RADCUI.pdb
Static task
static1
Behavioral task
behavioral1
Sample
x64__x32___setup.zip
Resource
win10v2004-20240226-es
General
-
Target
x64__x32___setup.zip
-
Size
8.4MB
-
MD5
f5b602d25cd3b1c570466062728fc1c6
-
SHA1
130abed4d3b935f65f9c579f16ff73f734bbe342
-
SHA256
7905df7457eea6b6c6d9f521a587121dd2bf5737d9b62454f7e6473fe7cddf21
-
SHA512
7c11b04f6046478945d92f05c56e4fc9fe860e89d7f9b5a35b5f37e6bf9d6b6ad7410c9c435f01487a29a001f3060d2aea8cc4f4bc4ecf6fb7698a50f7a87ea3
-
SSDEEP
196608:cazmCIyMTws71nVS9OkKRaDqHr1NJFyT/6f0SYFeqKGq1sVw:caWLEs71nVsJDqL1NXyT6f+4Gq1ew
Malware Config
Signatures
-
Unsigned PE 7 IoCs
Checks for missing Authenticode signature.
resource unpack001/RADCUI/RADCUI.dll unpack001/RADCUI/termsrv.dll unpack001/cdosys/cdosys.dll unpack001/iasnap/iasnap.dll unpack001/iasnap/mprddm.dll unpack001/winmde/daxexec.dll unpack001/winmde/mi.dll
Files
-
x64__x32___setup.zip.zip
Password: 2024
-
RADCUI/RADCUI.dll.dll windows:10 windows x64 arch:x64
Password: 2024
89adbe598fb58292f095b97be8504dda
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
wcsncmp
memmove
realloc
_errno
??1type_info@@UEAA@XZ
wcstombs
_vsnwprintf
_vsnprintf_s
_wcsicmp
memcmp
_wcsnicmp
bsearch
??3@YAXPEAX@Z
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
calloc
_purecall
?what@exception@@UEBAPEBDXZ
memmove_s
iswspace
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
memcpy
memset
ole32
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
api-ms-win-core-winrt-l1-1-0
RoActivateInstance
RoGetActivationFactory
api-ms-win-core-winrt-string-l1-1-0
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateString
advapi32
RegNotifyChangeKeyValue
RegQueryValueExW
EventActivityIdControl
EventWriteTransfer
RegGetValueW
EventUnregister
EventRegister
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
ntdll
EtwEventRegister
EtwEventUnregister
WinSqmAddToStream
EtwLogTraceEvent
EtwEventSetInformation
EtwEventWriteTransfer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
kernel32
SetLastError
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
MapViewOfFile
CreateFileMappingW
AcquireSRWLockShared
InitializeCriticalSectionEx
OpenSemaphoreW
UnmapViewOfFile
CreateFileW
GetLocaleInfoW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
SearchPathW
CreateSemaphoreExW
CreateMutexExW
InitOnceComplete
IsDebuggerPresent
InitOnceBeginInitialize
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateThreadpoolTimer
CreateActCtxW
DeactivateActCtx
ResetEvent
ActivateActCtx
ReleaseActCtx
ReleaseSemaphore
OpenThread
DebugBreak
TlsFree
TlsGetValue
CreateSemaphoreW
SwitchToThread
CreateThread
GetSystemInfo
CancelWaitableTimer
GetAtomNameW
CreateMutexW
ReleaseMutex
CreateWaitableTimerW
SetWaitableTimer
GetVersionExW
CompareStringOrdinal
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetTimeFormatW
TerminateThread
FormatMessageW
TlsAlloc
EnterCriticalSection
OutputDebugStringW
FreeLibraryAndExitThread
WaitForSingleObject
GetModuleHandleExW
LeaveCriticalSection
FreeLibrary
GetLastError
GetProcAddress
GetModuleFileNameA
CreateEventW
LocalAlloc
TlsSetValue
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
AcquireSRWLockExclusive
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
CloseHandle
SetEvent
WaitForMultipleObjects
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
LocalFree
CompareStringW
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
DisableThreadLibraryCalls
GetModuleHandleExA
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
oleaut32
SafeArrayDestroy
SafeArrayLock
SafeArrayGetVartype
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayUnaccessData
VariantClear
SysAllocString
VarUI4FromStr
SysFreeString
SafeArrayUnlock
user32
LoadCursorW
SetCursor
GetFocus
TranslateMessage
GetMessageW
GetWindowLongPtrW
DestroyIcon
LoadStringW
CharNextW
DefWindowProcW
CreateWindowExW
UnregisterClassA
PostThreadMessageW
MsgWaitForMultipleObjectsEx
UnregisterClassW
RegisterClassExW
GetClassInfoExW
PostMessageW
DestroyWindow
DispatchMessageW
PeekMessageW
dui70
??0XProvider@DirectUI@@QEAA@XZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
??1XProvider@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
??0Element@DirectUI@@QEAA@XZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
??1ClassInfoBase@DirectUI@@UEAA@XZ
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?AddRef@XProvider@DirectUI@@UEAAKXZ
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
??1Element@DirectUI@@UEAA@XZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetValue@Element@DirectUI@@QEAAJPEBUPropertyInfo@2@HPEAVValue@2@@Z
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?Register@Element@DirectUI@@SAJXZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?DestroyAll@Element@DirectUI@@QEAAJ_N@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?SetClass@Element@DirectUI@@QEAAJPEBG@Z
?SetActive@Element@DirectUI@@QEAAJH@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?Add@Element@DirectUI@@QEAAJPEAV12@P6AHPEBX1@Z@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
?SetContentAlign@Element@DirectUI@@QEAAJH@Z
?GetClassInfoPtr@TouchCheckBox@DirectUI@@SAPEAUIClassInfo@2@XZ
RegisterPVLBehaviorFactory
?Click@TouchButton@DirectUI@@SA?AVUID@@XZ
?SetCheckedState@TouchCheckBox@DirectUI@@QEAAJW4CheckedStateFlags@2@@Z
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
?Release@Value@DirectUI@@QEAAXXZ
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetReadOnly@TouchEditBase@DirectUI@@QEAAJ_N@Z
?Enter@TouchEditBase@DirectUI@@SA?AVUID@@XZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?PasteText@TouchEdit2@DirectUI@@QEAAJPEBG@Z
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?GetCheckedState@TouchCheckBox@DirectUI@@QEAA?AW4CheckedStateFlags@2@XZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
UnInitThread
UnInitProcessPriv
InitThread
InitProcessPriv
propsys
PSPropertyBag_WriteUnknown
PSPropertyBag_ReadStr
PSPropertyBag_ReadType
PSPropertyBag_ReadInt
tsworkspace
ord1
ord2
windows.ui.immersive
ord101
ord100
shlwapi
ord514
ord24
ord618
ord156
SHStrDupW
ord204
ord174
ord199
ord219
ord158
ord176
ord172
ord278
ord256
shell32
SHParseDisplayName
ord155
ord18
ord25
SHBindToObject
ShellExecuteExW
ShellExecuteW
api-ms-win-core-winrt-error-l1-1-1
RoGetMatchingRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-0
SetRestrictedErrorInfo
wininet
InternetCrackUrlW
InternetCanonicalizeUrlW
Exports
Exports
DUIRemoveSubscriptionDialogModal
DUISubscribeWizardModal
DllCanUnloadNow
DllGetClassObject
Sections
.text Size: 204KB - Virtual size: 203KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 88KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
RADCUI/pidgenx.dll.dll windows:10 windows x64 arch:x64
Password: 2024
72c4d81cbecf328a18637bc1b5e59d31
Code Sign
33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02-09-2021 18:23Not After01-09-2022 18:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
fe:6b:a6:e0:5f:2d:0a:bf:21:40:f4:2f:88:01:05:d0:a5:83:0a:c4:83:5a:a7:01:c5:74:70:60:00:4b:5e:f8Signer
Actual PE Digestfe:6b:a6:e0:5f:2d:0a:bf:21:40:f4:2f:88:01:05:d0:a5:83:0a:c4:83:5a:a7:01:c5:74:70:60:00:4b:5e:f8Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
pidgenx.pdb
Imports
msvcrt
_itow_s
wcsncmp
memset
_wtoi
_onexit
_wcsnicmp
_itow
_ui64tow_s
_wcsicmp
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_purecall
_vsnwprintf
wcschr
wcsstr
log10
memcmp
memcpy
memmove
wcscmp
kernel32
HeapAlloc
GetProcAddress
GetProcessHeap
SetLastError
GetVersionExA
GetLastError
LocalAlloc
LocalFree
CloseHandle
CreateFileW
GetFileSize
ReadFile
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
VirtualProtect
RtlCaptureContext
VirtualFree
GetCurrentProcess
VirtualAlloc
TerminateProcess
GetModuleFileNameW
RtlAddFunctionTable
GetCurrentThread
UnhandledExceptionFilter
GetModuleHandleW
RtlDeleteFunctionTable
LoadLibraryExW
SetUnhandledExceptionFilter
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlLookupFunctionEntry
RtlVirtualUnwind
InitializeCriticalSection
HeapFree
SleepConditionVariableSRW
WakeAllConditionVariable
GetModuleHandleExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SystemTimeToFileTime
GetLocalTime
GetVersionExW
GetSystemDefaultLangID
FileTimeToSystemTime
FreeLibrary
SetThreadPriority
FreeLibraryAndExitThread
VirtualQuery
CreateThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateEventW
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
RaiseException
WaitForSingleObject
ReleaseSemaphore
SetEvent
WaitForMultipleObjects
GetThreadPriority
GetProcessAffinityMask
advapi32
CryptReleaseContext
CryptGetHashParam
CryptExportKey
CryptVerifySignatureA
CryptSignHashA
CryptDecrypt
CryptEncrypt
CryptGenKey
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
TraceMessage
CryptGenRandom
rpcrt4
UuidFromStringW
I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW
bcrypt
BCryptGenRandom
Exports
Exports
GetPKeyData
PidGenX
PidGenX2
Sections
.text Size: 779KB - Virtual size: 778KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 243KB - Virtual size: 242KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
RADCUI/termsrv.dll.dll windows:10 windows x64 arch:x64
Password: 2024
3c53324b79770f3fd72eca29f48320ce
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
termsrv.pdb
Imports
msvcrt
??3@YAXPEAX@Z
_wcsnicmp
wcsrchr
memcmp
realloc
_errno
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
qsort
_callnewh
_resetstkoflw
swprintf_s
wcscpy_s
iswspace
wcschr
_vscwprintf
_stricmp
_vsnprintf
free
malloc
wcsncpy_s
wcstok_s
memmove_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
_wcsicmp
_purecall
__C_specific_handler
??_V@YAXPEAX@Z
toupper
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBD@Z
memset
ntdll
NtOpenProcess
NtOpenProcessToken
RtlDeleteSecurityObject
RtlCopySecurityDescriptor
RtlGetControlSecurityDescriptor
RtlCreateUserSecurityObject
NtQueryInformationProcess
RtlLengthSid
NtDuplicateToken
RtlAcquireResourceExclusive
NtQueryInformationToken
RtlAcquireResourceShared
RtlNtStatusToDosError
DbgPrint
RtlEqualSid
RtlVerifyVersionInfo
RtlCaptureStackBackTrace
NtQuerySystemInformation
NtQueryVirtualMemory
RtlFreeSid
RtlReleaseResource
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VerSetConditionMask
RtlCompareMemory
RtlInitString
NtCreateFile
RtlInitUnicodeString
RtlAdjustPrivilege
RtlNumberGenericTableElements
EtwEventActivityIdControl
RtlClearBits
RtlAreBitsSet
RtlFindClearBitsAndSet
RtlInitializeBitMap
NtQuerySystemTime
EtwEventWriteTransfer
RtlEnumerateGenericTable
RtlLookupElementGenericTable
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlInitializeGenericTable
RtlInitializeResource
RtlDeleteResource
EtwEventWriteFull
RtlAllocateAndInitializeSid
EtwEventRegister
EtwEventUnregister
RtlCopySid
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter
api-ms-win-core-libraryloader-l1-2-0
LoadResource
FindResourceExW
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW
DisableThreadLibraryCalls
LoadStringW
SizeofResource
api-ms-win-core-synch-l1-1-0
InitializeSRWLock
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObjectEx
CreateEventW
LeaveCriticalSection
EnterCriticalSection
SetEvent
WaitForSingleObject
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateMutexExW
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockShared
OpenEventW
ResetEvent
OpenSemaphoreW
CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex
api-ms-win-core-processthreads-l1-1-0
TlsAlloc
TlsGetValue
CreateProcessW
TlsSetValue
OpenProcessToken
TlsFree
ProcessIdToSessionId
GetCurrentThread
OpenThreadToken
ExitThread
GetCurrentThreadId
GetExitCodeThread
CreateThread
TerminateProcess
CreateProcessAsUserW
GetCurrentProcess
GetCurrentProcessId
ws2_32
WSAGetLastError
WSACleanup
WSAStartup
GetNameInfoW
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
IsDebuggerPresent
DebugBreak
OutputDebugStringW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-handle-l1-1-0
CloseHandle
DuplicateHandle
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-core-registry-l1-1-0
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-heap-l1-1-0
HeapFree
GetProcessHeap
HeapAlloc
api-ms-win-core-threadpool-l1-2-0
SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpool
CloseThreadpool
CloseThreadpoolCleanupGroup
SetThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
TrySubmitThreadpoolCallback
SetThreadpoolThreadMaximum
CloseThreadpoolTimer
api-ms-win-security-base-l1-1-0
GetAce
GetAclInformation
GetSecurityDescriptorDacl
GetTokenInformation
DuplicateToken
GetFileSecurityW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
CheckTokenMembership
GetSecurityDescriptorLength
AllocateLocallyUniqueId
MakeAbsoluteSD
MakeSelfRelativeSD
DuplicateTokenEx
InitializeAcl
IsValidSid
AddAce
CreateWellKnownSid
GetLengthSid
AccessCheckAndAuditAlarmW
FreeSid
CopySid
EqualSid
IsValidSecurityDescriptor
GetSecurityDescriptorControl
RevertToSelf
ImpersonateLoggedOnUser
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount
GetVersionExW
api-ms-win-core-sysinfo-l1-2-0
GetProductInfo
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
rpcrt4
RpcServerInqDefaultPrincNameW
I_RpcBindingInqLocalClientPID
RpcServerRegisterIf3
I_RpcBindingIsClientLocal
NdrServerCall2
RpcRevertToSelf
RpcImpersonateClient
RpcServerInqCallAttributesW
RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
UuidFromStringW
NdrServerCallAll
RpcServerListen
UuidToStringW
RpcServerUnregisterIfEx
RpcServerRegisterAuthInfoW
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-file-l1-1-0
QueryDosDeviceW
CompareFileTime
CreateDirectoryW
CreateFileW
api-ms-win-core-synch-l1-2-1
CreateSemaphoreW
WaitForMultipleObjects
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
lstrcmpW
api-ms-win-core-threadpool-legacy-l1-1-0
QueueUserWorkItem
DeleteTimerQueueTimer
CreateTimerQueueTimer
UnregisterWaitEx
CreateTimerQueue
DeleteTimerQueueEx
api-ms-win-core-kernel32-legacy-l1-1-0
GetComputerNameW
UnregisterWait
RegisterWaitForSingleObject
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-kernel32-private-l1-1-0
CheckElevationEnabled
api-ms-win-devices-query-l1-1-0
DevFindProperty
DevCloseObjectQuery
DevCreateObjectQuery
DevFreeObjectProperties
DevGetObjectProperties
kernelbase
WTSIsServerContainer
user32
UnregisterDeviceNotification
kernel32
OOBEComplete
umpdc
Pdcv2ActivationClientActivate
Pdcv2ActivationClientRegister
PdcTaskClientRequest
PdcTaskClientUnregister
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientDeactivate
PdcTaskClientRegister
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
api-ms-win-eventing-provider-l1-1-0
EventSetInformation
EventWriteTransfer
EventProviderEnabled
EventActivityIdControl
EventUnregister
EventRegister
api-ms-win-core-processthreads-l1-1-1
OpenProcess
api-ms-win-core-psapi-l1-1-0
K32EnumProcessModules
api-ms-win-security-base-l1-2-2
DeriveCapabilitySidsFromName
api-ms-win-eventing-controller-l1-1-0
ControlTraceW
StartTraceW
EnableTraceEx2
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-heap-obsolete-l1-1-0
LocalSize
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
ServiceMain
SvchostPushServiceGlobals
Sections
.text Size: 783KB - Virtual size: 782KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 380KB - Virtual size: 379KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
cdosys/cdosys.dll.dll regsvr32 windows:10 windows x64 arch:x64
Password: 2024
79823c80321949fbbf83a840442912fb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
cdosys.pdb
Imports
msvcrt
_lock
_unlock
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
wcsrchr
wcstok
isspace
strtoul
bsearch
qsort
towlower
toupper
tolower
_strdup
isdigit
_XcptFilter
memchr
memcmp
memset
_amsg_exit
_initterm
__CxxFrameHandler3
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__dllonexit
_onexit
towupper
atol
_wcslwr
strncmp
wcsncmp
strchr
_vsnwprintf
printf
strspn
sscanf_s
strrchr
strstr
_memicmp
swscanf
strpbrk
strcspn
wcsstr
_stricmp
_purecall
strcpy_s
realloc
strcat_s
malloc
free
_vsnprintf
_wsplitpath_s
iswspace
wcschr
_wcsnicmp
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__C_specific_handler
_wcsicmp
strcmp
wcscmp
kernel32
GetTimeZoneInformation
CompareFileTime
TlsAlloc
ResetEvent
IsDBCSLeadByteEx
GetModuleHandleExW
GetModuleHandleW
DebugBreak
IsValidCodePage
GetStringTypeW
GetFileTime
GlobalUnlock
GlobalHandle
GlobalFree
GlobalLock
SetUnhandledExceptionFilter
GlobalReAlloc
GetSystemDefaultLangID
GetCPInfo
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
FormatMessageA
GetLastError
MultiByteToWideChar
FormatMessageW
GetVersionExA
LoadLibraryA
FreeLibrary
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetSystemInfo
TlsFree
TlsGetValue
TlsSetValue
GetCurrentProcess
VirtualQuery
VirtualFree
VirtualAlloc
VirtualProtect
LoadLibraryExA
lstrcmpiA
lstrcpynA
WideCharToMultiByte
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceExA
GetModuleFileNameA
GetUserDefaultLCID
DisableThreadLibraryCalls
FileTimeToSystemTime
SystemTimeToFileTime
GetDateFormatA
GetTimeFormatA
GetDateFormatW
GetTimeFormatW
lstrlenA
GetCurrentProcessId
GetTickCount
CreateFileA
CloseHandle
GetSystemTimeAsFileTime
lstrlenW
GetACP
GetThreadLocale
GetLocaleInfoW
GetCurrentThreadId
LocalFree
GetTempPathA
GetTempFileNameA
CopyFileA
SetFileAttributesA
CreateFileW
CreateEventA
GetFileSize
ReadFile
GetOverlappedResult
WriteFile
SetFilePointer
SetEndOfFile
FlushFileBuffers
FindFirstFileA
FindNextFileA
FindClose
GetLocaleInfoA
GetCurrentThread
SetEvent
WaitForSingleObject
GetSystemTime
Sleep
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
GlobalAlloc
oleaut32
SetErrorInfo
VariantTimeToSystemTime
SafeArrayPutElement
SafeArrayCreateVector
CreateErrorInfo
VariantCopyInd
SysFreeString
SysAllocString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VariantChangeType
VariantCopy
SysAllocStringLen
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi
SystemTimeToVariantTime
ole32
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoCreateGuid
ProgIDFromCLSID
PropVariantClear
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
version
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
urlmon
CopyBindInfo
CoInternetGetSession
CoInternetParseUrl
winhttp
WinHttpSetOption
WinHttpCrackUrl
shlwapi
UrlCombineW
inetcomm
MimeOleInetDateToFileTime
MimeOleGetPropertySchema
MimeOleSetCompatMode
MimeOleCreateMessage
MimeOleGetInternat
advapi32
RegDeleteValueA
RegNotifyChangeKeyValue
ImpersonateLoggedOnUser
RevertToSelf
OpenThreadToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
user32
DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
PostThreadMessageA
CharPrevA
CharNextA
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 637KB - Virtual size: 636KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 285KB - Virtual size: 285KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 35KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
iasnap/iasnap.dll.dll regsvr32 windows:10 windows x64 arch:x64
Password: 2024
276f643c51184b2ed8bddd2d24642366
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
iasnap.pdb
Imports
msvcrt
??0exception@@QEAA@AEBQEBDH@Z
malloc
_callnewh
free
wcspbrk
wcschr
wcsspn
_wcsicmp
_purecall
_CxxThrowException
_XcptFilter
_amsg_exit
?what@exception@@UEBAPEBDXZ
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
iswdigit
sprintf_s
wcsrchr
_unlock
__dllonexit
_onexit
memmove
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
__C_specific_handler
memcpy
??0exception@@QEAA@AEBQEBD@Z
_initterm
memcpy_s
vsprintf_s
__CxxFrameHandler3
wcstoul
_ultow
wcscpy_s
wcstok
swscanf
wcscat_s
_strnicmp
_wcsupr_s
memset
atl
ord16
ord21
ord15
ord18
ord22
ord32
iassvcs
IASGetLocalDictionary
IASGlobalUnlock
IASGlobalLock
IASRegisterComponent
IASVariantChangeType
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIpv6StringToAddressW
RtlFreeHeap
RtlImageNtHeader
RtlAllocateHeap
advapi32
CloseServiceHandle
OpenSCManagerA
QueryServiceStatusEx
OpenServiceA
AllocateAndInitializeSid
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
TraceMessage
FreeSid
EqualSid
kernel32
DisableThreadLibraryCalls
Sleep
UnhandledExceptionFilter
CloseHandle
GetCurrentProcess
GetModuleFileNameW
GetLocalTime
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
SystemTimeToFileTime
CompareFileTime
TryEnterCriticalSection
SwitchToThread
FormatMessageA
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseSemaphore
SetThreadStackGuarantee
GetCurrentThreadId
WideCharToMultiByte
DeleteCriticalSection
LocalFree
GetLastError
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InitializeCriticalSection
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo
oleaut32
VariantInit
VariantClear
SysAllocString
VariantCopy
LoadRegTypeLi
SetErrorInfo
UnRegisterTypeLi
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantTimeToSystemTime
SysFreeString
rtutils
TraceVprintfExA
TraceDeregisterW
TraceRegisterExW
ws2_32
WSAGetLastError
htonl
GetNameInfoW
api-ms-win-core-com-l1-1-0
CoGetClassObject
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 95KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 928B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
iasnap/mfds.dll.dll regsvr32 windows:10 windows x64 arch:x64
Password: 2024
57d7b97c9bb98b4b08ebf6acadfa64e1
Code Sign
33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02-09-2021 18:23Not After01-09-2022 18:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d9:44:62:f2:fe:ba:aa:17:d5:10:2d:0f:41:a9:a3:81:85:a5:48:72:54:4a:49:e9:0e:9a:fa:c8:e8:e1:10:36Signer
Actual PE Digestd9:44:62:f2:fe:ba:aa:17:d5:10:2d:0f:41:a9:a3:81:85:a5:48:72:54:4a:49:e9:0e:9a:fa:c8:e8:e1:10:36Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
MFDS.pdb
Imports
msvcrt
_purecall
memmove
wcscmp
_onexit
_lock
__dllonexit
_unlock
realloc
wcscat_s
wcscpy_s
_errno
memmove_s
free
malloc
towlower
_wcsicmp
iswdigit
_initterm
_ultoa_s
_wcsnicmp
wcsrchr
towupper
wcsncmp
_vsnprintf
wcsstr
_wcslwr
_ltoa_s
_i64toa_s
_gcvt_s
qsort
strncpy_s
strnlen
swprintf_s
__CxxFrameHandler3
_vsnwprintf_s
_wtoi
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
wcsncpy_s
_amsg_exit
__C_specific_handler
memcpy_s
calloc
memcpy
_XcptFilter
wcslen
memset
memcmp
iswalpha
_callnewh
oleaut32
SafeArrayUnaccessData
VariantClear
SafeArrayAccessData
SafeArrayCreate
SysAllocStringLen
VarUI4FromStr
SafeArrayDestroy
SysFreeString
api-ms-win-core-synch-l1-1-0
DeleteCriticalSection
ResetEvent
InitializeCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
InitializeSRWLock
WaitForSingleObject
LeaveCriticalSection
ReleaseSRWLockShared
EnterCriticalSection
AcquireSRWLockShared
CreateEventW
CreateSemaphoreExW
WaitForMultipleObjectsEx
ReleaseSemaphore
OpenEventW
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
api-ms-win-core-errorhandling-l1-1-0
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
TerminateProcess
CreateThread
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue
SetThreadPriority
GetCurrentThread
GetThreadPriority
TlsSetValue
api-ms-win-core-com-l1-1-0
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoFreeUnusedLibraries
PropVariantCopy
CoCreateGuid
IIDFromString
CoTaskMemFree
StringFromGUID2
StringFromCLSID
CreateStreamOnHGlobal
PropVariantClear
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal
api-ms-win-core-heap-l1-1-0
HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameW
SizeofResource
LoadLibraryExW
GetProcAddress
FindResourceExW
GetModuleHandleW
LoadResource
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-registry-l1-1-0
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegDeleteValueW
RegGetValueW
RegCloseKey
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
lstrcmpW
lstrlenW
api-ms-win-core-synch-l1-2-0
SleepConditionVariableSRW
Sleep
WakeAllConditionVariable
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
api-ms-win-core-profile-l1-1-0
QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetTickCount64
GetSystemTimeAsFileTime
GetVersionExW
GetSystemInfo
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
DebugBreak
OutputDebugStringA
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-mm-time-l1-1-0
timeGetTime
timeGetDevCaps
timeEndPeriod
timeBeginPeriod
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
api-ms-win-core-version-l1-1-1
GetFileVersionInfoSizeW
GetFileVersionInfoW
api-ms-win-core-version-l1-1-0
VerQueryValueW
api-ms-win-core-shlwapi-legacy-l1-1-0
PathIsRelativeW
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
GlobalAlloc
api-ms-win-core-file-l1-1-0
CreateFileW
WriteFile
GetFullPathNameW
api-ms-win-core-heap-obsolete-l1-1-0
GlobalUnlock
GlobalLock
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-security-trustee-l1-1-0
BuildTrusteeWithSidW
api-ms-win-security-base-l1-1-0
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
api-ms-win-core-largeinteger-l1-1-0
MulDiv
api-ms-win-core-io-l1-1-0
CreateIoCompletionPort
GetQueuedCompletionStatus
api-ms-win-core-memory-l1-1-0
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
VirtualFree
VirtualAlloc
api-ms-win-core-shlwapi-obsolete-l1-1-0
QISearch
api-ms-win-appmodel-runtime-l1-1-0
GetCurrentPackageFamilyName
api-ms-win-core-registry-l2-1-0
RegDeleteKeyW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InitAACAudioStream_
InitAC3AudioStream_
InitBDAVLPCMAudioStream_
InitDDPlusAudioStream_
InitDTSAudioStream_
InitH264Stream_
InitHEVCStream_
InitLPCMAudioStream_
InitLPCMMiracastAudioStream_
InitMpeg1VideoStream_
InitMpeg2VideoStream_
InitMpegAudioStream_
InitTrueHDAudioStream_
PESHeaderLength
PESPacketLength
PESPacketPTSinPCR
PackMuxRate
PackSCR
xCreateCannedMediaType
xMediaSubTypeTransform
Sections
.text Size: 741KB - Virtual size: 741KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 528B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
iasnap/mprddm.dll.dll windows:10 windows x64 arch:x64
Password: 2024
3789382f99badeacc871c4d16f2e91e1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
mprddm.pdb
Imports
msvcrt
_strcmpi
mbstowcs_s
wcscmp
wcstok_s
memmove
memset
strcmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
abort
memcmp
calloc
__crtLCMapStringW
memcpy
__crtCompareStringW
___lc_collate_cp_func
___lc_codepage_func
___lc_handle_func
__pctype_func
_errno
___mb_cur_max_func
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
_itow_s
strchr
wcscpy_s
realloc
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
_wcsdup
setlocale
_stricmp
_itow
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
strstr
_wtol
_ltow
iswdigit
__C_specific_handler
_vsnprintf
_itoa_s
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
time
wcschr
rand
_wtoi
srand
??3@YAXPEAX@Z
wcstombs
malloc
free
_wcsicmp
wcsstr
_purecall
__CxxFrameHandler3
kernel32
ReleaseMutex
MultiByteToWideChar
GlobalAlloc
WideCharToMultiByte
GetSystemTimeAsFileTime
GetModuleFileNameA
CreateSemaphoreExW
SetLastError
ReleaseSemaphore
DeleteCriticalSection
DeviceIoControl
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
GetCurrentThreadId
FormatMessageW
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
GetProcessHeap
GetModuleHandleW
HeapReAlloc
IsDebuggerPresent
Sleep
ExpandEnvironmentStringsW
GetComputerNameW
FreeLibrary
LoadLibraryExW
InitializeSRWLock
HeapCreate
SetWaitableTimer
CreateWaitableTimerW
InitializeCriticalSection
CreateThread
GetLocalTime
HeapDestroy
GetWindowsDirectoryW
GetQueuedCompletionStatus
CreateFileW
PostQueuedCompletionStatus
GetOverlappedResult
CreateIoCompletionPort
SetThreadExecutionState
GetTimeFormatW
GetDateFormatW
CreateThreadpool
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpool
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
SetConsoleCtrlHandler
LoadLibraryExA
SetProcessShutdownParameters
InitializeCriticalSectionAndSpinCount
CreateFileA
CreateEventA
CompareStringA
lstrcmpiW
TryEnterCriticalSection
GetStringTypeW
EncodePointer
DecodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetTickCount
LocalFree
SetEvent
LocalAlloc
WaitForMultipleObjectsEx
GetCurrentProcessId
HeapAlloc
CloseHandle
GetLastError
CreateEventW
OpenProcess
DuplicateHandle
WaitForSingleObject
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
HeapFree
CreateMutexW
DebugBreak
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetModuleHandleExW
advapi32
EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
RegEnumKeyW
LsaClose
LsaOpenPolicy
LsaRetrievePrivateData
LsaStorePrivateData
LsaFreeMemory
CryptAcquireContextW
RegSetValueExW
RegOpenKeyW
PerfSetCounterRefValue
PerfStopProvider
PerfStartProviderEx
PerfCreateInstance
PerfDeleteInstance
PerfSetCounterSetInfo
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue
RegCloseKey
RegOpenKeyExA
CryptReleaseContext
RegSetValueExA
RegCreateKeyExA
CryptGenRandom
RegQueryValueExA
CryptAcquireContextA
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyExW
TraceMessage
ntdll
RtlIpv4AddressToStringA
RtlCreateTimerQueue
RtlCreateTimer
RtlUpdateTimer
RtlDeleteTimerQueueEx
RtlGetNtProductType
RtlIpv6AddressToStringA
RtlIpv4AddressToStringW
RtlIpv6StringToAddressA
RtlIpv6AddressToStringW
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
RtlFreeHeap
RtlAllocateHeap
EtwTraceMessage
RtlNtStatusToDosError
RtlInitUnicodeString
ole32
CoCreateGuid
CoInitializeEx
CLSIDFromString
CoUninitialize
rasapi32
RasFreeEapUserIdentityW
RasGetEntryDialParamsW
RasGetEntryPropertiesW
RasGetEapUserIdentityW
DDMGetRasDialingParams
RasConnectionNotificationW
RasGetConnectStatusW
DDMGetProtocolStartParams
DDMGetEapInfo
DDMComputeLuid
DDMUpdateProtocolConfigInfoFromEntry
DDMGetTunnelEndpoints
DDMGetRasDialParams
DDMGetPhoneBookContext
DDMFreeRemoteEndpoint
DDMGetPhonebookInfo
DDMFreePhonebookContext
RasGetHport
RasGetEntryAdvancedProperties
RasHangUpW
DDMGetEapUserIdentityW
RasDialW
DDMRasPbkEntryCleanup
RasFreeEntryAdvancedProperties
RasGetCustomAuthDataW
DDMFreeDialingParam
RasGetSubEntryHandleW
rpcrt4
UuidFromStringA
UuidFromStringW
UuidIsNil
UuidCreate
RpcRevertToSelf
RpcImpersonateClient
rtutils
RouterLogEventStringW
RouterLogEventW
RouterLogRegisterW
RouterLogDeregisterW
LogEventW
TraceDeregisterA
LogEventA
TraceVprintfExA
TracePrintfA
TraceRegisterExA
user32
LoadStringA
LoadStringW
iashlpr
AllocateAttributes
MemAllocIas
ShutdownIas
InitializeIas
DoRequest
MemFreeIas
FreeAttributes
ws2_32
ntohs
ntohl
htonl
inet_addr
inet_ntoa
WSAStringToAddressW
GetAddrInfoW
WSAGetLastError
FreeAddrInfoW
WSACleanup
WSAStartup
iphlpapi
DeleteProxyArpEntry
DeleteIpForwardEntry
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToGuid
SetIpInterfaceEntry
GetIpAddrTable
ConvertInterfaceGuidToLuid
SetIpStatisticsEx
SetCurrentThreadCompartmentId
InitializeIpInterfaceEntry
ConvertInterfaceLuidToIndex
GetCurrentThreadCompartmentId
GetAdaptersAddresses
CreateProxyArpEntry
ConvertIpv4MaskToLength
dnsapi
DnsDhcpSrvRegisterTerm
DnsDhcpSrvRegisterHostName
DnsSetConfigDword
DnsDhcpSrvRegisterInit
dhcpcsvc
DhcpRenewIpAddressLease
DhcpLeaseIpAddress
DhcpNotifyConfigChange
DhcpReleaseIpAddressLease
crypt32
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertNameToStrW
CertDuplicateCertificateContext
CertCloseStore
CertCreateCertificateContext
CertFindCertificateInStore
CertFindChainInStore
CertGetNameStringW
CertCompareCertificate
CertOpenStore
CryptHashCertificate
CertGetCertificateContextProperty
eappcfg
EapHostPeerFreeErrorMemory
EapHostPeerQueryCredentialInputFields
EapHostPeerFreeMemory
EapHostPeerGetMethods
rasman
RasRegisterPnPHandler
RasGetFramingCapabilities
RasSetConnectionUserData
RasActivateRoute
RasPortGetProtocolCompression
RasGetTimeSinceLastActivity
RasCompressionGetInfo
RasGetInfo
RasPortCancelReceive
RasPortSetProtocolCompression
RasFreeBuffer
RasDeAllocateRoute
RasAllocateRoute
RasPortDisconnect
RasGetProtocolInfo
RasPortEnum
RasPortOpen
RasGetPortUserData
RasPortGetBundle
RasBundleGetPort
RasSendNotification
RasBundleClearStatisticsEx
RasSetTunnelEndPoints
RasDeviceGetInfo
RasCompressionSetInfo
RasInitialize
RasGetBuffer
RasPortSend
RasSendProtocolResultToRasman
RasUpdateDefaultRouteSettings
RasGetUnicodeDeviceName
RasPortConnectComplete
RasServerPortClose
RasPortListen
RasIsPulseDial
RasDeviceSetInfo
RasDeviceConnect
RasUpdateQoSPolicies
RasGetDeviceConfigInfo
RasSetDeviceConfigInfo
RasPortGetStatisticsEx
RasBundleGetStatisticsEx
RasPortClearStatistics
RasSetPortUserData
RasPortReceive
RasEnableIpSec
RasClearPortUserData
RasRequestNotification
RasSetRouterUsage
RasPortSetFramingEx
RasProtocolStarted
RasPortGetStatistics
RasReferenceRasman
RasGetKey
RasGetConnectInfo
RasGetConnectionUserData
eappprxy
EapHostPeerUninitialize
EapHostPeerInitialize
api-ms-win-devices-config-l1-1-1
CM_Get_Device_ID_ListW
CM_Locate_DevNodeW
CM_Open_DevNode_Key
CM_Get_Device_ID_List_SizeW
CM_MapCrToWin32Err
api-ms-win-core-heap-l2-1-0
GlobalFree
api-ms-win-core-registry-l1-1-0
RegDeleteTreeW
RegGetValueW
api-ms-win-core-processthreads-l1-1-0
TerminateThread
ExitThread
api-ms-win-security-sddl-l1-1-0
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-core-file-l1-1-0
DefineDosDeviceW
oleaut32
SysAllocString
SysFreeString
SafeArrayCreate
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayPutElement
api-ms-win-core-com-l1-1-0
CoCreateInstance
api-ms-win-security-lsalookup-l2-1-0
LookupAccountNameW
api-ms-win-service-winsvc-l1-1-0
QueryServiceStatus
OpenServiceA
api-ms-win-service-management-l1-1-0
CloseServiceHandle
OpenSCManagerW
StartServiceW
api-ms-win-core-io-l1-1-1
CancelIo
api-ms-win-core-synch-l1-1-0
CreateMutexA
api-ms-win-core-localization-l1-2-0
GetACP
nsi
NsiGetParameterEx
NsiGetParameter
NsiSetAllParametersEx
NsiGetAllParametersEx
NsiEnumerateObjectsAllParametersEx
winnsi
NsiRpcDeregisterChangeNotification
NsiRpcRegisterChangeNotification
NsiConnectToServer
NsiDisconnectFromServer
fwpuclnt
FwpmTransactionCommit0
FwpmEngineClose0
FwpmFilterAdd0
IPsecSaDestroyEnumHandle0
IPsecSaCreateEnumHandle0
FwpmTransactionAbort0
FwpmFreeMemory0
FwpmProviderContextDeleteByKey0
FwpmProviderContextAdd0
FwpmEngineOpen0
FwpmProviderContextAdd2
FwpmFilterDeleteByKey0
IPsecSaEnum0
IPsecSaInitiateAsync0
FwpmTransactionBegin0
Exports
Exports
DDMAdminConnectionClearStats
DDMAdminConnectionEnum
DDMAdminConnectionEnumEx
DDMAdminConnectionGetInfo
DDMAdminConnectionGetInfoEx
DDMAdminInterfaceConnect
DDMAdminInterfaceDisconnect
DDMAdminPortClearStats
DDMAdminPortDisconnect
DDMAdminPortEnum
DDMAdminPortGetInfo
DDMAdminPortReset
DDMAdminRemoveQuarantine
DDMAdminRoutingDomainConnectionEnumEx
DDMAdminServerGetInfo
DDMAdminServerGetInfoEx
DDMAdminServerSetInfo
DDMAdminServerSetInfoEx
DDMAdminUpdateConnection
DDMAdminUpdateQoSPolicies
DDMConnectInterface
DDMDisconnectInterface
DDMGetIdentityAttributes
DDMHandleRoutingDomainConfigChange
DDMPlumbRDIkev2TunnelPolicy
DDMPostCleanup
DDMRegisterConnectionNotification
DDMSendUserMessage
DDMServiceInitialize
DDMServicePostListens
DDMTransportCreate
DdmDeleteIkev2PskPolicy
DdmGetKey
DdmPlumbIkev2PskPolicy
DdmSetKey
DdmUpdateGlobalPhoneBookContext
IfObjectConnectionChangeNotification
IfObjectFreePhonebookContext
IfObjectGetStatistics
IfObjectLoadDestinationInfo
IfObjectLoadPhonebookInfo
IfObjectSetDialoutHoursRestriction
IfObjectUpdatePbkExtraInfo
IfObjectUpdatePbkInfo
MarkInterfaceAsReachable
RasAcctConfigChangeNotification
RasAcctProviderFreeAttributes
RasAcctProviderInitialize
RasAcctProviderInterimAccounting
RasAcctProviderStartAccounting
RasAcctProviderStopAccounting
RasAcctProviderTerminate
RasAuthConfigChangeNotification
RasAuthProviderAuthenticateUser
RasAuthProviderFreeAttributes
RasAuthProviderInitialize
RasAuthProviderTerminate
RasConnectionInitiate
ReConnectInterface
ReConnectPersistentInterface
TimerQInsert
TimerQRemove
Sections
.text Size: 617KB - Virtual size: 617KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 247KB - Virtual size: 247KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
setup.msi.msi
-
winmde/MMDevAPI.dll.dll regsvr32 windows:10 windows x64 arch:x64
Password: 2024
a7d2c90cee1460527c702933e341f400
Code Sign
33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02-09-2021 18:23Not After01-09-2022 18:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
68:47:68:aa:ed:a2:09:d6:5f:52:c6:5e:88:53:66:29:50:1e:48:8a:98:df:e3:10:48:ba:15:7e:47:91:12:19Signer
Actual PE Digest68:47:68:aa:ed:a2:09:d6:5f:52:c6:5e:88:53:66:29:50:1e:48:8a:98:df:e3:10:48:ba:15:7e:47:91:12:19Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
MMDevAPI.pdb
Imports
msvcp_win
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-crt-string-l1-1-0
wcsnlen
memset
wcsncmp
wcscmp
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wtoi
_o_calloc
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
_o_wcstoul
__CxxFrameHandler3
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__std_terminate
__C_specific_handler
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy
api-ms-win-core-libraryloader-l1-2-0
LoadLibraryExW
GetModuleFileNameA
SizeofResource
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleFileNameW
LoadResource
FindResourceExW
DisableThreadLibraryCalls
LoadStringW
api-ms-win-core-synch-l1-1-0
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
ReleaseSemaphore
ResetEvent
LeaveCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSection
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
OpenSemaphoreW
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventExW
CreateMutexExW
CreateEventW
SetEvent
DeleteCriticalSection
api-ms-win-core-heap-l1-1-0
HeapDestroy
HeapReAlloc
HeapFree
GetProcessHeap
HeapSize
HeapAlloc
api-ms-win-core-errorhandling-l1-1-0
GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter
api-ms-win-core-registry-l1-1-0
RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegDeleteTreeW
api-ms-win-core-processthreads-l1-1-0
OpenThread
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
ProcessIdToSessionId
GetCurrentProcessId
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-string-l1-1-0
CompareStringW
MultiByteToWideChar
CompareStringOrdinal
api-ms-win-core-localization-l1-2-0
FormatMessageW
GetThreadLocale
SetThreadLocale
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
DebugBreak
IsDebuggerPresent
OutputDebugStringW
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
rpcrt4
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall3
RpcStringFreeW
ntdll
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlGetPersistedStateLocation
ShipAssert
EtwLogTraceEvent
EtwNotificationRegister
EtwNotificationUnregister
EtwSendNotification
RtlDllShutdownInProgress
RtlQueryPackageClaims
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlVirtualUnwind
RtlCaptureContext
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
TrySubmitThreadpoolCallback
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
SetThreadpoolWait
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister
api-ms-win-core-io-l1-1-1
CancelSynchronousIo
CancelIo
GetOverlappedResultEx
api-ms-win-core-io-l1-1-0
CancelIoEx
DeviceIoControl
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-synch-l1-2-0
InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-sysinfo-l1-1-0
GetLocalTime
GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
api-ms-win-core-realtime-l1-1-0
QueryUnbiasedInterruptTime
devobj
DevObjGetClassDevs
DevObjGetDeviceInterfacePropertyKeys
DevObjGetDeviceInterfaceAlias
DevObjGetDeviceInterfaceProperty
DevObjOpenDeviceInterfaceRegKey
DevObjSetDeviceProperty
DevObjCreateDeviceInfoList
DevObjDestroyDeviceInfoList
DevObjGetDeviceProperty
DevObjEnumDeviceInfo
DevObjGetDeviceInstanceId
DevObjOpenDeviceInfo
DevObjOpenDeviceInterface
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInterfaces
DevObjSetDeviceInterfaceProperty
api-ms-win-service-private-l1-1-0
UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications
api-ms-win-core-file-l1-1-0
CreateFileW
api-ms-win-core-windowserrorreporting-l1-1-0
WerRegisterMemoryBlock
api-ms-win-core-featurestaging-l1-1-0
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage
RecordFeatureError
api-ms-win-core-threadpool-private-l1-1-0
RegisterWaitForSingleObjectEx
api-ms-win-core-threadpool-legacy-l1-1-0
UnregisterWaitEx
api-ms-win-core-string-l2-1-1
SHLoadIndirectString
api-ms-win-core-localization-private-l1-1-0
LoadStringByReference
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
ActivateAudioInterfaceAsync
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 378KB - Virtual size: 377KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
RT_BSS Size: - Virtual size: 32B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 89KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 496B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RT_DATA Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
winmde/Windows.Graphics.dll.dll windows:10 windows x64 arch:x64
67e017ee26a48ed652efdca3e950c52a
Code Sign
33:00:00:02:ec:65:79:ad:1e:67:08:90:13:00:00:00:00:02:ecCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15-12-2020 21:29Not After02-12-2021 21:29SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
84:e4:5e:6e:e1:7b:9d:b3:b9:07:64:d8:5e:40:9a:dd:d0:f7:31:c4:38:cb:b4:90:92:63:5c:fe:e2:12:4b:d9Signer
Actual PE Digest84:e4:5e:6e:e1:7b:9d:b3:b9:07:64:d8:5e:40:9a:dd:d0:f7:31:c4:38:cb:b4:90:92:63:5c:fe:e2:12:4b:d9Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Windows.Graphics.pdb
Imports
msvcrt
_CxxThrowException
memcpy
memmove
??0exception@@QEAA@XZ
memcmp
memset
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_purecall
_callnewh
_amsg_exit
free
?what@exception@@UEBAPEBDXZ
__C_specific_handler
?terminate@@YAXXZ
_lock
__CxxFrameHandler3
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
pow
??0exception@@QEAA@AEBQEBDH@Z
toupper
??_V@YAXPEAX@Z
realloc
??1exception@@UEAA@XZ
malloc
??3@YAXPEAX@Z
??0exception@@QEAA@AEBQEBD@Z
_XcptFilter
memcpy_s
_vsnwprintf
_initterm
sqrt
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
api-ms-win-core-synch-l1-1-0
ReleaseSRWLockExclusive
CreateSemaphoreExW
InitializeSRWLock
AcquireSRWLockShared
LeaveCriticalSection
CreateMutexExW
WaitForSingleObject
CreateEventExW
AcquireSRWLockExclusive
EnterCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockShared
ReleaseMutex
ReleaseSemaphore
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapAlloc
HeapFree
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
DebugBreak
IsDebuggerPresent
OutputDebugStringW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister
EventProviderEnabled
api-ms-win-core-synch-l1-2-0
InitOnceComplete
InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime
shcore
ord251
ord255
ord246
ord250
ord252
ord240
ord253
CreateRandomAccessStreamOverStream
CreateStreamOverRandomAccessStream
SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask
CreateRandomAccessStreamOnFile
GetDpiForMonitor
ord244
GetScaleFactorForMonitor
ntdll
RtlWakeAllConditionVariable
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlSleepConditionVariableSRW
RtlCaptureStackBackTrace
wcsrchr
RtlIsMultiSessionSku
memmove_s
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlLoadString
api-ms-win-core-threadpool-legacy-l1-1-0
QueueUserWorkItem
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegCloseKey
RegGetValueW
api-ms-win-core-file-l1-1-0
SetFilePointer
CreateFileW
GetFileAttributesW
ReadFile
api-ms-win-core-windowserrorreporting-l1-1-0
WerRegisterMemoryBlock
api-ms-win-devices-query-l1-1-0
DevGetObjectProperties
DevFreeObjectProperties
api-ms-win-core-processthreads-l1-1-1
OpenProcess
api-ms-win-security-base-l1-1-0
GetTokenInformation
api-ms-win-core-heap-l2-1-0
LocalAlloc
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
Sections
.text Size: 370KB - Virtual size: 369KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 129KB - Virtual size: 129KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
winmde/daxexec.dll.dll windows:10 windows x64 arch:x64
5041e351eed7fd789520bd199556516e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
daxexec.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
_o_calloc
memmove
_o_free
_o_malloc
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcsncat_s
_o_wcsncpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__invalid_parameter_noinfo_noreturn
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__invalid_parameter_noinfo
_o__aligned_malloc
_o__initialize_onexit_table
_o__aligned_free
wcschr
__std_type_info_compare
_o___stdio_common_vswprintf
_o__initialize_narrow_environment
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
api-ms-win-crt-string-l1-1-0
wcsnlen
memset
wcsncmp
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleW
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress
api-ms-win-core-synch-l1-1-0
CreateEventW
WaitForSingleObject
InitializeCriticalSectionEx
ResetEvent
WaitForSingleObjectEx
OpenSemaphoreW
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseSRWLockShared
ReleaseMutex
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW
CreateSemaphoreExW
CreateEventExW
SetEvent
AcquireSRWLockExclusive
LeaveCriticalSection
ReleaseSemaphore
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
api-ms-win-core-errorhandling-l1-1-0
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0
GetCurrentThread
GetProcessId
TlsFree
GetCurrentProcessId
OpenProcessToken
TerminateProcess
GetCurrentProcess
OpenThreadToken
TlsSetValue
CreateProcessAsUserW
TlsAlloc
OpenThread
TlsGetValue
SuspendThread
SetThreadToken
ProcessIdToSessionId
GetCurrentThreadId
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
DebugBreak
IsDebuggerPresent
OutputDebugStringW
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
rpcrt4
CStdStubBuffer_QueryInterface
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_Invoke
NdrOleAllocate
NdrCStdStubBuffer2_Release
NdrStubCall3
Ndr64AsyncClientCall
RpcBindingFree
RpcAsyncCancelCall
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcBindingFromStringBindingW
IUnknown_AddRef_Proxy
RpcAsyncInitializeHandle
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_Release_Proxy
api-ms-win-eventing-provider-l1-1-0
EventActivityIdControl
EventUnregister
EventProviderEnabled
EventWriteTransfer
EventRegister
EventSetInformation
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-synch-l1-2-0
InitOnceComplete
InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce
api-ms-win-core-com-midlproxystub-l1-1-0
NdrProxyForwardingFunction4
CStdStubBuffer2_Disconnect
NdrProxyForwardingFunction5
ObjectStublessClient3
NdrProxyForwardingFunction3
CStdStubBuffer2_Connect
CStdStubBuffer2_QueryInterface
ObjectStublessClient6
CStdStubBuffer2_CountRefs
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
OpenProcess
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemInfo
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-string-l1-1-0
CompareStringOrdinal
api-ms-win-core-registry-l1-1-0
RegDeleteTreeW
RegGetValueW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegOpenCurrentUser
RegSetValueExW
RegOpenKeyExW
ntdll
RtlUpcaseUnicodeChar
RtlValidSid
NtOpenKeyTransactedEx
NtRenameKey
NtCreateKey
NtSetInformationKey
NtQueryInformationFile
NtDuplicateObject
NtQueryAttributesFile
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
NtDeleteValueKey
NtQueryDirectoryFileEx
NtSetSecurityObject
NtNotifyChangeKey
NtDeleteFile
NtFlushKey
NtCreateKeyTransacted
NtSetInformationFile
NtNotifyChangeMultipleKeys
NtOpenKeyEx
NtOpenKey
NtEnumerateValueKey
NtEnumerateKey
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtDeleteKey
NtQueryMultipleValueKey
NtQueryKey
NtSetInformationJobObject
NtTerminateJobObject
NtMakeTemporaryObject
NtQueryDirectoryFile
NtCreateJobObject
NtCreateMutant
NtOpenMutant
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlDosPathNameToNtPathName_U_WithStatus
RtlCopySid
EtwEventUnregister
EtwEventWrite
NtSetValueKey
EtwEventRegister
NtOpenJobObject
NtQuerySecurityAttributesToken
NtOpenFile
RtlFindAceByType
RtlEqualSid
RtlGetLastNtStatus
NtQueryInformationProcess
RtlLengthSid
RtlFreeHeap
RtlAllocateHeap
NtWaitForMultipleObjects
PssNtFreeSnapshot
PssNtCaptureSnapshot
NtOpenProcess
NtAlpcSendWaitReceivePort
NtAlpcConnectPort
RtlAllocateAndInitializeSid
NtQuerySystemInformation
NtClose
NtWaitForSingleObject
NtOpenEvent
EtwEventWriteNoRegistration
ZwUpdateWnfStateData
ZwQueryWnfStateNameInformation
NtOpenKeyTransacted
NtQueryValueKey
RtlDeriveCapabilitySidsFromName
wcsstr
NtCreateFile
RtlInitUnicodeString
NtQueryFullAttributesFile
RtlExpandEnvironmentStrings
NtQueryObject
RtlQueryEnvironmentVariable
RtlQueryResourcePolicy
RtlRunOnceComplete
RtlWow64IsWowGuestMachineSupported
RtlNtStatusToDosError
RtlFreeSid
RtlAdjustPrivilege
NtTerminateProcess
RtlCreateServiceSid
NtDuplicateToken
NtQueryInformationToken
RtlRunOnceExecuteOnce
RtlRunOnceBeginInitialize
NtQuerySecurityObject
RtlSleepConditionVariableSRW
RtlWakeAllConditionVariable
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
api-ms-win-security-base-private-l1-1-1
CreateAppContainerToken
api-ms-win-core-file-l1-1-0
GetVolumePathNameW
CreateFileW
GetFileSizeEx
SetFileInformationByHandle
WriteFile
ReadFile
FlushFileBuffers
SetFileAttributesW
CreateDirectoryW
FindClose
GetVolumeInformationW
FindFirstFileW
GetFileInformationByHandle
GetFileAttributesW
DeleteFileW
RemoveDirectoryW
GetFinalPathNameByHandleW
GetLongPathNameW
FindNextFileW
FindFirstFileExW
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
fltlib
FilterInstanceCreate
FilterInstanceClose
FilterConnectCommunicationPort
FilterAttach
FilterLoad
FilterSendMessage
profapi
ord102
ord101
api-ms-win-core-path-l1-1-0
PathCchSkipRoot
PathAllocCombine
PathAllocCanonicalize
PathIsUNCEx
PathCchRemoveBackslash
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-security-sddl-l1-1-0
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
api-ms-win-core-registry-l2-1-0
RegOpenKeyW
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
RoActivateInstance
api-ms-win-shcore-taskpool-l1-1-0
SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext
api-ms-win-core-console-l1-1-0
SetConsoleCtrlHandler
api-ms-win-core-console-l1-2-0
AttachConsole
FreeConsole
api-ms-win-core-console-l2-1-0
GenerateConsoleCtrlEvent
api-ms-win-security-capability-l1-1-0
CapabilityCheck
api-ms-win-core-shlwapi-legacy-l1-1-0
PathIsRelativeW
PathUnExpandEnvStringsW
api-ms-win-core-wow64-l1-1-0
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
api-ms-win-core-job-l2-1-0
AssignProcessToJobObject
api-ms-win-core-shlwapi-obsolete-l1-1-0
StrIsIntlEqualW
api-ms-win-core-psapi-l1-1-0
QueryFullProcessImageNameW
api-ms-win-core-windowserrorreporting-l1-1-0
GetApplicationRestartSettings
api-ms-win-core-memory-l1-1-0
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
api-ms-win-core-psm-key-l1-1-0
PsmGetApplicationNameFromKey
PsmGetPackageFullNameFromKey
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentDirectoryA
api-ms-win-core-io-l1-1-0
DeviceIoControl
container
?CreateContainer@container@@YAXPEAXAEBUContainer@DefinitionFile@1@_N0@Z
WcRegisterForContainerTerminationNotification
WcCleanupContainer
WcIsContainerQuiescent
WcGetContainerIdentifier
WcReleaseContainerTerminationNotification
?GetContainerIdentifierString@container@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PEAX@Z
WcGetComRegistryRoot
api-ms-win-appmodel-identity-l1-2-0
AppContainerDeriveSidFromMoniker
api-ms-win-appmodel-state-l1-2-0
GetStateFolder
GetSecureSystemAppDataFolder
GetSystemAppDataFolder
GetPublisherRootFolder
OpenStateExplicit
CloseState
api-ms-win-shell-shellfolders-l1-1-0
SHGetKnownFolderPath
msvcp_win
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPEADK@Z
_Make_dir
_File_size
_Remove_dir
_Unlink
_Stat
_Lstat
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Open_dir
_Read_dir
_Close_dir
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?_Xout_of_range@std@@YAXPEBD@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Xtime_get_ticks
_Query_perf_frequency
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Query_perf_counter
_Thrd_yield
_Thrd_sleep
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-file-l2-1-0
GetFileInformationByHandleEx
api-ms-win-security-lsalookup-l2-1-0
LookupPrivilegeValueW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
appxdeploymentclient
ord68
api-ms-win-crt-math-l1-1-0
ceilf
Exports
Exports
AddLookaside
AddProcessToHeliumContainer
CheckAppXPackageBreakaway
CheckApplicationInCurrentPackage
CloseAppExecutionAlias
CloseJitvSilo
CompleteAppExecutionAliasProcessCreation
CreateAppExecutionAlias
CreateDesktopAppXActivationInfo
CreateDesktopAppXLocalCacheStructure
CreateDesktopAppXTombstoneFile
CreateJitvSilo
CurrentThreadIsInVirtualizationContext
DetokenizeDesktopAppXOfflineRegistry
DisableDesktopAppXDebuggingForPackage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DoesPackageHaveElevationCapability
DoesPackageHaveUIAccessCapability
DoesPluginSupportCentennial
EnableDesktopAppXDebuggingForPackage
EnsureDesktopAppXPackageShutdown
EnterPackageVirtualizationContext
FreeAppExecutionAliasInfo
FreeAppExecutionAliasInfoWithLicenseRundown
FreeDesktopAppXActivationInfo
FreeDesktopAppXLaunchContext
GetAppExecutionAliasApplicationUserModelId
GetAppExecutionAliasExecutable
GetAppExecutionAliasPackageFamilyName
GetAppExecutionAliasPackageFullName
GetApplicationExecutableRelativePath
GetDesktopAppXComRootHandle
LeavePackageVirtualizationContext
LoadAppExecutionAliasInfo
MigrateWritablePackageRootData
OpenAppExecutionAlias
OpenAppExecutionAliasForUser
PerformAppxLicenseRundown
PersistAppExecutionAliasToFile
PostCreateProcessDesktopAppXActivation
PrepareDesktopAppXActivation
RegisterDesktopAppXPackageFamily
RegisterDesktopAppXPackageFamilyIfNecessary
RemoveDesktopAppXMetadataForFolder
RemoveLookaside
SetDesktopAppXMetadataForFolder
SetDesktopAppXMetadataForPackage
TryActivateDesktopAppXApplication
VerifyFileIsTrustedAndInPackage
Sections
.text Size: 485KB - Virtual size: 484KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 135KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.detourc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourd Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
winmde/mi.dll.dll windows:10 windows x64 arch:x64
89d27046cb786351e771526caf261b26
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
mi.pdb
Imports
msvcrt
memcpy
wcstoul
swprintf_s
_wcsicmp
_set_output_format
_ui64tow_s
_i64tow_s
_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
memset
wcscpy_s
wcscmp
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-processthreads-l1-1-0
SetThreadToken
GetCurrentThread
TerminateProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
api-ms-win-security-base-l1-1-0
ImpersonateSelf
RevertToSelf
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
LoadStringW
DisableThreadLibraryCalls
LoadLibraryExW
GetProcAddress
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ntdll
RtlEqualSid
miutils
Instance_SetElementArrayItem
RCClass_AddElementQualifier
XMLDOM_Parse
RCClass_AddMethodParameterQualifierArray
RCClass_AddElementArray
OSC_Type_GetSize
RCClass_New
RCClass_AddElementQualifierArrayItem
OSC_StringToMiValue
RCClass_AddMethodParameter
Instance_IsDynamic
RCClass_AddClassQualifier
RCClass_AddMethodQualifier
RCClass_AddElementQualifierArray
RCClass_AddMethodParameterQualifier
RCClass_AddClassQualifierArray
RCClass_AddMethodQualifierArrayItem
Instance_SetElementArray
RCClass_AddClassQualifierArrayItem
Config_GetRegString
Instance_InitDynamic
PublishDebugMessage
SubscriptionDeliveryOptions_Create
MiErrorCategoryFromWindowsError
RtlDeleteCachedFastLock
RtlQueueAcquireCachedFastLockExclusive
RtlReleaseCachedFastLockExclusive
Instance_New
RtlInitializeCachedFastLock
DestinationOptions_Create
Class_New
RtlInterlockedCompareWait
RtlInterlockedWakeAll
CimErrorFromErrorCode
OperationOptions_Create
DestinationOptions_Duplicate
DestinationOptions_MigrateOptions
OperationOptions_MigrateOptions
SubscriptionDeliveryOptions_MigrateOptions
Options_FindValue
RtlQueueAcquireCachedFastLockShared
Config_GetProtocolHandlerDetails
RtlReleaseCachedFastLockShared
RtlTryAcquireCachedFastLockShared
RCClass_AddMethod
MI_Hash
RCClass_AddElement
RCClass_AddElementArrayItem
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifierArray
XMLDOM_Free
Exports
Exports
MI_Application_InitializeV1
mi_clientFT_V1
Sections
.text Size: 82KB - Virtual size: 82KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 404B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
winmde/winmde.dll.dll regsvr32 windows:10 windows x64 arch:x64
30d9f815f3d0fe0f8f3741c9f2dc893e
Code Sign
33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15-12-2020 21:29Not After02-12-2021 21:29SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
15:4b:2a:de:25:d5:55:ad:40:78:2f:bc:c9:58:69:63:5f:98:c0:a8:8f:ba:61:ea:05:d9:8c:b3:ea:28:ed:3bSigner
Actual PE Digest15:4b:2a:de:25:d5:55:ad:40:78:2f:bc:c9:58:69:63:5f:98:c0:a8:8f:ba:61:ea:05:d9:8c:b3:ea:28:ed:3bDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
winmde.pdb
Imports
msvcrt
_XcptFilter
_callnewh
rand
towlower
iswxdigit
memmove
_onexit
_ui64tow_s
wcsstr
_i64tow_s
_vsnprintf
_ltoa_s
_i64toa_s
_amsg_exit
realloc
__CxxFrameHandler3
memset
_initterm
_ui64toa_s
_ultoa_s
_wtol
towupper
iswalpha
iswdigit
isalpha
isdigit
_ultow_s
wcschr
_vsnwprintf
bsearch
_errno
_lock
_unlock
memcpy
__C_specific_handler
_wcsicmp
_ltow_s
toupper
islower
_gcvt_s
_wcsnicmp
wcsncmp
__dllonexit
strnlen
memcmp
memchr
strncpy_s
strncmp
qsort
_purecall
memcpy_s
free
malloc
wcsncpy_s
wcscmp
api-ms-win-core-synch-l1-1-0
CreateWaitableTimerExW
ReleaseSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
SetEvent
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
WaitForSingleObject
CreateEventA
OpenEventW
CreateEventExW
OpenSemaphoreW
InitializeSRWLock
CreateSemaphoreExW
ResetEvent
SetWaitableTimer
ReleaseSemaphore
AcquireSRWLockShared
CreateEventW
api-ms-win-eventing-provider-l1-1-0
EventSetInformation
EventRegister
EventEnabled
EventUnregister
EventWriteTransfer
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-winrt-error-l1-1-0
RoOriginateError
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableLevel
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
SizeofResource
GetProcAddress
GetModuleFileNameW
FreeLibrary
LoadResource
FindResourceExW
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-registry-l1-1-0
RegEnumKeyExW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegSetValueExW
RegGetValueW
RegDeleteValueW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegCreateKeyExW
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar
api-ms-win-core-synch-l1-2-0
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceExecuteOnce
Sleep
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
GetProcessTimes
TlsGetValue
TlsSetValue
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateThread
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapAlloc
HeapFree
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
DebugBreak
OutputDebugStringA
api-ms-win-core-sysinfo-l1-1-0
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount
GetTickCount64
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-file-l1-1-0
CreateFileW
GetFileSize
WriteFile
GetFileAttributesExW
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
FileTimeToSystemTime
ntdll
RtlInitUnicodeString
NtDeviceIoControlFile
NtQuerySystemInformation
NtClose
NtCreateFile
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
sspicli
QueryContextAttributesW
EncryptMessage
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
d3d11
D3D11CreateDevice
rtworkq
RtwqCancelDeadline
RtwqSetLongRunning
RtwqCreateAsyncResult
RtwqInvokeCallback
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-processthreads-l1-1-1
OpenProcess
api-ms-win-core-toolhelp-l1-1-0
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
api-ms-win-core-heap-l2-1-0
LocalFree
GlobalFree
api-ms-win-core-heap-obsolete-l1-1-0
GlobalLock
GlobalUnlock
api-ms-win-core-memory-l1-1-0
OpenFileMappingW
VirtualQueryEx
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
api-ms-win-core-version-l1-1-1
GetFileVersionInfoW
api-ms-win-core-version-l1-1-0
VerQueryValueW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MFCreateNetVRoot
MFCreateWMPMDEOpCenter
MFCreateWinMDEOpCenter
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 222KB - Virtual size: 222KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 48KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 38KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ