevelKernel32L1@@QAGXXZ
?DeleteCriticalSection@CDownlevelKernel32L1@@QAGXPAU_RTL_CRITICAL_SECTION@@@Z
?DeleteFileA@CDownlevelKernel32L1@@QAGHPBD@Z
?DeleteFileW@CDownlevelKernel32L1@@QAGHPB_W@Z
?DeleteVolumeMountPointW@CDownlevelKernel32L1@@QAGHPB_W@Z
?DeviceIoControl@CDownlevelKernel32L1@@QAGHPAXK0K0KPAKPAU_OVERLAPPED@@@Z
?DisableThreadLibraryCalls@CDownlevelKernel32L1@@QAGHPAUHINSTANCE__@@@Z
?DuplicateHandle@CDownlevelKernel32L1@@QAGHPAX00PAPAXKHK@Z
?EnterCriticalSection@CDownlevelKernel32L1@@QAGXPAU_RTL_CRITICAL_SECTION@@@Z
?ExitProcess@CDownlevelKernel32L1@@QAGXI@Z
?ExpandEnvironmentStringsA@CDownlevelKernel32L1@@QAGKPBDPADK@Z
?ExpandEnvironmentStringsW@CDownlevelKernel32L1@@QAGKPB_WPA_WK@Z
?FileTimeToLocalFileTime@CDownlevelKernel32L1@@QAGHPBU_FILETIME@@PAU2@@Z
?FileTimeToSystemTime@CDownlevelKernel32L1@@QAGHPBU_FILETIME@@PAU_SYSTEMTIME@@@Z
?FindClose@CDownlevelKernel32L1@@QAGHPAX@Z
?FindFirstFileW@CDownlevelKernel32L1@@QAGPAXPB_WPAU_WIN32_FIND_DATAW@@@Z
?FindFirstVolumeW@CDownlevelKernel32L1@@QAGPAXPA_WK@Z
?FindNextFileW@CDownlevelKernel32L1@@QAGHPAXPAU_WIN32_FIND_DATAW@@@Z
?FindNextVolumeW@CDownlevelKernel32L1@@QAGHPAXPA_WK@Z
?FindResourceExW@CDownlevelKernel32L1@@QAGPAUHRSRC__@@PAUHINSTANCE__@@PB_W1G@Z
?FindVolumeClose@CDownlevelKernel32L1@@QAGHPAX@Z
?FlushFileBuffers@CDownlevelKernel32L1@@QAGHPAX@Z
?FormatMessageA@CDownlevelKernel32L1@@QAGKKPBXKKPADKPAPAD@Z
?FormatMessageW@CDownlevelKernel32L1@@QAGKKPBXKKPA_WKPAPAD@Z
?FreeEnvironmentStringsW@CDownlevelKernel32L1@@QAGHPA_W@Z
?FreeLibrary@CDownlevelKernel32L1@@QAGHPAUHINSTANCE__@@@Z
?GetCommandLineW@CDownlevelKernel32L1@@QAGPA_WXZ
?GetConsoleMode@CDownlevelKernel32L1@@QAGHPAXPAK@Z
?GetCurrentDirectoryW@CDownlevelKernel32L1@@QAGKKPA_W@Z
?GetCurrentProcess@CDownlevelKernel32L1@@QAGPAXXZ
?GetCurrentProcessId@CDownlevelKernel32L1@@QAGKXZ
?GetCurrentThread@CDownlevelKernel32L1@@QAGPAXXZ
?GetCurrentThreadId@CDownlevelKernel32L1@@QAGKXZ
?GetDateFormatW@CDownlevelKernel32L1@@QAGHKKPBU_SYSTEMTIME@@PB_WPA_WH@Z
?GetDiskFreeSpaceExW@CDownlevelKernel32L1@@QAGHPB_WPAT_ULARGE_INTEGER@@11@Z
?GetDiskFreeSpaceW@CDownlevelKernel32L1@@QAGHPB_WPAK111@Z
?GetDriveTypeW@CDownlevelKernel32L1@@QAGIPB_W@Z
?GetEnvironmentStringsW@CDownlevelKernel32L1@@QAGPA_WXZ
?GetExitCodeProcess@CDownlevelKernel32L1@@QAGHPAXPAK@Z
?GetFileAttributesW@CDownlevelKernel32L1@@QAGKPB_W@Z
?GetFileInformationByHandle@CDownlevelKernel32L1@@QAGHPAXPAU_BY_HANDLE_FILE_INFORMATION@@@Z
?GetFileSize@CDownlevelKernel32L1@@QAGKPAXPAK@Z
?GetFileSizeEx@CDownlevelKernel32L1@@QAGHPAXPAT_LARGE_INTEGER@@@Z
?GetFileTime@CDownlevelKernel32L1@@QAGHPAXPAU_FILETIME@@11@Z
?GetFileType@CDownlevelKernel32L1@@QAGKPAX@Z
?GetFinalPathNameByHandleW@CDownlevelKernel32L1@@QAGKPAXPA_WKK@Z
?GetFullPathNameW@CDownlevelKernel32L1@@QAGKPB_WKPA_WPAPA_W@Z
?GetLastError@CDownlevelKernel32L1@@QAGKXZ
?GetLocalTime@CDownlevelKernel32L1@@QAGXPAU_SYSTEMTIME@@@Z
?GetLocaleInfoW@CDownlevelKernel32L1@@QAGHKKPA_WH@Z
?GetLogicalDrives@CDownlevelKernel32L1@@QAGKXZ
?GetModuleFileNameA@CDownlevelKernel32L1@@QAGKPAUHINSTANCE__@@PADK@Z
?GetModuleFileNameW@CDownlevelKernel32L1@@QAGKPAUHINSTANCE__@@PA_WK@Z
?GetModuleHandleA@CDownlevelKernel32L1@@QAGPAUHINSTANCE__@@PBD@Z
?GetModuleHandleExW@CDownlevelKernel32L1@@QAGHKPB_WPAPAUHINSTANCE__@@@Z
?GetModuleHandleW@CDownlevelKernel32L1@@QAGPAUHINSTANCE__@@PB_W@Z
?GetNativeSystemInfo@CDownlevelKernel32L1@@QAGXPAU_SYSTEM_INFO@@@Z
?GetNumberFormatW@CDownlevelKernel32L1@@QAGHKKPB_WPBU_numberfmtW@@PA_WH@Z
?GetOverlappedResult@CDownlevelKernel32L1@@QAGHPAXPAU_OVERLAPPED@@PAKH@Z
?GetProcAddress@CDownlevelKernel32L1@@QAGP6GHXZPAUHINSTANCE__@@PBD@Z
?GetProcessHeap@CDownlevelKernel32L1@@QAGPAXXZ
?GetStdHandle@CDownlevelKernel32L1@@QAGPAXK@Z
?GetSystemDirectoryW@CDownlevelKernel32L1@@QAGIPA_WI@Z
?GetSystemFirmwareTable@CDownlevelKernel32L1@@QAGIKKPAXK@Z
?GetSystemInfo@CDownlevelKernel32L1@@QAGXPAU_SYSTEM_INFO@@@Z
?GetSystemTimeAsFileTime@CDownlevelKernel32L1@@QAGXPAU_FILETIME@@@Z
?GetSystemWindowsDirectoryW@CDownlevelKernel32L1@@QAGIPA_WI@Z
?GetTempFileNameW@CDownlevelKernel32L1@@QAGIPB_W0IPA_W@Z
?GetTempPathW@CDownlevelKernel32L1@@QAGKKPA_W@Z
?GetThreadLocale@CDownlevelKernel32L1@@QAGKXZ
?GetTickCount@CDownlevelKernel32L1@@QAGKXZ
?GetTimeFormatW@CDownlevelKernel32L1@@QAGHKKPBU_SYSTEMTIME@@PB_WPA_WH@Z
?GetVersion@CDownlevelKernel32L1@@QAGKXZ
?GetVersionExW@CDownlevelKernel32L1@@QAGHPAU_OSVERSIONINFOW@@@Z
?GetVolumeInformationW@CDownlevelKernel32L1@@QAGHPB_WPA_WKPAK221K@Z
?GetVolumeNameForVolumeMountPointW@CDownlevelKernel32L1@@QAGHPB_WPA_WK@Z
?GetVolumePathNameW@CDownlevelKernel32L1@@QAGHPB_WPA_WK@Z
?GetVolumePathNamesForVolumeNameW@CDownlevelKernel32L1@@QAGHPB_WPA_WKPAK@Z
?GetWindowsDirectoryW@CDownlevelKernel32L1@@QAGIPA_WI@Z
?HeapAlloc@CDownlevelKernel32L1@@QAGPAXPAXKK@Z
?HeapDestroy@CDownlevelKernel32L1@@QAGHPAX@Z
?HeapFree@CDownlevelKernel32L1@@QAGHPAXK0@Z
?HeapReAlloc@CDownlevelKernel32L1@@QAGPAXPAXK0K@Z
?HeapSize@CDownlevelKernel32L1@@QAGKPAXKPBX@Z
?InitializeCriticalSection@CDownlevelKernel32L1@@QAGXPAU_RTL_CRITICAL_SECTION@@@Z
?InitializeCriticalSectionEx@CDownlevelKernel32L1@@QAGHPAU_RTL_CRITICAL_SECTION@@KK@Z
?IsDebuggerPresent@CDownlevelKernel32L1@@QAGHXZ
?IsWow64Process@CDownlevelKernel32L1@@QAGHPAXPAH@Z
?LeaveCriticalSection@CDownlevelKernel32L1@@QAGXPAU_RTL_CRITICAL_SECTION@@@Z
?LoadLibraryExA@CDownlevelKernel32L1@@QAGPAUHINSTANCE__@@PBDPAXK@Z
?LoadLibraryExW@CDownlevelKernel32L1@@QAGPAUHINSTANCE__@@PB_WPAXK@Z
?LoadResource@CDownlevelKernel32L1@@QAGPAXPAUHINSTANCE__@@PAUHRSRC__@@@Z
?LockFileEx@CDownlevelKernel32L1@@QAGHPAXKKKKPAU_OVERLAPPED@@@Z
?LockResource@CDownlevelKernel32L1@@QAGPAXPAX@Z
?MapViewOfFile@CDownlevelKernel32L1@@QAGPAXPAXKKKK@Z
?MoveFileExW@CDownlevelKernel32L1@@QAGHPB_W0K@Z
?MultiByteToWideChar@CDownlevelKernel32L1@@QAGHIKPBDHPA_WH@Z
?OutputDebugStringA@CDownlevelKernel32L1@@QAGXPBD@Z
?OutputDebugStringW@CDownlevelKernel32L1@@QAGXPB_W@Z
?QueryDosDeviceW@CDownlevelKernel32L1@@QAGKPB_WPA_WK@Z
?QueryPerformanceCounter@CDownlevelKernel32L1@@QAGHPAT_LARGE_INTEGER@@@Z
?RaiseException@CDownlevelKernel32L1@@QAGXKKKPBK@Z
?ReadFile@CDownlevelKernel32L1@@QAGHPAX0KPAKPAU_OVERLAPPED@@@Z
?ReleaseMutex@CDownlevelKernel32L1@@QAGHPAX@Z
?ReleaseSRWLockExclusive@CDownlevelKernel32L1@@QAGXPAU_RTL_SRWLOCK@@@Z
?ReleaseSemaphore@CDownlevelKernel32L1@@QAGHPAXJPAJ@Z
?RemoveDirectoryW@CDownlevelKernel32L1@@QAGHPB_W@Z
?SearchPathW@CDownlevelKernel32L1@@QAGKPB_W00KPA_WPAPA_W@Z
?SetConsoleCtrlHandler@CDownlevelKernel32L1@@QAGHP6GHK@ZH@Z
?SetEndOfFile@CDownlevelKernel32L1@@QAGHPAX@Z
?SetErrorMode@CDownlevelKernel32L1@@QAGII@Z
?SetEvent@CDownlevelKernel32L1@@QAGHPAX@Z
?SetFileAttributesW@CDownlevelKernel32L1@@QAGHPB_WK@Z
?SetFilePointer@CDownlevelKernel32L1@@QAGKPAXJPAJK@Z
?SetFilePointerEx@CDownlevelKernel32L1@@QAGHPAXT_LARGE_INTEGER@@PAT2@K@Z
?SetLastError@CDownlevelKernel32L1@@QAGXK@Z
?SetThreadLocale@CDownlevelKernel32L1@@QAGHK@Z
?SetThreadUILanguage@CDownlevelKernel32L1@@QAGGG@Z
?SetUnhandledExceptionFilter@CDownlevelKernel32L1@@QAGP6GJPAU_EXCEPTION_POINTERS@@@ZP6GJ0@Z@Z
?SizeofResource@CDownlevelKernel32L1@@QAGKPAUHINSTANCE__@@PAUHRSRC__@@@Z
?Sleep@CDownlevelKernel32L1@@QAGXK@Z
?TerminateProcess@CDownlevelKernel32L1@@QAGHPAXI@Z
?TlsAlloc@CDownlevelKernel32L1@@QAGKXZ
?TlsFree@CDownlevelKernel32L1@@QAGHK@Z
?TlsGetValue@CDownlevelKernel32L1@@QAGPAXK@Z
?TlsSetValue@CDownlevelKernel32L1@@QAGHKPAX@Z
?UnhandledExceptionFilter@CDownlevelKernel32L1@@QAGJPAU_EXCEPTION_POINTERS@@@Z
?UnlockFileEx@CDownlevelKernel32L1@@QAGHPAXKKKPAU_OVERLAPPED@@@Z
?UnmapViewOfFile@CDownlevelKernel32L1@@QAGHPBX@Z
?VerSetConditionMask@CDownlevelKernel32L1@@QAG_K_KKE@Z
?VirtualAlloc@CDownlevelKernel32L1@@QAGPAXPAXKKK@Z
?VirtualFree@CDownlevelKernel32L1@@QAGHPAXKK@Z
?VirtualProtect@CDownlevelKernel32L1@@QAGHPAXKKPAK@Z
?VirtualQuery@CDownlevelKernel32L1@@QAGKPBXPAU_MEMORY_BASIC_INFORMATION@@K@Z
?WaitForMultipleObjectsEx@CDownlevelKernel32L1@@QAGKKPBQAXHKH@Z
?WaitForSingleObject@CDownlevelKernel32L1@@QAGKPAXK@Z
?WideCharToMultiByte@CDownlevelKernel32L1@@QAGHIKPB_WHPADHPBDPAH@Z
?WriteConsoleW@CDownlevelKernel32L1@@QAGHPAXPBXKPAK0@Z
?WriteFile@CDownlevelKernel32L1@@QAGHPAXPBXKPAKPAU_OVERLAPPED@@@Z
AcquireSRWLockExclusive
CloseHandle
CompareStringW
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateMutexW
CreateProcessW
CreateSemaphoreExW
CreateThread
DebugBreak
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteVolumeMountPointW
DeviceIoControl
DisableThreadLibraryCalls
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindResourceExW
FindVolumeClose
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetNumberFormatW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryW
GetSystemFirmwareTable
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetTickCount
GetTimeFormatW
GetVersion
GetVersionExW
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryW
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionEx
IsDebuggerPresent
IsWow64Process
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadResource
LockFileEx
LockResource
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryDosDeviceW
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSemaphore
RemoveDirectoryW
SearchPathW
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetLastError
SetThreadLocale
SetThreadUILanguage
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFileEx
UnmapViewOfFile
VerSetConditionMask
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-kernel32-l2-1-0.dll
.dll windows:6 windows x86 arch:x86

1db5bae716c46cadaef9038108c4598f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
LocalFree
LocalAlloc
GetPrivateProfileSectionW
LoadLibraryW
GetFirmwareEnvironmentVariableW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
LCMapStringW
GetProcessHeap
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
DecodePointer

Exports

Exports

??4CDownlevelKernel32L2@@QAEAAV0@$$QAV0@@Z
??4CDownlevelKernel32L2@@QAEAAV0@ABV0@@Z
?CreateFileMappingA@CDownlevelKernel32L2@@QAGPAXPAXPAU_SECURITY_ATTRIBUTES@@KKKPBD@Z
?GetFirmwareEnvironmentVariableW@CDownlevelKernel32L2@@QAGKPB_W0PAXK@Z
?GetPrivateProfileSectionW@CDownlevelKernel32L2@@QAGKPB_WPA_WK0@Z
?LoadLibraryW@CDownlevelKernel32L2@@QAGPAUHINSTANCE__@@PB_W@Z
?LocalAlloc@CDownlevelKernel32L2@@QAGPAXIK@Z
?LocalFree@CDownlevelKernel32L2@@QAGPAXPAX@Z
CreateFileMappingA
GetFirmwareEnvironmentVariableW
GetPrivateProfileSectionW
LoadLibraryW
LocalAlloc
LocalFree

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-ole32-l1-1-1.dll
.dll windows:6 windows x86 arch:x86

65a9453e175e89545db3f814fa487163

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoInitializeEx
StringFromGUID2
StringFromCLSID
ProgIDFromCLSID
CoTaskMemFree
CoSetProxyBlanket
CoRevokeClassObject
CoRegisterPSClsid
CoRegisterClassObject
CoCreateGuid
CoUninitialize
CoInitializeSecurity
CoCreateInstance

oleaut32

SetErrorInfo
CreateErrorInfo
GetErrorInfo

kernel32

RaiseException
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
DecodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
LCMapStringW

Exports

Exports

??4CDownlevelOle32l111@@QAEAAV0@$$QAV0@@Z
??4CDownlevelOle32l111@@QAEAAV0@ABV0@@Z
?CoCreateGuid@CDownlevelOle32l111@@QAGJPAU_GUID@@@Z
?CoCreateInstance@CDownlevelOle32l111@@QAGJABU_GUID@@PAUIUnknown@@K0PAPAX@Z
?CoInitializeEx@CDownlevelOle32l111@@QAGJPAXK@Z
?CoInitializeSecurity@CDownlevelOle32l111@@QAGJPAXJPAUtagSOLE_AUTHENTICATION_SERVICE@@0KK0K0@Z
?CoRegisterClassObject@CDownlevelOle32l111@@QAGJABU_GUID@@PAUIUnknown@@KKPAK@Z
?CoRegisterPSClsid@CDownlevelOle32l111@@QAGJABU_GUID@@0@Z
?CoRevokeClassObject@CDownlevelOle32l111@@QAGJK@Z
?CoSetProxyBlanket@CDownlevelOle32l111@@QAGJPAUIUnknown@@KKPA_WKKPAXK@Z
?CoTaskMemFree@CDownlevelOle32l111@@QAGXPAX@Z
?CoUninitialize@CDownlevelOle32l111@@QAGXXZ
?CreateErrorInfo@CDownlevelOle32l111@@QAGJPAPAUICreateErrorInfo@@@Z
?GetErrorInfo@CDownlevelOle32l111@@QAGJKPAPAUIErrorInfo@@@Z
?ProgIDFromCLSID@CDownlevelOle32l111@@QAGJABU_GUID@@PAPA_W@Z
?SetErrorInfo@CDownlevelOle32l111@@QAGJKPAUIErrorInfo@@@Z
?StringFromCLSID@CDownlevelOle32l111@@QAGJABU_GUID@@PAPA_W@Z
?StringFromGUID2@CDownlevelOle32l111@@QAGHABU_GUID@@PA_WH@Z
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoRegisterClassObject
CoRegisterPSClsid
CoRevokeClassObject
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
CreateErrorInfo
GetErrorInfo
ProgIDFromCLSID
SetErrorInfo
StringFromCLSID
StringFromGUID2

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-user32-l1-1-1.dll
.dll windows:6 windows x86 arch:x86

e6b812900600d4d44096a6b6006a39bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharUpperBuffW
CharUpperW
LoadStringW
CharNextW
CharLowerBuffW

kernel32

HeapFree
WriteConsoleW
CloseHandle
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
DecodePointer
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
LCMapStringW
GetProcessHeap
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx

Exports

Exports

??4CDownlevelUser32l111@@QAEAAV0@$$QAV0@@Z
??4CDownlevelUser32l111@@QAEAAV0@ABV0@@Z
?CharLowerBuffW@CDownlevelUser32l111@@QAGKPA_WK@Z
?CharNextW@CDownlevelUser32l111@@QAGPA_WPB_W@Z
?CharUpperBuffW@CDownlevelUser32l111@@QAGKPA_WK@Z
?CharUpperW@CDownlevelUser32l111@@QAGPA_WPA_W@Z
?LoadStringW@CDownlevelUser32l111@@QAGHPAUHINSTANCE__@@IPA_WH@Z
CharLowerBuffW
CharNextW
CharUpperBuffW
CharUpperW
LoadStringW

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/api-ms-win-downlevel-version-l1-1-0.dll
.dll windows:6 windows x86 arch:x86

89411ff8f3848b51c0a40de9b42b48a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

P:\[REC]\nKode\Public\windee\[TempBin.x86]\Tools\ApiWrappers\api-ms-win-downlevel-version-l1-1-0.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

kernel32

FindClose
WriteConsoleW
CloseHandle
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
DecodePointer
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
LCMapStringW
GetProcessHeap
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx

Exports

Exports

??4CDownlevelVersionl110@@QAEAAV0@$$QAV0@@Z
??4CDownlevelVersionl110@@QAEAAV0@ABV0@@Z
?GetFileVersionInfoExW@CDownlevelVersionl110@@QAGHKPB_WKKPAX@Z
?GetFileVersionInfoSizeExW@CDownlevelVersionl110@@QAGKKPB_WPAK@Z
?VerQueryValueW@CDownlevelVersionl110@@QAGHPBXPB_WPAPAXPAI@Z
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-advapi32-l1-1-1.dll
.dll windows:6 windows x64 arch:x64

7b573d5f0ad9cd565f3c3375d22a1bfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

AddAce
AdjustTokenPrivileges
CopySid
GetAclInformation
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSidLengthRequired
GetSidSubAuthority
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsValidSecurityDescriptor
IsValidSid
MakeAbsoluteSD
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegisterTraceGuidsW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
TraceEvent
UnregisterTraceGuids
AddAccessAllowedAce
AllocateAndInitializeSid
CheckTokenMembership
EqualSid
FreeSid
GetTokenInformation
OpenThreadToken
RegQueryInfoKeyW
EventWriteTransfer
EventActivityIdControl
EventUnregister
EventRegister
DuplicateTokenEx
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteTreeW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegGetValueW
RegLoadKeyW
RegQueryValueExW
RegSetValueExW
RegUnLoadKeyW
SetThreadToken

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle

Exports

Exports

??4CDownlevelAdvapi32l111@@QEAAAEAV0@$$QEAV0@@Z
??4CDownlevelAdvapi32l111@@QEAAAEAV0@AEBV0@@Z
?AddAccessAllowedAce@CDownlevelAdvapi32l111@@QEAAHPEAU_ACL@@KKPEAX@Z
?AddAce@CDownlevelAdvapi32l111@@QEAAHPEAU_ACL@@KKPEAXK@Z
?AdjustTokenPrivileges@CDownlevelAdvapi32l111@@QEAAHPEAXHPEAU_TOKEN_PRIVILEGES@@K1PEAK@Z
?AllocateAndInitializeSid@CDownlevelAdvapi32l111@@QEAAHPEAU_SID_IDENTIFIER_AUTHORITY@@EKKKKKKKKPEAPEAX@Z
?CheckTokenMembership@CDownlevelAdvapi32l111@@QEAAHPEAX0PEAH@Z
?CopySid@CDownlevelAdvapi32l111@@QEAAHKPEAX0@Z
?DuplicateTokenEx@CDownlevelAdvapi32l111@@QEAAHPEAXKPEAU_SECURITY_ATTRIBUTES@@W4_SECURITY_IMPERSONATION_LEVEL@@W4_TOKEN_TYPE@@PEAPEAX@Z
?EqualSid@CDownlevelAdvapi32l111@@QEAAHPEAX0@Z
?EventActivityIdControl@CDownlevelAdvapi32l111@@QEAAKKPEAU_GUID@@@Z
?EventRegister@CDownlevelAdvapi32l111@@QEAAKPEBU_GUID@@P6AX0KE_K1PEAU_EVENT_FILTER_DESCRIPTOR@@PEAX@Z3PEA_K@Z
?EventUnregister@CDownlevelAdvapi32l111@@QEAAK_K@Z
?EventWriteTransfer@CDownlevelAdvapi32l111@@QEAAK_KPEBU_EVENT_DESCRIPTOR@@PEBU_GUID@@2KPEAU_EVENT_DATA_DESCRIPTOR@@@Z
?FreeSid@CDownlevelAdvapi32l111@@QEAAPEAXPEAX@Z
?GetAclInformation@CDownlevelAdvapi32l111@@QEAAHPEAU_ACL@@PEAXKW4_ACL_INFORMATION_CLASS@@@Z
?GetLengthSid@CDownlevelAdvapi32l111@@QEAAKPEAX@Z
?GetSecurityDescriptorControl@CDownlevelAdvapi32l111@@QEAAHPEAXPEAGPEAK@Z
?GetSecurityDescriptorDacl@CDownlevelAdvapi32l111@@QEAAHPEAXPEAHPEAPEAU_ACL@@1@Z
?GetSecurityDescriptorGroup@CDownlevelAdvapi32l111@@QEAAHPEAXPEAPEAXPEAH@Z
?GetSecurityDescriptorOwner@CDownlevelAdvapi32l111@@QEAAHPEAXPEAPEAXPEAH@Z
?GetSecurityDescriptorSacl@CDownlevelAdvapi32l111@@QEAAHPEAXPEAHPEAPEAU_ACL@@1@Z
?GetSidLengthRequired@CDownlevelAdvapi32l111@@QEAAKE@Z
?GetSidSubAuthority@CDownlevelAdvapi32l111@@QEAAPEAKPEAXK@Z
?GetTokenInformation@CDownlevelAdvapi32l111@@QEAAHPEAXW4_TOKEN_INFORMATION_CLASS@@0KPEAK@Z
?GetTraceEnableFlags@CDownlevelAdvapi32l111@@QEAAK_K@Z
?GetTraceEnableLevel@CDownlevelAdvapi32l111@@QEAAE_K@Z
?GetTraceLoggerHandle@CDownlevelAdvapi32l111@@QEAA_KPEAX@Z
?InitializeAcl@CDownlevelAdvapi32l111@@QEAAHPEAU_ACL@@KK@Z
?InitializeSecurityDescriptor@CDownlevelAdvapi32l111@@QEAAHPEAXK@Z
?InitializeSid@CDownlevelAdvapi32l111@@QEAAHPEAXPEAU_SID_IDENTIFIER_AUTHORITY@@E@Z
?IsValidSecurityDescriptor@CDownlevelAdvapi32l111@@QEAAHPEAX@Z
?IsValidSid@CDownlevelAdvapi32l111@@QEAAHPEAX@Z
?MakeAbsoluteSD@CDownlevelAdvapi32l111@@QEAAHPEAX0PEAKPEAU_ACL@@1210101@Z
?OpenProcessToken@CDownlevelAdvapi32l111@@QEAAHPEAXKPEAPEAX@Z
?OpenThreadToken@CDownlevelAdvapi32l111@@QEAAHPEAXKHPEAPEAX@Z
?RegCloseKey@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@@Z
?RegCreateKeyExW@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@PEB_WKPEA_WKKQEAU_SECURITY_ATTRIBUTES@@PEAPEAU2@PEAK@Z
?RegDeleteKeyExW@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@PEB_WKK@Z
?RegDeleteTreeW@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@PEB_W@Z
?RegEnumKeyExW@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@KPEA_WPEAK212PEAU_FILETIME@@@Z
?RegEnumValueW@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@KPEA_WPEAK22PEAE2@Z
?RegFlushKey@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@@Z
?RegGetValueW@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@PEB_W1KPEAKPEAX2@Z
?RegLoadKeyW@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@PEB_W1@Z
?RegOpenKeyExW@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@PEB_WKKPEAPEAU2@@Z
?RegQueryInfoKeyW@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@PEA_WPEAK22222222PEAU_FILETIME@@@Z
?RegQueryValueExW@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@PEB_WPEAK2PEAE2@Z
?RegSetValueExW@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@PEB_WKKPEBEK@Z
?RegUnLoadKeyW@CDownlevelAdvapi32l111@@QEAAJPEAUHKEY__@@PEB_W@Z
?RegisterTraceGuidsW@CDownlevelAdvapi32l111@@QEAAKP6AKW4WMIDPREQUESTCODE@@PEAXPEAK1@Z1PEBU_GUID@@KPEAU_TRACE_GUID_REGISTRATION@@PEB_W6PEA_K@Z
?SetSecurityDescriptorDacl@CDownlevelAdvapi32l111@@QEAAHPEAXHPEAU_ACL@@H@Z
?SetSecurityDescriptorGroup@CDownlevelAdvapi32l111@@QEAAHPEAX0H@Z
?SetSecurityDescriptorOwner@CDownlevelAdvapi32l111@@QEAAHPEAX0H@Z
?SetThreadToken@CDownlevelAdvapi32l111@@QEAAHPEAPEAXPEAX@Z
?TraceEvent@CDownlevelAdvapi32l111@@QEAAK_KPEAU_EVENT_TRACE_HEADER@@@Z
?UnregisterTraceGuids@CDownlevelAdvapi32l111@@QEAAK_K@Z
AddAccessAllowedAce
AddAce
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
CopySid
DuplicateTokenEx
EqualSid
EventActivityIdControl
EventRegister
EventUnregister
EventWriteTransfer
FreeSid
GetAclInformation
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSidLengthRequired
GetSidSubAuthority
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsValidSecurityDescriptor
IsValidSid
MakeAbsoluteSD
OpenProcessToken
OpenThreadToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteTreeW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegGetValueW
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegUnLoadKeyW
RegisterTraceGuidsW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetThreadToken
TraceEvent
UnregisterTraceGuids

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-advapi32-l4-1-0.dll
.dll windows:6 windows x64 arch:x64

eca31c35f5ad2fec01cef45a246e0517

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

LookupPrivilegeValueW
InitiateSystemShutdownExW

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle

Exports

Exports

??4CDownlevelAdvapi32L410@@QEAAAEAV0@$$QEAV0@@Z
??4CDownlevelAdvapi32L410@@QEAAAEAV0@AEBV0@@Z
?InitiateSystemShutdownExW@CDownlevelAdvapi32L410@@QEAAHPEA_W0KHHK@Z
?LookupPrivilegeValueW@CDownlevelAdvapi32L410@@QEAAHPEB_W0PEAU_LUID@@@Z
InitiateSystemShutdownExW
LookupPrivilegeValueW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-kernel32-l1-1-0.dll
.dll windows:6 windows x64 arch:x64

85d5a139611c43493b9042db1e63d14e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CompareStringW
CopyFileExW
CreateDirectoryW
CreateFileMappingW
CreateFileW
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FindResourceExW
FormatMessageW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeW
GetFileAttributesW
GetFileInformationByHandle
GetFileType
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTempFileNameW
GetTickCount
GetVersionExW
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
IsWow64Process
LeaveCriticalSection
LoadLibraryExW
LoadResource
LockResource
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadFile
SearchPathW
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetLastError
SetThreadUILanguage
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
UnhandledExceptionFilter
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
CreateEventW
CreateFileA
CreateMutexA
CreateMutexW
CreateProcessW
DebugBreak
DeleteFileA
DeleteFileW
DisableThreadLibraryCalls
DuplicateHandle
ExitProcess
ExpandEnvironmentStringsA
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentThread
GetEnvironmentStringsW
GetExitCodeProcess
GetFileSize
GetFileSizeEx
GetLocalTime
GetModuleFileNameA
GetNativeSystemInfo
GetSystemDirectoryW
GetTempPathW
GetThreadLocale
GetVersion
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetWindowsDirectoryW
IsDebuggerPresent
LoadLibraryExA
MoveFileExW
ReleaseMutex
SetThreadLocale
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualQuery
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetLocaleInfoW
GetNumberFormatW
GetTimeFormatW
GetModuleHandleA
AcquireSRWLockExclusive
GetFinalPathNameByHandleW
GetOverlappedResult
GetVolumePathNamesForVolumeNameW
ReleaseSRWLockExclusive
RemoveDirectoryW
VirtualProtect
CreateSemaphoreExW
CreateThread
GetSystemFirmwareTable
InitializeCriticalSectionEx
ReleaseSemaphore
VirtualAlloc
VirtualFree
WaitForMultipleObjectsEx
DeleteVolumeMountPointW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetFileTime
GetLogicalDrives
GetVolumeInformationW
LockFileEx
QueryDosDeviceW
SetEndOfFile
SetFilePointerEx
UnlockFileEx
VerSetConditionMask
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
LCMapStringW
GetStringTypeW
SetStdHandle
GetConsoleCP

Exports

Exports

??4CDownlevelKernel32L1@@QEAAAEAV0@$$QEAV0@@Z
??4CDownlevelKernel32L1@@QEAAAEAV0@AEBV0@@Z
?AcquireSRWLockExclusive@CDownlevelKernel32L1@@QEAAXPEAU_RTL_SRWLOCK@@@Z
?CloseHandle@CDownlevelKernel32L1@@QEAAHPEAX@Z
?CompareStringW@CDownlevelKernel32L1@@QEAAHKKPEB_WH0H@Z
?CopyFileExW@CDownlevelKernel32L1@@QEAAHPEB_W0P6AKT_LARGE_INTEGER@@111KKPEAX22@Z2PEAHK@Z
?CreateDirectoryW@CDownlevelKernel32L1@@QEAAHPEB_WPEAU_SECURITY_ATTRIBUTES@@@Z
?CreateEventW@CDownlevelKernel32L1@@QEAAPEAXPEAU_SECURITY_ATTRIBUTES@@HHPEB_W@Z
?CreateFileA@CDownlevelKernel32L1@@QEAAPEAXPEBDKKPEAU_SECURITY_ATTRIBUTES@@KKPEAX@Z
?CreateFileMappingW@CDownlevelKernel32L1@@QEAAPEAXPEAXPEAU_SECURITY_ATTRIBUTES@@KKKPEB_W@Z
?CreateFileW@CDownlevelKernel32L1@@QEAAPEAXPEB_WKKPEAU_SECURITY_ATTRIBUTES@@KKPEAX@Z
?CreateMutexA@CDownlevelKernel32L1@@QEAAPEAXPEAU_SECURITY_ATTRIBUTES@@HPEBD@Z
?CreateMutexW@CDownlevelKernel32L1@@QEAAPEAXPEAU_SECURITY_ATTRIBUTES@@HPEB_W@Z
?CreateProcessW@CDownlevelKernel32L1@@QEAAHPEB_WPEA_WPEAU_SECURITY_ATTRIBUTES@@2HKPEAX0PEAU_STARTUPINFOW@@PEAU_PROCESS_INFORMATION@@@Z
?CreateSemaphoreExW@CDownlevelKernel32L1@@QEAAPEAXPEAU_SECURITY_ATTRIBUTES@@JJPEB_WKK@Z
?CreateThread@CDownlevelKernel32L1@@QEAAPEAXPEAU_SECURITY_ATTRIBUTES@@_KP6AKPEAX@Z2KPEAK@Z
?DebugBreak@CDownlevelKernel32L1@@QEAAXXZ
?DeleteCriticalSection@CDownlevelKernel32L1@@QEAAXPEAU_RTL_CRITICAL_SECTION@@@Z
?DeleteFileA@CDownlevelKernel32L1@@QEAAHPEBD@Z
?DeleteFileW@CDownlevelKernel32L1@@QEAAHPEB_W@Z
?DeleteVolumeMountPointW@CDownlevelKernel32L1@@QEAAHPEB_W@Z
?DeviceIoControl@CDownlevelKernel32L1@@QEAAHPEAXK0K0KPEAKPEAU_OVERLAPPED@@@Z
?DisableThreadLibraryCalls@CDownlevelKernel32L1@@QEAAHPEAUHINSTANCE__@@@Z
?DuplicateHandle@CDownlevelKernel32L1@@QEAAHPEAX00PEAPEAXKHK@Z
?EnterCriticalSection@CDownlevelKernel32L1@@QEAAXPEAU_RTL_CRITICAL_SECTION@@@Z
?ExitProcess@CDownlevelKernel32L1@@QEAAXI@Z
?ExpandEnvironmentStringsA@CDownlevelKernel32L1@@QEAAKPEBDPEADK@Z
?ExpandEnvironmentStringsW@CDownlevelKernel32L1@@QEAAKPEB_WPEA_WK@Z
?FileTimeToLocalFileTime@CDownlevelKernel32L1@@QEAAHPEBU_FILETIME@@PEAU2@@Z
?FileTimeToSystemTime@CDownlevelKernel32L1@@QEAAHPEBU_FILETIME@@PEAU_SYSTEMTIME@@@Z
?FindClose@CDownlevelKernel32L1@@QEAAHPEAX@Z
?FindFirstFileW@CDownlevelKernel32L1@@QEAAPEAXPEB_WPEAU_WIN32_FIND_DATAW@@@Z
?FindFirstVolumeW@CDownlevelKernel32L1@@QEAAPEAXPEA_WK@Z
?FindNextFileW@CDownlevelKernel32L1@@QEAAHPEAXPEAU_WIN32_FIND_DATAW@@@Z
?FindNextVolumeW@CDownlevelKernel32L1@@QEAAHPEAXPEA_WK@Z
?FindResourceExW@CDownlevelKernel32L1@@QEAAPEAUHRSRC__@@PEAUHINSTANCE__@@PEB_W1G@Z
?FindVolumeClose@CDownlevelKernel32L1@@QEAAHPEAX@Z
?FlushFileBuffers@CDownlevelKernel32L1@@QEAAHPEAX@Z
?FormatMessageA@CDownlevelKernel32L1@@QEAAKKPEBXKKPEADKPEAPEAD@Z
?FormatMessageW@CDownlevelKernel32L1@@QEAAKKPEBXKKPEA_WKPEAPEAD@Z
?FreeEnvironmentStringsW@CDownlevelKernel32L1@@QEAAHPEA_W@Z
?FreeLibrary@CDownlevelKernel32L1@@QEAAHPEAUHINSTANCE__@@@Z
?GetCommandLineW@CDownlevelKernel32L1@@QEAAPEA_WXZ
?GetConsoleMode@CDownlevelKernel32L1@@QEAAHPEAXPEAK@Z
?GetCurrentDirectoryW@CDownlevelKernel32L1@@QEAAKKPEA_W@Z
?GetCurrentProcess@CDownlevelKernel32L1@@QEAAPEAXXZ
?GetCurrentProcessId@CDownlevelKernel32L1@@QEAAKXZ
?GetCurrentThread@CDownlevelKernel32L1@@QEAAPEAXXZ
?GetCurrentThreadId@CDownlevelKernel32L1@@QEAAKXZ
?GetDateFormatW@CDownlevelKernel32L1@@QEAAHKKPEBU_SYSTEMTIME@@PEB_WPEA_WH@Z
?GetDiskFreeSpaceExW@CDownlevelKernel32L1@@QEAAHPEB_WPEAT_ULARGE_INTEGER@@11@Z
?GetDiskFreeSpaceW@CDownlevelKernel32L1@@QEAAHPEB_WPEAK111@Z
?GetDriveTypeW@CDownlevelKernel32L1@@QEAAIPEB_W@Z
?GetEnvironmentStringsW@CDownlevelKernel32L1@@QEAAPEA_WXZ
?GetExitCodeProcess@CDownlevelKernel32L1@@QEAAHPEAXPEAK@Z
?GetFileAttributesW@CDownlevelKernel32L1@@QEAAKPEB_W@Z
?GetFileInformationByHandle@CDownlevelKernel32L1@@QEAAHPEAXPEAU_BY_HANDLE_FILE_INFORMATION@@@Z
?GetFileSize@CDownlevelKernel32L1@@QEAAKPEAXPEAK@Z
?GetFileSizeEx@CDownlevelKernel32L1@@QEAAHPEAXPEAT_LARGE_INTEGER@@@Z
?GetFileTime@CDownlevelKernel32L1@@QEAAHPEAXPEAU_FILETIME@@11@Z
?GetFileType@CDownlevelKernel32L1@@QEAAKPEAX@Z
?GetFinalPathNameByHandleW@CDownlevelKernel32L1@@QEAAKPEAXPEA_WKK@Z
?GetFullPathNameW@CDownlevelKernel32L1@@QEAAKPEB_WKPEA_WPEAPEA_W@Z
?GetLastError@CDownlevelKernel32L1@@QEAAKXZ
?GetLocalTime@CDownlevelKernel32L1@@QEAAXPEAU_SYSTEMTIME@@@Z
?GetLocaleInfoW@CDownlevelKernel32L1@@QEAAHKKPEA_WH@Z
?GetLogicalDrives@CDownlevelKernel32L1@@QEAAKXZ
?GetModuleFileNameA@CDownlevelKernel32L1@@QEAAKPEAUHINSTANCE__@@PEADK@Z
?GetModuleFileNameW@CDownlevelKernel32L1@@QEAAKPEAUHINSTANCE__@@PEA_WK@Z
?GetModuleHandleA@CDownlevelKernel32L1@@QEAAPEAUHINSTANCE__@@PEBD@Z
?GetModuleHandleExW@CDownlevelKernel32L1@@QEAAHKPEB_WPEAPEAUHINSTANCE__@@@Z
?GetModuleHandleW@CDownlevelKernel32L1@@QEAAPEAUHINSTANCE__@@PEB_W@Z
?GetNativeSystemInfo@CDownlevelKernel32L1@@QEAAXPEAU_SYSTEM_INFO@@@Z
?GetNumberFormatW@CDownlevelKernel32L1@@QEAAHKKPEB_WPEBU_numberfmtW@@PEA_WH@Z
?GetOverlappedResult@CDownlevelKernel32L1@@QEAAHPEAXPEAU_OVERLAPPED@@PEAKH@Z
?GetProcAddress@CDownlevelKernel32L1@@QEAAP6A_JXZPEAUHINSTANCE__@@PEBD@Z
?GetProcessHeap@CDownlevelKernel32L1@@QEAAPEAXXZ
?GetStdHandle@CDownlevelKernel32L1@@QEAAPEAXK@Z
?GetSystemDirectoryW@CDownlevelKernel32L1@@QEAAIPEA_WI@Z
?GetSystemFirmwareTable@CDownlevelKernel32L1@@QEAAIKKPEAXK@Z
?GetSystemInfo@CDownlevelKernel32L1@@QEAAXPEAU_SYSTEM_INFO@@@Z
?GetSystemTimeAsFileTime@CDownlevelKernel32L1@@QEAAXPEAU_FILETIME@@@Z
?GetSystemWindowsDirectoryW@CDownlevelKernel32L1@@QEAAIPEA_WI@Z
?GetTempFileNameW@CDownlevelKernel32L1@@QEAAIPEB_W0IPEA_W@Z
?GetTempPathW@CDownlevelKernel32L1@@QEAAKKPEA_W@Z
?GetThreadLocale@CDownlevelKernel32L1@@QEAAKXZ
?GetTickCount@CDownlevelKernel32L1@@QEAAKXZ
?GetTimeFormatW@CDownlevelKernel32L1@@QEAAHKKPEBU_SYSTEMTIME@@PEB_WPEA_WH@Z
?GetVersion@CDownlevelKernel32L1@@QEAAKXZ
?GetVersionExW@CDownlevelKernel32L1@@QEAAHPEAU_OSVERSIONINFOW@@@Z
?GetVolumeInformationW@CDownlevelKernel32L1@@QEAAHPEB_WPEA_WKPEAK221K@Z
?GetVolumeNameForVolumeMountPointW@CDownlevelKernel32L1@@QEAAHPEB_WPEA_WK@Z
?GetVolumePathNameW@CDownlevelKernel32L1@@QEAAHPEB_WPEA_WK@Z
?GetVolumePathNamesForVolumeNameW@CDownlevelKernel32L1@@QEAAHPEB_WPEA_WKPEAK@Z
?GetWindowsDirectoryW@CDownlevelKernel32L1@@QEAAIPEA_WI@Z
?HeapAlloc@CDownlevelKernel32L1@@QEAAPEAXPEAXK_K@Z
?HeapDestroy@CDownlevelKernel32L1@@QEAAHPEAX@Z
?HeapFree@CDownlevelKernel32L1@@QEAAHPEAXK0@Z
?HeapReAlloc@CDownlevelKernel32L1@@QEAAPEAXPEAXK0_K@Z
?HeapSize@CDownlevelKernel32L1@@QEAA_KPEAXKPEBX@Z
?InitializeCriticalSection@CDownlevelKernel32L1@@QEAAXPEAU_RTL_CRITICAL_SECTION@@@Z
?InitializeCriticalSectionEx@CDownlevelKernel32L1@@QEAAHPEAU_RTL_CRITICAL_SECTION@@KK@Z
?IsDebuggerPresent@CDownlevelKernel32L1@@QEAAHXZ
?IsWow64Process@CDownlevelKernel32L1@@QEAAHPEAXPEAH@Z
?LeaveCriticalSection@CDownlevelKernel32L1@@QEAAXPEAU_RTL_CRITICAL_SECTION@@@Z
?LoadLibraryExA@CDownlevelKernel32L1@@QEAAPEAUHINSTANCE__@@PEBDPEAXK@Z
?LoadLibraryExW@CDownlevelKernel32L1@@QEAAPEAUHINSTANCE__@@PEB_WPEAXK@Z
?LoadResource@CDownlevelKernel32L1@@QEAAPEAXPEAUHINSTANCE__@@PEAUHRSRC__@@@Z
?LockFileEx@CDownlevelKernel32L1@@QEAAHPEAXKKKKPEAU_OVERLAPPED@@@Z
?LockResource@CDownlevelKernel32L1@@QEAAPEAXPEAX@Z
?MapViewOfFile@CDownlevelKernel32L1@@QEAAPEAXPEAXKKK_K@Z
?MoveFileExW@CDownlevelKernel32L1@@QEAAHPEB_W0K@Z
?MultiByteToWideChar@CDownlevelKernel32L1@@QEAAHIKPEBDHPEA_WH@Z
?OutputDebugStringA@CDownlevelKernel32L1@@QEAAXPEBD@Z
?OutputDebugStringW@CDownlevelKernel32L1@@QEAAXPEB_W@Z
?QueryDosDeviceW@CDownlevelKernel32L1@@QEAAKPEB_WPEA_WK@Z
?QueryPerformanceCounter@CDownlevelKernel32L1@@QEAAHPEAT_LARGE_INTEGER@@@Z
?RaiseException@CDownlevelKernel32L1@@QEAAXKKKPEB_K@Z
?ReadFile@CDownlevelKernel32L1@@QEAAHPEAX0KPEAKPEAU_OVERLAPPED@@@Z
?ReleaseMutex@CDownlevelKernel32L1@@QEAAHPEAX@Z
?ReleaseSRWLockExclusive@CDownlevelKernel32L1@@QEAAXPEAU_RTL_SRWLOCK@@@Z
?ReleaseSemaphore@CDownlevelKernel32L1@@QEAAHPEAXJPEAJ@Z
?RemoveDirectoryW@CDownlevelKernel32L1@@QEAAHPEB_W@Z
?SearchPathW@CDownlevelKernel32L1@@QEAAKPEB_W00KPEA_WPEAPEA_W@Z
?SetConsoleCtrlHandler@CDownlevelKernel32L1@@QEAAHP6AHK@ZH@Z
?SetEndOfFile@CDownlevelKernel32L1@@QEAAHPEAX@Z
?SetErrorMode@CDownlevelKernel32L1@@QEAAII@Z
?SetEvent@CDownlevelKernel32L1@@QEAAHPEAX@Z
?SetFileAttributesW@CDownlevelKernel32L1@@QEAAHPEB_WK@Z
?SetFilePointer@CDownlevelKernel32L1@@QEAAKPEAXJPEAJK@Z
?SetFilePointerEx@CDownlevelKernel32L1@@QEAAHPEAXT_LARGE_INTEGER@@PEAT2@K@Z
?SetLastError@CDownlevelKernel32L1@@QEAAXK@Z
?SetThreadLocale@CDownlevelKernel32L1@@QEAAHK@Z
?SetThreadUILanguage@CDownlevelKernel32L1@@QEAAGG@Z
?SetUnhandledExceptionFilter@CDownlevelKernel32L1@@QEAAP6AJPEAU_EXCEPTION_POINTERS@@@ZP6AJ0@Z@Z
?SizeofResource@CDownlevelKernel32L1@@QEAAKPEAUHINSTANCE__@@PEAUHRSRC__@@@Z
?Sleep@CDownlevelKernel32L1@@QEAAXK@Z
?TerminateProcess@CDownlevelKernel32L1@@QEAAHPEAXI@Z
?TlsAlloc@CDownlevelKernel32L1@@QEAAKXZ
?TlsFree@CDownlevelKernel32L1@@QEAAHK@Z
?TlsGetValue@CDownlevelKernel32L1@@QEAAPEAXK@Z
?TlsSetValue@CDownlevelKernel32L1@@QEAAHKPEAX@Z
?UnhandledExceptionFilter@CDownlevelKernel32L1@@QEAAJPEAU_EXCEPTION_POINTERS@@@Z
?UnlockFileEx@CDownlevelKernel32L1@@QEAAHPEAXKKKPEAU_OVERLAPPED@@@Z
?UnmapViewOfFile@CDownlevelKernel32L1@@QEAAHPEBX@Z
?VerSetConditionMask@CDownlevelKernel32L1@@QEAA_K_KKE@Z
?VirtualAlloc@CDownlevelKernel32L1@@QEAAPEAXPEAX_KKK@Z
?VirtualFree@CDownlevelKernel32L1@@QEAAHPEAX_KK@Z
?VirtualProtect@CDownlevelKernel32L1@@QEAAHPEAX_KKPEAK@Z
?VirtualQuery@CDownlevelKernel32L1@@QEAA_KPEBXPEAU_MEMORY_BASIC_INFORMATION@@_K@Z
?WaitForMultipleObjectsEx@CDownlevelKernel32L1@@QEAAKKPEBQEAXHKH@Z
?WaitForSingleObject@CDownlevelKernel32L1@@QEAAKPEAXK@Z
?WideCharToMultiByte@CDownlevelKernel32L1@@QEAAHIKPEB_WHPEADHPEBDPEAH@Z
?WriteConsoleW@CDownlevelKernel32L1@@QEAAHPEAXPEBXKPEAK0@Z
?WriteFile@CDownlevelKernel32L1@@QEAAHPEAXPEBXKPEAKPEAU_OVERLAPPED@@@Z
AcquireSRWLockExclusive
CloseHandle
CompareStringW
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateMutexW
CreateProcessW
CreateSemaphoreExW
CreateThread
DebugBreak
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteVolumeMountPointW
DeviceIoControl
DisableThreadLibraryCalls
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindResourceExW
FindVolumeClose
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetNumberFormatW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryW
GetSystemFirmwareTable
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetTickCount
GetTimeFormatW
GetVersion
GetVersionExW
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryW
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionEx
IsDebuggerPresent
IsWow64Process
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadResource
LockFileEx
LockResource
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryDosDeviceW
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSemaphore
RemoveDirectoryW
SearchPathW
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetLastError
SetThreadLocale
SetThreadUILanguage
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFileEx
UnmapViewOfFile
VerSetConditionMask
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-kernel32-l2-1-0.dll
.dll windows:6 windows x64 arch:x64

017fe49724a69476e7be46202cd7b7b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
LocalFree
LocalAlloc
GetPrivateProfileSectionW
LoadLibraryW
GetFirmwareEnvironmentVariableW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle

Exports

Exports

??4CDownlevelKernel32L2@@QEAAAEAV0@$$QEAV0@@Z
??4CDownlevelKernel32L2@@QEAAAEAV0@AEBV0@@Z
?CreateFileMappingA@CDownlevelKernel32L2@@QEAAPEAXPEAXPEAU_SECURITY_ATTRIBUTES@@KKKPEBD@Z
?GetFirmwareEnvironmentVariableW@CDownlevelKernel32L2@@QEAAKPEB_W0PEAXK@Z
?GetPrivateProfileSectionW@CDownlevelKernel32L2@@QEAAKPEB_WPEA_WK0@Z
?LoadLibraryW@CDownlevelKernel32L2@@QEAAPEAUHINSTANCE__@@PEB_W@Z
?LocalAlloc@CDownlevelKernel32L2@@QEAAPEAXI_K@Z
?LocalFree@CDownlevelKernel32L2@@QEAAPEAXPEAX@Z
CreateFileMappingA
GetFirmwareEnvironmentVariableW
GetPrivateProfileSectionW
LoadLibraryW
LocalAlloc
LocalFree

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-ole32-l1-1-1.dll
.dll windows:6 windows x64 arch:x64

2cf1079a8befa713f0ba9c24c2ce6d70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ole32

CoInitializeEx
StringFromGUID2
StringFromCLSID
ProgIDFromCLSID
CoTaskMemFree
CoSetProxyBlanket
CoRevokeClassObject
CoRegisterPSClsid
CoRegisterClassObject
CoCreateGuid
CoUninitialize
CoInitializeSecurity
CoCreateInstance

oleaut32

SetErrorInfo
CreateErrorInfo
GetErrorInfo

kernel32

GetProcAddress
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetFileType
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle

Exports

Exports

??4CDownlevelOle32l111@@QEAAAEAV0@$$QEAV0@@Z
??4CDownlevelOle32l111@@QEAAAEAV0@AEBV0@@Z
?CoCreateGuid@CDownlevelOle32l111@@QEAAJPEAU_GUID@@@Z
?CoCreateInstance@CDownlevelOle32l111@@QEAAJAEBU_GUID@@PEAUIUnknown@@K0PEAPEAX@Z
?CoInitializeEx@CDownlevelOle32l111@@QEAAJPEAXK@Z
?CoInitializeSecurity@CDownlevelOle32l111@@QEAAJPEAXJPEAUtagSOLE_AUTHENTICATION_SERVICE@@0KK0K0@Z
?CoRegisterClassObject@CDownlevelOle32l111@@QEAAJAEBU_GUID@@PEAUIUnknown@@KKPEAK@Z
?CoRegisterPSClsid@CDownlevelOle32l111@@QEAAJAEBU_GUID@@0@Z
?CoRevokeClassObject@CDownlevelOle32l111@@QEAAJK@Z
?CoSetProxyBlanket@CDownlevelOle32l111@@QEAAJPEAUIUnknown@@KKPEA_WKKPEAXK@Z
?CoTaskMemFree@CDownlevelOle32l111@@QEAAXPEAX@Z
?CoUninitialize@CDownlevelOle32l111@@QEAAXXZ
?CreateErrorInfo@CDownlevelOle32l111@@QEAAJPEAPEAUICreateErrorInfo@@@Z
?GetErrorInfo@CDownlevelOle32l111@@QEAAJKPEAPEAUIErrorInfo@@@Z
?ProgIDFromCLSID@CDownlevelOle32l111@@QEAAJAEBU_GUID@@PEAPEA_W@Z
?SetErrorInfo@CDownlevelOle32l111@@QEAAJKPEAUIErrorInfo@@@Z
?StringFromCLSID@CDownlevelOle32l111@@QEAAJAEBU_GUID@@PEAPEA_W@Z
?StringFromGUID2@CDownlevelOle32l111@@QEAAHAEBU_GUID@@PEA_WH@Z
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoRegisterClassObject
CoRegisterPSClsid
CoRevokeClassObject
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
CreateErrorInfo
GetErrorInfo
ProgIDFromCLSID
SetErrorInfo
StringFromCLSID
StringFromGUID2

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-user32-l1-1-1.dll
.dll windows:6 windows x64 arch:x64

088f2472330bab6ab9be12901c4efb7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

CharUpperBuffW
CharUpperW
LoadStringW
CharNextW
CharLowerBuffW

kernel32

WriteConsoleW
CloseHandle
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx

Exports

Exports

??4CDownlevelUser32l111@@QEAAAEAV0@$$QEAV0@@Z
??4CDownlevelUser32l111@@QEAAAEAV0@AEBV0@@Z
?CharLowerBuffW@CDownlevelUser32l111@@QEAAKPEA_WK@Z
?CharNextW@CDownlevelUser32l111@@QEAAPEA_WPEB_W@Z
?CharUpperBuffW@CDownlevelUser32l111@@QEAAKPEA_WK@Z
?CharUpperW@CDownlevelUser32l111@@QEAAPEA_WPEA_W@Z
?LoadStringW@CDownlevelUser32l111@@QEAAHPEAUHINSTANCE__@@IPEA_WH@Z
CharLowerBuffW
CharNextW
CharUpperBuffW
CharUpperW
LoadStringW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/ApiWrappers/x64/api-ms-win-downlevel-version-l1-1-0.dll
.dll windows:6 windows x64 arch:x64

fee45b7c8940847b91bc90e1bb278523

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

P:\[REC]\nKode\Public\windee\[TempBin.x64]\Tools\ApiWrappers\api-ms-win-downlevel-version-l1-1-0.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

kernel32

HeapAlloc
WriteConsoleW
CloseHandle
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx

Exports

Exports

??4CDownlevelVersionl110@@QEAAAEAV0@$$QEAV0@@Z
??4CDownlevelVersionl110@@QEAAAEAV0@AEBV0@@Z
?GetFileVersionInfoExW@CDownlevelVersionl110@@QEAAHKPEB_WKKPEAX@Z
?GetFileVersionInfoSizeExW@CDownlevelVersionl110@@QEAAKKPEB_WPEAK@Z
?VerQueryValueW@CDownlevelVersionl110@@QEAAHPEBXPEB_WPEAPEAXPEAI@Z
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/COPYING.GPLv3.txt
NTLite_65888/NTLitex64/Tools/COPYING.LGPLv3.txt
NTLite_65888/NTLitex64/Tools/wimlib/readme.txt
NTLite_65888/NTLitex64/Tools/wimlib/x64/libwim-15.dll
.dll windows:4 windows x64 arch:x64

c4e7bc8ce21d7b0b40f680115163b06f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
CloseEncryptedFileRaw
LookupPrivilegeValueW
OpenEncryptedFileRawW
OpenProcessToken
ReadEncryptedFileRaw
RegCloseKey
RegCreateKeyExW
RegFlushKey
RegLoadKeyW
RegSetValueExW
RegUnLoadKeyW
SystemFunction036
WriteEncryptedFileRaw

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryW
MoveFileExW
MoveFileW
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEndOfFile
SetEvent
SetFilePointer
SetFilePointerEx
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
__dllonexit
__iob_func
__mb_cur_max
_amsg_exit
_beginthreadex
_endthreadex
_errno
_exit
_fstat64
fwprintf
_get_osfhandle
_gmtime64
_initterm
_lock
_lseeki64
_onexit
_open_osfhandle
_setjmp
_stat64
_telli64
_time64
_ultoa
_unlock
_vsnprintf
_waccess
_wcsicmp
_wfopen
_wgetenv
_wmkdir
_wopen
_wstat64
_wtempnam
_wunlink
abort
atexit
calloc
exit
fclose
feof
ferror
fflush
fgetwc
fopen
fprintf
fputc
fputs
fputwc
fputws
fread
free
fwprintf
fwrite
getenv
islower
isspace
isupper
iswctype
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
putc
qsort
raise
rand
realloc
signal
srand
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
toupper
towlower
ungetwc
vfprintf
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcspbrk
wcsrchr
wcsstr
wcstol
wcstoul
_wstat
_snwprintf
longjmp
_write
_strdup
_read
_getcwd
_fdopen
_close

ntdll

NtClose
NtCreateFile
NtFsControlFile
NtOpenFile
NtOpenSymbolicLinkObject
NtQueryDirectoryFile
NtQueryEaFile
NtQueryInformationFile
NtQuerySecurityObject
NtQueryVolumeInformationFile
NtReadFile
NtSetEaFile
NtSetInformationFile
NtSetSecurityObject
NtWaitForSingleObject
NtWriteFile
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlNtStatusToDosError

user32

MessageBoxW
wsprintfW

Exports

Exports

wimlib_add_empty_image
wimlib_add_image
wimlib_add_image_multisource
wimlib_add_tree
wimlib_compress
wimlib_create_compressor
wimlib_create_decompressor
wimlib_create_new_wim
wimlib_decompress
wimlib_delete_image
wimlib_delete_path
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_free_compressor
wimlib_free_decompressor
wimlib_get_compression_type_string
wimlib_get_compressor_needed_memory
wimlib_get_error_string
wimlib_get_image_description
wimlib_get_image_name
wimlib_get_image_property
wimlib_get_version
wimlib_get_version_string
wimlib_get_wim_info
wimlib_get_xml_data
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join
wimlib_join_with_progress
wimlib_mount_image
wimlib_open_wim
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_rename_path
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_error_file
wimlib_set_error_file_by_name
wimlib_set_image_descripton
wimlib_set_image_flags
wimlib_set_image_name
wimlib_set_image_property
wimlib_set_memory_allocator
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_unmount_image
wimlib_unmount_image_with_progress
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd

Sections

.text
Size: 552KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 135KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/Tools/使用说明（必看）.TXT
NTLite_65888/NTLitex64/Tools/点我查看更多资源.url
.url
NTLite_65888/NTLitex64/Tools/访问易破解网站.url
.url
NTLite_65888/NTLitex64/license.dat
NTLite_65888/NTLitex64/msimg32.dll
.dll windows:5 windows x64 arch:x64

ea0a1bc72b067f20adf05ed8d47b3c5c

Code Sign

31:09:a4:56:2d:50:0d:87:4e:90:08:33:ba:9c:34:82
Certificate

Issuer

CN=RmK-FreE

Not Before

31/12/2018, 23:00

Not After

31/12/2025, 23:00

Subject

CN=RmK-FreE

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

80:3e:34:38:16:d7:46:06:aa:14:c8:41:54:4b:50:69:a5:57:2c:9b
Signer

Actual PE Digest

80:3e:34:38:16:d7:46:06:aa:14:c8:41:54:4b:50:69:a5:57:2c:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
RtlUnwindEx
GetACP
CloseHandle
LocalFree
VirtualProtect
TlsAlloc
GetTickCount
VirtualFree
GetStartupInfoW
ExitProcess
InitializeCriticalSection
VirtualAlloc
RtlUnwind
GetCPInfo
GetCommandLineW
GetSystemInfo
GetProcAddress
LeaveCriticalSection
EnumSystemLocalesW
GetStdHandle
GetVersionExW
GetModuleHandleA
VerifyVersionInfoW
GetModuleHandleW
FreeLibrary
GetDiskFreeSpaceW
VerSetConditionMask
GetUserDefaultUILanguage
FindFirstFileW
TlsFree
GetModuleFileNameW
GetLastError
DisableThreadLibraryCalls
lstrlenW
CreateThread
CompareStringW
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryW
LoadLibraryA
ResetEvent
SetEvent
GetLocaleInfoW
GetSystemDirectoryW
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetLocalTime
WaitForSingleObject
WriteFile
DeleteCriticalSection
GetDateFormatW
TlsGetValue
IsValidLocale
TlsSetValue
LoadLibraryExW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
CreateEventW
GetThreadLocale
Sleep
SetThreadLocale

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CharUpperBuffW
CharNextW
CharLowerBuffW
LoadStringW
CharUpperW
GetSystemMetrics
MessageBoxW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
__dbk_fcall_wrapper
dbkFCallWrapperAddr
vSetDdrawflag

Sections

.text
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 229B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

rmk0
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

rmk1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NTLite_65888/NTLitex64/settings.xml
NTLite_65888/NTLitex64/settingsUI.xml
NTLite_65888/使用说明（必看）.TXT
NTLite_65888/软件说明.url

Sharing

General

Malware Config

Signatures

Files

01b0ffeb652a78413e5e6e13b51ddf45

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

Size: - Virtual size: 10.8MB

Size: - Virtual size: 3.9MB

Size: - Virtual size: 184KB

.rsrc Size: 1.3MB - Virtual size: 2.2MB

Size: 8KB - Virtual size: 8KB

Size: 512B - Virtual size: 63B

Size: 111KB - Virtual size: 111KB

09c182b10b88cd78aa1b9a1fdb0142e4

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 316KB - Virtual size: 315KB

.data Size: 1KB - Virtual size: 34KB

.pdata Size: 72KB - Virtual size: 71KB

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 12KB - Virtual size: 12KB

0b843de3a792415d23272c775ed89891

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

e0efcb6210a2d25cffe0d866e0998592

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

d446f0b2eb73645d6aeaa9714341eedb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

.rsrc
Size: 1.3MB - Virtual size: 2.2MB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 316KB - Virtual size: 315KB

.data
Size: 1KB - Virtual size: 34KB

.pdata
Size: 72KB - Virtual size: 71KB

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB