x64_x32_installer[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

x64_x32_installer.zip
Size

15.2MB
MD5

9fefe681ed1091fb79cb166919c9f0c8
SHA1

a5ae3ff6a87c2933aa5fe0db051fe9cc97abdb71
SHA256

139369ab14605aa541e4d8fdf64e34041697db041d69fc547bfd58d52dd3205e
SHA512

639904357cdfa104eb83f799c36db2a3d9bcbae3aca03c5d17a23f129c5d58bc989d7c804bcf04551a39b2224885cae20beb8248248f0e9c12288f6d903e0c5f
SSDEEP

393216:pP+5cZEB3l4PX1uMLW8lHjysOidCN2131hl2Iw/wEN4xOcD:uQEEfd68l+o5Zl2Hq

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/x64_x32_installer/x64_x32_setup/d3d9/WindowManagement.dll
unpack001/x64_x32_installer/x64_x32_setup/easwrt/easwrt.dll
unpack001/x64_x32_installer/x64_x32_setup/easwrt/edgeangle.dll
unpack001/x64_x32_installer/x64_x32_setup/easwrt/energy.dll
unpack001/x64_x32_installer/x64_x32_setup/netcenter/netcenter.dll
unpack001/x64_x32_installer/x64_x32_setup/netcenter/srvsvc.dll

Files

x64_x32_installer.zip
.zip

Password: infected
x64_x32_installer/password.jpg
x64_x32_installer/x64_x32_setup.zip
.zip
x64_x32_installer/x64_x32_setup/d3d9/WindowManagement.dll
.dll windows:10 windows x64 arch:x64

eb1271033b0c0fd5debdb2f0b99e2a51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WindowManagement.pdb

Imports

msvcp_win

??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?flags@ios_base@std@@QEBAHXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?width@ios_base@std@@QEAA_J_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?good@ios_base@std@@QEBA_NXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?width@ios_base@std@@QEBA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Xbad_function_call@std@@YAXXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_unlock
_Mtx_lock

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
memmove
_o__wtoi
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_wcstoull
__C_specific_handler
__CxxFrameHandler3
_o__configure_narrow_argv
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o__execute_onexit_table
_o__errno
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__std_terminate
_o__crt_atexit
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateSemaphoreExW
CreateEventExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
CreateEventW
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSection
CreateMutexExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
SetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentThread
OpenThreadToken
CreateThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsGetStringLen
WindowsTrimStringStart
WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString
WindowsIsStringEmpty
WindowsCompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks

api-ms-win-core-com-l1-1-0

CoRevertToSelf
CoWaitForMultipleHandles
CoTaskMemAlloc
CoMarshalInterface
CoImpersonateClient
CoReleaseMarshalData
CoGetApartmentType
CoTaskMemRealloc
CoIncrementMTAUsage
CoDecrementMTAUsage
CoGetMalloc
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoGetCallContext
CoGetInterfaceAndReleaseStream

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoUninitialize
RoGetActivationFactory
RoInitialize
RoActivateInstance

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

twinapi.appcore

ord2

rmclient

HamStartActivityAsync
HamCreateActivityForProcess
HamPopulateActivityPropertiesByClass
HamDisconnectFromServer
HamCloseActivity
HamConnectToServer
HamCreateActivity

coremessaging

MsgBlobCreateShared
MsgRelease
CoreUICallSend
CoreUICallCreateConversationHost
CoreUICallReceive
MsgStringCreateShared
CoreUICreate

coreuicomponents

CoreUIFactoryCreate

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
GetTokenInformation
AllocateLocallyUniqueId

ntdll

RtlCopySid
NtClose
RtlLengthSid
RtlQueryTokenHostIdAsUlong64
NtOpenProcessToken
RtlAcquireSRWLockShared
RtlSleepConditionVariableSRW
RtlAcquireSRWLockExclusive
RtlWakeAllConditionVariable
RtlNtStatusToDosError
RtlIsMultiSessionSku
RtlGetDeviceFamilyInfoEnum
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
RtlInitUnicodeString
RtlFreeHeap
RtlReleaseSRWLockExclusive
NtQueryInformationToken

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext
SHTaskPoolAllowThreadReuse

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-rtcore-ntuser-window-l1-1-0

GetClassNameW
GetWindowLongW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken
ParseApplicationUserModelId
FindPackagesByPackageFamily

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-ntuser-sysparams-l1-1-0

GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplayMonitors

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromToken

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64_x32_installer/x64_x32_setup/d3d9/d3d9.dll
.dll windows:10 windows x64 arch:x64

c1fed1bb80dc3d476753d79daee19b62

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05-05-2022 19:23

Not After

04-05-2023 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:73:c2:c5:88:0e:f0:2e:74:fe:7c:52:51:e3:d9:42:da:52:79:7f:72:80:7e:e0:d1:44:de:c3:be:b9:2f:4e
Signer

Actual PE Digest

ca:73:c2:c5:88:0e:f0:2e:74:fe:7c:52:51:e3:d9:42:da:52:79:7f:72:80:7e:e0:d1:44:de:c3:be:b9:2f:4e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d3d9.pdb

Imports

msvcrt

memcpy
memmove
memset
pow
powf
sinf
sqrt
sqrtf
logf
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_purecall
log10f
_wtoi
wcschr
_wcsnicmp
swprintf_s
swscanf_s
_wcsicmp
wcscpy_s
wcscat_s
_wcslwr
wcsstr
wcsrchr
wcsncmp
toupper
strncmp
wcsspn
qsort
sprintf_s
strcat_s
memmove_s
floorf
floor
memcmp
expf
malloc
free
_CxxThrowException
memcpy_s
_vsnwprintf
_vsnprintf
_stricmp
strcpy_s
strrchr
__C_specific_handler
cosf
cos
ceil
wcstol
??1exception@@UEAA@XZ
abort
sscanf_s
strstr
__iscsym
_XcptFilter
_amsg_exit
__CxxFrameHandler3
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
strcmp
wcscmp

ntdll

RtlUnicodeStringToAnsiString
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlGetVersion
RtlRunOnceExecuteOnce
NtClose
ZwQueryKey
ZwEnumerateValueKey
RtlUnicodeStringToInteger
RtlCopyUnicodeString
EtwEventWriteNoRegistration
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitString
RtlUpcaseUnicodeString
ZwSetInformationProcess
ZwQueryInformationProcess
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlFormatCurrentUserKeyPath
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwOpenKey
RtlFreeUnicodeString
ZwOpenFile
RtlDosPathNameToNtPathName_U_WithStatus
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlInitUnicodeString
ZwClose
RtlFreeHeap
ZwEnumerateKey
RtlReAllocateHeap
RtlAllocateHeap
NtQueryWnfStateData
NtQueryInformationProcess
RtlGUIDFromString
RtlDllShutdownInProgress
EtwEventWriteTransfer
EtwLogTraceEvent
NtQueryValueKey
EtwEventUnregister
EtwEventRegister
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsA
EtwGetTraceEnableLevel
RtlIsCriticalSectionLockedByThread
RtlPublishWnfStateData
VerSetConditionMask

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegGetValueA
RegDeleteValueA

api-ms-win-security-base-l1-1-0

AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSidSubAuthority
GetSidLengthRequired
InitializeSid
SetSecurityDescriptorSacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
SetKernelObjectSecurity
GetLengthSid
AddMandatoryAce
AllocateLocallyUniqueId

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-gdi-dpiinfo-l1-1-0

GetCurrentDpiInfo

user32

SetPropW
AttachThreadInput
MsgWaitForMultipleObjects
RemovePropW
GetPropW
DestroyWindow
DispatchMessageA
GetWindow
GetWindowThreadProcessId
GetWindowLongPtrW
IsWindowUnicode
EnumDisplayMonitors
EqualRect
IsRectEmpty
SetWindowLongA
GetAncestor
SetWindowDisplayAffinity
PtInRect
SetCursorPos
GetCursorPos
CreateIconIndirect
GetWindowDC
GetDesktopWindow
NotifyOverlayWindow
DestroyIcon
GetCursor
LoadCursorW
UnionRect
SetRectEmpty
UnregisterHotKey
RegisterHotKey
GetThreadDesktop
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetWindowRect
GetWindowDisplayAffinity
GetForegroundWindow
SetForegroundWindow
mouse_event
GetWindowLongA
IsWindow
GetKeyState
PostMessageA
SendMessageA
CallWindowProcA
SetWindowLongPtrA
CallWindowProcW
SetWindowLongPtrW
KillTimer
TranslateMessage
PeekMessageA
UnregisterClassA
GetWindowLongPtrA
IsWindowVisible
ShowWindow
SetCursor
IsIconic
MonitorFromWindow
SetTimer
DefWindowProcA
LoadIconA
RegisterClassA
CreateWindowExA
EnumDisplayDevicesA
DisplayConfigGetDeviceInfo
SystemParametersInfoA
SetWindowPos
GetMonitorInfoA
IntersectRect
SetRect
GetClientRect
EnumDisplaySettingsA
ClientToScreen
OffsetRect
GetSystemMetrics
ReleaseDC
GetWindowInfo
GetDC
IsZoomed

api-ms-win-core-versionansi-l1-1-0

VerQueryValueA
GetFileVersionInfoExA
GetFileVersionInfoSizeExA

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

win32u

NtUnBindCompositionSurface
NtQueryCompositionSurfaceStatistics
NtBindCompositionSurface
NtNotifyPresentToCompositionSurface

gdi32

DdEntry44
D3DKMTCacheHybridQueryValue
D3DKMTGetCachedHybridQueryValue
CreateDIBitmap
GetNearestColor
GetDeviceCaps
GetSystemPaletteEntries
DdEntry27
DdEntry20
DdEntry2
DdEntry38
DdEntry54
CreateCompatibleBitmap
SelectObject
CreateDIBSection
DdEntry30
DdEntry16
DdEntry42
CreateCompatibleDC
DdEntry25
DdEntry6
DdEntry31
DdEntry29
DdEntry33
StretchBlt
DdEntry43
DdEntry50
DdEntry46
DdEntry24
DdEntry12
DdEntry9
DdEntry26
SetLayout
DdEntry37
DdEntry22
GetDeviceGammaRamp
DdEntry28
DdEntry23
GetDIBits
DdEntry56
DdEntry17
DdEntry35
CreateRectRgn
DdEntry13
DdEntry19
DdEntry21
DdEntry53
GetRegionData
DdEntry45
DdEntry48
DdEntry40
DdEntry4
DdEntry5
GdiEntry1
DdEntry18
DdEntry36
DdEntry34
SetStretchBltMode
DdEntry39
DdEntry3
DdEntry11
DdEntry10
DeleteObject
DdEntry1
GetRandomRgn
DdEntry41
DdEntry49
D3DKMTMakeResident
D3DKMTPresent
D3DKMTEvict
D3DKMTDestroyAllocation2
D3DKMTLock2
D3DKMTCreateAllocation
D3DKMTMapGpuVirtualAddress
D3DKMTDestroyContext
D3DKMTDestroyAllocation
D3DKMTFreeGpuVirtualAddress
D3DKMTCloseAdapter
D3DKMTCreateHwQueue
D3DKMTSharedPrimaryUnLockNotification
D3DKMTRegisterTrimNotification
D3DKMTWaitForSynchronizationObjectFromCpu
D3DKMTEnumAdapters
D3DKMTUnregisterTrimNotification
D3DKMTDestroyOverlay
D3DKMTGetSharedPrimaryHandle
D3DKMTEscape
D3DKMTSubmitPresentToHwQueue
D3DKMTUnlock2
D3DKMTUpdateAllocationProperty
D3DKMTWaitForSynchronizationObject
D3DKMTDestroySynchronizationObject
D3DKMTQueryStatistics
D3DKMTShareObjects
D3DKMTConfigureSharedResource
D3DKMTSetGammaRamp
D3DKMTCreateSynchronizationObject2
D3DKMTCheckOcclusion
D3DKMTGetDisplayModeList
GdiEntry13
D3DKMTReclaimAllocations
D3DKMTCreateSynchronizationObject
D3DKMTUpdateGpuVirtualAddress
D3DKMTOpenAdapterFromHdc
D3DKMTDestroyDCFromMemory
D3DKMTOpenResource
D3DKMTQueryResourceInfoFromNtHandle
D3DKMTDestroyPagingQueue
D3DKMTCreateAllocation2
D3DKMTQueryAllocationResidency
D3DKMTUpdateOverlay
D3DKMTSharedPrimaryLockNotification
D3DKMTSetDisplayPrivateDriverFormat
D3DKMTCreateDevice
D3DKMTSubmitCommand
D3DKMTRender
D3DKMTCheckExclusiveOwnership
D3DKMTQueryVidPnExclusiveOwnership
D3DKMTDestroyHwQueue
D3DKMTInvalidateCache
D3DKMTSignalSynchronizationObjectFromGpu
D3DKMTSetQueuedLimit
D3DKMTWaitForSynchronizationObjectFromGpu
DeleteDC
D3DKMTSetDisplayMode
D3DKMTSubmitSignalSyncObjectsToHwQueue
D3DKMTSetVidPnSourceOwner1
D3DKMTSignalSynchronizationObject
D3DKMTReclaimAllocations2
D3DKMTCreateContext
D3DKMTSubmitCommandToHwQueue
D3DKMTReleaseProcessVidPnSourceOwners
D3DKMTCreatePagingQueue
D3DKMTSubmitWaitForSyncObjectsToHwQueue
D3DKMTCreateDCFromMemory
D3DKMTDestroyDevice
D3DKMTReserveGpuVirtualAddress
D3DKMTGetMultisampleMethodList
D3DKMTCheckMonitorPowerState
D3DKMTSignalSynchronizationObjectFromGpu2
D3DKMTSetAllocationPriority
D3DKMTOpenAdapterFromDeviceName
D3DKMTCreateContextVirtual
D3DKMTQueryResourceInfo
D3DKMTSignalSynchronizationObject2
D3DKMTGetScanLine
D3DKMTMarkDeviceAsError
D3DKMTUnlock
D3DKMTLock
D3DKMTOpenResource2
D3DKMTGetContextSchedulingPriority
D3DKMTWaitForSynchronizationObject2
D3DKMTSignalSynchronizationObjectFromCpu
CreateDCA
D3DKMTGetMultiPlaneOverlayCaps
BitBlt
D3DKMTWaitForVerticalBlankEvent
D3DKMTQueryAdapterInfo
D3DKMTSetContextSchedulingPriority
D3DKMTOpenResourceFromNtHandle
D3DKMTGetDeviceState
D3DKMTGetResourcePresentPrivateDriverData
D3DKMTOfferAllocations
D3DKMTGetOverlayState
D3DKMTOpenSyncObjectFromNtHandle2
D3DKMTFlipOverlay
D3DKMTCreateOverlay

kernel32

GetFileSize
GetVersionExA
GetLogicalProcessorInformation
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetLongPathNameW
GetDriveTypeW
FindClose
FindNextFileW
FindFirstFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
RegQueryValueExW
InitOnceComplete
OpenProcess
RegOpenKeyExW
RegGetValueW
K32GetModuleFileNameExW
InitOnceBeginInitialize
CreateEventA
CreateThread
SetEvent
GetModuleHandleExA
WaitForMultipleObjects
GetProcessMitigationPolicy
GetModuleFileNameW
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateNamedPipeA
CreateFileA
WaitNamedPipeA
TransactNamedPipe
GetPrivateProfileStringA
WriteFile
PeekNamedPipe
ReadFile
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
SetNamedPipeHandleState
OpenMutexW
CreateMutexW
CreateSemaphoreA
GlobalAddAtomA
ResetEvent
OpenEventW
GetTickCount
LocalFree
LocalAlloc
VerifyVersionInfoA
DisableThreadLibraryCalls
CreateSemaphoreExA
FreeLibraryAndExitThread
GetModuleHandleA
QueryPerformanceCounter
GetSystemTime
WideCharToMultiByte
LoadLibraryW
QueryPerformanceFrequency
Sleep
GetProcessId
GetCurrentProcess
InitializeSRWLock
lstrcmpA
SetErrorMode
LoadLibraryA
InitializeCriticalSection
LoadLibraryExW
FreeLibrary
OutputDebugStringA
GetNativeSystemInfo
IsDebuggerPresent
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
ReleaseMutex
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
SetLastError
CreateSemaphoreExW
DebugBreak
GetModuleHandleW
GetProcessHeap
GetProcAddress
HeapAlloc
FormatMessageW
GetCurrentThreadId
GetModuleHandleExW
HeapFree
GetModuleFileNameA
ExpandEnvironmentStringsW

dwmapi

ord100
ord137
ord128
DwmIsCompositionEnabled
ord136

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

kernelbase

GetPackageFamilyName
GetApplicationUserModelId
GetCurrentPackageFamilyName
GetCurrentPackageFullName
CheckIsMSIXPackage
GetCurrentApplicationUserModelId

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize

Exports

Exports

D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
DebugSetLevel
DebugSetMute
Direct3D9EnableMaximizedWindowedModeShim
Direct3DCreate9
Direct3DCreate9Ex
Direct3DCreate9On12
Direct3DCreate9On12Ex
Direct3DShaderValidatorCreate9
PSGPError
PSGPSampleTexture

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64_x32_installer/x64_x32_setup/easwrt/easwrt.dll
.dll windows:10 windows x64 arch:x64

4da7b79c717055c4a32ca84d234e586c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

easwrt.pdb

Imports

msvcrt

_lock
_vsnwprintf
memcpy_s
toupper
__dllonexit
_onexit
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_callnewh
malloc
free
_purecall
memcmp
_unlock
_wtoi
__CxxFrameHandler3
__C_specific_handler
memset

twinapi.appcore

ord12
ord500
ord3
ord2

api-ms-win-core-com-l1-1-0

CoGetCallContext
StringFromGUID2
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoMarshalInterface
CoTaskMemAlloc
CoCreateInstance
CoGetCallerTID
CoMarshalInterThreadInterfaceInStream
CreateStreamOnHGlobal
CoReleaseMarshalData

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteTreeW
RegGetValueW
RegQueryInfoKeyW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsIsStringEmpty
WindowsCreateString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObject
OpenSemaphoreW
CreateMutexExW
InitializeCriticalSection
WaitForSingleObjectEx
CreateSemaphoreExW
ReleaseSemaphore
AcquireSRWLockExclusive
ReleaseSRWLockShared
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
DisableThreadLibraryCalls
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

rpcrt4

RpcBindingSetAuthInfoExW
I_RpcMapWin32Status
RpcBindingBind
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrClientCall3
RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
RpcStringBindingComposeW
I_RpcExceptionFilter
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleFree
NdrOleAllocate
CStdStubBuffer_QueryInterface
RpcBindingCreateW
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient20
CStdStubBuffer2_Connect
ObjectStublessClient3
ObjectStublessClient22
CStdStubBuffer2_CountRefs
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient15
ObjectStublessClient23
CStdStubBuffer2_Disconnect
NdrProxyForwardingFunction3
ObjectStublessClient21
ObjectStublessClient7
ObjectStublessClient16
ObjectStublessClient13
CStdStubBuffer2_QueryInterface
ObjectStublessClient19
ObjectStublessClient10
ObjectStublessClient17
NdrProxyForwardingFunction4
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient18
ObjectStublessClient6
NdrProxyForwardingFunction5

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

oleaut32

VariantClear
VariantInit

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetProcessId
GetCurrentThreadId
OpenThreadToken
OpenProcessToken
GetCurrentThread
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-security-base-l1-1-0

GetTokenInformation
EqualSid
DuplicateToken
GetLengthSid
GetSecurityDescriptorDacl
CopySid
CheckTokenMembership
CreateWellKnownSid
PrivilegeCheck

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

combase

ord157
ord90

advapi32

FreeSid
OpenServiceW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
StartServiceW
RegCreateKeyExW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid

kernel32

CreateFileW
GetSystemWindowsDirectoryW

ntdll

RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
NtOpenThreadToken
NtClose
NtDuplicateToken
NtOpenProcessToken
WinSqmSetString
NtGetCachedSigningLevel
NtSetCachedSigningLevel
NtQuerySystemInformation
NtQueryInformationToken
RtlInitUnicodeString
RtlInitializeSid
RtlSubAuthoritySid
RtlGetNtProductType
RtlLengthSid
RtlCopySid
RtlIsMultiSessionSku
RtlSubAuthorityCountSid
RtlGetDeviceFamilyInfoEnum
RtlNtStatusToDosError
RtlEqualSid
RtlDeleteResource

ole32

CoGetObject

user32

GetWindow
ord2521
GetWindowThreadProcessId
ord2529
IsWindow
GetClassNameW
GetAncestor
EnableWindow
SystemParametersInfoW
UpdatePerUserSystemParameters

authz

AuthzFreeResourceManager
AuthzInitializeResourceManager
AuthzFreeContext
AuthzAccessCheck
AuthzInitializeContextFromSid
AuthzAddSidsToContext

samcli

NetUserGetInfo

netutils

NetApiBufferFree

api-ms-win-security-lsapolicy-l1-1-0

LsaFreeMemory
LsaQueryInformationPolicy
LsaClose
LsaOpenPolicy
LsaLookupSids

samlib

SamOpenDomain
SamCloseHandle
SamQuerySecurityObject
SamFreeMemory
SamQueryInformationUser
SamOpenUser
SamQueryInformationDomain
SamConnect

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
EasClientSecurityPolicyApply
EasClientSecurityPolicyCheckCompliance
EasGetClientDeviceInformation
EasRegisterEncryptionProvider
EasShowConsentDialog
EasUnRegisterEncryptionProvider

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64_x32_installer/x64_x32_setup/easwrt/edgeangle.dll
.dll windows:10 windows x64 arch:x64

d747da404bc2f828f52b5327da452c78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

edgeangle.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__fdsign
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__cexit
memmove
_o__wcsicmp
_o_acoshf
_o_asinhf
_o_atanhf
_o_atoi
_o_ceil
_o_exit
_o_exp2f
_o_free
_o_fwrite
_o_isdigit
_o_log
_o_malloc
_o_mbstowcs_s
_o_pow
_o_powf
_o_realloc
_o_round
_o_roundf
_o_strcpy_s
_o_strtoul
_o_wcstombs
__C_specific_handler
_o__crt_atexit
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o__configure_narrow_argv
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
__CxxFrameHandler3
__std_terminate
strstr
_o___acrt_iob_func
memchr
memcpy
memcmp

api-ms-win-crt-string-l1-1-0

strncmp
strcmp
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetProcAddress
GetModuleFileNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-eventing-provider-l1-1-0

EventWriteEx

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpICW
StrStrIW

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentThreadId
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

ntdll

RtlGetSuiteMask

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

iertutil

ord870
ord793
ord594
ord398
ord597
ord791

msvcp_win

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setf@ios_base@std@@QEAAHHH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
?fail@ios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?precision@ios_base@std@@QEAA_J_J@Z
?unsetf@ios_base@std@@QEAAXH@Z
?classic@locale@std@@SAAEBV12@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flags@ios_base@std@@QEAAHH@Z
?setf@ios_base@std@@QEAAHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

chakra

MemProtectHeapUnrootAndZero
MemProtectHeapCreate
MemProtectHeapDestroy

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
SetEvent
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateEventW
ResetEvent
DeleteCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-crt-math-l1-1-0

modff
expf
logf
asinf
tanf
sinhf
floorf
sqrtf
truncf
ceilf
tanhf
cosf
acosf
coshf
atanf
sinf
atan2f
_fdtest

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64_x32_installer/x64_x32_setup/easwrt/energy.dll
.dll windows:10 windows x64 arch:x64

5a6c1bb2d4cdfc861b6d3485be83e4ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

energy.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
__C_specific_handler
_errno
_initterm
_amsg_exit
wcsnlen
floor
??1type_info@@UEAA@XZ
setlocale
__crtLCMapStringW
memmove
_XcptFilter
__uncaught_exception
__pctype_func
memcmp
_CxxThrowException
__CxxFrameHandler3
wcstoul
_wcsicmp
___lc_handle_func
___lc_codepage_func
swprintf_s
iswprint
malloc
??0exception@@QEAA@AEBQEBDH@Z
_wcsnicmp
_vsnwprintf
calloc
memcpy
_onexit
___mb_cur_max_func
_wcsdup
_ismbblead
memset
abort
sprintf_s
free
?terminate@@YAXXZ
localeconv
__doserrno
_wfopen_s
fclose
fwprintf_s
toupper
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
strcspn
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
_wsetlocale
wcscmp

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-ole32-ie-l1-1-0

CoInitialize

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlCopySid
RtlVirtualUnwind
NtQueryWnfStateData
NtPowerInformation
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlGetPersistedStateLocation
RtlLengthSid

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventProviderEnabled
EventWriteTransfer
EventSetInformation
EventWrite
EventUnregister

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateEventW
WaitForSingleObject
DeleteCriticalSection

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
CreateFileW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetVersionExW
GetComputerNameExW
GetSystemTimeAsFileTime

rpcrt4

UuidCreate

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
LoadStringW
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapCreate
HeapFree
HeapDestroy
GetProcessHeap

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
CloseTrace
OpenTraceW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchAppend

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
TraceSetInformation
StartTraceW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-eventing-tdh-l1-1-0

TdhUnloadManifest
TdhGetProperty
TdhGetEventInformation
TdhGetPropertySize

powrprof

PowerReadACValueIndex
PowerReadDCValueIndex

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SysAllocString
VariantClear
GetErrorInfo
SysFreeString

Exports

Exports

EnergyWizard_Analyze
EnergyWizard_CancelTrace
EnergyWizard_CollectTrace
EnergyWizard_CreateEnergyWizard
EnergyWizard_DefaultTraceDuration
EnergyWizard_DestroyEnergyWizard
EnergyWizard_GetLogEntryCounts
EnergyWizard_SaveReport
EnergyWizard_SqmAnalysis
EnergyWizard_TransformReport
SaveBatteryReport
SaveSleepStudyReport
SaveSystemSleepDiagnosticsReport
SendScreenOnTelemetry
TransformBatteryReport
TransformSleepStudyReport
TransformSystemSleepDiagnosticsReport

Sections

.text
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64_x32_installer/x64_x32_setup/netcenter/MFCaptureEngine.dll
.dll windows:10 windows x64 arch:x64

563623628d6c9e656161e493e4981638

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:79:71:91:bb:2d:c9:48:bb:4f:02:42:fd:a9:ff:44:42:7c:be:0e:43:40:a5:7f:d4:11:6e:f7:14:45:fe:fd
Signer

Actual PE Digest

74:79:71:91:bb:2d:c9:48:bb:4f:02:42:fd:a9:ff:44:42:7c:be:0e:43:40:a5:7f:d4:11:6e:f7:14:45:fe:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFCaptureEngine.pdb

Imports

msvcrt

wcstombs
_vsnprintf
_i64toa_s
_ltoa_s
_ultoa_s
_vsnwprintf
sqrt
_onexit
strnlen
_vscprintf
__dllonexit
_unlock
qsort
realloc
log10
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
strncpy_s
_initterm
_amsg_exit
_XcptFilter
memcpy
memmove
memset
_callnewh
_purecall
_lock
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
_gcvt_s
__CxxFrameHandler3
_CxxThrowException
wcscmp

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TlsSetValue
TerminateProcess
GetCurrentProcess
TlsGetValue

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
LoadResource
FindResourceExW
GetProcAddress
GetModuleHandleExW
SizeofResource
FreeLibrary
GetModuleFileNameW
GetModuleFileNameA
DisableThreadLibraryCalls

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
LeaveCriticalSection
ResetEvent
EnterCriticalSection
InitializeCriticalSection
OpenSemaphoreW
ReleaseMutex
ReleaseSemaphore
CreateMutexExW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
CreateEventExW
AcquireSRWLockExclusive
WaitForSingleObject
CreateEventW
DeleteCriticalSection
SetEvent

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetLocalTime
GetTickCount
GetSystemTimeAsFileTime
GlobalMemoryStatusEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-realtime-l1-1-0

QueryProcessCycleTime

ntdll

RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlAllocateWnfSerializationGroup
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

CheckTokenMembership

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalAlloc

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
MFCreateCaptureEngine

Sections

.text
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64_x32_installer/x64_x32_setup/netcenter/netcenter.dll
.dll regsvr32 windows:10 windows x64 arch:x64

7661b309000eb06d9f085e3877c751b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

netcenter.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
memmove_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o_free
_o_malloc
_o_memcpy_s
_o_wcsncpy_s
_o__crt_atexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__configure_narrow_argv
_o__errno
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
wcsrchr
wcschr
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__CxxFrameHandler3
_o___stdio_common_vsnprintf_s
_CxxThrowException
memcmp
memcpy

oleaut32

SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
SysFreeString
VariantClear
VarUI4FromStr
VariantInit

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LoadStringW
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW
DisableThreadLibraryCalls
FindResourceExW
LoadResource
GetProcAddress
GetModuleHandleW
FreeLibrary

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-synch-l1-1-0

CreateMutexExW
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-com-l1-1-0

CoGetPSClsid
StringFromGUID2
CoGetMalloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
IIDFromString
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
StringFromIID
CoSetProxyBlanket

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister
EventUnregister

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-service-management-l1-1-0

StartServiceW
OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-service-private-l1-1-0

UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications

ntdll

EtwEventWriteTransfer
WinSqmAddToStream
EtwLogTraceEvent
WinSqmSetDWORD

kernel32

RegQueryValueExW
Sleep
LocalAlloc
ReleaseSRWLockShared
LockResource
InitializeCriticalSectionEx
AcquireSRWLockShared
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
lstrcmpW
lstrcmpiW
CreateThreadpoolTimer

shlwapi

ord204
ord174
ord618
ord270
ord260
ord176
SHStrDupW
ord219
ord629
ord256
ord199
StrRetToStrW
ord172
ord156
ord24
ord514
ord158
ord16

shell32

ord25
ord18
SHParseDisplayName
SHCreateItemInKnownFolder
ord155
SHBindToObject
ShellExecuteExW
SHGetKnownFolderIDList
SHGetIDListFromObject

ole32

CoGetObject

advpack

RegInstallW

user32

KillTimer
SetCursor
LoadCursorW
SetPropW
SetTimer
GetFocus
GetSystemMetrics
SendMessageW
MessageBoxW
PostMessageW
GetClassInfoExW
IsWindow
RegisterClassExW
GetWindowLongPtrW
RemovePropW
CreateWindowExW
SetWindowLongPtrW
GetPropW
DestroyWindow
DefWindowProcW
UnregisterClassA
DestroyIcon
ReleaseDC
GetDC
LoadImageW

mobilenetworking

GetPersistentRegPath

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
QueryServiceStatusEx
QueryServiceConfig2W
ChangeServiceConfigW

api-ms-win-service-core-l1-1-2

GetServiceDisplayNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

gdi32

GetDeviceCaps

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64_x32_installer/x64_x32_setup/netcenter/srvsvc.dll
.dll windows:10 windows x64 arch:x64

d7576af2126de88834c77aeb4c5a2712

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

srvsvc.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
wcsnlen
strcmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
_o_floor
_o_free
_o_log10
_o_rand
_o_srand
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstok
_o__execute_onexit_table
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
__C_specific_handler
wcschr
memcmp
memcpy

api-ms-win-core-path-l1-1-0

PathCchCanonicalizeEx
PathCchCombineEx

api-ms-win-security-base-l1-1-0

IsValidSecurityDescriptor
SetFileSecurityW
GetAclInformation
ImpersonateSelf
RevertToSelf
CheckTokenMembership
GetSecurityDescriptorDacl
GetFileSecurityW
AccessCheck
GetLengthSid
AddAccessAllowedAceEx
CreateWellKnownSid
EqualSid
GetAce

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

rpcrt4

RpcServerUnregisterIf
RpcStringFreeW
RpcStringBindingParseW
RpcServerRegisterIfEx
RpcBindingServerFromClient
RpcServerUseProtseqEpW
RpcEpUnregister
RpcEpRegisterW
RpcBindingToStringBindingW
RpcServerInqBindings
NdrServerCall2
RpcAsyncAbortCall
RpcBindingVectorFree
RpcImpersonateClient
RpcRevertToSelf
RpcRevertToSelfEx
RpcAsyncCompleteCall
RpcServerTestCancel
UuidCreate
Ndr64AsyncServerCallAll
NdrAsyncServerCall
RpcServerInqCallAttributesW
NdrServerCallAll
RpcBindingFree

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
LoadStringW
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-processthreads-l1-1-0

CreateThread
CreateProcessW
OpenThreadToken
TerminateProcess
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegNotifyChangeKeyValue
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegGetValueW

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForMultipleObjectsEx
SetEvent
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo
GetComputerNameExW
GetVersionExW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCompareMemory
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-file-l1-1-0

GetDriveTypeW
CreateFileW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Unregister_Notification
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-localization-l1-2-0

FormatMessageW

ws2_32

GetAddrInfoW
FreeAddrInfoW
WSAStartup
WSACleanup

crypt32

CertOpenStore
CryptStringToBinaryW
CertFreeCertificateContext
CertCloseStore
CertGetNameStringW
CertFindCertificateInStore

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

cfgmgr32

CMP_Register_Notification

ntdll

RtlWriteRegistryValue
RtlDeleteRegistryValue
NtQuerySystemInformation
RtlCheckRegistryKey
RtlCreateRegistryKey
RtlFreeUnicodeString
RtlGetPersistedStateLocation
RtlGetNtProductType
RtlVerifyVersionInfo
RtlQueryEnvironmentVariable_U
RtlValidSecurityDescriptor
RtlSetEnvironmentVariable
RtlCreateEnvironment
RtlIntegerToUnicodeString
RtlDestroyEnvironment
RtlCopyUnicodeString
NtCreateEvent
NtSetEvent
RtlxUnicodeStringToOemSize
RtlUpcaseUnicodeStringToOemString
RtlUnicodeStringToOemString
NtOpenFile
RtlMakeSelfRelativeSD
RtlSetDaclSecurityDescriptor
NtOpenKey
NtQueryValueKey
NtOpenSymbolicLinkObject
RtlAcquireResourceShared
NtQuerySymbolicLinkObject
RtlDosPathNameToNtPathName_U
RtlNewSecurityObjectEx
RtlGetNtSystemRoot
RtlQueryRegistryValuesEx
RtlAcquireResourceExclusive
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlUpcaseUnicodeString
NtWaitForSingleObject
NtQuerySystemTime
RtlTimeToSecondsSince1970
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlFreeHeap
RtlUnicodeToUTF8N
RtlInitString
RtlFreeOemString
RtlOemStringToUnicodeString
RtlReleaseResource
NtCreateFile
NtFsControlFile
RtlUnicodeStringToInteger
RtlInitUnicodeString
EtwTraceMessage
RtlDeleteSecurityObject
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
NtOpenThreadToken
NtClose
RtlSetSecurityObject
RtlCopySecurityDescriptor
RtlLengthSecurityDescriptor
RtlNtStatusToDosError
RtlInitializeResource
NtQueryInformationFile
RtlDeleteResource
RtlAdjustPrivilege
NtAccessCheckAndAuditAlarm
RtlCopySid
RtlLengthSid
RtlCreateAcl
RtlAddAce
RtlSetSaclSecurityDescriptor
NtOpenProcessToken
RtlNewSecurityObject
RtlIsDosDeviceName_U
RtlValidRelativeSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtQueryVolumeInformationFile
RtlUpcaseUnicodeChar

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-lsapolicy-l1-1-0

LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64_x32_installer/x64_x32_setup/setup.msi
.msi

Sharing

General

Malware Config

Signatures

Files

Password: infected

eb1271033b0c0fd5debdb2f0b99e2a51

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

twinapi.appcore

rmclient

coremessaging

coreuicomponents

api-ms-win-security-capability-l1-1-0

api-ms-win-security-base-l1-1-0

ntdll

api-ms-win-core-string-l1-1-0

rpcrt4

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-core-quirks-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-psm-key-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 341KB - Virtual size: 341KB

.data Size: 8KB - Virtual size: 11KB

.pdata Size: 80KB - Virtual size: 80KB

.didat Size: 512B - Virtual size: 192B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 34KB - Virtual size: 34KB

c1fed1bb80dc3d476753d79daee19b62

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

ca:73:c2:c5:88:0e:f0:2e:74:fe:7c:52:51:e3:d9:42:da:52:79:7f:72:80:7e:e0:d1:44:de:c3:be:b9:2f:4eSigner

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 341KB - Virtual size: 341KB

.data
Size: 8KB - Virtual size: 11KB

.pdata
Size: 80KB - Virtual size: 80KB

.didat
Size: 512B - Virtual size: 192B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 34KB - Virtual size: 34KB

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

ca:73:c2:c5:88:0e:f0:2e:74:fe:7c:52:51:e3:d9:42:da:52:79:7f:72:80:7e:e0:d1:44:de:c3:be:b9:2f:4e
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 396KB - Virtual size: 395KB

.data
Size: 3KB - Virtual size: 30KB

.pdata
Size: 48KB - Virtual size: 48KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 7KB - Virtual size: 6KB