setup[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

setup.zip
Size

7.5MB
MD5

5655d824a2b15a4d8f822c689a65b235
SHA1

c5c0a09a200524fe25840cf808e889c0dadfd895
SHA256

d7587071279ebaca1fe3fc2866c62947fe6c8df9862d1c434a99b4a5fb47a611
SHA512

3fae70edc6d6c0549bda179db003c8373945eb123a3274b7012e5dabed2b100f8c72a2070b6a557e2c83df3c073316ac7f70b5b56576cf80b031f3432e753e2a
SSDEEP

196608:bQX6gQWd2kT7bHIKc5J1EYASM8dedEBIk/:MXQWd7PbHIN5nEY/euN/

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/authz/FXSST.dll
unpack001/authz/authz.dll
unpack001/mf/mspatchc.dll
unpack001/mf/wevtsvc.dll
unpack001/ninput/lsasrv.dll
unpack001/ninput/mlang.dll
unpack001/ninput/ninput.dll

Files

setup.zip
.zip

Password: 2024
authz/FXSST.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

8587c8fd7f05ac29922c42adbb4b2c79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FXSST.pdb

Imports

msvcrt

__CxxFrameHandler3
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
_callnewh
memmove_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
_vsnwprintf
_wsplitpath_s
wcscmp

fxsapi

FaxAnswerCall
FaxRegisterForServerEvents
FaxGetJobExW
FaxClose
FaxAccessCheckEx
FaxRelease
FaxEnumPortsExW
FaxSetJobW
FaxUnregisterForServerEvents
FaxFreeBuffer
FaxConnectFaxServerW
IsDeviceVirtual

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
RtlVirtualUnwind
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags

user32

MessageBoxW
CreateDialogParamW
GetWindowRect
GetDC
SetWindowPos
SetActiveWindow
SetWindowTextW
LoadStringW
SetDlgItemTextW
GetSysColor
MoveWindow
IsDlgButtonChecked
SetFocus
CheckDlgButton
GetSysColorBrush
LoadImageW
ReleaseDC
DefWindowProcW
CallWindowProcW
PostMessageW
DestroyWindow
CreateWindowExW
DeleteMenu
SendMessageW
UnregisterClassW
RegisterClassExW
TrackPopupMenu
GetSubMenu
IsDialogMessageW
DestroyIcon
SetMenuDefaultItem
DestroyMenu
LoadIconW
LoadCursorW
RemoveMenu
GetDlgItem
KillTimer
SetForegroundWindow
GetCursorPos
EnableWindow
LoadMenuW
SetTimer

gdi32

DeleteObject
SetBkMode
GetDeviceCaps
CreateFontIndirectW
SetTextColor

shell32

ShellExecuteW
Shell_NotifyIconW

comctl32

ImageList_Create
ImageList_Destroy
ImageList_Add

kernel32

DelayLoadFailureHook
ResolveDelayLoadedAPI
OutputDebugStringW
GetVersion
GetVersionExW
GetModuleFileNameW
LocalFree
OpenEventW
GetTimeFormatW
GetUserPreferredUILanguages
EnumUILanguagesW
GetLocaleInfoEx
GetStringTypeExW
ExpandEnvironmentStringsW
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
MulDiv
GetLocalTime
GetLocaleInfoW
GetTickCount
FreeLibrary
GetProcAddress
ResetEvent
CreateThread
LoadLibraryW
CloseHandle
TerminateThread
DisableThreadLibraryCalls
SetEvent
GetLastError
CreateEventW
GetSystemDirectoryW
WaitForSingleObject
WaitForMultipleObjects
SetLastError
InitOnceExecuteOnce
GetCurrentThread

Exports

Exports

DllMain
FaxMonitorShutdown
FaxMonitorStartup
IsFaxMessage

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 762KB - Virtual size: 761KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
authz/authz.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

7b1bc95845d27cf40466108a31a982d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

authz.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memcpy
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
_o__wtoi64
_o_free
_o_malloc
_o_wcstol
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
wcsstr
__C_specific_handler
memcmp

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
WaitForSingleObject
ResetEvent
SetEvent
DeleteCriticalSection
CreateEventW
LeaveCriticalSection
InitializeCriticalSection

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThread
OpenThreadToken
GetCurrentProcess
OpenProcessToken
TerminateProcess
SetThreadPriority
SetThreadStackGuarantee
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-security-base-l1-1-0

InitializeAcl
GetSidSubAuthority
InitializeSid
AllocateAndInitializeSid
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
IsWellKnownSid
CreateWellKnownSid
EqualDomainSid
AddAccessAllowedAce
IsValidSid
IsValidSecurityDescriptor
GetSecurityDescriptorLength
AdjustTokenPrivileges
GetTokenInformation
GetLengthSid
GetSecurityDescriptorControl
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
GetSidSubAuthorityCount

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegDeleteKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemInfo

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlCompareMemory
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
VirtualQuery
VirtualProtect

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlInitializeResource
RtlDeleteResource
RtlAcquireResourceShared
RtlEqualSid
RtlValidSecurityDescriptor
RtlOwnerAcesPresent
RtlLengthSecurityDescriptor
RtlMakeSelfRelativeSD
RtlInitUnicodeString
NtOpenKey
NtQueryValueKey
RtlInitializeCriticalSection
RtlLengthRequiredSid
RtlIsPackageSid
RtlIsCapabilitySid
RtlCopySid
RtlValidSid
RtlCopyLuid
RtlCopyLuidAndAttributesArray
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlInitString
RtlGetNtProductType
EtwTraceMessage
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
RtlImageNtHeader
RtlFreeHeap
RtlEqualUnicodeString
RtlCopyUnicodeString
RtlCompareUnicodeString
RtlUpcaseUnicodeChar
RtlIsNameInExpression
RtlDeleteCriticalSection
RtlSidHashInitialize
NtQuerySecurityAttributesToken
NtQueryInformationToken
RtlReleaseResource
RtlAcquireResourceExclusive
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlLengthSid
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlInitializeSid
RtlNtStatusToDosError
NtAllocateLocallyUniqueId
NtClose

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AuthzAccessCheck
AuthzAddSidsToContext
AuthzCachedAccessCheck
AuthzComputeEffectivePermission
AuthzEnumerateSecurityEventSources
AuthzEvaluateSacl
AuthzFreeAuditEvent
AuthzFreeCentralAccessPolicyCache
AuthzFreeContext
AuthzFreeHandle
AuthzFreeResourceManager
AuthzGetInformationFromContext
AuthzInitializeCompoundContext
AuthzInitializeContextFromAuthzContext
AuthzInitializeContextFromSid
AuthzInitializeContextFromToken
AuthzInitializeObjectAccessAuditEvent
AuthzInitializeObjectAccessAuditEvent2
AuthzInitializeRemoteAccessCheck
AuthzInitializeRemoteResourceManager
AuthzInitializeResourceManager
AuthzInitializeResourceManagerEx
AuthzInstallSecurityEventSource
AuthzModifyClaims
AuthzModifySecurityAttributes
AuthzModifySids
AuthzOpenObjectAudit
AuthzRegisterCapChangeNotification
AuthzRegisterSecurityEventSource
AuthzReportSecurityEvent
AuthzReportSecurityEventFromParams
AuthzSetAppContainerInformation
AuthzShutdownRemoteAccessCheck
AuthzUninstallSecurityEventSource
AuthzUnregisterCapChangeNotification
AuthzUnregisterSecurityEventSource
AuthziAccessCheckEx
AuthziAllocateAuditParams
AuthziCheckContextMembership
AuthziFreeAuditEventType
AuthziFreeAuditParams
AuthziFreeAuditQueue
AuthziGenerateAdminAlertAuditW
AuthziInitializeAuditEvent
AuthziInitializeAuditEventType
AuthziInitializeAuditParams
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditParamsWithRM
AuthziInitializeAuditQueue
AuthziInitializeContextFromSid
AuthziLogAuditEvent
AuthziModifyAuditEvent
AuthziModifyAuditEvent2
AuthziModifyAuditEventType
AuthziModifyAuditQueue
AuthziModifySecurityAttributes
AuthziQuerySecurityAttributes
AuthziSourceAudit
FreeClaimDefinitions
FreeClaimDictionary
GenerateNewCAPID
GetCentralAccessPoliciesByCapID
GetCentralAccessPoliciesByDN
GetClaimDefinitions
GetClaimDomainInfo
GetDefaultCAPESecurityDescriptor
InitializeClaimDictionary
RefreshClaimDictionary

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
authz/clbcatq.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

d25132a2373a2fa772d108993083a28e

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05-05-2022 19:23

Not After

04-05-2023 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:e5:3d:a2:cc:a9:cf:42:76:29:58:a0:06:e6:ce:6f:9b:17:9d:ab:29:86:28:a0:5e:13:e8:27:f3:bf:21:f6
Signer

Actual PE Digest

63:e5:3d:a2:cc:a9:cf:42:76:29:58:a0:06:e6:ce:6f:9b:17:9d:ab:29:86:28:a0:5e:13:e8:27:f3:bf:21:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CLBCatQ.pdb

Imports

msvcrt

_XcptFilter
malloc
_stricmp
_amsg_exit
_waccess
realloc
_wtol
_ltow
_wsplitpath_s
memmove_s
wcstombs
mbstowcs
towupper
wcsstr
_wcsnicmp
_wcslwr
wcsncmp
wcstol
free
_initterm
_vsnprintf
?terminate@@YAXXZ
wcschr
??1type_info@@UEAA@XZ
_lock
__dllonexit
_onexit
memset
_i64tow_s
memmove
_purecall
qsort
wcsrchr
_vsnprintf_s
memcpy
memcmp
_wmakepath_s
_local_unwind
??0exception@@QEAA@AEBV0@@Z
_CxxThrowException
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_wcsicmp
__CxxFrameHandler3
memcpy_s
_vsnwprintf
__C_specific_handler
_unlock
wcscmp

ntdll

RtlAllocateHeap
NtQueryEvent
RtlInitUnicodeString
NtOpenEvent
RtlImageNtHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetLastNtStatus
RtlWow64IsWowGuestMachineSupported
NtQueryInformationProcess
WinSqmSetDWORD
RtlFreeHeap

api-ms-win-core-registry-l1-1-0

RegFlushKey
RegDeleteValueW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegDeleteTreeW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyExW
RegQueryInfoKeyW

api-ms-win-core-com-l1-1-0

CoCreateInstanceEx
CoImpersonateClient
CoCreateGuid
CoGetMalloc
CoRevertToSelf
CLSIDFromString
CoTaskMemAlloc
CoGetCallContext
CreateStreamOnHGlobal
CoTaskMemRealloc
StringFromCLSID
CoSetProxyBlanket
CoGetObjectContext
StringFromGUID2
CoCreateInstance
CoTaskMemFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
LoadResource
GetProcAddress
GetModuleFileNameA
DisableThreadLibraryCalls
FindResourceExW
LockResource
LoadStringW
LoadLibraryExW
FreeLibrary
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
InitializeCriticalSectionEx
WaitForSingleObject
OpenSemaphoreW
ReleaseMutex
ReleaseSRWLockShared
LeaveCriticalSection
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
AcquireSRWLockShared
SleepEx
ReleaseSemaphore
CreateMutexExW
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceEnableFlags
TraceMessage

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
GetTokenInformation
GetLengthSid
SetSecurityDescriptorGroup
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
AddAccessDeniedAce
DuplicateTokenEx
GetSecurityDescriptorDacl
GetAclInformation
GetSecurityDescriptorLength
SetSecurityDescriptorOwner

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
CreateProcessAsUserW
CreateProcessW
OpenThreadToken
TerminateProcess
OpenProcessToken
GetExitCodeProcess
GetCurrentProcessId
GetCurrentThread
SetThreadStackGuarantee
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
GetSystemDirectoryW
GetTickCount
GetLocalTime

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte
FormatMessageW
GetSystemDefaultLCID

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
VirtualFree
CreateFileMappingW
VirtualProtect
VirtualQuery
VirtualAlloc

api-ms-win-core-file-l2-1-0

MoveFileExW
MoveFileWithProgressW

api-ms-win-core-file-l1-1-0

FlushFileBuffers
CreateFileW
SetFilePointer
GetFileAttributesW
FindFirstFileW
FindNextFileW
GetFileSizeEx
GetFileType
CreateDirectoryW
SetFileAttributesW
FindClose
GetLongPathNameW
GetTempFileNameW
WriteFile
DeleteFileW
SetEndOfFile
ReadFile

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-security-base-private-l1-1-0

MakeAbsoluteSD2

api-ms-win-core-com-private-l1-1-0

CLSIDFromOle1Class
CoGetModuleType

rpcrt4

UuidFromStringW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

kernel32

GetComputerNameW

Exports

Exports

ActivatorUpdateForIsRouterChanges
CLSIDFromStringByBitness
CheckMemoryGates
CoRegCleanup
ComPlusEnablePartitions
ComPlusEnableRemoteAccess
ComPlusMigrate
ComPlusPartitionsEnabled
ComPlusRemoteAccessEnabled
CreateComponentLibraryEx
DeleteAllActivatorsForClsid
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DowngradeAPL
GetCatalogObject
GetCatalogObject2
GetComputerObject
GetGlobalBabyJITEnabled
GetSimpleTableDispenser
InprocServer32FromString
OpenComponentLibraryEx
OpenComponentLibraryOnMemEx
OpenComponentLibraryOnStreamEx
ServerGetApplicationType
SetSetupOpen
SetSetupSave
SetupOpen
SetupSave
UpdateFromAppChange
UpdateFromComponentChange

Sections

.text
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
authz/dcntel.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

297a2ad90ecd0a9d6f27b16387dae5ef

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:23

Not After

01-09-2022 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:ba:2b:ba:3b:18:07:1d:93:91:91:64:be:09:eb:23:9c:c3:b2:1b:8c:70:be:45:03:52:85:88:56:17:23:37
Signer

Actual PE Digest

a2:ba:2b:ba:3b:18:07:1d:93:91:91:64:be:09:eb:23:9c:c3:b2:1b:8c:70:be:45:03:52:85:88:56:17:23:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dcntel.pdb

Imports

msvcrt

localeconv
strcspn
setlocale
__pctype_func
___lc_handle_func
___lc_codepage_func
wcscpy_s
__uncaught_exception
___mb_cur_max_func
_ismbblead
abort
memset
_wcsdup
__crtLCMapStringW
_wsetlocale
memcmp
wcsncmp
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
iswascii
_wtoi
wcstoul
wcscmp
strcmp
wcsstr
_wcslwr
wcscat_s
wcschr
_wcsnicmp
_wtof
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
rand_s
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
strcpy_s
__C_specific_handler
wcstol
?what@exception@@UEBAPEBDXZ
wcsrchr
_wcsupr
_wcslwr_s
wcstok_s
strchr
_errno
strstr
free
malloc
strnlen
swprintf_s
sprintf_s
_wcsicmp
_vsnprintf
_wcstoui64
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
calloc
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateEventW
OpenWaitableTimerW
CreateEventExW
InitializeCriticalSection
ReleaseSemaphore
CreateMutexExW
LeaveCriticalSection
ReleaseMutex
OpenSemaphoreW
SetEvent
WaitForSingleObject
ResetEvent
DeleteCriticalSection
AcquireSRWLockExclusive
EnterCriticalSection
SetWaitableTimer
CreateMutexW
WaitForSingleObjectEx
InitializeCriticalSectionEx
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
ExitProcess
GetCurrentProcess
OpenThreadToken
CreateThread
OpenProcessToken
SetThreadToken
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
TerminateThread

api-ms-win-core-localization-l1-2-0

GetUserGeoID
GetUserPreferredUILanguages
GetSystemPreferredUILanguages
GetLocaleInfoEx
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
StringFromCLSID
CoTaskMemAlloc
CoUninitialize
CoCreateFreeThreadedMarshaler
PropVariantClear
CoSetProxyBlanket
CoWaitForMultipleHandles
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
VariantInit
SysAllocString
SafeArrayGetElement
VariantClear
SysStringLen
SysFreeString

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

api-ms-win-core-file-l1-1-0

DeleteFileW
GetTempFileNameW
GetVolumePathNameW
FindFirstFileW
GetFileAttributesW
WriteFile
ReadFile
GetLogicalDrives
GetDriveTypeW
FindClose
CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
DuplicateTokenEx
FreeSid
AdjustTokenPrivileges
SetSecurityDescriptorDacl
GetTokenInformation
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
RevertToSelf
SetSecurityDescriptorOwner

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable
VerSetConditionMask
GetProductInfo

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
RegFlushKey
RegDeleteTreeW
RegSetKeySecurity
RegSaveKeyExW
RegLoadAppKeyW
RegCloseKey
RegGetValueW
RegDeleteKeyExW
RegUnLoadKeyW

rpcrt4

UuidCreate

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetComputerNameExW
GetSystemWindowsDirectoryW
GetVersionExW
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GetSystemTime
GetLogicalProcessorInformationEx
GetSystemInfo

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
LocalAlloc

logoncli

DsGetDcNameW

bcrypt

BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider

crypt32

CryptBinaryToStringW

netutils

NetApiBufferFree

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize
RoActivateInstance

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

iphlpapi

GetAdaptersInfo

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
EnumUILanguagesW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx

ntdll

ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
RtlRandomEx
RtlStringFromGUID
RtlDosPathNameToRelativeNtPathName_U
NtLoadKeyEx
RtlReleaseRelativeName
RtlAllocateAndInitializeSid
RtlFreeSid
RtlAdjustPrivilege
NtQueryKey
NtQueryLicenseValue
RtlCompareMemory
NtQuerySecurityPolicy
NtQuerySystemInformation
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
WinSqmIsOptedInEx
NtPowerInformation
RtlFreeUnicodeString
RtlInitUnicodeString

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
CreateWaitableTimerW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpReadData
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSetCredentials

api-ms-win-security-credentials-l1-1-0

CredFree
CredReadW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

Exports

Exports

GetCensusPropertyAlloc
GetCensusRegistryLocation
RunSystemContextCensus
RunUserContextCensus
SetCustomTrigger
SetCustomTriggerEx
SysprepCleanupEnableCustomTrigger

Sections

.text
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mf/Licenses/OEM/Professional/license.rtf
.rtf
mf/Licenses/Volume/Professional/license.rtf
.rtf
mf/Licenses/_Default/Professional/license.rtf
.rtf
mf/mf.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

6ed0763eb41092a066b0c582532cc19f

Code Sign

33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05-05-2022 19:23

Not After

04-05-2023 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:74:a7:f5:36:cc:33:ee:c7:fe:4d:94:12:e2:be:4f:13:b4:f2:86:8c:76:95:d6:2e:20:e9:3d:eb:90:6d:66
Signer

Actual PE Digest

10:74:a7:f5:36:cc:33:ee:c7:fe:4d:94:12:e2:be:4f:13:b4:f2:86:8c:76:95:d6:2e:20:e9:3d:eb:90:6d:66

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mf.pdb

Imports

msvcrt

wcsnlen
_wcsnicmp
wcscat_s
_initterm
strncpy_s
_lock
qsort
wcsncmp
__C_specific_handler
__CxxFrameHandler3
memmove
memcpy
_XcptFilter
memchr
_amsg_exit
_onexit
_wcsicmp
_vsnwprintf
wcsncpy_s
malloc
__dllonexit
free
_errno
wcscpy_s
wcsrchr
memmove_s
realloc
_callnewh
_unlock
_purecall
memcpy_s
memcmp
strnlen
memset

ntdll

RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDeleteFunctionTable
RtlAddFunctionTable
NtQuerySystemInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
GetModuleFileNameA
SizeofResource
LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadResource
FindResourceExW
GetModuleFileNameW
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
OpenSemaphoreW
SetEvent
ReleaseSemaphore
WaitForSingleObjectEx
CreateMutexExW
LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeSRWLock
CreateEventW
CreateSemaphoreExW
ReleaseMutex

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateProcess
TlsGetValue
GetCurrentProcessId
ProcessIdToSessionId
GetCurrentThread
TlsSetValue
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
FormatMessageW

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
GetFileSize
GetFinalPathNameByHandleW
GetDiskFreeSpaceW
GetFullPathNameW
ReadFile

api-ms-win-core-shlwapi-legacy-l1-1-0

PathSkipRootW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime
GlobalMemoryStatusEx

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

rpcrt4

UuidFromStringW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AppendPropVariant
ConvertPropVariant
CopyPropertyStore
CreateNamedPropertyStore
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ExtractPropVariant
MFCreate3GPMediaSink
MFCreateAC3MediaSink
MFCreateADTSMediaSink
MFCreateASFByteStreamPlugin
MFCreateASFContentInfo
MFCreateASFIndexer
MFCreateASFIndexerByteStream
MFCreateASFMediaSink
MFCreateASFMediaSinkActivate
MFCreateASFMultiplexer
MFCreateASFProfile
MFCreateASFProfileFromPresentationDescriptor
MFCreateASFSplitter
MFCreateASFStreamSelector
MFCreateASFStreamingMediaSink
MFCreateASFStreamingMediaSinkActivate
MFCreateAggregateSource
MFCreateAppSourceProxy
MFCreateAudioRenderer
MFCreateAudioRendererActivate
MFCreateByteCacheFile
MFCreateCacheManager
MFCreateCredentialCache
MFCreateDeviceSource
MFCreateDeviceSourceActivate
MFCreateDrmNetNDSchemePlugin
MFCreateEncryptedMediaExtensionsStoreActivate
MFCreateFMPEG4MediaSink
MFCreateFileBlockMap
MFCreateFileSchemePlugin
MFCreateHttpSchemePlugin
MFCreateLPCMByteStreamPlugin
MFCreateMP3ByteStreamPlugin
MFCreateMP3MediaSink
MFCreateMPEG4MediaSink
MFCreateMediaProcessor
MFCreateMediaSession
MFCreateMuxSink
MFCreateNSCByteStreamPlugin
MFCreateNetSchemePlugin
MFCreatePMPHost
MFCreatePMPMediaSession
MFCreatePMPServer
MFCreatePresentationClock
MFCreatePresentationDescriptorFromASFProfile
MFCreateProtectedEnvironmentAccess
MFCreateProxyLocator
MFCreateRemoteDesktopPlugin
MFCreateSAMIByteStreamPlugin
MFCreateSampleCopierMFT
MFCreateSampleGrabberSinkActivate
MFCreateSecureHttpSchemePlugin
MFCreateSequencerSegmentOffset
MFCreateSequencerSource
MFCreateSequencerSourceRemoteStream
MFCreateSimpleTypeHandler
MFCreateSoundEventSchemePlugin
MFCreateSourceResolver
MFCreateStandardQualityManager
MFCreateTopoLoader
MFCreateTopology
MFCreateTopologyNode
MFCreateTranscodeProfile
MFCreateTranscodeSinkActivate
MFCreateTranscodeTopology
MFCreateTranscodeTopologyFromByteStream
MFCreateUrlmonSchemePlugin
MFCreateVideoRenderer
MFCreateVideoRendererActivate
MFCreateWMAEncoderActivate
MFCreateWMVEncoderActivate
MFEnumDeviceSources
MFGetLocalId
MFGetMultipleServiceProviders
MFGetService
MFGetSupportedMimeTypes
MFGetSupportedSchemes
MFGetSystemId
MFGetTopoNodeCurrentType
MFLoadSignedLibrary
MFRR_CreateActivate
MFReadSequencerSegmentOffset
MFRequireProtectedEnvironment
MFShutdownObject
MFTranscodeGetAudioOutputAvailableTypes
MergePropertyStore

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mf/mspatchc.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

3eceb2fa51da76c3ca657891eb9c80f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mspatchc.pdb

Imports

msvcrt

_amsg_exit
memcpy
_initterm
__C_specific_handler
_XcptFilter
malloc
free
memmove_s
memchr
memcmp
memset

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetFileTime
GetFileSize
DeleteFileA
SetFileTime
SetFilePointer
CreateFileW
SetEndOfFile
DeleteFileW
CreateFileA
WriteFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualAlloc
VirtualFree
UnmapViewOfFile

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-kernel32-legacy-l1-1-0

CreateFileMappingA
LoadLibraryA

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

Exports

Exports

CreatePatchFileA
CreatePatchFileByHandles
CreatePatchFileByHandlesEx
CreatePatchFileExA
CreatePatchFileExW
CreatePatchFileW
ExtractPatchHeaderToFileA
ExtractPatchHeaderToFileByHandles
ExtractPatchHeaderToFileW
GetFilePatchSignatureA
GetFilePatchSignatureByBuffer
GetFilePatchSignatureByHandle
GetFilePatchSignatureW
NormalizeFileForPatchSignature

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mf/wevtsvc.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

a905ef31a7398e7354ddfcec5cc82a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wevtsvc.pdb

Imports

msvcp_win

_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z

api-ms-win-crt-string-l1-1-0

wcsspn
wcsncmp
wcspbrk
strncmp
wcscspn
strnlen
memset
wcscmp
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__strnicmp
_o__ui64tow_s
_o__ultow_s
_o__wcsicmp
_o__wcsnicmp
_o__wcstoi64
_o__wcstoui64
_o__wfopen
memmove
_o__wtof
_o__wtoi
_o__wtoi64
_o__wtol
_o_bsearch
_o_calloc
_o_fclose
_o_fgetws
_o_free
_o_iswalnum
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_malloc
_o_memcpy_s
_o_qsort
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstok_s
_o_wcstol
_o_wcstoul
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
wcsrchr
wcsstr
__CxxFrameHandler3
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__i64tow_s
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
strrchr
strchr
wcschr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__crt_atexit
_o__configure_narrow_argv
_CxxThrowException
memcmp
memcpy
_o__cexit

ntdll

NtQuerySystemInformation
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlReleaseSRWLockExclusive
NtDeleteFile
RtlAcquireSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlEthernetAddressToStringW
RtlIpv6AddressToStringW
RtlAnsiStringToUnicodeString
NtOpenProcess
RtlInitUnicodeString
NtDuplicateObject
RtlEnumerateGenericTableAvl
RtlInitializeGenericTableAvl
RtlGetPersistedStateLocation
RtlSetLastWin32Error
NtReadFile
NtWriteFile
NtClose
RtlComputeCrc32
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlGetLastNtStatus
NtSetInformationFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlSecondsSince1970ToTime
RtlNtStatusToDosError
NtQueryVolumeInformationFile
NtCreateFile
RtlDeleteCriticalSection
RtlTimeToSecondsSince1970
NtQueryAttributesFile
RtlNtStatusToDosErrorNoTeb
RtlLengthSid
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlGetVersion
NtQuerySystemTime

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSize
HeapReAlloc
HeapDestroy
HeapAlloc
HeapFree

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle

rpcrt4

NdrAsyncServerCall
I_RpcMapWin32Status
RpcAsyncCompleteCall
RpcBindingVectorFree
RpcServerUseProtseqExW
RpcServerUseProtseqEpW
RpcServerUnregisterIfEx
RpcBindingToStringBindingW
Ndr64AsyncServerCallAll
NdrServerCall2
RpcServerRegisterIf3
RpcStringFreeW
RpcStringBindingParseW
RpcServerRegisterIfEx
RpcImpersonateClient
RpcRevertToSelf
RpcServerRegisterAuthInfoW
UuidCreate
RpcEpUnregister
RpcEpRegisterW
RpcServerInqCallAttributesW
RpcServerInqBindings
NdrServerCallAll
RpcRevertToSelfEx
I_RpcBindingInqLocalClientPID
I_RpcBindingIsClientLocal
RpcServerSubscribeForNotification
RpcServerUnsubscribeForNotification

api-ms-win-core-perfcounters-l1-1-0

PerfStopProvider
PerfSetCounterRefValue
PerfSetCounterSetInfo
PerfCreateInstance
PerfStartProviderEx
PerfDeleteInstance

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceBeginInitialize
Sleep
InitializeConditionVariable
InitOnceComplete

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventProviderEnabled
EventSetInformation
EventUnregister
EventActivityIdControl

api-ms-win-core-registry-l1-1-0

RegGetKeySecurity
RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegNotifyChangeKeyValue
RegDeleteKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW

api-ms-win-security-base-l1-1-0

AccessCheck
PrivilegeCheck
AccessCheckAndAuditAlarmW
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
GetAclInformation
InitializeAcl
GetLengthSid
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
AdjustTokenPrivileges
IsValidSecurityDescriptor
IsValidSid
AllocateAndInitializeSid
MapGenericMask
AddAce
IsWellKnownSid
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
CreateWellKnownSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
FreeSid
MakeSelfRelativeSD
GetAce
GetTokenInformation

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
OpenEventW
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockShared
WaitForMultipleObjectsEx
InitializeSRWLock
InitializeCriticalSectionEx
LeaveCriticalSection
TryAcquireSRWLockExclusive
CreateEventW
CancelWaitableTimer
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
ResetEvent
CreateWaitableTimerExW
CreateMutexExW
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
SetWaitableTimer
SetEvent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetProcAddress
GetModuleFileNameW
SizeofResource
FreeResource
LockResource
GetModuleHandleExW
FindResourceExW
GetModuleFileNameA
LoadLibraryExW
LoadResource

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
StartThreadpoolIo
WaitForThreadpoolTimerCallbacks
CloseThreadpoolIo
CreateThreadpoolIo
CloseThreadpoolTimer
WaitForThreadpoolIoCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
CancelThreadpoolIo
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

CreateThread
TlsAlloc
SetThreadToken
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken
TerminateProcess
TlsFree
GetCurrentThread
TlsSetValue
GetCurrentProcessId
TlsGetValue

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLangID
GetThreadLocale
SetThreadPreferredUILanguages
GetThreadPreferredUILanguages
SetThreadUILanguage
GetThreadUILanguage
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-kernel32-legacy-l1-1-0

PulseEvent

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GlobalMemoryStatusEx
GetComputerNameExW
GetLocalTime
GetSystemTimeAsFileTime
GetTickCount64
GetSystemTime
GetVersionExW

api-ms-win-core-file-l1-1-0

SetFilePointer
GetDiskFreeSpaceExW
FlushFileBuffers
ReadFile
CreateDirectoryW
WriteFile
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetTempFileNameW
DeleteFileW
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileSizeEx
CreateFileW
CompareFileTime
GetFileSize
GetFileAttributesExW
GetFileAttributesW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-file-l1-2-0

GetTempPathW

userenv

EnterCriticalPolicySection
RegisterGPNotification
UnregisterGPNotification
LeaveCriticalPolicySection

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-service-core-l1-1-3

GetServiceRegistryStateKey

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

ws2_32

WSAStartup
WSAGetLastError
setsockopt
ntohl
WSASocketW
ntohs
WSAAddressToStringW
WSASend
WSAIoctl
listen
WSACleanup
WSAStringToAddressW
WSARecv
closesocket
getpeername
bind

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetEnvironmentVariableW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptGetProperty
BCryptCreateHash

api-ms-win-core-state-helpers-l1-1-0

GetRegistryValueWithFallbackW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-service-core-l1-1-4

GetServiceDirectory

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobalsEx

Sections

.text
Size: 940KB - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 206KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ninput/lsasrv.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

dacdb67de110943af18e063a4149dfc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

lsasrv.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__ultow
_o__ultow_s
_o__wcsicmp
_o__wcsnicmp
_o__wsplitpath_s
_o__wtoi
_o__wtol
_o_bsearch_s
_o_free
memmove
_o_malloc
_o_mbstowcs
_o_memcpy_s
_o_qsort
_o_qsort_s
_o_strtok
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstoul
_o__execute_onexit_table
_o__errno
_CxxThrowException
__CxxFrameHandler3
_o__crt_atexit
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
wcsrchr
wcschr
_local_unwind
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseMutex
InitializeSRWLock
WaitForSingleObject
InitializeCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
AcquireSRWLockShared
EnterCriticalSection
ReleaseSRWLockShared
CreateEventW
SetEvent
ResetEvent
ReleaseSemaphore
DeleteCriticalSection
OpenEventW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CloseThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

GetProcessTimes
SetThreadStackGuarantee
OpenThreadToken
TlsAlloc
TerminateProcess
TlsGetValue
TlsSetValue
SetProcessShutdownParameters
GetCurrentProcessId
CreateThread
GetCurrentThread
SetThreadToken
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringW
GetStringTypeW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

rpcrt4

I_RpcMapWin32Status
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
NdrClientCall3
RpcStringBindingParseW
RpcBindingFree
RpcExceptionFilter
RpcRevertToSelf
I_RpcBindingInqLocalClientPID
RpcImpersonateClient
RpcServerInqCallAttributesW
NdrServerCall2
NdrServerCallAll
RpcServerRegisterIf2
RpcServerRegisterIf
RpcServerUseProtseqEpW
RpcServerRegisterAuthInfoW
I_RpcBindingInqClientTokenAttributes
RpcServerInqDefaultPrincNameW
UuidEqual
MesEncodeIncrementalHandleCreate
I_RpcOpenClientThread
I_RpcOpenClientProcess
NdrMesTypeAlignSize3
NdrMesTypeEncode3
NdrMesTypeDecode3
RpcRevertToSelfEx
I_RpcBindingIsClientLocal
I_RpcBindingInqTransportType
UuidFromStringW
RpcUserFree
MesDecodeIncrementalHandleCreate
MesIncrementalHandleReset
RpcBindingInqAuthClientW
RpcServerInqBindings
RpcBindingSetAuthInfoW
RpcSsGetContextBinding
RpcBindingServerFromClient
MesHandleFree
RpcBindingToStringBindingW
RpcBindingInqMaxCalls
RpcMgmtEnableIdleCleanup
RpcServerRegisterIf3
RpcEpRegisterW
RpcBindingVectorFree

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetLengthSid
IsTokenRestricted
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetSidIdentifierAuthority
FreeSid
AllocateLocallyUniqueId
DuplicateTokenEx
AllocateAndInitializeSid
GetAclInformation
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
PrivilegeCheck
CopySid
AdjustTokenPrivileges
GetWindowsAccountDomainSid
EqualDomainSid
ImpersonateSelf
AccessCheck
DuplicateToken
SetTokenInformation
ImpersonateLoggedOnUser
CreateWellKnownSid
CheckTokenMembership
IsWellKnownSid
RevertToSelf

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualFree
VirtualAlloc
VirtualProtect

api-ms-win-core-memory-l1-1-1

VirtualLock

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemDirectoryW
GetWindowsDirectoryW
GetComputerNameExW
GetSystemInfo
GetTickCount
GetSystemWindowsDirectoryW
GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-file-l1-1-0

ReadFile
WriteFile
DeleteFileW
CreateFileW
SetFileAttributesW
GetFileSize
CreateDirectoryW
FindFirstFileW
CompareFileTime
FileTimeToLocalFileTime
FindFirstChangeNotificationW
FindNextChangeNotification
GetFileType
GetFileSizeEx
FindNextFileW
FindCloseChangeNotification
FindClose
SetFilePointer
FindFirstFileExW

api-ms-win-core-file-l2-1-0

MoveFileExW
ReadDirectoryChangesW

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegDeleteValueW
RegLoadKeyW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
RegCloseKey
RegDeleteKeyExA
RegQueryInfoKeyA
RegDeleteTreeW
RegSetValueExA
RegUnLoadKeyW
RegEnumKeyExW
RegGetValueW
RegFlushKey
RegCreateKeyExA
RegDeleteKeyExW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

sspicli

CredUnmarshalTargetInfo
SspiUnmarshalAuthIdentityInternal
LsaRegisterPolicyChangeNotification
SspiValidateAuthIdentity
SspiFreeAuthIdentity
SspiCopyAuthIdentity
SspiEncodeStringsAsAuthIdentity
LsaRegisterLogonProcess
LsaLookupAuthenticationPackage
LsaCallAuthenticationPackage
LsaDeregisterLogonProcess
LogonUserExExW
SecCacheSspiPackages
SeciAllocateAndSetCallFlags
SeciFreeCallContext
SspiEncryptAuthIdentityEx
SspiLocalFree
SspiMarshalAuthIdentity
LsaFreeReturnBuffer
LsaLogonUser
LsaConnectUntrusted
SspiUnmarshalAuthIdentity
SspiDecryptAuthIdentityEx

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW
GetEnvironmentVariableW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

ws2_32

ntohl

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventProviderEnabled
EventWriteTransfer
EventUnregister
EventActivityIdControl

wldap32

ord142
ord208
ord26
ord13
ord73
ord140
ord41
ord88
ord14
ord145

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
WTSGetActiveConsoleSessionId
DnsHostnameToComputerNameW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpiW

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringA

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled

api-ms-win-security-grouppolicy-l1-1-0

IsSyncForegroundPolicyRefresh

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-service-private-l1-1-0

I_ScIsSecurityProcess

api-ms-win-security-capability-l1-1-0

CapabilityCheck

ntdll

NtQueryInformationProcess
NtOpenProcess
NtAllocateVirtualMemory
NtWriteVirtualMemory
NtReadVirtualMemory
NtFreeVirtualMemory
RtlImpersonateSelfEx
RtlCheckTokenCapability
RtlCapabilityCheck
DbgPrint
NtPrivilegedServiceAuditAlarm
RtlTestProtectedAccess
RtlValidSid
EtwEventEnabled
RtlSidHashInitialize
RtlSidHashLookup
RtlCreateSecurityDescriptor
RtlAddMandatoryAce
RtlSetSaclSecurityDescriptor
NtSetSecurityObject
RtlGetDeviceFamilyInfoEnum
NtCreateSection
NtMapViewOfSection
NtWaitForSingleObject
RtlpConvertAbsoluteToRelativeSecurityAttribute
RtlpConvertRelativeToAbsoluteSecurityAttribute
NtCreateToken
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtCreateTokenEx
NtOpenKey
NtSetValueKey
NtFlushKey
NtPrivilegeObjectAuditAlarm
RtlImpersonateSelf
RtlTryEnterCriticalSection
RtlIsElevatedRid
NtFilterToken
RtlQueryInformationAcl
RtlGetSuiteMask
RtlVerifyVersionInfo
RtlPublishWnfStateData
NtEnumerateValueKey
RtlCopyString
RtlEqualString
NtReplyPort
RtlMakeSelfRelativeSD
RtlAllocateHeap
NtCreateTransaction
NtCommitTransaction
NtRollbackTransaction
RtlGetDaclSecurityDescriptor
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlOwnerAcesPresent
RtlIntegerToUnicodeString
NtEnumerateKey
NtOpenKeyTransacted
NtQueryValueKey
NtQueryKey
NtDeleteKey
NtCreateKeyTransacted
NtCreateKey
NtDeleteValueKey
RtlInitializeSRWLock
NtAdjustPrivilegesToken
NtOpenProcessToken
RtlNewSecurityObject
RtlFreeHeap
RtlValidRelativeSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlSetSecurityObject
NtAccessCheckAndAuditAlarm
RtlGetAce
RtlMapGenericMask
RtlDeleteAce
NtAccessCheck
RtlEqualDomainName
RtlpNtOpenKey
RtlpNtEnumerateSubKey
RtlAppendUnicodeStringToString
NtQueryObject
NtShutdownSystem
EtwEventUnregister
NtDeleteObjectAuditAlarm
EtwEventWriteTransfer
RtlGetThreadPreferredUILanguages
RtlSetThreadPreferredUILanguages
LdrLoadDll
RtlInitializeRXact
RtlAddAce
RtlUnicodeStringToInteger
NtCloseObjectAuditAlarm
NtAccessCheckByTypeAndAuditAlarm
RtlAreAllAccessesGranted
RtlpNtQueryValueKey
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
NtQuerySystemInformation
RtlInsertElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlStartRXact
RtlApplyRXact
RtlAbortRXact
RtlAddActionToRXact
RtlStringFromGUID
WinSqmSetString
RtlSizeHeap
NtOpenSession
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
RtlGUIDFromString
RtlReleaseResource
RtlConvertSidToUnicodeString
NtClose
RtlCopyUnicodeString
RtlGetLastNtStatus
RtlCompareUnicodeString
RtlDeleteCriticalSection
RtlLengthSid
RtlEqualSid
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlUpcaseUnicodeStringToOemString
RtlInitUnicodeStringEx
RtlInitializeCriticalSection
NtSetInformationToken
NtDuplicateToken
NtSetInformationThread
RtlSidDominates
NtQueryInformationToken
NtOpenThreadToken
RtlGetCurrentServiceSessionId
EtwLogTraceEvent
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
RtlInitUnicodeString
EtwTraceMessage
RtlEqualUnicodeString
RtlCreateUnicodeStringFromAsciiz
WinSqmIncrementDWORD
EtwEventActivityIdControl
RtlAppendUnicodeToString
RtlFreeSid
RtlAllocateAndInitializeSid
RtlAdjustPrivilege
RtlIdentifierAuthoritySid
RtlAddAccessAllowedAce
RtlCreateAcl
NtRaiseHardError
RtlTimeFieldsToTime
NtSetEvent
NtOpenEvent
NtCreateEvent
RtlSetSystemBootStatus
RtlIsStateSeparationEnabled
EtwEventRegister
EtwEventSetInformation
RtlLengthSidAsUnicodeString
wcsncmp
wcsstr
_strcmpi
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
EtwRegisterSecurityProvider
EtwWriteUMSecurityEvent
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
RtlEthernetAddressToStringW
RtlGetSaclSecurityDescriptor
RtlFindAceByType
RtlQueryTimeZoneInformation
RtlImageNtHeader
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
RtlInitializeSid
RtlLengthRequiredSid
RtlEqualPrefixSid
RtlCheckTokenMembershipEx
TpReleaseTimer
TpWaitForTimer
TpIsTimerSet
TpSetTimer
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlRunDecodeUnicodeString
RtlAvlRemoveNode
RtlPrefixUnicodeString
RtlCopySid
NtImpersonateAnonymousToken
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlGetLastWin32Error
RtlConvertExclusiveToShared
RtlConvertSharedToExclusive
RtlCopyLuid
NtAllocateLocallyUniqueId
RtlGetNtProductType
RtlDeleteResource
RtlInitializeResource
TpAllocTimer
RtlInitializeCriticalSectionAndSpinCount
RtlLookupElementGenericTableAvl
RtlAvlInsertNodeEx
NtDuplicateObject
RtlInitString
RtlIsMultiSessionSku
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlAnsiStringToUnicodeString
NtPrivilegeCheck
RtlAcquireResourceExclusive
EtwEventWrite
RtlAcquireResourceShared
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlCreateServiceSid
RtlIntegerToChar
RtlFindCharInUnicodeString
RtlCreateUnicodeString
RtlDosPathNameToRelativeNtPathName_U
NtLoadKey
RtlReleaseRelativeName
NtUnloadKey
RtlInitAnsiString
RtlNtStatusToDosError
RtlFindMessage
RtlFreeUnicodeString

msasn1

ASN1BEREncRemoveZeroBits
ASN1DecSetError
ASN1BERDecExplicitTag
ASN1BERDecPeekTag
ASN1BEREncU32
ASN1BERDecOctetString
ASN1BERDecNotEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecEndOfContents
ASN1objectidentifier_free
ASN1EncSetError
ASN1DEREncCharString
ASN1BEREncEndOfContents
ASN1BERDecSkip
ASN1Free
ASN1DecAlloc
ASN1DEREncOctetString
ASN1BERDecBitString
ASN1BERDecObjectIdentifier
ASN1BEREncObjectIdentifier
ASN1BERDecZeroCharString
ASN1DEREncBitString
ASN1BERDecU32Val
ASN1_CreateModule
ASN1bitstring_free
ASN1ztcharstring_free
ASN1_CreateEncoder
ASN1_CreateDecoder
ASN1_CloseEncoder
ASN1_CloseDecoder
ASN1_Decode
ASN1_Encode
ASN1_FreeDecoded
ASN1_FreeEncoded
ASN1octetstring_free

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-base-private-l1-1-1

CreateAppContainerToken

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

InitializeLsaExtension
IsTraceLevelEnabled
LsaDbLookupSidChainRequest
LsaIAddNamesToLogonSession
LsaIAdjustTokenObjectIntegrity
LsaIAdtAuditingEnabledByCategory
LsaIAdtAuditingEnabledBySubCategory
LsaIAllocateHeap
LsaIAllocateHeapZero
LsaIAllowProtectedCredLogon
LsaIAuditAccountLogon
LsaIAuditAccountLogonEx
LsaIAuditInitializeParametersAndWriteEvent
LsaIAuditKdcEvent
LsaIAuditKerberosLogon
LsaIAuditLogonEx
LsaIAuditLogonUsingExplicitCreds
LsaIAuditNotifyPackageLoad
LsaIAuditPasswordAccessEvent
LsaIAuditReplay
LsaIAuditSamEvent
LsaICallPackage
LsaICallPackageEx
LsaICallPackagePassthrough
LsaICancelNotification
LsaIChangeSecretCipherKey
LsaICheckProtectedUserByTokenInfo
LsaICheckRestrictedMode
LsaIClearOldSyskey
LsaICryptProtectData
LsaICryptProtectDataEx
LsaICryptUnprotectData
LsaICryptUnprotectDataEx
LsaIDereferenceCredHandle
LsaIDeriveCredentialKey
LsaIDsNotifiedObjectChange
LsaIEfsAcceptSmartcardCredentials
LsaIEqualLogonProcessName
LsaIEqualSupplementalTokenInfo
LsaIEventWritePackageNoCredential
LsaIEventWritePackageNotCacheLogonUser
LsaIExtractTargetInfo
LsaIFilterInboundNamespace
LsaIFilterNamespace
LsaIFilterSids
LsaIFlushIdentityCacheForSid
LsaIForestTrustFindMatch
LsaIFreeFilterInboundNamespaceResult
LsaIFreeForestTrustInfo
LsaIFreeHeap
LsaIFreeReturnBuffer
LsaIFreeSupplementalTokenInfo
LsaIFree_LSAI_PRIVATE_DATA
LsaIFree_LSAI_SECRET_ENUM_BUFFER
LsaIFree_LSAPR_ACCOUNT_ENUM_BUFFER
LsaIFree_LSAPR_CR_CIPHER_VALUE
LsaIFree_LSAPR_POLICY_DOMAIN_INFORMATION
LsaIFree_LSAPR_POLICY_INFORMATION
LsaIFree_LSAPR_PRIVILEGE_ENUM_BUFFER
LsaIFree_LSAPR_PRIVILEGE_SET
LsaIFree_LSAPR_REFERENCED_DOMAIN_LIST
LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR
LsaIFree_LSAPR_TRANSLATED_NAMES
LsaIFree_LSAPR_TRANSLATED_SIDS
LsaIFree_LSAPR_TRUSTED_DOMAIN_INFO
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER_EX
LsaIFree_LSAPR_TRUST_INFORMATION
LsaIFree_LSAPR_UNICODE_STRING
LsaIFree_LSAPR_UNICODE_STRING_BUFFER
LsaIFree_LSAP_SITENAME_INFO
LsaIFree_LSAP_SITE_INFO
LsaIFree_LSAP_SUBNET_INFO
LsaIFree_LSAP_UPN_SUFFIXES
LsaIFree_LSA_FOREST_TRUST_COLLISION_INFORMATION
LsaIFree_LSA_FOREST_TRUST_INFORMATION
LsaIGetCallInfo
LsaIGetCcgClient
LsaIGetClientOsInfo
LsaIGetForestTrustInformation
LsaIGetLogonGuid
LsaIGetNameFromLuid
LsaIGetNbAndDnsDomainNames
LsaIGetNego2Package
LsaIGetRemoteCredGuardLogonBuffer
LsaIGetRemoteCredGuardSupplementalCreds
LsaIGetSiteName
LsaIGetSupplementalTokenInfo
LsaIGetTokenInformationForLocalUser
LsaIHealthCheck
LsaIImpersonateClient
LsaIInitializeNetlogonFuncPtrs
LsaIIsContainerized
LsaIIsDomainWithinForest
LsaIIsDsPaused
LsaIIsInEmulatedDomainJoinMode
LsaIIsLastInteractiveLogonInfoEnabled
LsaIIsLocalHost
LsaIIsMachineSecureByDefault
LsaIIsSuppressChannelBindingInfo
LsaIIsTargetPrivate
LsaIIsTrustedDomainsEnabled
LsaIIsUserMSA
LsaIKerberosRegisterTrustNotification
LsaILookupUserAccountType
LsaILookupWellKnownName
LsaIModifyPerformanceCounter
LsaINoConnectedUserPolicy
LsaINoMoreWin2KDomain
LsaINotifyChangeNotification
LsaINotifyGCStatusChange
LsaINotifyNetlogonParametersChangeW
LsaINotifyNewPassword
LsaINotifyPasswordChanged
LsaIOpenPolicyTrusted
LsaIQueryForestTrustInfo
LsaIQueryForestTrustInformation
LsaIQueryInformationPolicyTrusted
LsaIQueryPackageAttrInLogonSession
LsaIQuerySiteInfo
LsaIQuerySubnetInfo
LsaIQueryUpnSuffixes
LsaIReferenceCredHandle
LsaIRegisterLogonSessionCallback
LsaIRegisterNotification
LsaIRegisterPolicyChangeNotificationCallback
LsaIRenewCertificate
LsaIReplicateClientObject
LsaIRetrieveCurrentUserSid
LsaISafeMode
LsaISamIndicatedDsStarted
LsaISanitizeSAMName
LsaISetClientDnsHostName
LsaISetLogonGuidInLogonSession
LsaISetLogonInfo
LsaISetNewSyskey
LsaISetPackageAttrInLogonSession
LsaISetSupplementalTokenInfo
LsaISetTokenDacl
LsaISetUserFlags
LsaITransformAuthorizationData
LsaIUnregisterAllPolicyChangeNotificationCallback
LsaIUnregisterLogonSessionCallback
LsaIUnregisterPolicyChangeNotificationCallback
LsaIUpdateForestTrustInformation
LsaIUpdateKerbMaxTokenSize
LsaIUpdateLogonSession
LsaIValidateTargetInfo
LsaIVerifyCachability
LsaIVerifyCachabilityEx
LsaIWasLogonNotifiedOfProfileLoad
LsaIWriteAuditEvent
LsaIWriteKdcAuthenticationEvent
LsapAdtAuditingEnabledByLogonId
LsapAdtAuditingEnabledBySubCategory
LsapAdtAuditingEnabledHint
LsapAdtGetCallerProcessInfo
LsapAdtInitParametersArray
LsapAdtWriteLog
LsapAllocateLsaHeap
LsapAllocatePrivateHeap
LsapAuOpenSam
LsapAuditFailed
LsapBuildPrivilegeAuditString
LsapCheckBootMode
LsapCloseHandle
LsapCompareDomainNames
LsapCrServerGetSessionKey
LsapCrServerGetSessionKeySafe
LsapDbAcquireLockEx
LsapDbApplyTransaction
LsapDbBuildObjectCaches
LsapDbCloseHandle
LsapDbCloseObject
LsapDbCopyUnicodeAttribute
LsapDbCopyUnicodeAttributeNoAlloc
LsapDbCreateObject
LsapDbDeleteAttributesObject
LsapDbDeleteObject
LsapDbDereferenceHandle
LsapDbDereferenceObject
LsapDbEnumerateSids
LsapDbEnumerateTrustedDomainsEx
LsapDbExpAcquireReadLockTrustedDomainList
LsapDbExpAcquireWriteLockTrustedDomainList
LsapDbExpConvertReadLockTrustedDomainListToExclusive
LsapDbExpConvertWriteLockTrustedDomainListToShared
LsapDbExpIsCacheBuilding
LsapDbExpIsCacheValid
LsapDbExpIsLockedTrustedDomainList
LsapDbExpMakeCacheBuilding
LsapDbExpMakeCacheInvalid
LsapDbExpMakeCacheValid
LsapDbExpReleaseLockTrustedDomainList
LsapDbFreeAttributes
LsapDbFreeTrustedDomainsEx
LsapDbGetDbObjectTypeName
LsapDbGetDbPolicyHandle
LsapDbGetSecretType
LsapDbInitializeAttribute
LsapDbIsStatusConnectionFailure
LsapDbLookupAddListReferencedDomains
LsapDbLookupCreateListReferencedDomains
LsapDbLookupGetDomainInfo
LsapDbLookupListReferencedDomains
LsapDbLookupMergeDisjointReferencedDomains
LsapDbLookupNameChainRequest
LsapDbLookupNamesInPrimaryDomain
LsapDbLookupSidsInPrimaryDomain
LsapDbMakeGuidAttribute
LsapDbMakeSidAttribute
LsapDbMakeUnicodeAttribute
LsapDbOpenObject
LsapDbQueryInformationPolicy
LsapDbReadAttribute
LsapDbReadAttributesObject
LsapDbReferenceObject
LsapDbReleaseLockEx
LsapDbSecretIsMachineAcc
LsapDbSidToLogicalNameObject
LsapDbSlowEnumerateTrustedDomains
LsapDbUpdateCountCompUnmappedNames
LsapDbVerifyHandle
LsapDbVerifyInfoQueryTrustedDomain
LsapDbVerifyInfoSetTrustedDomain
LsapDbWriteAttributesObject
LsapDomainRenameHandlerForLogonSessions
LsapDsInitializeDsStateInfo
LsapDsUnitializeDsStateInfo
LsapDssetupInitializeGetPrimaryDomainInformationOpState
LsapDuplicateSid
LsapDuplicateString
LsapFreeLsaHeap
LsapFreePrivateHeap
LsapFreeString
LsapGetAccountDomainHandle
LsapGetCapeNamesForCap
LsapGetGlobalRestrictAnonymous
LsapGetHourlyLogLevel
LsapGetLogonSessionAccountInfoEx
LsapGetLookupRestrictIsolatedNameLevel
LsapGetPolicyHandle
LsapGetWellKnownSid
LsapInitLsa
LsapInitializeLsaDb
LsapIsBuiltinDomain
LsapIsSamOpened
LsapOpenSam
LsapQueryClientInfo
LsapRemoveTrailingDot
LsapRpcCopySid
LsapRpcCopyUnicodeString
LsapRtlValidateControllerTrustedDomain
LsapRtlValidateControllerTrustedDomainByHandle
LsapSetErrorInfo
LsapSidListSize
LsapTraceEvent
LsapTraceEventWithData
LsapTruncateUnicodeString
LsarClose
LsarCreateSecret
LsarDeleteObject
LsarEnumerateTrustedDomainsEx
LsarLookupSids
LsarOpenPolicy
LsarOpenSecret
LsarQueryDomainInformationPolicy
LsarQueryInformationPolicy
LsarQuerySecret
LsarQueryTrustedDomainInfoByName
LsarRetrievePrivateData
LsarSetInformationPolicy
LsarSetSecret
LsarSetTrustedDomainInfoByName
LsarStorePrivateData
QueryLsaInterface
ServiceInit
SpmpEventWrite
TracePrint
TracePrintCallerInformation
_fgs__LSAPR_TRUSTED_DOMAIN_FULL_INFORMATION2
_fgs__LSAPR_TRUSTED_DOMAIN_INFORMATION_EX2
_fgs__LSAPR_TRUSTED_ENUM_BUFFER
_fgs__LSAPR_TRUSTED_ENUM_BUFFER_EX
_fgs__LSAPR_TRUST_INFORMATION
_fgu__LSAPR_TRUSTED_DOMAIN_INFO

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ninput/mlang.dll
.dll windows:10 windows x64 arch:x64

8c5ef934f2973563a30d41bd42a4cd00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mlang.pdb

Imports

msvcrt

_initterm
free
memcmp
_callnewh
??1type_info@@UEAA@XZ
_XcptFilter
_onexit
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
wcsstr
_amsg_exit
malloc
??0exception@@QEAA@AEBV0@@Z
__dllonexit
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memmove
memcpy
__C_specific_handler
_CxxThrowException
_unlock
__CxxFrameHandler3
strstr
strchr
atoi
_ultoa_s
_vsnprintf
strncmp
wcschr
memcpy_s
strrchr
_purecall
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_lock
memset

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapDestroy

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleHandleA
GetModuleFileNameW
FindResourceExW
LoadStringA
LoadResource
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-localization-l1-2-0

IsValidCodePage
IsDBCSLeadByte
IsDBCSLeadByteEx
GetCPInfo
GetACP
GetSystemDefaultLangID
GetLocaleInfoA

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileSize
CreateFileA
GetFileAttributesA
WriteFile

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExA
GetSystemDirectoryA

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegEnumValueW
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyW
RegEnumKeyExA
RegCloseKey
RegQueryInfoKeyA

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-kernel32-legacy-l1-1-0

GetStringTypeExA
CreateFileMappingA
FindResourceExA

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionA
PathFindFileNameW
PathRenameExtensionA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpA
lstrlenW
lstrlenA
lstrcmpiA

api-ms-win-core-stringansi-l1-1-0

CharLowerA
CharNextExA
CharNextA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpICA

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ConvertINetMultiByteToUnicode
ConvertINetReset
ConvertINetString
ConvertINetUnicodeToMultiByte
DllCanUnloadNow
DllGetClassObject
GetGlobalFontLinkObject
IsConvertINetStringAvailable
LcidToRfc1766A
LcidToRfc1766W
Rfc1766ToLcidA
Rfc1766ToLcidW

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ninput/ninput.dll
.dll windows:10 windows x64 arch:x64

62e5765106b5047c3473742fab4a1b3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ninput.pdb

Imports

msvcrt

log
memcmp
memcpy
fmodf
wcscmp
fmod
memmove
__CxxFrameHandler3
_purecall
_isnan
_finite
rand
wcsrchr
strtok_s
_stricmp
strtoul
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnwprintf
memcpy_s
_vsnprintf_s
??0exception@@QEAA@XZ
_wcsicmp
memmove_s
_wcsnicmp
wcsncmp
wcschr
_callnewh
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memset
pow
sqrtf
_onexit
__dllonexit
sqrt
powf
_unlock
_lock
__C_specific_handler
_initterm
malloc
sinf
free
_amsg_exit
_XcptFilter
floorf
floor
cosf
ceil
atan2f
atan2
atan
_CxxThrowException
realloc

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxSettingsW

api-ms-win-core-atoms-l1-1-0

GlobalDeleteAtom
GlobalAddAtomW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
TlsAlloc
TlsFree
TlsGetValue
OpenProcessToken
TlsSetValue

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
InitializeCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
DeleteCriticalSection
EnterCriticalSection
AcquireSRWLockShared
LeaveCriticalSection

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW
RegEnumKeyExW
RegEnumValueW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

oleaut32

VariantInit
VariantClear

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

NtQueryInformationToken
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlFreeHeap
EtwEventActivityIdControl
EtwEventUnregister
EtwEventSetInformation
EtwEventRegister
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
ZwUpdateWnfStateData
EtwEventWriteTransfer
EtwUnregisterTraceGuids

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-rtcore-ntuser-window-l1-1-0

UnregisterClassW
GetClassNameW
GetMessageTime
PostMessageW
SendMessageTimeoutW
SendMessageW
SendMessageCallbackW
RegisterClassExW

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerType
GetPointerInfo
GetPointerTouchInfo
GetPointerPenInfo
GetPointerDevice
GetPointerInfoHistory
GetPointerTouchInfoHistory
GetPointerPenInfoHistory
GetPointerCursorId
GetPointerDeviceProperties
GetPointerDeviceRects

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

GetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-winevent-l1-1-0

UnhookWinEvent
SetWinEventHook

api-ms-win-rtcore-ntuser-private-l1-1-7

IsOneCoreTransformMode

api-ms-win-rtcore-ntuser-private-l1-1-9

InputSpaceRegionFromPoint
GetPointerDeviceInputSpace
ord2551
ord2651

api-ms-win-rtcore-ntuser-private-l1-1-4

ord2595

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AddPointerInteractionContext
BufferPointerPacketsInteractionContext
CreateInteractionContext
DefaultInputHandler
DestroyInteractionContext
GetCrossSlideParameterInteractionContext
GetHoldParameterInteractionContext
GetInertiaParameterInteractionContext
GetInteractionConfigurationInteractionContext
GetMouseWheelParameterInteractionContext
GetPropertyInteractionContext
GetStateInteractionContext
GetTapParameterInteractionContext
GetTranslationParameterInteractionContext
ProcessBufferedPacketsInteractionContext
ProcessInertiaInteractionContext
ProcessPointerFramesInteractionContext
RegisterOutputCallbackInteractionContext
RegisterOutputCallbackInteractionContext2
RemovePointerInteractionContext
ResetInteractionContext
SetCrossSlideParametersInteractionContext
SetHoldParameterInteractionContext
SetInertiaParameterInteractionContext
SetInteractionConfigurationInteractionContext
SetMouseWheelParameterInteractionContext
SetPivotInteractionContext
SetPropertyInteractionContext
SetTapParameterInteractionContext
SetTranslationParameterInteractionContext
StopInteractionContext

Sections

.text
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi

Sharing

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

8587c8fd7f05ac29922c42adbb4b2c79

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

fxsapi

ntdll

user32

gdi32

shell32

comctl32

kernel32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 2KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 344B

.rsrc Size: 762KB - Virtual size: 761KB

.reloc Size: 512B - Virtual size: 180B

Password: 2024

7b1bc95845d27cf40466108a31a982d3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-apiquery-l1-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 6KB - Virtual size: 6KB

.didat Size: 1024B - Virtual size: 760B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 4KB

Password: 2024

d25132a2373a2fa772d108993083a28e

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

63:e5:3d:a2:cc:a9:cf:42:76:29:58:a0:06:e6:ce:6f:9b:17:9d:ab:29:86:28:a0:5e:13:e8:27:f3:bf:21:f6Signer

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 2KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 344B

.rsrc
Size: 762KB - Virtual size: 761KB

.reloc
Size: 512B - Virtual size: 180B

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 6KB - Virtual size: 6KB

.didat
Size: 1024B - Virtual size: 760B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 4KB

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

63:e5:3d:a2:cc:a9:cf:42:76:29:58:a0:06:e6:ce:6f:9b:17:9d:ab:29:86:28:a0:5e:13:e8:27:f3:bf:21:f6
Signer

.text
Size: 451KB - Virtual size: 451KB

.rdata
Size: 179KB - Virtual size: 178KB

.data
Size: 5KB - Virtual size: 21KB

.pdata
Size: 19KB - Virtual size: 19KB

.didat
Size: 512B - Virtual size: 256B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 7KB - Virtual size: 6KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

a2:ba:2b:ba:3b:18:07:1d:93:91:91:64:be:09:eb:23:9c:c3:b2:1b:8c:70:be:45:03:52:85:88:56:17:23:37
Signer