VirtualXP[.]iso

Sharing

Copy URL

Twitter E-mail

General

Target

VirtualXP.iso
Size

43.5MB
MD5

c12191cc48029e4e7f17eea6145691df
SHA1

ebbfa5d05ce9fbf6ef3c05d5ea796c93b90d4e6e
SHA256

d21665dfe3585e46c95bfe5ba45495e8ceccce3e2bc92fd993bbfaa011a216a5
SHA512

9e99e88b6852623c621f72d6ff48d78c02b63d07f8fc8f238942adc541c3081eecf461b6922276b22cbf925496f73b486317ce0ab33bb295b857a1760bcd8606
SSDEEP

786432:jwSXhNIBKujSU8QG6U+mqjEV5J8ilf2ASmKKad4+4GVuCQsjn2D7yuoi:ciVujSRj9qjGvlsuBwn2vyE

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 57 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/I386/SYSTEM32/BATMETER.DLL	acprotect
static1/unpack002/I386/SYSTEM32/BROWSEUI.DLL	acprotect
static1/unpack002/I386/SYSTEM32/CRTDLL.DLL	acprotect
static1/unpack002/I386/SYSTEM32/CRYPTDLL.DLL	acprotect
static1/unpack002/I386/SYSTEM32/DESK.CPL	acprotect
static1/unpack002/I386/SYSTEM32/DESKADP.DLL	acprotect
static1/unpack002/I386/SYSTEM32/DESKMON.DLL	acprotect
static1/unpack002/I386/SYSTEM32/DESKPERF.DLL	acprotect
static1/unpack002/I386/SYSTEM32/DISKCOPY.DLL	acprotect
static1/unpack002/I386/SYSTEM32/DNSAPI.DLL	acprotect
static1/unpack002/I386/SYSTEM32/HOTPLUG.DLL	acprotect
static1/unpack002/I386/SYSTEM32/ICMUI.DLL	acprotect
static1/unpack002/I386/SYSTEM32/IESETUP.DLL	acprotect
static1/unpack002/I386/SYSTEM32/IMAGEHLP.DLL	acprotect
static1/unpack002/I386/SYSTEM32/IMM32.DLL	acprotect
static1/unpack002/I386/SYSTEM32/MSACM32.DLL	acprotect
static1/unpack002/I386/SYSTEM32/MSGINA.DLL	acprotect
static1/unpack002/I386/SYSTEM32/MSVBVM60.DLL	acprotect
static1/unpack002/I386/SYSTEM32/MSVCP60.DLL	acprotect
static1/unpack002/I386/SYSTEM32/NCOBJAPI.DLL	acprotect
static1/unpack002/I386/SYSTEM32/NDDEAPI.DLL	acprotect
static1/unpack002/I386/SYSTEM32/NETAPI32.DLL	acprotect
static1/unpack002/I386/SYSTEM32/NTDSAPI.DLL	acprotect
static1/unpack002/I386/SYSTEM32/ODBC32.DLL	acprotect
static1/unpack002/I386/SYSTEM32/ODBCINT.DLL	acprotect
static1/unpack002/I386/SYSTEM32/OLEDLG.DLL	acprotect
static1/unpack002/I386/SYSTEM32/OLEPRO32.DLL	acprotect
static1/unpack002/I386/SYSTEM32/POWRPROF.DLL	acprotect
static1/unpack002/I386/SYSTEM32/PROFMAP.DLL	acprotect
static1/unpack002/I386/SYSTEM32/PSAPI.DLL	acprotect
static1/unpack002/I386/SYSTEM32/SAMLIB.DLL	acprotect
static1/unpack002/I386/SYSTEM32/SAMSRV.DLL	acprotect
static1/unpack002/I386/SYSTEM32/SCESRV.DLL	acprotect
static1/unpack002/I386/SYSTEM32/SETUPAPI.DLL	acprotect
static1/unpack002/I386/SYSTEM32/SHDOCVW.DLL	acprotect
static1/unpack002/I386/SYSTEM32/SHELL32.DLL	acprotect
static1/unpack002/I386/SYSTEM32/SHUTDOWNRES.DLL	acprotect
static1/unpack002/I386/SYSTEM32/SNMPAPI.DLL	acprotect
static1/unpack002/I386/SYSTEM32/STOBJECT.DLL	acprotect
static1/unpack002/I386/SYSTEM32/STORPROP.DLL	acprotect
static1/unpack002/I386/SYSTEM32/SXS.DLL	acprotect
static1/unpack002/I386/SYSTEM32/SYSSETUP.DLL	acprotect
static1/unpack002/I386/SYSTEM32/THEMEUI.DLL	acprotect
static1/unpack002/I386/SYSTEM32/UMPNPMGR.DLL	acprotect
static1/unpack002/I386/SYSTEM32/UNTFS.DLL	acprotect
static1/unpack002/I386/SYSTEM32/USERENV.DLL	acprotect
static1/unpack002/I386/SYSTEM32/USP10.DLL	acprotect
static1/unpack002/I386/SYSTEM32/UXTHEME.DLL	acprotect
static1/unpack002/I386/SYSTEM32/VERSION.DLL	acprotect
static1/unpack002/I386/SYSTEM32/WININET.DLL	acprotect
static1/unpack002/I386/SYSTEM32/WINMM.DLL	acprotect
static1/unpack002/I386/SYSTEM32/WINTRUST.DLL	acprotect
static1/unpack002/I386/SYSTEM32/WLDAP32.DLL	acprotect
static1/unpack002/I386/SYSTEM32/WS2HELP.DLL	acprotect
static1/unpack002/I386/SYSTEM32/WS2_32.DLL	acprotect
static1/unpack002/I386/SYSTEM32/WSOCK32.DLL	acprotect
static1/unpack002/I386/SYSTEM32/WTSAPI32.DLL	acprotect

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/I386/EXPLORER.EXE	upx
static1/unpack002/I386/SYSTEM32/BATMETER.DLL	upx
static1/unpack002/I386/SYSTEM32/BROWSEUI.DLL	upx
static1/unpack002/I386/SYSTEM32/CMD.EXE	upx
static1/unpack002/I386/SYSTEM32/CRTDLL.DLL	upx
static1/unpack002/I386/SYSTEM32/CRYPTDLL.DLL	upx
static1/unpack002/I386/SYSTEM32/DESK.CPL	upx
static1/unpack002/I386/SYSTEM32/DESKADP.DLL	upx
static1/unpack002/I386/SYSTEM32/DESKMON.DLL	upx
static1/unpack002/I386/SYSTEM32/DESKPERF.DLL	upx
static1/unpack002/I386/SYSTEM32/DISKCOPY.DLL	upx
static1/unpack002/I386/SYSTEM32/DNSAPI.DLL	upx
static1/unpack002/I386/SYSTEM32/HOTPLUG.DLL	upx
static1/unpack002/I386/SYSTEM32/ICMUI.DLL	upx
static1/unpack002/I386/SYSTEM32/IE4UINIT.EXE	upx
static1/unpack002/I386/SYSTEM32/IESETUP.DLL	upx
static1/unpack002/I386/SYSTEM32/IMAGEHLP.DLL	upx
static1/unpack002/I386/SYSTEM32/IMM32.DLL	upx
static1/unpack002/I386/SYSTEM32/MSACM32.DLL	upx
static1/unpack002/I386/SYSTEM32/MSGINA.DLL	upx
static1/unpack002/I386/SYSTEM32/MSVBVM60.DLL	upx
static1/unpack002/I386/SYSTEM32/MSVCP60.DLL	upx
static1/unpack002/I386/SYSTEM32/NCOBJAPI.DLL	upx
static1/unpack002/I386/SYSTEM32/NDDEAPI.DLL	upx
static1/unpack002/I386/SYSTEM32/NETAPI32.DLL	upx
static1/unpack002/I386/SYSTEM32/NTDSAPI.DLL	upx
static1/unpack002/I386/SYSTEM32/ODBC32.DLL	upx
static1/unpack002/I386/SYSTEM32/ODBCINT.DLL	upx
static1/unpack002/I386/SYSTEM32/OLEDLG.DLL	upx
static1/unpack002/I386/SYSTEM32/OLEPRO32.DLL	upx
static1/unpack002/I386/SYSTEM32/PELOADER.EXE	upx
static1/unpack002/I386/SYSTEM32/POWRPROF.DLL	upx
static1/unpack002/I386/SYSTEM32/PROFMAP.DLL	upx
static1/unpack002/I386/SYSTEM32/PSAPI.DLL	upx
static1/unpack002/I386/SYSTEM32/REG.EXE	upx
static1/unpack002/I386/SYSTEM32/RUNONCE.EXE	upx
static1/unpack002/I386/SYSTEM32/SAMLIB.DLL	upx
static1/unpack002/I386/SYSTEM32/SAMSRV.DLL	upx
static1/unpack002/I386/SYSTEM32/SCESRV.DLL	upx
static1/unpack002/I386/SYSTEM32/SCREENSAVER.EXE	upx
static1/unpack002/I386/SYSTEM32/SERVICES.EXE	upx
static1/unpack002/I386/SYSTEM32/SETUPAPI.DLL	upx
static1/unpack002/I386/SYSTEM32/SHDOCVW.DLL	upx
static1/unpack002/I386/SYSTEM32/SHELL32.DLL	upx
static1/unpack002/I386/SYSTEM32/SHUTDOWNRES.DLL	upx
static1/unpack002/I386/SYSTEM32/SNMPAPI.DLL	upx
static1/unpack002/I386/SYSTEM32/STOBJECT.DLL	upx
static1/unpack002/I386/SYSTEM32/STORPROP.DLL	upx
static1/unpack002/I386/SYSTEM32/SVCHOST.EXE	upx
static1/unpack002/I386/SYSTEM32/SXS.DLL	upx
static1/unpack002/I386/SYSTEM32/SYSSETUP.DLL	upx
static1/unpack002/I386/SYSTEM32/THEMEUI.DLL	upx
static1/unpack002/I386/SYSTEM32/UMPNPMGR.DLL	upx
static1/unpack002/I386/SYSTEM32/UNTFS.DLL	upx
static1/unpack002/I386/SYSTEM32/USERENV.DLL	upx
static1/unpack002/I386/SYSTEM32/USP10.DLL	upx
static1/unpack002/I386/SYSTEM32/UXTHEME.DLL	upx
static1/unpack002/I386/SYSTEM32/VERSION.DLL	upx
static1/unpack002/I386/SYSTEM32/WININET.DLL	upx
static1/unpack002/I386/SYSTEM32/WINLOGON.EXE	upx
static1/unpack002/I386/SYSTEM32/WINMM.DLL	upx
static1/unpack002/I386/SYSTEM32/WINTRUST.DLL	upx
static1/unpack002/I386/SYSTEM32/WLDAP32.DLL	upx
static1/unpack002/I386/SYSTEM32/WS2HELP.DLL	upx

Unsigned PE 171 IoCs

Checks for missing Authenticode signature.

resource
unpack002/I386/EXPLORER.EXE
unpack003/out.upx
unpack002/I386/SYSTEM32/ADVAPI32.DLL
unpack002/I386/SYSTEM32/ADVPACK.DLL
unpack004/apphelp.dll
unpack002/I386/SYSTEM32/AUTHZ.DLL
unpack002/I386/SYSTEM32/BASESRV.DLL
unpack002/I386/SYSTEM32/BATMETER.DLL
unpack005/out.upx
unpack006/bootvid.dll
unpack002/I386/SYSTEM32/BROWSELC.DLL
unpack002/I386/SYSTEM32/BROWSEUI.DLL
unpack007/out.upx
unpack002/I386/SYSTEM32/CALC.EXE
unpack002/I386/SYSTEM32/CHARMAP.EXE
unpack002/I386/SYSTEM32/CIRRUS.DLL
unpack002/I386/SYSTEM32/CMD.EXE
unpack008/out.upx
unpack002/I386/SYSTEM32/COMCTL32.DLL
unpack002/I386/SYSTEM32/COMDLG32.DLL
unpack002/I386/SYSTEM32/CRTDLL.DLL
unpack009/out.upx
unpack002/I386/SYSTEM32/CRYPT32.DLL
unpack002/I386/SYSTEM32/CRYPTDLL.DLL
unpack002/I386/SYSTEM32/CRYPTUI.DLL
unpack002/I386/SYSTEM32/CSRSRV.DLL
unpack002/I386/SYSTEM32/CSRSS.EXE
unpack002/I386/SYSTEM32/DESK.CPL
unpack002/I386/SYSTEM32/DESKADP.DLL
unpack002/I386/SYSTEM32/DESKMON.DLL
unpack002/I386/SYSTEM32/DESKPERF.DLL
unpack002/I386/SYSTEM32/DISKCOPY.DLL
unpack002/I386/SYSTEM32/DNSAPI.DLL
unpack002/I386/SYSTEM32/DRIVERS/CIRRUS.SYS
unpack002/I386/SYSTEM32/DRIVERS/CLASSPNP.SYS
unpack002/I386/SYSTEM32/DRIVERS/DXAPI.SYS
unpack002/I386/SYSTEM32/DRIVERS/DXG.SYS
unpack002/I386/SYSTEM32/DRIVERS/DXGTHK.SYS
unpack002/I386/SYSTEM32/DRIVERS/FS_REC.SYS
unpack002/I386/SYSTEM32/DRIVERS/HIDUSB.SYS
unpack002/I386/SYSTEM32/DRIVERS/KSECDD.SYS
unpack002/I386/SYSTEM32/DRIVERS/MCD.SYS
unpack002/I386/SYSTEM32/DRIVERS/MNMDD.SYS
unpack002/I386/SYSTEM32/DRIVERS/MOUCLASS.SYS
unpack002/I386/SYSTEM32/DRIVERS/MOUHID.SYS
unpack002/I386/SYSTEM32/DRIVERS/MUP.SYS
unpack002/I386/SYSTEM32/DRIVERS/NDIS.SYS
unpack002/I386/SYSTEM32/DRIVERS/NPFS.SYS
unpack002/I386/SYSTEM32/DRIVERS/NTFS.SYS
unpack002/I386/SYSTEM32/DRIVERS/NULL.SYS
unpack002/I386/SYSTEM32/DRIVERS/PCIIDEX.SYS
unpack002/I386/SYSTEM32/DRIVERS/RAMDRIV.SYS
unpack002/I386/SYSTEM32/DRIVERS/RDBSS.SYS
unpack002/I386/SYSTEM32/DRIVERS/TDI.SYS
unpack002/I386/SYSTEM32/DRIVERS/UDFS.SYS
unpack002/I386/SYSTEM32/DRIVERS/USBCCGP.SYS
unpack002/I386/SYSTEM32/DRIVERS/USBD.SYS
unpack002/I386/SYSTEM32/DRIVERS/USBEHCI.SYS
unpack002/I386/SYSTEM32/DRIVERS/USBHUB.SYS
unpack002/I386/SYSTEM32/DRIVERS/USBOHCI.SYS
unpack002/I386/SYSTEM32/DRIVERS/USBPORT.SYS
unpack002/I386/SYSTEM32/DRIVERS/USBSTOR.SYS
unpack002/I386/SYSTEM32/DRIVERS/USBUHCI.SYS
unpack002/I386/SYSTEM32/DRIVERS/VGA.SYS
unpack002/I386/SYSTEM32/DRIVERS/VIDEOPRT.SYS
unpack002/I386/SYSTEM32/DRIVERS/VMX_SVGA.SYS
unpack002/I386/SYSTEM32/FRAMEBUF.DLL
unpack002/I386/SYSTEM32/GDI32.DLL
unpack002/I386/SYSTEM32/GETUNAME.DLL
unpack002/I386/SYSTEM32/GINAORG.DLL
unpack002/I386/SYSTEM32/HIDERUN.EXE
unpack002/I386/SYSTEM32/HOTPLUG.DLL
unpack002/I386/SYSTEM32/ICMUI.DLL
unpack002/I386/SYSTEM32/IE4UINIT.EXE
unpack002/I386/SYSTEM32/IERNONCE.DLL
unpack002/I386/SYSTEM32/IESETUP.DLL
unpack002/I386/SYSTEM32/IMAGEHLP.DLL
unpack002/I386/SYSTEM32/IMM32.DLL
unpack002/I386/SYSTEM32/IPHLPAPI.DLL
unpack002/I386/SYSTEM32/KBDUS.DLL
unpack002/I386/SYSTEM32/KDCOM.DLL
unpack002/I386/SYSTEM32/KERNEL32.DLL
unpack002/I386/SYSTEM32/LSASRV.DLL
unpack002/I386/SYSTEM32/LSASS.EXE
unpack002/I386/SYSTEM32/MPR.DLL
unpack002/I386/SYSTEM32/MSACM32.DLL
unpack002/I386/SYSTEM32/MSASN1.DLL
unpack002/I386/SYSTEM32/MSGINA.DLL
unpack002/I386/SYSTEM32/MSIMG32.DLL
unpack002/I386/SYSTEM32/MSPAINT.EXE
unpack002/I386/SYSTEM32/MSPRIVS.DLL
unpack002/I386/SYSTEM32/MSVBVM60.DLL
unpack002/I386/SYSTEM32/MSVCP60.DLL
unpack002/I386/SYSTEM32/MSVCRT.DLL
unpack002/I386/SYSTEM32/NCOBJAPI.DLL
unpack002/I386/SYSTEM32/NDDEAPI.DLL
unpack002/I386/SYSTEM32/NETAPI32.DLL
unpack002/I386/SYSTEM32/NOTEPAD.EXE
unpack002/I386/SYSTEM32/NTDLL.DLL
unpack002/I386/SYSTEM32/NTDSAPI.DLL
unpack002/I386/SYSTEM32/ODBC32.DLL
unpack002/I386/SYSTEM32/ODBCINT.DLL
unpack002/I386/SYSTEM32/OLE32.DLL
unpack002/I386/SYSTEM32/OLEAUT32.DLL
unpack002/I386/SYSTEM32/OLEDLG.DLL
unpack002/I386/SYSTEM32/OLEPRO32.DLL
unpack002/I386/SYSTEM32/PELOADER.EXE
unpack002/I386/SYSTEM32/POWRPROF.DLL
unpack002/I386/SYSTEM32/PROFMAP.DLL
unpack002/I386/SYSTEM32/PSAPI.DLL
unpack002/I386/SYSTEM32/REG.EXE
unpack002/I386/SYSTEM32/REGAPI.DLL
unpack002/I386/SYSTEM32/RICHED20.DLL
unpack002/I386/SYSTEM32/RPCRT4.DLL
unpack002/I386/SYSTEM32/RPCSS.DLL
unpack002/I386/SYSTEM32/RUNDLL32.EXE
unpack002/I386/SYSTEM32/RUNONCE.EXE
unpack002/I386/SYSTEM32/SAMLIB.DLL
unpack002/I386/SYSTEM32/SAMSRV.DLL
unpack002/I386/SYSTEM32/SCESRV.DLL
unpack002/I386/SYSTEM32/SCREENSAVER.EXE
unpack002/I386/SYSTEM32/SECUR32.DLL
unpack002/I386/SYSTEM32/SERVICES.EXE
unpack002/I386/SYSTEM32/SETUPAPI.DLL
unpack002/I386/SYSTEM32/SHDOCLC.DLL
unpack002/I386/SYSTEM32/SHDOCVW.DLL
unpack002/I386/SYSTEM32/SHELL32.DLL
unpack002/I386/SYSTEM32/SHLWAPI.DLL
unpack002/I386/SYSTEM32/SHUTDOWNRES.DLL
unpack002/I386/SYSTEM32/SMSS.EXE
unpack002/I386/SYSTEM32/SNMPAPI.DLL
unpack002/I386/SYSTEM32/STDOLE2.TLB
unpack002/I386/SYSTEM32/STOBJECT.DLL
unpack002/I386/SYSTEM32/STORPROP.DLL
unpack002/I386/SYSTEM32/SVCHOST.EXE
unpack002/I386/SYSTEM32/SXS.DLL
unpack002/I386/SYSTEM32/SYSDM.CPL
unpack002/I386/SYSTEM32/SYSSETUP.DLL
unpack002/I386/SYSTEM32/TASKMGR.EXE
unpack002/I386/SYSTEM32/THEMEUI.DLL
unpack002/I386/SYSTEM32/TIMEDATE.CPL
unpack002/I386/SYSTEM32/UMPNPMGR.DLL
unpack002/I386/SYSTEM32/UNTFS.DLL
unpack002/I386/SYSTEM32/URLMON.DLL
unpack002/I386/SYSTEM32/USER32.DLL
unpack002/I386/SYSTEM32/USERENV.DLL
unpack002/I386/SYSTEM32/USP10.DLL
unpack002/I386/SYSTEM32/UXTHEME.DLL
unpack002/I386/SYSTEM32/VDMDBG.DLL
unpack002/I386/SYSTEM32/VERSION.DLL
unpack002/I386/SYSTEM32/VGA.DLL
unpack002/I386/SYSTEM32/VGA256.DLL
unpack002/I386/SYSTEM32/VMX_FB.DLL
unpack002/I386/SYSTEM32/VMX_MODE.DLL
unpack002/I386/SYSTEM32/WATCHDOG.SYS
unpack002/I386/SYSTEM32/WIN32K.SYS
unpack002/I386/SYSTEM32/WININET.DLL
unpack002/I386/SYSTEM32/WINLOGON.EXE
unpack002/I386/SYSTEM32/WINMM.DLL
unpack002/I386/SYSTEM32/WINSPOOL.DRV
unpack002/I386/SYSTEM32/WINSRV.DLL
unpack002/I386/SYSTEM32/WINSTA.DLL
unpack002/I386/SYSTEM32/WINTRUST.DLL
unpack002/I386/SYSTEM32/WLDAP32.DLL
unpack002/I386/SYSTEM32/WS2HELP.DLL
unpack002/I386/SYSTEM32/WS2_32.DLL
unpack002/I386/SYSTEM32/WSOCK32.DLL
unpack002/I386/SYSTEM32/WTSAPI32.DLL
unpack002/I386/SYSTEM32/XPSP2RES.DLL
unpack002/I386/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.0.0_X-WW_1382D70A/COMCTL32.DLL
unpack002/MODELRAM.EXE

Files

VirtualXP.iso
.iso
out.iso
.iso
BOOT.CATALOG
I386/EXPLORER.EXE
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 696KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 334KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 713KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/FONTS/ARIAL.TTF
I386/FONTS/MARLETT.TTF
I386/INF/DISPLAY.INF
I386/INF/VMX_SVGA.INF
I386/NTDETECT.COM
I386/SETUPLDR.BIN
I386/SYSTEM32/ADVAPI32.DLL
.dll windows:5 windows x86 arch:x86

fe78a77dc56023bb52e529d0ef86d150

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

advapi32.pdb

Imports

ntdll

RtlExpandEnvironmentStrings_U
RtlDuplicateUnicodeString
RtlCreateUnicodeString
NtQueryInformationProcess
NtQueryKey
RtlStringFromGUID
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlInitializeHandleTable
RtlDestroyHandleTable
NtEnumerateKey
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
RtlFormatCurrentUserKeyPath
RtlInitializeGenericTable
RtlNumberGenericTableElements
RtlLookupElementGenericTable
RtlQueryRegistryValues
RtlGUIDFromString
RtlUpcaseUnicodeChar
NtQueryVolumeInformationFile
RtlPrefixUnicodeString
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlDetermineDosPathNameType_U
NtQueryInformationFile
RtlGetFullPathName_U
wcstombs
mbstowcs
_ftol
NtSetEvent
NtQueryPerformanceCounter
wcscmp
NtWaitForMultipleObjects
RtlIsGenericTableEmpty
NtCreateEvent
RtlCreateHeap
RtlDestroyHeap
NtAllocateVirtualMemory
RtlFlushSecureMemoryCache
NtFreeVirtualMemory
NtCreateFile
NtQueryInformationThread
NtWriteFile
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
NtOpenProcess
NtReadFile
NtFlushBuffersFile
NtSetInformationFile
CsrNewThread
NtClearEvent
NtReleaseSemaphore
NtCreateSemaphore
NtPowerInformation
RtlInitUnicodeStringEx
RtlUnicodeToMultiByteN
NtNotifyChangeKey
NtSetInformationObject
NtDuplicateObject
_itow
NtDeleteValueKey
NtEnumerateValueKey
RtlTimeToSecondsSince1970
RtlUnwind
NtQueryVirtualMemory
RtlEnumerateGenericTableWithoutSplaying
NtCompareTokens
RtlFreeHandle
RtlIsValidIndexHandle
RtlAllocateHandle
_vsnwprintf
RtlUnicodeStringToInteger
wcsncmp
RtlMakeSelfRelativeSD
RtlGetNtProductType
NtQuerySystemTime
RtlRandom
RtlCompareUnicodeString
RtlxUnicodeStringToAnsiSize
RtlAppendUnicodeStringToString
NtWaitForSingleObject
RtlCompareMemory
NtDeviceIoControlFile
wcsrchr
RtlCopyLuid
RtlImageNtHeader
_ultow
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
RtlMultiByteToUnicodeN
strstr
strchr
tolower
_wcsnicmp
wcsncpy
wcstol
wcstoul
iswctype
RtlConvertSidToUnicodeString
DbgPrint
_strnicmp
RtlFreeAnsiString
RtlCreateUnicodeStringFromAsciiz
atol
NtQuerySystemInformation
_chkstk
NtTerminateProcess
RtlAdjustPrivilege
NtSetInformationProcess
strncpy
RtlUpcaseUnicodeStringToOemString
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitString
RtlIsTextUnicode
_stricmp
NtDeleteKey
NtQueryValueKey
NtSetValueKey
_wcsicmp
_wcslwr
wcsstr
wcschr
swprintf
RtlOpenCurrentUser
NtOpenKey
NtCreateKey
RtlSetSecurityDescriptorRMControl
RtlGetSecurityDescriptorRMControl
RtlSelfRelativeToAbsoluteSD2
NtFilterToken
sprintf
NtImpersonateAnonymousToken
memmove
RtlUnicodeStringToAnsiString
RtlUnicodeToMultiByteSize
RtlCopyUnicodeString
NtSetInformationThread
RtlImpersonateSelf
NtFsControlFile
NtQuerySecurityObject
RtlOemStringToUnicodeString
NtOpenFile
NtSetSecurityObject
NtClose
RtlSelfRelativeToAbsoluteSD
RtlAbsoluteToSelfRelativeSD
RtlDeleteSecurityObject
RtlQuerySecurityObject
RtlSetSecurityObjectEx
RtlSetSecurityObject
RtlNewSecurityObjectWithMultipleInheritance
RtlNewSecurityObjectEx
RtlConvertToAutoInheritSecurityObject
RtlNewSecurityObject
RtlGetGroupSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetControlSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
RtlCreateSecurityDescriptor
RtlFirstFreeAce
RtlAddAuditAccessObjectAce
RtlAddAccessDeniedObjectAce
RtlAddAccessAllowedObjectAce
RtlAddAuditAccessAceEx
RtlAddAuditAccessAce
RtlAddAccessDeniedAceEx
RtlAddAccessDeniedAce
RtlAddAccessAllowedAceEx
RtlAddAccessAllowedAce
RtlGetAce
RtlDeleteAce
RtlAddAce
RtlSetInformationAcl
RtlQueryInformationAcl
RtlCreateAcl
RtlValidAcl
RtlMapGenericMask
RtlAreAnyAccessesGranted
RtlAreAllAccessesGranted
RtlCopySid
RtlLengthSid
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlIdentifierAuthoritySid
RtlAllocateAndInitializeSid
RtlFreeSid
RtlInitializeSid
RtlLengthRequiredSid
RtlEqualPrefixSid
RtlEqualSid
RtlValidSid
NtPrivilegedServiceAuditAlarm
NtDeleteObjectAuditAlarm
NtCloseObjectAuditAlarm
NtPrivilegeObjectAuditAlarm
NtOpenObjectAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckAndAuditAlarm
NtPrivilegeCheck
NtAdjustGroupsToken
NtAdjustPrivilegesToken
NtSetInformationToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenProcessToken
NtAccessCheckByTypeResultList
NtAccessCheckByType
NtAccessCheck
NtAllocateLocallyUniqueId
NtDuplicateToken
_snwprintf
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U
RtlFreeHeap
wcslen
RtlAllocateHeap
wcscpy
wcscat
RtlNtStatusToDosError
RtlInitializeCriticalSection
NtTraceEvent
RtlDeleteCriticalSection
RtlEqualUnicodeString
NtFlushKey
RtlValidRelativeSecurityDescriptor
NtLoadKey
NtUnloadKey
NtReplaceKey
NtNotifyChangeMultipleKeys
NtQueryMultipleValueKey
NtRestoreKey
NtSaveKey
NtSaveMergedKeys
NtSaveKeyEx
RtlGetVersion
RtlReAllocateHeap
_alloca_probe

kernel32

DeviceIoControl
LocalReAlloc
LocalFree
WideCharToMultiByte
LocalAlloc
lstrlenW
MultiByteToWideChar
lstrlenA
lstrcatW
lstrcpyW
lstrcpyA
AreFileApisANSI
IsBadWritePtr
CloseHandle
WritePrivateProfileStringW
GetPrivateProfileStringW
Sleep
GetTickCount
GetCurrentProcess
GetCurrentThread
GetWindowsDirectoryW
GetLastError
SetErrorMode
LoadLibraryExW
FindFirstFileExW
FindNextFileW
GetFileTime
GetSystemTime
GetModuleFileNameW
GetUserDefaultUILanguage
CreateMutexW
GetPrivateProfileIntW
GetSystemWindowsDirectoryW
RaiseException
ReadProcessMemory
GetProfileIntA
GetProfileStringA
GetComputerNameA
GetComputerNameExW
GetModuleHandleExW
SetNamedPipeHandleState
OpenEventW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceW
GetVolumeInformationW
GlobalMemoryStatus
GetSystemInfo
SetThreadPriority
InterlockedExchangeAdd
DuplicateHandle
CreateThread
WaitForMultipleObjectsEx
CancelIo
ExitThread
GetTimeZoneInformation
EnumUILanguagesW
CreateEventA
GetFullPathNameA
GetDiskFreeSpaceExW
ResetEvent
SetEvent
CreateFileA
GetOverlappedResult
GetModuleHandleW
FindResourceExW
ReleaseMutex
CompareFileTime
OpenMutexW
WaitForSingleObject
GetLongPathNameW
GetFileSizeEx
CreateFileMappingW
FormatMessageW
GetLocalTime
OutputDebugStringW
ExpandEnvironmentStringsW
MoveFileW
lstrcmpW
GetCommandLineW
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
SetLastError
GetVersionExA
InterlockedExchange
CreateEventW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedCompareExchange
DelayLoadFailureHook
GetPriorityClass
HeapFree
GetFullPathNameW
lstrcpynW
GetCurrentThreadId
SleepEx
GetProcessHeap
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsA
OpenFile
GetFileSize
_lclose
SearchPathW
GetFileAttributesExW
SetFilePointer
FindResourceA
LoadResource
SizeofResource
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
CreateProcessInternalA
CreateProcessInternalW
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
WaitNamedPipeW
GetCurrentProcessId
WriteFile
ReadFile
ResumeThread
OpenProcess
GetComputerNameW
UnmapViewOfFile
CreateFileW
CreateFileMappingA
MapViewOfFile
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
CreateVirtualBuffer
VirtualBufferExceptionHandler
FreeVirtualBuffer
GetFileAttributesW
FindFirstFileW
FindClose
QueryWin31IniFilesMappedToRegistry
DeleteFileW
CopyFileW

rpcrt4

RpcStringFreeW
UuidToStringW
UuidFromStringW
RpcRaiseException
RpcBindingSetAuthInfoExA
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
NdrClientCall2
RpcStringBindingParseW
I_RpcMapWin32Status
RpcBindingToStringBindingW
NDRCContextBinding
RpcRevertToSelf
RpcImpersonateClient
I_RpcBindingIsClientLocal
I_RpcExceptionFilter
RpcSsDestroyClientContext
RpcBindingSetAuthInfoW
RpcEpResolveBinding
UuidCreate
RpcBindingSetAuthInfoA

Exports

Exports

A_SHAFinal
A_SHAInit
A_SHAUpdate
AbortSystemShutdownA
AbortSystemShutdownW
AccessCheck
AccessCheckAndAuditAlarmA
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmA
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmA
AccessCheckByTypeResultListAndAuditAlarmByHandleA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddUsersToEncryptedFile
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
BackupEventLogA
BackupEventLogW
BuildExplicitAccessWithNameA
BuildExplicitAccessWithNameW
BuildImpersonateExplicitAccessWithNameA
BuildImpersonateExplicitAccessWithNameW
BuildImpersonateTrusteeA
BuildImpersonateTrusteeW
BuildSecurityDescriptorA
BuildSecurityDescriptorW
BuildTrusteeWithNameA
BuildTrusteeWithNameW
BuildTrusteeWithObjectsAndNameA
BuildTrusteeWithObjectsAndNameW
BuildTrusteeWithObjectsAndSidA
BuildTrusteeWithObjectsAndSidW
BuildTrusteeWithSidA
BuildTrusteeWithSidW
CancelOverlappedAccess
ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CheckTokenMembership
ClearEventLogA
ClearEventLogW
CloseCodeAuthzLevel
CloseEncryptedFileRaw
CloseEventLog
CloseServiceHandle
CloseTrace
CommandLineFromMsiDescriptor
ComputeAccessTokenFromCodeAuthzLevel
ControlService
ControlTraceA
ControlTraceW
ConvertAccessToSecurityDescriptorA
ConvertAccessToSecurityDescriptorW
ConvertSDToStringSDRootDomainA
ConvertSDToStringSDRootDomainW
ConvertSecurityDescriptorToAccessA
ConvertSecurityDescriptorToAccessNamedA
ConvertSecurityDescriptorToAccessNamedW
ConvertSecurityDescriptorToAccessW
ConvertSecurityDescriptorToStringSecurityDescriptorA
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidA
ConvertSidToStringSidW
ConvertStringSDToSDDomainA
ConvertStringSDToSDDomainW
ConvertStringSDToSDRootDomainA
ConvertStringSDToSDRootDomainW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidA
ConvertStringSidToSidW
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreateCodeAuthzLevel
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserA
CreateProcessAsUserSecure
CreateProcessAsUserW
CreateProcessWithLogonW
CreateRestrictedToken
CreateServiceA
CreateServiceW
CreateTraceInstanceId
CreateWellKnownSid
CredDeleteA
CredDeleteW
CredEnumerateA
CredEnumerateW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialA
CredIsMarshaledCredentialW
CredMarshalCredentialA
CredMarshalCredentialW
CredProfileLoaded
CredReadA
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredRenameA
CredRenameW
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
CredpConvertCredential
CredpConvertTargetInfo
CredpDecodeCredential
CredpEncodeCredential
CryptAcquireContextA
CryptAcquireContextW
CryptContextAddRef
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptDuplicateHash
CryptDuplicateKey
CryptEncrypt
CryptEnumProviderTypesA
CryptEnumProviderTypesW
CryptEnumProvidersA
CryptEnumProvidersW
CryptExportKey
CryptGenKey
CryptGenRandom
CryptGetDefaultProviderA
CryptGetDefaultProviderW
CryptGetHashParam
CryptGetKeyParam
CryptGetProvParam
CryptGetUserKey
CryptHashData
CryptHashSessionKey
CryptImportKey
CryptReleaseContext
CryptSetHashParam
CryptSetKeyParam
CryptSetProvParam
CryptSetProviderA
CryptSetProviderExA
CryptSetProviderExW
CryptSetProviderW
CryptSignHashA
CryptSignHashW
CryptVerifySignatureA
CryptVerifySignatureW
DecryptFileA
DecryptFileW
DeleteAce
DeleteService
DeregisterEventSource
DestroyPrivateObjectSecurity
DuplicateEncryptionInfoFile
DuplicateToken
DuplicateTokenEx
ElfBackupEventLogFileA
ElfBackupEventLogFileW
ElfChangeNotify
ElfClearEventLogFileA
ElfClearEventLogFileW
ElfCloseEventLog
ElfDeregisterEventSource
ElfFlushEventLog
ElfNumberOfRecords
ElfOldestRecord
ElfOpenBackupEventLogA
ElfOpenBackupEventLogW
ElfOpenEventLogA
ElfOpenEventLogW
ElfReadEventLogA
ElfReadEventLogW
ElfRegisterEventSourceA
ElfRegisterEventSourceW
ElfReportEventA
ElfReportEventW
EnableTrace
EncryptFileA
EncryptFileW
EncryptedFileKeyInfo
EncryptionDisable
EnumDependentServicesA
EnumDependentServicesW
EnumServiceGroupW
EnumServicesStatusA
EnumServicesStatusExA
EnumServicesStatusExW
EnumServicesStatusW
EnumerateTraceGuids
EqualDomainSid
EqualPrefixSid
EqualSid
FileEncryptionStatusA
FileEncryptionStatusW
FindFirstFreeAce
FlushTraceA
FlushTraceW
FreeEncryptedFileKeyInfo
FreeEncryptionCertificateHashList
FreeInheritedFromArray
FreeSid
GetAccessPermissionsForObjectA
GetAccessPermissionsForObjectW
GetAce
GetAclInformation
GetAuditedPermissionsFromAclA
GetAuditedPermissionsFromAclW
GetCurrentHwProfileA
GetCurrentHwProfileW
GetEffectiveRightsFromAclA
GetEffectiveRightsFromAclW
GetEventLogInformation
GetExplicitEntriesFromAclA
GetExplicitEntriesFromAclW
GetFileSecurityA
GetFileSecurityW
GetInformationCodeAuthzLevelW
GetInformationCodeAuthzPolicyW
GetInheritanceSourceA
GetInheritanceSourceW
GetKernelObjectSecurity
GetLengthSid
GetLocalManagedApplicationData
GetLocalManagedApplications
GetManagedApplicationCategories
GetManagedApplications
GetMultipleTrusteeA
GetMultipleTrusteeOperationA
GetMultipleTrusteeOperationW
GetMultipleTrusteeW
GetNamedSecurityInfoA
GetNamedSecurityInfoExA
GetNamedSecurityInfoExW
GetNamedSecurityInfoW
GetNumberOfEventLogRecords
GetOldestEventLogRecord
GetOverlappedAccessResults
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSecurityInfo
GetSecurityInfoExA
GetSecurityInfoExW
GetServiceDisplayNameA
GetServiceDisplayNameW
GetServiceKeyNameA
GetServiceKeyNameW
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetTrusteeFormA
GetTrusteeFormW
GetTrusteeNameA
GetTrusteeNameW
GetTrusteeTypeA
GetTrusteeTypeW
GetUserNameA
GetUserNameW
GetWindowsAccountDomainSid
I_ScGetCurrentGroupStateW
I_ScIsSecurityProcess
I_ScPnPGetServiceName
I_ScSendTSMessage
I_ScSetServiceBitsA
I_ScSetServiceBitsW
IdentifyCodeAuthzLevelW
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
InitiateSystemShutdownA
InitiateSystemShutdownExA
InitiateSystemShutdownExW
InitiateSystemShutdownW
InstallApplication
IsTextUnicode
IsTokenRestricted
IsTokenUntrusted
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
LockServiceDatabase
LogonUserA
LogonUserExA
LogonUserExW
LogonUserW
LookupAccountNameA
LookupAccountNameW
LookupAccountSidA
LookupAccountSidW
LookupPrivilegeDisplayNameA
LookupPrivilegeDisplayNameW
LookupPrivilegeNameA
LookupPrivilegeNameW
LookupPrivilegeValueA
LookupPrivilegeValueW
LookupSecurityDescriptorPartsA
LookupSecurityDescriptorPartsW
LsaAddAccountRights
LsaAddPrivilegesToAccount
LsaClearAuditLog
LsaClose
LsaCreateAccount
LsaCreateSecret
LsaCreateTrustedDomain
LsaCreateTrustedDomainEx
LsaDelete
LsaDeleteTrustedDomain
LsaEnumerateAccountRights
LsaEnumerateAccounts
LsaEnumerateAccountsWithUserRight
LsaEnumeratePrivileges
LsaEnumeratePrivilegesOfAccount
LsaEnumerateTrustedDomains
LsaEnumerateTrustedDomainsEx
LsaFreeMemory
LsaGetQuotasForAccount
LsaGetRemoteUserName
LsaGetSystemAccessAccount
LsaGetUserName
LsaICLookupNames
LsaICLookupNamesWithCreds
LsaICLookupSids
LsaICLookupSidsWithCreds
LsaLookupNames
LsaLookupNames2
LsaLookupPrivilegeDisplayName
LsaLookupPrivilegeName
LsaLookupPrivilegeValue
LsaLookupSids
LsaNtStatusToWinError
LsaOpenAccount
LsaOpenPolicy
LsaOpenPolicySce
LsaOpenSecret
LsaOpenTrustedDomain
LsaOpenTrustedDomainByName
LsaQueryDomainInformationPolicy
LsaQueryForestTrustInformation
LsaQueryInfoTrustedDomain
LsaQueryInformationPolicy
LsaQuerySecret
LsaQuerySecurityObject
LsaQueryTrustedDomainInfo
LsaQueryTrustedDomainInfoByName
LsaRemoveAccountRights
LsaRemovePrivilegesFromAccount
LsaRetrievePrivateData
LsaSetDomainInformationPolicy
LsaSetForestTrustInformation
LsaSetInformationPolicy
LsaSetInformationTrustedDomain
LsaSetQuotasForAccount
LsaSetSecret
LsaSetSecurityObject
LsaSetSystemAccessAccount
LsaSetTrustedDomainInfoByName
LsaSetTrustedDomainInformation
LsaStorePrivateData
MD4Final
MD4Init
MD4Update
MD5Final
MD5Init
MD5Update
MSChapSrvChangePassword
MSChapSrvChangePassword2
MakeAbsoluteSD
MakeAbsoluteSD2
MakeSelfRelativeSD
MapGenericMask
NotifyBootConfigStatus
NotifyChangeEventLog
ObjectCloseAuditAlarmA
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmA
ObjectDeleteAuditAlarmW
ObjectOpenAuditAlarmA
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmA
ObjectPrivilegeAuditAlarmW
OpenBackupEventLogA
OpenBackupEventLogW
OpenEncryptedFileRawA
OpenEncryptedFileRawW
OpenEventLogA
OpenEventLogW
OpenProcessToken
OpenSCManagerA
OpenSCManagerW
OpenServiceA
OpenServiceW
OpenThreadToken
OpenTraceA
OpenTraceW
PrivilegeCheck
PrivilegedServiceAuditAlarmA
PrivilegedServiceAuditAlarmW
ProcessIdleTasks
ProcessTrace
QueryAllTracesA
QueryAllTracesW
QueryRecoveryAgentsOnEncryptedFile
QueryServiceConfig2A
QueryServiceConfig2W
QueryServiceConfigA
QueryServiceConfigW
QueryServiceLockStatusA
QueryServiceLockStatusW
QueryServiceObjectSecurity
QueryServiceStatus
QueryServiceStatusEx
QueryTraceA
QueryTraceW
QueryUsersOnEncryptedFile
QueryWindows31FilesMigration
ReadEncryptedFileRaw
ReadEventLogA
ReadEventLogW
RegCloseKey
RegConnectRegistryA
RegConnectRegistryW
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCache
RegEnumKeyA
RegEnumKeyExA
RegEnumKeyExW
RegEnumKeyW
RegEnumValueA
RegEnumValueW
RegFlushKey
RegGetKeySecurity
RegLoadKeyA
RegLoadKeyW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyW
RegOpenUserClassesRoot
RegOverridePredefKey
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryMultipleValuesA
RegQueryMultipleValuesW
RegQueryValueA
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegReplaceKeyA
RegReplaceKeyW
RegRestoreKeyA
RegRestoreKeyW

Sections

.text
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/ADVPACK.DLL
.dll windows:5 windows x86 arch:x86

1883e642b24153991f1cc921af0e5b3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

advpack.pdb

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
longjmp
memmove
_setjmp3
free

user32

CreateDialogParamA
UpdateWindow
DestroyWindow
ShowWindow
IsWindow
OemToCharA
DialogBoxParamA
SetDlgItemTextA
GetDlgItemTextA
GetDesktopWindow
SetWindowTextA
GetDlgItem
EnableWindow
EndDialog
ExitWindowsEx
CharToOemA
MessageBeep
MessageBoxA
SendDlgItemMessageA
GetSystemMetrics
CharUpperA
CharPrevA
PeekMessageA
MsgWaitForMultipleObjects
DispatchMessageA
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
SendMessageA
LoadStringA
wsprintfA
CharNextA

gdi32

DeleteObject
GetStockObject
GetObjectA
CreateFontIndirectA
GetDeviceCaps

kernel32

TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetFileTime
GetFileTime
ReadFile
WritePrivateProfileSectionA
GetProfileStringA
GetLocalTime
GetFullPathNameA
GetSystemInfo
SearchPathA
GetPrivateProfileIntA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EnumResourceLanguagesA
GetDiskFreeSpaceA
MulDiv
GetProcAddress
GetLastError
lstrcpyA
GetDriveTypeA
lstrcpynA
lstrlenA
GetEnvironmentVariableA
CloseHandle
WriteFile
CreateFileA
WritePrivateProfileStringA
LockResource
LoadResource
SizeofResource
FindResourceA
GetTempFileNameA
GetWindowsDirectoryA
GetTempPathA
SetFilePointer
LocalFree
LocalAlloc
lstrcatA
GetModuleFileNameA
IsBadReadPtr
DeleteFileA
LocalReAlloc
DisableThreadLibraryCalls
lstrcmpA
GetPrivateProfileStringA
FreeLibrary
GetFileAttributesA
MultiByteToWideChar
FindFirstFileA
_llseek
_lopen
GetFileSize
CreateProcessA
LoadLibraryA
LoadLibraryExA
UnmapViewOfFile
SetLastError
MapViewOfFileEx
CreateFileMappingA
RemoveDirectoryA
FormatMessageA
IsDBCSLeadByte
GetShortPathNameA
ExpandEnvironmentStringsA
lstrcmpiA
GetVolumeInformationA
SetFileAttributesA
CreateDirectoryA
GetPrivateProfileSectionA
CopyFileA
MoveFileExA
MoveFileA
GetSystemDirectoryA
GetCurrentProcess
GetVersionExA
FindClose
FindNextFileA
_lclose

advapi32

RegDeleteKeyA
RegDeleteValueA
GetTokenInformation
EqualSid
RegEnumKeyA
RegUnLoadKeyA
RegLoadKeyA
RegSaveKeyA
RegFlushKey
AllocateAndInitializeSid
FreeSid
RegEnumValueA
RegSetValueA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoTaskMemFree
OleUninitialize
OleInitialize

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

AddDelBackupEntry
AdvInstallFile
CloseINFEngine
DelNode
DelNodeRunDLL32
DllMain
DoInfInstall
ExecuteCab
ExtractFiles
FileSaveMarkNotExist
FileSaveRestore
FileSaveRestoreOnINF
GetVersionFromFile
GetVersionFromFileEx
IsNTAdmin
LaunchINFSection
LaunchINFSectionEx
NeedReboot
NeedRebootInit
OpenINFEngine
RebootCheckOnInstall
RegInstall
RegRestoreAll
RegSaveRestore
RegSaveRestoreOnINF
RegisterOCX
RunSetupCommand
SetPerUserSecValues
TranslateInfString
TranslateInfStringEx
UserInstStubWrapper
UserUnInstStubWrapper

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/APPHELP.DL_
.cab
apphelp.dll
.dll windows:5 windows x86 arch:x86

ba9c2a6e0d3a4d9e2dfe5069b390c530

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

apphelp.pdb

Imports

ntdll

NtUnmapViewOfSection
NtProtectVirtualMemory
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtQuerySystemInformation
NtQueryVirtualMemory
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlInitString
RtlGetFullPathName_U
RtlUnicodeStringToInteger
DbgPrint
NtWriteFile
NtQueryAttributesFile
NtQueryInformationProcess
RtlGetVersion
NtSetInformationFile
RtlInitAnsiString
strpbrk
strspn
qsort
RtlGUIDFromString
NtQueryInformationFile
NtQueryKey
NtCreateKey
NtSetValueKey
NtSetInformationKey
NtDeleteKey
NtDeleteValueKey
wcspbrk
_vsnprintf
sprintf
strncpy
strchr
atol
isdigit
wcscmp
RtlSecondsSince1970ToTime
RtlUpcaseUnicodeChar
toupper
RtlUpcaseUnicodeString
RtlCopyUnicodeString
RtlUpcaseUnicodeToMultiByteN
LdrAccessResource
LdrFindResource_U
RtlUnwind
NtCreateSection
NtMapViewOfSection
RtlQueryEnvironmentVariable_U
RtlTimeToTimeFields
NtOpenFile
NtQueryDirectoryFile
_wcsnicmp
wcsspn
RtlFormatCurrentUserKeyPath
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
_alloca_probe
wcschr
_snwprintf
RtlDoesFileExists_U
wcsncpy
swprintf
RtlDuplicateUnicodeString
LdrGetDllHandle
RtlDosPathNameToNtPathName_U
NtCreateFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
wcscpy
RtlStringFromGUID
RtlFreeHeap
RtlFreeUnicodeString
RtlExpandEnvironmentStrings_U
NtOpenKey
NtQueryValueKey
NtClose
_wcsicmp
wcscat
wcsrchr
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
wcslen
RtlAllocateHeap
NtEnumerateValueKey
memmove

kernel32

RaiseException
InterlockedExchange
FreeLibrary
LocalAlloc
VerLanguageNameW
GetSystemDirectoryW
GetFileAttributesW
GetCurrentDirectoryW
CreateFileW
SetFilePointer
WriteFile
FindFirstFileW
FindNextFileW
FindClose
GetLongPathNameW
GetModuleHandleW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetSystemWindowsDirectoryW
GetLastError
GetUserDefaultUILanguage
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
BaseDumpAppcompatCache
BaseFlushAppcompatCache
GetDriveTypeW
BaseCheckAppcompatCache
BaseUpdateAppcompatCache
LoadLibraryW
GetProcAddress
DisableThreadLibraryCalls
LoadLibraryA

Exports

Exports

AllowPermLayer
ApphelpCheckExe
ApphelpCheckIME
ApphelpCheckInstallShieldPackage
ApphelpCheckMsiPackage
ApphelpCheckRunApp
ApphelpCheckShellObject
ApphelpFixMsiPackage
ApphelpFixMsiPackageExe
ApphelpFreeFileAttributes
ApphelpGetFileAttributes
ApphelpGetNTVDMInfo
ApphelpQueryModuleData
ApphelpShowDialog
ApphelpShowUI
ApphelpUpdateCacheEntry
GetPermLayers
SdbCloseApphelpInformation
SdbCloseDatabase
SdbCreateMsiTransformFile
SdbDeletePermLayerKeys
SdbEnumMsiTransforms
SdbFindFirstMsiPackage
SdbFindFirstMsiPackage_Str
SdbFindFirstNamedTag
SdbFindFirstTag
SdbFindFirstTagRef
SdbFindNextMsiPackage
SdbFindNextTag
SdbFindNextTagRef
SdbFreeFlagInfo
SdbGetBinaryTagData
SdbGetDatabaseID
SdbGetDatabaseMatch
SdbGetDatabaseVersion
SdbGetEntryFlags
SdbGetFirstChild
SdbGetMsiPackageInformation
SdbGetNextChild
SdbGetPermLayerKeys
SdbGetStandardDatabaseGUID
SdbGetStringTagPtr
SdbGetTagDataSize
SdbGetTagFromTagID
SdbGrabMatchingInfo
SdbGrabMatchingInfoEx
SdbInitDatabase
SdbOpenApphelpDetailsDatabase
SdbOpenApphelpDetailsDatabaseSP
SdbOpenApphelpInformation
SdbOpenDatabase
SdbQueryApphelpInformation
SdbQueryData
SdbQueryDataEx
SdbQueryFlagInfo
SdbReadBYTETag
SdbReadBYTETagRef
SdbReadBinaryTag
SdbReadDWORDTag
SdbReadDWORDTagRef
SdbReadEntryInformation
SdbReadMsiTransformInfo
SdbReadQWORDTag
SdbReadQWORDTagRef
SdbReadStringTag
SdbReadStringTagRef
SdbReadWORDTag
SdbReadWORDTagRef
SdbRegisterDatabase
SdbRegisterDatabaseEx
SdbReleaseDatabase
SdbResolveDatabase
SdbSetPermLayerKeys
SdbTagIDToTagRef
SdbTagRefToTagID
SdbTagToString
SdbUnregisterDatabase
SetPermLayers
ShimDumpCache
ShimFlushCache

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/AUTHZ.DLL
.dll windows:5 windows x86 arch:x86

07984062a8a7c300bf4147488555d4b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

authz.pdb

Imports

msvcrt

wcslen
wcsncpy
_except_handler3
free
_initterm
malloc
_wcsnicmp
_adjust_fdiv
wcsncmp
wcscpy
wcscat
memmove

ntdll

RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlValidSid
RtlMakeSelfRelativeSD
RtlLengthSecurityDescriptor
NtClose
DbgPrint
NtQueryValueKey
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlNtStatusToDosError
RtlLengthSid
NtOpenKey
RtlInitUnicodeString
RtlCopySid
RtlCopyLuid
RtlEqualSid
RtlGetNtProductType
RtlSubAuthoritySid
RtlSubAuthorityCountSid
NtAllocateLocallyUniqueId
RtlInitString
NtQueryInformationToken

kernel32

FreeLibrary
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
GetComputerNameExW
GetComputerNameW
SetUnhandledExceptionFilter
GetProcAddress
GetCurrentThreadId
DelayLoadFailureHook
LocalFree
SetLastError
LocalAlloc
CloseHandle
CreateThread
CreateEventW
SetThreadPriority
SetEvent
WaitForSingleObject
GetLastError
InterlockedIncrement
InterlockedDecrement
VirtualAlloc
GetSystemInfo
VirtualFree
GetCurrentThread
GetCurrentProcess
InterlockedCompareExchange
ResetEvent

rpcrt4

I_RpcExceptionFilter
RpcSsDestroyClientContext
RpcStringFreeW
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2
I_RpcMapWin32Status

advapi32

RegCloseKey
ConvertSidToStringSidW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
EqualDomainSid
CreateWellKnownSid
IsWellKnownSid
GetTokenInformation
GetLengthSid
OpenThreadToken
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW

Exports

Exports

AuthzAccessCheck
AuthzAddSidsToContext
AuthzCachedAccessCheck
AuthzFreeAuditEvent
AuthzFreeContext
AuthzFreeHandle
AuthzFreeResourceManager
AuthzGetInformationFromContext
AuthzInitializeContextFromAuthzContext
AuthzInitializeContextFromSid
AuthzInitializeContextFromToken
AuthzInitializeObjectAccessAuditEvent
AuthzInitializeResourceManager
AuthzOpenObjectAudit
AuthziAllocateAuditParams
AuthziFreeAuditEventType
AuthziFreeAuditParams
AuthziFreeAuditQueue
AuthziInitializeAuditEvent
AuthziInitializeAuditEventType
AuthziInitializeAuditParams
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditParamsWithRM
AuthziInitializeAuditQueue
AuthziLogAuditEvent
AuthziModifyAuditEvent
AuthziModifyAuditEventType
AuthziModifyAuditQueue
AuthziQueryAuditPolicy
AuthziSetAuditPolicy

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/BASESRV.DLL
.dll windows:5 windows x86 arch:x86

ae93f053a9377834e687a1923ac0c558

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

basesrv.pdb

Imports

ntdll

NtQuerySystemInformation
NtClose
NtQueryValueKey
NtOpenKey
memmove
RtlPrefixUnicodeString
NtQueryObject
RtlCopyLuid
NtQueryInformationToken
NtOpenProcessToken
NtOpenThreadToken
NtOpenSymbolicLinkObject
_snwprintf
LdrUnloadDll
LdrGetProcedureAddress
RtlInitString
LdrLoadDll
RtlAppendUnicodeStringToString
NtCreateSymbolicLinkObject
RtlInitializeCriticalSectionAndSpinCount
NtQueryInformationProcess
NtSetInformationObject
NtCreateDirectoryObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
_wcsicmp
wcsncpy
RtlQueryRegistryValues
swprintf
wcscpy
wcscat
RtlCreateUnicodeString
RtlExpandEnvironmentStrings_U
NtCreateSemaphore
RtlInitializeCriticalSection
RtlCreateTagHeap
LdrGetDllHandle
NtTerminateThread
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlCreateUserThread
NtMakePermanentObject
RtlFreeSid
_wcsnicmp
NtMakeTemporaryObject
NtQuerySymbolicLinkObject
wcslen
RtlUpcaseUnicodeChar
NtDuplicateObject
NtOpenThread
DbgBreakPoint
DbgPrint
RtlAllocateAndInitializeSid
RtlCompareUnicodeString
RtlCharToInteger
strstr
RtlAnsiStringToUnicodeString
NtCreateEvent
NtSetEvent
RtlEqualSid
RtlOpenCurrentUser
NtOpenProcess
RtlCopyUnicodeString
NtResetEvent
NtSetInformationProcess
NtQueryDefaultLocale
NtSetValueKey
NtCreateSection
NtNotifyChangeKey
RtlEqualUnicodeString
NtEnumerateKey
NtEnumerateValueKey
RtlUnlockHeap
RtlLockHeap
NtMapViewOfSection
NtUnmapViewOfSection
RtlInitOutOfProcessMemoryStream
NtWriteVirtualMemory
NtQueryInstallUILanguage
NtQueryDefaultUILanguage
RtlFreeUnicodeString
RtlMultiAppendUnicodeStringBuffer
RtlpApplyLengthFunction
RtlGetLengthWithoutTrailingPathSeperators
RtlCloneMemoryStream
RtlUnlockMemoryStreamRegion
RtlLockMemoryStreamRegion
RtlRevertMemoryStream
RtlCommitMemoryStream
RtlCopyMemoryStreamTo
RtlSetMemoryStreamSize
RtlSeekMemoryStream
RtlWriteMemoryStream
RtlReadMemoryStream
RtlReleaseMemoryStream
RtlAddRefMemoryStream
RtlQueryInterfaceMemoryStream
RtlNtStatusToDosErrorNoTeb
NtQueryInformationFile
RtlInitMemoryStream
NtTerminateProcess
RtlUnhandledExceptionFilter
RtlUnwind
NtQueryVirtualMemory
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlInitUnicodeString
RtlUnicodeStringToInteger
NtWaitForSingleObject
RtlAllocateHeap
NtReleaseSemaphore
DbgPrintEx
RtlFreeHeap

csrsrv

CsrCreateProcess
CsrDestroyProcess
CsrLockProcessByClientId
CsrCreateThread
CsrUnlockProcess
CsrValidateMessageBuffer
CsrImpersonateClient
CsrRevertToSelf
CsrValidateMessageString

Exports

Exports

BaseSetProcessCreateNotify
BaseSrvNewObDirAcls
BaseSrvNlsLogon
BaseSrvNlsUpdateRegistryCache
ServerDllInitialization

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/BATMETER.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BatMeterCapabilities
CreateBatMeter
DestroyBatMeter
PowerCapabilities
UpdateBatMeter

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/BIOSINFO.INF
I386/SYSTEM32/BOOTVID.DL_
.cab
bootvid.dll
.dll windows:5 windows x86 arch:x86

11b27065c8dcd63aed72a600840a6984

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

WRITE_REGISTER_USHORT
READ_REGISTER_UCHAR
WRITE_REGISTER_UCHAR
HalPrivateDispatchTable
MmMapIoSpace
WRITE_REGISTER_ULONG
MmUnmapIoSpace

hal

WRITE_PORT_UCHAR
WRITE_PORT_USHORT
WRITE_PORT_BUFFER_USHORT
READ_PORT_USHORT
HalInitSystem
READ_PORT_UCHAR

Exports

Exports

VidBitBlt
VidBufferToScreenBlt
VidCleanUp
VidDisplayString
VidDisplayStringXY
VidInitialize
VidResetDisplay
VidScreenToBufferBlt
VidSetScrollRegion
VidSetTextColor
VidSolidColorFill

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 384B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/BROWSELC.DLL
.dll .js windows:5 windows x86 arch:x86 polyglot

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/BROWSEUI.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 636KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 395KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 530KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/CALC.EXE
.exe windows:5 windows x86 arch:x86

08f6a1b121da8cedde2d1089d0906ed8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellAboutW

msvcrt

__CxxFrameHandler
_CxxThrowException
wcstoul
toupper
wcschr
memmove
wcslen
_wcsrev
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_controlfp
_except_handler3
?terminate@@YAXXZ

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
GlobalCompact
GlobalAlloc
GlobalFree
GlobalReAlloc
lstrcmpW
Sleep
WriteProfileStringW
GetStartupInfoA
GlobalSize
GlobalUnlock
CreateEventW
CreateThread
ResetEvent
lstrcpynW
SetEvent
WaitForSingleObject
CloseHandle
lstrcatW
lstrlenW
LocalReAlloc
LocalFree
LocalAlloc
GetProfileStringW
GlobalLock
GetCommandLineW
lstrcpyW
GetProfileIntW

gdi32

SetBkColor
SetTextColor
SetBkMode

user32

GetMenu
SetDlgItemInt
GetWindowTextW
CheckDlgButton
HideCaret
CallWindowProcW
DrawTextW
WinHelpW
PostQuitMessage
GetDlgCtrlID
ScreenToClient
ChildWindowFromPoint
DefWindowProcW
IsClipboardFormatAvailable
EnableMenuItem
TrackPopupMenuEx
GetDesktopWindow
OpenClipboard
GetClipboardData
CharNextA
CloseClipboard
GetSysColor
DialogBoxParamW
EndDialog
MessageBeep
GetSubMenu
CheckRadioButton
SetWindowTextW
SetFocus
SetCursor
CharNextW
RegisterClassExW
GetSysColorBrush
LoadCursorW
LoadIconW
InvalidateRect
UpdateWindow
ShowWindow
SendMessageW
SetDlgItemTextW
CheckMenuItem
CheckMenuRadioItem
SetWindowPos
OffsetRect
MapWindowPoints
GetClientRect
EnableWindow
LoadMenuW
SetWindowLongW
GetWindowLongW
CreateDialogParamW
GetDlgItem
DestroyMenu
DestroyWindow
SetMenu
GetWindowRect
SystemParametersInfoW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
GetMessageW
LoadAcceleratorsW
CreateWindowExW
MessageBoxW
LoadStringW
SetProcessDefaultLayout
GetProcessDefaultLayout

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
I386/SYSTEM32/CHARMAP.EXE
.exe windows:5 windows x86 arch:x86

643e0950faa1bef0669f73f3898cbf8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcscat
free
realloc
malloc
??3@YAXPAX@Z
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_wcsupr
wcsstr
towupper
wcslen
??2@YAPAXI@Z
swscanf
_wtol
wcscpy

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumValueW
RegOpenKeyExW

kernel32

GlobalAlloc
MulDiv
lstrlenW
lstrcmpW
FreeResource
GlobalUnlock
LoadResource
FindResourceW
GetThreadLocale
lstrcpynW
GetLocaleInfoW
GetWindowsDirectoryW
GetProfileIntW
GetACP
FreeLibrary
LoadLibraryW
CompareStringW
IsValidCodePage
EnumSystemCodePagesW
GetProfileStringW
WriteProfileStringW
GetSystemDirectoryW
IsDBCSLeadByteEx
GetCPInfo
GlobalLock
MapViewOfFile
CloseHandle
CreateFileMappingW
GetFileSize
CreateFileW
lstrcatW
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
UnmapViewOfFile
IsValidLanguageGroup
LocalFree
LocalAlloc
FindClose
FindNextFileW
FindFirstFileW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetStartupInfoA
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiW
LoadLibraryA
GetStringTypeW
lstrcpyW
GetProcAddress
LockResource

gdi32

GetTextExtentPoint32W
EnumFontFamiliesExW
GetFontData
GetCharWidth32W
CreateFontW
TextOutW
UnrealizeObject
CreateCompatibleBitmap
LineTo
CreateDIBitmap
CreateCompatibleDC
DeleteDC
GetObjectW
CreateFontIndirectW
SetTextAlign
GetDeviceCaps
BitBlt
CreateSolidBrush
PatBlt
GetStockObject
SetTextColor
SetBkColor
SetBkMode
MoveToEx
CreatePen
GetTextExtentPointW
GetTextAlign
DeleteObject
TranslateCharsetInfo
SelectObject
GetTextMetricsW
ExtTextOutW

user32

SetScrollPos
RegisterClipboardFormatW
UnregisterClassW
GetScrollInfo
SetScrollInfo
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
CreateDialogParamW
UpdateWindow
FillRect
PostQuitMessage
WinHelpW
GetFocus
EnumChildWindows
LoadCursorW
RegisterClassW
DefDlgProcW
LoadIconW
GetKeyboardLayout
ClientToScreen
GetWindowDC
MapWindowPoints
SetWindowLongW
GetWindowLongW
GetClassNameW
ReleaseDC
GetDC
GetSysColor
DrawFocusRect
SendMessageW
GetWindowTextW
GetWindowTextLengthW
GetDlgItem
GetSystemMetrics
GetDesktopWindow
GetWindowRect
ShowWindow
MoveWindow
SetTimer
KillTimer
GetClientRect
SetDlgItemTextW
wsprintfW
EnableWindow
SendDlgItemMessageW
IsWindowEnabled
CreateWindowExW
DestroyWindow
CallWindowProcW
SetFocus
LoadStringW
ShowCursor
ReleaseCapture
InvalidateRect
BeginPaint
SetScrollRange
GetDlgItemTextW
SetWindowTextW
GetParent
GetDlgCtrlID
PostMessageW
ValidateRect
GetAsyncKeyState
GetMessageTime
GetCursorPos
ScreenToClient
WindowFromPoint
GetUpdateRect
SetCapture
DefWindowProcW
PtInRect
GetMessagePos
EndPaint

comctl32

ord17

ole32

OleUninitialize
DoDragDrop
CoGetMalloc
OleInitialize

getuname

GetUName

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
I386/SYSTEM32/CIRRUS.DLL
.dll windows:5 windows x86 arch:x86

acb8d0a55b0348f26fdf5b8883bc44f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cirrus.pdb

Imports

win32k.sys

EngDeleteClip
EngDeleteSurface
EngUnlockSurface
EngLockSurface
EngAssociateSurface
EngCreateBitmap
EngCreateClip
XLATEOBJ_piVector
EngBitBlt
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
BRUSHOBJ_pvGetRbrush
EngCopyBits
BRUSHOBJ_pvAllocRbrush
EngQueryPerformanceCounter
EngDeviceIoControl
EngFreeMem
EngAllocMem
EngCreateDeviceSurface
PATHOBJ_bEnum
PATHOBJ_vGetBounds
PATHOBJ_vEnumStart
EngFillPath
EngCreateDeviceBitmap
EngCreatePalette
EngDeletePalette
PALOBJ_cGetColors
EngStretchBlt
EngStrokePath
PATHOBJ_bEnumClipLines
PATHOBJ_vEnumStartClipLines
STROBJ_bEnum
EngTextOut

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 207B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 834B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/CMD.EXE
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 304KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 88KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
I386/SYSTEM32/COMCTL32.DLL
.dll windows:5 windows x86 arch:x86

5cff533af4e5d1c38b24280958a349cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

comctl32.pdb

Imports

ntdll

RtlUnwind

advapi32

AllocateAndInitializeSid
RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
FreeSid
CheckTokenMembership
OpenProcessToken
RegOpenKeyExW
RegOpenCurrentUser
RegQueryValueW
RegCreateKeyW
RegQueryValueExA

gdi32

PatBlt
ExtSelectClipRgn
GetTextExtentPointW
DeleteObject
BitBlt
StretchDIBits
SelectObject
CreateCompatibleBitmap
CreateDIBSection
CreateCompatibleDC
GetStockObject
CreateRectRgn
SetWindowOrgEx
OffsetWindowOrgEx
CreateFontIndirectW
GetObjectW
GetDeviceCaps
DeleteDC
TranslateCharsetInfo
ExtTextOutW
GetTextMetricsW
CreateHalftonePalette
CreatePalette
GetDIBColorTable
GetTextExtentPoint32W
RealizePalette
SelectPalette
UnrealizeObject
StretchBlt
SetTextColor
SetBkColor
SetBkMode
SetBrushOrgEx
GetDCOrgEx
EnumFontFamiliesExW
CreatePatternBrush
CreateSolidBrush
GetNearestColor
SetTextAlign
GetTextAlign
RestoreDC
IntersectClipRect
SaveDC
RectVisible
Polyline
CreatePen
CreateBitmapIndirect
CreateBitmap
TextOutW
CreateFontW
GetClipBox
GetPaletteEntries
SetPixelV
SetPixel
GetPixel
SetDIBColorTable
GetBitmapBits
GetDIBits
SetDIBits
MaskBlt
GetBkColor
Arc
Rectangle
Ellipse
LineTo
MoveToEx
SelectClipRgn
GetCurrentObject
CombineRgn
CreatePolygonRgn
CreateRoundRectRgn
FrameRgn
FillRgn
GetCharWidthW
CreateRectRgnIndirect
GetTextColor
ExcludeClipRect
GetClipRgn
OffsetRgn
GetTextCharsetInfo
GetCharWidthA
GetTextExtentPointA
ExtTextOutA
GetWindowExtEx
GetViewportExtEx

kernel32

TerminateProcess
LocalAlloc
LocalFree
LoadLibraryW
GetModuleHandleW
FreeLibrary
GetProcAddress
lstrcmpiW
lstrcmpiA
lstrlenW
WideCharToMultiByte
LocalReAlloc
LocalSize
FreeResource
GlobalFree
GlobalAlloc
LockResource
LoadResource
FindResourceW
CloseHandle
GetCurrentProcess
GetTickCount
MulDiv
InterlockedIncrement
InterlockedDecrement
lstrlenA
UnhandledExceptionFilter
SizeofResource
lstrcmpW
EnumResourceLanguagesW
FindResourceExW
GetLocaleInfoW
FindResourceExA
GetUserDefaultLCID
GetThreadLocale
MultiByteToWideChar
GetNumberFormatW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
InterlockedExchange
GlobalAddAtomW
GetCurrentProcessId
GetCurrentThreadId
QueryActCtxW
ActivateActCtx
DeactivateActCtx
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
InitializeCriticalSection
GetACP
DeleteCriticalSection
DisableThreadLibraryCalls
IsBadWritePtr
lstrcmpA
CompareStringA
CompareStringW
GetSystemDefaultLCID
IsBadReadPtr
Sleep
GetUserDefaultLangID
GetDateFormatW
EnumCalendarInfoW
GetStringTypeExW
GlobalUnlock
GlobalHandle
GetLocalTime
GetTimeFormatW
GetLastError
WaitForSingleObject
SetEvent
CreateThread
CreateEventW
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
UnmapViewOfFile
GlobalReAlloc
GetModuleHandleA
TlsSetValue
GetCommandLineA
ExitProcess
TlsFree
SetLastError
TlsGetValue
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualQuery
GetOEMCP
GetCPInfo
VirtualAlloc
LoadLibraryA
SetFilePointer
SetUnhandledExceptionFilter
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
VirtualProtect
GetSystemInfo
FlushFileBuffers
GetSystemTimeAsFileTime
QueryPerformanceCounter

user32

GetParent
ClientToScreen
GetClientRect
GetWindowRect
ReleaseDC
GetDC
GetSysColor
GetCapture
WaitMessage
ReleaseCapture
PtInRect
DispatchMessageW
TranslateMessage
CallMsgFilterW
PeekMessageW
IsWindow
SetCapture
MapWindowPoints
SetRect
SystemParametersInfoW
RegisterWindowMessageW
GetSysColorBrush
SendMessageW
GetMessageTime
MessageBeep
UnionRect
RedrawWindow
ScrollWindowEx
GetDoubleClickTime
SetRectEmpty
ScreenToClient
GetMessagePos
GetDlgItem
SetWindowLongW
GetWindowLongW
CopyRect
CreateDialogIndirectParamW
DestroyWindow
CreateDialogIndirectParamA
LoadImageW
DrawTextW
LoadStringW
ShowWindow
IsWindowVisible
SendDlgItemMessageW
SetFocus
IsChild
IsWindowEnabled
EnableWindow
GetFocus
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
GetClassNameW
InvalidateRect
FillRect
DefWindowProcW
SetLastErrorEx
GetDlgCtrlID
GetNextDlgTabItem
SetWindowTextW
IsDialogMessageW
GetKeyState
MapDialogRect
SetForegroundWindow
CopyImage
CreateWindowExW
DestroyIcon
SetDlgItemTextW
SetCursor
LoadCursorW
SetWindowTextA
WinHelpW
EndPaint
BeginPaint
SetActiveWindow
GetActiveWindow
PostQuitMessage
GetMessageW
GetDesktopWindow
IsZoomed
CreateWindowExA
InflateRect
DrawIconEx
DrawEdge
DrawFrameControl
UpdateWindow
GetIconInfo
RegisterClassW
GetWindowLongA
EqualRect
IntersectRect
GetUpdateRect
GetAsyncKeyState
PostMessageW
GetWindowDC
EnumChildWindows
GetWindow
MoveWindow
GetWindowTextW
GetCaretBlinkTime
KillTimer
GetCursorPos
SetTimer
GetPropW
GetWindowThreadProcessId
SetPropW
RemovePropW
CallWindowProcW
SendNotifyMessageW
CloseDesktop
EnumWindows
SetThreadDesktop
GetThreadDesktop
OpenDesktopW
EnumDesktopsW
GetProcessWindowStation
SetCursorPos
DrawIcon
LoadIconW
InvertRect
IsRectEmpty
EnableScrollBar
SetScrollInfo
GetScrollPos
GetScrollRange
GetScrollInfo
ShowScrollBar
SetScrollPos
SetScrollRange
GetMenuItemID
GetMenuItemCount
GetMenuItemInfoW
GetSubMenu
GetSystemMenu
CheckMenuItem
SetMenu
GetMenuState
SubtractRect
UnregisterClassW
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
OffsetRect
GetDCEx
CreateIconIndirect
CopyIcon
CharPrevW
DrawFocusRect
WindowFromPoint
SetParent
AppendMenuW
CreatePopupMenu
DestroyMenu
TrackPopupMenu
AdjustWindowRect
FrameRect
ChildWindowFromPoint
EndDialog
DialogBoxIndirectParamW
GetCursor
GetForegroundWindow
AdjustWindowRectEx
GetMenu
SetWindowRgn
GetWindowRgn
InvalidateRgn
GetKeyNameTextW
MapVirtualKeyW
ShowCaret
SetCaretPos
GrayStringW
HideCaret
CreateCaret
DestroyCaret
GetKeyboardLayout
DrawTextExW
GetShellWindow
DestroyCursor
GetUpdateRgn
ValidateRect
LockWindowUpdate
SetKeyboardState
GetKeyboardState
GetWindowTextLengthW
SetWindowPos
CharLowerW

Exports

Exports

AddMRUStringW
CreateMRUListW
CreateMappedBitmap
CreatePropertySheetPage
CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
CreateStatusWindowA
CreateStatusWindowW
CreateToolbar
CreateToolbarEx
CreateUpDownControl
DPA_Create
DPA_DeleteAllPtrs
DPA_DeletePtr
DPA_Destroy
DPA_DestroyCallback
DPA_EnumCallback
DPA_GetPtr
DPA_InsertPtr
DPA_Search
DPA_SetPtr
DPA_Sort
DSA_Create
DSA_DeleteAllItems
DSA_Destroy
DSA_DestroyCallback
DSA_GetItemPtr
DSA_InsertItem
DefSubclassProc
DestroyPropertySheetPage
DllGetVersion
DllInstall
DrawInsert
DrawStatusText
DrawStatusTextA
DrawStatusTextW
EnumMRUListW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
FreeMRUList
GetEffectiveClientRect
GetMUILanguage
ImageList_Add
ImageList_AddIcon
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Duplicate
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetFlags
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetFilter
ImageList_SetFlags
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
InitCommonControls
InitCommonControlsEx
InitMUILanguage
InitializeFlatSB
LBItemFromPt
MakeDragList
MenuHelp
PropertySheet
PropertySheetA
PropertySheetW
RegisterClassNameW
RemoveWindowSubclass
SetWindowSubclass
ShowHideMenuCtl
Str_SetPtrW
UninitializeFlatSB
_TrackMouseEvent

Sections

.text
Size: 447KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/COMDLG32.DLL
.dll windows:5 windows x86 arch:x86

00112cee6850efdd15bb860761c35504

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

comdlg32.pdb

Imports

shlwapi

PathAddBackslashW
ord437
ord476
ord80
StrCmpW
ord16
ord355
PathIsUNCW
UrlIsW
PathFindExtensionW
ord197
SHRegGetValueW
PathFileExistsW
ord204
StrDupW
ord317
ord172
StrStrW
PathCombineW
PathMatchSpecW
PathGetDriveNumberW
SHOpenRegStream2W
ord219
ord346
StrCmpIW
ord461
StrRetToBufW
ord175
PathFindFileNameW
ord266
SHRegGetBoolUSValueW
wvnsprintfW
PathRemoveBlanksW
PathIsRootW
wnsprintfW
StrRChrW
ord217
ord215
PathSkipRootW
StrChrW

kernel32

GetACP
GetProcAddress
GetModuleHandleW
MulDiv
lstrcpynW
lstrcmpW
GlobalFree
GlobalAlloc
lstrcpyW
lstrcpyA
DeleteCriticalSection
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
DeleteFileW
GetTempFileNameW
GetProfileStringW
GetLocaleInfoW
GlobalUnlock
GlobalLock
GlobalReAlloc
FreeLibrary
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
FindResourceA
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
GetSystemDefaultUILanguage
FindResourceExW
ExpandEnvironmentStringsW
FreeResource
LoadResource
SetErrorMode
SetCurrentDirectoryW
CreateEventW
GetModuleFileNameW
LoadLibraryW
CreateThread
WaitForSingleObject
ResetEvent
FreeLibraryAndExitThread
LocalReAlloc
GetFullPathNameW
GetFileAttributesW
GetProcessVersion
GetVolumeInformationW
GetUserDefaultLCID
LockResource
FormatMessageW
FindFirstFileW
FindNextFileW
FindClose
LocalSize
WideCharToMultiByte
GetVersionExA
InterlockedExchange
GetModuleHandleA
DelayLoadFailureHook
TlsSetValue
FindResourceW
LocalFree
MultiByteToWideChar
lstrlenA
LocalAlloc
SetLastError
TlsGetValue
lstrlenW
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetShortPathNameW
GetCurrentDirectoryW
CreateFileW
lstrcmpiW
GetDriveTypeW
SetEvent
CloseHandle
GetCurrentThreadId

user32

DialogBoxIndirectParamW
CharPrevW
KillTimer
GetWindowTextLengthW
CreateDialogIndirectParamA
SetTimer
IsWindowVisible
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
CreatePopupMenu
DestroyMenu
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
PeekMessageW
EnumChildWindows
GetDlgCtrlID
SetWindowsHookExW
LoadAcceleratorsW
UnhookWindowsHookEx
CreateDialogIndirectParamW
GetSystemMenu
DeleteMenu
SetParent
CallNextHookEx
LockWindowUpdate
GetWindow
GetLastActivePopup
FindWindowExW
RedrawWindow
DrawTextW
DrawIcon
GetWindowPlacement
SetWindowPlacement
GetKeyState
LoadIconW
LoadImageW
RegisterClipboardFormatW
GetKeyboardLayout
DestroyWindow
GetDlgItemTextA
SetDlgItemTextA
CheckRadioButton
IsWindow
RegisterWindowMessageA
RegisterWindowMessageW
MessageBeep
IsDlgButtonChecked
CheckDlgButton
SetWindowTextW
DlgDirListW
SetDlgItemTextW
GetWindowTextW
MessageBoxW
PostMessageW
CharNextW
DefWindowProcW
GrayStringW
CharLowerW
GetDialogBaseUnits
ScreenToClient
CreateWindowExW
GetWindowLongA
LoadStringW
GetSystemMetrics
ShowCursor
LoadCursorW
SetCursor
IntersectRect
EqualRect
GetSysColorBrush
InvalidateRect
IsWindowEnabled
WinHelpW
BeginPaint
EndPaint
SetPropW
PtInRect
SetCapture
ClipCursor
ValidateRect
ChildWindowFromPoint
SetFocus
DialogBoxIndirectParamAorW
CreateDialogIndirectParamAorW
CharNextA
GetWindowLongW
FrameRect
GetSysColor
CopyRect
ReleaseDC
DrawFocusRect
InflateRect
GetDC
GetFocus
MapWindowPoints
GetClientRect
GetDlgItem
CallWindowProcW
GetDlgItemInt
SetDlgItemInt
GetDlgItemTextW
RemovePropW
EndDialog
UpdateWindow
SendDlgItemMessageW
SetWindowPos
EnableWindow
ShowWindow
MoveWindow
SetWindowLongW
GetWindowRect
DrawEdge
FillRect
GetParent
SendMessageW
GetPropW
TranslateAcceleratorW

gdi32

CreateSolidBrush
DeleteObject
SelectObject
GetStockObject
CreatePen
GetNearestColor
DeleteDC
CreateCompatibleDC
RealizePalette
SelectPalette
PatBlt
BitBlt
LineTo
MoveToEx
CreateCompatibleBitmap
CreateDIBitmap
CreateDiscardableBitmap
GetObjectW
GetTextMetricsW
ExtTextOutW
SetBkMode
SetTextColor
SetBkColor
GetTextExtentPointW
EnumFontFamiliesExW
GetDeviceCaps
GetTextCharset
TextOutW
GetTextCharsetInfo
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetWindowExtEx
GetViewportExtEx
GetMapMode
TranslateCharsetInfo
ExcludeClipRect
CreateDCW
CreateFontW
CreateRectRgnIndirect
SelectClipRgn
GetCharWidth32W
CreateFontIndirectW
Rectangle
CreateICW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryValueW

comctl32

ord16
ord412
ord413
ord410
PropertySheetW
ord401
ord386
ord339
ord335
ord156
ord167
ord400
ord169
ord152
ord403
CreatePropertySheetPageW
InitCommonControlsEx
ImageList_GetIconSize
ord338
ImageList_Destroy
ord334
ord329
ord328
ImageList_Draw
CreateToolbarEx
ord341

shell32

ord25
SHBindToParent
ord155
ord18
SHGetPathFromIDListW
ord102
ord644
ord645
ord21
ord2
ord16
ord71
ord89
ord4
ord195
SHGetDesktopFolder
SHGetMalloc
ord100
SheChangeDirExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHAddToRecentDocs
ord28
SHCreateShellItem
ord152
ord148
ord68
ord77
ord19
ord153
ord24
SHGetFolderLocation
ord190
ord173
ord42
ord654
ord714
ord96
ord755
ord95
ord17

ntdll

RtlUnwind
_wcsicmp
wcslen
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
_chkstk
RtlUnicodeToMultiByteSize
RtlInitUnicodeStringEx
RtlIsNameLegalDOS8Dot3
_vsnwprintf
memmove
NtQueryVirtualMemory

Exports

Exports

ChooseColorA
ChooseColorW
ChooseFontA
ChooseFontW
CommDlgExtendedError
FindTextA
FindTextW
GetFileTitleA
GetFileTitleW
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
LoadAlterBitmap
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgExA
PrintDlgExW
PrintDlgW
ReplaceTextA
ReplaceTextW
Ssync_ANSI_UNICODE_Struct_For_WOW
WantArrows
dwLBSubclass
dwOKSubclass

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/CONFIG/DEFAULT
I386/SYSTEM32/CONFIG/SAM
I386/SYSTEM32/CONFIG/SECURITY
I386/SYSTEM32/CONFIG/SOFTWARE
I386/SYSTEM32/CRTDLL.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??2@YAPAXI@Z
??3@YAXPAX@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_HUGE_dll
_XcptFilter
__GetMainArgs
__argc_dll
__argv_dll
__dllonexit
__doserrno
__fpecode
__isascii
__iscsym
__iscsymf
__mb_cur_max_dll
__pxcptinfoptrs
__threadhandle
__threadid
__toascii
_abnormal_termination
_access
_acmdln_dll
_aexit_rtn_dll
_amsg_exit
_assert
_basemajor_dll
_baseminor_dll
_baseversion_dll
_beep
_beginthread
_c_exit
_cabs
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chmod
_chsize
_clearfp
_close
_commit
_commode_dll
_control87
_controlfp
_copysign
_cprintf
_cpumode_dll
_cputs
_creat
_cscanf
_ctype
_cwait
_daylight_dll
_dup
_dup2
_ecvt
_endthread
_environ_dll
_eof
_errno
_except_handler2
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo_dll
_filelength
_fileno
_findclose
_findfirst
_findnext
_finite
_flsbuf
_flushall
_fmode_dll
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getpid
_getsystime
_getw
_global_unwind2
_heapchk
_heapmin
_heapset
_heapwalk
_hypot
_initterm
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalpha
_ismbcdigit
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_locking
_logb
_lrotl
_lrotr
_lsearch
_lseek
_ltoa
_ltow
_makepath
_matherr
_mbbtombc
_mbbtype
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcpy
_mbsnbicmp
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osmajor_dll
_osminor_dll
_osmode_dll
_osver_dll
_osversion_dll
_pclose
_pctype_dll
_pgmptr_dll
_pipe
_popen
_purecall
_putch
_putenv
_putw
_pwctype_dll
_read
_rmdir
_rmtmp
_rotl
_rotr
_scalb
_searchenv
_seterrormode
_setjmp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_statusfp
_strcmpi
_strdate
_strdec
_strdup
_strerror
_stricmp
_stricoll
_strinc
_strlwr
_strncnt
_strnextc
_strnicmp
_strninc
_strnset
_strrev
_strset
_strspnp
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr_dll
_tell
_tempnam
_timezone_dll
_tolower
_toupper
_tzname
_tzset
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_utime
_vsnprintf
_vsnwprintf
_wcsdup
_wcsicmp
_wcsicoll
_wcslwr
_wcsnicmp
_wcsnset
_wcsrev
_wcsset
_wcsupr
_winmajor_dll
_winminor_dll
_winver_dll
_write
_wtoi
_wtol
_y0
_y1
_yn
abort
abs
acos
asctime
asin
atan
atan2
atexit
atof
atoi
atol
bsearch
calloc
ceil
clearerr
clock
cos
cosh
ctime
difftime
div
exit
exp
fabs
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fgetwc
floor
fmod
fopen
fprintf
fputc
fputs
fputwc
fread
free
freopen
frexp
fscanf
fseek
fsetpos
ftell
fwprintf
fwrite
fwscanf
getc
getchar
getenv
gets
gmtime
is_wctype
isalnum
isalpha
iscntrl
isdigit
isgraph
isleadbyte
islower
isprint
ispunct
isspace
isupper
iswalnum
iswalpha
iswascii
iswcntrl
iswctype
iswdigit
iswgraph
iswlower
iswprint
iswpunct
iswspace
iswupper
iswxdigit
isxdigit
labs
ldexp
ldiv
localeconv
localtime
log
log10
longjmp
malloc
mblen
mbstowcs
mbtowc
memchr
memcmp
memcpy
memmove
memset
mktime
modf
perror
pow
printf
putc
putchar
puts
qsort
raise
rand
realloc
remove
rename
rewind
scanf
setbuf
setlocale
setvbuf
signal
sin
sinh
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtod
strtok
strtol
strtoul
strxfrm
swprintf
swscanf
system
tan
tanh
time
tmpfile
tmpnam
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
vfwprintf
vprintf
vsprintf

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/CRYPT32.DLL
.dll windows:5 windows x86 arch:x86

4db35f8bf89d5f0c9a3cb4c5d120f0c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

crypt32.pdb

Imports

advapi32

CryptAcquireContextA
CryptSignHashA
CryptVerifySignatureA
CryptSetProviderA
RegCloseKey
RegQueryInfoKeyA
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegDeleteValueA
RegDeleteValueW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyExW
RegConnectRegistryA
RegConnectRegistryW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
CryptReleaseContext
CryptSetProvParam
CryptGetProvParam
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptGetKeyParam
CryptExportKey
CryptDestroyKey
CryptGetUserKey
CryptImportKey
CryptGenKey
RegNotifyChangeKeyValue
RegEnumKeyA
AllocateAndInitializeSid
FreeSid
RegGetKeySecurity
GetAce
GetSecurityDescriptorDacl
EqualSid
GetSecurityDescriptorOwner
AdjustTokenPrivileges
LookupPrivilegeValueA
RegSetKeySecurity
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorGroup
CryptSetKeyParam
CryptGenRandom
CryptSetHashParam
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptGetDefaultProviderW
SystemFunction041
StartServiceW
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
QueryServiceConfigA
OpenServiceW
OpenSCManagerW
ControlService
StartServiceA
CloseServiceHandle
QueryServiceStatus
GetUserNameA
GetUserNameW

msvcrt

wcslen
free
wcscmp
wcscpy
malloc
isupper
isdigit
isxdigit
sprintf
_except_handler3
bsearch
qsort
_ltoa
strtoul
wcscat
wcschr
_itow
_ltow
_snwprintf
_ultoa
memmove
strncpy
_wcsnicmp
_wcsicmp
_initterm
_adjust_fdiv
__dllonexit
_onexit
atol
strncmp

kernel32

GetTimeFormatW
GetTimeFormatA
GetDateFormatW
GetDateFormatA
CompareStringW
FormatMessageW
FormatMessageA
GetComputerNameA
GetEnvironmentVariableA
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
GetFileAttributesA
SetLastError
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
LocalFree
MultiByteToWideChar
LocalAlloc
CreateDirectoryA
CreateDirectoryW
GetTempFileNameA
LoadLibraryExA
LoadLibraryExW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
lstrlenA
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindFirstChangeNotificationA
FindFirstChangeNotificationW
lstrlenW
GetVersionExA
WideCharToMultiByte
CloseHandle
GetCurrentThread
GetACP
DeleteCriticalSection
InterlockedIncrement
WriteFile
ReadFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
SetEvent
InterlockedDecrement
CompareFileTime
CreateEventA
lstrcmpA
CompareStringA
DuplicateHandle
WaitForSingleObjectEx
WaitForSingleObject
SetEndOfFile
GetFileSize
GetFileAttributesExW
lstrcpyA
SystemTimeToFileTime
GetSystemTime
WaitForMultipleObjectsEx
CreateThread
ExitThread
FreeLibraryAndExitThread
Sleep
FindClose
FindNextChangeNotification
FindCloseChangeNotification
PulseEvent
InterlockedExchange
lstrcatA
LocalReAlloc
GetSystemDefaultLangID
FileTimeToSystemTime
FileTimeToLocalFileTime
GetUserDefaultLCID
MapViewOfFile
CreateFileMappingA
GetTempPathA
UnmapViewOfFile
GetModuleHandleA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
OpenEventA
OutputDebugStringA
GetModuleFileNameW
OpenFileMappingW
CreateFileMappingW
ReleaseMutex
InitializeCriticalSection
LocalSize
GetModuleFileNameA
CreateMutexA
CreateMutexW
OpenMutexA
OpenMutexW
GetLocalTime
GetSystemTimeAsFileTime
DelayLoadFailureHook

user32

GetSystemMetrics
GetProcessDefaultLayout
wsprintfW
MessageBoxW
MessageBoxA
LoadStringA
LoadStringW
wsprintfA

msasn1

ASN1Free
ASN1BERDotVal2Eoid
ASN1CEREncGeneralizedTime
ASN1CEREncUTCTime
ASN1CEREncBeginBlk
ASN1CEREncNewBlkElement
ASN1CEREncFlushBlkElement
ASN1CEREncEndBlk
ASN1BEREncCharString
ASN1BEREncChar16String
ASN1BEREncChar32String
ASN1BEREncBitString
ASN1BEREncMultibyteString
ASN1BEREncOctetString
ASN1BEREncUTF8String
ASN1_CreateModule
ASN1_CloseModule
ASN1BEREncEoid
ASN1BERDecEoid
ASN1BEREoid_free
ASN1BERDecBitString2
ASN1BEREncS32
ASN1BERDecS32Val
ASN1BEREncSX
ASN1BERDecSXVal
ASN1intx_free
ASN1BERDecOctetString2
ASN1BEREncU32
ASN1BERDecU32Val
ASN1BERDecUTCTime
ASN1BEREncEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecEndOfContents
ASN1DecRealloc
ASN1BERDecPeekTag
ASN1BERDecNotEndOfContents
ASN1BERDecExplicitTag
ASN1EncSetError
ASN1BERDecCharString
ASN1BERDecChar32String
ASN1BERDecChar16String
ASN1DecSetError
ASN1BERDecUTF8String
ASN1BERDecMultibyteString
ASN1char16string_free
ASN1char32string_free
ASN1charstring_free
ASN1utf8string_free
ASN1BEREncOpenType
ASN1BERDecOpenType2
ASN1BERDecGeneralizedTime
ASN1BEREncBool
ASN1BERDecBool
ASN1BERDecZeroCharString
ASN1ztcharstring_free
ASN1BEREncObjectIdentifier2
ASN1BERDecObjectIdentifier2
ASN1BERDecOctetString
ASN1octetstring_free
ASN1BERDecOpenType
ASN1open_free
ASN1BERDecBitString
ASN1bitstring_free
ASN1objectidentifier2_cmp
ASN1_Encode
ASN1_Decode
ASN1_SetEncoderOption
ASN1_FreeDecoded
ASN1_CloseDecoder
ASN1_CloseEncoder
ASN1_CreateEncoder
ASN1_CreateDecoder
ASN1BEREoid2DotVal
ASN1_FreeEncoded

rpcrt4

NdrClientCall2
RpcBindingFromStringBindingA
RpcStringBindingComposeA
RpcStringFreeA
RpcBindingFree
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcImpersonateClient
RpcRevertToSelf
UuidCreate
RpcStringFreeW
UuidToStringA

Exports

Exports

CertAddCRLContextToStore
CertAddCRLLinkToStore
CertAddCTLContextToStore
CertAddCTLLinkToStore
CertAddCertificateContextToStore
CertAddCertificateLinkToStore
CertAddEncodedCRLToStore
CertAddEncodedCTLToStore
CertAddEncodedCertificateToStore
CertAddEncodedCertificateToSystemStoreA
CertAddEncodedCertificateToSystemStoreW
CertAddEnhancedKeyUsageIdentifier
CertAddSerializedElementToStore
CertAddStoreToCollection
CertAlgIdToOID
CertCloseStore
CertCompareCertificate
CertCompareCertificateName
CertCompareIntegerBlob
CertComparePublicKeyInfo
CertControlStore
CertCreateCRLContext
CertCreateCTLContext
CertCreateCTLEntryFromCertificateContextProperties
CertCreateCertificateChainEngine
CertCreateCertificateContext
CertCreateContext
CertCreateSelfSignCertificate
CertDeleteCRLFromStore
CertDeleteCTLFromStore
CertDeleteCertificateFromStore
CertDuplicateCRLContext
CertDuplicateCTLContext
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCRLContextProperties
CertEnumCRLsInStore
CertEnumCTLContextProperties
CertEnumCTLsInStore
CertEnumCertificateContextProperties
CertEnumCertificatesInStore
CertEnumPhysicalStore
CertEnumSubjectInSortedCTL
CertEnumSystemStore
CertEnumSystemStoreLocation
CertFindAttribute
CertFindCRLInStore
CertFindCTLInStore
CertFindCertificateInCRL
CertFindCertificateInStore
CertFindChainInStore
CertFindExtension
CertFindRDNAttr
CertFindSubjectInCTL
CertFindSubjectInSortedCTL
CertFreeCRLContext
CertFreeCTLContext
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCRLContextProperty
CertGetCRLFromStore
CertGetCTLContextProperty
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetIssuerCertificateFromStore
CertGetNameStringA
CertGetNameStringW
CertGetPublicKeyLength
CertGetStoreProperty
CertGetSubjectCertificateFromStore
CertGetValidUsages
CertIsRDNAttrsInCertificateName
CertIsValidCRLForCertificate
CertNameToStrA
CertNameToStrW
CertOIDToAlgId
CertOpenStore
CertOpenSystemStoreA
CertOpenSystemStoreW
CertRDNValueToStrA
CertRDNValueToStrW
CertRegisterPhysicalStore
CertRegisterSystemStore
CertRemoveEnhancedKeyUsageIdentifier
CertRemoveStoreFromCollection
CertResyncCertificateChainEngine
CertSaveStore
CertSerializeCRLStoreElement
CertSerializeCTLStoreElement
CertSerializeCertificateStoreElement
CertSetCRLContextProperty
CertSetCTLContextProperty
CertSetCertificateContextPropertiesFromCTLEntry
CertSetCertificateContextProperty
CertSetEnhancedKeyUsage
CertSetStoreProperty
CertStrToNameA
CertStrToNameW
CertUnregisterPhysicalStore
CertUnregisterSystemStore
CertVerifyCRLRevocation
CertVerifyCRLTimeValidity
CertVerifyCTLUsage
CertVerifyCertificateChainPolicy
CertVerifyRevocation
CertVerifySubjectCertificateContext
CertVerifyTimeValidity
CertVerifyValidityNesting
ChainWlxLogoffEvent
CloseCertPerformanceData
CollectCertPerformanceData
CreateFileU
CryptAcquireCertificatePrivateKey
CryptAcquireContextU
CryptBinaryToStringA
CryptBinaryToStringW
CryptCloseAsyncHandle
CryptCreateAsyncHandle
CryptCreateKeyIdentifierFromCSP
CryptDecodeMessage
CryptDecodeObject
CryptDecodeObjectEx
CryptDecryptAndVerifyMessageSignature
CryptDecryptMessage
CryptEncodeObject
CryptEncodeObjectEx
CryptEncryptMessage
CryptEnumKeyIdentifierProperties
CryptEnumOIDFunction
CryptEnumOIDInfo
CryptEnumProvidersU
CryptExportPKCS8
CryptExportPublicKeyInfo
CryptExportPublicKeyInfoEx
CryptFindCertificateKeyProvInfo
CryptFindLocalizedName
CryptFindOIDInfo
CryptFormatObject
CryptFreeOIDFunctionAddress
CryptGetAsyncParam
CryptGetDefaultOIDDllList
CryptGetDefaultOIDFunctionAddress
CryptGetKeyIdentifierProperty
CryptGetMessageCertificates
CryptGetMessageSignerCount
CryptGetOIDFunctionAddress
CryptGetOIDFunctionValue
CryptHashCertificate
CryptHashMessage
CryptHashPublicKeyInfo
CryptHashToBeSigned
CryptImportPKCS8
CryptImportPublicKeyInfo
CryptImportPublicKeyInfoEx
CryptInitOIDFunctionSet
CryptInstallDefaultContext
CryptInstallOIDFunctionAddress
CryptLoadSip
CryptMemAlloc
CryptMemFree
CryptMemRealloc
CryptMsgCalculateEncodedLength
CryptMsgClose
CryptMsgControl
CryptMsgCountersign
CryptMsgCountersignEncoded
CryptMsgDuplicate
CryptMsgEncodeAndSignCTL
CryptMsgGetAndVerifySigner
CryptMsgGetParam
CryptMsgOpenToDecode
CryptMsgOpenToEncode
CryptMsgSignCTL
CryptMsgUpdate
CryptMsgVerifyCountersignatureEncoded
CryptMsgVerifyCountersignatureEncodedEx
CryptProtectData
CryptQueryObject
CryptRegisterDefaultOIDFunction
CryptRegisterOIDFunction
CryptRegisterOIDInfo
CryptSIPAddProvider
CryptSIPCreateIndirectData
CryptSIPGetSignedDataMsg
CryptSIPLoad
CryptSIPPutSignedDataMsg
CryptSIPRemoveProvider
CryptSIPRemoveSignedDataMsg
CryptSIPRetrieveSubjectGuid
CryptSIPRetrieveSubjectGuidForCatalogFile
CryptSIPVerifyIndirectData
CryptSetAsyncParam
CryptSetKeyIdentifierProperty
CryptSetOIDFunctionValue
CryptSetProviderU
CryptSignAndEncodeCertificate
CryptSignAndEncryptMessage
CryptSignCertificate
CryptSignHashU
CryptSignMessage
CryptSignMessageWithKey
CryptStringToBinaryA
CryptStringToBinaryW
CryptUninstallDefaultContext
CryptUnprotectData
CryptUnregisterDefaultOIDFunction
CryptUnregisterOIDFunction
CryptUnregisterOIDInfo
CryptVerifyCertificateSignature
CryptVerifyCertificateSignatureEx
CryptVerifyDetachedMessageHash
CryptVerifyDetachedMessageSignature
CryptVerifyMessageHash
CryptVerifyMessageSignature
CryptVerifyMessageSignatureWithKey
CryptVerifySignatureU
I_CertProtectFunction
I_CertSrvProtectFunction
I_CertSyncStore
I_CertUpdateStore
I_CryptAddRefLruEntry
I_CryptAddSmartCardCertToStore
I_CryptAllocTls
I_CryptCreateLruCache
I_CryptCreateLruEntry
I_CryptDetachTls
I_CryptDisableLruOfEntries
I_CryptEnableLruOfEntries
I_CryptEnumMatchingLruEntries
I_CryptFindLruEntry
I_CryptFindLruEntryData
I_CryptFindSmartCardCertInStore
I_CryptFlushLruCache
I_CryptFreeLruCache
I_CryptFreeTls
I_CryptGetAsn1Decoder
I_CryptGetAsn1Encoder
I_CryptGetDefaultCryptProv
I_CryptGetDefaultCryptProvForEncrypt
I_CryptGetFileVersion
I_CryptGetLruEntryData
I_CryptGetLruEntryIdentifier
I_CryptGetOssGlobal
I_CryptGetTls
I_CryptInsertLruEntry
I_CryptInstallAsn1Module
I_CryptInstallOssGlobal
I_CryptReadTrustedPublisherDWORDValueFromRegistry
I_CryptRegisterSmartCardStore
I_CryptReleaseLruEntry
I_CryptRemoveLruEntry
I_CryptSetTls
I_CryptTouchLruEntry
I_CryptUninstallAsn1Module
I_CryptUninstallOssGlobal
I_CryptUnregisterSmartCardStore
I_CryptWalkAllLruCacheEntries
OpenCertPerformanceData
PFXExportCertStore
PFXExportCertStoreEx
PFXImportCertStore
PFXIsPFXBlob
PFXVerifyPassword
RegCreateHKCUKeyExU
RegCreateKeyExU
RegDeleteValueU
RegEnumValueU
RegOpenHKCUKeyExU
RegOpenKeyExU
RegQueryInfoKeyU
RegQueryValueExU
RegSetValueExU

Sections

.text
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/CRYPTDLL.DLL
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CDBuildIntegrityVect
CDBuildVect
CDFindCommonCSystem
CDFindCommonCSystemWithKey
CDGenerateRandomBits
CDLocateCSystem
CDLocateCheckSum
CDLocateRng
CDRegisterCSystem
CDRegisterCheckSum
CDRegisterRng
MD5Final
MD5Init
MD5Update

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/CRYPTUI.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

f2fa4e05bbcf1c09a65b7b4fd23c2eb8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cryptui.pdb

Imports

msvcrt

wcslen
_adjust_fdiv
malloc
_initterm
free
wcschr
wcsrchr
_vsnwprintf
_purecall
memmove
strtoul
_wcsnicmp
_ltow
_wtol
swprintf
iswspace
iswprint
strtok
_stricmp
wcsncpy
_wcsicmp
_itow
wcscat
wcscmp
wcscpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3

kernel32

MapViewOfFile
DeleteFileW
GetCurrentDirectoryW
GetComputerNameW
SystemTimeToFileTime
WriteFile
LoadLibraryExA
lstrcatA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
WideCharToMultiByte
GetUserDefaultLCID
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
MultiByteToWideChar
LocalReAlloc
lstrlenA
lstrcpyA
LoadLibraryA
FormatMessageW
lstrlenW
lstrcmpA
FindResourceA
LoadResource
LockResource
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetVersionExA
DisableThreadLibraryCalls
FreeLibrary
OutputDebugStringA
LoadLibraryW
CompareFileTime
GetSystemTimeAsFileTime
CreateFileMappingA
InitializeCriticalSection
GetModuleFileNameW
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
LocalFree
GetCurrentThread
GetCurrentProcess
CloseHandle
SetLastError
GetProcAddress
GetModuleHandleW
GetLastError
GetModuleHandleA
SetEndOfFile
SetFilePointer
GetLocalTime
CreateFileA
ExpandEnvironmentStringsA
Sleep
DelayLoadFailureHook
GetFileSize
UnmapViewOfFile
GetComputerNameExW
ExpandEnvironmentStringsW
CreateFileW
GetACP
MulDiv
CompareStringA
CompareStringW
GetDateFormatA
GetTimeFormatA
DeleteCriticalSection

advapi32

GetUserNameW
FreeSid
EqualSid
AllocateAndInitializeSid
CloseServiceHandle
StartServiceW
UnlockServiceDatabase
CryptGetUserKey
CryptDestroyKey
CryptSetProvParam
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
RegSetValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenThreadToken
OpenProcessToken
GetTokenInformation
CryptGetKeyParam
RegOpenKeyExA
DuplicateToken
RegCreateKeyExA
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegQueryInfoKeyA
QueryServiceStatus
StartServiceA
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceConfigA
LockServiceDatabase
ChangeServiceConfigA
CryptAcquireContextA

wintrust

WinVerifyTrustEx
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WintrustGetDefaultForUsage
WTHelperGetKnownUsages
TrustIsCertificateSelfSigned

crypt32

CertFindCertificateInStore
CertSetEnhancedKeyUsage
CryptInitOIDFunctionSet
CryptGetDefaultOIDDllList
CryptGetDefaultOIDFunctionAddress
CryptFreeOIDFunctionAddress
CryptFindOIDInfo
CertGetValidUsages
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateStore
CertGetEnhancedKeyUsage
CertFindExtension
CryptDecodeObject
CryptEncodeObject
CertGetSubjectCertificateFromStore
CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CertGetPublicKeyLength
CertGetCTLContextProperty
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptMsgVerifyCountersignatureEncoded
CertFindAttribute
CryptMsgControl
CryptFormatObject
CertGetNameStringW
CertGetStoreProperty
CryptMsgDuplicate
CertFreeCTLContext
CryptQueryObject
CryptFindLocalizedName
CertEnumSystemStore
CertEnumPhysicalStore
CertCompareCertificate
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertSaveStore
CryptBinaryToStringA
CertDeleteCertificateFromStore
CryptEnumOIDInfo
CryptMsgEncodeAndSignCTL
CertAddCTLContextToStore
CertSetCTLContextProperty
CertCreateCTLContext
CryptSIPRetrieveSubjectGuid
CryptDecodeObjectEx
CertEnumCTLsInStore
CertVerifyTimeValidity
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateChainEngine
PFXExportCertStore
PFXExportCertStoreEx
CryptAcquireCertificatePrivateKey
CertFreeCRLContext
CertGetCRLFromStore
PFXVerifyPassword
CertAddCRLContextToStore
CertFindCTLInStore
CertFindCRLInStore
CryptFindCertificateKeyProvInfo
PFXImportCertStore
CertCreateCertificateContext
CertNameToStrW
CertSetCertificateContextProperty

user32

MapDialogRect
SetRect
CreateWindowExW
PostMessageW
DestroyIcon
CheckRadioButton
IsDlgButtonChecked
GetSysColor
IsWindowVisible
GetDialogBaseUnits
GetFocus
UpdateWindow
GetNextDlgTabItem
GetClientRect
DrawFocusRect
LoadCursorA
SetCursor
GetWindowRect
MapWindowPoints
FillRect
InvalidateRect
GetSysColorBrush
LoadBitmapW
GetDesktopWindow
LoadStringA
SendDlgItemMessageA
SetDlgItemTextW
SendMessageA
SetWindowTextA
GetDC
ReleaseDC
WinHelpW
ShowWindow
GetDlgItem
GetWindowTextW
EnableWindow
SetFocus
DialogBoxParamW
PeekMessageA
IsWindowEnabled
LoadIconA
GetUpdateRect
CallWindowProcA
BeginPaint
EndPaint
DrawIcon
wsprintfA
SetWindowPos
GetParent
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
GetDlgItemTextA
SetClassLongA
GetWindowLongA
MonitorFromWindow
GetMonitorInfoW
GetWindow
CopyRect
LoadCursorW
DestroyWindow
SystemParametersInfoA
MessageBoxExW
PostMessageA
RegisterClipboardFormatA
CreateWindowExA
MoveWindow
GetWindowDC
SetCapture
SetWindowLongA
ReleaseCapture
GetWindowLongW
DrawTextExW
SendDlgItemMessageW
EndDialog
SetWindowLongW
SetWindowTextW
SendMessageW
LoadStringW
MessageBoxW

oleaut32

SysAllocStringLen
SysStringByteLen
SysAllocString
SysAllocStringByteLen
VariantInit
SysFreeString

gdi32

CreatePalette
CreateDIBitmap
RealizePalette
SelectPalette
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SetBkColor
CreateBitmap
GetObjectA
GetTextExtentPoint32W
GetBkColor
CreateFontIndirectA
GetDeviceCaps
CreateFontIndirectW
GetObjectW
SetPixel
DeleteObject

rpcrt4

RpcNetworkIsProtseqValidA
RpcBindingFromStringBindingA
RpcBindingFree
UuidCreate
UuidToStringA
RpcStringFreeA
NdrClientCall2
RpcStringBindingComposeA
RpcEpResolveBinding

netapi32

DsGetDcNameW
NetGetDCName
NetApiBufferFree

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW

wldap32

ord16
ord14
ord73
ord13
ord18
ord145

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathUndecorateW
StrCmpNIW
PathFindFileNameW

Exports

Exports

ACUIProviderInvokeUI
CryptUIDlgCertMgr
CryptUIDlgFreeCAContext
CryptUIDlgSelectCA
CryptUIDlgSelectCertificateA
CryptUIDlgSelectCertificateFromStore
CryptUIDlgSelectCertificateW
CryptUIDlgSelectStoreA
CryptUIDlgSelectStoreW
CryptUIDlgViewCRLA
CryptUIDlgViewCRLW
CryptUIDlgViewCTLA
CryptUIDlgViewCTLW
CryptUIDlgViewCertificateA
CryptUIDlgViewCertificatePropertiesA
CryptUIDlgViewCertificatePropertiesW
CryptUIDlgViewCertificateW
CryptUIDlgViewContext
CryptUIDlgViewSignerInfoA
CryptUIDlgViewSignerInfoW
CryptUIFreeCertificatePropertiesPagesA
CryptUIFreeCertificatePropertiesPagesW
CryptUIFreeViewSignaturesPagesA
CryptUIFreeViewSignaturesPagesW
CryptUIGetCertificatePropertiesPagesA
CryptUIGetCertificatePropertiesPagesW
CryptUIGetViewSignaturesPagesA
CryptUIGetViewSignaturesPagesW
CryptUIStartCertMgr
CryptUIWizBuildCTL
CryptUIWizCertRequest
CryptUIWizCreateCertRequestNoDS
CryptUIWizDigitalSign
CryptUIWizExport
CryptUIWizFreeCertRequestNoDS
CryptUIWizFreeDigitalSignContext
CryptUIWizImport
CryptUIWizQueryCertRequestNoDS
CryptUIWizSubmitCertRequestNoDS
DllRegisterServer
DllUnregisterServer
EnrollmentCOMObjectFactory_getInstance
I_CryptUIProtect
I_CryptUIProtectFailure
LocalEnroll
LocalEnrollNoDS
RetrievePKCS7FromCA
WizardFree

Sections

.text
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/CSRSRV.DLL
.dll windows:5 windows x86 arch:x86

e378f51c51b8464594a17bb3de145a86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

csrsrv.pdb

Imports

ntdll

NtSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlLengthSid
RtlFreeHeap
NtClose
RtlAllocateHeap
NtQueryInformationToken
NtOpenProcessToken
RtlFreeSid
RtlAllocateAndInitializeSid
NtQueryDirectoryObject
NtCreateSymbolicLinkObject
_wcsnicmp
RtlUpcaseUnicodeChar
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
wcscmp
DbgPrint
NtOpenDirectoryObject
RtlInitUnicodeString
_chkstk
RtlGetAce
NtQueryValueKey
NtOpenKey
RtlGetDaclSecurityDescriptor
NtSetInformationProcess
NtQueryInformationProcess
NtCreateDirectoryObject
swprintf
RtlCharToInteger
RtlAnsiStringToUnicodeString
RtlInitString
sprintf
_stricmp
NtSetDefaultHardErrorPort
NtSetEvent
RtlCreateTagHeap
NtQuerySystemInformation
NtCreateEvent
NtTerminateProcess
NtRaiseHardError
RtlAdjustPrivilege
RtlUnhandledExceptionFilter
LdrGetProcedureAddress
strncpy
LdrUnloadDll
RtlFreeUnicodeString
LdrLoadDll
RtlInitAnsiString
NtUnmapViewOfSection
RtlCreateHeap
NtSetValueKey
NtCreateKey
memmove
NtMapViewOfSection
NtCreateSection
NtResumeThread
RtlCreateUserThread
NtCreatePort
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtTerminateThread
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyWaitReceivePort
RtlLeaveCriticalSection
NtQueryInformationThread
RtlEnterCriticalSection
NtWaitForSingleObject
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
LdrGetDllHandle
NtDuplicateObject
NtReplyPort
NtDelayExecution
RtlInitializeCriticalSection
NtImpersonateThread
NtSetInformationThread
NtOpenThreadToken
NtReadVirtualMemory
RtlDestroyProcessParameters
RtlCreateUserProcess
RtlCreateProcessParameters
RtlCreateEnvironment
NtOpenProcess
RtlUnwind
NtQueryVirtualMemory
NtConnectPort
NtRequestWaitReplyPort

Exports

Exports

CsrAddStaticServerThread
CsrCallServerFromServer
CsrConnectToUser
CsrCreateProcess
CsrCreateRemoteThread
CsrCreateThread
CsrCreateWait
CsrDebugProcess
CsrDebugProcessStop
CsrDereferenceProcess
CsrDereferenceThread
CsrDereferenceWait
CsrDestroyProcess
CsrDestroyThread
CsrExecServerThread
CsrGetProcessLuid
CsrImpersonateClient
CsrLockProcessByClientId
CsrLockThreadByClientId
CsrMoveSatisfiedWait
CsrNotifyWait
CsrPopulateDosDevices
CsrQueryApiPort
CsrReferenceThread
CsrRevertToSelf
CsrServerInitialization
CsrSetBackgroundPriority
CsrSetCallingSpooler
CsrSetForegroundPriority
CsrShutdownProcesses
CsrUnhandledExceptionFilter
CsrUnlockProcess
CsrUnlockThread
CsrValidateMessageBuffer
CsrValidateMessageString

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/CSRSS.EXE
.sys windows:5 windows x86 arch:x86

083b2fda79bfff27730cc9cc50f8ecd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

csrss.pdb

Imports

ntdll

NtTerminateProcess
NtRaiseHardError
NtTerminateThread
RtlUnwind
NtQueryVirtualMemory
RtlSetProcessIsCritical
NtSetInformationProcess
DbgBreakPoint
RtlAllocateHeap
RtlUnicodeStringToAnsiString
RtlNormalizeProcessParams

csrsrv

CsrServerInitialization

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/CTYPE.NLS
I386/SYSTEM32/C_037.NL_
.cab
I386/SYSTEM32/C_10000.NL_
.cab
I386/SYSTEM32/C_10079.NL_
.cab
I386/SYSTEM32/C_1252.NL_
.cab
I386/SYSTEM32/C_20127.NL_
.cab
I386/SYSTEM32/C_28591.NL_
.cab
I386/SYSTEM32/C_28605.NL_
.cab
I386/SYSTEM32/C_437.NL_
.cab
I386/SYSTEM32/C_500.NL_
.cab
I386/SYSTEM32/C_850.NL_
.cab
I386/SYSTEM32/C_860.NL_
.cab
I386/SYSTEM32/C_861.NL_
.cab
I386/SYSTEM32/C_863.NL_
.cab
I386/SYSTEM32/C_865.NL_
.cab
I386/SYSTEM32/DESK.CPL
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CPlApplet
DeskSetCurrentScheme
DeskSetCurrentSchemeA
DeskSetCurrentSchemeW
DisplayClassInstaller
DisplayOcSetupProc
DisplaySaveSettings
DisplayTestSettingsW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InstallScreenSaver
InstallScreenSaverA
InstallScreenSaverW
MonitorClassInstaller
UpdateCharsetChanges
UpdateUIfontsDueToDPIchange

Sections

UPX0
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/DESKADP.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/DESKMON.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/DESKPERF.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/DISKCOPY.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DiskCopyRunDll
DiskCopyRunDllW
DllCanUnloadNow
DllGetClassObject

Sections

UPX0
Size: - Virtual size: 924KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 553KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/DNSAPI.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BreakRecordsIntoBlob
CombineRecordsInBlob
DnsAcquireContextHandle_A
DnsAcquireContextHandle_W
DnsAddRecordSet_A
DnsAddRecordSet_UTF8
DnsAddRecordSet_W
DnsAllocateRecord
DnsApiAlloc
DnsApiFree
DnsApiHeapReset
DnsApiRealloc
DnsApiSetDebugGlobals
DnsAsyncRegisterHostAddrs
DnsAsyncRegisterInit
DnsAsyncRegisterTerm
DnsCopyStringEx
DnsCreateReverseNameStringForIpAddress
DnsCreateStandardDnsNameCopy
DnsCreateStringCopy
DnsDhcpSrvRegisterHostName
DnsDhcpSrvRegisterInit
DnsDhcpSrvRegisterInitialize
DnsDhcpSrvRegisterTerm
DnsDowncaseDnsNameLabel
DnsExtractRecordsFromMessage_UTF8
DnsExtractRecordsFromMessage_W
DnsFindAuthoritativeZone
DnsFlushResolverCache
DnsFlushResolverCacheEntry_A
DnsFlushResolverCacheEntry_UTF8
DnsFlushResolverCacheEntry_W
DnsFree
DnsFreeConfigStructure
DnsGetBufferLengthForStringCopy
DnsGetCacheDataTable
DnsGetDnsServerList
DnsGetDomainName
DnsGetIpAddressInfoList
DnsGetLastFailedUpdateInfo
DnsGetLocalAddrArray
DnsGetLocalAddrArrayDirect
DnsGetPrimaryDomainName_A
DnsGlobals
DnsIpv6AddressToString
DnsIpv6StringToAddress
DnsIsAMailboxType
DnsIsStatusRcode
DnsIsStringCountValidForTextType
DnsMapRcodeToStatus
DnsModifyRecordSet_A
DnsModifyRecordSet_UTF8
DnsModifyRecordSet_W
DnsModifyRecordsInSet_A
DnsModifyRecordsInSet_UTF8
DnsModifyRecordsInSet_W
DnsNameCompareEx_A
DnsNameCompareEx_UTF8
DnsNameCompareEx_W
DnsNameCompare_A
DnsNameCompare_UTF8
DnsNameCompare_W
DnsNameCopy
DnsNameCopyAllocate
DnsNotifyResolver
DnsNotifyResolverClusterIp
DnsNotifyResolverEx
DnsQueryConfig
DnsQueryConfigAllocEx
DnsQueryConfigDword
DnsQueryExA
DnsQueryExUTF8
DnsQueryExW
DnsQuery_A
DnsQuery_UTF8
DnsQuery_W
DnsRecordBuild_UTF8
DnsRecordBuild_W
DnsRecordCompare
DnsRecordCopyEx
DnsRecordListFree
DnsRecordSetCompare
DnsRecordSetCopyEx
DnsRecordSetDetach
DnsRecordStringForType
DnsRecordStringForWritableType
DnsRecordTypeForName
DnsRegisterClusterAddress
DnsReleaseContextHandle
DnsRemoveRegistrations
DnsReplaceRecordSetA
DnsReplaceRecordSetUTF8
DnsReplaceRecordSetW
DnsSetConfigDword
DnsStatusString
DnsStringCopyAllocateEx
DnsUnicodeToUtf8
DnsUpdate
DnsUpdateTest_A
DnsUpdateTest_UTF8
DnsUpdateTest_W
DnsUtf8ToUnicode
DnsValidateName_A
DnsValidateName_UTF8
DnsValidateName_W
DnsValidateUtf8Byte
DnsWriteQuestionToBuffer_UTF8
DnsWriteQuestionToBuffer_W
DnsWriteReverseNameStringForIpAddress
Dns_AddRecordsToMessage
Dns_AllocateMsgBuf
Dns_BuildPacket
Dns_CacheSocketCleanup
Dns_CacheSocketInit
Dns_CleanupWinsock
Dns_CloseConnection
Dns_CloseHostFile
Dns_CloseSocket
Dns_CreateMulticastSocket
Dns_CreateSocket
Dns_CreateSocketEx
Dns_FindAuthoritativeZoneLib
Dns_GetIpAddresses
Dns_GetLocalIpAddressArray
Dns_GetRandomXid
Dns_InitQueryTimeouts
Dns_InitializeMsgRemoteSockaddr
Dns_InitializeWinsock
Dns_OpenHostFile
Dns_OpenTcpConnectionAndSend
Dns_ParseMessage
Dns_ParsePacketRecord
Dns_PingAdapterServers
Dns_ReadHostFileLine
Dns_ReadPacketName
Dns_ReadPacketNameAllocate
Dns_ReadRecordStructureFromPacket
Dns_RecvTcp
Dns_ResetNetworkInfo
Dns_SendAndRecvUdp
Dns_SendEx
Dns_SetRecordDatalength
Dns_SkipPacketName
Dns_SkipToRecord
Dns_UpdateLib
Dns_UpdateLibEx
Dns_WriteDottedNameToPacket
Dns_WriteQuestionToMessage
Dns_WriteRecordStructureToPacketEx
GetCurrentTimeInSeconds
GetRecordsForLocalName
NetInfo_Build
NetInfo_Clean
NetInfo_Copy
NetInfo_Free
NetInfo_IsForUpdate
NetInfo_ResetServerPriorities
QueryDirectEx
Query_Main
Reg_ReadGlobalsEx

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/DRIVERS/3WAREDR2.SY_
.cab
I386/SYSTEM32/DRIVERS/3WAREDRV.SY_
.cab
I386/SYSTEM32/DRIVERS/AAC.SY_
.cab
I386/SYSTEM32/DRIVERS/AAR1210.SY_
.cab
I386/SYSTEM32/DRIVERS/AARICH.SY_
.cab
I386/SYSTEM32/DRIVERS/ACPI.SY_
.cab
I386/SYSTEM32/DRIVERS/ACPIEC.SY_
.cab
I386/SYSTEM32/DRIVERS/AEC6880.SY_
.cab
I386/SYSTEM32/DRIVERS/ALIIDE.SY_
.cab
I386/SYSTEM32/DRIVERS/ARCM_X86.SY_
.cab
I386/SYSTEM32/DRIVERS/ATAPI.SY_
.cab
I386/SYSTEM32/DRIVERS/BEEP.SY_
.cab
I386/SYSTEM32/DRIVERS/CDFS.SY_
.cab
I386/SYSTEM32/DRIVERS/CDROM.SY_
.cab
I386/SYSTEM32/DRIVERS/CERCSR6.SY_
.cab
I386/SYSTEM32/DRIVERS/CIRRUS.SYS
.sys windows:5 windows x86 arch:x86

ecd4d64380ccbc642ce63f3fd394820d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

videoprt.sys

VideoPortMoveMemory
VideoPortCompareMemory
VideoPortGetRegistryParameters
VideoPortInt10
VideoPortZeroMemory
VideoPortWriteRegisterBufferUchar
VideoPortWritePortUlong
VideoPortWritePortUshort
VideoPortWritePortUchar
VideoPortReadPortUlong
VideoPortReadPortUshort
VideoPortReadPortUchar
VideoPortWriteRegisterUlong
VideoPortWriteRegisterUshort
VideoPortWriteRegisterUchar
VideoPortReadRegisterUlong
VideoPortReadRegisterUshort
VideoPortReadRegisterUchar
VideoPortGetBusData
VideoPortGetAccessRanges
VideoPortSetRegistryParameters
VideoPortSynchronizeExecution
VideoPortSetBusData
VideoPortSetTrappedEmulatorPorts
VideoPortGetDeviceBase
VideoPortVerifyAccessRanges
VideoPortUnmapMemory
VideoPortMapBankedMemory
VideoPortGetDeviceData
VideoPortMapMemory
VideoPortInitialize
VideoPortWritePortBufferUshort
VideoPortDDCMonitorHelper

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 199B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/CLASSPNP.SYS
.sys windows:5 windows x86 arch:x86

4e99bc54297763cb554507419f940219

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

classpnp.pdb

Imports

ntoskrnl.exe

ZwClose
RtlQueryRegistryValues
ZwCreateKey
RtlInitUnicodeString
IoOpenDeviceRegistryKey
ZwOpenKey
IoFreeIrp
RtlCompareMemory
IoStopTimer
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeQueryTimeIncrement
KeQuerySystemTime
_allmul
IofCallDriver
KeInitializeEvent
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoFreeMdl
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
IoFreeWorkItem
ObfDereferenceObject
IoBuildDeviceIoControlRequest
IoGetAttachedDeviceReference
KeInitializeMutex
IoAllocateIrp
IoQueueWorkItem
IoAllocateWorkItem
IoStartTimer
IoInitializeTimer
KeSetEvent
IoGetDriverObjectExtension
_allshl
IoStartNextPacket
MmUnlockPages
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
KeInitializeSpinLock
IoInitializeIrp
KefReleaseSpinLockFromDpcLevel
KeBugCheckEx
KeWaitForSingleObject
KeGetCurrentThread
KeSetTimerEx
KeTickCount
IoGetDeviceProperty
IoStartPacket
IoSetHardErrorOrVerifyDevice
ObReferenceObjectByPointer
MmProbeAndLockPages
_alldvrm
IoDeleteDevice
IoDetachDevice
IoInvalidateDeviceRelations
IoWMIRegistrationControl
ZwSetValueKey
RtlInitString
_snprintf
KeInitializeDpc
KeInitializeTimer
KeBugCheck
ObfReferenceObject
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeDelayExecutionThread
_except_handler3
IofCompleteRequest
RtlDeleteRegistryValue
RtlCopyUnicodeString
IoAllocateDriverObjectExtension
IoCreateDevice
IoWMIWriteEvent
InterlockedPopEntrySList
PoStartNextPowerIrp
PoCallDriver
PoSetPowerState
InterlockedPushEntrySList
ExVerifySuite
IoReuseIrp
KeSetTimer
strncmp
RtlWriteRegistryValue
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
KeReleaseMutex
ExAllocatePoolWithTag
IoReportTargetDeviceChangeAsynchronous
KefAcquireSpinLockAtDpcLevel
ExFreePoolWithTag

hal

KfReleaseSpinLock
KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock

Exports

Exports

ClassAcquireChildLock
ClassAcquireRemoveLockEx
ClassAsynchronousCompletion
ClassBuildRequest
ClassCheckMediaState
ClassClaimDevice
ClassCleanupMediaChangeDetection
ClassCompleteRequest
ClassCreateDeviceObject
ClassDebugPrint
ClassDeleteSrbLookasideList
ClassDeviceControl
ClassDisableMediaChangeDetection
ClassEnableMediaChangeDetection
ClassFindModePage
ClassForwardIrpSynchronous
ClassGetDescriptor
ClassGetDeviceParameter
ClassGetDriverExtension
ClassGetVpb
ClassInitialize
ClassInitializeEx
ClassInitializeMediaChangeDetection
ClassInitializeSrbLookasideList
ClassInitializeTestUnitPolling
ClassInternalIoControl
ClassInterpretSenseInfo
ClassInvalidateBusRelations
ClassIoComplete
ClassIoCompleteAssociated
ClassMarkChildMissing
ClassMarkChildrenMissing
ClassModeSense
ClassNotifyFailurePredicted
ClassQueryTimeOutRegistryValue
ClassReadDriveCapacity
ClassReleaseChildLock
ClassReleaseQueue
ClassReleaseRemoveLock
ClassRemoveDevice
ClassResetMediaChangeTimer
ClassScanForSpecial
ClassSendDeviceIoControlSynchronous
ClassSendIrpSynchronous
ClassSendSrbAsynchronous
ClassSendSrbSynchronous
ClassSendStartUnit
ClassSetDeviceParameter
ClassSetFailurePredictionPoll
ClassSetMediaChangeState
ClassSignalCompletion
ClassSpinDownPowerHandler
ClassSplitRequest
ClassStopUnitPowerHandler
ClassUpdateInformationInRegistry
ClassWmiCompleteRequest
ClassWmiFireEvent

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 128B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/CMDIDE.SY_
.cab
I386/SYSTEM32/DRIVERS/DISK.SY_
.cab
I386/SYSTEM32/DRIVERS/DMBOOT.SY_
.cab
I386/SYSTEM32/DRIVERS/DMIO.SY_
.cab
I386/SYSTEM32/DRIVERS/DMLOAD.SY_
.cab
I386/SYSTEM32/DRIVERS/DPTI2O.SY_
.cab
I386/SYSTEM32/DRIVERS/DXAPI.SYS
.sys windows:5 windows x86 arch:x86

6a7f14fd633aa42f777a1ec1fa7bb386

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dxapi.pdb

Imports

ntoskrnl.exe

_allmul
_aulldiv
KefAcquireSpinLockAtDpcLevel
KeAttachProcess
KeIsAttachedProcess
KefReleaseSpinLockFromDpcLevel
KeInsertQueueDpc
KeSetEvent
ExAllocatePoolWithTag
KeDetachProcess
ExFreePoolWithTag

hal

KeQueryPerformanceCounter
KfAcquireSpinLock
KfReleaseSpinLock

videoprt.sys

VideoPortSynchronizeExecution

Exports

Exports

_DxApi@20
_DxApiGetVersion@0
_DxApiInitialize@32
_DxAutoflipUpdate@20
_DxEnableIRQ@8
_DxLoseObject@8
_DxUpdateCapture@12

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 640B - Virtual size: 638B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 256B - Virtual size: 241B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/DXG.SYS
.sys windows:5 windows x86 arch:x86

a378b01cd88459ed966037cfd26aa139

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dxg.pdb

Imports

ntoskrnl.exe

KeDetachProcess
KeAttachProcess
PsGetCurrentProcess
ExRaiseDatatypeMisalignment
IofCallDriver
IoBuildSynchronousFsdRequest
KeInitializeEvent
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwOpenProcess
PsGetThreadProcessId
KeResetEvent
KeWaitForSingleObject
KeSetEvent
_allmul
MmUnlockPages
ObfDereferenceObject
ZwCreateEvent
MmMapLockedPagesSpecifyCache
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
KeInitializeSpinLock
KeInitializeDpc
MmResetDriverPaging
MmUserProbeAddress
KeTickCount
KeBugCheckEx
ZwQuerySystemInformation
RtlInitUnicodeString
ZwOpenKey
ZwQueryValueKey
ZwClose
PsGetCurrentThread
PsGetCurrentProcessId
memmove
MmMapUserAddressesToPage
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
ExRaiseAccessViolation
MmSecureVirtualMemory
MmUnsecureVirtualMemory
_except_handler3
ProbeForWrite
KeRestoreFloatingPointState
ObReferenceObjectByHandle
KeSaveFloatingPointState

dxgthk.sys

EngUnloadImage
EngCopyBits
EngLockSurface
EngCreatePalette
EngDeleteSurface
EngCreateBitmap
EngDeletePalette
EngUnlockSurface
EngAllocUserMem
EngFreeUserMem
EngReleaseSemaphore
EngAcquireSemaphore
EngSetLastError
EngCreateSemaphore
EngDeleteSemaphore
EngAllocMem
EngFreeMem
EngFindImageProcAddress

Exports

Exports

DriverEntry
DxDdCleanupDxGraphics
DxDdStartupDxGraphics

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 256B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/DXGTHK.SYS
.sys windows:5 windows x86 arch:x86

2ddb3502fc2d809aa7e457a4e2e5e59a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dxgthk.pdb

Imports

win32k.sys

EngDebugPrint

Exports

Exports

DriverEntry
EngAcquireSemaphore
EngAllocMem
EngAllocUserMem
EngCopyBits
EngCreateBitmap
EngCreatePalette
EngCreateSemaphore
EngDeletePalette
EngDeleteSemaphore
EngDeleteSurface
EngFindImageProcAddress
EngFreeMem
EngFreeUserMem
EngLoadImage
EngLockSurface
EngReleaseSemaphore
EngSetLastError
EngUnloadImage
EngUnlockSurface

Sections

.text
Size: 128B - Virtual size: 112B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 128B - Virtual size: 76B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/FASTFAT.SY_
.cab
I386/SYSTEM32/DRIVERS/FDC.SY_
.cab
I386/SYSTEM32/DRIVERS/FLPYDISK.SY_
.cab
I386/SYSTEM32/DRIVERS/FS_REC.SYS
.sys windows:5 windows x86 arch:x86

e6e26d04d57daf07a05b786e32cb344a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fs_rec.pdb

Imports

ntoskrnl.exe

IofCompleteRequest
IoRegisterFileSystem
IoDeleteDevice
IoRegisterShutdownNotification
IoCreateDevice
ZwClose
ZwCreateFile
RtlInitUnicodeString
IoUnregisterFileSystem
ExFreePoolWithTag
KeLeaveCriticalRegion
KeSetEvent
ZwLoadDriver
KeEnterCriticalRegion
KeWaitForSingleObject
RtlExtendedLargeIntegerDivide
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoBuildSynchronousFsdRequest
ExAllocatePoolWithTag
MmPageEntireDriver
_allmul
_allshr

Sections

.text
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 255B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/FTDISK.SY_
.cab
I386/SYSTEM32/DRIVERS/HIDCLASS.SY_
.cab
I386/SYSTEM32/DRIVERS/HIDPARSE.SY_
.cab
I386/SYSTEM32/DRIVERS/HIDUSB.SYS
.sys windows:5 windows x86 arch:x86

6197ea6566387e713e80c06c40fe1b08

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

hidusb.pdb

Imports

ntoskrnl.exe

ExFreePool
ExAllocatePoolWithTag
KeSetEvent
IofCallDriver
KeWaitForSingleObject
MmMapLockedPages
InterlockedDecrement
KeResetEvent
InterlockedIncrement
IoFreeWorkItem
InterlockedExchange
IoQueueWorkItem
InterlockedCompareExchange
IoAllocateWorkItem
IoCancelIrp
PoCallDriver
KeInitializeSpinLock
KeInitializeEvent
IoBuildDeviceIoControlRequest
IofCompleteRequest

hidclass.sys

HidRegisterMinidriver

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 768B - Virtual size: 734B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/HPT3XX.SY_
.cab
I386/SYSTEM32/DRIVERS/HPTMV.SY_
.cab
I386/SYSTEM32/DRIVERS/HPTMV6.SY_
.cab
I386/SYSTEM32/DRIVERS/I8042PRT.SY_
.cab
I386/SYSTEM32/DRIVERS/IASTO2.SY_
.cab
I386/SYSTEM32/DRIVERS/IASTOR.SY_
.cab
I386/SYSTEM32/DRIVERS/INTELIDE.SY_
.cab
I386/SYSTEM32/DRIVERS/ISAPNP.SY_
.cab
I386/SYSTEM32/DRIVERS/KBDCLASS.SY_
.cab
I386/SYSTEM32/DRIVERS/KBDHID.SY_
.cab
I386/SYSTEM32/DRIVERS/KSECDD.SYS
.dll windows:5 windows x86 arch:x86

899d2281222be223a2e73cdbccd7b179

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ksecdd.pdb

Imports

ntoskrnl.exe

RtlCopyUnicodeString
RtlCopySid
RtlLengthSid
RtlInitUnicodeString
LpcRequestWaitReplyPort
PsGetProcessSecurityPort
PsGetCurrentProcess
ObReferenceObjectByHandle
ZwClose
ObfDereferenceObject
PsSetProcessSecurityPort
ZwConnectPort
strncpy
ObOpenObjectByPointer
ObfReferenceObject
IofCompleteRequest
MmMapLockedPagesSpecifyCache
MmUserProbeAddress
KeInitializeEvent
IoCreateDevice
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
RtlMapSecurityErrorToNtStatus
KeWaitForSingleObject
KeSetEvent
RtlEqualUnicodeString
ExAllocatePoolWithTag
PsGetCurrentThread
SeTokenImpersonationLevel
NtDuplicateObject
MmLockPagableDataSection
MmUnlockPagableImageSection
ZwOpenEvent
NtClose
NtWaitForSingleObject
PsGetProcessId
PsGetThreadProcessId
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
KeInitializeSpinLock
ExInitializeResourceLite
RtlIntegerToUnicodeString
PsGetProcessCreateTimeQuadPart
SeReleaseSubjectContext
SeUnlockSubjectContext
SeQueryAuthenticationIdToken
SeLockSubjectContext
SeCaptureSubjectContext
_except_handler3
KeTickCount
KeBugCheckEx
ExQueueWorkItem
KeStackAttachProcess
KeUnstackDetachProcess
PsImpersonateClient
ExFreePoolWithTag
ZwQuerySystemInformation
PsGetCurrentThreadId
PsGetCurrentProcessId
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
ExDeleteResourceLite
ZwOpenKey
ExAcquireSharedWaitForExclusive
ExGetPreviousMode
wcscpy
ZwSetInformationObject
wcslen
ZwQueryObject
memmove
RtlFreeOemString
RtlUnicodeStringToOemString

hal

KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock

Exports

Exports

AcceptSecurityContext
AcquireCredentialsHandleW
AddCredentialsW
ApplyControlToken
CredMarshalTargetInfo
DeleteSecurityContext
EfsDecryptFek
EfsGenerateKey
EnumerateSecurityPackagesW
ExportSecurityContext
FreeContextBuffer
FreeCredentialsHandle
GenerateDirEfs
GenerateSessionKey
GetSecurityUserInfo
ImpersonateSecurityContext
ImportSecurityContextW
InitSecurityInterfaceW
InitializeSecurityContextW
KSecRegisterSecurityProvider
KSecValidateBuffer
LsaEnumerateLogonSessions
LsaGetLogonSessionData
MakeSignature
MapSecurityError
QueryContextAttributesW
QueryCredentialsAttributesW
QuerySecurityContextToken
QuerySecurityPackageInfoW
RevertSecurityContext
SealMessage
SecLookupAccountName
SecLookupAccountSid
SecMakeSPN
SecMakeSPNEx
SecSetPagingMode
UnsealMessage
VerifySignature

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEMSG
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/M5281.SY_
.cab
I386/SYSTEM32/DRIVERS/M5287.SY_
.cab
I386/SYSTEM32/DRIVERS/M5288.SY_
.cab
I386/SYSTEM32/DRIVERS/M5289.SY_
.cab
I386/SYSTEM32/DRIVERS/MCD.SYS
.sys windows:5 windows x86 arch:x86

04955ab464ccedc23330b7ab50bca5f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mcd.pdb

Imports

ntoskrnl.exe

sprintf
KeInitializeEvent
IofCallDriver
KeWaitForSingleObject
IoGetAttachedDeviceReference
IoAttachDeviceToDeviceStack
ObfDereferenceObject
IoDeleteDevice
IoCreateSymbolicLink
IoAllocateDriverObjectExtension
RtlFreeUnicodeString
swprintf
IoDeleteSymbolicLink
RtlInitUnicodeString
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
ExAllocatePoolWithTag
ExFreePoolWithTag
IoGetConfigurationInformation
IoSetHardErrorOrVerifyDevice
IoBuildDeviceIoControlRequest
IoGetDriverObjectExtension

hal

KeGetCurrentIrql

classpnp.sys

ClassClaimDevice
ClassCreateDeviceObject
ClassInitialize
ClassDeleteSrbLookasideList
ClassInitializeSrbLookasideList
ClassGetDescriptor
ClassInitializeMediaChangeDetection
ClassSendSrbSynchronous
ClassUpdateInformationInRegistry
ClassSetMediaChangeState
ClassDisableMediaChangeDetection
ClassDeviceControl
ClassEnableMediaChangeDetection
ClassReleaseRemoveLock
ClassCompleteRequest
ClassWmiCompleteRequest

Exports

Exports

ChangerClassAllocatePool
ChangerClassDebugPrint
ChangerClassFreePool
ChangerClassInitialize
ChangerClassSendSrbSynchronous

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 256B - Virtual size: 221B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 258B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/MEGAIDE.SY_
.cab
I386/SYSTEM32/DRIVERS/MNMDD.SYS
.sys windows:5 windows x86 arch:x86

82e7aeea786c329c7649d1223d900744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mnmdd.pdb

Imports

ntoskrnl.exe

MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
ExFreePoolWithTag
MmCreateMdl
MmBuildMdlForNonPagedPool
ExAllocatePoolWithTag

videoprt.sys

VideoPortInitialize
VideoPortZeroMemory

Sections

.rdata
Size: 128B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 896B - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 896B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 312B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/MOUCLASS.SYS
.sys windows:5 windows x86 arch:x86

1939285b2dace32918ca43b18fdbb8b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mouclass.pdb

Imports

ntoskrnl.exe

IoOpenDeviceRegistryKey
IoReleaseRemoveLockEx
IofCompleteRequest
IoReleaseCancelSpinLock
IoAcquireRemoveLockEx
KeSetEvent
KeWaitForSingleObject
KeInitializeEvent
memmove
RtlCopyUnicodeString
RtlQueryRegistryValues
RtlAppendUnicodeToString
ObfDereferenceObject
IoRegisterPlugPlayNotification
IoGetDeviceObjectPointer
IoGetDeviceProperty
IoBuildDeviceIoControlRequest
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoUnregisterPlugPlayNotification
IoFreeWorkItem
DbgPrint
IoQueueWorkItem
IoAllocateWorkItem
ZwClose
PoStartNextPowerIrp
PoSetPowerState
PoRequestPowerIrp
SeSinglePrivilegeCheck
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
PoSetSystemState
IoDeleteDevice
RtlFreeUnicodeString
KeInitializeSpinLock
IoInitializeRemoveLockEx
IoCreateDevice
IoSetDeviceInterfaceState
IoWMIRegistrationControl
IoCancelIrp
ZwSetValueKey
RtlWriteRegistryValue
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
IoRegisterDriverReinitialization
VerSetConditionMask
RtlVerifyVersionInfo
ZwPowerInformation
RtlInitUnicodeString
ExAllocatePoolWithTag
ZwQueryValueKey
ExFreePoolWithTag
PoCallDriver
IofCallDriver

hal

KfAcquireSpinLock
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfReleaseSpinLock

wmilib.sys

WmiSystemControl
WmiCompleteRequest

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 417B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/MOUHID.SYS
.sys windows:5 windows x86 arch:x86

c8bfe0b67f22a55f51cc3ab77d4c5d22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mouhid.pdb

Imports

ntoskrnl.exe

memmove
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
ZwQueryValueKey
PoSetPowerState
IoInitializeRemoveLockEx
IoDeleteDevice
IoDetachDevice
IoAllocateIrp
IoAttachDeviceToDeviceStack
IoCreateDevice
MmBuildMdlForNonPagedPool
RtlInitUnicodeString
IoAllocateMdl
KeSetEvent
IoAllocateErrorLogEntry
PoStartNextPowerIrp
IoFreeIrp
IoReleaseRemoveLockAndWaitEx
IoCancelIrp
IoWMIRegistrationControl
_alldiv
_allmul
KeResetEvent
IoReuseIrp
ZwSetValueKey
ZwClose
IoFreeWorkItem
IoAllocateWorkItem
IoQueueWorkItem
ExAllocatePoolWithTag
IoWriteErrorLogEntry
PoCallDriver
IoOpenDeviceRegistryKey
RtlAppendUnicodeToString
RtlQueryRegistryValues
ExFreePoolWithTag
IoAcquireRemoveLockEx
IofCompleteRequest
IofCallDriver
IoFreeMdl
IoReleaseRemoveLockEx

hal

KeGetCurrentIrql
KfRaiseIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfLowerIrql

wmilib.sys

WmiSystemControl
WmiCompleteRequest

hidparse.sys

HidP_GetCaps
HidP_GetUsageValue
HidP_GetScaledUsageValue
HidP_UsageListDifference
HidP_GetSpecificValueCaps
HidP_MaxUsageListLength
HidP_GetUsages

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/MOUNTMGR.SY_
.cab
I386/SYSTEM32/DRIVERS/MRAID35X.SY_
.cab
I386/SYSTEM32/DRIVERS/MUP.SYS
.sys windows:5 windows x86 arch:x86

56fdb918210bb611720b681a2ebd4386

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mup.pdb

Imports

ntoskrnl.exe

ZwClose
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeQuerySystemTime
RtlRemoveUnicodePrefix
IofCompleteRequest
IoRemoveShareAccess
ExRaiseStatus
_except_handler3
KeLeaveCriticalRegion
KeEnterCriticalRegion
SeQuerySessionIdToken
IoCheckShareAccess
memmove
KeWaitForSingleObject
IofCallDriver
RtlInsertUnicodePrefix
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoCreateFile
KeSetEvent
RtlCompareUnicodeString
ExAcquireResourceSharedLite
IoFreeIrp
KeInitializeEvent
RtlFindUnicodePrefix
_wcsnicmp
IoFreeMdl
MmUnlockPages
ExQueueWorkItem
MmProbeAndLockPages
IoAllocateMdl
ExAllocatePoolWithQuotaTag
ProbeForRead
IoAllocateIrp
NtClose
NtOpenFile
_abnormal_termination
KeGetCurrentThread
RtlInitializeUnicodePrefix
KeInitializeSpinLock
ExInitializeResourceLite
ExDeleteResourceLite
IoDeleteDevice
ZwQueryValueKey
ZwOpenKey
IoWMIRegistrationControl
IoCreateDevice
RtlInitUnicodeString
RtlEqualUnicodeString
wcslen
RtlAppendUnicodeToString
wcschr
RtlCopyLuid
ZwCreateFile
RtlAppendUnicodeStringToString
KeResetEvent
IoGetCurrentProcess
IoIsOperationSynchronous
IoSetShareAccess
ObfDereferenceObject
ZwFsControlFile
RtlCopyUnicodeString
ObReferenceObjectByPointer
ExConvertExclusiveToSharedLite
PsDereferenceImpersonationToken
PsDereferencePrimaryToken
SeTokenType
PsRestoreImpersonation
PsDisableImpersonation
SeImpersonateClientEx
PsAssignImpersonationToken
KeReleaseSemaphore
SeCreateClientSecurity
RtlGetCallersAddress
FsRtlIsNtstatusExpected
IoUnregisterFileSystem
ExDeleteNPagedLookasideList
IoStopTimer
ZwQueryInformationProcess
IoStartTimer
IoInitializeTimer
IoRegisterShutdownNotification
IoRegisterFileSystem
ExInitializeNPagedLookasideList
MmQuerySystemSize
KeInitializeSemaphore
FsRtlRegisterFileSystemFilterCallbacks
ZwCreateDirectoryObject
FsRtlMdlReadDev
FsRtlMdlReadCompleteDev
FsRtlPrepareMdlWriteDev
FsRtlMdlWriteCompleteDev
IoSetTopLevelIrp
IoGetRequestorSessionId
ProbeForWrite
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlEqualString
ZwCreateSymbolicLinkObject
wcscpy
ZwMakeTemporaryObject
ZwOpenSymbolicLinkObject
RtlIntegerToUnicodeString
_snwprintf
ObMakeTemporaryObject
RtlCompareMemory
RtlUnicodeStringToAnsiString
RtlRandom
KeUnstackDetachProcess
KeStackAttachProcess
RtlUpcaseUnicodeChar
ZwOpenFile
InterlockedPopEntrySList
InterlockedPushEntrySList
SeReleaseSubjectContext
SeQueryAuthenticationIdToken
SeCaptureSubjectContext
KeTickCount
ExFreePoolWithTag
ExAllocatePoolWithTag
DbgPrint
KeBugCheckEx
IoWMIWriteEvent

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/NDIS.SYS
.sys windows:5 windows x86 arch:x86

9f4f044e6bf1c3bab8efb25e6f71fcf6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ndis.pdb

Imports

ntoskrnl.exe

IoWMIWriteEvent
ExNotifyCallback
RtlImageDirectoryEntryToData
KeReleaseMutex
KeInitializeEvent
KeWaitForSingleObject
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
IofCompleteRequest
KeInitializeMutex
ZwPowerInformation
ExRegisterCallback
DbgPrint
ExCreateCallback
KeQuerySystemTime
KeInitializeQueue
ExInitializeResourceLite
KeQueryTimeIncrement
KeInitializeSpinLock
IoCreateSymbolicLink
IoCreateDevice
KeNumberProcessors
RtlWriteRegistryValue
ZwClose
ZwOpenKey
IoOpenDeviceRegistryKey
RtlCharToInteger
ZwEnumerateKey
RtlUnicodeStringToInteger
RtlEqualUnicodeString
RtlAppendUnicodeToString
IoGetDeviceProperty
IoSetDeviceInterfaceState
_alldiv
IoInvalidateDeviceState
MmUnlockPagableImageSection
MmLockPagableDataSection
MmLockPagableSectionByHandle
MmAllocateContiguousMemory
MmAllocateNonCachedMemory
MmFreeContiguousMemory
MmFreeNonCachedMemory
KeTickCount
InterlockedPushEntrySList
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoBuildPartialMdl
MmMapLockedPages
MmMapIoSpace
MmUnmapIoSpace
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
RtlExtendedIntegerMultiply
ExGetCurrentProcessorCpuUsage
ExGetCurrentProcessorCounts
KeResetEvent
_allmul
MmMapLockedPagesSpecifyCache
InterlockedPopEntrySList
RtlGetCallersAddress
ObfDereferenceObject
RtlFreeUnicodeString
IoUnregisterShutdownNotification
IoGetDriverObjectExtension
KeSetTimerEx
KeSetTimer
KeInitializeTimerEx
KeBugCheckEx
IoWMIRegistrationControl
KeInsertQueue
ExInterlockedAddLargeInteger
ExfInterlockedInsertHeadList
_except_handler3
memmove
KeSetEvent
RtlAnsiStringToUnicodeString
ExfInterlockedAddUlong
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
ExfInterlockedPushEntryList
ExfInterlockedPopEntryList
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeInsertQueueDpc
IoDeleteSymbolicLink
IoRegisterDeviceInterface
KeInitializeDpc
KeSetImportanceDpc
KeInitializeTimer
KeCancelTimer
IoDeleteDevice
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
IoGetDmaAdapter
KeRegisterBugCheckCallback
KeDeregisterBugCheckCallback
IofCallDriver
IoBuildSynchronousFsdRequest
IoCancelIrp
KeGetRecommendedSharedDataAlignment
ExDeleteNPagedLookasideList
IoDetachDevice
IoAttachDeviceToDeviceStack
MmIsDriverVerifying
IoAllocateDriverObjectExtension
IoFreeIrp
IoAllocateIrp
KeSynchronizeExecution
IoConnectInterrupt
KeSetTargetProcessorDpc
IoDisconnectInterrupt
ZwLoadDriver
PoRequestPowerIrp
PoStartNextPowerIrp
PoCallDriver
PoSetPowerState
SeSinglePrivilegeCheck
RtlInitAnsiString
MmAddVerifierThunks
MmIsVerifierEnabled
ExAllocatePoolWithTagPriority
ExInitializeNPagedLookasideList
RtlGetAce
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlInitializeSid
RtlLengthRequiredSid
RtlMapGenericMask
IoGetFileObjectGenericMapping
ObReleaseObjectSecurity
ObSetSecurityObjectByPointer
RtlSetDaclSecurityDescriptor
RtlSelfRelativeToAbsoluteSD
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetDaclSecurityDescriptor
ObGetObjectSecurity
SeExports
SeSetSecurityDescriptorInfo
RtlLengthSecurityDescriptor
RtlCreateSecurityDescriptor
SeUnlockSubjectContext
SeFreePrivileges
SeAppendPrivileges
SeAccessCheck
SeLockSubjectContext
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlQueryRegistryValues
RtlInitUnicodeString
RtlUpcaseUnicodeString
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
PsGetCurrentThread
ObfReferenceObject
KeRemoveQueue
PsCreateSystemThread
NtClose
ExQueueWorkItem
ExAllocatePoolWithTag
IoFreeMdl
ExFreePoolWithTag

hal

KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
HalTranslateBusAddress
KfAcquireSpinLock
KfReleaseSpinLock
KeRaiseIrqlToDpcLevel

Exports

Exports

ArcFilterDprIndicateReceive
ArcFilterDprIndicateReceiveComplete
EthFilterDprIndicateReceive
EthFilterDprIndicateReceiveComplete
FddiFilterDprIndicateReceive
FddiFilterDprIndicateReceiveComplete
NDIS_BUFFER_TO_SPAN_PAGES
NdisAcquireReadWriteLock
NdisAcquireSpinLock
NdisAdjustBufferLength
NdisAllocateBuffer
NdisAllocateBufferPool
NdisAllocateFromBlockPool
NdisAllocateMemory
NdisAllocateMemoryWithTag
NdisAllocatePacket
NdisAllocatePacketPool
NdisAllocatePacketPoolEx
NdisAllocateSpinLock
NdisAnsiStringToUnicodeString
NdisBufferLength
NdisBufferVirtualAddress
NdisCancelSendPackets
NdisCancelTimer
NdisClAddParty
NdisClCloseAddressFamily
NdisClCloseCall
NdisClDeregisterSap
NdisClDropParty
NdisClGetProtocolVcContextFromTapiCallId
NdisClIncomingCallComplete
NdisClMakeCall
NdisClModifyCallQoS
NdisClOpenAddressFamily
NdisClRegisterSap
NdisCloseAdapter
NdisCloseConfiguration
NdisCloseFile
NdisCmActivateVc
NdisCmAddPartyComplete
NdisCmCloseAddressFamilyComplete
NdisCmCloseCallComplete
NdisCmDeactivateVc
NdisCmDeregisterSapComplete
NdisCmDispatchCallConnected
NdisCmDispatchIncomingCall
NdisCmDispatchIncomingCallQoSChange
NdisCmDispatchIncomingCloseCall
NdisCmDispatchIncomingDropParty
NdisCmDropPartyComplete
NdisCmMakeCallComplete
NdisCmModifyCallQoSComplete
NdisCmOpenAddressFamilyComplete
NdisCmRegisterAddressFamily
NdisCmRegisterSapComplete
NdisCoAssignInstanceName
NdisCoCreateVc
NdisCoDeleteVc
NdisCoGetTapiCallId
NdisCoRequest
NdisCoRequestComplete
NdisCoSendPackets
NdisCompareAnsiString
NdisCompareUnicodeString
NdisCompleteBindAdapter
NdisCompleteDmaTransfer
NdisCompletePnPEvent
NdisCompleteUnbindAdapter
NdisConvertStringToAtmAddress
NdisCopyBuffer
NdisCopyFromPacketToPacket
NdisCopyFromPacketToPacketSafe
NdisCreateBlockPool
NdisDeregisterProtocol
NdisDeregisterTdiCallBack
NdisDestroyBlockPool
NdisDprAcquireSpinLock
NdisDprAllocatePacket
NdisDprAllocatePacketNonInterlocked
NdisDprFreePacket
NdisDprFreePacketNonInterlocked
NdisDprReleaseSpinLock
NdisEqualString
NdisFreeBuffer
NdisFreeBufferPool
NdisFreeMemory
NdisFreePacket
NdisFreePacketPool
NdisFreeSpinLock
NdisFreeToBlockPool
NdisGeneratePartialCancelId
NdisGetBufferPhysicalArraySize
NdisGetCurrentProcessorCounts
NdisGetCurrentProcessorCpuUsage
NdisGetCurrentSystemTime
NdisGetDriverHandle
NdisGetFirstBufferFromPacket
NdisGetFirstBufferFromPacketSafe
NdisGetPacketCancelId
NdisGetPoolFromPacket
NdisGetReceivedPacket
NdisGetRoutineAddress
NdisGetSharedDataAlignment
NdisGetSystemUpTime
NdisGetVersion
NdisIMAssociateMiniport
NdisIMCancelInitializeDeviceInstance
NdisIMCopySendCompletePerPacketInfo
NdisIMCopySendPerPacketInfo
NdisIMDeInitializeDeviceInstance
NdisIMDeregisterLayeredMiniport
NdisIMGetBindingContext
NdisIMGetCurrentPacketStack
NdisIMGetDeviceContext
NdisIMInitializeDeviceInstance
NdisIMInitializeDeviceInstanceEx
NdisIMNotifyPnPEvent
NdisIMQueueMiniportCallback
NdisIMRegisterLayeredMiniport
NdisIMRevertBack
NdisIMSwitchToMiniport
NdisImmediateReadPciSlotInformation
NdisImmediateReadPortUchar
NdisImmediateReadPortUlong
NdisImmediateReadPortUshort
NdisImmediateReadSharedMemory
NdisImmediateWritePciSlotInformation
NdisImmediateWritePortUchar
NdisImmediateWritePortUlong
NdisImmediateWritePortUshort
NdisImmediateWriteSharedMemory
NdisInitAnsiString
NdisInitUnicodeString
NdisInitializeEvent
NdisInitializeReadWriteLock
NdisInitializeString
NdisInitializeTimer
NdisInitializeWrapper
NdisInterlockedAddLargeInterger
NdisInterlockedAddUlong
NdisInterlockedDecrement
NdisInterlockedIncrement
NdisInterlockedInsertHeadList
NdisInterlockedInsertTailList
NdisInterlockedPopEntryList
NdisInterlockedPushEntryList
NdisInterlockedRemoveHeadList
NdisMAllocateMapRegisters
NdisMAllocateSharedMemory
NdisMAllocateSharedMemoryAsync
NdisMCancelTimer
NdisMCloseLog
NdisMCmActivateVc
NdisMCmCreateVc
NdisMCmDeactivateVc
NdisMCmDeleteVc
NdisMCmRegisterAddressFamily
NdisMCmRequest
NdisMCoActivateVcComplete
NdisMCoDeactivateVcComplete
NdisMCoIndicateReceivePacket
NdisMCoIndicateStatus
NdisMCoReceiveComplete
NdisMCoRequestComplete
NdisMCoSendComplete
NdisMCompleteBufferPhysicalMapping
NdisMCreateLog
NdisMDeregisterAdapterShutdownHandler
NdisMDeregisterDevice
NdisMDeregisterDmaChannel
NdisMDeregisterInterrupt
NdisMDeregisterIoPortRange
NdisMFlushLog
NdisMFreeMapRegisters
NdisMFreeSharedMemory
NdisMGetDeviceProperty
NdisMGetDmaAlignment
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisMInitializeScatterGatherDma
NdisMInitializeTimer
NdisMMapIoSpace
NdisMPciAssignResources
NdisMPromoteMiniport
NdisMQueryAdapterInstanceName
NdisMQueryAdapterResources
NdisMQueryInformationComplete
NdisMReadDmaCounter
NdisMRegisterAdapterShutdownHandler
NdisMRegisterDevice
NdisMRegisterDmaChannel
NdisMRegisterInterrupt
NdisMRegisterIoPortRange
NdisMRegisterMiniport
NdisMRegisterUnloadHandler
NdisMRemoveMiniport
NdisMResetComplete
NdisMSendComplete
NdisMSendResourcesAvailable
NdisMSetAttributes
NdisMSetAttributesEx
NdisMSetInformationComplete
NdisMSetMiniportSecondary
NdisMSetPeriodicTimer
NdisMSetTimer
NdisMSleep
NdisMStartBufferPhysicalMapping
NdisMSynchronizeWithInterrupt
NdisMTransferDataComplete
NdisMUnmapIoSpace
NdisMWanIndicateReceive
NdisMWanIndicateReceiveComplete
NdisMWanSendComplete
NdisMWriteLogData
NdisMapFile
NdisMatchPdoWithPacket
NdisOpenAdapter
NdisOpenConfiguration
NdisOpenConfigurationKeyByIndex
NdisOpenConfigurationKeyByName
NdisOpenFile
NdisOpenProtocolConfiguration
NdisOverrideBusNumber
NdisPacketPoolUsage
NdisPacketSize
NdisQueryAdapterInstanceName
NdisQueryBindInstanceName
NdisQueryBuffer
NdisQueryBufferOffset
NdisQueryBufferSafe
NdisQueryMapRegisterCount
NdisQueryPendingIOCount
NdisReEnumerateProtocolBindings
NdisReadConfiguration
NdisReadEisaSlotInformation
NdisReadEisaSlotInformationEx
NdisReadMcaPosInformation
NdisReadNetworkAddress
NdisReadPciSlotInformation
NdisReadPcmciaAttributeMemory
NdisRegisterProtocol
NdisRegisterTdiCallBack
NdisReleaseReadWriteLock
NdisReleaseSpinLock
NdisRequest
NdisReset
NdisResetEvent
NdisReturnPackets
NdisScheduleWorkItem
NdisSend
NdisSendPackets
NdisSetEvent
NdisSetPacketCancelId
NdisSetPacketPoolProtocolId
NdisSetPacketStatus
NdisSetProtocolFilter
NdisSetTimer
NdisSetTimerEx
NdisSetupDmaTransfer
NdisSystemProcessorCount
NdisTerminateWrapper
NdisTransferData
NdisUnchainBufferAtBack
NdisUnchainBufferAtFront
NdisUnicodeStringToAnsiString
NdisUnmapFile
NdisUpcaseUnicodeString
NdisUpdateSharedMemory
NdisWaitEvent
NdisWriteConfiguration
NdisWriteErrorLogEntry
NdisWriteEventLogEntry
NdisWritePciSlotInformation
NdisWritePcmciaAttributeMemory
TrFilterDprIndicateReceive
TrFilterDprIndicateReceiveComplete

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGENPNP
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGENDSP
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGENDSM
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGENDCO
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGENDSF
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGENDSE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGENDST
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGENDSA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/NPFS.SYS
.sys windows:5 windows x86 arch:x86

ec4e8d12bdd1d379c2c1be2c6327a2bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

npfs.pdb

Imports

ntoskrnl.exe

_wcsicmp
ExAllocatePoolWithTag
RtlQueryRegistryValues
IofCompleteRequest
ExReleaseResourceLite
IoRemoveShareAccess
ExAcquireResourceExclusiveLite
KeLeaveCriticalRegion
KeEnterCriticalRegion
DbgBreakPoint
DbgPrint
IoThreadToProcess
SeUnlockSubjectContext
SeOpenObjectAuditAlarm
RtlInitUnicodeString
SeFreePrivileges
SeAppendPrivileges
SeAccessCheck
IoGetFileObjectGenericMapping
SeLockSubjectContext
IoCheckShareAccess
_except_handler3
ObLogSecurityDescriptor
SeAssignSecurity
IoGetRequestorProcess
IoReleaseCancelSpinLock
ExAllocatePoolWithQuotaTag
KeBugCheckEx
FsRtlIsNameInExpression
MmMapLockedPages
ObReferenceObjectByHandle
ObfDereferenceObject
RtlInsertElementGenericTable
ExFreePoolWithTag
RtlDeleteElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
ExAcquireResourceSharedLite
KeSetEvent
IoFreeIrp
IoAllocateIrp
ProbeForWrite
ProbeForRead
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateDevice
RtlFindUnicodePrefix
SeCreateClientSecurity
SeTokenType
SeImpersonateClientEx
SeQuerySecurityDescriptorInfo
ObDereferenceSecurityDescriptor
SeSetSecurityDescriptorInfo
RtlInitializeGenericTable
ExInitializeResourceLite
RtlInitializeUnicodePrefix
RtlInsertUnicodePrefix
RtlRemoveUnicodePrefix
ExDeleteResourceLite
KeInitializeSpinLock
KeCancelTimer
KeSetTimer
ObfReferenceObject
RtlUpcaseUnicodeChar
KeInitializeTimer
KeInitializeDpc
KeTickCount
wcslen
ExEventObjectType
RtlUpcaseUnicodeString

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/NTFS.SYS
.sys windows:5 windows x86 arch:x86

3a42553cb6300059d61e2274c9f3beaf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ntfs.pdb

Imports

ntoskrnl.exe

ExRaiseStatus
FsRtlNormalizeNtstatus
CcFlushCache
ExIsResourceAcquiredExclusiveLite
RtlInitUnicodeString
InterlockedPopEntrySList
InterlockedPushEntrySList
KeQuerySystemTime
RtlCompareMemory
FsRtlAreNamesEqual
FsRtlCheckLockForWriteAccess
FsRtlOplockIsFastIoPossible
FsRtlCheckOplock
CcSetDirtyPinnedData
MmSetAddressRangeModified
MmCanFileBeTruncated
RtlGenerate8dot3Name
RtlUpcaseUnicodeString
CcCopyWrite
CcCanIWrite
CcMdlWriteComplete
MmMapLockedPagesSpecifyCache
CcPrepareMdlWrite
IoGetTopLevelIrp
_aullshr
_allshl
IoGetStackLimits
RtlSetBits
RtlClearBits
FsRtlGetNextLargeMcbEntry
RtlAreBitsSet
RtlFindLastBackwardRunClear
RtlNumberOfClearBits
_allmul
RtlAreBitsClear
RtlFindClearBits
RtlFindClearRuns
FsRtlRemoveLargeMcbEntry
FsRtlLookupLargeMcbEntry
FsRtlAddLargeMcbEntry
KeReleaseMutant
ObfDereferenceObject
CcUninitializeCacheMap
CcSetLogHandleForFile
CcInitializeCacheMap
IoCreateStreamFileObjectLite
KeWaitForSingleObject
CcMapData
CcPinMappedData
CcPinRead
CcPreparePinWrite
CcMdlReadComplete
KeBugCheckEx
CcZeroData
FsRtlIsNtstatusExpected
DbgBreakPoint
DbgPrint
KdDebuggerEnabled
FsRtlNotifyVolumeEvent
RtlDeleteElementGenericTableAvl
IoRemoveShareAccess
FsRtlAddToTunnelCache
FsRtlFastUnlockAll
IoGetRequestorProcess
FsRtlNotifyFilterReportChange
FsRtlDeleteKeyFromTunnelCache
FsRtlNotifyCleanup
FsRtlNotifyFilterChangeDirectory
MmFlushImageSection
KeLeaveCriticalRegion
IoSetTopLevelIrp
KeEnterCriticalRegion
IofCompleteRequest
ExQueueWorkItem
IoGetCurrentProcess
FsRtlIsNameInExpression
FsRtlDoesNameContainWildCards
IoCheckEaBufferValidity
ExIsResourceAcquiredSharedLite
KeSetEvent
IoSetInformation
FsRtlOplockFsctrl
IoUpdateShareAccess
IoSetShareAccess
IoCheckShareAccess
FsRtlCurrentBatchOplock
ObReleaseObjectSecurity
ObGetObjectSecurity
SePrivilegeCheck
CcWaitForCurrentLazyWriterActivity
RtlGetOwnerSecurityDescriptor
FsRtlFindInTunnelCache
SeSinglePrivilegeCheck
KeClearEvent
FsRtlDissectName
_alloca_probe
IoCancelIrp
KeSetKernelStackSwapEnable
KeInitializeEvent
IoIsOperationSynchronous
IofCallDriver
MmUnmapLockedPages
IoBuildPartialMdl
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
KeGetCurrentThread
RtlDecompressBuffer
RtlDecompressFragment
RtlGetCompressionWorkSpaceSize
MmBuildMdlForNonPagedPool
IoFreeIrp
ExReleaseResourceForThreadLite
CcUnpinDataForThread
CcSetBcbOwnerPointer
FsRtlIsTotalDeviceFailure
IoMakeAssociatedIrp
ObfReferenceObject
ExGetExclusiveWaiterCount
KeDelayExecutionThread
ObReferenceObjectByHandle
IoFileObjectType
_local_unwind2
RtlCompressBuffer
MmUnlockPages
IoBuildAsynchronousFsdRequest
RtlLookupElementGenericTableAvl
SeCaptureSubjectContext
RtlUpperString
RtlCompareString
RtlInitString
FsRtlLegalAnsiCharacterArray
NlsOemLeadByteInfo
NlsMbOemCodePageTag
SeDeleteObjectAuditAlarm
ObQueryObjectAuditingByHandle
CcPurgeCacheSection
_allrem
SeAuditHardLinkCreation
SeAuditingHardLinkEventsWithContext
IoBuildDeviceIoControlRequest
CcMdlRead
KeNumberProcessors
CcDeferWrite
ZwClose
ZwCreateFile
ProbeForRead
IoBuildSynchronousFsdRequest
IoGetRelatedDeviceObject
MmPrefetchPages
ProbeForWrite
_alldiv
RtlLengthSid
SeReleaseSubjectContext
SeUnlockSubjectContext
SeAccessCheck
SeLockSubjectContext
RtlMapGenericMask
IoGetFileObjectGenericMapping
CcSetAdditionalCacheAttributes
FsRtlBalanceReads
ObQueryNameString
wcslen
IoCreateDevice
FsRtlIncrementCcFastReadResourceMiss
FsRtlIncrementCcFastReadNotPossible
CcFastCopyRead
FsRtlIncrementCcFastReadNoWait
FsRtlIncrementCcFastReadWait
CcFastCopyWrite
CcFastMdlReadWait
FsRtlUninitializeLargeMcb
FsRtlInitializeLargeMcb
FsRtlPrivateLock
FsRtlFastUnlockSingle
FsRtlFastUnlockAllByKey
FsRtlProcessFileLock
ExDeleteResourceLite
ExInitializeResourceLite
KeInitializeSpinLock
FsRtlResetLargeMcb
KeSetTimer
ExAcquireSharedStarveExclusive
CcGetDirtyPages
KeSetPriorityThread
FsRtlLookupLastLargeMcbEntry
FsRtlNumberOfRunsInLargeMcb
FsRtlSplitLargeMcb
FsRtlTruncateLargeMcb
CcRemapBcb
RtlFreeOemString
RtlUnicodeStringToCountedOemString
FsRtlIsFatDbcsLegal
FsRtlFastCheckLockForWrite
FsRtlFastCheckLockForRead
IoRaiseInformationalHardError
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
IoVolumeDeviceToDosName
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
CcMdlWriteAbort
IoIsSystemThread
RtlLengthSecurityDescriptor
SeAssignSecurity
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
ExInitializePagedLookasideList
ExInitializeNPagedLookasideList
MmIsThisAnNtAsSystem
MmQuerySystemSize
ZwQueryValueKey
ZwOpenKey
RtlVerifyVersionInfo
VerSetConditionMask
IoRegisterDriverReinitialization
KeInitializeDpc
KeInitializeTimer
IoRegisterFileSystem
KeBugCheck
KeInitializeMutant
FsRtlMdlWriteCompleteDev
FsRtlMdlReadCompleteDev
ExUuidCreate
RtlDelete
RtlSplay
RtlValidSid
RtlInsertElementGenericTableFullAvl
RtlLookupElementGenericTableFullAvl
SeQueryInformationToken
RtlEqualSid
SeExports
IoCheckQuotaBufferValidity
RtlInitializeGenericTableAvl
CcSetReadAheadGranularity
FsRtlCheckLockForReadAccess
ExAcquireSharedWaitForExclusive
FsRtlPostStackOverflow
FsRtlPostPagingFileStackOverflow
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
SeValidSecurityDescriptor
SeFreePrivileges
SeDeassignSecurity
SeSetSecurityDescriptorInfo
SeQuerySecurityDescriptorInfo
SeOpenObjectAuditAlarm
SeOpenObjectForDeleteAuditAlarm
SeAppendPrivileges
SeAuditingFileEventsWithContext
RtlEnumerateGenericTableWithoutSplayingAvl
FsRtlFreeFileLock
FsRtlAllocateFileLock
ExReinitializeResourceLite
FsRtlNotifyInitializeSync
FsRtlInitializeTunnelCache
RtlInsertElementGenericTableAvl
FsRtlUninitializeOplock
FsRtlInitializeOplock
FsRtlTeardownPerStreamContexts
IoDeleteDevice
FsRtlDeleteTunnelCache
FsRtlNotifyUninitializeSync
RtlEnumerateGenericTableAvl
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoSetDeviceToVerify
KeTickCount
_abnormal_termination
_except_handler3
RtlFindNextForwardRunClear
ExAcquireFastMutexUnsafe
ExAllocatePoolWithTag
RtlInitializeBitMap
ExFreePoolWithTag
memmove
ExReleaseFastMutexUnsafe
ExReleaseResourceLite
_allshr
ExAcquireResourceSharedLite
ExAcquireResourceExclusiveLite
CcUnpinData
CcCopyRead
CcSetFileSizes
RtlFillMemoryUlong
IoPageRead
IoFreeErrorLogEntry
IoSynchronousPageWrite
ExDeletePagedLookasideList
ExDeleteNPagedLookasideList
IoGetDeviceObjectPointer
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
ZwWaitForSingleObject
PsCreateSystemThread
ZwCreateEvent
PoQueueShutdownWorkItem
ZwFreeVirtualMemory
PsRevertToSelf
PsDereferenceImpersonationToken
PsImpersonateClient
PsReferenceImpersonationToken
ZwAllocateVirtualMemory
ObReferenceObjectByPointer

hal

KeAcquireInStackQueuedSpinLock
ExAcquireFastMutex
KeReleaseQueuedSpinLock
KeAcquireQueuedSpinLock
KfReleaseSpinLock
ExTryToAcquireFastMutex
ExReleaseFastMutex
KeReleaseInStackQueuedSpinLock
KfAcquireSpinLock

ksecdd.sys

GenerateSessionKey
EfsGenerateKey
GenerateDirEfs
InitSecurityInterfaceW
EfsDecryptFek

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/NULL.SYS
.sys windows:5 windows x86 arch:x86

14af89e9cdb7305e12e818c57e5fc17b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

null.pdb

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlInitUnicodeString
IofCompleteRequest
IoCreateDevice
MmPageEntireDriver
IoDeleteDevice

Sections

.rdata
Size: 128B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 384B - Virtual size: 262B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 384B - Virtual size: 354B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 58B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/NVATA.SY_
.cab
I386/SYSTEM32/DRIVERS/NVRAID.SY_
.cab
I386/SYSTEM32/DRIVERS/OPRGHDLR.SY_
.cab
I386/SYSTEM32/DRIVERS/PARTMGR.SY_
.cab
I386/SYSTEM32/DRIVERS/PCI.SY_
.cab
I386/SYSTEM32/DRIVERS/PCIIDE.SY_
.cab
I386/SYSTEM32/DRIVERS/PCIIDEX.SYS
.sys windows:5 windows x86 arch:x86

a33589f50c5c387483780c126bbbad19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

pciidex.pdb

Imports

ntoskrnl.exe

IoBuildSynchronousFsdRequest
KeInitializeEvent
IoDeleteDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
swprintf
IofCompleteRequest
ObReferenceObjectByPointer
KeInitializeSpinLock
KeQueryTimeIncrement
KeTickCount
IoGetConfigurationInformation
_aulldiv
_allmul
IoConnectInterrupt
IoDisconnectInterrupt
IoInvalidateDeviceState
MmUnmapIoSpace
wcslen
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlFindMessage
KeWaitForSingleObject
IoGetAttachedDeviceReference
memmove
IoInvalidateDeviceRelations
ObReferenceObjectByHandle
ZwClose
ZwCreateDirectoryObject
PoCallDriver
PoStartNextPowerIrp
IoFreeIrp
RtlQueryRegistryValues
IoOpenDeviceRegistryKey
IoAllocateDriverObjectExtension
IoAllocateIrp
IoGetDmaAdapter
MmGetPhysicalAddress
IoDeleteController
IoAllocateController
IoFreeController
IoCreateController
PoRequestPowerIrp
PoSetPowerState
KeBugCheckEx
IoGetDriverObjectExtension
RtlInitUnicodeString
RtlUnicodeStringToInteger
ExAllocatePoolWithTag
ExFreePoolWithTag
MmMapIoSpace
HalDispatchTable
IofCallDriver
ObfDereferenceObject
KeSetEvent

hal

WRITE_PORT_ULONG
KfRaiseIrql
KfLowerIrql
KeStallExecutionProcessor
KfAcquireSpinLock
KfReleaseSpinLock
READ_PORT_UCHAR
WRITE_PORT_UCHAR
HalAllocateCrashDumpRegisters

Exports

Exports

PciIdeXDebugPrint
PciIdeXGetBusData
PciIdeXInitialize
PciIdeXSetBusData

Sections

NONPAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 256B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/RAMDISK.SY_
.cab
I386/SYSTEM32/DRIVERS/RAMDRIV.SYS
.sys windows:5 windows x86 arch:x86

da8c2284b8d7857896d3f85d205fbc7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\WINDDK\2600\src\storage\RAMDIS~3.0\SYS_52~1.2\i386\RAMDriv.pdb

Imports

ntoskrnl.exe

IoRaiseInformationalHardError
wcslen
IofCompleteRequest
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
MmMapLockedPagesSpecifyCache
RtlCompareMemory
RtlCopyUnicodeString
RtlQueryRegistryValues
RtlInitUnicodeString
_allmul
KeInitializeSpinLock
ExAllocatePoolWithTag
IoAllocateDriverObjectExtension
ExFreePoolWithTag
IoGetDriverObjectExtension
strncpy
_alldiv
_aulldiv
_allshl
PoCallDriver
PoStartNextPowerIrp
IofCallDriver
KeSetEvent
MmFreeNonCachedMemory
MmFreeContiguousMemory
IoFreeMdl
MmUnlockPages
IoDeleteDevice
IoDetachDevice
IoDeleteSymbolicLink
IoReleaseRemoveLockAndWaitEx
RtlFreeUnicodeString
IoSetDeviceInterfaceState
IoAttachDeviceToDeviceStack
ZwSetValueKey
MmAllocateNonCachedMemory
MmProbeAndLockPages
IoAllocateMdl
IoCreateSymbolicLink
IoInitializeRemoveLockEx
IoCreateDevice
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
KeWaitForSingleObject
KeInitializeEvent
_except_handler3

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 366B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/RDBSS.SYS
.sys windows:5 windows x86 arch:x86

b2277802d974beeabfbf3ed5cee6f8c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rdbss.pdb

Imports

ntoskrnl.exe

ExReleaseResourceLite
ExAcquireResourceExclusiveLite
FsRtlGetNextFileLock
IoReleaseCancelSpinLock
FsRtlIsNtstatusExpected
_except_handler3
KeSetEvent
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
IoRemoveShareAccess
DbgPrint
FsRtlFastUnlockAll
IoGetRequestorProcess
MmForceSectionClosed
MmFlushImageSection
_abnormal_termination
RtlLengthSecurityDescriptor
ExAcquireResourceSharedLite
IoGetStackLimits
ExFreePoolWithTag
ExAllocatePoolWithTag
wcslen
SeQuerySessionIdToken
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
RtlEqualUnicodeString
RtlIntegerToUnicodeString
FsRtlDoesNameContainWildCards
memmove
CcSetFileSizes
IoUpdateShareAccess
IoSetShareAccess
IoCheckShareAccess
RtlCompareMemory
ExConvertExclusiveToSharedLite
MmMapLockedPagesSpecifyCache
IoCheckEaBufferValidity
MmCanFileBeTruncated
CcInitializeCacheMap
CcPurgeCacheSection
FsRtlNormalizeNtstatus
ExRaiseStatus
RtlCreateUnicodeString
RtlPrefixUnicodeString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwClose
ZwOpenDirectoryObject
wcschr
RtlInitUnicodeString
RtlFreeUnicodeString
ProbeForWrite
ProbeForRead
FsRtlFastUnlockSingle
ExSetResourceOwnerPointer
KeGetCurrentThread
FsRtlProcessFileLock
_local_unwind2
KeInitializeSpinLock
ObfReferenceObject
IoCreateDevice
IoDeleteDevice
IoRaiseInformationalHardError
SeQueryAuthenticationIdToken
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IofCompleteRequest
IoGetTopLevelIrp
IoSetTopLevelIrp
KeLeaveCriticalRegion
IoAcquireCancelSpinLock
IoIsOperationSynchronous
KeEnterCriticalRegion
ExQueueWorkItem
ZwOpenKey
ZwQueryValueKey
IoDeleteSymbolicLink
IoWMIRegistrationControl
IoGetCurrentProcess
ExInitializeResourceLite
KeInitializeMutex
ExInitializeNPagedLookasideList
KeInitializeEvent
IoCreateSymbolicLink
ExDeleteNPagedLookasideList
ExDeleteResourceLite
FsRtlFastCheckLockForWrite
FsRtlFastCheckLockForRead
ObfDereferenceObject
ObReferenceObjectByHandle
IoFileObjectType
ExReleaseResourceForThreadLite
ExInterlockedAddLargeStatistic
CcMdlRead
CcCopyRead
CcSetReadAheadGranularity
CcSetAdditionalCacheAttributes
FsRtlCheckLockForReadAccess
ExIsResourceAcquiredSharedLite
CcFlushCache
FsRtlPostStackOverflow
IoUnregisterFileSystem
FsRtlDeregisterUncProvider
IoRegisterFileSystem
FsRtlRegisterUncProvider
SeReleaseSubjectContext
SeCaptureSubjectContext
ExfInterlockedAddUlong
KeResetEvent
CcPrepareMdlWrite
CcCopyWrite
FsRtlCheckLockForWriteAccess
ExIsResourceAcquiredExclusiveLite
CcDeferWrite
CcCanIWrite
KeTickCount
CcFastCopyRead
IoGetRelatedDeviceObject
CcFastCopyWrite
CcZeroData
CcUninitializeCacheMap
KeBugCheckEx
CcMdlWriteComplete
CcMdlReadComplete
IofCallDriver
IoWMIWriteEvent
ExAcquireSharedWaitForExclusive
ExAcquireSharedStarveExclusive
DbgBreakPoint
DbgPrompt
KeCancelTimer
KeSetTimer
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
_alldiv
KeInitializeTimer
KeInitializeDpc
IoFreeIrp
IoAllocateIrp
RtlGetCallersAddress
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
FsRtlTeardownPerStreamContexts
FsRtlInitializeFileLock
SeTokenIsRestricted
FsRtlUninitializeFileLock
KeInitializeQueue
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByPointer
PsThreadType
KeInsertQueue
KeRemoveQueue
MmQuerySystemSize
KeRundownQueue
PsIsThreadTerminating
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
KeQueryTimeIncrement
RtlUpcaseUnicodeChar
MmUnlockPages
ExAllocatePoolWithTagPriority
LsaFreeReturnBuffer
IoCancelIrp
KeReadStateEvent
ZwCreateFile
IoBuildPartialMdl
_allmul
KeQuerySystemTime
KeWaitForSingleObject
ExFreePool
KeReleaseMutex

hal

ExTryToAcquireFastMutex
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock

ksecdd.sys

GetSecurityUserInfo

Exports

Exports

RxAcquireExclusiveFcbResourceInMRx
RxAcquireSharedFcbResourceInMRx
RxAcquireSharedFcbResourceInMRxEx
RxAssert
RxAssociateContextWithMid
RxCancelTimerRequest
RxCeAllocateIrpWithMDL
RxCeBuildAddress
RxCeBuildConnection
RxCeBuildConnectionOverMultipleTransports
RxCeBuildTransport
RxCeBuildVC
RxCeCancelConnectRequest
RxCeFreeIrp
RxCeInitiateVCDisconnect
RxCeQueryAdapterStatus
RxCeQueryInformation
RxCeQueryTransportInformation
RxCeSend
RxCeSendDatagram
RxCeTearDownAddress
RxCeTearDownConnection
RxCeTearDownTransport
RxCeTearDownVC
RxChangeBufferingState
RxCompleteRequest
RxCompleteRequest_Real
RxCreateMidAtlas
RxCreateNetFcb
RxCreateNetFobx
RxCreateNetRoot
RxCreateRxContext
RxCreateSrvCall
RxCreateSrvOpen
RxCreateVNetRoot
RxDbgBreakPoint
RxDereference
RxDereferenceAndDeleteRxContext_Real
RxDestroyMidAtlas
RxDispatchToWorkerThread
RxFinalizeConnection
RxFinalizeNetFcb
RxFinalizeNetFobx
RxFinalizeNetRoot
RxFinalizeSrvCall
RxFinalizeSrvOpen
RxFinalizeVNetRoot
RxFinishFcbInitialization
RxForceFinalizeAllVNetRoots
RxFsdDispatch
RxFsdPostRequest
RxGetFileSizeWithLock
RxGetRDBSSProcess
RxIndicateChangeOfBufferingState
RxIndicateChangeOfBufferingStateForSrvOpen
RxInferFileType
RxInitializeContext
RxLockEnumerator
RxLogEventDirect
RxLogEventWithAnnotation
RxLogEventWithBufferDirect
RxLowIoCompletion
RxLowIoGetBufferAddress
RxMakeLateDeviceAvailable
RxMapAndDissociateMidFromContext
RxMapMidToContext
RxMapSystemBuffer
RxNameCacheActivateEntry
RxNameCacheAddNameCacheControlToGlobalList
RxNameCacheCheckEntry
RxNameCacheCreateEntry
RxNameCacheExpireAndFinalizeEx
RxNameCacheExpireEntry
RxNameCacheExpireEntryWithShortName
RxNameCacheFetchEntry
RxNameCacheFinalize
RxNameCacheFinalizeEx
RxNameCacheFreeActiveListEntries
RxNameCacheFreeEntry
RxNameCacheFreeNotifiedFreeList
RxNameCacheInitialize
RxNameCacheInitializeEx
RxNameCacheNotifyFreeListEntries
RxNameCacheRemoveNameCacheCtlFromGlobalList
RxNameCacheScavengeNameCaches
RxNewMapUserBuffer
RxPostOneShotTimerRequest
RxPostRecurrentTimerRequest
RxPostToWorkerThread
RxPrefixTableLookupName
RxPrepareContextForReuse
RxPrepareToReparseSymbolicLink
RxPurgeAllFobxs
RxPurgeRelatedFobxs
RxReassociateMid
RxReference
RxRegisterMinirdr
RxReleaseFcbResourceForThreadInMRx
RxReleaseFcbResourceInMRx
RxResumeBlockedOperations_Serially
RxScavengeAllFobxs
RxScavengeFobxsForNetRoot
RxSetDomainForMailslotBroadcast
RxSetMinirdrCancelRoutine
RxSetSrvCallDomainName
RxSpinDownMRxDispatcher
RxStartMinirdr
RxStopMinirdr
RxpAcquirePrefixTableLockExclusive
RxpAcquirePrefixTableLockShared
RxpDereferenceAndFinalizeNetFcb
RxpDereferenceNetFcb
RxpReferenceNetFcb
RxpReleasePrefixTableLock
RxpTrackDereference
RxpTrackReference
RxpUnregisterMinirdr
_RxAllocatePoolWithTag
_RxCheckMemoryBlock
_RxFreePool
__RxFillAndInstallFastIoDispatch
__RxSynchronizeBlockingOperationsMaybeDroppingFcbLock

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/RR2310.SY_
.cab
I386/SYSTEM32/DRIVERS/RR2320.SY_
.cab
I386/SYSTEM32/DRIVERS/S150SX8.SY_
.cab
I386/SYSTEM32/DRIVERS/SCSIPORT.SY_
.cab
I386/SYSTEM32/DRIVERS/SETUPDD.SY_
.cab
I386/SYSTEM32/DRIVERS/SFLOPPY.SY_
.cab
I386/SYSTEM32/DRIVERS/SI3112.SY_
.cab
I386/SYSTEM32/DRIVERS/SI31122.SY_
.cab
I386/SYSTEM32/DRIVERS/SI3112R.SY_
.cab
I386/SYSTEM32/DRIVERS/SI3114.SY_
.cab
I386/SYSTEM32/DRIVERS/SI3114R.SY_
.cab
I386/SYSTEM32/DRIVERS/SI3114R5.SY_
.cab
I386/SYSTEM32/DRIVERS/SI3124.SY_
.cab
I386/SYSTEM32/DRIVERS/SI3124R.SY_
.cab
I386/SYSTEM32/DRIVERS/SI3124R5.SY_
.cab
I386/SYSTEM32/DRIVERS/SI3132.SY_
.cab
I386/SYSTEM32/DRIVERS/SI3132R5.SY_
.cab
I386/SYSTEM32/DRIVERS/SLIP.SY_
.cab
I386/SYSTEM32/DRIVERS/SPDDLANG.SY_
.cab
I386/SYSTEM32/DRIVERS/TDI.SYS
.sys windows:5 windows x86 arch:x86

fee2a04892d6c54fa6001f1dede0ad0e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tdi.pdb

Imports

ntoskrnl.exe

RtlExtendedMagicDivide
KeTickCount
KeWaitForSingleObject
KeGetCurrentThread
KeSetEvent
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlInitString
IoWriteErrorLogEntry
memmove
IoAllocateErrorLogEntry
MmAllocateMappingAddress
MmFreeMappingAddress
_except_handler3
MmMapLockedPagesSpecifyCache
KefReleaseSpinLockFromDpcLevel
MmUnmapLockedPages
MmUnmapReservedMapping
MmMapLockedPagesWithReservedMapping
RtlExtendedIntegerMultiply
KefAcquireSpinLockAtDpcLevel
NtCreateFile
ExFreePoolWithTag
wcslen
_wcsicmp
wcscpy
_wcsnicmp
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCompareUnicodeString
DbgPrint
DbgBreakPoint
KeInitializeEvent
RtlGetCallersAddress
RtlCopyUnicodeString
KeBugCheckEx
KeSetTimer
KeInitializeDpc
KeInitializeTimer
ExQueueWorkItem
KeQueryTimeIncrement
IoBuildPartialMdl
KeInitializeSpinLock

hal

KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisRegisterTdiCallBack
NdisDeregisterTdiCallBack
NdisReturnPackets

Exports

Exports

CTEAllocateString
CTEBlock
CTEBlockWithTracker
CTEInitEvent
CTEInitString
CTEInitTimer
CTEInitialize
CTEInsertBlockTracker
CTELogEvent
CTERemoveBlockTracker
CTEScheduleCriticalEvent
CTEScheduleDelayedEvent
CTEScheduleEvent
CTESignal
CTEStartTimer
CTESystemUpTime
DllInitialize
DllUnload
TdiBuildNetbiosAddress
TdiBuildNetbiosAddressEa
TdiCopyBufferToMdl
TdiCopyBufferToMdlWithReservedMappingAtDpcLevel
TdiCopyMdlChainToMdlChain
TdiCopyMdlToBuffer
TdiDefaultChainedRcvDatagramHandler
TdiDefaultChainedRcvExpeditedHandler
TdiDefaultChainedReceiveHandler
TdiDefaultConnectHandler
TdiDefaultDisconnectHandler
TdiDefaultErrorHandler
TdiDefaultRcvDatagramHandler
TdiDefaultRcvExpeditedHandler
TdiDefaultReceiveHandler
TdiDefaultSendPossibleHandler
TdiDeregisterAddressChangeHandler
TdiDeregisterDeviceObject
TdiDeregisterNetAddress
TdiDeregisterNotificationHandler
TdiDeregisterPnPHandlers
TdiDeregisterProvider
TdiEnumerateAddresses
TdiInitialize
TdiMapUserRequest
TdiMatchPdoWithChainedReceiveContext
TdiOpenNetbiosAddress
TdiPnPPowerComplete
TdiPnPPowerRequest
TdiProviderReady
TdiRegisterAddressChangeHandler
TdiRegisterDeviceObject
TdiRegisterNetAddress
TdiRegisterNotificationHandler
TdiRegisterPnPHandlers
TdiRegisterProvider
TdiReturnChainedReceives

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 256B - Virtual size: 245B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/UDFS.SYS
.sys windows:5 windows x86 arch:x86

7dc9e6fb1071f618770afc5314c02e06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

udfs.pdb

Imports

ntoskrnl.exe

FsRtlUninitializeLargeMcb
CcUnpinData
CcMapData
_except_handler3
ExReleaseFastMutexUnsafe
CcSetFileSizes
ExAcquireFastMutexUnsafe
KeGetCurrentThread
FsRtlAddLargeMcbEntry
FsRtlInitializeLargeMcb
ObfDereferenceObject
CcUninitializeCacheMap
CcMdlReadComplete
ExReleaseResourceLite
_abnormal_termination
CcPurgeCacheSection
MmFlushImageSection
CcInitializeCacheMap
IoCreateStreamFileObject
FsRtlNotifyVolumeEvent
IoRemoveShareAccess
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
FsRtlNotifyCleanup
FsRtlOplockIsFastIoPossible
FsRtlFastUnlockAll
IoGetRequestorProcess
FsRtlCheckOplock
KeBugCheckEx
ExQueueWorkItem
KeLeaveCriticalRegion
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
RtlUpcaseUnicodeString
IoUpdateShareAccess
IoSetShareAccess
IoCheckShareAccess
FsRtlCurrentBatchOplock
FsRtlDoesNameContainWildCards
memmove
_wcsnicmp
IofCallDriver
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
FsRtlNormalizeNtstatus
KeClearEvent
KeSetEvent
IoFreeIrp
IoFreeMdl
ExReleaseResourceForThreadLite
FsRtlIsNtstatusExpected
MmProbeAndLockPages
IoAllocateMdl
IoBuildSynchronousFsdRequest
MmBuildMdlForNonPagedPool
IoBuildPartialMdl
IoMakeAssociatedIrp
MmMapLockedPagesSpecifyCache
FsRtlNotifyFullChangeDirectory
FsRtlLegalAnsiCharacterArray
ExAcquireResourceSharedLite
FsRtlOplockFsctrl
CcWaitForCurrentLazyWriterActivity
_allmul
IoFileObjectType
SeSinglePrivilegeCheck
_alldiv
IoDeleteDevice
ObfReferenceObject
KeInitializeSpinLock
IoCreateDevice
RtlCompareMemory
FsRtlProcessFileLock
RtlUpcaseUnicodeToOemN
FsRtlIsFatDbcsLegal
RtlUnicodeStringToCountedOemString
FsRtlIsNameInExpression
RtlSplay
InterlockedPopEntrySList
InterlockedPushEntrySList
RtlDelete
CcMdlRead
CcCopyRead
CcSetReadAheadGranularity
FsRtlCheckLockForReadAccess
IoSetTopLevelIrp
ExAcquireSharedStarveExclusive
FsRtlResetLargeMcb
FsRtlNotifyUninitializeSync
ExDeleteResourceLite
RtlTimeFieldsToTime
RtlLookupElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
FsRtlAllocateFileLock
ExInitializeResourceLite
RtlInitializeGenericTable
FsRtlNotifyInitializeSync
FsRtlUninitializeOplock
FsRtlFreeFileLock
FsRtlTeardownPerStreamContexts
RtlDeleteElementGenericTable
FsRtlTruncateLargeMcb
RtlInsertElementGenericTable
IofCompleteRequest
IoGetStackLimits
IoGetTopLevelIrp
IoRaiseHardError
IoSetDeviceToVerify
IoGetDeviceToVerify
IoIsOperationSynchronous
ExInitializePagedLookasideList
ExInitializeNPagedLookasideList
MmQuerySystemSize
FsRtlCopyRead
IoRegisterFileSystem
RtlInitUnicodeString
IoSetHardErrorOrVerifyDevice
IoVerifyVolume
FsRtlUninitializeMcb
FsRtlInitializeMcb
FsRtlRemoveMcbEntry
FsRtlAddMcbEntry
FsRtlLookupLastMcbEntry
KeTickCount
FsRtlLookupLargeMcbEntry
ExAllocatePoolWithTag
ExFreePoolWithTag
ExRaiseStatus
ObReferenceObjectByHandle
_aullshr

hal

KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/ULSATA.SY_
.cab
I386/SYSTEM32/DRIVERS/ULSATA2.SY_
.cab
I386/SYSTEM32/DRIVERS/USBCCGP.SYS
.sys windows:5 windows x86 arch:x86

3bffba67bbd4791f1e6a2e975b3bd446

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

usbccgp.pdb

Imports

ntoskrnl.exe

RtlQueryRegistryValues
KeInitializeSpinLock
KeInitializeEvent
IoAttachDeviceToDeviceStack
IoCreateDevice
ExAllocatePoolWithTag
IofCallDriver
IofCompleteRequest
PoStartNextPowerIrp
IoFreeIrp
IoAllocateIrp
KeWaitForSingleObject
memset
ExFreePool
IoDeleteDevice
IoInvalidateDeviceRelations
ObfReferenceObject
PoCallDriver
PoRequestPowerIrp
IoCancelIrp
KeSetEvent
swprintf
IoReleaseCancelSpinLock
InterlockedExchange
RtlCompareMemory
IoDetachDevice
InterlockedIncrement
InterlockedDecrement
ZwClose
ZwSetValueKey
IoOpenDeviceRegistryKey
RtlInitUnicodeString
ZwQueryValueKey
KeTickCount
KeBugCheckEx
memcpy
ProbeForRead
ExAllocatePoolWithQuotaTag
RtlUnwind

hal

KfReleaseSpinLock
KfAcquireSpinLock

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECONS
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/USBD.SYS
.dll windows:5 windows x86 arch:x86

efa786af00ca4e3af1e16722ec0fee68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

usbd.pdb

Imports

ntoskrnl.exe

ZwQueryValueKey
ExAllocatePoolWithTag
RtlInitUnicodeString
ZwClose
IoOpenDeviceRegistryKey
ExFreePool

Exports

Exports

DllInitialize
DllUnload
USBD_AllocateDeviceName
USBD_CalculateUsbBandwidth
USBD_CompleteRequest
USBD_CreateConfigurationRequest
USBD_CreateConfigurationRequestEx
USBD_CreateDevice
USBD_Debug_GetHeap
USBD_Debug_LogEntry
USBD_Debug_RetHeap
USBD_Dispatch
USBD_FreeDeviceMutex
USBD_FreeDeviceName
USBD_GetDeviceInformation
USBD_GetInterfaceLength
USBD_GetPdoRegistryParameter
USBD_GetSuspendPowerState
USBD_GetUSBDIVersion
USBD_InitializeDevice
USBD_MakePdoName
USBD_ParseConfigurationDescriptor
USBD_ParseConfigurationDescriptorEx
USBD_ParseDescriptors
USBD_QueryBusTime
USBD_RegisterHcDeviceCapabilities
USBD_RegisterHcFilter
USBD_RegisterHostController
USBD_RemoveDevice
USBD_RestoreDevice
USBD_SetSuspendPowerState
USBD_WaitDeviceMutex
_USBD_CreateConfigurationRequestEx@8
_USBD_ParseConfigurationDescriptorEx@28
_USBD_ParseDescriptors@16

Sections

.text
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 896B - Virtual size: 846B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 198B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 128B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/USBEHCI.SYS
.sys windows:5 windows x86 arch:x86

93d41733219035ac43944715a8772cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

usbehci.pdb

Imports

ntoskrnl.exe

KeQuerySystemTime
KeTickCount
KeBugCheckEx
READ_REGISTER_ULONG
WRITE_REGISTER_ULONG

hal

KeStallExecutionProcessor

usbport.sys

USBPORT_GetHciMn
USBPORT_RegisterUSBPortDriver

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 978B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/USBHUB.SYS
.sys windows:5 windows x86 arch:x86

b5d4721d49fa424f9afec5a4cb9dab72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

usbhub.pdb

Imports

ntoskrnl.exe

InterlockedDecrement
IoInvalidateDeviceRelations
PoRequestPowerIrp
IoGetDeviceProperty
IoDeleteDevice
IoWMIRegistrationControl
KeInitializeSemaphore
IoAttachDeviceToDeviceStack
IoCreateDevice
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoFreeIrp
IoDetachDevice
ZwSetValueKey
RtlInitUnicodeString
ZwClose
IoOpenDeviceRegistryKey
IoInvalidateDeviceState
ExQueueWorkItem
InterlockedIncrement
KeSetTimer
KeInitializeDpc
KeInitializeTimer
IoInitializeIrp
IoAllocateIrp
ObfDereferenceObject
KeReleaseSemaphore
ObfReferenceObject
InterlockedExchange
KeSetEvent
memmove
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
KeDelayExecutionThread
KeQueryTimeIncrement
KeCancelTimer
IoSetCompletionRoutineEx
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
RtlCompareMemory
ZwQueryValueKey
RtlWriteRegistryValue
RtlFreeUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
PoStartNextPowerIrp
PoCallDriver
IoFreeWorkItem
ExfInterlockedInsertTailList
InterlockedCompareExchange
IoQueueWorkItem
IoAllocateWorkItem
ExfInterlockedRemoveHeadList
KeTickCount
KeBugCheckEx
KeWaitForSingleObject
ExFreePool
IofCallDriver
KeInitializeEvent
IoBuildDeviceIoControlRequest
KeInitializeSpinLock
IoCancelIrp
IofCompleteRequest
swprintf
RtlQueryRegistryValues
KeResetEvent
ExAllocatePoolWithTag
ExAllocatePoolWithQuotaTag
ProbeForRead
_except_handler3

hal

KfAcquireSpinLock
KfReleaseSpinLock

wmilib.sys

WmiSystemControl
WmiFireEvent
WmiCompleteRequest

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptorEx
USBD_GetPdoRegistryParameter
USBD_CalculateUsbBandwidth

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECONS
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/USBOHCI.SYS
.sys windows:5 windows x86 arch:x86

1fb9dcb8f3a3980d011d4cddb2f5d0c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

usbohci.pdb

Imports

hal

KeStallExecutionProcessor

ntoskrnl.exe

ExAllocatePoolWithTag
READ_REGISTER_ULONG
KeQuerySystemTime
KeTickCount
KeBugCheckEx
WRITE_REGISTER_ULONG
ExFreePool

usbport.sys

USBPORT_RegisterUSBPortDriver

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/USBPORT.SYS
.dll windows:5 windows x86 arch:x86

c83e2635cd2a6c76bcbaea1b8b676ff6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

usbport.pdb

Imports

ntoskrnl.exe

KeDelayExecutionThread
KeQueryTimeIncrement
InterlockedDecrement
ObfDereferenceObject
IoBuildSynchronousFsdRequest
IoGetAttachedDeviceReference
KeBugCheckEx
ZwClose
ZwOpenKey
RtlInitUnicodeString
KeInitializeSpinLock
RtlFreeUnicodeString
IoCreateSymbolicLink
ExAllocatePoolWithTag
RtlQueryRegistryValues
IoIsWdmVersionAvailable
ExFreePool
IoDeleteSymbolicLink
IoDisconnectInterrupt
IoConnectInterrupt
IoGetDmaAdapter
IoGetDeviceProperty
IoCsqInitialize
KeInitializeDpc
IofCompleteRequest
PoStartNextPowerIrp
KeInsertQueueDpc
InterlockedIncrement
RtlCompareMemory
InterlockedCompareExchange
IoCsqRemoveNextIrp
KeCancelTimer
KeSetTimer
ExQueueWorkItem
KeInitializeTimer
KeReleaseSemaphore
ObReferenceObjectByHandle
PsTerminateSystemThread
KeResetEvent
IoAllocateIrp
KeGetCurrentThread
_alldiv
PsCreateSystemThread
IoReleaseCancelSpinLock
InterlockedExchange
ExfInterlockedInsertTailList
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoFreeMdl
IoAcquireCancelSpinLock
MmMapLockedPages
ZwQueryValueKey
IoOpenDeviceRegistryKey
ZwSetValueKey
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
IoDeleteDevice
IoCreateDevice
MmMapIoSpace
wcslen
KeRegisterBugCheckReasonCallback
KeDeregisterBugCheckReasonCallback
ObfReferenceObject
IoAttachDeviceToDeviceStack
KeInitializeSemaphore
IoDetachDevice
PoCallDriver
IoCsqInsertIrp
PoRequestPowerIrp
IoCancelIrp
MmBuildMdlForNonPagedPool
IoAllocateMdl
DbgBreakPoint
ExfInterlockedInsertHeadList
ExfInterlockedRemoveHeadList
KeTickCount
KeInitializeEvent
IofCallDriver
KeWaitForSingleObject
IoFreeIrp
KeQuerySystemTime
KeSetEvent
ExAllocatePoolWithQuotaTag
ProbeForRead
_except_handler3

hal

KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

Exports

Exports

DllUnload
USBPORT_GetHciMn
USBPORT_RegisterUSBPortDriver

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 256B - Virtual size: 139B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGECONS
Size: 128B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/USBSTOR.SYS
.sys windows:5 windows x86 arch:x86

13dc0893c4a2b68055db44bf2658899f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

usbstor.pdb

Imports

ntoskrnl.exe

IoCreateDevice
IoDetachDevice
ExFreePoolWithTag
IoFreeWorkItem
IoDeleteDevice
KeWaitForSingleObject
KeSetEvent
ObfReferenceObject
ExAllocatePoolWithTag
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlInitAnsiString
RtlInitUnicodeString
sprintf
IoFreeIrp
IoCancelIrp
IoAllocateIrp
KeInitializeEvent
IoSetCompletionRoutineEx
IoInitializeTimer
IofCallDriver
IoAttachDeviceToDeviceStack
IoSetStartIoAttributes
IoStartPacket
PoRequestPowerIrp
IoStopTimer
IoStartTimer
IoAllocateWorkItem
IoReleaseCancelSpinLock
KeRemoveEntryDeviceQueue
IoQueueWorkItem
IoFreeMdl
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmMapLockedPagesSpecifyCache
memmove
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoBuildPartialMdl
IoAcquireCancelSpinLock
KeTickCount
KeBugCheckEx
IofCompleteRequest
IoStartNextPacket
PoStartNextPowerIrp
PoCallDriver
IoOpenDeviceRegistryKey
RtlQueryRegistryValues
KeInitializeSpinLock
ZwClose
MmHighestUserAddress
IoBuildSynchronousFsdRequest

hal

KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
KfRaiseIrql
KfLowerIrql

usbd.sys

USBD_CreateConfigurationRequestEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/USBUHCI.SYS
.sys windows:5 windows x86 arch:x86

a3c93851a60296dfb12ba6c2f93f7ac0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

usbuhci.pdb

Imports

hal

WRITE_PORT_UCHAR
WRITE_PORT_USHORT
READ_PORT_USHORT
READ_PORT_UCHAR
WRITE_PORT_ULONG
KeStallExecutionProcessor
READ_PORT_ULONG

ntoskrnl.exe

InterlockedExchange
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
KeTickCount
KeBugCheckEx
KeQuerySystemTime

usbport.sys

USBPORT_RegisterUSBPortDriver

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 640B - Virtual size: 588B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 896B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/VGA.SYS
.sys windows:5 windows x86 arch:x86

2f9f63c86fa68645ec31c9297d383a27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

vga.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
memmove
_except_handler3

videoprt.sys

VideoPortFreePool
VideoPortQueryServices
VideoPortFreeDeviceBase
VideoPortInitialize
VideoPortReadPortUshort
VideoPortWritePortBufferUshort
VideoPortWritePortUshort
VideoPortWritePortUchar
VideoPortReadPortUchar
VideoPortZeroDeviceMemory
VideoPortStallExecution
VideoPortInt10
VideoPortZeroMemory
VideoPortCompareMemory
VideoPortVerifyAccessRanges
VideoPortWriteRegisterBufferUchar
VideoPortAllocatePool
VideoPortSetTrappedEmulatorPorts
VideoPortMoveMemory
VideoPortReadRegisterUchar
VideoPortWriteRegisterUchar
VideoPortWritePortUlong
VideoPortGetDeviceBase
VideoPortGetDeviceData
VideoPortUnmapMemory
VideoPortMapMemory
VideoPortSynchronizeExecution
VideoPortReadPortUlong

Sections

.text
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE_DAT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 698B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/VIAIDE.SY_
.cab
I386/SYSTEM32/DRIVERS/VIAMRAID.SY_
.cab
I386/SYSTEM32/DRIVERS/VIDEOPRT.SYS
.sys windows:5 windows x86 arch:x86

8e6f45586c9f16305efeb419543f4e81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

videoprt.pdb

Imports

ntoskrnl.exe

ZwQueryValueKey
ExAllocatePoolWithTag
ZwSetValueKey
ZwOpenKey
memmove
ZwClose
ZwMapViewOfSection
ZwOpenSection
RtlInitUnicodeString
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
Ke386SetIoAccessMap
Ke386QueryIoAccessMap
ObfReferenceObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetAttachedDeviceReference
PoRequestPowerIrp
ExUnregisterCallback
IoGetAttachedDevice
ExQueueWorkItem
ExRegisterCallback
ExCreateCallback
IoRegisterPlugPlayNotification
IoBuildSynchronousFsdRequest
MmMapLockedPagesSpecifyCache
ObOpenObjectByPointer
MmUnmapLockedPages
MmCreateMdl
MmMapIoSpace
MmUnmapIoSpace
ZwQuerySystemInformation
MmAllocateContiguousMemory
IoGetDmaAdapter
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
MmUnlockPages
NtBuildNumber
IoGetDeviceAttachmentBaseRef
ZwFlushKey
RtlCreateRegistryKey
RtlCheckRegistryKey
RtlWriteRegistryValue
KeSetEvent
KeCapturePersistentThreadState
PsGetContextThread
PsGetCurrentThread
KeInsertQueueApc
KeInitializeApc
IoRaiseInformationalHardError
IoOpenDeviceRegistryKey
swprintf
IoDeleteDevice
IoInvalidateDeviceRelations
RtlAnsiStringToUnicodeString
RtlInitAnsiString
wcscpy
PoSetPowerState
IoInitializeRemoveLockEx
KeInitializeMutex
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoCreateDevice
KeInsertQueueDpc
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
SeExports
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwWriteFile
ZwCreateFile
ExFreePoolWithTag
PoCallDriver
IofCompleteRequest
PoStartNextPowerIrp
IoGetDeviceProperty
IoDetachDevice
IoGetDriverObjectExtension
KeTickCount
KeBugCheckEx
_wcsnicmp
wcslen
RtlQueryRegistryValues
RtlCompareUnicodeString
IoReportResourceUsage
IoReportResourceForDetection
IoAssignResources
KeInitializeSpinLock
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeClearEvent
KeReadStateEvent
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlIntegerToUnicodeString
vDbgPrintEx
MmUnmapVideoDisplay
MmMapVideoDisplay
IoQueryDeviceDescription
ZwReadFile
ZwQueryInformationFile
ZwOpenFile
wcschr
KeRegisterBugCheckReasonCallback
HalDispatchTable
ZwCreateKey
wcsstr
KeDeregisterBugCheckReasonCallback
IoUnregisterPlugPlayNotification
IoRegisterShutdownNotification
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
READ_REGISTER_UCHAR
wcsncmp
IoStartTimer
IoStopTimer
KeSynchronizeExecution
RtlFreeUnicodeString
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
IoGetDeviceInterfaces
wcsncpy
ZwEnumerateValueKey
ZwEnumerateKey
wcscat
RtlGetVersion
InbvEnableBootDriver
InbvCheckDisplayOwnership
InbvNotifyDisplayOwnershipLost
IoCreateNotificationEvent
DbgPrint
PsGetCurrentProcessSessionId
IoAttachDeviceToDeviceStack
MmSetBankedSection
RtlUpcaseUnicodeString
RtlStringFromGUID
ExUuidCreate
IoDisconnectInterrupt
IoInitializeTimer
IoConnectInterrupt
KeInitializeDpc
ObQueryNameString
IoReportDetectedDevice
RtlCopyUnicodeString
IoAllocateDriverObjectExtension
KeWaitForSingleObject
Ke386CallBios
KeReleaseMutex
_except_handler3
PsGetCurrentProcess
KeAttachProcess
KeDetachProcess
SeSinglePrivilegeCheck
ZwSetInformationProcess
PsProcessType
Ke386IoSetAccessProcess
ObfDereferenceObject
ZwUnmapViewOfSection
RtlCompareMemory
KiBugCheckData
ObReferenceObjectByHandle

hal

KeQueryPerformanceCounter
KfReleaseSpinLock
KfAcquireSpinLock
HalGetBusData
HalAssignSlotResources
HalSetBusDataByOffset
HalGetBusDataByOffset
HalEnableSystemInterrupt
HalDisableSystemInterrupt
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
KeStallExecutionProcessor
HalTranslateBusAddress
HalGetInterruptVector

Exports

Exports

PortNotification
VideoPortAcquireDeviceLock
VideoPortAcquireSpinLock
VideoPortAcquireSpinLockAtDpcLevel
VideoPortAllocateBuffer
VideoPortAllocateCommonBuffer
VideoPortAllocateContiguousMemory
VideoPortAllocatePool
VideoPortAssociateEventsWithDmaHandle
VideoPortCheckForDeviceExistance
VideoPortCheckForDeviceExistence
VideoPortClearEvent
VideoPortCompareMemory
VideoPortCompleteDma
VideoPortCreateEvent
VideoPortCreateSecondaryDisplay
VideoPortCreateSpinLock
VideoPortDDCMonitorHelper
VideoPortDbgReportComplete
VideoPortDbgReportCreate
VideoPortDbgReportSecondaryData
VideoPortDebugPrint
VideoPortDeleteEvent
VideoPortDeleteSpinLock
VideoPortDisableInterrupt
VideoPortDoDma
VideoPortEnableInterrupt
VideoPortEnumerateChildren
VideoPortFlushRegistry
VideoPortFreeCommonBuffer
VideoPortFreeDeviceBase
VideoPortFreePool
VideoPortGetAccessRanges
VideoPortGetAgpServices
VideoPortGetAssociatedDeviceExtension
VideoPortGetAssociatedDeviceID
VideoPortGetBusData
VideoPortGetBytesUsed
VideoPortGetCommonBuffer
VideoPortGetCurrentIrql
VideoPortGetDeviceBase
VideoPortGetDeviceData
VideoPortGetDmaAdapter
VideoPortGetDmaContext
VideoPortGetMdl
VideoPortGetRegistryParameters
VideoPortGetRomImage
VideoPortGetVersion
VideoPortGetVgaStatus
VideoPortInitialize
VideoPortInt10
VideoPortInterlockedDecrement
VideoPortInterlockedExchange
VideoPortInterlockedIncrement
VideoPortLockBuffer
VideoPortLockPages
VideoPortLogError
VideoPortMapBankedMemory
VideoPortMapDmaMemory
VideoPortMapMemory
VideoPortMoveMemory
VideoPortNotification
VideoPortPutDmaAdapter
VideoPortQueryPerformanceCounter
VideoPortQueryServices
VideoPortQuerySystemTime
VideoPortQueueDpc
VideoPortReadPortBufferUchar
VideoPortReadPortBufferUlong
VideoPortReadPortBufferUshort
VideoPortReadPortUchar
VideoPortReadPortUlong
VideoPortReadPortUshort
VideoPortReadRegisterBufferUchar
VideoPortReadRegisterBufferUlong
VideoPortReadRegisterBufferUshort
VideoPortReadRegisterUchar
VideoPortReadRegisterUlong
VideoPortReadRegisterUshort
VideoPortReadStateEvent
VideoPortRegisterBugcheckCallback
VideoPortReleaseBuffer
VideoPortReleaseCommonBuffer
VideoPortReleaseDeviceLock
VideoPortReleaseSpinLock
VideoPortReleaseSpinLockFromDpcLevel
VideoPortScanRom
VideoPortSetBusData
VideoPortSetBytesUsed
VideoPortSetDmaContext
VideoPortSetEvent
VideoPortSetRegistryParameters
VideoPortSetTrappedEmulatorPorts
VideoPortSignalDmaComplete
VideoPortStallExecution
VideoPortStartDma
VideoPortStartTimer
VideoPortStopTimer
VideoPortSynchronizeExecution
VideoPortUnlockBuffer
VideoPortUnlockPages
VideoPortUnmapDmaMemory
VideoPortUnmapMemory
VideoPortVerifyAccessRanges
VideoPortWaitForSingleObject
VideoPortWritePortBufferUchar
VideoPortWritePortBufferUlong
VideoPortWritePortBufferUshort
VideoPortWritePortUchar
VideoPortWritePortUlong
VideoPortWritePortUshort
VideoPortWriteRegisterBufferUchar
VideoPortWriteRegisterBufferUlong
VideoPortWriteRegisterBufferUshort
VideoPortWriteRegisterUchar
VideoPortWriteRegisterUlong
VideoPortWriteRegisterUshort
VideoPortZeroDeviceMemory
VideoPortZeroMemory
VpNotifyEaData

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE_DAT
Size: 768B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/VMX_SVGA.SYS
.sys windows:5 windows x86 arch:x86

9641f83ee14bbe9818ce929abe628403

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ob\bora-12327\bora-vmsoft\build\release\svga\NT\vmx_svga.pdb

Imports

videoprt.sys

VideoPortGetRegistryParameters
VideoPortReadPortUlong
VideoPortWritePortUlong
VideoPortSetRegistryParameters
VideoPortZeroMemory
VideoPortGetDeviceBase
VideoPortFreeDeviceBase
VideoPortVerifyAccessRanges
VideoPortUnmapMemory
VideoPortMapMemory
VideoPortMoveMemory
VideoPortGetAccessRanges
VideoPortGetBusData
VideoPortInitialize

Sections

.text
Size: 320B - Virtual size: 302B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 736B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 480B - Virtual size: 478B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 352B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/DRIVERS/WMILIB.SY_
.cab
I386/SYSTEM32/FRAMEBUF.DLL
.dll windows:5 windows x86 arch:x86

13c3a9c9dc4fe3bbd705e5932530af32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

framebuf.pdb

Imports

win32k.sys

EngFreeMem
EngAllocMem
EngModifySurface
EngCreateDeviceSurface
EngDeleteSurface
EngDeviceIoControl
EngDeletePalette
EngCreatePalette
PALOBJ_cGetColors
EngBugCheckEx

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 497B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 384B - Virtual size: 288B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/GDI32.DLL
.dll windows:5 windows x86 arch:x86

3c085705062d2d0266dd5bfd6e436840

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gdi32.pdb

Imports

ntdll

NtQueryVirtualMemory
RtlUnwind
NtConnectPort
NtRegisterThreadTerminatePort
NtRequestWaitReplyPort
_strnicmp
_stricmp
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
strncpy
RtlCompareMemory
wcsncpy
wcsncat
wcsrchr
wcschr
wcscat
_wcsicmp
NtOpenFile
NtQueryInformationFile
NtCreateSection
NtMapViewOfSection
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
NtOpenKey
_wcsnicmp
RtlMultiByteToUnicodeN
wcscpy
NtUnmapViewOfSection
NtClose
memmove
wcslen
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
RtlInitializeCriticalSection
RtlDeleteCriticalSection
_ftol
RtlWalkFrameChain
RtlAllocateHeap
RtlFreeHeap
RtlLeaveCriticalSection
RtlEnterCriticalSection

kernel32

lstrlenA
lstrcpynA
GetFileSizeEx
VirtualUnlock
GetSystemInfo
GlobalLock
GlobalUnlock
IsBadReadPtr
lstrcpyA
lstrlenW
GlobalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLocalTime
GetOEMCP
FindResourceW
SizeofResource
LoadResource
LockResource
LoadLibraryExW
GetCurrentProcessId
ProcessIdToSessionId
LoadLibraryA
GetLocaleInfoW
GetTickCount
SetLastError
InterlockedCompareExchange
CopyFileW
SetFilePointer
IsDBCSLeadByte
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetACP
DisableThreadLibraryCalls
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByteEx
lstrcatW
GetSystemWindowsDirectoryW
SearchPathW
GetDriveTypeW
GetWindowsDirectoryW
CloseHandle
WriteFile
CreateFileW
MulDiv
GlobalFree
lstrcpyW
GetFullPathNameW
DeleteFileW
GetTempFileNameW
GetTempPathW
GlobalSize
GetLastError
LocalReAlloc

user32

InitializeLpkHooks
GetAppCompatFlags2
UserRealizePalette
GetAppCompatFlags
ReleaseDC
GetDC
CharUpperBuffA
GetWindowRect
IntersectRect
wsprintfW

Exports

Exports

AbortDoc
AbortPath
AddFontMemResourceEx
AddFontResourceA
AddFontResourceExA
AddFontResourceExW
AddFontResourceTracking
AddFontResourceW
AngleArc
AnimatePalette
AnyLinkedFonts
Arc
ArcTo
BRUSHOBJ_hGetColorTransform
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
BRUSHOBJ_ulGetBrushColor
BeginPath
BitBlt
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
CLIPOBJ_ppoGetPath
CancelDC
CheckColorsInGamut
ChoosePixelFormat
Chord
ClearBitmapAttributes
ClearBrushAttributes
CloseEnhMetaFile
CloseFigure
CloseMetaFile
ColorCorrectPalette
ColorMatchToTarget
CombineRgn
CombineTransform
CopyEnhMetaFileA
CopyEnhMetaFileW
CopyMetaFileA
CopyMetaFileW
CreateBitmap
CreateBitmapIndirect
CreateBrushIndirect
CreateColorSpaceA
CreateColorSpaceW
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDCW
CreateDIBPatternBrush
CreateDIBPatternBrushPt
CreateDIBSection
CreateDIBitmap
CreateDiscardableBitmap
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateEnhMetaFileA
CreateEnhMetaFileW
CreateFontA
CreateFontIndirectA
CreateFontIndirectExA
CreateFontIndirectExW
CreateFontIndirectW
CreateFontW
CreateHalftonePalette
CreateHatchBrush
CreateICA
CreateICW
CreateMetaFileA
CreateMetaFileW
CreatePalette
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolyPolygonRgn
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateScalableFontResourceA
CreateScalableFontResourceW
CreateSolidBrush
DPtoLP
DdEntry0
DdEntry1
DdEntry10
DdEntry11
DdEntry12
DdEntry13
DdEntry14
DdEntry15
DdEntry16
DdEntry17
DdEntry18
DdEntry19
DdEntry2
DdEntry20
DdEntry21
DdEntry22
DdEntry23
DdEntry24
DdEntry25
DdEntry26
DdEntry27
DdEntry28
DdEntry29
DdEntry3
DdEntry30
DdEntry31
DdEntry32
DdEntry33
DdEntry34
DdEntry35
DdEntry36
DdEntry37
DdEntry38
DdEntry39
DdEntry4
DdEntry40
DdEntry41
DdEntry42
DdEntry43
DdEntry44
DdEntry45
DdEntry46
DdEntry47
DdEntry48
DdEntry49
DdEntry5
DdEntry50
DdEntry51
DdEntry52
DdEntry53
DdEntry54
DdEntry55
DdEntry56
DdEntry6
DdEntry7
DdEntry8
DdEntry9
DeleteColorSpace
DeleteDC
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
DescribePixelFormat
DeviceCapabilitiesExA
DeviceCapabilitiesExW
DrawEscape
Ellipse
EnableEUDC
EndDoc
EndFormPage
EndPage
EndPath
EngAcquireSemaphore
EngAlphaBlend
EngAssociateSurface
EngBitBlt
EngCheckAbort
EngComputeGlyphSet
EngCopyBits
EngCreateBitmap
EngCreateClip
EngCreateDeviceBitmap
EngCreateDeviceSurface
EngCreatePalette
EngCreateSemaphore
EngDeleteClip
EngDeletePalette
EngDeletePath
EngDeleteSemaphore
EngDeleteSurface
EngEraseSurface
EngFillPath
EngFindResource
EngFreeModule
EngGetCurrentCodePage
EngGetDriverName
EngGetPrinterDataFileName
EngGradientFill
EngLineTo
EngLoadModule
EngLockSurface
EngMarkBandingSurface
EngMultiByteToUnicodeN
EngMultiByteToWideChar
EngPaint
EngPlgBlt
EngQueryEMFInfo
EngQueryLocalTime
EngReleaseSemaphore
EngStretchBlt
EngStretchBltROP
EngStrokeAndFillPath
EngStrokePath
EngTextOut
EngTransparentBlt
EngUnicodeToMultiByteN
EngUnlockSurface
EngWideCharToMultiByte
EnumEnhMetaFile
EnumFontFamiliesA
EnumFontFamiliesExA
EnumFontFamiliesExW
EnumFontFamiliesW
EnumFontsA
EnumFontsW
EnumICMProfilesA
EnumICMProfilesW
EnumMetaFile
EnumObjects
EqualRgn
Escape
EudcLoadLinkW
EudcUnloadLinkW
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtEscape
ExtFloodFill
ExtSelectClipRgn
ExtTextOutA
ExtTextOutW
FONTOBJ_cGetAllGlyphHandles
FONTOBJ_cGetGlyphs
FONTOBJ_pQueryGlyphAttrs
FONTOBJ_pfdg
FONTOBJ_pifi
FONTOBJ_pvTrueTypeFontFile
FONTOBJ_pxoGetXform
FONTOBJ_vGetInfo
FillPath
FillRgn
FixBrushOrgEx
FlattenPath
FloodFill
FontIsLinked
FrameRgn
GdiAddFontResourceW
GdiAddGlsBounds
GdiAddGlsRecord
GdiAlphaBlend
GdiArtificialDecrementDriver
GdiCleanCacheDC
GdiComment
GdiConsoleTextOut
GdiConvertAndCheckDC
GdiConvertBitmap
GdiConvertBitmapV5
GdiConvertBrush
GdiConvertDC
GdiConvertEnhMetaFile
GdiConvertFont
GdiConvertMetaFilePict
GdiConvertPalette
GdiConvertRegion
GdiConvertToDevmodeW
GdiCreateLocalEnhMetaFile
GdiCreateLocalMetaFilePict
GdiDeleteLocalDC
GdiDeleteSpoolFileHandle
GdiDescribePixelFormat
GdiDllInitialize
GdiDrawStream
GdiEndDocEMF
GdiEndPageEMF
GdiEntry1
GdiEntry10
GdiEntry11
GdiEntry12
GdiEntry13
GdiEntry14
GdiEntry15
GdiEntry16
GdiEntry2
GdiEntry3
GdiEntry4
GdiEntry5
GdiEntry6
GdiEntry7
GdiEntry8
GdiEntry9
GdiFixUpHandle
GdiFlush
GdiFullscreenControl
GdiGetBatchLimit
GdiGetCharDimensions
GdiGetCodePage
GdiGetDC
GdiGetDevmodeForPage
GdiGetLocalBrush
GdiGetLocalDC
GdiGetLocalFont
GdiGetPageCount
GdiGetPageHandle
GdiGetSpoolFileHandle
GdiGetSpoolMessage
GdiGradientFill
GdiInitSpool
GdiInitializeLanguagePack
GdiIsMetaFileDC
GdiIsMetaPrintDC
GdiIsPlayMetafileDC
GdiPlayDCScript
GdiPlayEMF
GdiPlayJournal
GdiPlayPageEMF
GdiPlayPrivatePageEMF
GdiPlayScript
GdiPrinterThunk
GdiProcessSetup
GdiQueryFonts
GdiQueryTable
GdiRealizationInfo
GdiReleaseDC
GdiReleaseLocalDC
GdiResetDCEMF
GdiSetAttrs
GdiSetBatchLimit
GdiSetLastError
GdiSetPixelFormat
GdiSetServerAttr
GdiStartDocEMF
GdiStartPageEMF
GdiSwapBuffers
GdiTransparentBlt
GdiValidateHandle
GetArcDirection
GetAspectRatioFilterEx
GetBitmapAttributes
GetBitmapBits
GetBitmapDimensionEx
GetBkColor
GetBkMode
GetBoundsRect
GetBrushAttributes
GetBrushOrgEx
GetCharABCWidthsA
GetCharABCWidthsFloatA
GetCharABCWidthsFloatW
GetCharABCWidthsI
GetCharABCWidthsW
GetCharWidth32A
GetCharWidth32W
GetCharWidthA
GetCharWidthFloatA
GetCharWidthFloatW
GetCharWidthI
GetCharWidthInfo
GetCharWidthW
GetCharacterPlacementA
GetCharacterPlacementW
GetClipBox
GetClipRgn
GetColorAdjustment
GetColorSpace
GetCurrentObject
GetCurrentPositionEx
GetDCBrushColor
GetDCOrgEx
GetDCPenColor
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetDeviceGammaRamp
GetETM
GetEUDCTimeStamp
GetEUDCTimeStampExW
GetEnhMetaFileA
GetEnhMetaFileBits
GetEnhMetaFileDescriptionA
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetEnhMetaFilePixelFormat
GetEnhMetaFileW
GetFontAssocStatus
GetFontData
GetFontLanguageInfo
GetFontResourceInfoW
GetFontUnicodeRanges
GetGlyphIndicesA
GetGlyphIndicesW
GetGlyphOutline
GetGlyphOutlineA
GetGlyphOutlineW
GetGlyphOutlineWow
GetGraphicsMode
GetHFONT
GetICMProfileA
GetICMProfileW
GetKerningPairs
GetKerningPairsA
GetKerningPairsW
GetLayout
GetLogColorSpaceA
GetLogColorSpaceW
GetMapMode
GetMetaFileA
GetMetaFileBitsEx
GetMetaFileW
GetMetaRgn
GetMiterLimit
GetNearestColor
GetNearestPaletteIndex
GetObjectA
GetObjectType
GetObjectW
GetOutlineTextMetricsA
GetOutlineTextMetricsW
GetPaletteEntries
GetPath
GetPixel
GetPixelFormat
GetPolyFillMode
GetROP2
GetRandomRgn
GetRasterizerCaps
GetRegionData
GetRelAbs
GetRgnBox
GetStockObject
GetStretchBltMode
GetStringBitmapA
GetStringBitmapW
GetSystemPaletteEntries
GetSystemPaletteUse
GetTextAlign
GetTextCharacterExtra
GetTextCharset
GetTextCharsetInfo
GetTextColor
GetTextExtentExPointA
GetTextExtentExPointI
GetTextExtentExPointW
GetTextExtentExPointWPri
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextExtentPointI
GetTextExtentPointW
GetTextFaceA
GetTextFaceAliasW
GetTextFaceW
GetTextMetricsA
GetTextMetricsW
GetTransform
GetViewportExtEx
GetViewportOrgEx
GetWinMetaFileBits
GetWindowExtEx
GetWindowOrgEx
GetWorldTransform
HT_Get8BPPFormatPalette
HT_Get8BPPMaskPalette
IntersectClipRect
InvertRgn
IsValidEnhMetaRecord
IsValidEnhMetaRecordOffExt
LPtoDP
LineDDA
LineTo
MaskBlt
MirrorRgn
ModifyWorldTransform
MoveToEx
NamedEscape
OffsetClipRgn
OffsetRgn
OffsetViewportOrgEx
OffsetWindowOrgEx
PATHOBJ_bEnum
PATHOBJ_bEnumClipLines
PATHOBJ_vEnumStart
PATHOBJ_vEnumStartClipLines
PATHOBJ_vGetBounds
PaintRgn
PatBlt
PathToRegion
Pie
PlayEnhMetaFile
PlayEnhMetaFileRecord
PlayMetaFile
PlayMetaFileRecord
PlgBlt
PolyBezier
PolyBezierTo
PolyDraw
PolyPatBlt
PolyPolygon
PolyPolyline
PolyTextOutA
PolyTextOutW
Polygon
Polyline
PolylineTo
PtInRegion
PtVisible
QueryFontAssocStatus
RealizePalette

Sections

.text
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/GETUNAME.DLL
.dll windows:5 windows x86 arch:x86

74e9d7d4d55f2b2bec7463426af6d3d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

LoadStringW

Exports

Exports

GetUName

Sections

.text
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 589KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/GINAORG.DLL
.dll windows:5 windows x86 arch:x86

aea47fb2ce69edfeebcbd01873ed34d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msgina.pdb

Imports

msvcrt

_wtoi
wcscat
wcscpy
_wcsnicmp
_wtol
_ftol
atoi
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
wcspbrk
wcsncat
_snwprintf
_wcsicmp
wcslen
wcschr
memmove
wcsstr
wcscmp
_strnicmp
strtok
_except_handler3
wcsncpy
_vsnwprintf
wcstok
strncpy
free
_initterm
malloc
_adjust_fdiv
wcsrchr

ntdll

NtPowerInformation
NtSetInformationProcess
NtShutdownSystem
NtFilterToken
RtlCreateAcl
RtlAddAccessAllowedAce
NtSetInformationToken
NtQueryInformationToken
RtlLengthSid
RtlCopySid
RtlTimeToSecondsSince1980
RtlAnsiStringToUnicodeString
RtlTimeToTimeFields
NtQueryInformationProcess
RtlExpandEnvironmentStrings_U
RtlQueryEnvironmentVariable_U
RtlSetEnvironmentVariable
NtClose
RtlOpenCurrentUser
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSectionAndSpinCount
RtlCreateUnicodeString
RtlEqualUnicodeString
RtlCompareUnicodeString
RtlInitString
RtlInitUnicodeString
RtlNtStatusToDosError
RtlGetNtProductType
RtlSystemTimeToLocalTime
RtlAllocateHeap
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlAllocateAndInitializeSid
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
RtlFreeSid
RtlAdjustPrivilege
NtSetInformationThread
NtDuplicateToken
NtDuplicateObject
NtOpenProcessToken
RtlRunEncodeUnicodeString
RtlRunDecodeUnicodeString
RtlEraseUnicodeString
RtlGetVersion
NtAllocateLocallyUniqueId
RtlEqualSid
RtlConvertSidToUnicodeString
NtConnectPort
NtRequestWaitReplyPort
NtQuerySystemInformation
VerSetConditionMask
RtlFreeUnicodeString

kernel32

GetSystemTime
WaitForSingleObject
SetEvent
CreateEventW
GetTimeFormatW
GetDateFormatW
OpenProfileUserMapping
CloseProfileUserMapping
GetPrivateProfileStringW
QueueUserWorkItem
CompareStringW
HeapFree
GetLocalTime
GetComputerNameExW
HeapAlloc
GetProcessHeap
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetUserDefaultLCID
GetTickCount
WriteProfileStringW
GetProfileStringW
ResumeThread
FreeLibraryAndExitThread
ExitThread
FormatMessageW
GetFileAttributesW
CreateDirectoryW
SetEnvironmentVariableW
VirtualAlloc
VirtualLock
VirtualFree
GetProfileIntW
GetCurrentThreadId
DisableThreadLibraryCalls
GetCurrentProcess
TerminateProcess
GetModuleHandleW
GetLocaleInfoW
SetErrorMode
GetEnvironmentVariableW
CreateFileW
GetFileSize
ReadFile
GetCurrentDirectoryW
SetCurrentDirectoryW
DefineDosDeviceW
SetLastError
GetLastError
GetDriveTypeW
GetShortPathNameW
lstrcpynW
GetVersionExW
lstrcatW
CloseHandle
CreateThread
Sleep
LocalReAlloc
InterlockedDecrement
GetProcAddress
InterlockedIncrement
lstrcmpW
GetSystemTimeAsFileTime
GetComputerNameW
lstrlenW
lstrcmpiW
LoadLibraryExA
SetInformationJobObject
GetACP
lstrcpyW
OutputDebugStringW
LocalAlloc
LocalFree
LoadLibraryExW
QueryInformationJobObject
EnterCriticalSection
LeaveCriticalSection
MulDiv
TerminateThread
GetExitCodeThread
IsDebuggerPresent
EnumUILanguagesW
GetUserDefaultUILanguage
FreeLibrary
ExpandEnvironmentStringsW
LoadLibraryW
LocalSize
WideCharToMultiByte
DuplicateHandle
ResetEvent
UnregisterWait
InterlockedExchange
RegisterWaitForSingleObject
OpenProcess
QueueUserAPC
OpenThread
IsBadWritePtr
OpenEventW
GetCurrentThread
SetProcessWorkingSetSize
ReleaseMutex
CreateMutexW
OpenMutexW
CreateNamedPipeW
DisconnectNamedPipe
WriteFileEx
WaitForSingleObjectEx
ConnectNamedPipe
GetVersionExA
VerifyVersionInfoW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetExitCodeProcess
GetQueuedCompletionStatus
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
CreateJobObjectW
AssignProcessToJobObject
SetThreadPriority

advapi32

MD5Final
GetEventLogInformation
OpenEventLogW
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaOpenPolicy
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
LsaStorePrivateData
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RevertToSelf
ImpersonateLoggedOnUser
FreeSid
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
BuildTrusteeWithObjectsAndSidW
AllocateAndInitializeSid
LsaGetUserName
NotifyBootConfigStatus
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
LsaRetrievePrivateData
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertSidToStringSidW
SetSecurityInfo
GetSecurityInfo
GetAce
InitializeAcl
AddAccessAllowedAceEx
AddAccessAllowedAce
LogonUserW
LsaEnumerateAccountRights
GetUserNameW
GetSidSubAuthorityCount
GetSidLengthRequired
GetSidSubAuthority
LookupAccountSidW
StartServiceW
ControlService
SetThreadToken
LookupAccountNameW
EqualSid
OpenThreadToken
OpenProcessToken
RegOpenKeyW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
QueryServiceConfigW
DuplicateToken
LsaNtStatusToWinError
MD5Init
MD5Update
DuplicateTokenEx
CheckTokenMembership
GetSecurityDescriptorDacl
CreateProcessAsUserW
OpenSCManagerW
CloseEventLog

user32

IsWindowVisible
IsWindowEnabled
KillTimer
DestroyIcon
SetTimer
GetKeyboardLayoutList
SystemParametersInfoW
GetSysColor
CreateIconIndirect
BuildReasonArray
CallWindowProcW
RecordShutdownReason
EnableMenuItem
GetWindowTextLengthW
WinHelpW
GetWindowTextW
SetThreadDesktop
ReasonCodeNeedsComment
CreateDialogParamW
PostMessageW
wsprintfW
GetFocus
MoveWindow
GetDlgItemTextW
SetWindowLongW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
EnableWindow
GetKeyboardLayout
SetForegroundWindow
MsgWaitForMultipleObjectsEx
IsDialogMessageW
GetWindowLongA
RegisterClassExW
DefWindowProcW
MsgWaitForMultipleObjects
CloseDesktop
SetWindowTextW
DrawTextExW
CharNextW
SendMessageW
ShowWindow
LoadStringW
GetSystemMetrics
BeginPaint
EndPaint
UnregisterClassW
GetUserObjectInformationW
SendMessageTimeoutW
SwitchDesktop
DeleteMenu
GetSystemMenu
GetDesktopWindow
IsChild
LoadCursorW
SetFocus
SetCursor
DrawTextW
GetDC
InvalidateRect
TranslateMessage
DispatchMessageW
PeekMessageW
DestroyWindow
DialogBoxParamW
CreateWindowExW
GetKeyState
GetAsyncKeyState
IsDlgButtonChecked
ReasonCodeNeedsBugID
CheckDlgButton
UpdateWindow
ReleaseDC
GetClientRect
FillRect
SetRect
GetWindowLongW
GetDlgItem
GetWindow
GetWindowRect
GetParent
MapWindowPoints
OffsetRect
SetWindowPos
LoadImageW
DisplayExitWindowsWarnings
FindWindowW
GetWindowThreadProcessId
AllowSetForegroundWindow
EnumWindows
GetThreadDesktop
OpenDesktopW
OpenInputDesktop
LoadStringA
MapDialogRect
CopyRect
InflateRect
TrackMouseEvent
DestroyReasons

netapi32

NetUserGetLocalGroups
NetApiBufferFree
DsEnumerateDomainTrustsW
NetUserModalsGet
DsGetDcNameW
NetQueryDisplayInformation
I_NetLogonControl2
NetMessageNameDel
NetUserChangePassword
NetUserGetInfo

gdi32

CreateCompatibleBitmap
CreateBitmap
SetBkColor
ExtTextOutW
PatBlt
TranslateCharsetInfo
SetTextColor
SetBkMode
SetMapMode
GetTextMetricsW
GetCurrentObject
CreateFontIndirectW
SetTextAlign
TextOutW
RealizePalette
UpdateColors
SelectPalette
StretchBlt
BitBlt
GetDeviceCaps
SetStretchBltMode
SetLayout
GetTextExtentPointW
CreateDIBSection
CreateCompatibleDC
SelectObject
GetDIBColorTable
CreatePalette
CreateSolidBrush
GetObjectW
GetStockObject
DeleteDC
DeleteObject
MoveToEx

userenv

GetUserProfileDirectoryW
RefreshPolicy
GetNextFgPolicyRefreshInfo
ord152
ord158

shell32

ord258

shlwapi

StrStrIW
ord437
SHCreateShellPalette

comctl32

ord412
ord413
ord410
InitCommonControlsEx

winsta

_WinStationUpdateClientCachedCredentials
WinStationUnRegisterConsoleNotification
WinStationRegisterConsoleNotification
WinStationIsHelpAssistantSession
WinStationQueryInformationW
WinStationGetTermSrvCountersValue
WinStationDisconnect
WinStationFreeMemory
WinStationEnumerateW
WinStationConnectW
WinStationCloseServer
WinStationOpenServerW

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcStringFreeW
RpcBindingFree
NdrClientCall2

odbc32

ord9
ord24
ord31
ord110
ord12
ord72
ord119
ord141
ord139
ord75

Exports

Exports

ShellShutdownDialog
WlxActivateUserShell
WlxDisconnectNotify
WlxDisplayLockedNotice
WlxDisplaySASNotice
WlxDisplayStatusMessage
WlxGetConsoleSwitchCredentials
WlxGetStatusMessage
WlxInitialize
WlxIsLockOk
WlxIsLogoffOk
WlxLoggedOnSAS
WlxLoggedOutSAS
WlxLogoff
WlxNegotiate
WlxNetworkProviderLoad
WlxReconnectNotify
WlxRemoveStatusMessage
WlxScreenSaverNotify
WlxShutdown
WlxStartApplication
WlxWkstaLockedSAS

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 786KB - Virtual size: 785KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/HAL.DL_
.cab
I386/SYSTEM32/HALAACPI.DL_
.cab
I386/SYSTEM32/HALACPI.DL_
.cab
I386/SYSTEM32/HALAPIC.DL_
.cab
I386/SYSTEM32/HALMACPI.DL_
.cab
I386/SYSTEM32/HALMPS.DL_
.cab
I386/SYSTEM32/HALSP.DL_
.cab
I386/SYSTEM32/HIDERUN.EXE
.exe windows:4 windows x86 arch:x86

0b9ca80ff295945b3cf5762a07ef3d50

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
WaitForSingleObject
CreateProcessA
ExitProcess
GetCommandLineA

user32

MessageBoxA

Sections

.text
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/HOMEPAGE.INF
I386/SYSTEM32/HOTPLUG.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CPlApplet
CreateLocalServerW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HotPlugDeviceTree
HotPlugDriverBlockedW
HotPlugEjectDevice
HotPlugEjectVetoedW
HotPlugHibernateVetoedW
HotPlugRemovalVetoedW
HotPlugSafeRemovalNotificationW
HotPlugStandbyVetoedW
HotPlugWarmEjectVetoedW

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/ICMUI.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
SetupColorMatchingA
SetupColorMatchingW

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/IE4UINIT.EXE
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/IERNONCE.DLL
.dll windows:5 windows x86 arch:x86

5eb420b671b0ed5cd2afd1fae8947a5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

iernonce.pdb

Imports

user32

MessageBoxA
ExitWindowsEx
CharPrevA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
PeekMessageA
LoadStringA
LoadCursorA
SetCursor
LoadBitmapA
GetDlgItem
DrawTextA
PostMessageA
GetWindowRect
SetWindowPos
EndDialog
GetParent
SetWindowTextA
GetSystemMetrics
GetSysColor
GetDC
ReleaseDC
SendMessageA
DialogBoxParamA
wsprintfA
CharNextA

gdi32

SelectObject
GetObjectA
GetTextExtentPointA
DeleteObject
BitBlt
CreateCompatibleDC
ExtTextOutA
SetBkColor
SetTextColor
CreateSolidBrush
CreateFontIndirectA

advapi32

RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
EnumDependentServicesA
RegEnumValueA
RegOpenKeyExA
RegFlushKey
RegCloseKey

kernel32

GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
GetLocaleInfoA
GetVersionExA
DisableThreadLibraryCalls
lstrlenA
CopyFileA
SetFileAttributesA
lstrcpyA
GetWindowsDirectoryA
CompareStringA
CreateProcessA
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryExA
GetSystemDirectoryA
LocalFree
GetLastError
LocalAlloc
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
CreateThread
GetCurrentProcess
IsDBCSLeadByte
WriteFile
FormatMessageA
GetLocalTime
SetFilePointer
CreateFileA
GetProfileStringA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsSetValue
GetCommandLineA
ExitProcess
TlsFree
SetLastError
TlsGetValue
TlsAlloc
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
LoadLibraryA

shell32

ShellExecuteExA

comctl32

ord332
ord329
ord328
ord338
ord335

ole32

CoTaskMemAlloc
OleInitialize
OleUninitialize
CoTaskMemFree

advpack

GetVersionFromFile
NeedReboot
IsNTAdmin

Exports

Exports

InitCallback
RunOnceExProcess

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/IESETUP.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllInstall
DllRegisterServer
DllUnregisterServer
FixIE
IEAccessSysInst
IEAccessUserInst

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/IEUINIT.INF
I386/SYSTEM32/IMAGEHLP.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BindImage
BindImageEx
CheckSumMappedFile
EnumerateLoadedModules
EnumerateLoadedModules64
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetImageConfigInformation
GetImageUnusedHeaderBytes
GetTimestampForLoadedLibrary
ImageAddCertificate
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader
ImageGetDigestStream
ImageLoad
ImageNtHeader
ImageRemoveCertificate
ImageRvaToSection
ImageRvaToVa
ImageUnload
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapAndLoad
MapDebugInformation
MapFileAndCheckSumA
MapFileAndCheckSumW
ReBaseImage
ReBaseImage64
RemovePrivateCvSymbolic
RemovePrivateCvSymbolicEx
RemoveRelocations
SearchTreeForFile
SetImageConfigInformation
SplitSymbols
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
TouchFileTimes
UnDecorateSymbolName
UnMapAndLoad
UnmapDebugInformation
UpdateDebugInfoFile
UpdateDebugInfoFileEx

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/IMM32.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CtfAImmActivate
CtfAImmDeactivate
CtfAImmIsIME
CtfImmCoUninitialize
CtfImmDispatchDefImeMessage
CtfImmEnterCoInitCountSkipMode
CtfImmGenerateMessage
CtfImmGetGuidAtom
CtfImmHideToolbarWnd
CtfImmIsCiceroEnabled
CtfImmIsCiceroStartedInThread
CtfImmIsGuidMapEnable
CtfImmIsTextFrameServiceDisabled
CtfImmLastEnabledWndDestroy
CtfImmLeaveCoInitCountSkipMode
CtfImmRestoreToolbarWnd
CtfImmSetAppCompatFlags
CtfImmSetCiceroStartInThread
CtfImmTIMActivate
GetKeyboardLayoutCP
ImmActivateLayout
ImmAssociateContext
ImmAssociateContextEx
ImmCallImeConsoleIME
ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmDisableIme
ImmDisableTextFrameService
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmFreeLayout
ImmGenerateMessage
ImmGetAppCompatFlags
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmGetImeInfoEx
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmIMPGetIMEA
ImmIMPGetIMEW
ImmIMPQueryIMEA
ImmIMPQueryIMEW
ImmIMPSetIMEA
ImmIMPSetIMEW
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLoadIME
ImmLoadLayout
ImmLockClientImc
ImmLockIMC
ImmLockIMCC
ImmLockImeDpi
ImmNotifyIME
ImmPenAuxInput
ImmProcessKey
ImmPutImeMenuItemsIntoMappedFile
ImmReSizeIMCC
ImmRegisterClient
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSendIMEMessageExA
ImmSendIMEMessageExW
ImmSendMessageToActiveDefImeWndW
ImmSetActiveContext
ImmSetActiveContextConsoleIME
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmSystemHandler
ImmTranslateMessage
ImmUnlockClientImc
ImmUnlockIMC
ImmUnlockIMCC
ImmUnlockImeDpi
ImmUnregisterWordA
ImmUnregisterWordW
ImmWINNLSEnableIME
ImmWINNLSGetEnableStatus
ImmWINNLSGetIMEHotkey

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/IPHLPAPI.DLL
.dll windows:5 windows x86 arch:x86

9764230dea71a7b11db7c696ee2afad2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

iphlpapi.pdb

Imports

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
OpenSCManagerA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
OpenServiceA
StartServiceA
RegQueryValueExW

kernel32

lstrcpyA
lstrlenW
InterlockedExchange
MultiByteToWideChar
FormatMessageA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
InterlockedCompareExchange
FreeLibrary
DelayLoadFailureHook
SystemTimeToFileTime
GetSystemTimeAsFileTime
CreateFileW
CreateFileA
CreateEventW
GetSystemDirectoryW
GetProcessHeap
GetTickCount
DisableThreadLibraryCalls
HeapCreate
HeapDestroy
DeviceIoControl
lstrlenA
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
CreateEventA
SetLastError
FormatMessageW
OpenProcess
lstrcmpiW
IsBadReadPtr
IsBadWritePtr
LocalFree
HeapAlloc
HeapFree
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetCurrentProcess
GetLastError
GetProcAddress
HeapReAlloc
LoadLibraryA

msvcrt

strncmp
free
qsort
wcscpy
swprintf
_except_handler3
wcslen
_wcsicmp
wcscmp
wcscat
??3@YAXPAX@Z
??2@YAPAXI@Z
_ftol
gmtime
sprintf
time
printf
strpbrk
strspn
_onexit
__dllonexit
_adjust_fdiv
_initterm
malloc
strncpy
_vsnprintf
wcstombs
mbstowcs

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
NtCreateFile
RtlInitUnicodeString
NtClose
NtWaitForSingleObject
NtDeviceIoControlFile
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlDeleteResource
RtlInitString
RtlGUIDFromString
RtlFreeOemString
RtlUnicodeStringToOemString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString

user32

LoadStringW
wsprintfW

ws2_32

ntohs
ntohl
inet_addr
freeaddrinfo
getaddrinfo
WSAStartup
inet_ntoa
htonl

Exports

Exports

AddIPAddress
AllocateAndGetArpEntTableFromStack
AllocateAndGetIfTableFromStack
AllocateAndGetIpAddrTableFromStack
AllocateAndGetIpForwardTableFromStack
AllocateAndGetIpNetTableFromStack
AllocateAndGetTcpExTable2FromStack
AllocateAndGetTcpExTableFromStack
AllocateAndGetTcpTableFromStack
AllocateAndGetUdpExTable2FromStack
AllocateAndGetUdpExTableFromStack
AllocateAndGetUdpTableFromStack
CancelIPChangeNotify
CreateIpForwardEntry
CreateIpNetEntry
CreateProxyArpEntry
DeleteIPAddress
DeleteIpForwardEntry
DeleteIpNetEntry
DeleteProxyArpEntry
DisableMediaSense
EnableRouter
FlushIpNetTable
FlushIpNetTableFromStack
GetAdapterIndex
GetAdapterOrderMap
GetAdaptersAddresses
GetAdaptersInfo
GetBestInterface
GetBestInterfaceEx
GetBestInterfaceFromStack
GetBestRoute
GetBestRouteFromStack
GetExtendedTcpTable
GetExtendedUdpTable
GetFriendlyIfIndex
GetIcmpStatistics
GetIcmpStatisticsEx
GetIcmpStatsFromStack
GetIcmpStatsFromStackEx
GetIfEntry
GetIfEntryFromStack
GetIfTable
GetIfTableFromStack
GetIgmpList
GetInterfaceInfo
GetIpAddrTable
GetIpAddrTableFromStack
GetIpErrorString
GetIpForwardTable
GetIpForwardTableFromStack
GetIpNetTable
GetIpNetTableFromStack
GetIpStatistics
GetIpStatisticsEx
GetIpStatsFromStack
GetIpStatsFromStackEx
GetNetworkParams
GetNumberOfInterfaces
GetOwnerModuleFromTcp6Entry
GetOwnerModuleFromTcpEntry
GetOwnerModuleFromUdp6Entry
GetOwnerModuleFromUdpEntry
GetPerAdapterInfo
GetRTTAndHopCount
GetTcpExTable2FromStack
GetTcpStatistics
GetTcpStatisticsEx
GetTcpStatsFromStack
GetTcpStatsFromStackEx
GetTcpTable
GetTcpTableFromStack
GetUdpExTable2FromStack
GetUdpStatistics
GetUdpStatisticsEx
GetUdpStatsFromStack
GetUdpStatsFromStackEx
GetUdpTable
GetUdpTableFromStack
GetUniDirectionalAdapterInfo
Icmp6CreateFile
Icmp6ParseReplies
Icmp6SendEcho2
IcmpCloseHandle
IcmpCreateFile
IcmpParseReplies
IcmpSendEcho
IcmpSendEcho2
InternalCreateIpForwardEntry
InternalCreateIpNetEntry
InternalDeleteIpForwardEntry
InternalDeleteIpNetEntry
InternalGetIfTable
InternalGetIpAddrTable
InternalGetIpForwardTable
InternalGetIpNetTable
InternalGetTcpTable
InternalGetUdpTable
InternalSetIfEntry
InternalSetIpForwardEntry
InternalSetIpNetEntry
InternalSetIpStats
InternalSetTcpEntry
IpReleaseAddress
IpRenewAddress
IsLocalAddress
NTPTimeToNTFileTime
NTTimeToNTPTime
NhGetGuidFromInterfaceName
NhGetInterfaceNameFromDeviceGuid
NhGetInterfaceNameFromGuid
NhpAllocateAndGetInterfaceInfoFromStack
NhpGetInterfaceIndexFromStack
NotifyAddrChange
NotifyRouteChange
NotifyRouteChangeEx
RestoreMediaSense
SendARP
SetAdapterIpAddress
SetBlockRoutes
SetIfEntry
SetIfEntryToStack
SetIpForwardEntry
SetIpForwardEntryToStack
SetIpMultihopRouteEntryToStack
SetIpNetEntry
SetIpNetEntryToStack
SetIpRouteEntryToStack
SetIpStatistics
SetIpStatsToStack
SetIpTTL
SetProxyArpEntryToStack
SetRouteWithRef
SetTcpEntry
SetTcpEntryToStack
UnenableRouter
_PfAddFiltersToInterface@24
_PfAddGlobalFilterToInterface@8
_PfBindInterfaceToIPAddress@12
_PfBindInterfaceToIndex@16
_PfCreateInterface@24
_PfDeleteInterface@4
_PfDeleteLog@0
_PfGetInterfaceStatistics@16
_PfMakeLog@4
_PfRebindFilters@8
_PfRemoveFilterHandles@12
_PfRemoveFiltersFromInterface@20
_PfRemoveGlobalFilterFromInterface@8
_PfSetLogBuffer@28
_PfTestPacket@20
_PfUnBindInterface@4
do_echo_rep
do_echo_req
register_icmp

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/KBDUS.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

KbdLayerDescriptor

Sections

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/KDCOM.DLL
.dll windows:5 windows x86 arch:x86

d95c0f7bf9b607cbb34dae0d9657ede4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

WRITE_REGISTER_UCHAR
READ_REGISTER_UCHAR
HalPrivateDispatchTable
KeFindConfigurationEntry
InbvDisplayString
KdDebuggerNotPresent
_strupr
strstr
MmMapIoSpace
atol

hal

READ_PORT_UCHAR
WRITE_PORT_UCHAR
HalQueryRealTimeClock
HalInitSystem
KdComPortInUse

Exports

Exports

KdD0Transition
KdD3Transition
KdDebuggerInitialize0
KdDebuggerInitialize1
KdReceivePacket
KdRestore
KdSave
KdSendPacket

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEKD
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 256B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 310B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/KERNEL32.DLL
.dll windows:5 windows x86 arch:x86

a4c232ce8a7cc94021e40b597dca0bd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

kernel32.pdb

Imports

ntdll

_wcsnicmp
NtFsControlFile
NtCreateFile
RtlAllocateHeap
RtlFreeHeap
NtOpenFile
NtQueryInformationFile
NtQueryEaFile
RtlLengthSecurityDescriptor
NtQuerySecurityObject
NtSetEaFile
NtSetSecurityObject
NtSetInformationFile
CsrClientCallServer
NtDeviceIoControlFile
NtClose
RtlInitUnicodeString
wcscspn
RtlUnicodeToMultiByteSize
wcslen
_memicmp
memmove
NtQueryValueKey
NtOpenKey
NtFlushKey
NtSetValueKey
NtCreateKey
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlDnsHostNameToComputerName
wcsncpy
RtlUnicodeStringToAnsiString
RtlxUnicodeStringToAnsiSize
NlsMbCodePageTag
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCreateUnicodeStringFromAsciiz
wcschr
wcsstr
RtlPrefixString
_wcsicmp
RtlGetFullPathName_U
RtlGetCurrentDirectory_U
NtQueryInformationProcess
RtlUnicodeStringToOemString
RtlReleasePebLock
RtlEqualUnicodeString
RtlAcquirePebLock
RtlFreeAnsiString
RtlSetCurrentDirectory_U
RtlTimeToTimeFields
NtSetSystemTime
RtlTimeFieldsToTime
NtQuerySystemInformation
RtlSetTimeZoneInformation
NtSetSystemInformation
RtlCutoverTimeToSystemTime
_allmul
DbgBreakPoint
RtlFreeSid
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
DbgPrint
NtOpenProcess
CsrGetProcessId
DbgUiDebugActiveProcess
DbgUiConnectToDbg
DbgUiIssueRemoteBreakin
NtSetInformationDebugObject
DbgUiGetThreadDebugObject
NtQueryInformationThread
DbgUiConvertStateChangeStructure
DbgUiWaitStateChange
DbgUiContinue
DbgUiStopDebugging
RtlDosPathNameToNtPathName_U
RtlIsDosDeviceName_U
RtlCreateAtomTable
NtAddAtom
RtlAddAtomToAtomTable
NtFindAtom
RtlLookupAtomInAtomTable
NtDeleteAtom
RtlDeleteAtomFromAtomTable
NtQueryInformationAtom
RtlQueryAtomInAtomTable
RtlOemStringToUnicodeString
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeSize
RtlPrefixUnicodeString
RtlLeaveCriticalSection
RtlEnterCriticalSection
NtEnumerateValueKey
RtlIsTextUnicode
NtReadFile
NtAllocateVirtualMemory
NtUnlockFile
NtLockFile
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCopyUnicodeString
NtFreeVirtualMemory
NtWriteFile
RtlCreateUnicodeString
RtlFormatCurrentUserKeyPath
RtlGetLongestNtPathLength
NtDuplicateObject
NtQueryKey
NtEnumerateKey
NtDeleteValueKey
RtlEqualString
CsrFreeCaptureBuffer
CsrCaptureMessageString
CsrAllocateCaptureBuffer
strncpy
RtlCharToInteger
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeString
CsrAllocateMessagePointer
NtQueryObject
wcscmp
RtlCompareMemory
NtQueryDirectoryObject
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtOpenDirectoryObject
NtCreateIoCompletion
NtSetIoCompletion
NtRemoveIoCompletion
NtSetInformationProcess
NtQueryDirectoryFile
RtlDeleteCriticalSection
NtNotifyChangeDirectoryFile
NtWaitForSingleObject
RtlInitializeCriticalSection
NtQueryVolumeInformationFile
NtFlushBuffersFile
RtlDeactivateActivationContextUnsafeFast
RtlActivateActivationContextUnsafeFast
NtCancelIoFile
NtReadFileScatter
NtWriteFileGather
wcscpy
NtOpenSection
NtMapViewOfSection
NtFlushVirtualMemory
RtlFlushSecureMemoryCache
NtUnmapViewOfSection
NtCreateSection
NtQueryFullAttributesFile
swprintf
NtQueryAttributesFile
RtlDetermineDosPathNameType_U
NtRaiseHardError
NtQuerySystemEnvironmentValueEx
RtlGUIDFromString
NtSetSystemEnvironmentValueEx
RtlInitString
RtlUnlockHeap
RtlSetUserValueHeap
RtlFreeHandle
RtlAllocateHandle
RtlLockHeap
RtlSizeHeap
RtlGetUserInfoHeap
RtlReAllocateHeap
RtlIsValidHandle
RtlCompactHeap
RtlImageNtHeader
NtProtectVirtualMemory
NtQueryVirtualMemory
NtLockVirtualMemory
NtUnlockVirtualMemory
NtFlushInstructionCache
NtAllocateUserPhysicalPages
NtFreeUserPhysicalPages
NtMapUserPhysicalPages
NtMapUserPhysicalPagesScatter
NtGetWriteWatch
NtResetWriteWatch
NtSetInformationObject
CsrNewThread
CsrClientConnectToServer
RtlCreateTagHeap
LdrSetDllManifestProber
RtlSetThreadPoolStartFunc
RtlEncodePointer
_stricmp
wcscat
RtlCreateHeap
RtlDestroyHeap
RtlExtendHeap
RtlQueryTagHeap
RtlUsageHeap
RtlValidateHeap
RtlGetProcessHeaps
RtlWalkHeap
RtlSetHeapInformation
RtlQueryHeapInformation
RtlInitializeHandleTable
RtlExtendedLargeIntegerDivide
NtCreateMailslotFile
RtlFormatMessage
RtlFindMessage
LdrUnloadDll
LdrUnloadAlternateResourceModule
LdrDisableThreadCalloutsForDll
strchr
LdrGetDllHandle
LdrUnlockLoaderLock
LdrAddRefDll
RtlComputePrivatizedDllName_U
RtlPcToFileHeader
LdrLockLoaderLock
RtlGetVersion
RtlVerifyVersionInfo
LdrEnumerateLoadedModules
RtlUnicodeStringToInteger
LdrLoadAlternateResourceModule
RtlDosApplyFileIsolationRedirection_Ustr
LdrLoadDll
LdrGetProcedureAddress
LdrFindResource_U
LdrAccessResource
LdrFindResourceDirectory_U
RtlImageDirectoryEntryToData
_strcmpi
NtSetInformationThread
NtOpenThreadToken
NtCreateNamedPipeFile
RtlDefaultNpAcl
RtlDosSearchPath_Ustr
RtlInitUnicodeStringEx
RtlQueryEnvironmentVariable_U
RtlAnsiCharToUnicodeChar
RtlIntegerToChar
NtSetVolumeInformationFile
RtlIsNameLegalDOS8Dot3
NtQueryPerformanceCounter
sprintf
NtPowerInformation
NtInitiatePowerAction
NtSetThreadExecutionState
NtRequestWakeupLatency
NtGetDevicePowerState
NtIsSystemResumeAutomatic
NtRequestDeviceWakeup
NtCancelDeviceWakeupRequest
NtWriteVirtualMemory
LdrShutdownProcess
NtTerminateProcess
RtlRaiseStatus
RtlSetEnvironmentVariable
RtlExpandEnvironmentStrings_U
NtReadVirtualMemory
RtlCompareUnicodeString
RtlQueryRegistryValues
NtCreateJobSet
NtCreateJobObject
NtIsProcessInJob
RtlEqualSid
RtlSubAuthoritySid
RtlInitializeSid
NtQueryInformationToken
NtOpenProcessToken
NtResumeThread
NtAssignProcessToJobObject
CsrCaptureMessageMultiUnicodeStringsInPlace
NtCreateThread
NtCreateProcessEx
LdrQueryImageFileExecutionOptions
RtlDestroyEnvironment
NtQuerySection
NtQueryInformationJobObject
RtlGetNativeSystemInformation
RtlxAnsiStringToUnicodeSize
NtOpenEvent
NtQueryEvent
NtTerminateThread
wcsrchr
NlsMbOemCodePageTag
RtlxUnicodeStringToOemSize
NtAdjustPrivilegesToken
RtlImpersonateSelf
RtlDestroyProcessParameters
RtlCreateProcessParameters
RtlInitializeCriticalSectionAndSpinCount
NtSetEvent
NtClearEvent
NtPulseEvent
NtCreateSemaphore
NtOpenSemaphore
NtReleaseSemaphore
NtCreateMutant
NtOpenMutant
NtReleaseMutant
NtSignalAndWaitForSingleObject
NtWaitForMultipleObjects
NtDelayExecution
NtCreateTimer
NtOpenTimer
NtSetTimer
NtCancelTimer
NtCreateEvent
RtlCopyLuid
strrchr
_vsnwprintf
RtlReleaseActivationContext
RtlActivateActivationContextEx
RtlQueryInformationActivationContext
NtOpenThread
LdrShutdownThread
RtlFreeThreadActivationContextStack
NtGetContextThread
NtSetContextThread
NtSuspendThread
RtlRaiseException
RtlDecodePointer
towlower
RtlClearBits
RtlFindClearBitsAndSet
RtlAreBitsSet
NtQueueApcThread
NtYieldExecution
RtlRegisterWait
RtlDeregisterWait
RtlDeregisterWaitEx
RtlQueueWorkItem
RtlSetIoCompletionCallback
RtlCreateTimerQueue
RtlCreateTimer
RtlUpdateTimer
RtlDeleteTimer
RtlDeleteTimerQueueEx
CsrIdentifyAlertableThread
RtlApplicationVerifierStop
_alloca_probe
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
RtlCreateEnvironment
RtlFreeOemString
strstr
toupper
isdigit
atol
tolower
NtOpenJobObject
NtTerminateJobObject
NtSetInformationJobObject
RtlAddRefActivationContext
RtlZombifyActivationContext
RtlActivateActivationContext
RtlDeactivateActivationContext
RtlGetActiveActivationContext
DbgPrintEx
LdrDestroyOutOfProcessImage
LdrAccessOutOfProcessResource
LdrFindCreateProcessManifest
LdrCreateOutOfProcessImage
RtlNtStatusToDosErrorNoTeb
RtlpApplyLengthFunction
RtlGetLengthWithoutLastFullDosOrNtPathElement
RtlpEnsureBufferSize
RtlMultiAppendUnicodeStringBuffer
_snwprintf
RtlCreateActivationContext
RtlFindActivationContextSectionString
RtlFindActivationContextSectionGuid
_allshl
RtlNtPathNameToDosPathName
wcsncmp
RtlUnhandledExceptionFilter
CsrCaptureMessageBuffer
NtQueryInstallUILanguage
NtQueryDefaultUILanguage
wcspbrk
RtlOpenCurrentUser
RtlGetDaclSecurityDescriptor
NtCreateDirectoryObject
_wcslwr
_wtol
RtlIntegerToUnicodeString
NtQueryDefaultLocale
_strlwr
RtlUnwind

Exports

Exports

ActivateActCtx
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AddLocalAlternateComputerNameA
AddLocalAlternateComputerNameW
AddRefActCtx
AddVectoredExceptionHandler
AllocConsole
AllocateUserPhysicalPages
AreFileApisANSI
AssignProcessToJobObject
AttachConsole
BackupRead
BackupSeek
BackupWrite
BaseCheckAppcompatCache
BaseCleanupAppcompatCache
BaseCleanupAppcompatCacheSupport
BaseDumpAppcompatCache
BaseFlushAppcompatCache
BaseInitAppcompatCache
BaseInitAppcompatCacheSupport
BaseProcessInitPostImport
BaseQueryModuleData
BaseUpdateAppcompatCache
BasepCheckWinSaferRestrictions
Beep
BeginUpdateResourceA
BeginUpdateResourceW
BindIoCompletionCallback
BuildCommDCBA
BuildCommDCBAndTimeoutsA
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallNamedPipeA
CallNamedPipeW
CancelDeviceWakeupRequest
CancelIo
CancelTimerQueueTimer
CancelWaitableTimer
ChangeTimerQueueTimer
CheckNameLegalDOS8Dot3A
CheckNameLegalDOS8Dot3W
CheckRemoteDebuggerPresent
ClearCommBreak
ClearCommError
CloseConsoleHandle
CloseHandle
CloseProfileUserMapping
CmdBatNotification
CommConfigDialogA
CommConfigDialogW
CompareFileTime
CompareStringA
CompareStringW
ConnectNamedPipe
ConsoleMenuControl
ContinueDebugEvent
ConvertDefaultLocale
ConvertFiberToThread
ConvertThreadToFiber
CopyFileA
CopyFileExA
CopyFileExW
CopyFileW
CopyLZFile
CreateActCtxA
CreateActCtxW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExA
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFiber
CreateFiberEx
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateHardLinkA
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectA
CreateJobObjectW
CreateJobSet
CreateMailslotA
CreateMailslotW
CreateMemoryResourceNotification
CreateMutexA
CreateMutexW
CreateNamedPipeA
CreateNamedPipeW
CreateNlsSecurityDescriptor
CreatePipe
CreateProcessA
CreateProcessInternalA
CreateProcessInternalW
CreateProcessInternalWSecure
CreateProcessW
CreateRemoteThread
CreateSemaphoreA
CreateSemaphoreW
CreateSocketHandle
CreateTapePartition
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
CreateVirtualBuffer
CreateWaitableTimerA
CreateWaitableTimerW
DeactivateActCtx
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DebugBreakProcess
DebugSetProcessKillOnExit
DecodePointer
DecodeSystemPointer
DefineDosDeviceA
DefineDosDeviceW
DelayLoadFailureHook
DeleteAtom
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileW
DeleteTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointA
DeleteVolumeMountPointW
DeviceIoControl
DisableThreadLibraryCalls
DisconnectNamedPipe
DnsHostnameToComputerNameA
DnsHostnameToComputerNameW
DosDateTimeToFileTime
DosPathToSessionPathA
DosPathToSessionPathW
DuplicateConsoleHandle
DuplicateHandle
EncodePointer
EncodeSystemPointer
EndUpdateResourceA
EndUpdateResourceW
EnterCriticalSection
EnumCalendarInfoA
EnumCalendarInfoExA
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsA
EnumDateFormatsExA
EnumDateFormatsExW
EnumDateFormatsW
EnumLanguageGroupLocalesA
EnumLanguageGroupLocalesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceNamesA
EnumResourceNamesW
EnumResourceTypesA
EnumResourceTypesW
EnumSystemCodePagesA
EnumSystemCodePagesW
EnumSystemGeoID
EnumSystemLanguageGroupsA
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesW
EnumTimeFormatsA
EnumTimeFormatsW
EnumUILanguagesA
EnumUILanguagesW
EnumerateLocalComputerNamesA
EnumerateLocalComputerNamesW
EraseTape
EscapeCommFunction
ExitProcess
ExitThread
ExitVDM
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExpungeConsoleCommandHistoryA
ExpungeConsoleCommandHistoryW
ExtendVirtualBuffer
FatalAppExitA
FatalAppExitW
FatalExit
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindActCtxSectionGuid
FindActCtxSectionStringA
FindActCtxSectionStringW
FindAtomA
FindAtomW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstVolumeA
FindFirstVolumeMountPointA
FindFirstVolumeMountPointW
FindFirstVolumeW
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeA
FindNextVolumeMountPointA
FindNextVolumeMountPointW
FindNextVolumeW
FindResourceA
FindResourceExA
FindResourceExW
FindResourceW
FindVolumeClose
FindVolumeMountPointClose
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushViewOfFile
FoldStringA
FoldStringW
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeResource
FreeUserPhysicalPages
FreeVirtualBuffer
GenerateConsoleCtrlEvent
GetACP
GetAtomNameA
GetAtomNameW
GetBinaryType
GetBinaryTypeA
GetBinaryTypeW
GetCPFileNameFromRegistry
GetCPInfo
GetCPInfoExA
GetCPInfoExW
GetCalendarInfoA
GetCalendarInfoW
GetComPlusPackageInstallStatus
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeW
GetComputerNameA
GetComputerNameExA
GetComputerNameExW
GetComputerNameW
GetConsoleAliasA
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
GetConsoleAliasW
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP
GetConsoleCharType
GetConsoleCommandHistoryA
GetConsoleCommandHistoryLengthA
GetConsoleCommandHistoryLengthW
GetConsoleCommandHistoryW
GetConsoleCursorInfo
GetConsoleCursorMode
GetConsoleDisplayMode
GetConsoleFontInfo
GetConsoleFontSize
GetConsoleHardwareState
GetConsoleInputExeNameA
GetConsoleInputExeNameW
GetConsoleInputWaitHandle
GetConsoleKeyboardLayoutNameA
GetConsoleKeyboardLayoutNameW
GetConsoleMode
GetConsoleNlsMode
GetConsoleOutputCP
GetConsoleProcessList
GetConsoleScreenBufferInfo
GetConsoleSelectionInfo
GetConsoleTitleA
GetConsoleTitleW
GetConsoleWindow
GetCurrencyFormatA
GetCurrencyFormatW
GetCurrentActCtx
GetCurrentConsoleFont
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDefaultCommConfigA
GetDefaultCommConfigW
GetDefaultSortkeySize
GetDevicePowerState
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDllDirectoryA
GetDllDirectoryW
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsA
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetExpandedNameA
GetExpandedNameW
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFirmwareEnvironmentVariableA
GetFirmwareEnvironmentVariableW
GetFullPathNameA
GetFullPathNameW
GetGeoInfoA
GetGeoInfoW
GetHandleContext
GetHandleInformation
GetLargestConsoleWindowSize
GetLastError
GetLinguistLangSize
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetLogicalDrives
GetLongPathNameA
GetLongPathNameW
GetMailslotInfo
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNamedPipeHandleStateA
GetNamedPipeHandleStateW
GetNamedPipeInfo
GetNativeSystemInfo
GetNextVDMCommand
GetNlsSectionName
GetNumaAvailableMemory
GetNumaAvailableMemoryNode
GetNumaHighestNodeNumber
GetNumaNodeProcessorMask
GetNumaProcessorMap
GetNumaProcessorNode
GetNumberFormatA
GetNumberFormatW
GetNumberOfConsoleFonts
GetNumberOfConsoleInputEvents
GetNumberOfConsoleMouseButtons
GetOEMCP
GetOverlappedResult
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
GetProcAddress
GetProcessAffinityMask
GetProcessHandleCount
GetProcessHeap
GetProcessHeaps
GetProcessId
GetProcessIoCounters
GetProcessPriorityBoost
GetProcessShutdownParameters
GetProcessTimes
GetProcessVersion
GetProcessWorkingSetSize
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetQueuedCompletionStatus
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemRegistryQuota
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemTimes
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetSystemWow64DirectoryA
GetSystemWow64DirectoryW
GetTapeParameters
GetTapePosition
GetTapeStatus
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadIOPendingFlag
GetThreadLocale
GetThreadPriority
GetThreadPriorityBoost
GetThreadSelectorEntry
GetThreadTimes
GetTickCount
GetTimeFormatA
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetUserGeoID
GetVDMCurrentDirectories
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetVolumeNameForVolumeMountPointA
GetVolumeNameForVolumeMountPointW
GetVolumePathNameA
GetVolumePathNameW
GetVolumePathNamesForVolumeNameA
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetWriteWatch
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalCompact
GlobalDeleteAtom
GlobalFindAtomA
GlobalFindAtomW
GlobalFix
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalGetAtomNameW

Sections

.text
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/LOCALE.NLS
I386/SYSTEM32/LSASRV.DLL
.dll windows:5 windows x86 arch:x86

183e9821be5aa51d25b07348eb216d55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

lsasrv.pdb

Imports

msvcrt

_resetstkoflw
_ultoa
wcstol
_vsnprintf
strrchr
_strnicmp
strchr
_strcmpi
_except_handler3
_ltow
wcsncpy
swprintf
wcscmp
wcscat
wcscpy
_wcsicmp
wcschr
wcsrchr
memmove
wcslen
mbstowcs
strncpy
sprintf
_snwprintf
_wcsnicmp
wcsncat
qsort
wcsstr
free
malloc

ntdll

RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
NtQuerySystemTime
RtlEqualUnicodeString
RtlInitUnicodeString
RtlUpcaseUnicodeStringToOemString
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
NtClose
NtQueryInformationToken
NtOpenThreadToken
RtlLengthSid
RtlEqualSid
RtlNtStatusToDosError
RtlRegisterWait
RtlDeregisterWait
RtlAcquireResourceShared
RtlReleaseResource
NtSetInformationThread
NtQueryInformationFile
NtFsControlFile
NtCreateFile
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
NtReadFile
NtSetInformationFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtFlushBuffersFile
RtlGetDaclSecurityDescriptor
NtWriteFile
NtQueryVolumeInformationFile
RtlAcquireResourceExclusive
NtQueryObject
RtlCompareMemory
RtlAllocateAndInitializeSid
NtSetEvent
NtOpenEvent
NtCreateEvent
RtlInitializeResource
NtSetSecurityObject
RtlAddAccessAllowedAce
RtlCreateAcl
NtCreatePort
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyPort
NtReplyWaitReceivePort
NtFreeVirtualMemory
NtAllocateVirtualMemory
RtlAnsiStringToUnicodeString
NtRequestWaitReplyPort
RtlCompareUnicodeString
NtDuplicateObject
RtlCreateUnicodeStringFromAsciiz
RtlInitString
RtlGetNtProductType
RtlRunDecodeUnicodeString
NtAllocateLocallyUniqueId
RtlSubAuthorityCountSid
RtlCopySid
RtlTimeFieldsToTime
RtlCopyUnicodeString
RtlCreateHeap
NtMapViewOfSection
NtUnmapViewOfSection
RtlDestroyHeap
RtlAllocateHeap
DbgBreakPoint
NtOpenProcessToken
NtQuerySystemInformation
NtPrivilegedServiceAuditAlarm
NtPrivilegeCheck
NtOpenProcess
NtOpenThread
NtQueryInformationProcess
NtWriteVirtualMemory
NtReadVirtualMemory
NtImpersonateClientOfPort
RtlImpersonateSelf
NtWaitForSingleObject
NtSetInformationObject
NtSetInformationToken
NtDuplicateToken
RtlCopyLuid
NtQueryValueKey
NtOpenKey
NtDeviceIoControlFile
NtOpenFile
RtlQueryInformationAcl
VerSetConditionMask
RtlAdjustPrivilege
NtCreateToken
RtlSetOwnerSecurityDescriptor
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlCopyString
RtlEqualString
NtListenPort
NtConnectPort
NtRaiseHardError
NtFlushKey
NtSetValueKey
NtImpersonateAnonymousToken
NtAdjustPrivilegesToken
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
NtEnumerateValueKey
NtEnumerateKey
RtlPrefixUnicodeString
RtlValidSid
RtlConvertSharedToExclusive
RtlEqualDomainName
RtlGetAce
RtlLengthSecurityDescriptor
RtlMakeSelfRelativeSD
RtlRandom
NtQueryInformationThread
RtlFreeSid
RtlpNtOpenKey
RtlInitializeRXact
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInsertElementGenericTableAvl
RtlConvertExclusiveToShared
RtlpNtEnumerateSubKey
NtDeleteObjectAuditAlarm
RtlVerifyVersionInfo
LdrLoadDll
RtlpNtQueryValueKey
RtlAreAllAccessesGranted
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarm
RtlMapGenericMask
RtlSetSecurityObject
RtlNewSecurityObject
NtAccessCheckAndAuditAlarm
RtlIntegerToChar
NtPrivilegeObjectAuditAlarm
NtQuerySecurityObject
RtlFreeOemString
RtlUnicodeStringToOemString
RtlOemStringToUnicodeString
RtlImageNtHeader
RtlValidRelativeSecurityDescriptor
RtlStartRXact
RtlAbortRXact
RtlApplyRXact
RtlAddActionToRXact
NtCloseObjectAuditAlarm
RtlUnicodeStringToInteger
RtlTimeToSecondsSince1970
RtlRunEncodeUnicodeString
NtSetSystemTime
NtResetEvent
RtlMoveMemory
DbgPrint

rpcrt4

UuidToStringW
RpcServerListen
I_RpcExceptionFilter
RpcBindingVectorFree
RpcEpRegisterW
RpcServerInqBindings
RpcImpersonateClient
UuidCreate
I_RpcMapWin32Status
NdrServerCall2
RpcBindingServerFromClient
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcServerUseProtseqEpW
RpcServerRegisterAuthInfoW
I_RpcBindingInqLocalClientPID
I_RpcBindingIsClientLocal
I_RpcBindingInqTransportType
RpcUserFree
RpcMgmtEnableIdleCleanup
RpcBindingInqAuthClientW
RpcBindingSetAuthInfoW
RpcSsGetContextBinding
NdrClientCall2
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
RpcRevertToSelf
RpcStringBindingComposeW
RpcServerInqDefaultPrincNameW
RpcServerRegisterIf
NdrMesTypeDecode2
NdrMesTypeEncode2
NdrMesTypeAlignSize2
MesDecodeIncrementalHandleCreate
MesEncodeIncrementalHandleCreate
RpcRevertToSelfEx
RpcServerUnregisterIf
RpcServerRegisterIfEx
UuidFromStringW
RpcBindingSetAuthInfoExW
RpcEpResolveBinding
RpcNetworkIsProtseqValidW
MesHandleFree
MesIncrementalHandleReset

kernel32

GetDiskFreeSpaceA
GlobalMemoryStatus
SetComputerNameExW
DebugBreak
OpenFileMappingW
GetModuleFileNameA
GetProfileStringA
CreateFileA
GetVersionExA
GetModuleHandleA
DuplicateHandle
CompareFileTime
lstrcmpW
DeleteCriticalSection
InitializeCriticalSection
FlushViewOfFile
GetSystemDirectoryW
GetDriveTypeW
IsBadWritePtr
FlushFileBuffers
GetLocalTime
MoveFileW
CopyFileW
GetWindowsDirectoryW
VerifyVersionInfoA
GetComputerNameA
ExitThread
GetThreadLocale
SetThreadLocale
LocalReAlloc
MultiByteToWideChar
WideCharToMultiByte
GetDateFormatW
FileTimeToLocalFileTime
GetTimeFormatW
SetWaitableTimer
CompareStringW
CreateWaitableTimerW
LoadLibraryA
VerifyVersionInfoW
SetProcessShutdownParameters
SetConsoleCtrlHandler
OpenEventW
SetEnvironmentVariableW
GetEnvironmentVariableW
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
CreateMutexW
ReleaseMutex
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
ReleaseSemaphore
SetProcessWorkingSetSize
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
SearchPathW
TlsAlloc
RaiseException
QueueUserWorkItem
CreateTimerQueueTimer
RegisterWaitForSingleObjectEx
DeleteTimerQueueTimer
UnregisterWaitEx
WaitForSingleObjectEx
HeapFree
MapViewOfFileEx
VirtualAllocEx
ExpandEnvironmentStringsW
GetComputerNameExW
FormatMessageW
GetTickCount
GetCurrentProcess
GetCurrentThreadId
SetEvent
GetSystemDefaultLCID
GetLocaleInfoW
FreeLibrary
lstrcpyW
GetModuleFileNameW
GetModuleHandleW
CloseHandle
GetLastError
CreateThread
lstrlenA
LocalFree
InterlockedDecrement
InterlockedIncrement
TlsSetValue
TlsGetValue
LocalAlloc
VirtualFree
VirtualLock
VirtualAlloc
DnsHostnameToComputerNameW
SetFileAttributesW
CreateDirectoryW
lstrlenW
GetCurrentThread
GetProcAddress
LoadLibraryW
CreateFileW
DeleteFileW
GetSystemTimeAsFileTime
WriteFile
GetComputerNameW
ReadFile
GetFileSize
ResetEvent
Sleep
InterlockedExchange
SetLastError
IsBadReadPtr
GetVolumePathNameW
DeviceIoControl
UnmapViewOfFile
MapViewOfFile
GetFileAttributesW
GetVolumeInformationW
WaitForSingleObject
CreateFileMappingW
SetFilePointer
GetSystemInfo
GetCurrentProcessId
CreateEventW
GetVersionExW
FindClose
FindNextFileW
FindFirstFileW

secur32

CredUnmarshalTargetInfo
SecpTranslateNameEx
SecpTranslateName
SecCacheSspiPackages
LsaRegisterPolicyChangeNotification
SecpFreeMemory

user32

GetSystemMetrics
wsprintfW
LoadStringW
GetMessageTime
GetCursorPos

advapi32

GetUserNameA
RegisterTraceGuidsW
TraceEvent
LsaClose
CredFree
CredUnmarshalCredentialW
SystemFunction036
RegQueryValueExA
SystemFunction005
SystemFunction004
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
CryptAcquireContextA
CryptGetProvParam
CryptSetKeyParam
CryptCreateHash
SystemFunction040
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptGetHashParam
CryptGetKeyParam
CryptExportKey
LsaRetrievePrivateData
LsaStorePrivateData
AllocateAndInitializeSid
FreeSid
GetSidIdentifierAuthority
GetSidSubAuthority
LookupAccountNameW
LogonUserW
IsValidSid
A_SHAInit
A_SHAUpdate
A_SHAFinal
ImpersonateSelf
SetThreadToken
OpenSCManagerW
QueryServiceStatus
ChangeServiceConfigW
EnumDependentServicesW
ControlService
StartServiceW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
RegCreateKeyW
LsaSetDomainInformationPolicy
LookupAccountSidW
LsaSetInformationPolicy
AccessCheck
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegLoadKeyW
RegUnLoadKeyW
LsaQueryDomainInformationPolicy
LsaQueryTrustedDomainInfoByName
LsaCreateTrustedDomainEx
LsaOpenTrustedDomain
LsaOpenTrustedDomainByName
LsaDelete
ImpersonateLoggedOnUser
SystemFunction029
SystemFunction007
LsaICLookupSidsWithCreds
LsaICLookupNamesWithCreds
ConvertSidToStringSidW
LsaOpenPolicy
LsaQueryInformationPolicy
EqualSid
LsaICLookupSids
LsaICLookupNames
GetWindowsAccountDomainSid
EqualDomainSid
ConvertStringSidToSidW
DuplicateTokenEx
AllocateLocallyUniqueId
OpenProcessToken
GetTokenInformation
FileEncryptionStatusW
I_ScIsSecurityProcess
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
IsWellKnownSid
MD5Init
MD5Update
MD5Final
CheckTokenMembership
ReportEventA
RegDeleteKeyW
CryptGenKey
SystemFunction035
IsTokenRestricted
RegNotifyChangeKeyValue
RegOpenKeyW
GetSidSubAuthorityCount
CryptGetUserKey
CryptAcquireContextW
AdjustTokenPrivileges
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptDecrypt
CryptImportKey
CryptDestroyKey
RevertToSelf
CryptEncrypt
GetLengthSid
CopySid
CryptGenRandom
LsaFreeMemory
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
CryptSetProvParam
CryptReleaseContext
OpenThreadToken
CredpEncodeCredential
CredpDecodeCredential
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
GetTraceLoggerHandle

samsrv

SamIChangePasswordForeignUser2
SamrOpenUser
SamIFree_SAMPR_ULONG_ARRAY
SamIOpenUserByAlternateId
SamrCloseHandle
SamIFree_SAMPR_GET_GROUPS_BUFFER
SamIFree_SAMPR_USER_INFO_BUFFER
SamrGetGroupsForUser
SamrQueryInformationUser
SamIFreeSidAndAttributesList
SamIGetUserLogonInformation
SampUsingDsData
SamIFreeSidArray
SamIGetResourceGroupMembershipsTransitive
SamIIsSetupInProgress
SamrOpenDomain
SamIConnect
SamIGetAliasMembership
SamISetAuditingInformation
SamIQueryServerRole
SamrEnumerateUsersInDomain
SamIAmIGC
SamIMixedDomain
SamIIsDownlevelDcUpgrade
SamIGetBootKeyInformation
SamIDoFSMORoleChange
SamIIsRebootAfterPromotion
SamIGCLookupNames
SamIFreeVoid
SamrRidToSid
SamIIsExtendedSidMode
SamIFree_SAMPR_RETURNED_USTRING_ARRAY
SamrLookupIdsInDomain
SamIGCLookupSids
SamrSetInformationUser
SamrCreateUser2InDomain
SamrDeleteUser
SamIGetInterdomainTrustAccountPasswordsForUpgrade
SamIEnumerateInterdomainTrustAccountsForUpgrade
SamIMixedDomain2
SamrLookupNamesInDomain

msasn1

ASN1DecAlloc
ASN1BERDecObjectIdentifier
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BEREncObjectIdentifier
ASN1BEREncEndOfContents
ASN1_CreateModule
ASN1BEREncOctetString
ASN1BERDecPeekTag
ASN1Free
ASN1objectidentifier_free
ASN1BERDecOctetString
ASN1octetstring_free
ASN1ztcharstring_free
ASN1BEREncU32
ASN1BERDecU32Val
ASN1DecSetError
ASN1BEREncBitString
ASN1BERDecNotEndOfContents
ASN1BEREncCharString
ASN1BERDecZeroCharString
ASN1BEREncRemoveZeroBits
ASN1BERDecBitString
ASN1bitstring_free
ASN1_CreateDecoder
ASN1_CreateEncoder
ASN1_CloseDecoder
ASN1_FreeDecoded
ASN1_Encode
ASN1_FreeEncoded
ASN1_Decode
ASN1_CloseEncoder
ASN1BERDecExplicitTag

netapi32

NetUserGetInfo
DsGetDcNameW
DsEnumerateDomainTrustsW
NetShareGetInfo
DsRoleFreeMemory
Netbios
NetUseDel
DsGetDcNameWithAccountW
NetUseAdd
I_NetNameValidate
NetApiBufferAllocate
NetAlertRaiseEx
I_NetNameCanonicalize
NetUserModalsGet
NetShareDel
NetRemoteTOD
NetApiBufferFree

samlib

SamFreeMemory

mpr

WNetCancelConnection2W
WNetAddConnection2W

ntdsapi

DsFreeNameResultW
DsCrackNamesW
DsBindW
DsCrackSpn3W
DsUnBindW

Exports

Exports

DsRolerDcAsDc
DsRolerDcAsReplica
DsRolerDemoteDc
DsRolerGetDcOperationProgress
DsRolerGetDcOperationResults
LsaIAddNameToLogonSession
LsaIAllocateHeap
LsaIAllocateHeapZero
LsaIAuditAccountLogon
LsaIAuditAccountLogonEx
LsaIAuditKdcEvent
LsaIAuditKerberosLogon
LsaIAuditLogonUsingExplicitCreds
LsaIAuditNotifyPackageLoad
LsaIAuditPasswordAccessEvent
LsaIAuditSamEvent
LsaICallPackage
LsaICallPackageEx
LsaICallPackagePassthrough
LsaICancelNotification
LsaIChangeSecretCipherKey
LsaICryptProtectData
LsaICryptUnprotectData
LsaIDsNotifiedObjectChange
LsaIEnumerateSecrets
LsaIEventNotify
LsaIFilterSids
LsaIForestTrustFindMatch
LsaIFreeForestTrustInfo
LsaIFreeHeap
LsaIFreeReturnBuffer
LsaIFree_LSAI_PRIVATE_DATA
LsaIFree_LSAI_SECRET_ENUM_BUFFER
LsaIFree_LSAPR_ACCOUNT_ENUM_BUFFER
LsaIFree_LSAPR_CR_CIPHER_VALUE
LsaIFree_LSAPR_POLICY_DOMAIN_INFORMATION
LsaIFree_LSAPR_POLICY_INFORMATION
LsaIFree_LSAPR_PRIVILEGE_ENUM_BUFFER
LsaIFree_LSAPR_PRIVILEGE_SET
LsaIFree_LSAPR_REFERENCED_DOMAIN_LIST
LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR
LsaIFree_LSAPR_TRANSLATED_NAMES
LsaIFree_LSAPR_TRANSLATED_SIDS
LsaIFree_LSAPR_TRUSTED_DOMAIN_INFO
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER_EX
LsaIFree_LSAPR_TRUST_INFORMATION
LsaIFree_LSAPR_UNICODE_STRING
LsaIFree_LSAPR_UNICODE_STRING_BUFFER
LsaIFree_LSAP_SITENAME_INFO
LsaIFree_LSAP_SITE_INFO
LsaIFree_LSAP_SUBNET_INFO
LsaIFree_LSAP_UPN_SUFFIXES
LsaIFree_LSA_FOREST_TRUST_COLLISION_INFORMATION
LsaIFree_LSA_FOREST_TRUST_INFORMATION
LsaIGetBootOption
LsaIGetCallInfo
LsaIGetForestTrustInformation
LsaIGetLogonGuid
LsaIGetNbAndDnsDomainNames
LsaIGetPrivateData
LsaIGetSerialNumberPolicy
LsaIGetSerialNumberPolicy2
LsaIGetSiteName
LsaIHealthCheck
LsaIImpersonateClient
LsaIInitializeWellKnownSids
LsaIIsClassIdLsaClass
LsaIIsDsPaused
LsaIKerberosRegisterTrustNotification
LsaILookupWellKnownName
LsaINotifyChangeNotification
LsaINotifyNetlogonParametersChangeW
LsaINotifyPasswordChanged
LsaIOpenPolicyTrusted
LsaIQueryForestTrustInfo
LsaIQueryInformationPolicyTrusted
LsaIQuerySiteInfo
LsaIQuerySubnetInfo
LsaIQueryUpnSuffixes
LsaIRegisterNotification
LsaIRegisterPolicyChangeNotificationCallback
LsaISafeMode
LsaISamIndicatedDsStarted
LsaISetBootOption
LsaISetClientDnsHostName
LsaISetLogonGuidInLogonSession
LsaISetPrivateData
LsaISetSerialNumberPolicy
LsaISetTimesSecret
LsaISetupWasRun
LsaITestCall
LsaIUnregisterAllPolicyChangeNotificationCallback
LsaIUnregisterPolicyChangeNotificationCallback
LsaIUpdateForestTrustInformation
LsaIWriteAuditEvent
LsapAuOpenSam
LsapCheckBootMode
LsapDsDebugInitialize
LsapDsInitializeDsStateInfo
LsapDsInitializePromoteInterface
LsapInitLsa
LsarAddPrivilegesToAccount
LsarClose
LsarCreateAccount
LsarCreateSecret
LsarCreateTrustedDomain
LsarCreateTrustedDomainEx
LsarDelete
LsarEnumerateAccounts
LsarEnumeratePrivileges
LsarEnumeratePrivilegesAccount
LsarEnumerateTrustedDomains
LsarEnumerateTrustedDomainsEx
LsarGetQuotasForAccount
LsarGetSystemAccessAccount
LsarLookupNames
LsarLookupPrivilegeDisplayName
LsarLookupPrivilegeName
LsarLookupPrivilegeValue
LsarLookupSids
LsarLookupSids2
LsarOpenAccount
LsarOpenPolicy
LsarOpenPolicySce
LsarOpenSecret
LsarOpenTrustedDomain
LsarOpenTrustedDomainByName
LsarQueryDomainInformationPolicy
LsarQueryForestTrustInformation
LsarQueryInfoTrustedDomain
LsarQueryInformationPolicy
LsarQuerySecret
LsarQuerySecurityObject
LsarQueryTrustedDomainInfo
LsarQueryTrustedDomainInfoByName
LsarRemovePrivilegesFromAccount
LsarSetDomainInformationPolicy
LsarSetForestTrustInformation
LsarSetInformationPolicy
LsarSetInformationTrustedDomain
LsarSetQuotasForAccount
LsarSetSecret
LsarSetSecurityObject
LsarSetSystemAccessAccount
LsarSetTrustedDomainInfoByName
ServiceInit

Sections

.text
Size: 624KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/LSASS.EXE
.exe windows:5 windows x86 arch:x86

13a5ec758c23c4ebec520a54a47e014a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

lsass.pdb

Imports

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenThreadToken
ImpersonateSelf
RevertToSelf

kernel32

CloseHandle
GetCurrentThread
ExitThread
SetUnhandledExceptionFilter
SetErrorMode
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlUnwind
InterlockedExchange
VirtualQuery

ntdll

NtSetInformationProcess
RtlInitUnicodeString
NtCreateEvent
NtOpenEvent
NtSetEvent
NtClose
NtRaiseHardError
RtlAdjustPrivilege
NtShutdownSystem
RtlUnhandledExceptionFilter

lsasrv

LsaISetupWasRun
LsapDsDebugInitialize
LsapAuOpenSam
LsapCheckBootMode
ServiceInit
LsapInitLsa
LsapDsInitializePromoteInterface
LsapDsInitializeDsStateInfo

samsrv

SamIInitialize
SampUsingDsData

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
I386/SYSTEM32/L_INTL.NLS
I386/SYSTEM32/MFC42U.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

65f3cdf30468a1b024ce7f377d2f1556

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

72:d1:19:4d:bd:ca:1c:99:5e:7e:6e:9b:5c:78:6c:42:5b:38:5b:b9
Signer

Actual PE Digest

72:d1:19:4d:bd:ca:1c:99:5e:7e:6e:9b:5c:78:6c:42:5b:38:5b:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MFC42U.pdb

Imports

msvcrt

memmove
malloc
free
abort
memset
_get_osfhandle
__doserrno
_fdopen
_open_osfhandle
fclose
clearerr
fread
fwrite
fputws
fgetws
ftell
fseek
fflush
realloc
wcscmp
wcschr
wcspbrk
_wcsupr
_wcslwr
_wcsrev
wcsrchr
wcsstr
wcsspn
wcscspn
vswprintf
swprintf
wcslen
wcsncmp
iswdigit
_wtoi
iswspace
mktime
gmtime
localtime
wcsftime
time
_purecall
_msize
calloc
memcmp
abs
wcstoul
wcstol
wcstod
_expand
_wcsdup
_endthreadex
_beginthreadex
__p___wargv
__p___argc
_wtol
_wfullpath
_wsplitpath
floor
fabs
ceil
modf
_itow
labs
_ultow
_ltow
wcscpy
wcsncpy
_wcsnicmp
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
strcmp
strcpy
memcpy
_CxxThrowException
__CxxFrameHandler

kernel32

CreateFileW
GlobalSize
GlobalLock
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalFree
GetFileAttributesW
GetFileSize
GetFullPathNameW
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesW
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
LocalFree
FormatMessageW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
LeaveCriticalSection
GlobalHandle
EnterCriticalSection
TlsGetValue
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
CreateEventW
WaitForMultipleObjects
GetVersionExA
GetModuleHandleW
lstrcatW
FreeLibrary
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
GetVersion
GlobalAddAtomW
GetCurrentThreadId
FreeResource
LockResource
LoadResource
FindResourceW
GlobalGetAtomNameW
GetModuleHandleA
MulDiv
GetProfileIntW
VirtualProtect
lstrcpyA
FindResourceExW
SizeofResource
GetProcessVersion
lstrcmpW
GlobalFlags
GetTempFileNameW
GetDiskFreeSpaceW
LocalUnlock
LocalLock
SearchPathW
GetTempPathW
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
lstrcmpiA
GetCurrentThread
SetErrorMode
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentDirectoryW
FindNextFileW
GetTickCount
CopyFileW
GetUserDefaultLCID
IsDBCSLeadByte
lstrcatA
GetSystemDirectoryA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVolumeInformationW
FindFirstFileW
FindClose
lstrcpyW
LoadLibraryW
GetProcAddress
WriteFile
GetCurrentProcess
DuplicateHandle
GetModuleFileNameW
GetShortPathNameW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
DeleteFileW
MoveFileW
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
ReadFile
lstrlenA
lstrcmpA
OutputDebugStringW
lstrlenW
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrA
IsBadStringPtrW
GetLastError
SetLastError
lstrcpynW
RaiseException
OutputDebugStringA
InterlockedExchange
GetFileTime

gdi32

TextOutW
MoveToEx
GetWindowExtEx
EnumFontFamiliesW
GetPixel
GetPaletteEntries
RealizePalette
CreatePalette
OffsetRgn
SetBrushOrgEx
CreateMetaFileW
CopyMetaFileW
LPtoDP
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
CreateHatchBrush
ExtCreatePen
CreateDIBPatternBrushPt
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
OffsetWindowOrgEx
SelectPalette
StartDocW
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
EnumFontFamiliesExW
CreateDCW
CreateRectRgnIndirect
UnrealizeObject
CreateBitmap
CreatePatternBrush
CreatePen
PatBlt
Rectangle
GetViewportExtEx
DeleteMetaFile
CloseMetaFile
ScaleWindowExtEx
ScaleViewportExtEx
IntersectClipRect
GetDeviceCaps
SetMapMode
SetWindowExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetViewportOrgEx
SetViewportOrgEx
GetWindowOrgEx
SetWindowOrgEx
GetTextExtentPoint32A
GetTextFaceW
GetTextAlign
RectVisible
PtVisible
GetTextColor
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
GetBkColor
Escape
GetNearestColor
SaveDC
RestoreDC
GetStockObject
CreateFontW
GetCharWidthW
DeleteObject
CreateCompatibleBitmap
StretchDIBits
DeleteDC
CreateFontIndirectW
GetTextMetricsW
GetTextExtentPoint32W
ExtTextOutW
BitBlt
SelectObject
CreateCompatibleDC
CreateSolidBrush
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetCurrentPositionEx

user32

EndDeferWindowPos
MessageBoxA
LoadStringW
FrameRect
InvalidateRgn
EnumChildWindows
DrawEdge
ClipCursor
GetNextDlgGroupItem
CharNextW
SetWindowContextHelpId
CountClipboardFormats
WindowFromDC
CreateMenu
PostThreadMessageW
InSendMessage
CopyAcceleratorTableW
RegisterClipboardFormatW
InsertMenuW
GetMenuStringW
ShowOwnedPopups
UnregisterClassW
PostQuitMessage
ValidateRect
RemoveMenu
GetTabbedTextExtentW
MessageBeep
IsClipboardFormatAvailable
FindWindowW
SystemParametersInfoW
SetCursorPos
DestroyCursor
DestroyIcon
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
IsDialogMessageW
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetWindowTextW
GetClassNameW
GetSysColorBrush
EndPaint
BeginPaint
TabbedTextOutW
GetDialogBaseUnits
MapDialogRect
GetAsyncKeyState
wvsprintfW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
DrawFocusRect
UnionRect
GrayStringW
DrawTextW
GetTabbedTextExtentA
LockWindowUpdate
GetDCEx
SetParent
GetSystemMenu
AppendMenuW
DeleteMenu
IsRectEmpty
IsZoomed
GetDC
KillTimer
wsprintfW
GetSystemMetrics
CharUpperW
UnhookWindowsHookEx
MsgWaitForMultipleObjects
GetWindow
CopyRect
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongW
GetWindowLongW
CallWindowProcW
DefWindowProcW
SendMessageW
GetDlgCtrlID
GetWindowTextW
GetWindowTextLengthW
GetDlgItem
SetWindowPlacement
RegisterClassW
GetClassInfoW
GetMenuItemCount
GetMenuItemID
GetSubMenu
PostMessageW
GetMenu
GetClientRect
GetParent
UpdateWindow
MessageBoxW
IsWindowVisible
SetActiveWindow
SetScrollInfo
GetScrollInfo
ShowScrollBar
ScrollWindow
GetLastActivePopup
DeferWindowPos
EqualRect
ScreenToClient
SetForegroundWindow
AdjustWindowRectEx
GetForegroundWindow
GetSysColor
MapWindowPoints
EnableWindow
PeekMessageW
LoadIconW
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
DestroyWindow
GetKeyState
TrackPopupMenu
IsChild
GetTopWindow
SetTimer
BeginDeferWindowPos
SetFocus
IsWindow
GetFocus
GetMessagePos
GetMessageTime
RemovePropW
GetPropW
DispatchMessageW
SetPropW
CallNextHookEx
SetWindowsHookExW
CreateWindowExW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
GetCapture
RegisterWindowMessageW
LoadAcceleratorsW
TranslateAcceleratorW
IsWindowEnabled
GetDesktopWindow
ShowWindow
SetMenu
BringWindowToTop
SetRectEmpty
InvalidateRect
ReleaseCapture
SetCursor
DestroyMenu
LoadMenuW
ReuseDDElParam
UnpackDDElParam
GetActiveWindow
LoadCursorW
ClientToScreen
GetWindowThreadProcessId
SetCapture
WindowFromPoint
GetCursorPos
TranslateMessage
GetMessageW
WaitMessage
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
RedrawWindow
InflateRect
PtInRect
FillRect
InvertRect
GetWindowDC
ReleaseDC
LoadBitmapW
SetRect

Exports

Exports

?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B
?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 604KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/MPR.DLL
.dll windows:5 windows x86 arch:x86

2e0d7b551033332f6d79538ddbbe60d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mpr.pdb

Imports

ntdll

wcsncmp
_wcsnicmp
wcscat
NtQueryInformationProcess
wcsncat
RtlAcquireResourceExclusive
RtlDeleteResource
RtlInitializeResource
_alloca_probe
RtlCopyUnicodeString
RtlUnicodeStringToAnsiString
RtlxUnicodeStringToAnsiSize
RtlAnsiStringToUnicodeString
RtlInitAnsiString
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
iswctype
RtlUpcaseUnicodeChar
_wcsicmp
RtlInitUnicodeString
RtlEqualUnicodeString
wcscmp
_ultow
wcschr
wcsncpy
RtlReleaseResource
RtlAcquireResourceShared
wcscpy
RtlUnwind
RtlNtStatusToDosError
NtQueryVirtualMemory
wcslen

advapi32

RegDeleteValueW
RegDeleteKeyW
RegFlushKey
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenCurrentUser
RegOpenKeyExW
RegNotifyChangeKeyValue
LsaFreeMemory
OpenThreadToken
OpenProcessToken
SetThreadToken
RegQueryValueExW
LsaGetUserName
RegEnumValueW
RegCloseKey
GetUserNameW

kernel32

LeaveCriticalSection
ExpandEnvironmentStringsW
CreateEventW
GetComputerNameW
GetCurrentThread
GetCurrentProcess
EnterCriticalSection
TerminateThread
ResumeThread
GetTickCount
WaitForMultipleObjects
Sleep
InterlockedExchange
FreeLibraryAndExitThread
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
LocalSize
ResetEvent
DisableThreadLibraryCalls
CreateSemaphoreW
ReleaseSemaphore
GetEnvironmentVariableW
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateThread
GetLastError
IsBadWritePtr
DelayLoadFailureHook
QueryDosDeviceW
GetLogicalDrives
SetLastError
LocalFree
FreeLibrary
WriteFile
WriteConsoleW
GetStdHandle
FormatMessageW
LoadLibraryExW
GetDriveTypeW
LocalAlloc
WaitForSingleObject
GetProcAddress
CloseHandle
SetEvent
OpenEventW
DefineDosDeviceW

user32

wsprintfW
LoadStringW

Exports

Exports

I_MprSaveConn
MultinetGetConnectionPerformanceA
MultinetGetConnectionPerformanceW
MultinetGetErrorTextA
MultinetGetErrorTextW
RestoreConnectionA0
WNetAddConnection2A
WNetAddConnection2W
WNetAddConnection3A
WNetAddConnection3W
WNetAddConnectionA
WNetAddConnectionW
WNetCancelConnection2A
WNetCancelConnection2W
WNetCancelConnectionA
WNetCancelConnectionW
WNetClearConnections
WNetCloseEnum
WNetConnectionDialog
WNetConnectionDialog1A
WNetConnectionDialog1W
WNetConnectionDialog2
WNetDirectoryNotifyA
WNetDirectoryNotifyW
WNetDisconnectDialog
WNetDisconnectDialog1A
WNetDisconnectDialog1W
WNetDisconnectDialog2
WNetEnumResourceA
WNetEnumResourceW
WNetFMXEditPerm
WNetFMXGetPermCaps
WNetFMXGetPermHelp
WNetFormatNetworkNameA
WNetFormatNetworkNameW
WNetGetConnection2A
WNetGetConnection2W
WNetGetConnection3A
WNetGetConnection3W
WNetGetConnectionA
WNetGetConnectionW
WNetGetDirectoryTypeA
WNetGetDirectoryTypeW
WNetGetHomeDirectoryW
WNetGetLastErrorA
WNetGetLastErrorW
WNetGetNetworkInformationA
WNetGetNetworkInformationW
WNetGetPropertyTextA
WNetGetPropertyTextW
WNetGetProviderNameA
WNetGetProviderNameW
WNetGetProviderTypeA
WNetGetProviderTypeW
WNetGetResourceInformationA
WNetGetResourceInformationW
WNetGetResourceParentA
WNetGetResourceParentW
WNetGetSearchDialog
WNetGetUniversalNameA
WNetGetUniversalNameW
WNetGetUserA
WNetGetUserW
WNetLogonNotify
WNetOpenEnumA
WNetOpenEnumW
WNetPasswordChangeNotify
WNetPropertyDialogA
WNetPropertyDialogW
WNetRestoreConnection2W
WNetRestoreConnectionW
WNetSetConnectionA
WNetSetConnectionW
WNetSetLastErrorA
WNetSetLastErrorW
WNetSupportGlobalEnum
WNetUseConnectionA
WNetUseConnectionW

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/MSACM32.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

XRegThunkEntry
acmDriverAddA
acmDriverAddW
acmDriverClose
acmDriverDetailsA
acmDriverDetailsW
acmDriverEnum
acmDriverID
acmDriverMessage
acmDriverOpen
acmDriverPriority
acmDriverRemove
acmFilterChooseA
acmFilterChooseW
acmFilterDetailsA
acmFilterDetailsW
acmFilterEnumA
acmFilterEnumW
acmFilterTagDetailsA
acmFilterTagDetailsW
acmFilterTagEnumA
acmFilterTagEnumW
acmFormatChooseA
acmFormatChooseW
acmFormatDetailsA
acmFormatDetailsW
acmFormatEnumA
acmFormatEnumW
acmFormatSuggest
acmFormatTagDetailsA
acmFormatTagDetailsW
acmFormatTagEnumA
acmFormatTagEnumW
acmGetVersion
acmMessage32
acmMetrics
acmStreamClose
acmStreamConvert
acmStreamMessage
acmStreamOpen
acmStreamPrepareHeader
acmStreamReset
acmStreamSize
acmStreamUnprepareHeader

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/MSASN1.DLL
.dll windows:5 windows x86 arch:x86

29037338463b2fb8def40c8ff4aa49f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msasn1.pdb

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
_ultoa
_ui64toa
_atoi64
memmove
_fpclass
_ftol
_finite
frexp
ldexp
strchr
strtod

kernel32

LocalReAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetLastError
DisableThreadLibraryCalls
lstrcpyA
LoadLibraryA
GetProcAddress
CloseHandle
LocalFree
LocalAlloc
lstrlenA
lstrcmpA
FreeLibrary

user32

wsprintfA

Exports

Exports

ASN1BERDecBitString
ASN1BERDecBitString2
ASN1BERDecBool
ASN1BERDecChar16String
ASN1BERDecChar32String
ASN1BERDecCharString
ASN1BERDecCheck
ASN1BERDecDouble
ASN1BERDecEndOfContents
ASN1BERDecEoid
ASN1BERDecExplicitTag
ASN1BERDecFlush
ASN1BERDecGeneralizedTime
ASN1BERDecLength
ASN1BERDecMultibyteString
ASN1BERDecNotEndOfContents
ASN1BERDecNull
ASN1BERDecObjectIdentifier
ASN1BERDecObjectIdentifier2
ASN1BERDecOctetString
ASN1BERDecOctetString2
ASN1BERDecOpenType
ASN1BERDecOpenType2
ASN1BERDecPeekTag
ASN1BERDecS16Val
ASN1BERDecS32Val
ASN1BERDecS8Val
ASN1BERDecSXVal
ASN1BERDecSkip
ASN1BERDecTag
ASN1BERDecU16Val
ASN1BERDecU32Val
ASN1BERDecU8Val
ASN1BERDecUTCTime
ASN1BERDecUTF8String
ASN1BERDecZeroChar16String
ASN1BERDecZeroChar32String
ASN1BERDecZeroCharString
ASN1BERDecZeroMultibyteString
ASN1BERDotVal2Eoid
ASN1BEREncBitString
ASN1BEREncBool
ASN1BEREncChar16String
ASN1BEREncChar32String
ASN1BEREncCharString
ASN1BEREncCheck
ASN1BEREncDouble
ASN1BEREncEndOfContents
ASN1BEREncEoid
ASN1BEREncExplicitTag
ASN1BEREncFlush
ASN1BEREncGeneralizedTime
ASN1BEREncLength
ASN1BEREncMultibyteString
ASN1BEREncNull
ASN1BEREncObjectIdentifier
ASN1BEREncObjectIdentifier2
ASN1BEREncOctetString
ASN1BEREncOpenType
ASN1BEREncRemoveZeroBits
ASN1BEREncS32
ASN1BEREncSX
ASN1BEREncTag
ASN1BEREncU32
ASN1BEREncUTCTime
ASN1BEREncUTF8String
ASN1BEREncZeroMultibyteString
ASN1BEREoid2DotVal
ASN1BEREoid_free
ASN1CEREncBeginBlk
ASN1CEREncBitString
ASN1CEREncChar16String
ASN1CEREncChar32String
ASN1CEREncCharString
ASN1CEREncEndBlk
ASN1CEREncFlushBlkElement
ASN1CEREncGeneralizedTime
ASN1CEREncMultibyteString
ASN1CEREncNewBlkElement
ASN1CEREncOctetString
ASN1CEREncUTCTime
ASN1CEREncZeroMultibyteString
ASN1DecAbort
ASN1DecAlloc
ASN1DecDone
ASN1DecRealloc
ASN1DecSetError
ASN1EncAbort
ASN1EncDone
ASN1EncSetError
ASN1Free
ASN1PERDecAlignment
ASN1PERDecBit
ASN1PERDecBits
ASN1PERDecBoolean
ASN1PERDecChar16String
ASN1PERDecChar32String
ASN1PERDecCharString
ASN1PERDecCharStringNoAlloc
ASN1PERDecComplexChoice
ASN1PERDecDouble
ASN1PERDecExtension
ASN1PERDecFlush
ASN1PERDecFragmented
ASN1PERDecFragmentedChar16String
ASN1PERDecFragmentedChar32String
ASN1PERDecFragmentedCharString
ASN1PERDecFragmentedExtension
ASN1PERDecFragmentedIntx
ASN1PERDecFragmentedLength
ASN1PERDecFragmentedTableChar16String
ASN1PERDecFragmentedTableChar32String
ASN1PERDecFragmentedTableCharString
ASN1PERDecFragmentedUIntx
ASN1PERDecFragmentedZeroChar16String
ASN1PERDecFragmentedZeroChar32String
ASN1PERDecFragmentedZeroCharString
ASN1PERDecFragmentedZeroTableChar16String
ASN1PERDecFragmentedZeroTableChar32String
ASN1PERDecFragmentedZeroTableCharString
ASN1PERDecGeneralizedTime
ASN1PERDecInteger
ASN1PERDecMultibyteString
ASN1PERDecN16Val
ASN1PERDecN32Val
ASN1PERDecN8Val
ASN1PERDecNormallySmallExtension
ASN1PERDecObjectIdentifier
ASN1PERDecObjectIdentifier2
ASN1PERDecOctetString_FixedSize
ASN1PERDecOctetString_FixedSizeEx
ASN1PERDecOctetString_NoSize
ASN1PERDecOctetString_VarSize
ASN1PERDecOctetString_VarSizeEx
ASN1PERDecS16Val
ASN1PERDecS32Val
ASN1PERDecS8Val
ASN1PERDecSXVal
ASN1PERDecSeqOf_NoSize
ASN1PERDecSeqOf_VarSize
ASN1PERDecSimpleChoice
ASN1PERDecSimpleChoiceEx
ASN1PERDecSkipBits
ASN1PERDecSkipFragmented
ASN1PERDecSkipNormallySmall
ASN1PERDecSkipNormallySmallExtension
ASN1PERDecSkipNormallySmallExtensionFragmented
ASN1PERDecTableChar16String
ASN1PERDecTableChar32String
ASN1PERDecTableCharString
ASN1PERDecTableCharStringNoAlloc
ASN1PERDecU16Val
ASN1PERDecU32Val
ASN1PERDecU8Val
ASN1PERDecUTCTime
ASN1PERDecUXVal
ASN1PERDecUnsignedInteger
ASN1PERDecUnsignedShort
ASN1PERDecZeroChar16String
ASN1PERDecZeroChar32String
ASN1PERDecZeroCharString
ASN1PERDecZeroCharStringNoAlloc
ASN1PERDecZeroTableChar16String
ASN1PERDecZeroTableChar32String
ASN1PERDecZeroTableCharString
ASN1PERDecZeroTableCharStringNoAlloc
ASN1PEREncAlignment
ASN1PEREncBit
ASN1PEREncBitIntx
ASN1PEREncBitVal
ASN1PEREncBits
ASN1PEREncBoolean
ASN1PEREncChar16String
ASN1PEREncChar32String
ASN1PEREncCharString
ASN1PEREncCheckExtensions
ASN1PEREncComplexChoice
ASN1PEREncDouble
ASN1PEREncExtensionBitClear
ASN1PEREncExtensionBitSet
ASN1PEREncFlush
ASN1PEREncFlushFragmentedToParent
ASN1PEREncFragmented
ASN1PEREncFragmentedChar16String
ASN1PEREncFragmentedChar32String
ASN1PEREncFragmentedCharString
ASN1PEREncFragmentedIntx
ASN1PEREncFragmentedLength
ASN1PEREncFragmentedTableChar16String
ASN1PEREncFragmentedTableChar32String
ASN1PEREncFragmentedTableCharString
ASN1PEREncFragmentedUIntx
ASN1PEREncGeneralizedTime
ASN1PEREncInteger
ASN1PEREncMultibyteString
ASN1PEREncNormallySmall
ASN1PEREncNormallySmallBits
ASN1PEREncObjectIdentifier
ASN1PEREncObjectIdentifier2
ASN1PEREncOctetString_FixedSize
ASN1PEREncOctetString_FixedSizeEx
ASN1PEREncOctetString_NoSize
ASN1PEREncOctetString_VarSize
ASN1PEREncOctetString_VarSizeEx
ASN1PEREncOctets
ASN1PEREncRemoveZeroBits
ASN1PEREncSeqOf_NoSize
ASN1PEREncSeqOf_VarSize
ASN1PEREncSimpleChoice
ASN1PEREncSimpleChoiceEx
ASN1PEREncTableChar16String
ASN1PEREncTableChar32String
ASN1PEREncTableCharString
ASN1PEREncUTCTime
ASN1PEREncUnsignedInteger
ASN1PEREncUnsignedShort
ASN1PEREncZero
ASN1PERFreeSeqOf
ASN1_CloseDecoder
ASN1_CloseEncoder
ASN1_CloseEncoder2
ASN1_CloseModule
ASN1_CreateDecoder
ASN1_CreateDecoderEx
ASN1_CreateEncoder
ASN1_CreateModule
ASN1_Decode
ASN1_Encode
ASN1_FreeDecoded
ASN1_FreeEncoded
ASN1_GetDecoderOption
ASN1_GetEncoderOption
ASN1_SetDecoderOption
ASN1_SetEncoderOption
ASN1bitstring_cmp
ASN1bitstring_free
ASN1char16string_cmp
ASN1char16string_free
ASN1char32string_cmp
ASN1char32string_free
ASN1charstring_cmp
ASN1charstring_free
ASN1generalizedtime_cmp
ASN1intx2int32
ASN1intx2uint32
ASN1intx_add
ASN1intx_free
ASN1intx_setuint32
ASN1intx_sub
ASN1intx_uoctets
ASN1intxisuint32
ASN1objectidentifier2_cmp
ASN1objectidentifier_cmp
ASN1objectidentifier_free
ASN1octetstring_cmp
ASN1octetstring_free
ASN1open_cmp
ASN1open_free
ASN1uint32_uoctets
ASN1utctime_cmp
ASN1utf8string_free
ASN1ztchar16string_cmp
ASN1ztchar16string_free
ASN1ztchar32string_free
ASN1ztcharstring_cmp
ASN1ztcharstring_free

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/MSGINA.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ShellShutdownDialog

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/MSIMG32.DLL
.dll windows:5 windows x86 arch:x86

cadcb7e945392853f233c18a3132d24b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msimg32.pdb

Imports

kernel32

SetLastError
DisableThreadLibraryCalls
GetVersionExA
FreeLibrary

gdi32

GdiGradientFill
GetObjectType
GetCurrentObject
GetObjectA
GetDeviceCaps
GdiAlphaBlend
GdiTransparentBlt

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/MSPAINT.EXE
.exe windows:5 windows x86 arch:x86

39d030d5578d4c069903ba6c5e5684f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mspaint.pdb

Imports

mfc42u

ord2933
ord2634
ord3087
ord4050
ord2755
ord6195
ord2810
ord1771
ord940
ord942
ord2286
ord2354
ord755
ord470
ord2281
ord2362
ord6153
ord5147
ord4225
ord2371
ord5784
ord5790
ord5783
ord4358
ord5244
ord3578
ord298
ord620
ord4753
ord3687
ord3867
ord2066
ord1257
ord1196
ord4470
ord5947
ord5977
ord3090
ord4768
ord4532
ord858
ord922
ord5579
ord4124
ord5679
ord5706
ord536
ord4199
ord5641
ord4315
ord816
ord562
ord4018
ord6115
ord6190
ord1941
ord4270
ord5286
ord818
ord4215
ord2576
ord3649
ord2430
ord2858
ord1637
ord3133
ord567
ord1230
ord3747
ord6124
ord6266
ord3490
ord3016
ord4357
ord5083
ord4444
ord4665
ord4679
ord1878
ord4246
ord4940
ord3249
ord2433
ord1688
ord5000
ord4464
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord5006
ord975
ord5472
ord3398
ord2874
ord2873
ord4149
ord4072
ord5233
ord5281
ord2641
ord1658
ord4430
ord5248
ord4421
ord739
ord747
ord736
ord4407
ord5728
ord5491
ord2096
ord4454
ord5652
ord5028
ord439
ord450
ord442
ord4237
ord4787
ord3345
ord5468
ord4146
ord5278
ord674
ord366
ord2084
ord4451
ord5048
ord5092
ord4614
ord4612
ord1886
ord4249
ord4010
ord4951
ord4855
ord4820
ord3182
ord4944
ord2429
ord2163
ord4511
ord4634
ord4910
ord4996
ord4485
ord5015
ord3101
ord4599
ord4994
ord4410
ord5497
ord4622
ord2986
ord3412
ord5019
ord3509
ord6340
ord5623
ord1003
ord3444
ord3782
ord3245
ord4691
ord3055
ord3061
ord6332
ord2502
ord5240
ord4417
ord2394
ord4381
ord3449
ord3193
ord6077
ord6171
ord3256
ord4617
ord4424
ord748
ord5650
ord5738
ord4610
ord5014
ord6193
ord4488
ord5734
ord4615
ord5573
ord2776
ord4651
ord1255
ord2721
ord6466
ord2719
ord2722
ord957
ord2007
ord962
ord750
ord603
ord1262
ord6386
ord1985
ord1961
ord273
ord2247
ord458
ord5200
ord4819
ord4854
ord4950
ord1740
ord456
ord4356
ord5082
ord4442
ord4675
ord1263
ord1229
ord3865
ord4493
ord3480
ord4904
ord4504
ord4589
ord5024
ord4989
ord5153
ord6191
ord4609
ord3614
ord4269
ord743
ord4480
ord2546
ord2504
ord5727
ord3917
ord4847
ord2388
ord3341
ord5296
ord5298
ord4074
ord5303
ord5285
ord5710
ord4616
ord3733
ord815
ord2717
ord6371
ord1197
ord4604
ord459
ord561
ord5496
ord2550
ord5712
ord5713
ord2028
ord986
ord6133
ord520
ord1202
ord6112
ord1149
ord925
ord927
ord4692
ord3442
ord3191
ord3998
ord5228
ord1173
ord1561
ord5264
ord6238
ord1897
ord1937
ord4268
ord4583
ord5070
ord4335
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord5236
ord3743
ord1719
ord560
ord5256
ord4364
ord4893
ord4343
ord4426
ord4607
ord4608
ord813
ord1891
ord4884
ord4458
ord4502
ord4294
ord4141
ord2486
ord2618
ord2619
ord1651
ord4369
ord4846
ord3379
ord482
ord2527
ord2238
ord2529
ord3512
ord1807
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord5788
ord2518
ord469
ord3517
ord3516
ord4154
ord6399
ord6398
ord1887
ord4952
ord3402
ord4984
ord4921
ord4711
ord5102
ord4906
ord4640
ord4974
ord4516
ord4531
ord5069
ord4033
ord3276
ord3348
ord4620
ord749
ord5012
ord4682
ord2378
ord2379
ord457
ord2548
ord4647
ord4987
ord4851
ord2958
ord430
ord4931
ord4926
ord1821
ord656
ord5871
ord3397
ord3605
ord6376
ord3871
ord6375
ord2081
ord1930
ord1809
ord5878
ord4263
ord3290
ord4360
ord5080
ord1703
ord1708
ord5058
ord554
ord807
ord4230
ord5076
ord1705
ord6049
ord642
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord4143
ord2079
ord3312
ord5879
ord2112
ord327
ord1259
ord2455
ord1644
ord1795
ord5855
ord4491
ord1704
ord414
ord4128
ord4292
ord6137
ord1258
ord713
ord5808
ord3570
ord610
ord6135
ord287
ord3974
ord2767
ord996
ord3971
ord5438
ord3313
ord1567
ord6381
ord6006
ord765
ord3693
ord5677
ord2100
ord4704
ord5949
ord1775
ord6330
ord5777
ord2109
ord1569
ord4229
ord2914
ord324
ord3592
ord4419
ord2438
ord5257
ord5276
ord5996
ord268
ord289
ord3477
ord6063
ord613
ord825
ord4155
ord5047
ord1710
ord323
ord5785
ord2397
ord640
ord529
ord540
ord796
ord800
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142

msvcrt

wcschr
_ftol
_itow
_except_handler3
wcstok
_beginthreadex
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_controlfp
?terminate@@YAXXZ
__CxxFrameHandler
_wsplitpath
_wtoi
_ltow
_wtol
_CxxThrowException
wcscmp
free
_getdcwd
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
_onexit
wcscat
_wcsdup
_wcsicmp
_purecall
rand

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegEnumKeyW
RegQueryValueExA

kernel32

QueryPerformanceCounter
GetExitCodeThread
TerminateThread
InterlockedDecrement
InterlockedIncrement
GlobalReAlloc
lstrcmpW
IsDBCSLeadByte
lstrcpyW
LoadLibraryW
GetACP
GetThreadLocale
GetModuleHandleA
GetTickCount
GetModuleHandleW
lstrcpynW
GetLastError
GetCommandLineW
lstrcmpiW
GetProcAddress
SetEndOfFile
FindFirstFileW
FindClose
GetCurrentThreadId
LocalAlloc
LocalFree
lstrlenA
MultiByteToWideChar
GetTempPathW
GetTempFileNameW
GetFileAttributesW
CreateDirectoryW
CreateFileW
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CloseHandle
GetNumberFormatW
MulDiv
GetLocaleInfoW
lstrcatW
GlobalLock
GlobalUnlock
GlobalFree
GlobalAlloc
lstrlenW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
LoadLibraryA
FreeLibrary
InterlockedExchange
RaiseException
GetStartupInfoW

gdi32

SetDIBitsToDevice
GetNearestColor
CreatePalette
SetViewportExtEx
PlayMetaFile
SaveDC
SetMapMode
LPtoDP
RestoreDC
Rectangle
SetDIBColorTable
GetStockObject
FillRgn
GetDIBColorTable
GetCurrentObject
CreatePatternBrush
CreateSolidBrush
ResizePalette
GetNearestPaletteIndex
SetPaletteEntries
GetPaletteEntries
GetDeviceCaps
SetDIBits
DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateBitmap
SelectPalette
RealizePalette
SetBkMode
SetTextColor
SetBkColor
PatBlt
CreateDIBSection
SetTextAlign
ExtTextOutW
GetTextMetricsW
GetTextExtentPoint32W
BitBlt
CreateCompatibleDC
CreateICW
CreateRectRgnIndirect
GetObjectW
CreateDIBitmap
StretchBlt
OffsetRgn
Polygon
GetPixel
CreateHalftonePalette
GetDIBits
CreatePen
SetPixel
LineTo
MoveToEx
UnrealizeObject
SetBrushOrgEx
ExtFloodFill
RoundRect
CreatePolygonRgn
CreateFontIndirectW
CreateDCW
PtVisible
RectVisible
TextOutW
Escape
StretchDIBits
TranslateCharsetInfo
GetBkMode
GetTextColor
EnumFontFamiliesW
EnumFontFamiliesExW
PolyBezier
SetROP2
Polyline
SelectObject
Ellipse
SetStretchBltMode

user32

SetClassLongW
LoadIconW
DestroyCaret
CreateCaret
ShowCaret
SendDlgItemMessageW
GetDlgItemInt
CheckDlgButton
SetDlgItemInt
GetDlgItem
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
PeekMessageW
EnableScrollBar
DestroyWindow
GetKeyboardLayout
SetRectEmpty
InflateRect
LoadBitmapW
SendMessageW
GetWindowRect
UpdateWindow
InvalidateRect
EnableWindow
GetSysColor
wsprintfW
IsWindow
GetSystemMetrics
SetRect
FillRect
MessageBeep
GetParent
MessageBoxW
wvsprintfW
SetWindowTextW
ReleaseDC
DrawFocusRect
GetDC
PtInRect
OffsetRect
WinHelpW
GetClientRect
FrameRect
GetCapture
IsClipboardFormatAvailable
RegisterClipboardFormatW
CopyRect
CharNextW
IntersectRect
UnionRect
ScreenToClient
WindowFromPoint
GetCursorPos
GetKeyState
IsRectEmpty
EqualRect
SetTimer
KillTimer
ReleaseCapture
GetSubMenu
LoadMenuW
BringWindowToTop
ClientToScreen
SetActiveWindow
SetCapture
GetFocus
LoadCursorW
GetWindowLongW
SetCursor
GetDesktopWindow
RemoveMenu
PostMessageW
GetSystemMenu
HideCaret
GetClassInfoW
IsWindowVisible
SystemParametersInfoW
DestroyIcon
LoadStringW
EnableMenuItem
GetMenu
IsMenu
SetWindowLongW
TabbedTextOutW
DrawTextW
GrayStringW
GetWindowDC
CheckMenuItem
BeginPaint
EndPaint
GetUpdateRect
ValidateRect
RedrawWindow
GetWindow
GetCaretPos
SetCaretPos
ShowCursor

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW

ole32

CoUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
PropVariantClear
CoTaskMemFree
CoCreateInstance
CLSIDFromString
WriteClassStg
WriteFmtUserTypeStg
OleGetClipboard
ReleaseStgMedium
CoInitialize

oleaut32

SysFreeString
SysAllocString

shell32

ShellAboutW
CommandLineToArgvW
SHChangeNotify

imm32

ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmAssociateContext
ImmNotifyIME

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
I386/SYSTEM32/MSPRIVS.DLL
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/MSVBVM60.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DLLGetDocumentation
DllCanUnloadNow
DllFunctionCall
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetErrorInfo
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceEx
TipCreateInstanceProject2
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAptOffset
__vbaAryConstruct
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryRecCopy
__vbaAryRecMove
__vbaAryUnlock
__vbaAryVar
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCVarAryUdt
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCopyBytesZero
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLdZeroAry
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimPreserveVar2
__vbaRedimVar
__vbaRedimVar2
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUdtVar
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemCallSt
__vbaVarLateMemSt
__vbaVarLateMemStAd
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVarZero
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime

Sections

UPX0
Size: - Virtual size: 876KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 519KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/MSVCP60.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??$?5DU?$char_traits@D@std@@M@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5DU?$char_traits@D@std@@N@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5DU?$char_traits@D@std@@O@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAF@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??$?5GU?$char_traits@G@std@@M@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5GU?$char_traits@G@std@@N@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5GU?$char_traits@G@std@@O@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?6DU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??$?6DU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6DU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??$?6DU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??$?6DU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??$?6DU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??$?6DU?$char_traits@D@std@@M@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6DU?$char_traits@D@std@@N@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6DU?$char_traits@D@std@@O@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBF@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??$?6GU?$char_traits@G@std@@M@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6GU?$char_traits@G@std@@N@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6GU?$char_traits@G@std@@O@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8M@std@@YA_NABMABV?$complex@M@0@@Z
??$?8M@std@@YA_NABV?$complex@M@0@0@Z
??$?8M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?8N@std@@YA_NABNABV?$complex@N@0@@Z
??$?8N@std@@YA_NABV?$complex@N@0@0@Z
??$?8N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?8O@std@@YA_NABOABV?$complex@O@0@@Z
??$?8O@std@@YA_NABV?$complex@O@0@0@Z
??$?8O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?9M@std@@YA_NABMABV?$complex@M@0@@Z
??$?9M@std@@YA_NABV?$complex@M@0@0@Z
??$?9M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?9N@std@@YA_NABNABV?$complex@N@0@@Z
??$?9N@std@@YA_NABV?$complex@N@0@0@Z
??$?9N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?9O@std@@YA_NABOABV?$complex@O@0@@Z
??$?9O@std@@YA_NABV?$complex@O@0@0@Z
??$?9O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?DM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?DN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?DO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?GM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?GN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?GO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?HN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?HO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?KM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?KN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?KO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?XMM@std@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
??$?XNN@std@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
??$?XOO@std@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
??$?YMM@std@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
??$?YNN@std@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
??$?YOO@std@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
??$?ZMM@std@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
??$?ZNN@std@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
??$?ZOO@std@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
??$?_0MM@std@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
??$?_0NN@std@@YAAAV?$complex@N@0@AAV10@ABV10@@Z
??$?_0OO@std@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
??$_Fabs@M@std@@YAMABV?$complex@M@0@PAH@Z
??$_Fabs@N@std@@YANABV?$complex@N@0@PAH@Z
??$_Fabs@O@std@@YAOABV?$complex@O@0@PAH@Z
??$abs@M@std@@YAMABV?$complex@M@0@@Z
??$abs@N@std@@YANABV?$complex@N@0@@Z
??$abs@O@std@@YAOABV?$complex@O@0@@Z
??$arg@M@std@@YAMABV?$complex@M@0@@Z
??$arg@N@std@@YANABV?$complex@N@0@@Z
??$arg@O@std@@YAOABV?$complex@O@0@@Z
??$conj@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$conj@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$conj@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cos@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cos@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cos@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cosh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cosh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cosh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$exp@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$exp@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$exp@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@G@Z
??$imag@M@std@@YAMABV?$complex@M@0@@Z
??$imag@N@std@@YANABV?$complex@N@0@@Z
??$imag@O@std@@YAOABV?$complex@O@0@@Z
??$log10@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log10@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log10@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$log@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$norm@M@std@@YAMABV?$complex@M@0@@Z
??$norm@N@std@@YANABV?$complex@N@0@@Z
??$norm@O@std@@YAOABV?$complex@O@0@@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM0@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN0@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO0@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@H@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@H@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@H@Z
??$real@M@std@@YAMABV?$complex@M@0@@Z
??$real@N@std@@YANABV?$complex@N@0@@Z
??$real@O@std@@YAOABV?$complex@O@0@@Z
??$sin@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sin@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sin@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sinh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sinh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sinh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sqrt@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sqrt@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sqrt@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??0?$_Complex_base@M@std@@QAE@ABM0@Z
??0?$_Complex_base@N@std@@QAE@ABN0@Z
??0?$_Complex_base@O@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$numpunct@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@D@std@@QAE@I@Z
??0?$numpunct@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@G@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Locinfo@std@@QAE@ABV01@@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_Winit@std@@QAE@XZ
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_alloc@std@@QAE@ABV01@@Z
??0bad_alloc@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_exception@std@@QAE@ABV01@@Z
??0bad_exception@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0domain_error@std@@QAE@ABV01@@Z
??0domain_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0facet@locale@std@@IAE@I@Z
??0ios_base@std@@IAE@XZ
??0ios_base@std@@QAE@ABV01@@Z
??0length_error@std@@QAE@ABV01@@Z
??0length_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0locale@std@@AAE@PAV_Locimp@01@@Z
??0locale@std@@QAE@ABV01@0H@Z
??0locale@std@@QAE@ABV01@@Z
??0locale@std@@QAE@ABV01@PBDH@Z
??0locale@std@@QAE@PBDH@Z
??0locale@std@@QAE@W4_Uninitialized@1@@Z
??0locale@std@@QAE@XZ
??0logic_error@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0messages_base@std@@QAE@I@Z
??0money_base@std@@QAE@I@Z
??0ostrstream@std@@QAE@PADHH@Z
??0out_of_range@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0overflow_error@std@@QAE@ABV01@@Z
??0overflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0range_error@std@@QAE@ABV01@@Z
??0range_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0runtime_error@std@@QAE@ABV01@@Z
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0strstream@std@@QAE@PADHH@Z
??0time_base@std@@QAE@I@Z
??0underflow_error@std@@QAE@ABV01@@Z
??0underflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$_Mpunct@D@std@@UAE@XZ
??1?$_Mpunct@G@std@@UAE@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_filebuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_fstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ofstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$codecvt@DDH@std@@UAE@XZ
??1?$codecvt@GDH@std@@UAE@XZ
??1?$collate@D@std@@UAE@XZ
??1?$collate@G@std@@UAE@XZ
??1?$ctype@D@std@@UAE@XZ
??1?$ctype@G@std@@UAE@XZ
??1?$messages@D@std@@UAE@XZ
??1?$messages@G@std@@UAE@XZ
??1?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$moneypunct@D$00@std@@UAE@XZ
??1?$moneypunct@D$0A@@std@@UAE@XZ
??1?$moneypunct@G$00@std@@UAE@XZ
??1?$moneypunct@G$0A@@std@@UAE@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$numpunct@D@std@@UAE@XZ
??1?$numpunct@G@std@@UAE@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Timevec@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_alloc@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_exception@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1codecvt_base@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??1domain_error@std@@UAE@XZ
??1facet@locale@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1istrstream@std@@UAE@XZ

Sections

UPX0
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/MSVCRT.DLL
.dll windows:5 windows x86 arch:x86

1838f96daab97a33395f5dee7b6f4a3c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcrt.pdb

Imports

kernel32

MultiByteToWideChar
GetLastError
WideCharToMultiByte
Sleep
Beep
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
FindFirstFileW
FindNextFileW
GetCurrentThreadId
TlsSetValue
TlsGetValue
GetCommandLineA
GetVersionExA
GetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
RtlUnwind
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
IsBadCodePtr
CloseHandle
GetExitCodeProcess
WaitForSingleObject
GetProcAddress
LoadLibraryA
FreeLibrary
CreateProcessA
CreateProcessW
HeapReAlloc
GetModuleHandleA
HeapFree
GetModuleFileNameA
HeapAlloc
GetProcessHeap
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapValidate
HeapCompact
HeapWalk
HeapSize
VirtualProtect
GetSystemInfo
VirtualQuery
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
ReadConsoleA
SetConsoleMode
GetConsoleMode
IsDBCSLeadByteEx
GetConsoleCP
ReadConsoleW
SetEndOfFile
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
DuplicateHandle
GetCurrentProcess
GetFileInformationByHandle
PeekNamedPipe
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
SetFilePointer
CreateFileA
CreatePipe
ReadFile
CreateFileW
WriteFile
GetACP
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
CompareStringA
CompareStringW
GetLocaleInfoA
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
SetLastError
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
InterlockedExchange
ExitProcess
TlsFree
GetCurrentThread
TlsAlloc
ExitThread
ResumeThread
CreateThread
GetModuleFileNameW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetSystemTimeAsFileTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime
GetTickCount
QueryPerformanceCounter
TerminateProcess

ntdll

RtlGetNtVersionNumbers

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@AAE@PBQBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_Fbad_cast@@QAEXXZ
??_Fbad_typeid@@QAEXXZ
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxCallUnwindDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__uncaught_exception
__unguarded_readlc_active
__wargv
__wcserror
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_realloc
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_cgetws
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_cputws
_creat
_cscanf
_ctime64
_ctype
_cwait
_cwprintf
_cwscanf
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime64
_ftol
_fullpath
_futime
_futime64
_gcvt
_get_heap_handle
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwch
_getwche
_getws
_global_unwind2
_gmtime64
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_localtime64
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_mktime64
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osplatform
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putwch
_putws
_pwctype
_read
_resetstkoflw
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_scprintf
_scwprintf
_searchenv
_seh_longjmp_unwind
_set_SSE2_enable
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snscanf
_snwprintf
_snwscanf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stat64
_stati64
_statusfp

Sections

.text
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/NCOBJAPI.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

WmiAddObjectProp
WmiCommitObject
WmiCreateObject
WmiCreateObjectWithFormat
WmiCreateObjectWithProps
WmiDestroyObject
WmiEventSourceConnect
WmiEventSourceDisconnect
WmiIsObjectActive
WmiSetAndCommitObject

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/NDDEAPI.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

NDdeGetErrorStringA
NDdeGetErrorStringW
NDdeGetShareSecurityA
NDdeGetShareSecurityW
NDdeGetTrustedShareA
NDdeGetTrustedShareW
NDdeIsValidAppTopicListA
NDdeIsValidAppTopicListW
NDdeIsValidShareNameA
NDdeIsValidShareNameW
NDdeSetShareSecurityA
NDdeSetShareSecurityW
NDdeSetTrustedShareA
NDdeSetTrustedShareW
NDdeShareAddA
NDdeShareAddW
NDdeShareDelA
NDdeShareDelW
NDdeShareEnumA
NDdeShareEnumW
NDdeShareGetInfoA
NDdeShareGetInfoW
NDdeShareSetInfoA
NDdeShareSetInfoW
NDdeSpecialCommandA
NDdeSpecialCommandW
NDdeTrustedShareEnumA
NDdeTrustedShareEnumW

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/NETAPI32.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CredpValidateTargetName
DsAddressToSiteNamesA
DsAddressToSiteNamesExA
DsAddressToSiteNamesExW
DsAddressToSiteNamesW
DsDeregisterDnsHostRecordsA
DsDeregisterDnsHostRecordsW
DsEnumerateDomainTrustsA
DsEnumerateDomainTrustsW
DsGetDcCloseW
DsGetDcNameA
DsGetDcNameW
DsGetDcNameWithAccountA
DsGetDcNameWithAccountW
DsGetDcNextA
DsGetDcNextW
DsGetDcOpenA
DsGetDcOpenW
DsGetDcSiteCoverageA
DsGetDcSiteCoverageW
DsGetForestTrustInformationW
DsGetSiteNameA
DsGetSiteNameW
DsMergeForestTrustInformationW
DsRoleAbortDownlevelServerUpgrade
DsRoleCancel
DsRoleDcAsDc
DsRoleDcAsReplica
DsRoleDemoteDc
DsRoleDnsNameToFlatName
DsRoleFreeMemory
DsRoleGetDatabaseFacts
DsRoleGetDcOperationProgress
DsRoleGetDcOperationResults
DsRoleGetPrimaryDomainInformation
DsRoleServerSaveStateForUpgrade
DsRoleUpgradeDownlevelServer
DsValidateSubnetNameA
DsValidateSubnetNameW
I_BrowserDebugCall
I_BrowserDebugTrace
I_BrowserQueryEmulatedDomains
I_BrowserQueryOtherDomains
I_BrowserQueryStatistics
I_BrowserResetNetlogonState
I_BrowserResetStatistics
I_BrowserServerEnum
I_BrowserSetNetlogonState
I_NetAccountDeltas
I_NetAccountSync
I_NetDatabaseDeltas
I_NetDatabaseRedo
I_NetDatabaseSync
I_NetDatabaseSync2
I_NetDfsCreateExitPoint
I_NetDfsCreateLocalPartition
I_NetDfsDeleteExitPoint
I_NetDfsDeleteLocalPartition
I_NetDfsFixLocalVolume
I_NetDfsGetFtServers
I_NetDfsGetVersion
I_NetDfsIsThisADomainName
I_NetDfsManagerReportSiteInfo
I_NetDfsModifyPrefix
I_NetDfsSetLocalVolumeState
I_NetDfsSetServerInfo
I_NetGetDCList
I_NetGetForestTrustInformation
I_NetListCanonicalize
I_NetListTraverse
I_NetLogonControl
I_NetLogonControl2
I_NetLogonGetDomainInfo
I_NetLogonSamLogoff
I_NetLogonSamLogon
I_NetLogonSamLogonEx
I_NetLogonSamLogonWithFlags
I_NetLogonSendToSam
I_NetLogonUasLogoff
I_NetLogonUasLogon
I_NetNameCanonicalize
I_NetNameCompare
I_NetNameValidate
I_NetPathCanonicalize
I_NetPathCompare
I_NetPathType
I_NetServerAuthenticate
I_NetServerAuthenticate2
I_NetServerAuthenticate3
I_NetServerGetTrustInfo
I_NetServerPasswordGet
I_NetServerPasswordSet
I_NetServerPasswordSet2
I_NetServerReqChallenge
I_NetServerSetServiceBits
I_NetServerSetServiceBitsEx
I_NetServerTrustPasswordsGet
I_NetWkstaResetDfsCache
I_NetlogonComputeClientDigest
I_NetlogonComputeServerDigest
I_NetlogonGetTrustRid
NetAddAlternateComputerName
NetAlertRaise
NetAlertRaiseEx
NetApiBufferAllocate
NetApiBufferFree
NetApiBufferReallocate
NetApiBufferSize
NetAuditClear
NetAuditRead
NetAuditWrite
NetBrowserStatisticsGet
NetConfigGet
NetConfigGetAll
NetConfigSet
NetConnectionEnum
NetDfsAdd
NetDfsAddFtRoot
NetDfsAddStdRoot
NetDfsAddStdRootForced
NetDfsEnum
NetDfsGetClientInfo
NetDfsGetDcAddress
NetDfsGetInfo
NetDfsManagerGetConfigInfo
NetDfsManagerInitialize
NetDfsManagerSendSiteInfo
NetDfsMove
NetDfsRemove
NetDfsRemoveFtRoot
NetDfsRemoveFtRootForced
NetDfsRemoveStdRoot
NetDfsRename
NetDfsSetClientInfo
NetDfsSetInfo
NetEnumerateComputerNames
NetEnumerateTrustedDomains
NetErrorLogClear
NetErrorLogRead
NetErrorLogWrite
NetFileClose
NetFileEnum
NetFileGetInfo
NetGetAnyDCName
NetGetDCName
NetGetDisplayInformationIndex
NetGetJoinInformation
NetGetJoinableOUs
NetGroupAdd
NetGroupAddUser
NetGroupDel
NetGroupDelUser
NetGroupEnum
NetGroupGetInfo
NetGroupGetUsers
NetGroupSetInfo
NetGroupSetUsers
NetJoinDomain
NetLocalGroupAdd
NetLocalGroupAddMember
NetLocalGroupAddMembers
NetLocalGroupDel
NetLocalGroupDelMember
NetLocalGroupDelMembers
NetLocalGroupEnum
NetLocalGroupGetInfo
NetLocalGroupGetMembers
NetLocalGroupSetInfo
NetLocalGroupSetMembers
NetLogonGetTimeServiceParentDomain
NetLogonSetServiceBits
NetMessageBufferSend
NetMessageNameAdd
NetMessageNameDel
NetMessageNameEnum
NetMessageNameGetInfo
NetQueryDisplayInformation
NetRegisterDomainNameChangeNotification
NetRemoteComputerSupports
NetRemoteTOD
NetRemoveAlternateComputerName
NetRenameMachineInDomain
NetReplExportDirAdd
NetReplExportDirDel
NetReplExportDirEnum
NetReplExportDirGetInfo
NetReplExportDirLock
NetReplExportDirSetInfo
NetReplExportDirUnlock
NetReplGetInfo
NetReplImportDirAdd
NetReplImportDirDel
NetReplImportDirEnum
NetReplImportDirGetInfo
NetReplImportDirLock
NetReplImportDirUnlock
NetReplSetInfo
NetScheduleJobAdd
NetScheduleJobDel
NetScheduleJobEnum
NetScheduleJobGetInfo
NetServerComputerNameAdd
NetServerComputerNameDel
NetServerDiskEnum
NetServerEnum
NetServerEnumEx
NetServerGetInfo
NetServerSetInfo
NetServerTransportAdd
NetServerTransportAddEx
NetServerTransportDel
NetServerTransportEnum
NetServiceControl
NetServiceEnum
NetServiceGetInfo
NetServiceInstall
NetSessionDel
NetSessionEnum
NetSessionGetInfo
NetSetPrimaryComputerName
NetShareAdd
NetShareCheck
NetShareDel
NetShareDelSticky
NetShareEnum
NetShareEnumSticky
NetShareGetInfo
NetShareSetInfo
NetStatisticsGet
NetUnjoinDomain
NetUnregisterDomainNameChangeNotification
NetUseAdd
NetUseDel
NetUseEnum
NetUseGetInfo
NetUserAdd
NetUserChangePassword
NetUserDel
NetUserEnum
NetUserGetGroups
NetUserGetInfo
NetUserGetLocalGroups
NetUserModalsGet
NetUserModalsSet
NetUserSetGroups
NetUserSetInfo
NetValidateName
NetWkstaGetInfo
NetWkstaSetInfo
NetWkstaTransportAdd
NetWkstaTransportDel
NetWkstaTransportEnum
NetWkstaUserEnum
NetWkstaUserGetInfo
NetWkstaUserSetInfo
NetapipBufferAllocate
Netbios
NetpAccessCheck
NetpAccessCheckAndAudit
NetpAddTlnFtinfoEntry
NetpAllocConfigName
NetpAllocFtinfoEntry
NetpAllocStrFromWStr
NetpAllocWStrFromStr
NetpAllocWStrFromWStr
NetpApiStatusToNtStatus
NetpAssertFailed
NetpCleanFtinfoContext
NetpCloseConfigData
NetpCopyFtinfoContext
NetpCopyStringToBuffer
NetpCreateSecurityObject
NetpDbgPrint
NetpDeleteSecurityObject
NetpGetComputerName
NetpGetConfigBool
NetpGetConfigDword
NetpGetConfigTStrArray
NetpGetConfigValue
NetpGetDomainName
NetpGetFileSecurity
NetpGetPrivilege
NetpHexDump
NetpInitFtinfoContext
NetpInitOemString
NetpIsRemote
NetpIsUncComputerNameValid
NetpLocalTimeZoneOffset
NetpLogonPutUnicodeString
NetpMergeFtinfo
NetpNetBiosAddName
NetpNetBiosCall
NetpNetBiosDelName
NetpNetBiosGetAdapterNumbers
NetpNetBiosHangup
NetpNetBiosReceive
NetpNetBiosReset
NetpNetBiosSend
NetpNetBiosStatusToApiStatus
NetpNtStatusToApiStatus
NetpOpenConfigData
NetpPackString
NetpParmsQueryUserProperty
NetpParmsQueryUserPropertyWithLength
NetpParmsSetUserProperty
NetpParmsSetUserPropertyWithLength
NetpParmsUserPropertyFree
NetpReleasePrivilege
NetpSetFileSecurity
NetpSmbCheck
NetpStoreIntialDcRecord
NetpStringToNetBiosName
NetpTStrArrayEntryCount
NetpUpgradePreNT5JoinInfo
NetpwNameCanonicalize
NetpwNameCompare
NetpwNameValidate
NetpwPathCanonicalize
NetpwPathCompare
NetpwPathType
NlBindingAddServerToCache
NlBindingRemoveServerFromCache
NlBindingSetAuthInfo
RxNetAccessAdd
RxNetAccessDel
RxNetAccessEnum
RxNetAccessGetInfo
RxNetAccessGetUserPerms
RxNetAccessSetInfo
RxNetServerEnum
RxNetUserPasswordSet
RxRemoteApi

Sections

UPX0
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 135KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/NOTEPAD.EXE
.exe windows:5 windows x86 arch:x86

419c3fe8c1eefea9336b96f74f0951dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

notepad.pdb

Imports

comdlg32

PageSetupDlgW
FindTextW
PrintDlgExW
ChooseFontW
GetFileTitleW
GetOpenFileNameW
ReplaceTextW
CommDlgExtendedError
GetSaveFileNameW

shell32

DragFinish
DragQueryFileW
DragAcceptFiles
ShellAboutW

winspool.drv

GetPrinterDriverW
ClosePrinter
OpenPrinterW

comctl32

CreateStatusWindowW

msvcrt

_XcptFilter
_exit
_c_exit
time
localtime
_cexit
iswctype
_except_handler3
_wtol
wcsncmp
_snwprintf
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
wcsncpy

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyW
IsTextUnicode
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocalTime
GetUserDefaultLCID
GetDateFormatW
GetTimeFormatW
GlobalLock
GlobalUnlock
GetFileInformationByHandle
CreateFileMappingW
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
GlobalFree
GetLocaleInfoW
LocalFree
LocalAlloc
lstrlenW
LocalUnlock
CompareStringW
LocalLock
FoldStringW
CloseHandle
lstrcpyW
ReadFile
CreateFileW
lstrcmpiW
GetCurrentProcessId
GetProcAddress
GetCommandLineW
lstrcatW
FindClose
FindFirstFileW
GetFileAttributesW
lstrcmpW
MulDiv
lstrcpynW
LocalSize
GetLastError
WriteFile
SetLastError
WideCharToMultiByte
LocalReAlloc
FormatMessageW
GetUserDefaultUILanguage
SetEndOfFile
DeleteFileW
GetACP
UnmapViewOfFile
MultiByteToWideChar
MapViewOfFile
UnhandledExceptionFilter

gdi32

EndPage
AbortDoc
EndDoc
DeleteDC
StartPage
GetTextExtentPoint32W
CreateDCW
SetAbortProc
GetTextFaceW
TextOutW
StartDocW
EnumFontsW
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
GetTextMetricsW
SetBkMode
LPtoDP
SetWindowExtEx
SetViewportExtEx
SetMapMode
SelectObject

user32

GetClientRect
SetCursor
ReleaseDC
GetDC
DialogBoxParamW
SetActiveWindow
GetKeyboardLayout
DefWindowProcW
DestroyWindow
MessageBeep
ShowWindow
GetForegroundWindow
IsIconic
GetWindowPlacement
CharUpperW
LoadStringW
LoadAcceleratorsW
GetSystemMenu
RegisterClassExW
LoadImageW
LoadCursorW
SetWindowPlacement
CreateWindowExW
GetDesktopWindow
GetFocus
LoadIconW
SetWindowTextW
PostQuitMessage
RegisterWindowMessageW
UpdateWindow
SetScrollPos
CharLowerW
PeekMessageW
EnableWindow
DrawTextExW
CreateDialogParamW
GetWindowTextW
GetSystemMetrics
MoveWindow
InvalidateRect
WinHelpW
GetDlgCtrlID
ChildWindowFromPoint
ScreenToClient
GetCursorPos
SendDlgItemMessageW
SendMessageW
CharNextW
CheckMenuItem
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetMenuState
EnableMenuItem
GetSubMenu
GetMenu
MessageBoxW
SetWindowLongW
GetWindowLongW
GetDlgItem
SetFocus
SetDlgItemTextW
wsprintfW
GetDlgItemTextW
EndDialog
GetParent
UnhookWinEvent
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsDialogMessageW
PostMessageW
GetMessageW
SetWinEventHook

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
I386/SYSTEM32/NTDLL.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ntdll.pdb

Exports

Exports

CsrAllocateCaptureBuffer
CsrAllocateMessagePointer
CsrCaptureMessageBuffer
CsrCaptureMessageMultiUnicodeStringsInPlace
CsrCaptureMessageString
CsrCaptureTimeout
CsrClientCallServer
CsrClientConnectToServer
CsrFreeCaptureBuffer
CsrGetProcessId
CsrIdentifyAlertableThread
CsrNewThread
CsrProbeForRead
CsrProbeForWrite
CsrSetPriorityClass
DbgBreakPoint
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgUiConnectToDbg
DbgUiContinue
DbgUiConvertStateChangeStructure
DbgUiDebugActiveProcess
DbgUiGetThreadDebugObject
DbgUiIssueRemoteBreakin
DbgUiRemoteBreakin
DbgUiSetThreadDebugObject
DbgUiStopDebugging
DbgUiWaitStateChange
DbgUserBreakPoint
KiFastSystemCall
KiFastSystemCallRet
KiIntSystemCall
KiRaiseUserExceptionDispatcher
KiUserApcDispatcher
KiUserCallbackDispatcher
KiUserExceptionDispatcher
LdrAccessOutOfProcessResource
LdrAccessResource
LdrAddRefDll
LdrAlternateResourcesEnabled
LdrCreateOutOfProcessImage
LdrDestroyOutOfProcessImage
LdrDisableThreadCalloutsForDll
LdrEnumResources
LdrEnumerateLoadedModules
LdrFindCreateProcessManifest
LdrFindEntryForAddress
LdrFindResourceDirectory_U
LdrFindResourceEx_U
LdrFindResource_U
LdrFlushAlternateResourceModules
LdrGetDllHandle
LdrGetDllHandleEx
LdrGetProcedureAddress
LdrHotPatchRoutine
LdrInitShimEngineDynamic
LdrInitializeThunk
LdrLoadAlternateResourceModule
LdrLoadDll
LdrLockLoaderLock
LdrProcessRelocationBlock
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrSetAppCompatDllRedirectionCallback
LdrSetDllManifestProber
LdrShutdownProcess
LdrShutdownThread
LdrUnloadAlternateResourceModule
LdrUnloadDll
LdrUnlockLoaderLock
LdrVerifyImageMatchesChecksum
NlsAnsiCodePage
NlsMbCodePageTag
NlsMbOemCodePageTag
NtAcceptConnectPort
NtAccessCheck
NtAccessCheckAndAuditAlarm
NtAccessCheckByType
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultList
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtAddAtom
NtAddBootEntry
NtAdjustGroupsToken
NtAdjustPrivilegesToken
NtAlertResumeThread
NtAlertThread
NtAllocateLocallyUniqueId
NtAllocateUserPhysicalPages
NtAllocateUuids
NtAllocateVirtualMemory
NtAreMappedFilesTheSame
NtAssignProcessToJobObject
NtCallbackReturn
NtCancelDeviceWakeupRequest
NtCancelIoFile
NtCancelTimer
NtClearEvent
NtClose
NtCloseObjectAuditAlarm
NtCompactKeys
NtCompareTokens
NtCompleteConnectPort
NtCompressKey
NtConnectPort
NtContinue
NtCreateDebugObject
NtCreateDirectoryObject
NtCreateEvent
NtCreateEventPair
NtCreateFile
NtCreateIoCompletion
NtCreateJobObject
NtCreateJobSet
NtCreateKey
NtCreateKeyedEvent
NtCreateMailslotFile
NtCreateMutant
NtCreateNamedPipeFile
NtCreatePagingFile
NtCreatePort
NtCreateProcess
NtCreateProcessEx
NtCreateProfile
NtCreateSection
NtCreateSemaphore
NtCreateSymbolicLinkObject
NtCreateThread
NtCreateTimer
NtCreateToken
NtCreateWaitablePort
NtCurrentTeb
NtDebugActiveProcess
NtDebugContinue
NtDelayExecution
NtDeleteAtom
NtDeleteBootEntry
NtDeleteFile
NtDeleteKey
NtDeleteObjectAuditAlarm
NtDeleteValueKey
NtDeviceIoControlFile
NtDisplayString
NtDuplicateObject
NtDuplicateToken
NtEnumerateBootEntries
NtEnumerateKey
NtEnumerateSystemEnvironmentValuesEx
NtEnumerateValueKey
NtExtendSection
NtFilterToken
NtFindAtom
NtFlushBuffersFile
NtFlushInstructionCache
NtFlushKey
NtFlushVirtualMemory
NtFlushWriteBuffer
NtFreeUserPhysicalPages
NtFreeVirtualMemory
NtFsControlFile
NtGetContextThread
NtGetDevicePowerState
NtGetPlugPlayEvent
NtGetWriteWatch
NtImpersonateAnonymousToken
NtImpersonateClientOfPort
NtImpersonateThread
NtInitializeRegistry
NtInitiatePowerAction
NtIsProcessInJob
NtIsSystemResumeAutomatic
NtListenPort
NtLoadDriver
NtLoadKey
NtLoadKey2
NtLockFile
NtLockProductActivationKeys
NtLockRegistryKey
NtLockVirtualMemory
NtMakePermanentObject
NtMakeTemporaryObject
NtMapUserPhysicalPages
NtMapUserPhysicalPagesScatter
NtMapViewOfSection
NtModifyBootEntry
NtNotifyChangeDirectoryFile
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtOpenDirectoryObject
NtOpenEvent
NtOpenEventPair
NtOpenFile
NtOpenIoCompletion
NtOpenJobObject
NtOpenKey
NtOpenKeyedEvent
NtOpenMutant
NtOpenObjectAuditAlarm
NtOpenProcess
NtOpenProcessToken
NtOpenProcessTokenEx
NtOpenSection
NtOpenSemaphore
NtOpenSymbolicLinkObject
NtOpenThread
NtOpenThreadToken
NtOpenThreadTokenEx
NtOpenTimer
NtPlugPlayControl
NtPowerInformation
NtPrivilegeCheck
NtPrivilegeObjectAuditAlarm
NtPrivilegedServiceAuditAlarm
NtProtectVirtualMemory
NtPulseEvent
NtQueryAttributesFile
NtQueryBootEntryOrder
NtQueryBootOptions
NtQueryDebugFilterState
NtQueryDefaultLocale
NtQueryDefaultUILanguage
NtQueryDirectoryFile
NtQueryDirectoryObject
NtQueryEaFile
NtQueryEvent
NtQueryFullAttributesFile
NtQueryInformationAtom
NtQueryInformationFile
NtQueryInformationJobObject
NtQueryInformationPort
NtQueryInformationProcess
NtQueryInformationThread
NtQueryInformationToken
NtQueryInstallUILanguage
NtQueryIntervalProfile
NtQueryIoCompletion
NtQueryKey
NtQueryMultipleValueKey
NtQueryMutant
NtQueryObject
NtQueryOpenSubKeys
NtQueryPerformanceCounter
NtQueryPortInformationProcess
NtQueryQuotaInformationFile
NtQuerySection
NtQuerySecurityObject
NtQuerySemaphore
NtQuerySymbolicLinkObject
NtQuerySystemEnvironmentValue
NtQuerySystemEnvironmentValueEx
NtQuerySystemInformation
NtQuerySystemTime
NtQueryTimer
NtQueryTimerResolution
NtQueryValueKey
NtQueryVirtualMemory
NtQueryVolumeInformationFile
NtQueueApcThread
NtRaiseException
NtRaiseHardError
NtReadFile
NtReadFileScatter
NtReadRequestData
NtReadVirtualMemory
NtRegisterThreadTerminatePort
NtReleaseKeyedEvent
NtReleaseMutant
NtReleaseSemaphore
NtRemoveIoCompletion
NtRemoveProcessDebug
NtRenameKey
NtReplaceKey
NtReplyPort
NtReplyWaitReceivePort
NtReplyWaitReceivePortEx
NtReplyWaitReplyPort
NtRequestDeviceWakeup
NtRequestPort
NtRequestWaitReplyPort
NtRequestWakeupLatency
NtResetEvent
NtResetWriteWatch
NtRestoreKey
NtResumeProcess
NtResumeThread
NtSaveKey
NtSaveKeyEx
NtSaveMergedKeys
NtSecureConnectPort
NtSetBootEntryOrder
NtSetBootOptions
NtSetContextThread
NtSetDebugFilterState
NtSetDefaultHardErrorPort
NtSetDefaultLocale
NtSetDefaultUILanguage
NtSetEaFile
NtSetEvent
NtSetEventBoostPriority
NtSetHighEventPair
NtSetHighWaitLowEventPair
NtSetInformationDebugObject
NtSetInformationFile
NtSetInformationJobObject
NtSetInformationKey
NtSetInformationObject
NtSetInformationProcess
NtSetInformationThread
NtSetInformationToken
NtSetIntervalProfile
NtSetIoCompletion
NtSetLdtEntries
NtSetLowEventPair
NtSetLowWaitHighEventPair
NtSetQuotaInformationFile
NtSetSecurityObject
NtSetSystemEnvironmentValue
NtSetSystemEnvironmentValueEx
NtSetSystemInformation
NtSetSystemPowerState
NtSetSystemTime
NtSetThreadExecutionState
NtSetTimer
NtSetTimerResolution
NtSetUuidSeed
NtSetValueKey
NtSetVolumeInformationFile
NtShutdownSystem
NtSignalAndWaitForSingleObject
NtStartProfile
NtStopProfile
NtSuspendProcess
NtSuspendThread
NtSystemDebugControl
NtTerminateJobObject
NtTerminateProcess
NtTerminateThread
NtTestAlert
NtTraceEvent
NtTranslateFilePath
NtUnloadDriver
NtUnloadKey
NtUnloadKeyEx
NtUnlockFile
NtUnlockVirtualMemory
NtUnmapViewOfSection
NtVdmControl
NtWaitForDebugEvent
NtWaitForKeyedEvent
NtWaitForMultipleObjects
NtWaitForSingleObject
NtWaitHighEventPair
NtWaitLowEventPair
NtWriteFile
NtWriteFileGather
NtWriteRequestData
NtWriteVirtualMemory
NtYieldExecution
PfxFindPrefix
PfxInitialize
PfxInsertPrefix
PfxRemovePrefix
PropertyLengthAsVariant
RtlAbortRXact
RtlAbsoluteToSelfRelativeSD
RtlAcquirePebLock
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlActivateActivationContext
RtlActivateActivationContextEx
RtlActivateActivationContextUnsafeFast
RtlAddAccessAllowedAce
RtlAddAccessAllowedAceEx
RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedAce
RtlAddAccessDeniedAceEx
RtlAddAccessDeniedObjectAce
RtlAddAce
RtlAddActionToRXact
RtlAddAtomToAtomTable
RtlAddAttributeActionToRXact
RtlAddAuditAccessAce
RtlAddAuditAccessAceEx
RtlAddAuditAccessObjectAce
RtlAddCompoundAce
RtlAddRange
RtlAddRefActivationContext
RtlAddRefMemoryStream
RtlAddVectoredExceptionHandler
RtlAddressInSectionTable
RtlAdjustPrivilege
RtlAllocateAndInitializeSid
RtlAllocateHandle
RtlAllocateHeap
RtlAnsiCharToUnicodeChar
RtlAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlAppendAsciizToString
RtlAppendPathElement
RtlAppendStringToString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlApplicationVerifierStop
RtlApplyRXact
RtlApplyRXactNoFlush
RtlAreAllAccessesGranted
RtlAreAnyAccessesGranted
RtlAreBitsClear
RtlAreBitsSet
RtlAssert
RtlAssert2
RtlCancelTimer
RtlCaptureContext
RtlCaptureStackBackTrace
RtlCaptureStackContext
RtlCharToInteger
RtlCheckForOrphanedCriticalSections
RtlCheckProcessParameters
RtlCheckRegistryKey
RtlClearAllBits
RtlClearBits
RtlCloneMemoryStream
RtlCommitMemoryStream
RtlCompactHeap
RtlCompareMemory
RtlCompareMemoryUlong
RtlCompareString
RtlCompareUnicodeString
RtlCompressBuffer
RtlComputeCrc32
RtlComputeImportTableHash
RtlComputePrivatizedDllName_U
RtlConsoleMultiByteToUnicodeN
RtlConvertExclusiveToShared
RtlConvertLongToLargeInteger
RtlConvertPropertyToVariant
RtlConvertSharedToExclusive
RtlConvertSidToUnicodeString
RtlConvertToAutoInheritSecurityObject
RtlConvertUiListToApiList
RtlConvertUlongToLargeInteger
RtlConvertVariantToProperty
RtlCopyLuid
RtlCopyLuidAndAttributesArray
RtlCopyMemoryStreamTo
RtlCopyOutOfProcessMemoryStreamTo
RtlCopyRangeList
RtlCopySecurityDescriptor
RtlCopySid
RtlCopySidAndAttributesArray
RtlCopyString
RtlCopyUnicodeString
RtlCreateAcl
RtlCreateActivationContext
RtlCreateAndSetSD
RtlCreateAtomTable
RtlCreateBootStatusDataFile
RtlCreateEnvironment
RtlCreateHeap
RtlCreateProcessParameters
RtlCreateQueryDebugBuffer
RtlCreateRegistryKey
RtlCreateSecurityDescriptor
RtlCreateSystemVolumeInformationFolder
RtlCreateTagHeap
RtlCreateTimer
RtlCreateTimerQueue
RtlCreateUnicodeString
RtlCreateUnicodeStringFromAsciiz
RtlCreateUserProcess
RtlCreateUserSecurityObject
RtlCreateUserThread
RtlCustomCPToUnicodeN
RtlCutoverTimeToSystemTime
RtlDeNormalizeProcessParams
RtlDeactivateActivationContext
RtlDeactivateActivationContextUnsafeFast
RtlDebugPrintTimes
RtlDecodePointer
RtlDecodeSystemPointer
RtlDecompressBuffer
RtlDecompressFragment
RtlDefaultNpAcl
RtlDelete
RtlDeleteAce
RtlDeleteAtomFromAtomTable
RtlDeleteCriticalSection
RtlDeleteElementGenericTable
RtlDeleteElementGenericTableAvl
RtlDeleteNoSplay
RtlDeleteOwnersRanges
RtlDeleteRange
RtlDeleteRegistryValue
RtlDeleteResource
RtlDeleteSecurityObject

Sections

.text
Size: 490KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/NTDSAPI.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DsAddSidHistoryA
DsAddSidHistoryW
DsBindA
DsBindW
DsBindWithCredA
DsBindWithCredW
DsBindWithSpnA
DsBindWithSpnW
DsClientMakeSpnForTargetServerA
DsClientMakeSpnForTargetServerW
DsCrackNamesA
DsCrackNamesW
DsCrackSpn2A
DsCrackSpn2W
DsCrackSpn3W
DsCrackSpnA
DsCrackSpnW
DsCrackUnquotedMangledRdnA
DsCrackUnquotedMangledRdnW
DsFreeDomainControllerInfoA
DsFreeDomainControllerInfoW
DsFreeNameResultA
DsFreeNameResultW
DsFreePasswordCredentials
DsFreeSchemaGuidMapA
DsFreeSchemaGuidMapW
DsFreeSpnArrayA
DsFreeSpnArrayW
DsGetDomainControllerInfoA
DsGetDomainControllerInfoW
DsGetRdnW
DsGetSpnA
DsGetSpnW
DsInheritSecurityIdentityA
DsInheritSecurityIdentityW
DsIsMangledDnA
DsIsMangledDnW
DsIsMangledRdnValueA
DsIsMangledRdnValueW
DsListDomainsInSiteA
DsListDomainsInSiteW
DsListInfoForServerA
DsListInfoForServerW
DsListRolesA
DsListRolesW
DsListServersForDomainInSiteA
DsListServersForDomainInSiteW
DsListServersInSiteA
DsListServersInSiteW
DsListSitesA
DsListSitesW
DsLogEntry
DsMakePasswordCredentialsA
DsMakePasswordCredentialsW
DsMakeSpnA
DsMakeSpnW
DsMapSchemaGuidsA
DsMapSchemaGuidsW
DsQuoteRdnValueA
DsQuoteRdnValueW
DsRemoveDsDomainA
DsRemoveDsDomainW
DsRemoveDsServerA
DsRemoveDsServerW
DsReplicaAddA
DsReplicaAddW
DsReplicaConsistencyCheck
DsReplicaDelA
DsReplicaDelW
DsReplicaFreeInfo
DsReplicaGetInfo2W
DsReplicaGetInfoW
DsReplicaModifyA
DsReplicaModifyW
DsReplicaSyncA
DsReplicaSyncAllA
DsReplicaSyncAllW
DsReplicaSyncW
DsReplicaUpdateRefsA
DsReplicaUpdateRefsW
DsReplicaVerifyObjectsA
DsReplicaVerifyObjectsW
DsServerRegisterSpnA
DsServerRegisterSpnW
DsUnBindA
DsUnBindW
DsUnquoteRdnValueA
DsUnquoteRdnValueW
DsWriteAccountSpnA
DsWriteAccountSpnW
DsaopBind
DsaopBindWithCred
DsaopBindWithSpn
DsaopExecuteScript
DsaopPrepareScript
DsaopUnBind

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/NTOSKRNL.EX_
.cab
I386/SYSTEM32/ODBC32.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CloseODBCPerfData
CollectODBCPerfData
CursorLibLockDbc
CursorLibLockDesc
CursorLibLockStmt
CursorLibTransact
DllBidEntryPoint
GetODBCSharedData
LockHandle
MpHeapAlloc
MpHeapCompact
MpHeapCreate
MpHeapDestroy
MpHeapFree
MpHeapReAlloc
MpHeapSize
MpHeapValidate
ODBCGetTryWaitValue
ODBCInternalConnectW
ODBCQualifyFileDSNW
ODBCSetTryWaitValue
OpenODBCPerfData
PostComponentError
PostODBCComponentError
PostODBCError
SQLAllocConnect
SQLAllocEnv
SQLAllocHandle
SQLAllocHandleStd
SQLAllocStmt
SQLBindCol
SQLBindParam
SQLBindParameter
SQLBrowseConnect
SQLBrowseConnectA
SQLBrowseConnectW
SQLBulkOperations
SQLCancel
SQLCloseCursor
SQLColAttribute
SQLColAttributeA
SQLColAttributeW
SQLColAttributes
SQLColAttributesA
SQLColAttributesW
SQLColumnPrivileges
SQLColumnPrivilegesA
SQLColumnPrivilegesW
SQLColumns
SQLColumnsA
SQLColumnsW
SQLConnect
SQLConnectA
SQLConnectW
SQLCopyDesc
SQLDataSources
SQLDataSourcesA
SQLDataSourcesW
SQLDescribeCol
SQLDescribeColA
SQLDescribeColW
SQLDescribeParam
SQLDisconnect
SQLDriverConnect
SQLDriverConnectA
SQLDriverConnectW
SQLDrivers
SQLDriversA
SQLDriversW
SQLEndTran
SQLError
SQLErrorA
SQLErrorW
SQLExecDirect
SQLExecDirectA
SQLExecDirectW
SQLExecute
SQLExtendedFetch
SQLFetch
SQLFetchScroll
SQLForeignKeys
SQLForeignKeysA
SQLForeignKeysW
SQLFreeConnect
SQLFreeEnv
SQLFreeHandle
SQLFreeStmt
SQLGetConnectAttr
SQLGetConnectAttrA
SQLGetConnectAttrW
SQLGetConnectOption
SQLGetConnectOptionA
SQLGetConnectOptionW
SQLGetCursorName
SQLGetCursorNameA
SQLGetCursorNameW
SQLGetData
SQLGetDescField
SQLGetDescFieldA
SQLGetDescFieldW
SQLGetDescRec
SQLGetDescRecA
SQLGetDescRecW
SQLGetDiagField
SQLGetDiagFieldA
SQLGetDiagFieldW
SQLGetDiagRec
SQLGetDiagRecA
SQLGetDiagRecW
SQLGetEnvAttr
SQLGetFunctions
SQLGetInfo
SQLGetInfoA
SQLGetInfoW
SQLGetStmtAttr
SQLGetStmtAttrA
SQLGetStmtAttrW
SQLGetStmtOption
SQLGetTypeInfo
SQLGetTypeInfoA
SQLGetTypeInfoW
SQLMoreResults
SQLNativeSql
SQLNativeSqlA
SQLNativeSqlW
SQLNumParams
SQLNumResultCols
SQLParamData
SQLParamOptions
SQLPrepare
SQLPrepareA
SQLPrepareW
SQLPrimaryKeys
SQLPrimaryKeysA
SQLPrimaryKeysW
SQLProcedureColumns
SQLProcedureColumnsA
SQLProcedureColumnsW
SQLProcedures
SQLProceduresA
SQLProceduresW
SQLPutData
SQLRowCount
SQLSetConnectAttr
SQLSetConnectAttrA
SQLSetConnectAttrW
SQLSetConnectOption
SQLSetConnectOptionA
SQLSetConnectOptionW
SQLSetCursorName
SQLSetCursorNameA
SQLSetCursorNameW
SQLSetDescField
SQLSetDescFieldA
SQLSetDescFieldW
SQLSetDescRec
SQLSetEnvAttr
SQLSetParam
SQLSetPos
SQLSetScrollOptions
SQLSetStmtAttr
SQLSetStmtAttrA
SQLSetStmtAttrW
SQLSetStmtOption
SQLSpecialColumns
SQLSpecialColumnsA
SQLSpecialColumnsW
SQLStatistics
SQLStatisticsA
SQLStatisticsW
SQLTablePrivileges
SQLTablePrivilegesA
SQLTablePrivilegesW
SQLTables
SQLTablesA
SQLTablesW
SQLTransact
SearchStatusCode
VFreeErrors
VRetrieveDriverErrorsRowCol
ValidateErrorQueue
g_hHeapMalloc

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/ODBCINT.DLL
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/OLE32.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

1d6c3c76bb665c00b3609ac726f5a13e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ole32.pdb

Imports

msvcrt

wcschr
memmove
wcstoul
_wcsnicmp
wcslen
_wtoi
wcsncmp
_wtol
wcsstr
wcstol
wcscpy
wcsncpy
_wcsicmp
_local_unwind2
_vsnprintf
swprintf
wcscat
strcspn
_ftol
qsort
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
_except_handler3

ntdll

RtlInitializeCriticalSectionAndSpinCount
RtlDeleteCriticalSection
NtQuerySystemInformation
NtSetInformationFile
RtlCompareMemory
RtlCheckForOrphanedCriticalSections
RtlCopySid
RtlLengthSid
NtQueryInformationToken
RtlNtStatusToDosError
NtOpenKey
RtlInitUnicodeString
ZwClose
ZwDeleteKey
ZwDeleteValueKey
RtlCompareUnicodeString
ZwOpenKey
ZwCreateKey
ZwEnumerateKey
ZwQueryValueKey
RtlWriteRegistryValue
RtlAnsiStringToUnicodeString
NtQueryObject
NtQueryVolumeInformationFile
NtQueryInformationFile
NtMapViewOfSection
RtlRaiseStatus
NtCreateFile
RtlGetCurrentDirectory_U
NtClose
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlInitializeCriticalSection

gdi32

SetMetaFileBitsEx
GetEnhMetaFileBits
DeleteEnhMetaFile
SetEnhMetaFileBits
GetPaletteEntries
CreatePalette
GetObjectType
CopyMetaFileW
SetBitmapBits
SetBitmapDimensionEx
GetBitmapDimensionEx
CopyEnhMetaFileW
GetDeviceCaps
ExtTextOutA
SetTextAlign
GetTextExtentPointA
SelectObject
SetBkMode
SetTextColor
Escape
SetWindowExtEx
SetWindowOrgEx
SetMapMode
GetTextMetricsA
CreateFontIndirectW
CloseMetaFile
CreateMetaFileA
SelectPalette
PlayMetaFileRecord
EnumMetaFile
CreateMetaFileW
RestoreDC
GetStockObject
SetViewportExtEx
SetViewportOrgEx
LPtoDP
PlayEnhMetaFile
CloseEnhMetaFile
PlayMetaFile
CreateEnhMetaFileW
GetGraphicsMode
IntersectClipRect
SaveDC
GetEnhMetaFileHeader
PlayEnhMetaFileRecord
DeleteDC
SetWinMetaFileBits
CreateCompatibleDC
GetWinMetaFileBits
GetEnhMetaFilePaletteEntries
EnumEnhMetaFile
StretchDIBits
RealizePalette
GetDIBits
CreateDIBitmap
GetBitmapBits
DeleteObject
CreateBitmap
GetMetaFileBitsEx
GetObjectW
DeleteMetaFile

kernel32

GetDriveTypeW
GetFullPathNameW
GetFileAttributesW
InterlockedIncrement
GetThreadLocale
lstrcatW
lstrcpyW
InterlockedDecrement
GetLastError
GetProcAddress
LoadLibraryA
CloseHandle
SetEvent
ResetEvent
CreateEventW
lstrcpynW
InterlockedCompareExchange
FreeLibrary
LoadLibraryW
IsBadWritePtr
lstrcmpiW
GetFileAttributesExW
GetShortPathNameW
WideCharToMultiByte
AreFileApisANSI
IsDBCSLeadByte
MultiByteToWideChar
lstrcmpW
GlobalUnlock
GlobalLock
GetCurrentThreadId
SleepEx
GetModuleHandleExW
GetSystemWindowsDirectoryW
GetTickCount
GetProcessHeap
HeapAlloc
HeapValidate
HeapFree
HeapSize
HeapCompact
HeapReAlloc
InterlockedExchange
lstrlenA
WaitForSingleObject
OpenEventA
FindClose
FindFirstFileW
GetModuleFileNameW
LocalAlloc
LocalFree
IsBadReadPtr
ReleaseActCtx
WaitForSingleObjectEx
DuplicateHandle
GetCurrentThread
GetCurrentProcess
Sleep
GetModuleHandleW
GetComputerNameW
DebugBreak
GetCurrentProcessId
FindActCtxSectionGuid
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
CreateThread
CreateActCtxW
LoadLibraryExW
DeactivateActCtx
ActivateActCtx
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
GetCurrentActCtx
CreateEventA
FreeLibraryAndExitThread
WriteProfileStringW
GetProfileStringW
UnhandledExceptionFilter
RaiseException
OutputDebugStringW
ReadFile
SetFilePointer
GetStringTypeW
SetLastError
MapViewOfFileEx
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
ProcessIdToSessionId
LoadLibraryExA
ExpandEnvironmentStringsW
FindActCtxSectionStringW
GetSystemDirectoryW
GetSystemWow64DirectoryW
SearchPathW
FileTimeToDosDateTime
DosDateTimeToFileTime
SystemTimeToFileTime
GetSystemTime
GetLocaleInfoA
GetSystemInfo
OutputDebugStringA
CreateSemaphoreW
ReleaseSemaphore
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
TerminateProcess
IsProcessorFeaturePresent
GlobalFree
GlobalAlloc
GlobalSize
GlobalGetAtomNameW
GlobalDeleteAtom
GlobalGetAtomNameA
CreateProcessW
GlobalAddAtomW
GlobalAddAtomA
GlobalFindAtomW
GlobalReAlloc
LocalUnlock
LocalLock
GlobalFindAtomA
DeleteFileW
MulDiv
GetTempFileNameW
GetWindowsDirectoryW
GetTempPathW
GetOverlappedResult
SetFileTime
lstrlenW
OpenProcess
LockFile
UnlockFile
GetFileTime
FlushViewOfFile
GlobalMemoryStatus
GetFileSize
FlushFileBuffers
VirtualAlloc
WriteFile
PulseEvent
GetFileType
InitializeCriticalSection
IsBadHugeWritePtr
IsBadHugeReadPtr
GetFileInformationByHandle
GetExitCodeThread
DeviceIoControl
GetUserDefaultLCID
GetACP
CreateFileMappingA
CompareStringA
CompareStringW
GetSystemDefaultLCID
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
AddRefActCtx
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
InterlockedExchangeAdd
IsBadStringPtrW
CreateFileW
SetEndOfFile

user32

IsCharAlphaNumericW
IsCharAlphaW
DestroyIcon
LoadIconW
SystemParametersInfoW
GetSystemMetrics
SetRectEmpty
DrawIcon
GetSysColor
CharPrevA
GetDC
ReleaseDC
InSendMessage
ReplyMessage
SetWindowsHookExW
CallNextHookEx
CallWindowProcW
GetMenuState
UnhookWindowsHookEx
SetFocus
GetSubMenu
GetMenuItemID
CopyAcceleratorTableW
WindowFromPoint
GetParent
GetCursor
GetCursorPos
ScreenToClient
WaitMessage
IsIconic
GetKeyState
LoadCursorW
SetCursor
CountClipboardFormats
GetOpenClipboardWindow
EnumClipboardFormats
GetClipboardData
SetCapture
GetClipboardOwner
EmptyClipboard
CloseClipboard
OpenClipboard
SetPropW
GetPropW
RemovePropW
SetClipboardData
GetClipboardSequenceNumber
IsClipboardFormatAvailable
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatA
GetClipboardFormatNameA
GetWindowWord
SetWindowWord
GetClassNameW
GetWindow
FreeDDElParam
WaitForInputIdle
PackDDElParam
CreateWindowExA
UnpackDDElParam
CharUpperA
RegisterClipboardFormatW
GetClipboardFormatNameW
RegisterClassW
UnregisterClassW
SetTimer
GetMessageW
KillTimer
IsChild
PostThreadMessageW
wsprintfA
IsWindow
DefWindowProcW
CreateWindowExW
GetWindowThreadProcessId
GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
MsgWaitForMultipleObjectsEx
GetQueueStatus
MessageBeep
InSendMessageEx
AllowSetForegroundWindow
PostMessageW
PostQuitMessage
CharLowerW
CreateDialogParamW
DialogBoxParamW
GetWindowLongW
SetWindowLongW
wsprintfW
CharUpperW
CharPrevW
SetWindowTextW
GetWindowRect
GetClientRect
MoveWindow
SendDlgItemMessageW
SetDlgItemTextW
LoadStringW
MessageBoxW
GetDlgItem
GetDesktopWindow
SendMessageW
ShowWindow
DestroyWindow
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
CharNextW
AttachThreadInput

advapi32

RegQueryValueExA
RegQueryValueA
AccessCheck
LookupAccountNameW
RegOpenKeyExA
RegCreateKeyExW
RegEnumValueW
RegEnumKeyA
RegDeleteKeyA
DuplicateEncryptionInfoFile
AllocateLocallyUniqueId
RegSetValueExW
RegDeleteKeyW
RegSetValueW
RegQueryValueExW
RegQueryValueW
RegCloseKey
RegOpenKeyExW
InstallApplication
RegOpenKeyA
RegOpenKeyW
SetThreadToken
OpenThreadToken
AccessCheckByType
GetSecurityDescriptorDacl
EqualSid
GetTokenInformation
RevertToSelf
ImpersonateAnonymousToken
GetSecurityDescriptorLength
DuplicateToken
OpenProcessToken
CryptReleaseContext
CryptAcquireContextW
IsValidSecurityDescriptor
GetLengthSid
LookupAccountSidW
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
MakeSelfRelativeSD
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CopySid
SetSecurityDescriptorDacl
FreeSid
AddAccessAllowedAce
InitializeAcl
AllocateAndInitializeSid
InitializeSecurityDescriptor
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegEnumKeyW
GetAce
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegOpenUserClassesRoot
CommandLineFromMsiDescriptor
RegQueryInfoKeyW
RegSetValueA
RegDeleteValueW
RegQueryInfoKeyA
RegNotifyChangeKeyValue

rpcrt4

RpcAsyncCompleteCall
RpcServerUseProtseqExW
RpcServerUseProtseqEpExW
RpcServerUseProtseqW
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerInqBindings
RpcBindingVectorFree
RpcSmDestroyClientContext
RpcErrorStartEnumeration
RpcErrorGetNextRecord
RpcErrorEndEnumeration
I_RpcGetBufferWithObject
RpcRaiseException
I_RpcAsyncAbortCall
I_RpcSendReceive
I_RpcReceive
I_RpcSend
I_RpcAsyncSetHandle
I_RpcGetBuffer
RpcBindingFree
RpcBindingCopy
RpcBindingFromStringBindingW
RpcBindingSetOption
RpcServerUnregisterIf
RpcServerRegisterIf2
RpcBindingInqObject
RpcBindingSetAuthInfoExW
RpcServerRegisterAuthInfoW
RpcCertGeneratePrincipalNameW
RpcBindingInqAuthClientW
I_RpcBindingInqLocalClientPID
RpcImpersonateClient
RpcRevertToSelfEx
RpcBindingToStringBindingW
RpcStringBindingParseW
I_RpcBindingInqTransportType
RpcBindingInqAuthInfoExW
RpcStringFreeW
RpcAsyncInitializeHandle
RpcCancelThreadEx
RpcMgmtSetCancelTimeout
RpcAsyncCancelCall
RpcAsyncGetCallStatus
RpcServerTestCancel
I_RpcFreeBuffer
UuidCreate
NdrClientCall2
RpcMgmtSetComTimeout
RpcMgmtInqComTimeout
MesHandleFree
MesEncodeFixedBufferHandleCreate
NdrMesTypeAlignSize2
NdrMesTypeEncode2
NdrMesTypeDecode2
NdrOutInit
MesBufferHandleReset
NdrGetSimpleTypeBufferSize
NdrGetSimpleTypeBufferAlignment
NdrCorrelationInitialize
NdrStubInitialize
NdrStubCall2
NdrpMemoryIncrement
NdrGetSimpleTypeMemorySize
NdrProxyFreeBuffer
NdrClearOutParameters
NdrProxyErrorHandler
NdrConvert2
NdrProxySendReceive
NdrTypeMarshall
NdrProxyGetBuffer
NdrTypeSize
NdrProxyInitialize
NdrpCreateStub
NdrpCreateProxy
NdrGetTypeFlags
NdrTypeFree
NdrStubGetBuffer
NdrClientInitializeNew
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrpReleaseTypeFormatString
NdrpReleaseTypeGenCookie
NdrpVarVtOfTypeDesc
NdrpGetTypeFormatString
NdrpGetProcFormatString
NdrpGetTypeGenCookie
NdrGetUserMarshalInfo
NdrDllRegisterProxy
NdrDcomAsyncClientCall
NdrAsyncServerCall
NdrServerCall2
NdrTypeUnmarshall
MesDecodeBufferHandleCreate
RpcErrorAddRecord
NdrUnmarshallBasetypeInline

Exports

Exports

BindMoniker
CLIPFORMAT_UserFree
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserSize
CLIPFORMAT_UserUnmarshal
CLSIDFromOle1Class
CLSIDFromProgID
CLSIDFromProgIDEx
CLSIDFromString
CoAddRefServerProcess
CoAllowSetForegroundWindow
CoBuildVersion
CoCancelCall
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoCreateObjectInContext
CoDeactivateObject
CoDisableCallCancellation
CoDisconnectObject
CoDosDateTimeToFileTime
CoEnableCallCancellation
CoFileTimeNow
CoFileTimeToDosDateTime
CoFreeAllLibraries
CoFreeLibrary
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetApartmentID
CoGetCallContext
CoGetCallerTID
CoGetCancelObject
CoGetClassObject
CoGetClassVersion
CoGetComCatalog
CoGetContextToken
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoGetDefaultContext
CoGetInstanceFromFile
CoGetInstanceFromIStorage
CoGetInterceptor
CoGetInterceptorFromTypeInfo
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetObject
CoGetObjectContext
CoGetPSClsid
CoGetProcessIdentifier
CoGetStandardMarshal
CoGetState
CoGetStdMarshalEx
CoGetSystemSecurityPermissions
CoGetTreatAsClass
CoImpersonateClient
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoInitializeWOW
CoInstall
CoInvalidateRemoteMachineBindings
CoIsHandlerConnected
CoIsOle1Class
CoLoadLibrary
CoLockObjectExternal
CoMarshalHresult
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoPopServiceDomain
CoPushServiceDomain
CoQueryAuthenticationServices
CoQueryClientBlanket
CoQueryProxyBlanket
CoQueryReleaseObject
CoReactivateObject
CoRegisterChannelHook
CoRegisterClassObject
CoRegisterInitializeSpy
CoRegisterMallocSpy
CoRegisterMessageFilter
CoRegisterPSClsid
CoRegisterSurrogate
CoRegisterSurrogateEx
CoReleaseMarshalData
CoReleaseServerProcess
CoResumeClassObjects
CoRetireServer
CoRevertToSelf
CoRevokeClassObject
CoRevokeInitializeSpy
CoRevokeMallocSpy
CoSetCancelObject
CoSetProxyBlanket
CoSetState
CoSuspendClassObjects
CoSwitchCallContext
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoTestCancel
CoTreatAsClass
CoUninitialize
CoUnloadingWOW
CoUnmarshalHresult
CoUnmarshalInterface
CoWaitForMultipleHandles
ComPs_CStdStubBuffer_AddRef
ComPs_CStdStubBuffer_Connect
ComPs_CStdStubBuffer_CountRefs
ComPs_CStdStubBuffer_DebugServerQueryInterface
ComPs_CStdStubBuffer_DebugServerRelease
ComPs_CStdStubBuffer_Disconnect
ComPs_CStdStubBuffer_Invoke
ComPs_CStdStubBuffer_IsIIDSupported
ComPs_CStdStubBuffer_QueryInterface
ComPs_IUnknown_AddRef_Proxy
ComPs_IUnknown_QueryInterface_Proxy
ComPs_IUnknown_Release_Proxy
ComPs_NdrCStdStubBuffer2_Release
ComPs_NdrCStdStubBuffer_Release
ComPs_NdrClientCall2
ComPs_NdrClientCall2_va
ComPs_NdrDllCanUnloadNow
ComPs_NdrDllGetClassObject
ComPs_NdrDllRegisterProxy
ComPs_NdrDllUnregisterProxy
ComPs_NdrStubCall2
ComPs_NdrStubForwardingFunction
CreateAntiMoniker
CreateBindCtx
CreateClassMoniker
CreateDataAdviseHolder
CreateDataCache
CreateErrorInfo
CreateFileMoniker
CreateGenericComposite
CreateILockBytesOnHGlobal
CreateItemMoniker
CreateObjrefMoniker
CreateOleAdviseHolder
CreatePointerMoniker
CreateStdProgressIndicator
CreateStreamOnHGlobal
DcomChannelSetHResult
DllDebugObjectRPCHook
DllGetClassObject
DllGetClassObjectWOW
DllRegisterServer
DoDragDrop
EnableHookObject
FmtIdToPropStgName
FreePropVariantArray
GetClassFile
GetConvertStg
GetDocumentBitStg
GetErrorInfo
GetHGlobalFromILockBytes
GetHGlobalFromStream
GetHookInterface
GetRunningObjectTable
HACCEL_UserFree
HACCEL_UserMarshal
HACCEL_UserSize
HACCEL_UserUnmarshal
HBITMAP_UserFree
HBITMAP_UserMarshal
HBITMAP_UserSize
HBITMAP_UserUnmarshal
HBRUSH_UserFree
HBRUSH_UserMarshal
HBRUSH_UserSize
HBRUSH_UserUnmarshal
HDC_UserFree
HDC_UserMarshal
HDC_UserSize
HDC_UserUnmarshal
HENHMETAFILE_UserFree
HENHMETAFILE_UserMarshal
HENHMETAFILE_UserSize
HENHMETAFILE_UserUnmarshal
HGLOBAL_UserFree
HGLOBAL_UserMarshal
HGLOBAL_UserSize
HGLOBAL_UserUnmarshal
HICON_UserFree
HICON_UserMarshal
HICON_UserSize
HICON_UserUnmarshal
HMENU_UserFree
HMENU_UserMarshal
HMENU_UserSize
HMENU_UserUnmarshal
HMETAFILEPICT_UserFree
HMETAFILEPICT_UserMarshal
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserUnmarshal
HMETAFILE_UserFree
HMETAFILE_UserMarshal
HMETAFILE_UserSize
HMETAFILE_UserUnmarshal
HPALETTE_UserFree
HPALETTE_UserMarshal
HPALETTE_UserSize
HPALETTE_UserUnmarshal
HWND_UserFree
HWND_UserMarshal
HWND_UserSize
HWND_UserUnmarshal
HkOleRegisterObject
IIDFromString
IsAccelerator
IsEqualGUID
IsValidIid
IsValidInterface
IsValidPtrIn
IsValidPtrOut
MkParseDisplayName
MonikerCommonPrefixWith
MonikerRelativePathTo
OleBuildVersion
OleConvertIStorageToOLESTREAM
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleConvertOLESTREAMToIStorageEx
OleCreate
OleCreateDefaultHandler
OleCreateEmbeddingHelper
OleCreateEx
OleCreateFromData
OleCreateFromDataEx
OleCreateFromFile
OleCreateFromFileEx
OleCreateLink
OleCreateLinkEx
OleCreateLinkFromData
OleCreateLinkFromDataEx
OleCreateLinkToFile
OleCreateLinkToFileEx
OleCreateMenuDescriptor
OleCreateStaticFromData
OleDestroyMenuDescriptor
OleDoAutoConvert
OleDraw
OleDuplicateData
OleFlushClipboard
OleGetAutoConvert
OleGetClipboard
OleGetIconOfClass
OleGetIconOfFile
OleInitialize
OleInitializeWOW
OleIsCurrentClipboard
OleIsRunning
OleLoad
OleLoadFromStream
OleLockRunning
OleMetafilePictFromIconAndLabel
OleNoteObjectVisible
OleQueryCreateFromData
OleQueryLinkFromData
OleRegEnumFormatEtc
OleRegEnumVerbs
OleRegGetMiscStatus
OleRegGetUserType
OleRun
OleSave
OleSaveToStream
OleSetAutoConvert
OleSetClipboard
OleSetContainedObject
OleSetMenuDescriptor
OleTranslateAccelerator
OleUninitialize
OpenOrCreateStream
ProgIDFromCLSID
PropStgNameToFmtId
PropSysAllocString
PropSysFreeString
PropVariantChangeType
PropVariantClear
PropVariantCopy
ReadClassStg
ReadClassStm
ReadFmtUserTypeStg
ReadOleStg
ReadStringStream
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
SNB_UserFree
SNB_UserMarshal
SNB_UserSize
SNB_UserUnmarshal
STGMEDIUM_UserFree
STGMEDIUM_UserMarshal
STGMEDIUM_UserSize
STGMEDIUM_UserUnmarshal
SetConvertStg
SetDocumentBitStg
SetErrorInfo
StgConvertPropertyToVariant
StgConvertVariantToProperty
StgCreateDocfile
StgCreateDocfileOnILockBytes
StgCreatePropSetStg
StgCreatePropStg
StgCreateStorageEx
StgGetIFillLockBytesOnFile
StgGetIFillLockBytesOnILockBytes
StgIsStorageFile
StgIsStorageILockBytes
StgOpenAsyncDocfileOnIFillLockBytes
StgOpenPropStg
StgOpenStorage
StgOpenStorageEx
StgOpenStorageOnHandle
StgOpenStorageOnILockBytes
StgPropertyLengthAsVariant
StgSetTimes
StringFromCLSID
StringFromGUID2
StringFromIID
UpdateDCOMSettings
UtConvertDvtd16toDvtd32
UtConvertDvtd32toDvtd16
UtGetDvtd16Info
UtGetDvtd32Info
WdtpInterfacePointer_UserFree
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserSize
WdtpInterfacePointer_UserUnmarshal
WriteClassStg
WriteClassStm
WriteFmtUserTypeStg
WriteOleStg
WriteStringStream

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/OLEAUT32.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

eb67fb08582adcae9c93b174f0c98aa8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

oleaut32.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
malloc
_initterm
_clearfp
_errno
strncpy
strchr
_stat
getenv
wcstoul
_ultow
remove
_ultoa
free
calloc
_abnormal_termination
_CxxThrowException
_wcslwr
wcsncat
wcsrchr
strrchr
__CxxFrameHandler
_CIfmod
wcsncpy
strtoul
memmove
iswspace
_wcsnicmp
wcscpy
wcsncmp
wcschr
_itoa
atol
atoi
_strcmpi
_strnicmp
_CIpow
ceil
floor
_stricmp
_ui64tow
_i64toa
swprintf
_i64tow
_ftol
modf
wcslen
_wtoi
_wcsicmp
wcscmp
_itow
?terminate@@YAXXZ
_adjust_fdiv
_except_handler3

user32

GetSysColor
WinHelpW
EnableWindow
GetMessageA
DispatchMessageA
PostQuitMessage
GetActiveWindow
SetActiveWindow
SetFocus
wsprintfW
wsprintfA
GetTopWindow
IsWindowUnicode
GetClientRect
GetDialogBaseUnits
GetKeyState
GetDlgItem
GetFocus
SendMessageW
GetParent
CharLowerA
GetWindowTextA
RegisterClipboardFormatA
SetWindowLongW
DestroyIcon
CopyImage
CopyIcon
GetIconInfo
GetSystemMetrics
DrawIcon
CreateCursor
CreateIcon
ReleaseDC
GetDC
RegisterWindowMessageA
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetClassInfoW
RegisterClassW
DefWindowProcW
IsWindow
GetWindowLongW
DestroyWindow
CreateWindowExW
CharNextA

gdi32

SaveDC
CreateFontIndirectA
GetTextExtentPointA
Escape
CreateDIBSection
CreateDIBitmap
CreateHalftonePalette
IntersectClipRect
GetWindowOrgEx
OffsetViewportOrgEx
PlayEnhMetaFile
EnumMetaFile
RestoreDC
DeleteEnhMetaFile
DeleteMetaFile
PlayMetaFileRecord
SetBitmapBits
SetDIBits
CreatePalette
GetEnhMetaFileBits
GetMetaFileBitsEx
GetPaletteEntries
CreateCompatibleDC
BitBlt
DeleteDC
CreateCompatibleBitmap
GetBitmapBits
SetEnhMetaFileBits
SetStretchBltMode
SetBkColor
SetTextColor
SetMapMode
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
GetWinMetaFileBits
GetCurrentObject
GetObjectType
GetStockObject
SelectPalette
RealizePalette
StretchBlt
GetDIBits
StretchDIBits
GetEnhMetaFileHeader
GetObjectW
GetBitmapDimensionEx
SetMetaFileBitsEx
CreateBitmap
PatBlt
DeleteObject
CreateFontIndirectW
GetDeviceCaps
SelectObject
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExW

kernel32

FreeLibrary
Sleep
SetThreadPriority
WaitForMultipleObjects
TerminateThread
CompareStringW
CompareStringA
GetLocaleInfoW
GetStringTypeExW
GetStringTypeExA
LCMapStringW
LCMapStringA
LoadLibraryA
GetDateFormatA
GetTimeFormatA
GetDateFormatW
GetTimeFormatW
GetCurrentThread
GetCurrentProcess
CloseHandle
InterlockedExchange
IsBadReadPtr
IsBadWritePtr
GetLocalTime
GetSystemDirectoryA
CreateEventW
WaitForSingleObject
CreateThread
OutputDebugStringA
GetVersionExW
GetVersion
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GlobalHandle
MulDiv
GlobalReAlloc
LockResource
IsDBCSLeadByte
LoadResource
FindResourceW
_lclose
_lread
_lwrite
_llseek
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrlenW
GlobalDeleteAtom
GlobalAddAtomW
DebugBreak
TlsAlloc
InterlockedCompareExchange
TlsFree
TlsSetValue
CreateFileA
CreateFileW
lstrcmpiA
LoadLibraryW
SearchPathA
GetFullPathNameA
SetLastError
SearchPathW
GetFullPathNameW
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
CreateFileMappingA
GetFileSize
GetDriveTypeW
GetDriveTypeA
SetErrorMode
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetEvent
GetLastError
GetProcAddress
GetModuleHandleA
TlsGetValue
GetSystemDefaultLCID
GetUserDefaultLCID
GetLocaleInfoA
InterlockedIncrement
HeapAlloc
GetProcessHeap
HeapFree
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetNumberFormatW
MultiByteToWideChar
GetNumberFormatA
WideCharToMultiByte
GetCurrencyFormatW
GetCurrencyFormatA

advapi32

RegFlushKey
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
RegEnumKeyW
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyA
RegQueryInfoKeyA
RegCloseKey
RegQueryValueW
RegSetValueA
RegOpenKeyW
RegEnumKeyA
RegNotifyChangeKeyValue
RegQueryValueExA

ole32

CoUnmarshalInterface
CoReleaseMarshalData
ReleaseStgMedium
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoCreateInstance
StgCreateDocfile
CreateBindCtx
ReadClassStg
WriteFmtUserTypeStg
WriteClassStg
MkParseDisplayName
HWND_UserFree
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserSize
CoUnmarshalHresult
CoMarshalHresult
CLSIDFromString
CoSetState
CoGetMalloc
CoGetClassObject
StringFromGUID2
CreateItemMoniker
GetRunningObjectTable
CoMarshalInterface

rpcrt4

NdrClientCall2

Exports

Exports

BSTR_UserFree
BSTR_UserMarshal
BSTR_UserSize
BSTR_UserUnmarshal
BstrFromVector
ClearCustData
CreateDispTypeInfo
CreateErrorInfo
CreateStdDispatch
CreateTypeLib
CreateTypeLib2
DispCallFunc
DispGetIDsOfNames
DispGetParam
DispInvoke
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DosDateTimeToVariantTime
GetActiveObject
GetAltMonthNames
GetErrorInfo
GetRecordInfoFromGuids
GetRecordInfoFromTypeInfo
GetVarConversionLocaleSetting
LHashValOfNameSys
LHashValOfNameSysA
LPSAFEARRAY_Marshal
LPSAFEARRAY_Size
LPSAFEARRAY_Unmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LoadRegTypeLib
LoadTypeLib
LoadTypeLibEx
OACreateTypeLib2
OaBuildVersion
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleLoadPictureEx
OleLoadPictureFile
OleLoadPictureFileEx
OleLoadPicturePath
OleSavePictureFile
OleTranslateColor
QueryPathOfRegTypeLib
RegisterActiveObject
RegisterTypeLib
RegisterTypeLibForUser
RevokeActiveObject
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopy
SafeArrayCopyData
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayCreateVectorEx
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetElemsize
SafeArrayGetIID
SafeArrayGetLBound
SafeArrayGetRecordInfo
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArraySetIID
SafeArraySetRecordInfo
SafeArrayUnaccessData
SafeArrayUnlock
SetErrorInfo
SetOaNoCache
SetVarConversionLocaleSetting
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysReAllocString
SysReAllocStringLen
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
UnRegisterTypeLib
UnRegisterTypeLibForUser
VARIANT_UserFree
VARIANT_UserMarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VarAbs
VarAdd
VarAnd
VarBoolFromCy
VarBoolFromDate
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI1
VarBoolFromI2
VarBoolFromI4
VarBoolFromI8
VarBoolFromR4
VarBoolFromR8
VarBoolFromStr
VarBoolFromUI1
VarBoolFromUI2
VarBoolFromUI4
VarBoolFromUI8
VarBstrCat
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarBstrFromDisp
VarBstrFromI1
VarBstrFromI2
VarBstrFromI4
VarBstrFromI8
VarBstrFromR4
VarBstrFromR8
VarBstrFromUI1
VarBstrFromUI2
VarBstrFromUI4
VarBstrFromUI8
VarCat
VarCmp
VarCyAbs
VarCyAdd
VarCyCmp
VarCyCmpR8
VarCyFix
VarCyFromBool
VarCyFromDate
VarCyFromDec
VarCyFromDisp
VarCyFromI1
VarCyFromI2
VarCyFromI4
VarCyFromI8
VarCyFromR4
VarCyFromR8
VarCyFromStr
VarCyFromUI1
VarCyFromUI2
VarCyFromUI4
VarCyFromUI8
VarCyInt
VarCyMul
VarCyMulI4
VarCyMulI8
VarCyNeg
VarCyRound
VarCySub
VarDateFromBool
VarDateFromCy
VarDateFromDec
VarDateFromDisp
VarDateFromI1
VarDateFromI2
VarDateFromI4
VarDateFromI8
VarDateFromR4
VarDateFromR8
VarDateFromStr
VarDateFromUI1
VarDateFromUI2
VarDateFromUI4
VarDateFromUI8
VarDateFromUdate
VarDateFromUdateEx
VarDecAbs
VarDecAdd
VarDecCmp
VarDecCmpR8
VarDecDiv
VarDecFix
VarDecFromBool
VarDecFromCy
VarDecFromDate
VarDecFromDisp
VarDecFromI1
VarDecFromI2
VarDecFromI4
VarDecFromI8
VarDecFromR4
VarDecFromR8
VarDecFromStr
VarDecFromUI1
VarDecFromUI2
VarDecFromUI4
VarDecFromUI8
VarDecInt
VarDecMul
VarDecNeg
VarDecRound
VarDecSub
VarDiv
VarEqv
VarFix
VarFormat
VarFormatCurrency
VarFormatDateTime
VarFormatFromTokens
VarFormatNumber
VarFormatPercent
VarI1FromBool
VarI1FromCy
VarI1FromDate
VarI1FromDec
VarI1FromDisp
VarI1FromI2
VarI1FromI4
VarI1FromI8
VarI1FromR4
VarI1FromR8
VarI1FromStr
VarI1FromUI1
VarI1FromUI2
VarI1FromUI4
VarI1FromUI8
VarI2FromBool
VarI2FromCy
VarI2FromDate
VarI2FromDec
VarI2FromDisp
VarI2FromI1
VarI2FromI4
VarI2FromI8
VarI2FromR4
VarI2FromR8
VarI2FromStr
VarI2FromUI1
VarI2FromUI2
VarI2FromUI4
VarI2FromUI8
VarI4FromBool
VarI4FromCy
VarI4FromDate
VarI4FromDec
VarI4FromDisp
VarI4FromI1
VarI4FromI2
VarI4FromI8
VarI4FromR4
VarI4FromR8
VarI4FromStr
VarI4FromUI1
VarI4FromUI2
VarI4FromUI4
VarI4FromUI8
VarI8FromBool
VarI8FromCy
VarI8FromDate
VarI8FromDec
VarI8FromDisp
VarI8FromI1
VarI8FromI2
VarI8FromR4
VarI8FromR8
VarI8FromStr
VarI8FromUI1
VarI8FromUI2
VarI8FromUI4
VarI8FromUI8
VarIdiv
VarImp
VarInt
VarMod
VarMonthName
VarMul
VarNeg
VarNot
VarNumFromParseNum
VarOr
VarParseNumFromStr
VarPow
VarR4CmpR8
VarR4FromBool
VarR4FromCy
VarR4FromDate
VarR4FromDec
VarR4FromDisp
VarR4FromI1
VarR4FromI2
VarR4FromI4
VarR4FromI8
VarR4FromR8
VarR4FromStr
VarR4FromUI1
VarR4FromUI2
VarR4FromUI4
VarR4FromUI8
VarR8FromBool
VarR8FromCy
VarR8FromDate
VarR8FromDec
VarR8FromDisp
VarR8FromI1
VarR8FromI2
VarR8FromI4
VarR8FromI8
VarR8FromR4
VarR8FromStr
VarR8FromUI1
VarR8FromUI2
VarR8FromUI4
VarR8FromUI8
VarR8Pow
VarR8Round
VarRound
VarSub
VarTokenizeFormatString
VarUI1FromBool
VarUI1FromCy
VarUI1FromDate
VarUI1FromDec
VarUI1FromDisp
VarUI1FromI1
VarUI1FromI2
VarUI1FromI4
VarUI1FromI8
VarUI1FromR4
VarUI1FromR8
VarUI1FromStr
VarUI1FromUI2
VarUI1FromUI4
VarUI1FromUI8
VarUI2FromBool
VarUI2FromCy
VarUI2FromDate
VarUI2FromDec
VarUI2FromDisp
VarUI2FromI1
VarUI2FromI2
VarUI2FromI4
VarUI2FromI8
VarUI2FromR4
VarUI2FromR8
VarUI2FromStr
VarUI2FromUI1
VarUI2FromUI4
VarUI2FromUI8
VarUI4FromBool
VarUI4FromCy
VarUI4FromDate
VarUI4FromDec
VarUI4FromDisp
VarUI4FromI1
VarUI4FromI2
VarUI4FromI4
VarUI4FromI8
VarUI4FromR4
VarUI4FromR8
VarUI4FromStr
VarUI4FromUI1
VarUI4FromUI2
VarUI4FromUI8
VarUI8FromBool
VarUI8FromCy
VarUI8FromDate
VarUI8FromDec
VarUI8FromDisp
VarUI8FromI1
VarUI8FromI2
VarUI8FromI8
VarUI8FromR4
VarUI8FromR8
VarUI8FromStr
VarUI8FromUI1
VarUI8FromUI2
VarUI8FromUI4
VarUdateFromDate
VarWeekdayName
VarXor
VariantChangeType
VariantChangeTypeEx
VariantClear
VariantCopy
VariantCopyInd
VariantInit
VariantTimeToDosDateTime
VariantTimeToSystemTime
VectorFromBstr

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/OLEDLG.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

OleUIAddVerbMenuA
OleUIAddVerbMenuW
OleUIBusyA
OleUIBusyW
OleUICanConvertOrActivateAs
OleUIChangeIconA
OleUIChangeIconW
OleUIChangeSourceA
OleUIChangeSourceW
OleUIConvertA
OleUIConvertW
OleUIEditLinksA
OleUIEditLinksW
OleUIInsertObjectA
OleUIInsertObjectW
OleUIObjectPropertiesA
OleUIObjectPropertiesW
OleUIPasteSpecialA
OleUIPasteSpecialW
OleUIPromptUserA
OleUIPromptUserW
OleUIUpdateLinksA
OleUIUpdateLinksW

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/OLEPRO32.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleTranslateColor

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/PELOADER.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/POWRPROF.DLL
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CallNtPowerInformation
CanUserWritePwrScheme
DebugPrintA
DeletePwrScheme
EnumPwrSchemes
GetActivePwrScheme
GetCurrentPowerPolicies
GetPwrCapabilities
GetPwrDiskSpindownRange
IsAdminOverrideActive
IsPwrHibernateAllowed
IsPwrShutdownAllowed
IsPwrSuspendAllowed
LoadCurrentPwrScheme
MergeLegacyPwrScheme
ReadGlobalPwrPolicy
ReadProcessorPwrScheme
ReadPwrScheme
SetActivePwrScheme
SetSuspendState
ValidatePowerPolicies
WriteGlobalPwrPolicy
WriteProcessorPwrScheme
WritePwrScheme

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/PROFMAP.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllMain
InitializeProfileMappingApi
RemapAndMoveUserA
RemapAndMoveUserW
RemapUserProfileA
RemapUserProfileW

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/PSAPI.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumPageFilesA
EnumPageFilesW
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetPerformanceInfo
GetProcessImageFileNameA
GetProcessImageFileNameW
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/REG.EXE
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/REGAPI.DLL
.dll windows:5 windows x86 arch:x86

31733b9d002845ee8a0c3f12b7336024

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

regapi.pdb

Imports

msvcrt

swprintf
_adjust_fdiv
malloc
_initterm
free
wcscmp
wcstoul
swscanf
_wcsicmp
_except_handler3
memmove
wcschr
wcscat
wcsncpy
wcslen
wcsncat
wcscpy

ntdll

RtlRunDecodeUnicodeString
RtlRunEncodeUnicodeString
RtlCompareMemory
RtlInitUnicodeString
RtlMakeSelfRelativeSD
RtlSelfRelativeToAbsoluteSD
RtlNtStatusToDosError
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
DelayLoadFailureHook
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
LocalAlloc
SetLastError
lstrcpyW
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryW
GetComputerNameW
QueryPerformanceCounter
CloseHandle
WaitForMultipleObjects
CreateEventW
SystemTimeToFileTime
GetSystemTime
InterlockedCompareExchange
LoadLibraryA
GetLastError

advapi32

LsaQueryInformationPolicy
LsaClose
LsaFreeMemory
RegConnectRegistryW
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
LsaOpenPolicy
RegNotifyChangeKeyValue
RegDeleteValueW

Exports

Exports

RegBuildNumberQuery
RegCdCreateA
RegCdCreateW
RegCdDeleteA
RegCdDeleteW
RegCdEnumerateA
RegCdEnumerateW
RegCdQueryA
RegCdQueryW
RegCloseServer
RegConsoleShadowQueryA
RegConsoleShadowQueryW
RegDefaultUserConfigQueryA
RegDefaultUserConfigQueryW
RegDenyTSConnectionsPolicy
RegFreeUtilityCommandList
RegGetMachinePolicy
RegGetMachinePolicyEx
RegGetTServerVersion
RegGetUserConfigFromUserParameters
RegGetUserPolicy
RegIsMachineInHelpMode
RegIsMachinePolicyAllowHelp
RegIsTServer
RegMergeUserConfigWithUserParameters
RegOpenServerA
RegOpenServerW
RegPdCreateA
RegPdCreateW
RegPdDeleteA
RegPdDeleteW
RegPdEnumerateA
RegPdEnumerateW
RegPdQueryA
RegPdQueryW
RegQueryOEMId
RegQueryUtilityCommandList
RegSAMUserConfig
RegUserConfigDelete
RegUserConfigQuery
RegUserConfigRename
RegUserConfigSet
RegWdCreateA
RegWdCreateW
RegWdDeleteA
RegWdDeleteW
RegWdEnumerateA
RegWdEnumerateW
RegWdQueryA
RegWdQueryW
RegWinStationAccessCheck
RegWinStationCreateA
RegWinStationCreateW
RegWinStationDeleteA
RegWinStationDeleteW
RegWinStationEnumerateA
RegWinStationEnumerateW
RegWinStationQueryA
RegWinStationQueryDefaultSecurity
RegWinStationQueryEx
RegWinStationQueryNumValueW
RegWinStationQuerySecurityA
RegWinStationQuerySecurityW
RegWinStationQueryValueW
RegWinStationQueryW
RegWinStationSetNumValueW
RegWinStationSetSecurityA
RegWinStationSetSecurityW
WaitForTSConnectionsPolicyChanges

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/RICHED20.DLL
.dll windows:5 windows x86 arch:x86

f009387e30ff32647a004d19f58c4f11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

riched20.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExW
RegEnumKeyExA
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExA

gdi32

GetTextMetricsA
GetObjectW
CreateFontIndirectW
GetCharWidthA
GetCharWidthW
EnumFontFamiliesExW
LPtoDP
GetMapMode
CreatePalette
GetObjectType
Escape
CreateMetaFileA
CloseMetaFile
CreatePatternBrush
EnumMetaFile
SetViewportOrgEx
GetMetaFileBitsEx
CreateBitmap
SetMetaFileBitsEx
CreateSolidBrush
ExtTextOutA
CreateCompatibleBitmap
SetMapMode
GetObjectA
DPtoLP
GetBkMode
TranslateCharsetInfo
GetOutlineTextMetricsA
GetTextCharsetInfo
GetTextMetricsW
CreatePen
MoveToEx
LineTo
BitBlt
SetWindowOrgEx
SetWindowExtEx
GetPixel
ExtTextOutW
GetDeviceCaps
SetTextAlign
DeleteObject
CreateCompatibleDC
StretchBlt
DeleteDC
CreateDIBSection
SetROP2
GetStockObject
Rectangle
GetCurrentObject
SelectObject
SelectPalette
RealizePalette
SaveDC
RestoreDC
SetBkMode
PatBlt
SetBkColor
SetTextColor
IntersectClipRect
CreateFontIndirectA
CreateICA
CreateICW
GetTextFaceA
GetTextFaceW
DeleteMetaFile

kernel32

GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedExchange
RaiseException
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetUserDefaultLCID
GetProfileIntA
FindAtomW
GetModuleFileNameW
LeaveCriticalSection
GetSystemDefaultLCID
MultiByteToWideChar
WideCharToMultiByte
LocalLock
Sleep
GetTickCount
IsBadReadPtr
FreeLibrary
GetProcAddress
GetLocaleInfoW
LocalFree
lstrcmpiA
lstrlenA
FormatMessageA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetSystemDefaultLangID
FindAtomA
GetCurrentThreadId
IsBadWritePtr
GetLastError
ReadFile
WriteFile
CloseHandle
SetFilePointer
IsValidCodePage
GetThreadLocale
GlobalAlloc
GlobalFree
GlobalFlags
GlobalReAlloc
GlobalSize
GlobalLock
GlobalHandle
GlobalUnlock
MulDiv
GetVersionExA
lstrcmpiW
GetACP
LocalAlloc
LocalReAlloc
GetModuleHandleA
GetModuleFileNameA
GetStringTypeExA
GetStringTypeExW
CreateFileA
CreateFileW
CompareStringA
CompareStringW
GetProfileSectionA
GetProfileSectionW
LoadLibraryA
LoadLibraryW
EnterCriticalSection

msvcrt

_adjust_fdiv
malloc
_initterm
free
_vsnprintf
wcsncmp
_ftol
memmove

user32

SetTimer
KillTimer
ScrollWindowEx
SetForegroundWindow
SetScrollInfo
GetFocus
GetDlgItem
GetWindow
IsWindow
GetDesktopWindow
SystemParametersInfoW
WindowFromPoint
GetForegroundWindow
IsChild
IsWindowEnabled
GetCapture
GetCaretPos
IsClipboardFormatAvailable
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetClipboardOwner
GetClipboardData
SetCaretPos
MessageBoxA
UnregisterClassA
ShowScrollBar
EnableScrollBar
DefWindowProcA
DefWindowProcW
GetWindowLongA
GetWindowLongW
GetClassLongA
GetClassLongW
LoadBitmapA
LoadBitmapW
LoadCursorA
LoadCursorW
SetWindowLongA
SetWindowLongW
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
RegisterWindowMessageA
PostQuitMessage
MessageBoxW
GetKeyboardLayout
SendMessageA
FindWindowA
SystemParametersInfoA
GetKeyboardLayoutList
CharLowerA
CharLowerBuffW
CharUpperA
CharUpperBuffW
SendMessageW
UnregisterClassW
RegisterClassA
RegisterClassW
GetDoubleClickTime
ShowCaret
HideCaret
CreateCaret
IsWindowVisible
MapWindowPoints
SetScrollPos
SetScrollRange
IsIconic
DestroyCaret
SetFocus
WindowFromDC
MessageBeep
RegisterClipboardFormatA
GetParent
TrackPopupMenu
SetCapture
GetAsyncKeyState
ReleaseCapture
GetMessageTime
GetMessagePos
IntersectRect
OffsetRect
InvertRect
CopyRect
ActivateKeyboardLayout
IsWindowUnicode
EnableWindow
GetDC
ReleaseDC
CreateWindowExW
CreateWindowExA
SetParent
ClientToScreen
MoveWindow
BeginPaint
FillRect
EndPaint
InflateRect
ShowWindow
InvalidateRect
SetWindowPos
UpdateWindow
GetClientRect
DrawFocusRect
GetSystemMetrics
GetCursorPos
ScreenToClient
GetWindowRect
PtInRect
GetKeyState
GetSysColor
DrawFrameControl
SetCursor
GetCursor
DestroyWindow
CharUpperW
DestroyMenu

Exports

Exports

CreateTextServices
IID_IRichEditOle
IID_IRichEditOleCallback
IID_ITextHost
IID_ITextHost2
IID_ITextServices
REExtendedRegisterClass
RichEdit10ANSIWndProc
RichEditANSIWndProc

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/RPCRT4.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

0d3f01648cb9c426fbdc66dc382c104b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rpcrt4.pdb

Imports

ntdll

NtQueryVirtualMemory
RtlUnwind
NtDeviceIoControlFile
RtlInitializeCriticalSection
atol
_wtol
_ultoa
RtlIntegerToChar
RtlIntegerToUnicodeString
strtol
_ltoa
atoi
strchr
NtReadFile
NtFsControlFile
wcsstr
_itow
wcstol
sprintf
NtWriteFile
RtlNtStatusToDosError
RtlUnicodeToMultiByteSize
DbgPrint
_ultow
NtQuerySystemTime
RtlTimeToSecondsSince1980
NtAllocateUuids
RtlFillMemoryUlong
DbgBreakPoint
NtCreateSection
NtSecureConnectPort
RtlFreeHeap
RtlAllocateHeap
wcschr
wcsncpy
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
_stricmp
RtlFreeAnsiString
wcstoul
wcsrchr
_itoa
RtlCaptureStackBackTrace
NtReplyWaitReceivePortEx
NtReplyWaitReplyPort
NtReadRequestData
NtRequestWaitReplyPort
NtCompleteConnectPort
NtReplyPort
NtRequestPort
NtWriteRequestData
NtClose
wcscat
NtImpersonateAnonymousToken
NtImpersonateClientOfPort
NtConnectPort
NtAcceptConnectPort
RtlInitUnicodeString
NtCreatePort
swprintf
NtPrivilegeCheck
RtlFreeUnicodeString
memmove
NtSetInformationThread
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN
RtlTryEnterCriticalSection
_alloca_probe
RtlDllShutdownInProgress
_wcsnicmp
strncpy
NtQueryInformationThread
NtAlertThread
NtDelayExecution
_wcsicmp
wcslen
wcscpy
RtlInitializeCriticalSectionAndSpinCount
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
NtQuerySystemInformation
DbgPrintEx
RtlGetNtProductType

kernel32

TerminateProcess
UnhandledExceptionFilter
HeapFree
QueryPerformanceCounter
CancelIo
GetOverlappedResult
GlobalFree
WaitForSingleObjectEx
lstrcatA
SetHandleInformation
GetComputerNameA
TransactNamedPipe
CreateFileW
SetNamedPipeHandleState
WaitNamedPipeW
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
GetQueuedCompletionStatus
CreateIoCompletionPort
CreateTimerQueueTimer
DeleteTimerQueueTimer
lstrlenW
GetSystemInfo
TlsSetValue
TlsAlloc
TlsGetValue
IsBadWritePtr
WideCharToMultiByte
GetModuleFileNameA
lstrcmpiA
LoadLibraryA
UnmapViewOfFile
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetThreadPriorityBoost
VirtualProtect
VirtualFree
PostQueuedCompletionStatus
LoadLibraryW
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
SetEvent
ResetEvent
GetLastError
GetCurrentThreadId
Sleep
GetProcAddress
FormatMessageA
FormatMessageW
CloseHandle
GetCurrentThread
lstrlenA
GetTickCount
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetComputerNameW
InterlockedExchange
WriteFile
SetUnhandledExceptionFilter
HeapAlloc
GetProcessHeap
CreateEventW
RaiseException
CreateThread
DuplicateHandle
QueueUserAPC
GlobalMemoryStatusEx
GetCommandLineW
InterlockedExchangeAdd
CompareStringW
lstrcmpW
lstrcpyA
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetComputerNameExW
GetModuleHandleW
SetCriticalSectionSpinCount
VirtualAlloc
MapViewOfFileEx
WaitForSingleObject
SetLastError

advapi32

InitializeAcl
GetSecurityDescriptorLength
GetSecurityDescriptorControl
IsValidSecurityDescriptor
ImpersonateNamedPipeClient
RegOpenKeyW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
CloseServiceHandle
IsValidSid
EqualSid
GetLengthSid
CopySid
SystemFunction040
SystemFunction041
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
MakeSelfRelativeSD
AddAccessAllowedAce
SetSecurityDescriptorDacl
LookupAccountNameW
SystemFunction036
RegEnumValueW
RegEnumValueA
RegQueryInfoKeyA
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
TraceMessage
LookupAccountSidW
RevertToSelf
OpenProcessToken
SetThreadToken
GetTokenInformation
OpenThreadToken

Exports

Exports

CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_QueryInterface
CheckVerificationTrailer
CreateProxyFromTypeInfo
CreateStubFromTypeInfo
DceErrorInqTextA
DceErrorInqTextW
DllGetClassObject
DllRegisterServer
GlobalMutexClearExternal
GlobalMutexRequestExternal
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
I_RpcAbortAsyncCall
I_RpcAllocate
I_RpcAsyncAbortCall
I_RpcAsyncSetHandle
I_RpcBCacheAllocate
I_RpcBCacheFree
I_RpcBindingCopy
I_RpcBindingHandleToAsyncHandle
I_RpcBindingInqConnId
I_RpcBindingInqDynamicEndpoint
I_RpcBindingInqDynamicEndpointA
I_RpcBindingInqDynamicEndpointW
I_RpcBindingInqLocalClientPID
I_RpcBindingInqSecurityContext
I_RpcBindingInqTransportType
I_RpcBindingInqWireIdForSnego
I_RpcBindingIsClientLocal
I_RpcBindingToStaticStringBindingW
I_RpcClearMutex
I_RpcConnectionInqSockBuffSize
I_RpcConnectionSetSockBuffSize
I_RpcDeleteMutex
I_RpcEnableWmiTrace
I_RpcExceptionFilter
I_RpcFree
I_RpcFreeBuffer
I_RpcFreePipeBuffer
I_RpcGetBuffer
I_RpcGetBufferWithObject
I_RpcGetCurrentCallHandle
I_RpcGetExtendedError
I_RpcIfInqTransferSyntaxes
I_RpcLogEvent
I_RpcMapWin32Status
I_RpcNegotiateTransferSyntax
I_RpcNsBindingSetEntryName
I_RpcNsBindingSetEntryNameA
I_RpcNsBindingSetEntryNameW
I_RpcNsInterfaceExported
I_RpcNsInterfaceUnexported
I_RpcParseSecurity
I_RpcPauseExecution
I_RpcProxyNewConnection
I_RpcReallocPipeBuffer
I_RpcReceive
I_RpcRequestMutex
I_RpcSend
I_RpcSendReceive
I_RpcServerAllocateIpPort
I_RpcServerCheckClientRestriction
I_RpcServerInqAddressChangeFn
I_RpcServerInqLocalConnAddress
I_RpcServerInqTransportType
I_RpcServerRegisterForwardFunction
I_RpcServerSetAddressChangeFn
I_RpcServerUseProtseq2A
I_RpcServerUseProtseq2W
I_RpcServerUseProtseqEp2A
I_RpcServerUseProtseqEp2W
I_RpcSessionStrictContextHandle
I_RpcSetAsyncHandle
I_RpcSsDontSerializeContext
I_RpcSystemFunction001
I_RpcTransConnectionAllocatePacket
I_RpcTransConnectionFreePacket
I_RpcTransConnectionReallocPacket
I_RpcTransDatagramAllocate
I_RpcTransDatagramAllocate2
I_RpcTransDatagramFree
I_RpcTransGetThreadEvent
I_RpcTransIoCancelled
I_RpcTransServerNewConnection
I_RpcTurnOnEEInfoPropagation
I_UuidCreate
MIDL_wchar_strcpy
MIDL_wchar_strlen
MesBufferHandleReset
MesDecodeBufferHandleCreate
MesDecodeIncrementalHandleCreate
MesEncodeDynBufferHandleCreate
MesEncodeFixedBufferHandleCreate
MesEncodeIncrementalHandleCreate
MesHandleFree
MesIncrementalHandleReset
MesInqProcEncodingId
NDRCContextBinding
NDRCContextMarshall
NDRCContextUnmarshall
NDRSContextMarshall
NDRSContextMarshall2
NDRSContextMarshallEx
NDRSContextUnmarshall
NDRSContextUnmarshall2
NDRSContextUnmarshallEx
NDRcopy
NdrAllocate
NdrAsyncClientCall
NdrAsyncServerCall
NdrByteCountPointerBufferSize
NdrByteCountPointerFree
NdrByteCountPointerMarshall
NdrByteCountPointerUnmarshall
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrClearOutParameters
NdrClientCall
NdrClientCall2
NdrClientContextMarshall
NdrClientContextUnmarshall
NdrClientInitialize
NdrClientInitializeNew
NdrComplexArrayBufferSize
NdrComplexArrayFree
NdrComplexArrayMarshall
NdrComplexArrayMemorySize
NdrComplexArrayUnmarshall
NdrComplexStructBufferSize
NdrComplexStructFree
NdrComplexStructMarshall
NdrComplexStructMemorySize
NdrComplexStructUnmarshall
NdrConformantArrayBufferSize
NdrConformantArrayFree
NdrConformantArrayMarshall
NdrConformantArrayMemorySize
NdrConformantArrayUnmarshall
NdrConformantStringBufferSize
NdrConformantStringMarshall
NdrConformantStringMemorySize
NdrConformantStringUnmarshall
NdrConformantStructBufferSize
NdrConformantStructFree
NdrConformantStructMarshall
NdrConformantStructMemorySize
NdrConformantStructUnmarshall
NdrConformantVaryingArrayBufferSize
NdrConformantVaryingArrayFree
NdrConformantVaryingArrayMarshall
NdrConformantVaryingArrayMemorySize
NdrConformantVaryingArrayUnmarshall
NdrConformantVaryingStructBufferSize
NdrConformantVaryingStructFree
NdrConformantVaryingStructMarshall
NdrConformantVaryingStructMemorySize
NdrConformantVaryingStructUnmarshall
NdrContextHandleInitialize
NdrContextHandleSize
NdrConvert
NdrConvert2
NdrCorrelationFree
NdrCorrelationInitialize
NdrCorrelationPass
NdrCreateServerInterfaceFromStub
NdrDcomAsyncClientCall
NdrDcomAsyncStubCall
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrEncapsulatedUnionBufferSize
NdrEncapsulatedUnionFree
NdrEncapsulatedUnionMarshall
NdrEncapsulatedUnionMemorySize
NdrEncapsulatedUnionUnmarshall
NdrFixedArrayBufferSize
NdrFixedArrayFree
NdrFixedArrayMarshall
NdrFixedArrayMemorySize
NdrFixedArrayUnmarshall
NdrFreeBuffer
NdrFullPointerFree
NdrFullPointerInsertRefId
NdrFullPointerQueryPointer
NdrFullPointerQueryRefId
NdrFullPointerXlatFree
NdrFullPointerXlatInit
NdrGetBuffer
NdrGetDcomProtocolVersion
NdrGetSimpleTypeBufferAlignment
NdrGetSimpleTypeBufferSize
NdrGetSimpleTypeMemorySize
NdrGetTypeFlags
NdrGetUserMarshalInfo
NdrInterfacePointerBufferSize
NdrInterfacePointerFree
NdrInterfacePointerMarshall
NdrInterfacePointerMemorySize
NdrInterfacePointerUnmarshall
NdrMapCommAndFaultStatus
NdrMesProcEncodeDecode
NdrMesProcEncodeDecode2
NdrMesSimpleTypeAlignSize
NdrMesSimpleTypeDecode
NdrMesSimpleTypeEncode
NdrMesTypeAlignSize
NdrMesTypeAlignSize2
NdrMesTypeDecode
NdrMesTypeDecode2
NdrMesTypeEncode
NdrMesTypeEncode2
NdrMesTypeFree2
NdrNonConformantStringBufferSize
NdrNonConformantStringMarshall
NdrNonConformantStringMemorySize
NdrNonConformantStringUnmarshall
NdrNonEncapsulatedUnionBufferSize
NdrNonEncapsulatedUnionFree
NdrNonEncapsulatedUnionMarshall
NdrNonEncapsulatedUnionMemorySize
NdrNonEncapsulatedUnionUnmarshall
NdrNsGetBuffer
NdrNsSendReceive
NdrOleAllocate
NdrOleFree
NdrOutInit
NdrPartialIgnoreClientBufferSize
NdrPartialIgnoreClientMarshall
NdrPartialIgnoreServerInitialize
NdrPartialIgnoreServerUnmarshall
NdrPointerBufferSize
NdrPointerFree
NdrPointerMarshall
NdrPointerMemorySize
NdrPointerUnmarshall
NdrProxyErrorHandler
NdrProxyFreeBuffer
NdrProxyGetBuffer
NdrProxyInitialize
NdrProxySendReceive
NdrRangeUnmarshall
NdrRpcSmClientAllocate
NdrRpcSmClientFree
NdrRpcSmSetClientToOsf
NdrRpcSsDefaultAllocate
NdrRpcSsDefaultFree
NdrRpcSsDisableAllocate
NdrRpcSsEnableAllocate
NdrSendReceive
NdrServerCall
NdrServerCall2
NdrServerContextMarshall
NdrServerContextNewMarshall
NdrServerContextNewUnmarshall
NdrServerContextUnmarshall
NdrServerInitialize
NdrServerInitializeMarshall
NdrServerInitializeNew
NdrServerInitializePartial
NdrServerInitializeUnmarshall
NdrServerMarshall
NdrServerUnmarshall
NdrSimpleStructBufferSize
NdrSimpleStructFree
NdrSimpleStructMarshall
NdrSimpleStructMemorySize
NdrSimpleStructUnmarshall
NdrSimpleTypeMarshall
NdrSimpleTypeUnmarshall
NdrStubCall
NdrStubCall2
NdrStubForwardingFunction
NdrStubGetBuffer
NdrStubInitialize
NdrStubInitializeMarshall
NdrTypeFlags
NdrTypeFree
NdrTypeMarshall
NdrTypeSize
NdrTypeUnmarshall
NdrUnmarshallBasetypeInline
NdrUserMarshalBufferSize
NdrUserMarshalFree
NdrUserMarshalMarshall
NdrUserMarshalMemorySize
NdrUserMarshalSimpleTypeConvert
NdrUserMarshalUnmarshall
NdrVaryingArrayBufferSize
NdrVaryingArrayFree
NdrVaryingArrayMarshall
NdrVaryingArrayMemorySize
NdrVaryingArrayUnmarshall
NdrXmitOrRepAsBufferSize
NdrXmitOrRepAsFree
NdrXmitOrRepAsMarshall
NdrXmitOrRepAsMemorySize
NdrXmitOrRepAsUnmarshall
NdrpCreateProxy
NdrpCreateStub
NdrpGetProcFormatString
NdrpGetTypeFormatString
NdrpGetTypeGenCookie
NdrpMemoryIncrement
NdrpReleaseTypeFormatString
NdrpReleaseTypeGenCookie
NdrpSetRpcSsDefaults
NdrpVarVtOfTypeDesc
RpcAbortAsyncCall
RpcAsyncAbortCall
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcAsyncGetCallStatus
RpcAsyncInitializeHandle
RpcAsyncRegisterInfo
RpcBindingCopy
RpcBindingFree
RpcBindingFromStringBindingA
RpcBindingFromStringBindingW
RpcBindingInqAuthClientA
RpcBindingInqAuthClientExA
RpcBindingInqAuthClientExW
RpcBindingInqAuthClientW
RpcBindingInqAuthInfoA
RpcBindingInqAuthInfoExA
RpcBindingInqAuthInfoExW
RpcBindingInqAuthInfoW
RpcBindingInqObject
RpcBindingInqOption
RpcBindingReset
RpcBindingServerFromClient
RpcBindingSetAuthInfoA
RpcBindingSetAuthInfoExA
RpcBindingSetAuthInfoExW
RpcBindingSetAuthInfoW
RpcBindingSetObject
RpcBindingSetOption
RpcBindingToStringBindingA
RpcBindingToStringBindingW
RpcBindingVectorFree
RpcCancelAsyncCall
RpcCancelThread
RpcCancelThreadEx
RpcCertGeneratePrincipalNameA
RpcCertGeneratePrincipalNameW
RpcCompleteAsyncCall
RpcEpRegisterA
RpcEpRegisterNoReplaceA
RpcEpRegisterNoReplaceW
RpcEpRegisterW
RpcEpResolveBinding
RpcEpUnregister
RpcErrorAddRecord
RpcErrorClearInformation
RpcErrorEndEnumeration
RpcErrorGetNextRecord
RpcErrorGetNumberOfRecords
RpcErrorLoadErrorInfo
RpcErrorResetEnumeration
RpcErrorSaveErrorInfo
RpcErrorStartEnumeration
RpcFreeAuthorizationContext
RpcGetAsyncCallStatus
RpcGetAuthorizationContextForClient
RpcIfIdVectorFree
RpcIfInqId
RpcImpersonateClient
RpcInitializeAsyncHandle
RpcMgmtEnableIdleCleanup
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextA
RpcMgmtEpEltInqNextW
RpcMgmtEpUnregister
RpcMgmtInqComTimeout
RpcMgmtInqDefaultProtectLevel
RpcMgmtInqIfIds
RpcMgmtInqServerPrincNameA
RpcMgmtInqServerPrincNameW
RpcMgmtInqStats
RpcMgmtIsServerListening
RpcMgmtSetAuthorizationFn
RpcMgmtSetCancelTimeout
RpcMgmtSetComTimeout
RpcMgmtSetServerStackSize
RpcMgmtStatsVectorFree
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcNetworkInqProtseqsA
RpcNetworkInqProtseqsW
RpcNetworkIsProtseqValidA
RpcNetworkIsProtseqValidW
RpcNsBindingInqEntryNameA
RpcNsBindingInqEntryNameW
RpcObjectInqType
RpcObjectSetInqFn
RpcObjectSetType
RpcProtseqVectorFreeA
RpcProtseqVectorFreeW
RpcRaiseException
RpcRegisterAsyncInfo
RpcRevertToSelf
RpcRevertToSelfEx
RpcServerInqBindings
RpcServerInqCallAttributesA
RpcServerInqCallAttributesW
RpcServerInqDefaultPrincNameA
RpcServerInqDefaultPrincNameW
RpcServerInqIf
RpcServerListen
RpcServerRegisterAuthInfoA
RpcServerRegisterAuthInfoW
RpcServerRegisterIf
RpcServerRegisterIf2
RpcServerRegisterIfEx
RpcServerTestCancel
RpcServerUnregisterIf
RpcServerUnregisterIfEx
RpcServerUseAllProtseqs
RpcServerUseAllProtseqsEx
RpcServerUseAllProtseqsIf
RpcServerUseAllProtseqsIfEx
RpcServerUseProtseqA
RpcServerUseProtseqEpA
RpcServerUseProtseqEpExA
RpcServerUseProtseqEpExW
RpcServerUseProtseqEpW
RpcServerUseProtseqExA
RpcServerUseProtseqExW
RpcServerUseProtseqIfA
RpcServerUseProtseqIfExA
RpcServerUseProtseqIfExW
RpcServerUseProtseqIfW
RpcServerUseProtseqW
RpcServerYield
RpcSmAllocate
RpcSmClientFree
RpcSmDestroyClientContext
RpcSmDisableAllocate
RpcSmEnableAllocate
RpcSmFree
RpcSmGetThreadHandle
RpcSmSetClientAllocFree
RpcSmSetThreadHandle
RpcSmSwapClientAllocFree
RpcSsAllocate
RpcSsContextLockExclusive
RpcSsContextLockShared
RpcSsDestroyClientContext
RpcSsDisableAllocate
RpcSsDontSerializeContext
RpcSsEnableAllocate
RpcSsFree
RpcSsGetContextBinding
RpcSsGetThreadHandle
RpcSsSetClientAllocFree
RpcSsSetThreadHandle
RpcSsSwapClientAllocFree
RpcStringBindingComposeA
RpcStringBindingComposeW
RpcStringBindingParseA
RpcStringBindingParseW
RpcStringFreeA
RpcStringFreeW
RpcTestCancel
RpcUserFree
SimpleTypeAlignment
SimpleTypeBufferSize
SimpleTypeMemorySize
TowerConstruct
TowerExplode
UuidCompare
UuidCreate
UuidCreateNil
UuidCreateSequential
UuidEqual
UuidFromStringA
UuidFromStringW
UuidHash
UuidIsNil
UuidToStringA
UuidToStringW
char_array_from_ndr
char_from_ndr
data_from_ndr
data_into_ndr
data_size_ndr
double_array_from_ndr
double_from_ndr
enum_from_ndr
float_array_from_ndr

Sections

.text
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/RPCSS.DLL
.dll windows:5 windows x86 arch:x86

ac0bc0f64de47c232f03234cc8038c38

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rpcss.pdb

Imports

msvcrt

_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
_ftol
_resetstkoflw
_except_handler3
memmove
_wtoi
_purecall
ceil
wcslen
wcschr
_ultow
strncmp
wcstol
_stricmp
swprintf
_vsnwprintf
_wcsicmp
wcsncpy
towupper
wcscat
wcscpy

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlImageNtHeader
RtlNtStatusToDosError
NtOpenFile
RtlInitString
RtlDeleteCriticalSection
NtCompareTokens
NtQueryInformationToken
DbgPrint
NtQuerySystemInformation
RtlCopySid
RtlLengthSid
NtOpenKey
NtOpenSection
NtFsControlFile
NtCreateFile
RtlAdjustPrivilege
RtlInitUnicodeString
RtlEqualUnicodeString
NtSetUuidSeed
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlGetNtProductType
RtlInitializeCriticalSection
NtSetInformationProcess
NtDuplicateToken
NtAllocateLocallyUniqueId
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlAllocateAndInitializeSid
NtClose

rpcrt4

RpcServerRegisterIf2
RpcMgmtSetServerStackSize
UuidCreate
RpcServerListen
RpcMgmtIsServerListening
I_RpcAllocate
I_RpcFree
RpcServerUseProtseqEpExW
RpcBindingFree
NdrAsyncServerCall
NdrAsyncClientCall
MesHandleFree
MesEncodeFixedBufferHandleCreate
MesDecodeBufferHandleCreate
NdrMesTypeAlignSize2
NdrMesTypeEncode2
NdrMesTypeDecode2
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoExW
RpcRevertToSelfEx
RpcImpersonateClient
RpcRaiseException
I_RpcBindingInqTransportType
RpcAsyncCompleteCall
RpcBindingSetOption
I_RpcBindingInqWireIdForSnego
RpcServerUnregisterIf
I_RpcServerInqLocalConnAddress
I_RpcServerCheckClientRestriction
TowerExplode
I_RpcSystemFunction001
RpcServerRegisterIfEx
I_RpcServerRegisterForwardFunction
I_RpcServerSetAddressChangeFn
I_RpcExceptionFilter
NdrClientCall2
NdrServerCall2
RpcRevertToSelf
RpcStringBindingComposeW
RpcMgmtEnableIdleCleanup
I_RpcBindingInqLocalClientPID
RpcBindingReset
RpcAsyncCancelCall
RpcBindingFromStringBindingW
RpcBindingSetObject
RpcAsyncInitializeHandle
RpcBindingCopy
RpcServerInqBindings
RpcBindingVectorFree
RpcStringFreeW
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcServerRegisterAuthInfoW

advapi32

DuplicateTokenEx
SetTokenInformation
ImpersonateLoggedOnUser
CreateProcessAsUserW
StartServiceW
QueryServiceStatus
ControlService
RegSetValueExW
LsaRetrievePrivateData
AccessCheck
GetSecurityDescriptorLength
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
QueryServiceStatusEx
SaferCreateLevel
SaferComputeTokenFromLevel
SaferCloseLevel
CommandLineFromMsiDescriptor
IsValidSecurityDescriptor
LookupAccountSidW
RegisterEventSourceW
ReportEventW
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AllocateLocallyUniqueId
SetServiceStatus
RegQueryValueA
RegisterServiceCtrlHandlerExW
DeregisterEventSource
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorDacl
GetAce
RegOpenKeyW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
SystemFunction036
CryptGenRandom
CopySid
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegEnumValueW
ImpersonateAnonymousToken
OpenThreadToken
RevertToSelf
RegOpenUserClassesRoot
SaferiCompareTokenLevels
CheckTokenMembership
SetThreadToken
CreateWellKnownSid
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
LsaFreeMemory
ChangeServiceConfigW
EqualSid
GetTokenInformation
OpenProcessToken

kernel32

DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
LoadLibraryA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
TlsAlloc
LocalAlloc
CreateEventA
LocalFree
Sleep
GetComputerNameA
QueryPerformanceCounter
GlobalMemoryStatus
GetDiskFreeSpaceA
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
GetLastError
lstrcmpW
GetProcessHeap
HeapAlloc
HeapFree
ReleaseMutex
GetDriveTypeW
lstrcpynW
MultiByteToWideChar
GetExitCodeProcess
WaitForMultipleObjects
CreateMutexW
ResumeThread
CreateProcessW
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
ReadFile
WriteFile
WaitNamedPipeW
InitializeCriticalSectionAndSpinCount
FindActCtxSectionGuid
lstrcmpiA
MapViewOfFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
GetCurrentProcessId
DelayLoadFailureHook
SetLastError
CloseHandle
DeviceIoControl
CreateFileW
SleepEx
InterlockedIncrement
InterlockedDecrement
CreateThread
GetSystemInfo
lstrcpyW
lstrlenW
RegisterWaitForSingleObject
CreateEventW
SetEvent
WaitForSingleObject
lstrcatW
TerminateJobObject
GetCurrentThread
InterlockedExchangeAdd
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteCriticalSection
IsDebuggerPresent
DebugBreak
ResetEvent
TlsSetValue
TlsGetValue
GetModuleHandleW
LoadLibraryExA
ExpandEnvironmentStringsW
GetModuleFileNameW
ReleaseActCtx
FindFirstFileW
FindActCtxSectionStringW
LoadLibraryW
GetSystemDirectoryW
GetSystemWow64DirectoryW
lstrcmpiW
SearchPathW
AddRefActCtx
OpenProcess
DuplicateHandle
InitializeCriticalSection
OpenEventW
lstrcpyA
lstrlenA
LoadLibraryExW
FindClose

ws2_32

closesocket
WSAIoctl
WSAGetLastError
inet_ntoa
gethostname
gethostbyname
socket
bind
WSASetServiceW
htons
getsockname

user32

wsprintfW
LoadStringW
CharUpperW

secur32

FreeContextBuffer
LsaLogonUser
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
EnumerateSecurityPackagesW

Exports

Exports

CoGetComCatalog
GetRPCSSInfo
ServiceMain
WhichService

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/RUNDLL32.EXE
.exe windows:5 windows x86 arch:x86

d8fc1a3614d526e7111f36ddb837bb41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rundll32.pdb

Imports

msvcrt

_except_handler3
_wtoi
_vsnwprintf

kernel32

FreeLibrary
LocalFree
lstrlenA
WideCharToMultiByte
LocalAlloc
lstrlenW
GetProcAddress
FormatMessageW
GetLastError
LoadLibraryW
ActivateActCtx
CreateActCtxW
SearchPathW
GetFileAttributesW
ReleaseActCtx
DeactivateActCtx
SetErrorMode
ExitProcess
GetModuleHandleW
GetStartupInfoW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

gdi32

GetStockObject

user32

RegisterClassW
LoadStringW
CharNextW
SetClassLongW
LoadIconW
DefWindowProcW
CreateWindowExW
MessageBoxW
LoadCursorW
DestroyWindow

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
I386/SYSTEM32/RUNONCE.EXE
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SAMLIB.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SamAddMemberToAlias
SamAddMemberToGroup
SamAddMultipleMembersToAlias
SamChangePasswordUser
SamChangePasswordUser2
SamChangePasswordUser3
SamCloseHandle
SamConnect
SamConnectWithCreds
SamCreateAliasInDomain
SamCreateGroupInDomain
SamCreateUser2InDomain
SamCreateUserInDomain
SamDeleteAlias
SamDeleteGroup
SamDeleteUser
SamEnumerateAliasesInDomain
SamEnumerateDomainsInSamServer
SamEnumerateGroupsInDomain
SamEnumerateUsersInDomain
SamFreeMemory
SamGetAliasMembership
SamGetCompatibilityMode
SamGetDisplayEnumerationIndex
SamGetGroupsForUser
SamGetMembersInAlias
SamGetMembersInGroup
SamLookupDomainInSamServer
SamLookupIdsInDomain
SamLookupNamesInDomain
SamOpenAlias
SamOpenDomain
SamOpenGroup
SamOpenUser
SamQueryDisplayInformation
SamQueryInformationAlias
SamQueryInformationDomain
SamQueryInformationGroup
SamQueryInformationUser
SamQuerySecurityObject
SamRemoveMemberFromAlias
SamRemoveMemberFromForeignDomain
SamRemoveMemberFromGroup
SamRemoveMultipleMembersFromAlias
SamRidToSid
SamSetInformationAlias
SamSetInformationDomain
SamSetInformationGroup
SamSetInformationUser
SamSetMemberAttributesOfGroup
SamSetSecurityObject
SamShutdownSamServer
SamTestPrivateFunctionsDomain
SamTestPrivateFunctionsUser
SamiChangeKeys
SamiChangePasswordUser
SamiChangePasswordUser2
SamiEncryptPasswords
SamiGetBootKeyInformation
SamiLmChangePasswordUser
SamiOemChangePasswordUser2
SamiSetBootKeyInformation
SamiSetDSRMPassword
SamiSetDSRMPasswordOWF

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SAMSRV.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SamIAccountRestrictions
SamIAddDSNameToAlias
SamIAddDSNameToGroup
SamIAmIGC
SamIChangePasswordForeignUser
SamIChangePasswordForeignUser2
SamIConnect
SamICreateAccountByRid
SamIDemote
SamIDemoteUndo
SamIDoFSMORoleChange
SamIDsCreateObjectInDomain
SamIDsSetObjectInformation
SamIEnumerateAccountRids
SamIEnumerateInterdomainTrustAccountsForUpgrade
SamIFloatingSingleMasterOpEx
SamIFreeSidAndAttributesList
SamIFreeSidArray
SamIFreeVoid
SamIFree_SAMPR_ALIAS_INFO_BUFFER
SamIFree_SAMPR_DISPLAY_INFO_BUFFER
SamIFree_SAMPR_DOMAIN_INFO_BUFFER
SamIFree_SAMPR_ENUMERATION_BUFFER
SamIFree_SAMPR_GET_GROUPS_BUFFER
SamIFree_SAMPR_GET_MEMBERS_BUFFER
SamIFree_SAMPR_GROUP_INFO_BUFFER
SamIFree_SAMPR_PSID_ARRAY
SamIFree_SAMPR_RETURNED_USTRING_ARRAY
SamIFree_SAMPR_SR_SECURITY_DESCRIPTOR
SamIFree_SAMPR_ULONG_ARRAY
SamIFree_SAMPR_USER_INFO_BUFFER
SamIFree_UserInternal6Information
SamIGCLookupNames
SamIGCLookupSids
SamIGetAliasMembership
SamIGetBootKeyInformation
SamIGetDefaultAdministratorName
SamIGetFixedAttributes
SamIGetInterdomainTrustAccountPasswordsForUpgrade
SamIGetPrivateData
SamIGetResourceGroupMembershipsTransitive
SamIGetSerialNumberDomain
SamIGetUserLogonInformation
SamIGetUserLogonInformation2
SamIGetUserLogonInformationEx
SamIImpersonateNullSession
SamIIncrementPerformanceCounter
SamIInitialize
SamIIsDownlevelDcUpgrade
SamIIsExtendedSidMode
SamIIsRebootAfterPromotion
SamIIsSetupInProgress
SamILoadDownlevelDatabase
SamILoopbackConnect
SamIMixedDomain
SamIMixedDomain2
SamINT4UpgradeInProgress
SamINetLogonPing
SamINotifyDelta
SamINotifyRoleChange
SamINotifyServerDelta
SamIOpenAccount
SamIOpenUserByAlternateId
SamIPromote
SamIPromoteUndo
SamIQueryServerRole
SamIQueryServerRole2
SamIRemoveDSNameFromAlias
SamIRemoveDSNameFromGroup
SamIReplaceDownlevelDatabase
SamIResetBadPwdCountOnPdc
SamIRetrievePrimaryCredentials
SamIRevertNullSession
SamISameSite
SamISetAuditingInformation
SamISetMixedDomainFlag
SamISetPasswordForeignUser
SamISetPasswordForeignUser2
SamISetPasswordInfoOnPdc
SamISetPrivateData
SamISetSerialNumberDomain
SamIStorePrimaryCredentials
SamIUPNFromUserHandle
SamIUnLoadDownlevelDatabase
SamIUpdateLogonStatistics
SampAbortSingleLoopbackTask
SampAccountControlToFlags
SampAcquireSamLockExclusive
SampAcquireWriteLock
SampCommitBufferedWrites
SampConvertNt4SdToNt5Sd
SampDsChangePasswordUser
SampFlagsToAccountControl
SampGetDefaultSecurityDescriptorForClass
SampGetSerialNumberDomain2
SampInitializeRegistry
SampInitializeSdConversion
SampInvalidateDomainCache
SampInvalidateRidRange
SampNetLogonNotificationRequired
SampNotifyReplicatedInChange
SampProcessSingleLoopbackTask
SampReleaseSamLockExclusive
SampReleaseWriteLock
SampRtlConvertUlongToUnicodeString
SampSetSerialNumberDomain2
SampUsingDsData
SampWriteGroupType
SamrAddMemberToAlias
SamrAddMemberToGroup
SamrAddMultipleMembersToAlias
SamrChangePasswordUser
SamrCloseHandle
SamrCreateAliasInDomain
SamrCreateGroupInDomain
SamrCreateUser2InDomain
SamrCreateUserInDomain
SamrDeleteAlias
SamrDeleteGroup
SamrDeleteUser
SamrEnumerateAliasesInDomain
SamrEnumerateDomainsInSamServer
SamrEnumerateGroupsInDomain
SamrEnumerateUsersInDomain
SamrGetAliasMembership
SamrGetGroupsForUser
SamrGetMembersInAlias
SamrGetMembersInGroup
SamrGetUserDomainPasswordInformation
SamrLookupDomainInSamServer
SamrLookupIdsInDomain
SamrLookupNamesInDomain
SamrOpenAlias
SamrOpenDomain
SamrOpenGroup
SamrOpenUser
SamrQueryDisplayInformation
SamrQueryInformationAlias
SamrQueryInformationDomain
SamrQueryInformationGroup
SamrQueryInformationUser
SamrQuerySecurityObject
SamrRemoveMemberFromAlias
SamrRemoveMemberFromForeignDomain
SamrRemoveMemberFromGroup
SamrRemoveMultipleMembersFromAlias
SamrRidToSid
SamrSetInformationAlias
SamrSetInformationDomain
SamrSetInformationGroup
SamrSetInformationUser
SamrSetMemberAttributesOfGroup
SamrSetSecurityObject
SamrShutdownSamServer
SamrTestPrivateFunctionsDomain
SamrTestPrivateFunctionsUser
SamrUnicodeChangePasswordUser2

Sections

UPX0
Size: - Virtual size: 252KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SCESRV.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ScesrvInitializeServer
ScesrvTerminateServer

Sections

UPX0
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SCREENSAVER.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 252KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SECUR32.DLL
.dll windows:5 windows x86 arch:x86

1cd7090039e07579096ba49f1ed63c5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

secur32.pdb

Imports

ntdll

NtQueryVirtualMemory
RtlUnwind
RtlInitAnsiString
RtlGetNtProductType
wcschr
RtlCreateUnicodeString
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
NtDuplicateObject
RtlNtStatusToDosError
RtlCompareUnicodeString
RtlInitializeResource
RtlDeleteResource
NlsMbCodePageTag
RtlxUnicodeStringToAnsiSize
RtlUnicodeStringToAnsiString
wcslen
RtlAcquireResourceShared
RtlEqualUnicodeString
RtlAcquireResourceExclusive
RtlReleaseResource
NtFreeVirtualMemory
RtlFreeHeap
RtlAllocateHeap
RtlDeleteCriticalSection
NtSetInformationThread
NtOpenThreadToken
RtlEnterCriticalSection
RtlLeaveCriticalSection
NtQueryEvent
RtlInitializeCriticalSection
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
wcstol
ZwReplyWaitReplyPort
RtlCopyUnicodeString
ZwClose
ZwRequestWaitReplyPort
RtlInitUnicodeString
NtOpenEvent
NtWaitForSingleObject
NtClose
strncpy
ZwConnectPort
ZwFreeVirtualMemory

kernel32

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
InterlockedCompareExchange
GetLastError
GetModuleHandleW
GetComputerNameW
GetCurrentThread
lstrlenA
lstrcpyA
TlsSetValue
SearchPathW
CreateFileW
GetFileTime
CloseHandle
GetSystemTimeAsFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
TlsFree
TlsAlloc
GetSystemDefaultLCID
GetLocaleInfoW
TlsGetValue
LocalFree
LocalAlloc
DelayLoadFailureHook

advapi32

RegSetValueExW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
RegCreateKeyExW
RegCloseKey
SystemFunction035
RegDeleteKeyW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW

Exports

Exports

AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
AddCredentialsA
AddCredentialsW
AddSecurityPackageA
AddSecurityPackageW
ApplyControlToken
CompleteAuthToken
CredMarshalTargetInfo
CredUnmarshalTargetInfo
DecryptMessage
DeleteSecurityContext
DeleteSecurityPackageA
DeleteSecurityPackageW
EncryptMessage
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
ExportSecurityContext
FreeContextBuffer
FreeCredentialsHandle
GetComputerObjectNameA
GetComputerObjectNameW
GetSecurityUserInfo
GetUserNameExA
GetUserNameExW
ImpersonateSecurityContext
ImportSecurityContextA
ImportSecurityContextW
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaLogonUser
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
LsaRegisterPolicyChangeNotification
LsaUnregisterPolicyChangeNotification
MakeSignature
QueryContextAttributesA
QueryContextAttributesW
QueryCredentialsAttributesA
QueryCredentialsAttributesW
QuerySecurityContextToken
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
SaslAcceptSecurityContext
SaslEnumerateProfilesA
SaslEnumerateProfilesW
SaslGetProfilePackageA
SaslGetProfilePackageW
SaslIdentifyPackageA
SaslIdentifyPackageW
SaslInitializeSecurityContextA
SaslInitializeSecurityContextW
SealMessage
SecCacheSspiPackages
SecDeleteUserModeContext
SecGetLocaleSpecificEncryptionRules
SecInitUserModeContext
SecpFreeMemory
SecpTranslateName
SecpTranslateNameEx
SetContextAttributesA
SetContextAttributesW
TranslateNameA
TranslateNameW
UnsealMessage
VerifySignature

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/SERVICES.EXE
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SETUPAPI.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Exports

Exports

CMP_GetBlockedDriverInfo
CMP_GetServerSideDeviceInstallFlags
CMP_Init_Detection
CMP_RegisterNotification
CMP_Report_LogOn
CMP_UnregisterNotification
CMP_WaitNoPendingInstallEvents
CMP_WaitServicesAvailable
CM_Add_Empty_Log_Conf
CM_Add_Empty_Log_Conf_Ex
CM_Add_IDA
CM_Add_IDW
CM_Add_ID_ExA
CM_Add_ID_ExW
CM_Add_Range
CM_Add_Res_Des
CM_Add_Res_Des_Ex
CM_Connect_MachineA
CM_Connect_MachineW
CM_Create_DevNodeA
CM_Create_DevNodeW
CM_Create_DevNode_ExA
CM_Create_DevNode_ExW
CM_Create_Range_List
CM_Delete_Class_Key
CM_Delete_Class_Key_Ex
CM_Delete_DevNode_Key
CM_Delete_DevNode_Key_Ex
CM_Delete_Range
CM_Detect_Resource_Conflict
CM_Detect_Resource_Conflict_Ex
CM_Disable_DevNode
CM_Disable_DevNode_Ex
CM_Disconnect_Machine
CM_Dup_Range_List
CM_Enable_DevNode
CM_Enable_DevNode_Ex
CM_Enumerate_Classes
CM_Enumerate_Classes_Ex
CM_Enumerate_EnumeratorsA
CM_Enumerate_EnumeratorsW
CM_Enumerate_Enumerators_ExA
CM_Enumerate_Enumerators_ExW
CM_Find_Range
CM_First_Range
CM_Free_Log_Conf
CM_Free_Log_Conf_Ex
CM_Free_Log_Conf_Handle
CM_Free_Range_List
CM_Free_Res_Des
CM_Free_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Free_Resource_Conflict_Handle
CM_Get_Child
CM_Get_Child_Ex
CM_Get_Class_Key_NameA
CM_Get_Class_Key_NameW
CM_Get_Class_Key_Name_ExA
CM_Get_Class_Key_Name_ExW
CM_Get_Class_NameA
CM_Get_Class_NameW
CM_Get_Class_Name_ExA
CM_Get_Class_Name_ExW
CM_Get_Class_Registry_PropertyA
CM_Get_Class_Registry_PropertyW
CM_Get_Depth
CM_Get_Depth_Ex
CM_Get_DevNode_Custom_PropertyA
CM_Get_DevNode_Custom_PropertyW
CM_Get_DevNode_Custom_Property_ExA
CM_Get_DevNode_Custom_Property_ExW
CM_Get_DevNode_Registry_PropertyA
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_Property_ExA
CM_Get_DevNode_Registry_Property_ExW
CM_Get_DevNode_Status
CM_Get_DevNode_Status_Ex
CM_Get_Device_IDA
CM_Get_Device_IDW
CM_Get_Device_ID_ExA
CM_Get_Device_ID_ExW
CM_Get_Device_ID_ListA
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_ExA
CM_Get_Device_ID_List_ExW
CM_Get_Device_ID_List_SizeA
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_List_Size_ExA
CM_Get_Device_ID_List_Size_ExW
CM_Get_Device_ID_Size
CM_Get_Device_ID_Size_Ex
CM_Get_Device_Interface_AliasA
CM_Get_Device_Interface_AliasW
CM_Get_Device_Interface_Alias_ExA
CM_Get_Device_Interface_Alias_ExW
CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_ExA
CM_Get_Device_Interface_List_ExW
CM_Get_Device_Interface_List_SizeA
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_List_Size_ExA
CM_Get_Device_Interface_List_Size_ExW
CM_Get_First_Log_Conf
CM_Get_First_Log_Conf_Ex
CM_Get_Global_State
CM_Get_Global_State_Ex
CM_Get_HW_Prof_FlagsA
CM_Get_HW_Prof_FlagsW
CM_Get_HW_Prof_Flags_ExA
CM_Get_HW_Prof_Flags_ExW
CM_Get_Hardware_Profile_InfoA
CM_Get_Hardware_Profile_InfoW
CM_Get_Hardware_Profile_Info_ExA
CM_Get_Hardware_Profile_Info_ExW
CM_Get_Log_Conf_Priority
CM_Get_Log_Conf_Priority_Ex
CM_Get_Next_Log_Conf
CM_Get_Next_Log_Conf_Ex
CM_Get_Next_Res_Des
CM_Get_Next_Res_Des_Ex
CM_Get_Parent
CM_Get_Parent_Ex
CM_Get_Res_Des_Data
CM_Get_Res_Des_Data_Ex
CM_Get_Res_Des_Data_Size
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Resource_Conflict_Count
CM_Get_Resource_Conflict_DetailsA
CM_Get_Resource_Conflict_DetailsW
CM_Get_Sibling
CM_Get_Sibling_Ex
CM_Get_Version
CM_Get_Version_Ex
CM_Intersect_Range_List
CM_Invert_Range_List
CM_Is_Dock_Station_Present
CM_Is_Dock_Station_Present_Ex
CM_Is_Version_Available
CM_Is_Version_Available_Ex
CM_Locate_DevNodeA
CM_Locate_DevNodeW
CM_Locate_DevNode_ExA
CM_Locate_DevNode_ExW
CM_Merge_Range_List
CM_Modify_Res_Des
CM_Modify_Res_Des_Ex
CM_Move_DevNode
CM_Move_DevNode_Ex
CM_Next_Range
CM_Open_Class_KeyA
CM_Open_Class_KeyW
CM_Open_Class_Key_ExA
CM_Open_Class_Key_ExW
CM_Open_DevNode_Key
CM_Open_DevNode_Key_Ex
CM_Query_And_Remove_SubTreeA
CM_Query_And_Remove_SubTreeW
CM_Query_And_Remove_SubTree_ExA
CM_Query_And_Remove_SubTree_ExW
CM_Query_Arbitrator_Free_Data
CM_Query_Arbitrator_Free_Data_Ex
CM_Query_Arbitrator_Free_Size
CM_Query_Arbitrator_Free_Size_Ex
CM_Query_Remove_SubTree
CM_Query_Remove_SubTree_Ex
CM_Query_Resource_Conflict_List
CM_Reenumerate_DevNode
CM_Reenumerate_DevNode_Ex
CM_Register_Device_Driver
CM_Register_Device_Driver_Ex
CM_Register_Device_InterfaceA
CM_Register_Device_InterfaceW
CM_Register_Device_Interface_ExA
CM_Register_Device_Interface_ExW
CM_Remove_SubTree
CM_Remove_SubTree_Ex
CM_Request_Device_EjectA
CM_Request_Device_EjectW
CM_Request_Device_Eject_ExA
CM_Request_Device_Eject_ExW
CM_Request_Eject_PC
CM_Request_Eject_PC_Ex
CM_Run_Detection
CM_Run_Detection_Ex
CM_Set_Class_Registry_PropertyA
CM_Set_Class_Registry_PropertyW
CM_Set_DevNode_Problem
CM_Set_DevNode_Problem_Ex
CM_Set_DevNode_Registry_PropertyA
CM_Set_DevNode_Registry_PropertyW
CM_Set_DevNode_Registry_Property_ExA
CM_Set_DevNode_Registry_Property_ExW
CM_Set_HW_Prof
CM_Set_HW_Prof_Ex
CM_Set_HW_Prof_FlagsA
CM_Set_HW_Prof_FlagsW
CM_Set_HW_Prof_Flags_ExA
CM_Set_HW_Prof_Flags_ExW
CM_Setup_DevNode
CM_Setup_DevNode_Ex
CM_Test_Range_Available
CM_Uninstall_DevNode
CM_Uninstall_DevNode_Ex
CM_Unregister_Device_InterfaceA
CM_Unregister_Device_InterfaceW
CM_Unregister_Device_Interface_ExA
CM_Unregister_Device_Interface_ExW
DoesUserHavePrivilege
ExtensionPropSheetPageProc
InstallCatalog
InstallHinfSection
InstallHinfSectionA
InstallHinfSectionW
IsUserAdmin
MyFree
MyMalloc
MyRealloc
SetupAddInstallSectionToDiskSpaceListA
SetupAddInstallSectionToDiskSpaceListW
SetupAddSectionToDiskSpaceListA
SetupAddSectionToDiskSpaceListW
SetupAddToDiskSpaceListA
SetupAddToDiskSpaceListW
SetupAddToSourceListA
SetupAddToSourceListW
SetupAdjustDiskSpaceListA
SetupAdjustDiskSpaceListW
SetupBackupErrorA
SetupBackupErrorW
SetupCancelTemporarySourceList
SetupCloseFileQueue
SetupCloseInfFile
SetupCloseLog
SetupCommitFileQueue
SetupCommitFileQueueA
SetupCommitFileQueueW
SetupCopyErrorA
SetupCopyErrorW
SetupCopyOEMInfA
SetupCopyOEMInfW
SetupCreateDiskSpaceListA
SetupCreateDiskSpaceListW
SetupDecompressOrCopyFileA
SetupDecompressOrCopyFileW
SetupDefaultQueueCallback
SetupDefaultQueueCallbackA
SetupDefaultQueueCallbackW
SetupDeleteErrorA
SetupDeleteErrorW
SetupDestroyDiskSpaceList
SetupDiAskForOEMDisk
SetupDiBuildClassInfoList
SetupDiBuildClassInfoListExA
SetupDiBuildClassInfoListExW
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiCancelDriverInfoSearch
SetupDiChangeState
SetupDiClassGuidsFromNameA
SetupDiClassGuidsFromNameExA
SetupDiClassGuidsFromNameExW
SetupDiClassGuidsFromNameW
SetupDiClassNameFromGuidA
SetupDiClassNameFromGuidExA
SetupDiClassNameFromGuidExW
SetupDiClassNameFromGuidW
SetupDiCreateDevRegKeyA
SetupDiCreateDevRegKeyW
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoListExA
SetupDiCreateDeviceInfoListExW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInterfaceA
SetupDiCreateDeviceInterfaceRegKeyA
SetupDiCreateDeviceInterfaceRegKeyW
SetupDiCreateDeviceInterfaceW
SetupDiDeleteDevRegKey
SetupDiDeleteDeviceInfo
SetupDiDeleteDeviceInterfaceData
SetupDiDeleteDeviceInterfaceRegKey
SetupDiDestroyClassImageList
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiDrawMiniIcon
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiEnumDriverInfoA
SetupDiEnumDriverInfoW
SetupDiGetActualSectionToInstallA
SetupDiGetActualSectionToInstallExA
SetupDiGetActualSectionToInstallExW
SetupDiGetActualSectionToInstallW
SetupDiGetClassBitmapIndex
SetupDiGetClassDescriptionA
SetupDiGetClassDescriptionExA
SetupDiGetClassDescriptionExW
SetupDiGetClassDescriptionW
SetupDiGetClassDevPropertySheetsA
SetupDiGetClassDevPropertySheetsW
SetupDiGetClassDevsA
SetupDiGetClassDevsExA
SetupDiGetClassDevsExW
SetupDiGetClassDevsW
SetupDiGetClassImageIndex
SetupDiGetClassImageList
SetupDiGetClassImageListExA
SetupDiGetClassImageListExW
SetupDiGetClassInstallParamsA
SetupDiGetClassInstallParamsW
SetupDiGetClassRegistryPropertyA
SetupDiGetClassRegistryPropertyW
SetupDiGetCustomDevicePropertyA
SetupDiGetCustomDevicePropertyW
SetupDiGetDeviceInfoListClass
SetupDiGetDeviceInfoListDetailA
SetupDiGetDeviceInfoListDetailW
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceAlias
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInfoDetailA
SetupDiGetDriverInfoDetailW
SetupDiGetDriverInstallParamsA
SetupDiGetDriverInstallParamsW
SetupDiGetHwProfileFriendlyNameA
SetupDiGetHwProfileFriendlyNameExA
SetupDiGetHwProfileFriendlyNameExW
SetupDiGetHwProfileFriendlyNameW
SetupDiGetHwProfileList
SetupDiGetHwProfileListExA
SetupDiGetHwProfileListExW
SetupDiGetINFClassA
SetupDiGetINFClassW
SetupDiGetSelectedDevice
SetupDiGetSelectedDriverA
SetupDiGetSelectedDriverW
SetupDiGetWizardPage
SetupDiInstallClassA
SetupDiInstallClassExA
SetupDiInstallClassExW
SetupDiInstallClassW
SetupDiInstallDevice
SetupDiInstallDeviceInterfaces
SetupDiInstallDriverFiles
SetupDiLoadClassIcon
SetupDiMoveDuplicateDevice
SetupDiOpenClassRegKey
SetupDiOpenClassRegKeyExA
SetupDiOpenClassRegKeyExW
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoA
SetupDiOpenDeviceInfoW
SetupDiOpenDeviceInterfaceA
SetupDiOpenDeviceInterfaceRegKey
SetupDiOpenDeviceInterfaceW
SetupDiRegisterCoDeviceInstallers
SetupDiRegisterDeviceInfo
SetupDiRemoveDevice
SetupDiRemoveDeviceInterface
SetupDiSelectBestCompatDrv
SetupDiSelectDevice
SetupDiSelectOEMDrv
SetupDiSetClassInstallParamsA
SetupDiSetClassInstallParamsW
SetupDiSetClassRegistryPropertyA
SetupDiSetClassRegistryPropertyW
SetupDiSetDeviceInstallParamsA
SetupDiSetDeviceInstallParamsW
SetupDiSetDeviceInterfaceDefault
SetupDiSetDeviceRegistryPropertyA
SetupDiSetDeviceRegistryPropertyW
SetupDiSetDriverInstallParamsA
SetupDiSetDriverInstallParamsW
SetupDiSetSelectedDevice
SetupDiSetSelectedDriverA
SetupDiSetSelectedDriverW
SetupDiUnremoveDevice
SetupDuplicateDiskSpaceListA
SetupDuplicateDiskSpaceListW
SetupEnumInfSectionsA
SetupEnumInfSectionsW
SetupFindFirstLineA
SetupFindFirstLineW
SetupFindNextLine
SetupFindNextMatchLineA
SetupFindNextMatchLineW
SetupFreeSourceListA
SetupFreeSourceListW
SetupGetBackupInformationA
SetupGetBackupInformationW
SetupGetBinaryField
SetupGetFieldCount
SetupGetFileCompressionInfoA
SetupGetFileCompressionInfoExA
SetupGetFileCompressionInfoExW
SetupGetFileCompressionInfoW
SetupGetFileQueueCount
SetupGetFileQueueFlags
SetupGetInfFileListA
SetupGetInfFileListW
SetupGetInfInformationA
SetupGetInfInformationW
SetupGetInfSections
SetupGetIntField
SetupGetLineByIndexA
SetupGetLineByIndexW
SetupGetLineCountA
SetupGetLineCountW
SetupGetLineTextA
SetupGetLineTextW
SetupGetMultiSzFieldA
SetupGetMultiSzFieldW
SetupGetNonInteractiveMode
SetupGetSourceFileLocationA
SetupGetSourceFileLocationW
SetupGetSourceFileSizeA
SetupGetSourceFileSizeW
SetupGetSourceInfoA
SetupGetSourceInfoW
SetupGetStringFieldA
SetupGetStringFieldW
SetupGetTargetPathA
SetupGetTargetPathW
SetupInitDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupInitializeFileLogA
SetupInitializeFileLogW
SetupInstallFileA
SetupInstallFileExA
SetupInstallFileExW
SetupInstallFileW
SetupInstallFilesFromInfSectionA
SetupInstallFilesFromInfSectionW
SetupInstallFromInfSectionA
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionA
SetupInstallServicesFromInfSectionExA
SetupInstallServicesFromInfSectionExW
SetupInstallServicesFromInfSectionW
SetupIterateCabinetA
SetupIterateCabinetW
SetupLogErrorA
SetupLogErrorW
SetupLogFileA
SetupLogFileW
SetupOpenAppendInfFileA
SetupOpenAppendInfFileW
SetupOpenFileQueue
SetupOpenInfFileA
SetupOpenInfFileW
SetupOpenLog
SetupOpenMasterInf
SetupPrepareQueueForRestoreA
SetupPrepareQueueForRestoreW
SetupPromptForDiskA
SetupPromptForDiskW
SetupPromptReboot
SetupQueryDrivesInDiskSpaceListA
SetupQueryDrivesInDiskSpaceListW
SetupQueryFileLogA
SetupQueryFileLogW
SetupQueryInfFileInformationA
SetupQueryInfFileInformationW
SetupQueryInfOriginalFileInformationA
SetupQueryInfOriginalFileInformationW
SetupQueryInfVersionInformationA
SetupQueryInfVersionInformationW
SetupQuerySourceListA
SetupQuerySourceListW
SetupQuerySpaceRequiredOnDriveA
SetupQuerySpaceRequiredOnDriveW
SetupQueueCopyA
SetupQueueCopyIndirectA
SetupQueueCopyIndirectW
SetupQueueCopySectionA
SetupQueueCopySectionW
SetupQueueCopyW
SetupQueueDefaultCopyA
SetupQueueDefaultCopyW
SetupQueueDeleteA
SetupQueueDeleteSectionA
SetupQueueDeleteSectionW
SetupQueueDeleteW
SetupQueueRenameA
SetupQueueRenameSectionA
SetupQueueRenameSectionW
SetupQueueRenameW
SetupRemoveFileLogEntryA
SetupRemoveFileLogEntryW
SetupRemoveFromDiskSpaceListA
SetupRemoveFromDiskSpaceListW
SetupRemoveFromSourceListA
SetupRemoveFromSourceListW

Sections

UPX0
Size: - Virtual size: 652KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 335KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SETUPREG.HIV
I386/SYSTEM32/SHDOCLC.DLL
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 535KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/SHDOCVW.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AddUrlToFavorites
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllRegisterWindowClasses
DllUnregisterServer
DoAddToFavDlg
DoAddToFavDlgW
DoFileDownload
DoFileDownloadEx
DoOrganizeFavDlg
DoOrganizeFavDlgW
DoPrivacyDlg
HlinkFindFrame
HlinkFrameNavigate
HlinkFrameNavigateNHL
IEWriteErrorLog
ImportPrivacySettings
OpenURL
SHAddSubscribeFavorite
SHGetIDispatchForFolder
SetQueryNetSessionCount
SetShellOfflineState
SoftwareUpdateMessageBox
URLQualifyA
URLQualifyW

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 438KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SHELL32.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Activate_RunDLL
AppCompat_RunDLLW
CDefFolderMenu_Create
CDefFolderMenu_Create2
CallCPLEntry16
CheckEscapesA
CheckEscapesW
CommandLineToArgvW
Control_FillCache_RunDLL
Control_FillCache_RunDLLA
Control_FillCache_RunDLLW
Control_RunDLL
Control_RunDLLA
Control_RunDLLAsUserW
Control_RunDLLW
DAD_AutoScroll
DAD_DragEnterEx
DAD_DragEnterEx2
DAD_DragLeave
DAD_DragMove
DAD_SetDragImage
DAD_ShowDragImage
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DriveType
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconResInfoA
ExtractIconResInfoW
ExtractIconW
ExtractVersionResource16W
FindExeDlgProc
FindExecutableA
FindExecutableW
FreeIconList
GetFileNameFromBrowse
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILCreateFromPath
ILCreateFromPathA
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetSize
ILIsEqual
ILIsParent
ILLoadFromStream
ILRemoveLastID
ILSaveToStream
InternalExtractIconListA
InternalExtractIconListW
IsLFNDrive
IsLFNDriveA
IsLFNDriveW
IsNetDrive
IsUserAnAdmin
OpenAs_RunDLL
OpenAs_RunDLLA
OpenAs_RunDLLW
OpenRegStream
Options_RunDLL
Options_RunDLLA
Options_RunDLLW
PathCleanupSpec
PathGetShortPath
PathIsExe
PathIsSlowA
PathIsSlowW
PathMakeUniqueName
PathProcessCommand
PathQualify
PathResolve
PathYetAnotherMakeUniqueName
PickIconDlg
PifMgr_CloseProperties
PifMgr_GetProperties
PifMgr_OpenProperties
PifMgr_SetProperties
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLA
PrintersGetCommand_RunDLLW
ReadCabinetState
RealDriveType
RealShellExecuteA
RealShellExecuteExA
RealShellExecuteExW
RealShellExecuteW
RegenerateUserEnvironment
RestartDialog
RestartDialogEx
SHAddFromPropSheetExtArray
SHAddToRecentDocs
SHAlloc
SHAllocShared
SHAppBarMessage
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHCLSIDFromString
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifySuspendResume
SHCloneSpecialIDList
SHCoCreateInstance
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateFileExtractIconW
SHCreateLocalServerRunDll
SHCreateProcessAsUserW
SHCreatePropSheetExtArray
SHCreateQueryCancelAutoPlayMoniker
SHCreateShellFolderView
SHCreateShellFolderViewEx
SHCreateShellItem
SHCreateStdEnumFmtEtc
SHDefExtractIconA
SHDefExtractIconW
SHDestroyPropSheetExtArray
SHDoDragDrop
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHEnableServiceObject
SHEnumerateUnreadMailAccountsW
SHExtractIconsW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFindFiles
SHFind_InitMenuPopup
SHFlushClipboard
SHFlushSFCache
SHFormatDrive
SHFree
SHFreeNameMappings
SHFreeShared
SHGetAttributesFromDataObject
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathW
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetImageList
SHGetInstanceExplorer
SHGetMalloc
SHGetNewLinkInfo
SHGetNewLinkInfoA
SHGetNewLinkInfoW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetRealIDL
SHGetSetFolderCustomSettingsW
SHGetSetSettings
SHGetSettings
SHGetShellStyleHInstance
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetUnreadMailCountW
SHHandleUpdateImage
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SHHelpShortcuts_RunDLLW
SHILCreateFromPath
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLimitInputEdit
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHLoadOLE
SHLockShared
SHMapIDListToImageListIndexAsync
SHMapPIDLToSystemImageListIndex
SHMultiFileProperties
SHObjectProperties
SHOpenFolderAndSelectItems
SHOpenPropSheetW
SHParseDisplayName
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHPropStgCreate
SHPropStgReadMultiple
SHPropStgWriteMultiple
SHQueryRecycleBinA
SHQueryRecycleBinW
SHReplaceFromPropSheetExtArray
SHRestricted
SHRunControlPanel
SHSetInstanceExplorer
SHSetLocalizedName
SHSetUnreadMailCountW
SHShellFolderView_Message
SHSimpleIDListFromPath
SHStartNetConnectionDialogW
SHTestTokenMembership
SHUnlockShared
SHUpdateImageA
SHUpdateImageW
SHUpdateRecycleBinIcon
SHValidateUNC
SheChangeDirA
SheChangeDirExA
SheChangeDirExW
SheChangeDirW
SheConvertPathW
SheFullPathA
SheFullPathW
SheGetCurDrive
SheGetDirA
SheGetDirExW
SheGetDirW
SheGetPathOffsetW
SheRemoveQuotesA
SheRemoveQuotesW
SheSetCurDrive
SheShortenPathA
SheShortenPathW
ShellAboutA
ShellAboutW
ShellExec_RunDLL
ShellExec_RunDLLA
ShellExec_RunDLLW
ShellExecuteA
ShellExecuteEx
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
ShellHookProc
ShellMessageBoxA
ShellMessageBoxW
Shell_GetCachedImageIndex
Shell_GetImageLists
Shell_MergeMenus
Shell_NotifyIcon
Shell_NotifyIconA
Shell_NotifyIconW
SignalFileOpen
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrCpyNA
StrCpyNW
StrNCmpA
StrNCmpIA
StrNCmpIW
StrNCmpW
StrNCpyA
StrNCpyW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrA
StrRStrIA
StrRStrIW
StrRStrW
StrStrA
StrStrIA
StrStrIW
StrStrW
WOWShellExecute
Win32DeleteFile
WriteCabinetState

Sections

UPX0
Size: - Virtual size: 6.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SHLWAPI.DLL
.dll windows:5 windows x86 arch:x86

3ab41ebdc82b4431b14b4f66f974dbb2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

shlwapi.pdb

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
_strlwr
_wtol
_except_handler3
wcslen
memmove
_vsnwprintf
_vsnprintf

gdi32

EnumFontFamiliesA
EnumFontFamiliesW
EnumFontFamiliesExA
EnumFontFamiliesExW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextFaceA
GetTextFaceW
GetCharacterPlacementA
GetCharacterPlacementW
CreateFontA
CreateFontW
CreateMetaFileA
CreateMetaFileW
StartDocA
StartDocW
GetTextExtentPointW
ExtTextOutA
GetDIBits
CreatePalette
GetSystemPaletteEntries
CreateCompatibleDC
DeleteObject
GetPaletteEntries
CreateHalftonePalette
GetStockObject
GetDeviceCaps
CreateBitmap
CreateCompatibleBitmap
SelectObject
GetTextExtentPointA
CreateFontIndirectA
CreateFontIndirectW
GetObjectA
GetObjectW
GetTextMetricsA
GetTextMetricsW
SetTextColor
SetBkMode
ExtTextOutW
SetBkColor
GetCharWidthA
GetCharWidth32W
CreateColorSpaceA
CreateColorSpaceW
CreateDCA
CreateDCW
CreateICA
DeleteDC
CreateICW

kernel32

GetWindowsDirectoryA
SetLastError
LeaveCriticalSection
FlushFileBuffers
WriteFile
SetFilePointer
CreateFileA
EnterCriticalSection
GetSystemTime
GetCurrentThreadId
GetTickCount
IsDBCSLeadByte
GetCPInfo
lstrcmpA
GetThreadLocale
CompareStringA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ExpandEnvironmentStringsA
GetFileAttributesA
SetErrorMode
GetFullPathNameA
SearchPathA
GetSystemDirectoryA
SetFileAttributesA
LCMapStringA
FindClose
FindNextFileA
FindFirstFileA
SetFileTime
GetEnvironmentVariableA
CreateEventW
EnumResourceNamesA
EnumResourceNamesW
FindNextFileW
SizeofResource
LockResource
LoadResource
FindResourceA
IsBadReadPtr
IsBadStringPtrW
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
CreateDirectoryA
CreateDirectoryW
CreateFileW
DeleteFileA
DeleteFileW
FindFirstFileW
DebugBreak
FormatMessageA
FormatMessageW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesW
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameW
GetSystemDirectoryW
SearchPathW
GetModuleHandleA
GetModuleHandleW
SetFileAttributesW
GetNumberFormatA
GetNumberFormatW
GetFullPathNameW
GetShortPathNameA
GetShortPathNameW
GetStringTypeExA
GetStringTypeExW
GetPrivateProfileIntA
QueryPerformanceFrequency
GetProfileStringA
GetProfileStringW
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTempPathW
GetWindowsDirectoryW
GetEnvironmentVariableW
LoadLibraryExA
LoadLibraryExW
CompareStringW
CopyFileA
CopyFileW
MoveFileA
MoveFileW
OpenEventA
OpenEventW
OutputDebugStringA
OutputDebugStringW
RemoveDirectoryA
RemoveDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
CreateMutexA
CreateMutexW
ExpandEnvironmentStringsW
CreateSemaphoreA
CreateSemaphoreW
LoadLibraryW
GetTimeFormatA
GetTimeFormatW
GetDateFormatA
GetDateFormatW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileStringW
WritePrivateProfileStructA
WritePrivateProfileStructW
GetPrivateProfileStructA
GetPrivateProfileStructW
CreateProcessA
CreateProcessW
GlobalAddAtomA
GlobalAddAtomW
GlobalFindAtomA
GlobalFindAtomW
lstrcpyA
FreeLibrary
LCMapStringW
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
FileTimeToLocalFileTime
InterlockedIncrement
InterlockedDecrement
CompareFileTime
ReadFile
GetFileSize
TlsSetValue
TlsGetValue
GlobalMemoryStatus
GlobalDeleteAtom
GetProcessVersion
GetComputerNameW
GetCurrentThread
FreeLibraryAndExitThread
CreateThread
VirtualQuery
GetACP
GetUserDefaultLCID
IsBadWritePtr
InterlockedExchange
SetEndOfFile
GetFileInformationByHandle
LocalSize
SleepEx
QueueUserAPC
ExitThread
GetVersionExA
InterlockedCompareExchange
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreA
HeapDestroy
HeapAlloc
HeapCreate
DeviceIoControl
GetSystemPowerStatus
Sleep
RaiseException
GetPrivateProfileSectionW
WaitForMultipleObjectsEx
GetFileTime
lstrcmpW
QueryPerformanceCounter
lstrcpynA
LoadLibraryA
GetProcAddress
CreateEventA
SetEvent
GetModuleFileNameA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
OpenProcess
GetCurrentProcess
CloseHandle
DuplicateHandle
lstrcmpiA
lstrlenA
lstrlenW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
LocalReAlloc
LocalAlloc
LocalFree
DisableThreadLibraryCalls
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
TlsFree
GetPrivateProfileIntW
FindResourceW
GetFileAttributesExW

user32

CreateAcceleratorTableW
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
DefWindowProcA
DefWindowProcW
DialogBoxIndirectParamA
DialogBoxIndirectParamW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DispatchMessageW
GetClassLongW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
GetWindowTextLengthA
GetWindowTextLengthW
IsDialogMessageA
IsDialogMessageW
LoadAcceleratorsA
LoadAcceleratorsW
LoadBitmapA
LoadBitmapW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
CreateIconFromResource
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
LoadImageA
DeleteMenu
DestroyMenu
SystemParametersInfoA
DrawTextA
CopyRect
OffsetRect
GetSysColor
GetWindowThreadProcessId
IsWindow
TrackPopupMenu
TrackPopupMenuEx
LoadStringW
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostThreadMessageA
PostThreadMessageW
SetWindowLongA
SetWindowLongW
SetWindowsHookExA
SetWindowsHookExW
TranslateAcceleratorA
TranslateAcceleratorW
wvsprintfW
GetMenuItemInfoW
InsertMenuItemA
InsertMenuItemW
DdeInitializeA
DdeInitializeW
CharLowerW
CharToOemA
CharToOemW
CharUpperW
CreateWindowExA
CreateWindowExW
DrawTextW
FindWindowExA
FindWindowExW
GetClassInfoA
GetClassInfoW
GetClassNameW
GetClipboardFormatNameA
GetClipboardFormatNameW
MessageBoxA
MessageBoxW
GetPropA
GetPropW
GetWindowTextW
LoadImageW
CreateMenu
SetMenuContextHelpId
LoadMenuA
LoadMenuW
GetMenuStringA
GetMenuStringW
InsertMenuA
InsertMenuW
MessageBoxIndirectA
MessageBoxIndirectW
ModifyMenuA
ModifyMenuW
OemToCharA
OemToCharW
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterClipboardFormatW
RegisterWindowMessageA
RegisterWindowMessageW
RemovePropA
RemovePropW
SendMessageTimeoutA
SendMessageW
SetPropA
SetPropW
SetWindowTextW
SystemParametersInfoW
UnregisterClassA
UnregisterClassW
VkKeyScanA
VkKeyScanW
WinHelpW
DrawTextExA
DrawTextExW
SetMenuItemInfoA
SetMenuItemInfoW
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
DdeCreateStringHandleA
DdeCreateStringHandleW
DdeQueryStringA
DdeQueryStringW
FindWindowW
SendDlgItemMessageW
SendMessageTimeoutW
DestroyAcceleratorTable
GetKeyState
SetParent
GetParent
RemoveMenu
GetSubMenu
EnumChildWindows
IsWindowUnicode
EnableMenuItem
CheckMenuItem
DeferWindowPos
MapWindowPoints
SendDlgItemMessageA
SetWindowPos
GetWindowRect
EndDeferWindowPos
BeginDeferWindowPos
EnableWindow
ShowWindow
SetFocus
IsDlgButtonChecked
EndDialog
MsgWaitForMultipleObjects
IsChild
GetMenuDefaultItem
CreatePopupMenu
SetCursor
FindWindowA
EnumWindows
TranslateMessage
UpdateWindow
InvalidateRect
EndPaint
BeginPaint
DrawFocusRect
GetFocus
ValidateRect
EqualRect
GetUpdateRect
GetDesktopWindow
BroadcastSystemMessage
CharNextW
CreateAcceleratorTableA
CopyAcceleratorTableW
CopyAcceleratorTableA
CharUpperBuffW
CharLowerBuffW
CallMsgFilterW
CallMsgFilterA
CallWindowProcW
CallWindowProcA
GetDlgItem
GetClientRect
SendMessageA
SetWindowTextA
CharUpperA
CharPrevA
GetDC
GetIconInfo
DrawIconEx
CreateIconIndirect
ReleaseDC
DestroyIcon
CharNextA
GetClassLongA
SetTimer
KillTimer
GetWindowTextA
GetClassNameA
GetSystemMetrics
GetMenuItemCount
GetMenuItemInfoA
WinHelpA
LoadStringA

advapi32

RegCloseKey
GetCurrentHwProfileA
OpenThreadToken
RegEnumValueW
RegSetValueExW
RegSetValueW
RegSetValueA
RegQueryValueExW
RegQueryValueW
RegQueryValueA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyW
RegDeleteKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
GetTokenInformation
OpenProcessToken
GetAce
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessDeniedAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
GetUserNameA
GetUserNameW
RegCreateKeyA
RegCreateKeyW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumKeyExW
RegOpenKeyA
RegOpenKeyExA

Exports

Exports

AssocCreate
AssocGetPerceivedType
AssocIsDangerous
AssocQueryKeyA
AssocQueryKeyW
AssocQueryStringA
AssocQueryStringByKeyA
AssocQueryStringByKeyW
AssocQueryStringW
ChrCmpIA
ChrCmpIW
ColorAdjustLuma
ColorHLSToRGB
ColorRGBToHLS
DelayLoadFailureHook
DllGetVersion
GetAcceptLanguagesA
GetAcceptLanguagesW
GetMenuPosFromID
HashData
IntlStrEqWorkerA
IntlStrEqWorkerW
IsCharSpaceA
IsCharSpaceW
PathAddBackslashA
PathAddBackslashW
PathAddExtensionA
PathAddExtensionW
PathAppendA
PathAppendW
PathBuildRootA
PathBuildRootW
PathCanonicalizeA
PathCanonicalizeW
PathCombineA
PathCombineW
PathCommonPrefixA
PathCommonPrefixW
PathCompactPathA
PathCompactPathExA
PathCompactPathExW
PathCompactPathW
PathCreateFromUrlA
PathCreateFromUrlW
PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathFindNextComponentA
PathFindNextComponentW
PathFindOnPathA
PathFindOnPathW
PathFindSuffixArrayA
PathFindSuffixArrayW
PathGetArgsA
PathGetArgsW
PathGetCharTypeA
PathGetCharTypeW
PathGetDriveNumberA
PathGetDriveNumberW
PathIsContentTypeA
PathIsContentTypeW
PathIsDirectoryA
PathIsDirectoryEmptyA
PathIsDirectoryEmptyW
PathIsDirectoryW
PathIsFileSpecA
PathIsFileSpecW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsNetworkPathA
PathIsNetworkPathW
PathIsPrefixA
PathIsPrefixW
PathIsRelativeA
PathIsRelativeW
PathIsRootA
PathIsRootW
PathIsSameRootA
PathIsSameRootW
PathIsSystemFolderA
PathIsSystemFolderW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCServerW
PathIsUNCW
PathIsURLA
PathIsURLW
PathMakePrettyA
PathMakePrettyW
PathMakeSystemFolderA
PathMakeSystemFolderW
PathMatchSpecA
PathMatchSpecW
PathParseIconLocationA
PathParseIconLocationW
PathQuoteSpacesA
PathQuoteSpacesW
PathRelativePathToA
PathRelativePathToW
PathRemoveArgsA
PathRemoveArgsW
PathRemoveBackslashA
PathRemoveBackslashW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathRenameExtensionA
PathRenameExtensionW
PathSearchAndQualifyA
PathSearchAndQualifyW
PathSetDlgItemPathA
PathSetDlgItemPathW
PathSkipRootA
PathSkipRootW
PathStripPathA
PathStripPathW
PathStripToRootA
PathStripToRootW
PathUnExpandEnvStringsA
PathUnExpandEnvStringsW
PathUndecorateA
PathUndecorateW
PathUnmakeSystemFolderA
PathUnmakeSystemFolderW
PathUnquoteSpacesA
PathUnquoteSpacesW
SHAllocShared
SHAutoComplete
SHCopyKeyA
SHCopyKeyW
SHCreateShellPalette
SHCreateStreamOnFileA
SHCreateStreamOnFileEx
SHCreateStreamOnFileW
SHCreateStreamWrapper
SHCreateThread
SHCreateThreadRef
SHDeleteEmptyKeyA
SHDeleteEmptyKeyW
SHDeleteKeyA
SHDeleteKeyW
SHDeleteOrphanKeyA
SHDeleteOrphanKeyW
SHDeleteValueA
SHDeleteValueW
SHEnumKeyExA
SHEnumKeyExW
SHEnumValueA
SHEnumValueW
SHFreeShared
SHGetInverseCMAP
SHGetThreadRef
SHGetValueA
SHGetValueW
SHGetViewStatePropertyBag
SHIsLowMemoryMachine
SHLoadIndirectString
SHLockShared
SHOpenRegStream2A
SHOpenRegStream2W
SHOpenRegStreamA
SHOpenRegStreamW
SHQueryInfoKeyA
SHQueryInfoKeyW
SHQueryValueExA
SHQueryValueExW
SHRegCloseUSKey
SHRegCreateUSKeyA
SHRegCreateUSKeyW
SHRegDeleteEmptyUSKeyA
SHRegDeleteEmptyUSKeyW
SHRegDeleteUSValueA
SHRegDeleteUSValueW
SHRegDuplicateHKey
SHRegEnumUSKeyA
SHRegEnumUSKeyW
SHRegEnumUSValueA
SHRegEnumUSValueW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetPathA
SHRegGetPathW
SHRegGetUSValueA
SHRegGetUSValueW
SHRegGetValueA
SHRegGetValueW
SHRegOpenUSKeyA
SHRegOpenUSKeyW
SHRegQueryInfoUSKeyA
SHRegQueryInfoUSKeyW
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetPathA
SHRegSetPathW
SHRegSetUSValueA
SHRegSetUSValueW
SHRegWriteUSValueA
SHRegWriteUSValueW
SHRegisterValidateTemplate
SHReleaseThreadRef
SHSetThreadRef
SHSetValueA
SHSetValueW
SHSkipJunction
SHStrDupA
SHStrDupW
SHUnlockShared
StrCSpnA
StrCSpnIA
StrCSpnIW
StrCSpnW
StrCatBuffA
StrCatBuffW
StrCatChainW
StrCatW
StrChrA
StrChrIA
StrChrIW
StrChrNIW
StrChrNW
StrChrW
StrCmpCA
StrCmpCW
StrCmpICA
StrCmpICW
StrCmpIW
StrCmpLogicalW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrCmpW
StrCpyNW
StrCpyW
StrDupA
StrDupW
StrFormatByteSize64A
StrFormatByteSizeA
StrFormatByteSizeW
StrFormatKBSizeA
StrFormatKBSizeW
StrFromTimeIntervalA
StrFromTimeIntervalW
StrIsIntlEqualA
StrIsIntlEqualW
StrNCatA
StrNCatW
StrPBrkA
StrPBrkW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrRetToBSTR
StrRetToBufA
StrRetToBufW
StrRetToStrA
StrRetToStrW
StrSpnA
StrSpnW
StrStrA
StrStrIA
StrStrIW
StrStrNIW
StrStrNW
StrStrW
StrToInt64ExA
StrToInt64ExW
StrToIntA
StrToIntExA
StrToIntExW
StrToIntW
StrTrimA
StrTrimW
UrlApplySchemeA
UrlApplySchemeW
UrlCanonicalizeA
UrlCanonicalizeW
UrlCombineA
UrlCombineW
UrlCompareA
UrlCompareW
UrlCreateFromPathA
UrlCreateFromPathW
UrlEscapeA
UrlEscapeW
UrlGetLocationA
UrlGetLocationW
UrlGetPartA
UrlGetPartW
UrlHashA
UrlHashW
UrlIsA
UrlIsNoHistoryA
UrlIsNoHistoryW
UrlIsOpaqueA
UrlIsOpaqueW
UrlIsW
UrlUnescapeA
UrlUnescapeW
wnsprintfA
wnsprintfW
wvnsprintfA
wvnsprintfW

Sections

.text
Size: 430KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/SHUTDOWNRES.DLL
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SMSS.EXE
.sys windows:5 windows x86 arch:x86

d3daf2245dcd370775e5c6428fc0e118

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

PDB Paths

smss.pdb

Imports

ntdll

NtTerminateProcess
NtRaiseHardError
RtlInitUnicodeString
RtlAdjustPrivilege
RtlFreeHeap
RtlUpcaseUnicodeChar
RtlUnicodeStringToInteger
RtlAllocateHeap
RtlFreeUnicodeString
DbgPrintEx
RtlExtendedIntegerMultiply
NtQueryVolumeInformationFile
NtOpenFile
NtClose
wcslen
wcscpy
NtQueryInformationProcess
NtCreatePagingFile
NtSetInformationFile
NtQueryInformationFile
DbgPrint
NtQuerySystemInformation
_allmul
NtSetSecurityObject
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlAllocateAndInitializeSid
RtlDosPathNameToNtPathName_U
RtlExpandEnvironmentStrings_U
NtQueryValueKey
swprintf
NtOpenKey
NtSetValueKey
NtCreateKey
NtCreateFile
NtReadFile
_chkstk
wcsstr
_wcsupr
NtMakeTemporaryObject
NtCreateSymbolicLinkObject
NtOpenDirectoryObject
wcsncpy
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_stricmp
NtCreateSection
LdrVerifyImageMatchesChecksum
NtCreateDirectoryObject
RtlSetEnvironmentVariable
LdrUnloadDll
LdrGetProcedureAddress
RtlInitString
LdrLoadDll
RtlCompareUnicodeString
RtlEqualString
memmove
_wcsicmp
RtlCreateUnicodeString
RtlDosSearchPath_U
RtlQueryEnvironmentVariable_U
RtlEqualUnicodeString
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtWaitForSingleObject
NtResumeThread
RtlDestroyProcessParameters
RtlCreateUserProcess
RtlCreateProcessParameters
RtlUnlockBootStatusData
RtlGetSetBootStatusData
RtlLockBootStatusData
NtDisplayString
sprintf
NtDuplicateObject
RtlLengthSid
RtlGetAce
RtlPrefixUnicodeString
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtQueryDirectoryObject
NtRequestWaitReplyPort
RtlFindMessage
NtSetEvent
NtSetSystemInformation
NtCreateEvent
RtlLeaveCriticalSection
RtlEnterCriticalSection
wcscat
LdrQueryImageFileExecutionOptions
NtDelayExecution
NtInitializeRegistry
RtlQueryRegistryValues
NtDeleteValueKey
RtlCreateEnvironment
RtlCreateUserThread
NtCreatePort
RtlInitializeCriticalSection
NtSetInformationProcess
RtlCreateTagHeap
NtSetInformationThread
NtQueryInformationToken
NtOpenThreadToken
NtImpersonateClientOfPort
NtConnectPort
NtCompleteConnectPort
NtAcceptConnectPort
NtOpenProcess
NtReplyWaitReceivePort
RtlExitUserThread
NtReplyPort
RtlSetThreadIsCritical
NtWaitForMultipleObjects
RtlSetProcessIsCritical
RtlUnicodeStringToAnsiString
NtAdjustPrivilegesToken
NtOpenProcessToken
RtlUnhandledExceptionFilter
RtlUnwind
NtQueryVirtualMemory
DbgBreakPoint
RtlNormalizeProcessParams

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/SNMPAPI.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SnmpSvcAddrIsIpx
SnmpSvcAddrToSocket
SnmpSvcGetEnterpriseOID
SnmpSvcGetUptime
SnmpSvcGetUptimeFromTime
SnmpSvcInitUptime
SnmpSvcSetLogLevel
SnmpSvcSetLogType
SnmpTfxClose
SnmpTfxOpen
SnmpTfxQuery
SnmpUtilAnsiToUnicode
SnmpUtilAsnAnyCpy
SnmpUtilAsnAnyFree
SnmpUtilDbgPrint
SnmpUtilIdsToA
SnmpUtilMemAlloc
SnmpUtilMemFree
SnmpUtilMemReAlloc
SnmpUtilOctetsCmp
SnmpUtilOctetsCpy
SnmpUtilOctetsFree
SnmpUtilOctetsNCmp
SnmpUtilOidAppend
SnmpUtilOidCmp
SnmpUtilOidCpy
SnmpUtilOidFree
SnmpUtilOidNCmp
SnmpUtilOidToA
SnmpUtilPrintAsnAny
SnmpUtilPrintOid
SnmpUtilUTF8ToUnicode
SnmpUtilUnicodeToAnsi
SnmpUtilUnicodeToUTF8
SnmpUtilVarBindCpy
SnmpUtilVarBindFree
SnmpUtilVarBindListCpy
SnmpUtilVarBindListFree

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SORTKEY.NLS
I386/SYSTEM32/SORTTBLS.NLS
I386/SYSTEM32/STDOLE2.TLB
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/STOBJECT.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/STORPROP.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CdromDisableDigitalPlayback
CdromEnableDigitalPlayback
CdromIsDigitalPlaybackEnabled
CdromKnownGoodDigitalPlayback
DiskClassInstaller
DllMain
DvdClassInstaller
DvdLauncher
DvdPropPageProvider
IdePropPageProvider
VolumePropPageProvider

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SVCHOST.EXE
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SXS.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreateAssemblyCache
CreateAssemblyNameObject
SxsBeginAssemblyInstall
SxsEndAssemblyInstall
SxsFindClrClassInformation
SxsFindClrSurrogateInformation
SxsGenerateActivationContext
SxsInstallAssemblyW
SxsInstallW
SxsLookupClrGuid
SxsOleAut32MapConfiguredClsidToReferenceClsid
SxsOleAut32MapIIDOrCLSIDToTypeLibrary
SxsOleAut32MapIIDToProxyStubCLSID
SxsOleAut32MapIIDToTLBPath
SxsOleAut32MapReferenceClsidToConfiguredClsid
SxsOleAut32RedirectTypeLibrary
SxsProbeAssemblyInstallation
SxsProtectionGatherEntriesW
SxsProtectionNotifyW
SxsProtectionPerformScanNow
SxsProtectionUserLogoffEvent
SxsProtectionUserLogonEvent
SxsQueryManifestInformation
SxsRunDllInstallAssembly
SxsRunDllInstallAssemblyW
SxsUninstallW
SxspGenerateManifestPathOnAssemblyIdentity
SxspGeneratePolicyPathOnAssemblyIdentity
SxspRunDllDeleteDirectory
SxspRunDllDeleteDirectoryW

Sections

UPX0
Size: - Virtual size: 496KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 230KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/SYSDM.CPL
.dll windows:5 windows x86 arch:x86

6dc2ae0411360caf6938333d400863ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sysdm.pdb

Imports

msvcrt

toupper
isalpha
wcstoul
wcscpy
_ultow
wcslen
iswctype
wcspbrk
_ftol
_vsnwprintf
ceil
wcsncpy
_vsnprintf
_wcsicmp
strchr
_snwprintf
wcsncmp
_wtoi
wcsstr
wcscat
??3@YAXPAX@Z
__CxxFrameHandler
tolower
_except_handler3
_wcsnicmp
??2@YAPAXI@Z

ntdll

RtlFreeUnicodeString
RtlInitUnicodeString
RtlCopySid
NtQueryInformationToken
RtlConvertSidToUnicodeString
RtlAdjustPrivilege
RtlGetNtProductType
NtQuerySystemInformation
NtCreatePagingFile
RtlGetSetBootStatusData
RtlLockBootStatusData
RtlUnlockBootStatusData
NtSetSystemInformation
NtClose
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlLengthSid

user32

GetDlgItemTextW
SetWindowLongW
SetDlgItemTextW
GetFocus
SetFocus
EnableWindow
wsprintfW
GetWindowLongW
WinHelpW
DialogBoxParamW
SendDlgItemMessageW
DestroyIcon
EndDialog
GetSystemMetrics
ShowCursor
LoadCursorW
SetCursor
GetDlgItem
GetDC
ReleaseDC
wvsprintfW
SendMessageW
MessageBoxW
RegisterWindowMessageW
LoadStringW
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
PostMessageW
GetParent
GetDlgItemInt
SetDlgItemInt
CharUpperW
MapDialogRect
SendMessageTimeoutW
GetClientRect
MessageBeep
IsWindowEnabled
SetWindowTextW
GetKeyboardType
SendMessageA
CharLowerW
SetTimer
SetWindowPos
MapWindowPoints
GetWindowRect
ShowWindow
LoadImageW
RegisterClipboardFormatW
ScreenToClient
GetWindowTextLengthW
LoadIconW
GetMessagePos

gdi32

GetDeviceCaps
SelectObject
DeleteObject
CreateFontIndirectW
GetTextExtentPointW
GetObjectW

ole32

CoInitialize
CoCreateInstance
ReleaseStgMedium
CoInitializeSecurity
CoUninitialize

oleaut32

VariantClear
SysFreeString
SysAllocString

comctl32

CreatePropertySheetPageW
ord365
ord358
PropertySheetW
ord361
ord359
ord355
ord363
InitCommonControlsEx
ord362

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetTempPathW
GetTempFileNameW
CopyFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetFileAttributesExW
GlobalUnlock
SetLastError
LoadLibraryExW
GetACP
GetSystemDefaultLangID
_lopen
_llseek
_lread
_lclose
SetFileAttributesA
_lcreat
_lwrite
GetFullPathNameW
GetWindowsDirectoryW
lstrcpynW
WritePrivateProfileStringW
WideCharToMultiByte
WritePrivateProfileSectionA
GetSystemDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionA
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetProcessHeap
HeapAlloc
GlobalLock
LoadLibraryExA
FreeLibrary
LoadLibraryW
lstrcmpW
CloseHandle
LocalFree
LocalReAlloc
LocalAlloc
GetCurrentProcess
lstrlenW
FindClose
FindNextFileW
DeleteFileW
RemoveDirectoryW
lstrcmpiW
SetFileAttributesW
GetLastError
FindFirstFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalFree
GlobalReAlloc
GlobalAlloc
lstrcpyW
CreateDirectoryW
GetVolumeInformationW
GetProcAddress
lstrcatW
FormatMessageW
LocalLock
LocalUnlock
LocalHandle
CreateMutexW
GetVersionExW
DeviceIoControl
CreateFileW
GetDriveTypeW
QueryDosDeviceW
GetDiskFreeSpaceW
GetSystemInfo
GetFileAttributesW
GlobalMemoryStatusEx
GetLogicalDrives
GetEnvironmentVariableW
ExpandEnvironmentStringsW
lstrlenA
lstrcatA
MultiByteToWideChar

advapi32

OpenProcessToken
RegSaveKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegLoadKeyW
RegUnLoadKeyW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExW
RegCloseKey
RegSetKeySecurity
RegCreateKeyW
RegOpenKeyW
RegEnumKeyW
RegGetKeySecurity
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
InitializeAcl
AddAccessAllowedAce
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid
CopySid
LookupAccountSidW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
ChangeServiceConfigW
StartServiceW
GetUserNameW
RegFlushKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ord195
ShellExecuteExW
ord680
ExtractIconW
ord100
ord258
ord168
ord167
ord730
ord169
ord259

shlwapi

StrCmpIW
StrFormatByteSizeW
PathFileExistsW
ord16
StrCatBuffW
SHRegGetUSValueW
SHRegSetUSValueW
ord437
StrToIntExW
AssocQueryStringW
SHGetValueW
wnsprintfW
StrCpyNW
SHRegGetBoolUSValueW

userenv

ord124
DeleteProfileW

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

imm32

ImmAssociateContext

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comdlg32

GetOpenFileNameW

usp10

ScriptIsComplex

imagehlp

UnMapAndLoad
MapAndLoad

setupapi

pSetupDoesUserHavePrivilege
pSetupIsUserAdmin

Exports

Exports

CPlApplet
EnableExecuteProtectionSupportW
ModifyExecuteProtectionSupportW
NoExecuteAddFileOptOutList
NoExecuteAddFileOptOutListW
NoExecuteProcessExceptionW
NoExecuteRemoveFileOptOutList
NoExecuteRemoveFileOptOutListW

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/SYSSETUP.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AsrAddSifEntryA
AsrAddSifEntryW
AsrCreateStateFileA
AsrCreateStateFileW
AsrFreeContext
AsrRestorePlugPlayRegistryData
AsrpGetLocalDiskInfo
AsrpGetLocalVolumeInfo
AsrpRestoreNonCriticalDisksW
CdromPropPageProvider
ComputerClassInstaller
CreateLocalAdminAccount
CreateLocalAdminAccountEx
CreateLocalUserAccount
CriticalDeviceCoInstaller
DevInstallW
DeviceBayClassInstaller
DiskPropPageProvider
DoInstallComponentInfs
EisaUpHalCoInstaller
EisaUpHalPropPageProvider
GenerateName
HdcClassInstaller
InitializeSetupLog
InstallWindowsNt
InvokeExternalApplicationEx
KeyboardClassInstaller
LegacyDriverPropPageProvider
MigrateExceptionPackages
MouseClassInstaller
NtApmClassInstaller
OpkCheckVersion
PS2MousePropPageProvider
PnPInitializationThread
PrepareForAudit
RepairStartMenuItems
ReportError
RunOEMExtraTasks
ScsiClassInstaller
SetAccountsDomainSid
SetupAddOrRemoveTestCertificate
SetupChangeFontSize
SetupChangeLocale
SetupChangeLocaleEx
SetupCreateOptionalComponentsPage
SetupDestroyLanguageList
SetupDestroyPhoneList
SetupEnumerateRegisteredOsComponents
SetupExtendPartition
SetupGetGeoOptions
SetupGetKeyboardOptions
SetupGetLocaleOptions
SetupGetProductType
SetupGetSetupInfo
SetupGetValidEula
SetupInfObjectInstallActionW
SetupInstallCatalog
SetupMapTapiToIso
SetupOobeBnk
SetupOobeCleanup
SetupOobeInitDebugLog
SetupOobeInitPostServices
SetupOobeInitPreServices
SetupPidGen3
SetupQueryRegisteredOsComponent
SetupQueryRegisteredOsComponentsOrder
SetupReadPhoneList
SetupRegisterOsComponent
SetupSetAdminPassword
SetupSetDisplay
SetupSetIntlOptions
SetupSetRegisteredOsComponentsOrder
SetupSetSetupInfo
SetupShellSettings
SetupStartService
SetupUnRegisterOsComponent
StorageCoInstaller
SystemUpdateUserProfileDirectory
TapeClassInstaller
TapePropPageProvider
TerminateSetupLog
UpdatePnpDeviceDrivers
UpgradePrinters
ViewSetupActionLog
VolumeClassInstaller
pSetupDebugPrint
pSetuplogSfcError

Sections

UPX0
Size: - Virtual size: 724KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 304KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/TASKMGR.EXE
.exe windows:5 windows x86 arch:x86

a91ce4b8d930e2a6762727a205af58c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

taskmgr.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
IsValidSid
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeValueW

kernel32

GetProcessAffinityMask
OpenProcess
MultiByteToWideChar
GetThreadTimes
TerminateProcess
GetPriorityClass
lstrcmpW
SetEvent
CreateEventW
GetComputerNameW
Sleep
FreeLibrary
SetProcessAffinityMask
LoadLibraryA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
SetUnhandledExceptionFilter
lstrcmpiW
GetTickCount
HeapSize
GetProcAddress
GetNumberFormatW
HeapReAlloc
lstrlenW
GetCurrentProcess
SetPriorityClass
GetCommandLineW
GetStartupInfoW
GetModuleHandleW
ExitProcess
CreateMutexW
GetCurrentProcessId
ProcessIdToSessionId
ReleaseMutex
SetProcessShutdownParameters
WaitForSingleObject
ExpandEnvironmentStringsW
CreateProcessW
GetCurrentThreadId
FormatMessageW
lstrcatW
GetVersionExW
GetLocaleInfoW
LocalAlloc
LocalFree
HeapFree
HeapAlloc
GetProcessHeap
CreateThread
CloseHandle
lstrcpynW
lstrcpyW
GetLastError
LoadLibraryW
InterlockedCompareExchange
GetVersionExA
IsBadWritePtr
SetLastError
GetCurrentThread
DelayLoadFailureHook
UnhandledExceptionFilter

gdi32

CreateFontIndirectW
GetCharWidth32W
CreateCompatibleBitmap
Rectangle
SetBkMode
SetTextColor
CreateCompatibleDC
DeleteDC
GetCurrentObject
GetObjectW
BitBlt
SelectObject
MoveToEx
LineTo
CreatePen
GetStockObject
CreateRectRgn
DeleteObject
CreateSolidBrush
CombineRgn
SetRectRgn
GetDeviceCaps
FillRgn

user32

DestroyIcon
LoadImageW
BeginDeferWindowPos
GetMenuItemCount
EnableMenuItem
GetSystemMetrics
SetMenuItemInfoW
LoadMenuW
DestroyMenu
ExitWindowsEx
LockWorkStation
GetAsyncKeyState
SetForegroundWindow
OpenIcon
LoadAcceleratorsW
MessageBoxW
CheckDlgButton
EndDialog
GetWindowTextW
IsDlgButtonChecked
GetSubMenu
InvalidateRect
GetSysColor
MonitorFromRect
SetTimer
LoadIconW
GetThreadDesktop
GetDialogBaseUnits
KillTimer
GetDesktopWindow
DestroyWindow
MessageBeep
MoveWindow
PostQuitMessage
IsZoomed
DispatchMessageW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
GetMessageW
CreateDialogParamW
SendMessageTimeoutW
AllowSetForegroundWindow
GetWindowThreadProcessId
FindWindowW
RegisterWindowMessageW
FillRect
DrawTextW
UpdateWindow
GetDlgCtrlID
SetFocus
CreateWindowExW
DialogBoxParamW
GetShellWindow
SetScrollPos
GetScrollInfo
IsWindow
EnableWindow
GetFocus
CharLowerBuffW
TrackPopupMenuEx
GetGuiResources
EnumWindowStationsW
GetClassLongW
IsHungAppWindow
InternalGetWindowText
IsWindowVisible
GetWindow
SetMenuDefaultItem
EnumWindows
CloseDesktop
SetThreadDesktop
OpenDesktopW
EnumDesktopsW
CloseWindowStation
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
CascadeWindows
TileWindows
SwitchToThisWindow
GetLastActivePopup
EndTask
PostMessageW
ShowWindowAsync
GetCursorPos
SetDlgItemTextW
GetParent
GetWindowTextLengthW
SetRect
SetCursor
LoadCursorW
GetWindowRect
DeferWindowPos
EndDeferWindowPos
GetMenuItemInfoW
IsIconic
BeginPaint
EndPaint
DrawEdge
GetForegroundWindow
GetKeyState
PostThreadMessageW
wsprintfW
GetClientRect
SetScrollInfo
ShowWindow
SetWindowPos
SetMenu
GetDlgItem
MapWindowPoints
SendMessageW
GetMenu
CheckMenuRadioItem
CheckMenuItem
DeleteMenu
LoadStringW
SetWindowTextW
GetClassInfoW
RegisterClassW
GetDC
ReleaseDC
SystemParametersInfoW
GetWindowLongW
SetWindowLongW
CallWindowProcW
DefWindowProcW
RemoveMenu
GetWindowLongA

ntdll

_chkstk
_snwprintf
RtlUnwind
_wcsicmp
NtQueryVirtualMemory
NtOpenThread
NtClose
strrchr
RtlLargeIntegerToChar
RtlAnsiStringToUnicodeString
_ui64tow
mbstowcs
memmove
NtQuerySystemInformation
wcstol
NtShutdownSystem
NtInitiatePowerAction
NtPowerInformation
RtlTimeToElapsedTimeFields

iphlpapi

GetInterfaceInfo
GetNumberOfInterfaces
NhGetInterfaceNameFromDeviceGuid
GetIfEntry

comctl32

ord17
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetIconSize
ImageList_Create
CreateStatusWindowW

shlwapi

StrStrIW
ord413
StrFormatByteSizeW
ord437
wnsprintfW

shell32

Shell_NotifyIconW
ord245
ShellAboutW
ord236
ord241
ord100
ord61

secur32

GetUserNameExW

vdmdbg

VDMEnumTaskWOWEx
VDMTerminateTaskWOW

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
I386/SYSTEM32/THEMEUI.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 344KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/TIMEDATE.CPL
.dll windows:5 windows x86 arch:x86

65e0016df074468b3298c6861a27384c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

timedate.pdb

Imports

kernel32

LeaveCriticalSection
FileTimeToSystemTime
SystemTimeToFileTime
lstrlenW
lstrcpynW
GetDateFormatW
GetUserDefaultLangID
LocalFree
LocalAlloc
GetLocalTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
FreeLibrary
FileTimeToLocalFileTime
GetTimeFormatW
GetSystemTime
FormatMessageW
EnterCriticalSection
GetLocaleInfoW
GetProcAddress
LoadLibraryW
GetLastError
DisableThreadLibraryCalls
MulDiv
InitializeCriticalSection
DeleteCriticalSection
SetTimeZoneInformation
GetTimeZoneInformation
lstrcmpiW
GetUserDefaultLCID
CompareStringW
GetCalendarInfoW
GetProfileIntW
GetProfileStringW
SetLocalTime

user32

LoadCursorW
SendMessageW
GetParent
IsWindow
LoadImageW
UpdateWindow
ScrollWindow
AdjustWindowRectEx
LoadIconW
MessageBoxW
EndDialog
IsWindowVisible
IsDlgButtonChecked
LoadStringW
CheckDlgButton
PostMessageW
WinHelpW
GetWindowTextW
SetWindowTextW
ShowWindow
GetWindowTextLengthW
SetCursor
SetWindowPos
EnableWindow
SetDlgItemTextW
GetFocus
SendDlgItemMessageW
GetDlgItem
GetWindowRect
ScreenToClient
MoveWindow
MessageBoxIndirectW
GetDC
ReleaseDC
InflateRect
OffsetRect
SetRect
KillTimer
SetTimer
GetClassInfoW
RegisterClassW
SetWindowLongW
DefWindowProcW
GetWindowLongW
InvalidateRect
GetClientRect
EndPaint
CharUpperW
DrawFocusRect
SetFocus
NotifyWinEvent
BeginPaint
GetSysColorBrush
FillRect
GetSysColor
DrawTextW

comctl32

ord17
PropertySheetW
ord236
CreatePropertySheetPageW
InitCommonControlsEx
ord358
ord362
ord363
ord365

ole32

CoInitialize
CoUninitialize

shell32

ShellExecuteW

gdi32

GetTextExtentPoint32A
GetClipBox
GetTextExtentPointW
DeleteDC
CreateCompatibleBitmap
GetObjectW
CreateDCW
BitBlt
SetDIBColorTable
GetCharWidth32W
SetLayout
GetDeviceCaps
SetBkMode
Polygon
SetROP2
GetStockObject
Rectangle
MoveToEx
LineTo
DeleteObject
CreateSolidBrush
CreatePen
SetBkColor
SelectObject
SetTextColor
GetTextColor
GetBkColor
TextOutW
ExtTextOutW
CreateCompatibleDC

advapi32

StartServiceW
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
OpenSCManagerW
RegCreateKeyW
RegDeleteValueW
RegEnumKeyW
RegQueryValueW
RegOpenKeyExW
RegCreateKeyExW
OpenServiceW
RegCloseKey
ControlService
CloseServiceHandle

imm32

ImmAssociateContext

ntdll

_chkstk
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
_vsnwprintf

shlwapi

SHRegGetBoolUSValueW
ord16
wnsprintfW
StrCmpIW
StrCpyNW
SHSetValueW
StrCmpW
PathRemoveBlanksW
SHGetValueW
StrCatBuffW

Exports

Exports

CPlApplet

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/UMPNPMGR.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DeleteServicePlugPlayRegKeys
PNP_GetDeviceList
PNP_GetDeviceListSize
PNP_GetDeviceRegProp
PNP_HwProfFlags
PNP_SetActiveService
RegisterScmCallback
RegisterServiceNotification
ServiceEntry

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/UNICODE.NLS
I386/SYSTEM32/UNTFS.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0NTFS_ATTRIBUTE@@QAE@XZ
??0NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAE@XZ
??0NTFS_ATTRIBUTE_LIST@@QAE@XZ
??0NTFS_ATTRIBUTE_RECORD@@QAE@XZ
??0NTFS_BAD_CLUSTER_FILE@@QAE@XZ
??0NTFS_BITMAP@@QAE@XZ
??0NTFS_BITMAP_FILE@@QAE@XZ
??0NTFS_BOOT_FILE@@QAE@XZ
??0NTFS_CLUSTER_RUN@@QAE@XZ
??0NTFS_EXTENT_LIST@@QAE@XZ
??0NTFS_FILE_RECORD_SEGMENT@@QAE@XZ
??0NTFS_FRS_STRUCTURE@@QAE@XZ
??0NTFS_INDEX_TREE@@QAE@XZ
??0NTFS_LOG_FILE@@QAE@XZ
??0NTFS_MFT_FILE@@QAE@XZ
??0NTFS_MFT_INFO@@QAE@XZ
??0NTFS_REFLECTED_MASTER_FILE_TABLE@@QAE@XZ
??0NTFS_SA@@QAE@XZ
??0NTFS_UPCASE_FILE@@QAE@XZ
??0NTFS_UPCASE_TABLE@@QAE@XZ
??0RA_PROCESS_FILE@@QAE@XZ
??0RA_PROCESS_SD@@QAE@XZ
??1NTFS_ATTRIBUTE@@UAE@XZ
??1NTFS_ATTRIBUTE_DEFINITION_TABLE@@UAE@XZ
??1NTFS_ATTRIBUTE_LIST@@UAE@XZ
??1NTFS_ATTRIBUTE_RECORD@@UAE@XZ
??1NTFS_BAD_CLUSTER_FILE@@UAE@XZ
??1NTFS_BITMAP@@UAE@XZ
??1NTFS_BITMAP_FILE@@UAE@XZ
??1NTFS_BOOT_FILE@@UAE@XZ
??1NTFS_CLUSTER_RUN@@UAE@XZ
??1NTFS_EXTENT_LIST@@UAE@XZ
??1NTFS_FILE_RECORD_SEGMENT@@UAE@XZ
??1NTFS_FRS_STRUCTURE@@UAE@XZ
??1NTFS_INDEX_TREE@@UAE@XZ
??1NTFS_LOG_FILE@@UAE@XZ
??1NTFS_MFT_FILE@@UAE@XZ
??1NTFS_MFT_INFO@@UAE@XZ
??1NTFS_REFLECTED_MASTER_FILE_TABLE@@UAE@XZ
??1NTFS_SA@@UAE@XZ
??1NTFS_UPCASE_FILE@@UAE@XZ
??1NTFS_UPCASE_TABLE@@UAE@XZ
??1RA_PROCESS_FILE@@UAE@XZ
??1RA_PROCESS_SD@@UAE@XZ
?AddExtent@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@00@Z
?AddFileNameAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAU_FILE_NAME@@@Z
?AddSecurityDescriptor@NTFS_FILE_RECORD_SEGMENT@@QAEEW4_CANNED_SECURITY_TYPE@@PAVNTFS_BITMAP@@@Z
?AddSecurityDescriptorData@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAXPAPAU_SECURITY_ENTRY@@KW4_CANNED_SECURITY_TYPE@@PAVNTFS_BITMAP@@E@Z
?AllocateFileRecordSegment@NTFS_MASTER_FILE_TABLE@@QAEEPAVBIG_INT@@E@Z
?CompareDupInfo@NTFS_MFT_INFO@@SGEPAXPAU_FILE_NAME@@@Z
?CompareFileName@NTFS_MFT_INFO@@SGEPAXKPAU_FILE_NAME@@PAG@Z
?ComputeDupInfoSignature@NTFS_MFT_INFO@@CGXPAU_DUPLICATED_INFORMATION@@QAE@Z
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
?CopyIterator@NTFS_INDEX_TREE@@QAEEPAV1@@Z
?Create@NTFS_FILE_RECORD_SEGMENT@@QAEEPBU_STANDARD_INFORMATION@@G@Z
?CreateDataAttribute@NTFS_LOG_FILE@@QAEEVBIG_INT@@KPAVNTFS_BITMAP@@@Z
?CreateElementaryStructures@NTFS_SA@@QAEEPAVNTFS_BITMAP@@KKKKPBVNUMBER_SET@@EEPAVMESSAGE@@PAUBIOS_PARAMETER_BLOCK@@PBVWSTRING@@@Z
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
?Flush@NTFS_MFT_FILE@@QAEEXZ
?GetNext@NTFS_INDEX_TREE@@QAEPBU_INDEX_ENTRY@@PAKPAEE@Z
?GetNextAttributeListEntry@NTFS_ATTRIBUTE_LIST@@QBEPBU_ATTRIBUTE_LIST_ENTRY@@PBU2@@Z
?GetNextAttributeRecord@NTFS_FRS_STRUCTURE@@QAEPAXPBXPAVMESSAGE@@PAE@Z
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBVNTFS_EXTENT_LIST@@VBIG_INT@@2KPBVWSTRING@@G@Z
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
?Initialize@NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@E@Z
?Initialize@NTFS_ATTRIBUTE_RECORD@@QAEEPAVIO_DP_DRIVE@@PAX@Z
?Initialize@NTFS_BAD_CLUSTER_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_BITMAP@@QAEEVBIG_INT@@EPAVLOG_IO_DP_DRIVE@@K@Z
?Initialize@NTFS_BITMAP_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_BOOT_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z
?Initialize@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@0@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@KPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEXZ
?Initialize@NTFS_FRS_STRUCTURE@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@K2KPAVNTFS_UPCASE_TABLE@@K@Z
?Initialize@NTFS_FRS_STRUCTURE@@QAEEPAVMEM@@PAVNTFS_ATTRIBUTE@@VBIG_INT@@K2KPAVNTFS_UPCASE_TABLE@@@Z
?Initialize@NTFS_FRS_STRUCTURE@@QAEEPAVMEM@@PAVNTFS_ATTRIBUTE@@VBIG_INT@@KK2KPAVNTFS_UPCASE_TABLE@@@Z
?Initialize@NTFS_INDEX_TREE@@QAEEKPAVLOG_IO_DP_DRIVE@@KPAVNTFS_BITMAP@@PAVNTFS_UPCASE_TABLE@@KKKPBVWSTRING@@@Z
?Initialize@NTFS_INDEX_TREE@@QAEEPAVLOG_IO_DP_DRIVE@@KPAVNTFS_BITMAP@@PAVNTFS_UPCASE_TABLE@@KPAVNTFS_FILE_RECORD_SEGMENT@@PBVWSTRING@@@Z
?Initialize@NTFS_LOG_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_MFT_FILE@@QAEEPAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK1PAVNTFS_BITMAP@@PAVNTFS_UPCASE_TABLE@@@Z
?Initialize@NTFS_MFT_INFO@@QAEEVBIG_INT@@PAVNTFS_UPCASE_TABLE@@EE_K@Z
?Initialize@NTFS_MFT_INFO@@QAEEXZ
?Initialize@NTFS_REFLECTED_MASTER_FILE_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
?Initialize@NTFS_UPCASE_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_UPCASE_TABLE@@QAEEPAVNTFS_ATTRIBUTE@@@Z
?Initialize@RA_PROCESS_FILE@@SGEPAVNTFS_SA@@VBIG_INT@@PAV3@PAKPAVNTFS_FRS_STRUCTURE@@4PAVHMEM@@5PAX6PAVNTFS_ATTRIBUTE@@PAVNTFS_UPCASE_TABLE@@@Z
?Initialize@RA_PROCESS_SD@@SGEPAVNTFS_SA@@VBIG_INT@@PAV3@PAKPAVNTFS_FILE_RECORD_SEGMENT@@4PAX5PAVNTFS_MASTER_FILE_TABLE@@@Z
?InsertEntry@NTFS_INDEX_TREE@@QAEEKPAXU_MFT_SEGMENT_REFERENCE@@E@Z
?InsertIntoFile@NTFS_ATTRIBUTE@@UAEEPAVNTFS_FILE_RECORD_SEGMENT@@PAVNTFS_BITMAP@@@Z
?IsAllocated@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
?IsAttributePresent@NTFS_FILE_RECORD_SEGMENT@@QAEEKPBVWSTRING@@E@Z
?IsDosName@NTFS_SA@@SGEPBU_FILE_NAME@@@Z
?IsFree@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
?IsNtfsName@NTFS_SA@@SGEPBU_FILE_NAME@@@Z
?MakeNonresident@NTFS_ATTRIBUTE@@UAEEPAVNTFS_BITMAP@@@Z
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
?QueryAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKPBVWSTRING@@@Z
?QueryAttributeByOrdinal@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKK@Z
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z
?QueryAttributeListAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAE@Z
?QueryClusterFactor@NTFS_SA@@QBEEXZ
?QueryDefaultClustersPerIndexBuffer@NTFS_SA@@SGKPBVDP_DRIVE@@K@Z
?QueryEntry@NTFS_INDEX_TREE@@QAEEKPAXKPAPAU_INDEX_ENTRY@@PAPAVNTFS_INDEX_BUFFER@@PAE@Z
?QueryExtent@NTFS_EXTENT_LIST@@QBEEKPAVBIG_INT@@00@Z
?QueryExtentList@NTFS_ATTRIBUTE_RECORD@@QBEEPAVNTFS_EXTENT_LIST@@@Z
?QueryFileReference@NTFS_INDEX_TREE@@QAEEKPAXKPAU_MFT_SEGMENT_REFERENCE@@PAE@Z
?QueryFileSizes@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVBIG_INT@@0PAE@Z
?QueryFlags@NTFS_MFT_INFO@@SGEPAXG@Z
?QueryFrsFromPath@NTFS_SA@@QAEEPBVWSTRING@@PAVNTFS_MASTER_FILE_TABLE@@PAVNTFS_BITMAP@@PAVNTFS_FILE_RECORD_SEGMENT@@PAE4@Z
?QueryLcnFromVcn@NTFS_EXTENT_LIST@@QBEEVBIG_INT@@PAV2@1@Z
?QueryName@NTFS_ATTRIBUTE_RECORD@@QBEEPAVWSTRING@@@Z
?QueryNextEntry@NTFS_ATTRIBUTE_LIST@@QBEEPAU_ATTR_LIST_CURR_ENTRY@@PAKPAVBIG_INT@@PAU_MFT_SEGMENT_REFERENCE@@PAGPAVWSTRING@@@Z
?QueryNumberOfExtents@NTFS_EXTENT_LIST@@QBEKXZ
?QuerySectorsInElementaryStructures@NTFS_SA@@SGKPBVDP_DRIVE@@KKKK@Z
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
?QueryVolumeFlagsAndLabel@NTFS_SA@@QAEGPAE00PAVWSTRING@@@Z
?Read@NTFS_ATTRIBUTE@@QAEEPAXVBIG_INT@@KPAK@Z
?Read@NTFS_FRS_STRUCTURE@@UAEEXZ
?Read@NTFS_MFT_FILE@@UAEEXZ
?Read@NTFS_SA@@QAEEPAVMESSAGE@@@Z
?Read@NTFS_SA@@UAEEXZ
?ReadAgain@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?ReadList@NTFS_ATTRIBUTE_LIST@@QAEEXZ
?ReadNext@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?ReadSet@NTFS_FRS_STRUCTURE@@QAEEPAVTLINK@@@Z
?Relocate@NTFS_CLUSTER_RUN@@QAEXVBIG_INT@@@Z
?ResetIterator@NTFS_INDEX_TREE@@QAEXXZ
?Resize@NTFS_ATTRIBUTE@@UAEEVBIG_INT@@PAVNTFS_BITMAP@@@Z
?SafeQueryAttribute@NTFS_FRS_STRUCTURE@@QAEEKPAVNTFS_ATTRIBUTE@@0@Z
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
?SetSparse@NTFS_ATTRIBUTE@@UAEEVBIG_INT@@PAVNTFS_BITMAP@@@Z
?SetVolumeFlag@NTFS_SA@@QAEEGPAE@Z
?TakeCensus@NTFS_SA@@QAEEPAVNTFS_MASTER_FILE_TABLE@@KPAUNTFS_CENSUS_INFO@@@Z
?Write@NTFS_ATTRIBUTE@@UAEEPBXVBIG_INT@@KPAKPAVNTFS_BITMAP@@@Z
?Write@NTFS_BITMAP@@QAEEPAVNTFS_ATTRIBUTE@@PAV1@@Z
?Write@NTFS_FILE_RECORD_SEGMENT@@UAEEXZ
?Write@NTFS_FRS_STRUCTURE@@QAEEXZ
?WriteRemainingBootCode@NTFS_SA@@QAEEXZ
Chkdsk
ChkdskEx
Extend
Format
FormatEx
InitializeUntfs
Recover

Sections

UPX0
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/URLMON.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

c6852b01daf41b5b7f5ae80196968214

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

urlmon.pdb

Imports

ole32

CLSIDFromProgID
HWND_UserMarshal
CoFreeUnusedLibraries
StringFromGUID2
HWND_UserSize
CLSIDFromString
HWND_UserUnmarshal
HWND_UserFree
CoRegisterMessageFilter
StgOpenStorage
CoUnmarshalInterface
CoMarshalInterface
CoGetMarshalSizeMax
OleGetAutoConvert
ReleaseStgMedium
MonikerRelativePathTo
CreateGenericComposite
CoCreateInstance
CoGetClassObject
StringFromCLSID
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
GetClassFile
CoTaskMemFree
CoTaskMemAlloc
CreateBindCtx
MkParseDisplayName

rpcrt4

NdrCStdStubBuffer_Release
RpcRaiseException
NdrClientCall2
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
NdrDllRegisterProxy

shlwapi

PathRemoveFileSpecW
PathIsUNCServerShareW
SHStrDupW
StrTrimW
ord216
UrlCanonicalizeA
ord218
ord97
SHRegGetBoolUSValueA
StrCpyW
StrCmpNIW
ord215
StrCpyNW
ord431
ord378
ord107
ord395
SHRegGetValueW
ord125
ord158
PathFindFileNameW
ord80
wnsprintfA
PathCombineA
ord24
ord507
ord57
ord508
ord361
SHRegQueryInfoUSKeyW
SHRegEnumUSValueW
SHRegEnumUSKeyW
SHRegQueryUSValueW
SHRegOpenUSKeyW
SHRegCreateUSKeyW
SHRegCloseUSKey
ord457
PathIsPrefixW
ord309
ord472
ord219
SHRegGetUSValueW
ord83
UrlIsW
PathIsUNCW
PathStripToRootW
SHRegSetUSValueW
PathIsRootW
ord446
StrRChrW
ord398
ord143
StrDupW
ord29
SHRegDeleteEmptyUSKeyW
SHRegDeleteUSValueW
SHRegWriteUSValueW
ord335
ord558
ord120
ord130
ord559
StrCmpNA
PathFindExtensionA
ord441
StrCatBuffW
SHQueryValueExA
StrCatBuffA
PathFileExistsA
StrToIntW
PathRenameExtensionA
PathUndecorateA
ord435
ord52
ord75
ord65
PathIsUNCServerA
ord76
UrlGetPartA
StrToIntA
UrlCombineA
UrlGetLocationA
PathCreateFromUrlA
StrDupA
UrlUnescapeA
ord1
StrStrA
ord154
StrStrW
ord155
ord153
ord151
PathFindExtensionW
StrCmpIW
wnsprintfW
ord564
StrChrW
StrCmpNIA
ord124
ord128
ord59
ord220
ord138
UrlCanonicalizeW
UrlUnescapeW
UrlEscapeW
PathCreateFromUrlW
UrlCreateFromPathW
UrlGetLocationW
StrChrA
UrlCompareW
UrlCombineW
StrCmpW
UrlGetPartW
SHRegGetUSValueA
ord2
ord436
StrNCatA
StrCatW
StrStrIA
SHGetValueW

user32

RegisterClipboardFormatA
LoadStringA
wsprintfA
CharNextA
CharPrevA
DestroyWindow
PostMessageA
SetWindowLongA
DefWindowProcA
SendMessageA
GetWindowLongA
SetForegroundWindow
GetDlgItem
EndDialog
UnregisterClassA
RegisterClassA
CreateWindowExA
GetClipboardFormatNameA
PostQuitMessage
PeekMessageA
DispatchMessageA
TranslateMessage
GetQueueStatus
MsgWaitForMultipleObjects
MapWindowPoints
SetWindowTextW
GetClientRect
GetWindowDC
SendMessageW
DrawTextExW
CharLowerA
IsDlgButtonChecked
CheckDlgButton
SendDlgItemMessageA
SetFocus
EnableWindow
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
ShowWindow
MessageBoxW
SetDlgItemTextA
FindWindowA
CharUpperBuffA
SetTimer
KillTimer
OemToCharBuffA
SendNotifyMessageA
GetParent
GetLastActivePopup
GetActiveWindow
DialogBoxParamA
GetAsyncKeyState

gdi32

GetTextExtentPoint32W
SelectObject
GetDeviceCaps
GetObjectType
CreatePalette
GetPaletteEntries
SetEnhMetaFileBits
GetEnhMetaFileBits
CreateBitmap
GetBitmapBits
SetMetaFileBitsEx
GetMetaFileBitsEx
DeleteObject
CreateFontIndirectA
GetObjectA

advapi32

RegQueryValueExA
GetUserNameA
OpenProcessToken
GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

kernel32

FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetCommandLineA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetDriveTypeA
CreateMutexA
GetDriveTypeW
RtlMoveMemory
ReleaseMutex
GetTimeFormatA
GetLocaleInfoA
FileTimeToSystemTime
GetCurrentProcess
LocalAlloc
GetLocalTime
RemoveDirectoryA
FindNextFileA
CompareFileTime
SearchPathA
SystemTimeToFileTime
FormatMessageA
DeleteAtom
GetPrivateProfileIntA
GetPrivateProfileStringA
GetSystemTime
CreateThread
TerminateThread
TerminateProcess
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
ExitThread
GetSystemTimeAsFileTime
CopyFileA
GetSystemDirectoryA
GetUserDefaultLCID
GetSystemDefaultLCID
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
FindFirstFileA
GetFullPathNameA
SetLastError
CompareStringA
GetShortPathNameA
GetThreadLocale
lstrcatA
GetFileAttributesA
GetEnvironmentStrings
WriteFile
DeleteFileA
GetTempPathA
GlobalLock
GlobalSize
GlobalUnlock
CreateFileA
GetFileSize
GetFileTime
SetFilePointer
ReadFile
FindClose
QueryDosDeviceW
GetACP
FindAtomA
AddAtomA
CloseHandle
GetLastError
GetCurrentProcessId
LocalFree
GlobalAlloc
GlobalFree
LoadLibraryExA
GetProcessHeap
TlsAlloc
TlsFree
TlsGetValue
HeapAlloc
HeapFree
GetCurrentThreadId
lstrcpyA
lstrlenA
GetModuleFileNameA
lstrcmpA
lstrcmpiA
lstrcpynA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetWindowsDirectoryA
GetVersionExA
GetSystemInfo
TlsSetValue
GetModuleHandleA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
IsBadWritePtr
IsBadReadPtr
lstrlenW
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
HeapSize
RtlUnwind
InterlockedExchange
lstrcpynW
LoadLibraryW
VirtualQuery
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
VirtualAlloc
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FlushFileBuffers
VirtualProtect
QueryPerformanceCounter
GetTickCount
SetUnhandledExceptionFilter
CreateDirectoryA
RaiseException
SetStdHandle

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

AsyncGetClassBits
AsyncInstallDistributionUnit
BindAsyncMoniker
CDLGetLongPathNameA
CDLGetLongPathNameW
CoGetClassObjectFromURL
CoInstall
CoInternetCombineUrl
CoInternetCompareUrl
CoInternetCreateSecurityManager
CoInternetCreateZoneManager
CoInternetFeatureSettingsChanged
CoInternetGetProtocolFlags
CoInternetGetSecurityUrl
CoInternetGetSession
CoInternetIsFeatureEnabled
CoInternetIsFeatureEnabledForUrl
CoInternetIsFeatureZoneElevationEnabled
CoInternetParseUrl
CoInternetQueryInfo
CoInternetSetFeatureEnabled
CompareSecurityIds
CompatFlagsFromClsid
CopyBindInfo
CopyStgMedium
CreateAsyncBindCtx
CreateAsyncBindCtxEx
CreateFormatEnumerator
CreateURLMoniker
CreateURLMonikerEx
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
Extract
FaultInIEFeature
FindMediaType
FindMediaTypeClass
FindMimeFromData
GetClassFileOrMime
GetClassURL
GetComponentIDFromCLSSPEC
GetMarkOfTheWeb
GetSoftwareUpdateInfo
HlinkGoBack
HlinkGoForward
HlinkNavigateMoniker
HlinkNavigateString
HlinkSimpleNavigateToMoniker
HlinkSimpleNavigateToString
InstallFlash
IsAsyncMoniker
IsJITInProgress
IsLoggingEnabledA
IsLoggingEnabledW
IsValidURL
MkParseDisplayNameEx
ObtainUserAgentString
PrivateCoInstall
RegisterBindStatusCallback
RegisterFormatEnumerator
RegisterMediaTypeClass
RegisterMediaTypes
ReleaseBindInfo
RevokeBindStatusCallback
RevokeFormatEnumerator
SetSoftwareUpdateAdvertisementState
URLDownloadA
URLDownloadToCacheFileA
URLDownloadToCacheFileW
URLDownloadToFileA
URLDownloadToFileW
URLDownloadW
URLOpenBlockingStreamA
URLOpenBlockingStreamW
URLOpenPullStreamA
URLOpenPullStreamW
URLOpenStreamA
URLOpenStreamW
UrlMkBuildVersion
UrlMkGetSessionOption
UrlMkSetSessionOption
WriteHitLogging
ZonesReInit

Sections

.text
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/USER32.DLL
.dll windows:5 windows x86 arch:x86

74c9c1d4c866d43b9e737e75d03ba940

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

user32.pdb

Imports

ntdll

NtQueryVirtualMemory
RtlUnwind
RtlNtStatusToDosError
NlsAnsiCodePage
RtlAllocateHeap
qsort
RtlMultiByteToUnicodeSize
LdrFlushAlternateResourceModules
RtlPcToFileHeader
wcsrchr
NtRaiseHardError
RtlIsNameLegalDOS8Dot3
strrchr
sscanf
NtQueryKey
NtEnumerateValueKey
RtlRunEncodeUnicodeString
RtlRunDecodeUnicodeString
_wcsicmp
CsrAllocateCaptureBuffer
CsrCaptureMessageBuffer
CsrFreeCaptureBuffer
NtOpenThreadToken
NtOpenProcessToken
NtQueryInformationToken
CsrClientCallServer
memmove
NtCallbackReturn
RtlUnicodeToMultiByteSize
RtlActivateActivationContextUnsafeFast
RtlDeactivateActivationContextUnsafeFast
RtlInitializeCriticalSection
NtQuerySystemInformation
swprintf
RtlDeleteCriticalSection
RtlImageNtHeader
CsrClientConnectToServer
NtYieldExecution
NtCreateKey
NtSetValueKey
NtDeleteValueKey
RtlQueryInformationActiveActivationContext
RtlReleaseActivationContext
RtlFreeHeap
wcsncpy
wcscmp
wcstoul
wcscat
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
NtOpenDirectoryObject
_chkstk
wcscpy
wcsncat
NtSetSecurityObject
NtQuerySecurityObject
NtQueryInformationProcess
wcstol
wcslen
RtlFindActivationContextSectionString
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteN
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlOpenCurrentUser
NtEnumerateKey
NtOpenKey
NtClose
NtQueryValueKey
RtlInitUnicodeString
RtlUnicodeStringToInteger

kernel32

LocalSize
LocalUnlock
SizeofResource
LoadResource
FindResourceExW
FindResourceExA
GetModuleHandleW
DisableThreadLibraryCalls
GetCurrentThreadId
IsDBCSLeadByteEx
SearchPathW
ExpandEnvironmentStringsW
LoadLibraryExW
GlobalAddAtomW
GetSystemDirectoryW
GetComputerNameW
GetCurrentProcess
GetCurrentThread
ExitThread
GetExitCodeThread
CreateThread
HeapReAlloc
GlobalHandle
FoldStringW
Sleep
GetStringTypeW
GetStringTypeA
GetCPInfo
HeapSize
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
ReadFile
SetFileTime
GetFileTime
GetSystemWindowsDirectoryW
CopyFileW
MoveFileW
DeleteFileW
CreateProcessW
AddAtomA
AddAtomW
GetAtomNameW
GetAtomNameA
IsValidLocale
ConvertDefaultLocale
CompareStringW
GetCurrentDirectoryW
SetCurrentDirectoryW
lstrlenW
GetLogicalDrives
FindClose
FindNextFileW
FindFirstFileW
GetThreadLocale
VirtualFree
ProcessIdToSessionId
GetCurrentProcessId
InterlockedCompareExchange
IsDBCSLeadByte
LCMapStringW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
lstrlenA
GlobalFindAtomA
GetModuleFileNameA
GetModuleHandleA
GlobalAddAtomA
DelayLoadFailureHook
LoadLibraryA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalLock
LocalReAlloc
GetACP
GetOEMCP
InterlockedIncrement
InterlockedDecrement
SetLastError
GlobalFindAtomW
GlobalAlloc
MultiByteToWideChar
GlobalReAlloc
GetLastError
GetProcAddress
LoadLibraryW
FreeLibrary
lstrcpynW
CreateFileW
WritePrivateProfileStringW
lstrcmpiW
SetEvent
WaitForMultipleObjectsEx
WideCharToMultiByte
GlobalFlags
GetLocaleInfoW
GlobalFree
GetModuleFileNameW
GlobalGetAtomNameW
GlobalGetAtomNameA
InterlockedExchange
DeleteAtom
LocalAlloc
GlobalDeleteAtom
LocalFree
GlobalSize
GlobalLock
GlobalUnlock
GetUserDefaultLCID
HeapAlloc
HeapFree
lstrcpyW
lstrcatW
GetPrivateProfileStringW
RegisterWaitForInputIdle

gdi32

GetClipRgn
ExtSelectClipRgn
GetHFONT
GetMapMode
SetGraphicsMode
GetClipBox
CreateRectRgn
CreateRectRgnIndirect
SetLayout
GetBoundsRect
ExcludeClipRect
PlayEnhMetaFile
CreatePen
Ellipse
CreateEllipticRgn
GdiFixUpHandle
GetTextCharacterExtra
SetTextCharacterExtra
GetCurrentObject
GetViewportOrgEx
SetViewportOrgEx
PolyPatBlt
CreateBrushIndirect
SetBoundsRect
CopyEnhMetaFileW
CopyMetaFileW
GetPaletteEntries
CreatePalette
SetPaletteEntries
bInitSystemAndFontsDirectoriesW
bMakePathNameW
cGetTTFFromFOT
GetPixel
ExtTextOutA
GetTextCharsetInfo
QueryFontAssocStatus
GetCharWidthInfo
GetCharWidthA
GetTextFaceW
GetCharABCWidthsA
GetCharABCWidthsW
SetBrushOrgEx
CreateFontIndirectW
EnumFontsW
GetTextFaceAliasW
GetTextMetricsW
GetTextColor
GetBkMode
GetViewportExtEx
GetWindowExtEx
GdiGetCharDimensions
GdiGetCodePage
GetTextCharset
GdiPrinterThunk
GdiAddFontResourceW
TranslateCharsetInfo
SaveDC
OffsetWindowOrgEx
RestoreDC
ExtTextOutW
GetObjectType
GetDIBits
CreateDIBSection
SetStretchBltMode
SelectPalette
RealizePalette
SetDIBits
CreateDCW
CreateDIBitmap
CreateCompatibleBitmap
SetBitmapBits
DeleteDC
GdiValidateHandle
GdiProcessSetup
CreateSolidBrush
GetStockObject
CreateCompatibleDC
GdiConvertBitmapV5
GdiCreateLocalEnhMetaFile
GdiCreateLocalMetaFilePict
GetRgnBox
CombineRgn
OffsetRgn
MirrorRgn
EnableEUDC
GdiConvertToDevmodeW
GetTextExtentPointA
GetTextExtentPointW
CreateBitmap
SetLayoutWidth
PatBlt
TextOutA
TextOutW
BitBlt
GdiConvertAndCheckDC
StretchBlt
SetRectRgn
GdiReleaseDC
GdiConvertEnhMetaFile
GdiConvertMetaFilePict
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
GetDIBColorTable
GetDeviceCaps
StretchDIBits
GetLayout
SetBkColor
SetTextColor
GetObjectW
GetBkColor
SetBkMode
SelectObject
IntersectClipRect
GetTextAlign
SetTextAlign
GdiDllInitialize

Exports

Exports

ActivateKeyboardLayout
AdjustWindowRect
AdjustWindowRectEx
AlignRects
AllowForegroundActivation
AllowSetForegroundWindow
AnimateWindow
AnyPopup
AppendMenuA
AppendMenuW
ArrangeIconicWindows
AttachThreadInput
BeginDeferWindowPos
BeginPaint
BlockInput
BringWindowToTop
BroadcastSystemMessage
BroadcastSystemMessageA
BroadcastSystemMessageExA
BroadcastSystemMessageExW
BroadcastSystemMessageW
BuildReasonArray
CalcMenuBar
CallMsgFilter
CallMsgFilterA
CallMsgFilterW
CallNextHookEx
CallWindowProcA
CallWindowProcW
CascadeChildWindows
CascadeWindows
ChangeClipboardChain
ChangeDisplaySettingsA
ChangeDisplaySettingsExA
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuA
ChangeMenuW
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharToOemA
CharToOemBuffA
CharToOemBuffW
CharToOemW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
ChildWindowFromPoint
ChildWindowFromPointEx
CliImmSetHotKey
ClientThreadSetup
ClientToScreen
ClipCursor
CloseClipboard
CloseDesktop
CloseWindow
CloseWindowStation
CopyAcceleratorTableA
CopyAcceleratorTableW
CopyIcon
CopyImage
CopyRect
CountClipboardFormats
CreateAcceleratorTableA
CreateAcceleratorTableW
CreateCaret
CreateCursor
CreateDesktopA
CreateDesktopW
CreateDialogIndirectParamA
CreateDialogIndirectParamAorW
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateIcon
CreateIconFromResource
CreateIconFromResourceEx
CreateIconIndirect
CreateMDIWindowA
CreateMDIWindowW
CreateMenu
CreatePopupMenu
CreateSystemThreads
CreateWindowExA
CreateWindowExW
CreateWindowStationA
CreateWindowStationW
CsrBroadcastSystemMessageExW
CtxInitUser32
DdeAbandonTransaction
DdeAccessData
DdeAddData
DdeClientTransaction
DdeCmpStringHandles
DdeConnect
DdeConnectList
DdeCreateDataHandle
DdeCreateStringHandleA
DdeCreateStringHandleW
DdeDisconnect
DdeDisconnectList
DdeEnableCallback
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeGetQualityOfService
DdeImpersonateClient
DdeInitializeA
DdeInitializeW
DdeKeepStringHandle
DdeNameService
DdePostAdvise
DdeQueryConvInfo
DdeQueryNextServer
DdeQueryStringA
DdeQueryStringW
DdeReconnect
DdeSetQualityOfService
DdeSetUserHandle
DdeUnaccessData
DdeUninitialize
DefDlgProcA
DefDlgProcW
DefFrameProcA
DefFrameProcW
DefMDIChildProcA
DefMDIChildProcW
DefRawInputProc
DefWindowProcA
DefWindowProcW
DeferWindowPos
DeleteMenu
DeregisterShellHookWindow
DestroyAcceleratorTable
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyReasons
DestroyWindow
DeviceEventWorker
DialogBoxIndirectParamA
DialogBoxIndirectParamAorW
DialogBoxIndirectParamW
DialogBoxParamA
DialogBoxParamW
DisableProcessWindowsGhosting
DispatchMessageA
DispatchMessageW
DisplayExitWindowsWarnings
DlgDirListA
DlgDirListComboBoxA
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExA
DlgDirSelectComboBoxExW
DlgDirSelectExA
DlgDirSelectExW
DragDetect
DragObject
DrawAnimatedRects
DrawCaption
DrawCaptionTempA
DrawCaptionTempW
DrawEdge
DrawFocusRect
DrawFrame
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawMenuBarTemp
DrawStateA
DrawStateW
DrawTextA
DrawTextExA
DrawTextExW
DrawTextW
EditWndProc
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndDialog
EndMenu
EndPaint
EndTask
EnterReaderModeHelper
EnumChildWindows
EnumClipboardFormats
EnumDesktopWindows
EnumDesktopsA
EnumDesktopsW
EnumDisplayDevicesA
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsA
EnumDisplaySettingsExA
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumThreadWindows
EnumWindowStationsA
EnumWindowStationsW
EnumWindows
EqualRect
ExcludeUpdateRgn
ExitWindowsEx
FillRect
FindWindowA
FindWindowExA
FindWindowExW
FindWindowW
FlashWindow
FlashWindowEx
FrameRect
FreeDDElParam
GetActiveWindow
GetAltTabInfo
GetAltTabInfoA
GetAltTabInfoW
GetAncestor
GetAppCompatFlags
GetAppCompatFlags2
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetCaretPos
GetClassInfoA
GetClassInfoExA
GetClassInfoExW
GetClassInfoW
GetClassLongA
GetClassLongW
GetClassNameA
GetClassNameW
GetClassWord
GetClientRect
GetClipCursor
GetClipboardData
GetClipboardFormatNameA
GetClipboardFormatNameW
GetClipboardOwner
GetClipboardSequenceNumber
GetClipboardViewer
GetComboBoxInfo
GetCursor
GetCursorFrameInfo
GetCursorInfo
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDlgItemTextW
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetGUIThreadInfo
GetGuiResources
GetIconInfo
GetInputDesktop
GetInputState
GetInternalWindowPos
GetKBCodePage
GetKeyNameTextA
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetLastInputInfo
GetLayeredWindowAttributes
GetListBoxInfo
GetMenu
GetMenuBarInfo
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuItemInfoW
GetMenuItemRect
GetMenuState
GetMenuStringA
GetMenuStringW
GetMessageA
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoA
GetMonitorInfoW
GetMouseMovePointsEx
GetNextDlgGroupItem
GetNextDlgTabItem
GetOpenClipboardWindow
GetParent
GetPriorityClipboardFormat
GetProcessDefaultLayout
GetProcessWindowStation
GetProgmanWindow
GetPropA
GetPropW
GetQueueStatus
GetRawInputBuffer
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetReasonTitleFromReasonCode
GetRegisteredRawInputDevices
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetShellWindow
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTabbedTextExtentA
GetTabbedTextExtentW
GetTaskmanWindow
GetThreadDesktop
GetTitleBarInfo
GetTopWindow
GetUpdateRect
GetUpdateRgn
GetUserObjectInformationA
GetUserObjectInformationW
GetUserObjectSecurity
GetWinStationInfo
GetWindow
GetWindowContextHelpId
GetWindowDC
GetWindowInfo
GetWindowLongA
GetWindowLongW
GetWindowModuleFileName
GetWindowModuleFileNameA
GetWindowModuleFileNameW
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowRgnBox
GetWindowTextA
GetWindowTextLengthA
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
GetWindowWord
GrayStringA
GrayStringW
HideCaret
HiliteMenuItem
IMPGetIMEA
IMPGetIMEW
IMPQueryIMEA
IMPQueryIMEW
IMPSetIMEA
IMPSetIMEW
ImpersonateDdeClientWindow
InSendMessage
InSendMessageEx
InflateRect
InitializeLpkHooks
InitializeWin32EntryTable
InsertMenuA
InsertMenuItemA
InsertMenuItemW
InsertMenuW
InternalGetWindowText
IntersectRect
InvalidateRect
InvalidateRgn
InvertRect
IsCharAlphaA
IsCharAlphaNumericA
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerA
IsCharLowerW
IsCharUpperA
IsCharUpperW
IsChild
IsClipboardFormatAvailable
IsDialogMessage
IsDialogMessageA
IsDialogMessageW
IsDlgButtonChecked
IsGUIThread
IsHungAppWindow
IsIconic
IsMenu
IsRectEmpty
IsServerSideWindow
IsWinEventHookInstalled
IsWindow
IsWindowEnabled
IsWindowInDestroy
IsWindowUnicode
IsWindowVisible
IsZoomed
KillSystemTimer
KillTimer
LoadAcceleratorsA
LoadAcceleratorsW
LoadBitmapA
LoadBitmapW
LoadCursorA
LoadCursorFromFileA
LoadCursorFromFileW
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
LoadKeyboardLayoutA
LoadKeyboardLayoutEx
LoadKeyboardLayoutW
LoadLocalFonts
LoadMenuA
LoadMenuIndirectA
LoadMenuIndirectW
LoadMenuW
LoadRemoteFonts
LoadStringA
LoadStringW
LockSetForegroundWindow
LockWindowStation
LockWindowUpdate
LockWorkStation
LookupIconIdFromDirectory
LookupIconIdFromDirectoryEx
MBToWCSEx
MB_GetString
MapDialogRect
MapVirtualKeyA
MapVirtualKeyExA
MapVirtualKeyExW
MapVirtualKeyW
MapWindowPoints
MenuItemFromPoint
MenuWindowProcA
MenuWindowProcW
MessageBeep
MessageBoxA
MessageBoxExA
MessageBoxExW
MessageBoxIndirectA
MessageBoxIndirectW
MessageBoxTimeoutA
MessageBoxTimeoutW
MessageBoxW
ModifyMenuA
ModifyMenuW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
NotifyWinEvent
OemKeyScan
OemToCharA
OemToCharBuffA
OemToCharBuffW
OemToCharW
OffsetRect
OpenClipboard

Sections

.text
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/USERENV.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CheckXForestLogon
CreateEnvironmentBlock
DeleteProfileA
DeleteProfileW
DestroyEnvironmentBlock
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserA
ExpandEnvironmentStringsForUserW
ForceSyncFgPolicy
FreeGPOListA
FreeGPOListW
GenerateRsopPolicy
GetAllUsersProfileDirectoryA
GetAllUsersProfileDirectoryW
GetAppliedGPOListA
GetAppliedGPOListW
GetDefaultUserProfileDirectoryA
GetDefaultUserProfileDirectoryW
GetGPOListA
GetGPOListW
GetNextFgPolicyRefreshInfo
GetPreviousFgPolicyRefreshInfo
GetProfileType
GetProfilesDirectoryA
GetProfilesDirectoryW
GetUserProfileDirectoryA
GetUserProfileDirectoryW
LeaveCriticalPolicySection
LoadUserProfileA
LoadUserProfileW
ProcessGroupPolicyCompleted
ProcessGroupPolicyCompletedEx
RefreshPolicy
RefreshPolicyEx
RegisterGPNotification
RsopAccessCheckByType
RsopFileAccessCheck
RsopLoggingEnabled
RsopResetPolicySettingStatus
RsopSetPolicySettingStatus
UnloadUserProfile
UnregisterGPNotification
WaitForMachinePolicyForegroundProcessing
WaitForUserPolicyForegroundProcessing

Sections

UPX0
Size: - Virtual size: 540KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 196KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/USP10.DLL
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

LpkPresent
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptBreak
ScriptCPtoX
ScriptCacheGetHeight
ScriptFreeCache
ScriptGetCMap
ScriptGetFontProperties
ScriptGetGlyphABCWidth
ScriptGetLogicalWidths
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptJustify
ScriptLayout
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringGetOrder
ScriptStringOut
ScriptStringValidate
ScriptStringXtoCP
ScriptString_pLogAttr
ScriptString_pSize
ScriptString_pcOutChars
ScriptTextOut
ScriptXtoCP
UspAllocCache
UspAllocTemp
UspFreeMem

Sections

UPX0
Size: - Virtual size: 268KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 168KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/UXTHEME.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CloseThemeData
DrawThemeBackground
DrawThemeBackgroundEx
DrawThemeEdge
DrawThemeIcon
DrawThemeParentBackground
DrawThemeText
EnableThemeDialogTexture
EnableTheming
GetCurrentThemeName
GetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBool
GetThemeColor
GetThemeDocumentationProperty
GetThemeEnumValue
GetThemeFilename
GetThemeFont
GetThemeInt
GetThemeIntList
GetThemeMargins
GetThemeMetric
GetThemePartSize
GetThemePosition
GetThemePropertyOrigin
GetThemeRect
GetThemeString
GetThemeSysBool
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysFont
GetThemeSysInt
GetThemeSysSize
GetThemeSysString
GetThemeTextExtent
GetThemeTextMetrics
GetWindowTheme
HitTestThemeBackground
IsAppThemed
IsThemeActive
IsThemeBackgroundPartiallyTransparent
IsThemeDialogTextureEnabled
IsThemePartDefined
OpenThemeData
SetThemeAppProperties
SetWindowTheme

Sections

UPX0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/VDMDBG.DLL
.dll windows:5 windows x86 arch:x86

bd0323785851503fcb17b2dd224a08b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

vdmdbg.pdb

Imports

ntdll

RtlUnwind
NtOpenThread

kernel32

GetCurrentProcess
InterlockedExchange
WriteProcessMemory
ReadProcessMemory
CloseHandle
OpenProcess
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap
HeapFree
_lclose
_llseek
_lread
OpenFile
TerminateThread
WaitForSingleObject
ContinueDebugEvent
WaitForDebugEvent
CreateRemoteThread
GetThreadContext
SetThreadContext
GetNextVDMCommand
GlobalAddAtomA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
GetLocaleInfoA
GetCPInfo
VirtualProtect
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
VirtualFree
VirtualAlloc
HeapReAlloc

user32

FindWindowExA
GetWindowThreadProcessId
PostMessageA

Exports

Exports

VDMBreakThread
VDMDetectWOW
VDMEnumProcessWOW
VDMEnumTaskWOW
VDMEnumTaskWOWEx
VDMGetAddrExpression
VDMGetContext
VDMGetDbgFlags
VDMGetModuleSelector
VDMGetPointer
VDMGetSegmentInfo
VDMGetSegtablePointer
VDMGetSelectorModule
VDMGetSymbol
VDMGetThreadContext
VDMGetThreadSelectorEntry
VDMGlobalFirst
VDMGlobalNext
VDMIsModuleLoaded
VDMKillWOW
VDMModuleFirst
VDMModuleNext
VDMProcessException
VDMSetContext
VDMSetDbgFlags
VDMSetThreadContext
VDMStartTaskInWOW
VDMTerminateTaskWOW

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/VERSION.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueIndexA
VerQueryValueIndexW
VerQueryValueW

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/VGA.DLL
.dll windows:5 windows x86 arch:x86

b96ef66bd3a923d4124daabc09f4bdbf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

vga.pdb

Imports

win32k.sys

PATHOBJ_vGetBounds
EngStrokePath
EngBitBlt
EngTextOut
EngPaint
EngFreeMem
EngAllocMem
EngDeviceIoControl
EngCreatePalette
EngDeletePalette
EngDeleteSurface
EngUnlockSurface
EngLockSurface
EngCreateBitmap
EngAssociateSurface
EngCreateDeviceSurface

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/VGA256.DLL
.dll windows:5 windows x86 arch:x86

e9d0ddf31c64435265969e60dccec685

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

vga256.pdb

Imports

win32k.sys

PATHOBJ_bEnum
EngFreeMem
EngDeviceIoControl
EngAllocMem
EngCopyBits
EngBitBlt
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
BRUSHOBJ_pvGetRbrush
BRUSHOBJ_pvAllocRbrush
EngCreateClip
EngDeleteClip
EngUnlockSurface
EngDeleteSurface
EngCreateDeviceSurface
EngLockSurface
EngAssociateSurface
EngCreateBitmap
EngDeletePalette
EngCreatePalette
PALOBJ_cGetColors
EngStretchBlt
XLATEOBJ_piVector
PATHOBJ_bEnumClipLines
PATHOBJ_vEnumStartClipLines
EngTextOut
EngFreeUserMem
EngAllocUserMem

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 591B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 706B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/VGA850.FON
I386/SYSTEM32/VGA861.FON
I386/SYSTEM32/VGAOEM.FON
I386/SYSTEM32/VMX_FB.DLL
.sys windows:5 windows x86 arch:x86

158fd70d348aa0e686cacd7afce8d8a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ob\bora-12327\bora-vmsoft\build\release\svga\NT\vmx_fb.pdb

Imports

win32k.sys

EngCreateSemaphore
EngDeleteSemaphore
EngFreeMem
EngAllocMem
EngLockSurface
EngAssociateSurface
EngCreateBitmap
EngDeleteSurface
EngUnlockSurface
EngDeviceIoControl
EngBitBlt
EngCopyBits
EngFillPath
PATHOBJ_vGetBounds
EngLineTo
EngPaint
EngStretchBlt
EngStrokeAndFillPath
EngStrokePath
PATHOBJ_bEnumClipLines
PATHOBJ_vEnumStartClipLines
EngTextOut
EngCreatePalette
EngDeletePalette
PALOBJ_cGetColors
EngAcquireSemaphore
EngReleaseSemaphore
EngFindImageProcAddress
EngDebugBreak
RtlUnwind
RtlUnicodeToMultiByteN

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 768B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 992B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/VMX_MODE.DLL
.dll windows:5 windows x86 arch:x86

d8aae53f8f2a55ede4e93605f33da3a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\ob\bora-12327\bora-vmsoft\build\release\svga\NT\vmx_mode.pdb

Imports

kernel32

lstrcmpiW

user32

EnumDisplaySettingsW
ChangeDisplaySettingsW

setupapi

SetupDiGetSelectedDriverW

Exports

Exports

VMX_ModeChange

Sections

.text
Size: 192B - Virtual size: 185B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 96B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 256B - Virtual size: 238B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/WATCHDOG.SYS
.sys windows:5 windows x86 arch:x86

706d164711e9170203ef6af5258b54b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

watchdog.pdb

Imports

ntoskrnl.exe

KeRemoveQueueDpc
KeCancelTimer
KeGetCurrentThread
KefReleaseSpinLockFromDpcLevel
ObfDereferenceObject
KeInsertQueueDpc
ObfReferenceObject
KeQueryRuntimeThread
KefAcquireSpinLockAtDpcLevel
_alldiv
KeInitializeTimerEx
KeInitializeDpc
ExAllocatePoolWithTag
ExRaiseStatus
KeSetEvent
PsSetContextThread
KeCapturePersistentThreadState
PsGetContextThread
PsGetCurrentThread
KeWaitForSingleObject
KeInsertQueueApc
KeInitializeApc
KeSetTimerEx
ExRaiseHardError
KeDelayExecutionThread
KeBugCheckEx
DbgBreakPoint
ExFreePoolWithTag
IoGetDeviceProperty
RtlDeleteRegistryValue
RtlCreateRegistryKey
RtlCheckRegistryKey
RtlWriteRegistryValue
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KdDebuggerNotPresent
KdDebuggerEnabled
RtlQueryRegistryValues
ExQueueWorkItem
IoGetDeviceAttachmentBaseRef
ZwClose
ZwFlushKey
ZwOpenKey
RtlInitUnicodeString
KeInitializeSpinLock
_allmul
KeTickCount
KeQueryTimeIncrement
KeInitializeEvent
DbgPrint

hal

KfAcquireSpinLock
KfReleaseSpinLock

videoprt.sys

VpNotifyEaData

Exports

Exports

WdAllocateDeferredWatchdog
WdAllocateWatchdog
WdCompleteEvent
WdDdiWatchdogDpcCallback
WdDereferenceObject
WdEnterMonitoredSection
WdExitMonitoredSection
WdFreeDeferredWatchdog
WdFreeWatchdog
WdGetDeviceObject
WdGetLastEvent
WdGetLowestDeviceObject
WdMadeAnyProgress
WdReferenceObject
WdResetDeferredWatch
WdResetWatch
WdResumeDeferredWatch
WdResumeWatch
WdStartDeferredWatch
WdStartWatch
WdStopDeferredWatch
WdStopWatch
WdSuspendDeferredWatch
WdSuspendWatch

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 768B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/WIN32K.SYS
.sys windows:5 windows x86 arch:x86

e706f2dbbd2fbde9b8a9341d9a836960

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

win32k.pdb

Imports

ntoskrnl.exe

PsGetProcessWin32Process
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
PsGetCurrentProcessId
PsSetThreadWin32Thread
KeTickCount
PsSetProcessWin32Process
ExReleaseFastMutexUnsafe
KeLeaveCriticalRegion
ObfDereferenceObject
ObfReferenceObject
RtlNtStatusToDosError
strchr
strncpy
KeAreApcsDisabled
ExAllocatePoolWithTagPriority
RtlRandom
PsGetCurrentThread
KeBugCheckEx
PsGetCurrentProcess
ProbeForWrite
_except_handler3
ExRaiseAccessViolation
SeReleaseSecurityDescriptor
SeCaptureSecurityDescriptor
RtlInitUnicodeString
swprintf
_wcsicmp
ExRaiseDatatypeMisalignment
ObReferenceObjectByHandle
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
PsGetProcessSessionId
PsProcessType
ZwClose
InterlockedExchange
ExRaiseStatus
RtlAreAnyAccessesGranted
memmove
PsGetJobUIRestrictionsClass
PsGetJobLock
PsJobType
wcsncpy
RtlIntegerToUnicode
RtlIntegerToUnicodeString
PsGetThreadId
PsGetThreadProcessId
PsDereferenceImpersonationToken
PsDereferencePrimaryToken
SeTokenType
SeCreateClientSecurity
wcslen
ObOpenObjectByPointer
ExDesktopObjectType
RtlCopyUnicodeString
KeInitializeEvent
ExFreePoolWithTag
ExInitializeResourceLite
ExAllocatePoolWithTag
ZwCreateDirectoryObject
RtlUnicodeStringToInteger
wcschr
wcsstr
MmMapViewOfSection
MmCreateSection
MmMapViewInSessionSpace
MmUnmapViewInSessionSpace
RtlAllocateHeap
ZwSetSystemInformation
NlsMbCodePageTag
NlsAnsiCodePage
PsGetThreadProcess
PsIsSystemThread
PsGetProcessJob
wcscpy
RtlGetNtGlobalFlags
RtlCheckRegistryKey
ExWindowStationObjectType
PsGetCurrentProcessSessionId
PsGetProcessWin32WindowStation
RtlCompareUnicodeString
ZwQueryDefaultLocale
PsGetProcessPeb
InterlockedPopEntrySList
InterlockedPushEntrySList
PsGetProcessCreateTimeQuadPart
KeQuerySystemTime
KeClearEvent
RtlFreeHeap
PsLookupProcessByProcessId
PsGetThreadSessionId
PsLookupThreadByThreadId
ExDeletePagedLookasideList
ExIsResourceAcquiredExclusiveLite
ExInitializePagedLookasideList
KeWaitForMultipleObjects
KeWaitForSingleObject
_allmul
KeSetEvent
PsIsThreadTerminating
ExEventObjectType
ZwCreateEvent
ObReferenceObjectByPointer
RtlAnsiStringToUnicodeString
RtlInitAnsiString
PsGetProcessImageFileName
PsThreadType
SeQueryAuthenticationIdToken
PsReferencePrimaryToken
PsGetProcessInheritedFromUniqueProcessId
PsSetProcessWindowStation
RtlInitializeBitMap
PsGetProcessId
PsGetProcessExitStatus
PsGetProcessExitProcessCalled
ZwQueryInformationProcess
ObCloseHandle
KeSetKernelStackSwapEnable
SeTokenIsWriteRestricted
PsGetProcessSectionBaseAddress
ZwTerminateProcess
ExRaiseHardError
RtlWalkFrameChain
ExAllocatePoolWithQuotaTag
DbgBreakPoint
DbgPrint
KdDebuggerEnabled
ZwQueryValueKey
ZwOpenKey
RtlDestroyHeap
_wcsnicmp
wcscat
KeDelayExecutionThread
InterlockedDecrement
NtQueryInformationProcess
RtlDestroyAtomTable
ExDeleteResourceLite
KeCancelTimer
KeRemoveSystemServiceTable
KeQueryInterruptTime
MmPageEntireDriver
MmUserProbeAddress
PsEstablishWin32Callouts
KeAddSystemServiceTable
ZwQueryDefaultUILanguage
ZwSetDefaultUILanguage
ZwSetDefaultLocale
ExIsResourceAcquiredSharedLite
ExAcquireResourceSharedLite
RtlQueryRegistryValues
ZwPowerInformation
KeResetEvent
ZwDeviceIoControlFile
IoGetRelatedDeviceObject
KeInitializeTimerEx
PsGetCurrentThreadId
InitSafeBootMode
RtlCopySid
RtlLengthSid
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlCreateSecurityDescriptor
SeExports
RtlAreAllAccessesGranted
SeDeleteAccessState
ObCheckObjectAccess
SeCreateAccessState
SeReleaseSubjectContext
SeUnlockSubjectContext
SePrivilegeObjectAuditAlarm
SePrivilegeCheck
SeLockSubjectContext
SeCaptureSubjectContext
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ZwQueryInformationToken
RtlEqualUnicodeString
ZwSetInformationObject
ZwQueryObject
ObCreateObject
KeUnstackDetachProcess
KeStackAttachProcess
ZwDuplicateObject
ObFindHandleForObject
RtlClearBits
RtlSetBits
ZwSetSecurityObject
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlMapGenericMask
ObReleaseObjectSecurity
ObAssignSecurity
ObGetObjectSecurity
ObCheckCreateObjectAccess
MmUnmapViewOfSection
ObOpenObjectByName
PsGetThreadTeb
KeDetachProcess
KeAttachProcess
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
KePulseEvent
ObQueryNameString
ZwOpenEvent
ZwSetInformationThread
RtlPinAtomInAtomTable
RtlAddAtomToAtomTable
RtlCreateAtomTable
ExReleaseRundownProtection
LpcRequestWaitReplyPort
SeDeassignSecurity
ObSetSecurityDescriptorInfo
SeAssignSecurity
ObInsertObject
ZwOpenDirectoryObject
ExAcquireRundownProtection
ZwOpenProcessTokenEx
ZwOpenThreadTokenEx
PsReferenceImpersonationToken
SeTokenIsRestricted
PsCreateSystemThread
ObSetHandleAttributes
PsGetProcessDebugPort
ZwYieldExecution
RtlIntegerToChar
RtlUnicodeStringToAnsiString
PsSetProcessPriorityByClass
PsSetProcessPriorityClass
PsGetProcessPriorityClass
KeSetPriorityThread
RtlUnicodeToMultiByteN
SeImpersonateClientEx
MmAdjustWorkingSetSize
KeSetTimer
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
ZwQueryKey
ZwEnumerateValueKey
ZwSetValueKey
RtlMultiByteToUnicodeN
RtlFindMessage
wcsrchr
RtlEqualString
strrchr
ExGetSharedWaiterCount
ExGetExclusiveWaiterCount
IoQueryDeviceDescription
ExRundownCompleted
ExWaitForRundownProtectionRelease
ZwSetEvent
PoSetSystemState
PoRequestShutdownEvent
KeInitializeTimer
NlsOemCodePage
RtlLookupAtomInAtomTable
RtlDeleteAtomFromAtomTable
RtlQueryAtomInAtomTable
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
PsGetThreadFreezeCount
InterlockedIncrement
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeSize
KeUserModeCallback
MmSystemRangeStart
IofCallDriver
IoBuildSynchronousFsdRequest
IoFileObjectType
ZwOpenFile
IoBuildDeviceIoControlRequest
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
IoGetStackLimits
MmCommitSessionMappedView
RtlCreateHeap
IoUnregisterPlugPlayNotification
IoWMIQuerySingleInstance
IoWMIHandleToInstanceName
IoWMIOpenBlock
ZwCreateFile
ZwCancelIoFile
wcsncmp
IoGetDeviceObjectPointer
IoRegisterPlugPlayNotification
ZwReadFile
ObReferenceObjectByName
IoDriverObjectType
IoCreateDriver
IoPnPDeliverServicePowerNotification
IoInvalidateDeviceRelations
LpcRequestPort
KeIsAttachedProcess
RtlEmptyAtomTable
RtlZeroHeap
_alldiv
_allshr
vsprintf
MmSecureVirtualMemory
KeRestoreFloatingPointState
KeSaveFloatingPointState
ZwQuerySystemInformation
ExSystemTimeToLocalTime
InterlockedCompareExchange
MmUnsecureVirtualMemory
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
KeInitializeDpc
ExIsProcessorFeaturePresent
RtlFillMemoryUlong
RtlTimeToTimeFields
MmGrowKernelStack
PsGetCurrentThreadStackBase
ExSystemExceptionFilter
KeReadStateEvent
ZwQueryInformationFile
LdrAccessResource
LdrFindResource_U
RtlUnicodeToCustomCPN
RtlCustomCPToUnicodeN
RtlInitCodePageTable
RtlGetDefaultCodePage
ZwDeleteFile
LdrFindResourceDirectory_U
RtlEqualSid
SeQueryInformationToken
MmHighestUserAddress
PsRevertToSelf
RtlUnicodeToOemN
ZwCreateKey
RtlFreeAnsiString
RtlImageNtHeader
RtlImageDirectoryEntryToData
_strnicmp
PsSetThreadHardErrorsAreDisabled
PsGetThreadHardErrorsAreDisabled
strncmp
toupper
RtlWriteRegistryValue
ZwEnumerateKey
IoOpenDeviceRegistryKey
wcscmp
IoGetDeviceProperty
ZwDeleteKey
IoOpenDeviceInterfaceRegistryKey
IoGetDeviceInterfaces
IoSynchronousInvalidateDeviceRelations
IoCreateFile
ZwSetInformationFile
ZwQueryVolumeInformationFile
IoSetThreadHardErrorMode
_alldvrm
_aulldiv
MmSectionObjectType
PsGetCurrentThreadPreviousMode
RtlCompareMemory
RtlCreateRegistryKey
MmQuerySystemSize
RtlEnumerateGenericTableAvl
RtlInitializeGenericTableAvl
PsTerminateSystemThread
RtlUpcaseUnicodeString
RtlExtendedLargeIntegerDivide
_aulldvrm
IoQueueThreadIrp
IoBuildAsynchronousFsdRequest
qsort
MmAddVerifierThunks
MmIsVerifierEnabled
PsGetThreadWin32Thread

watchdog.sys

WdDdiWatchdogDpcCallback
WdResumeDeferredWatch
WdSuspendDeferredWatch
WdAllocateDeferredWatchdog
WdStartDeferredWatch
WdStopDeferredWatch
WdFreeDeferredWatchdog
WdExitMonitoredSection
WdEnterMonitoredSection

dxapi.sys

_DxApiGetVersion@0

hal

ExAcquireFastMutex
ExReleaseFastMutex
KeQueryPerformanceCounter
HalRequestSoftwareInterrupt

Exports

Exports

BRUSHOBJ_hGetColorTransform
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
BRUSHOBJ_ulGetBrushColor
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
CLIPOBJ_ppoGetPath
EngAcquireSemaphore
EngAllocMem
EngAllocPrivateUserMem
EngAllocSectionMem
EngAllocUserMem
EngAlphaBlend
EngAssociateSurface
EngBitBlt
EngBugCheckEx
EngCheckAbort
EngClearEvent
EngComputeGlyphSet
EngControlSprites
EngCopyBits
EngCreateBitmap
EngCreateClip
EngCreateDeviceBitmap
EngCreateDeviceSurface
EngCreateDriverObj
EngCreateEvent
EngCreatePalette
EngCreatePath
EngCreateSemaphore
EngCreateWnd
EngDebugBreak
EngDebugPrint
EngDeleteClip
EngDeleteDriverObj
EngDeleteEvent
EngDeleteFile
EngDeletePalette
EngDeletePath
EngDeleteSafeSemaphore
EngDeleteSemaphore
EngDeleteSurface
EngDeleteWnd
EngDeviceIoControl
EngDitherColor
EngDxIoctl
EngEnumForms
EngEraseSurface
EngFileIoControl
EngFileWrite
EngFillPath
EngFindImageProcAddress
EngFindResource
EngFntCacheAlloc
EngFntCacheFault
EngFntCacheLookUp
EngFreeMem
EngFreeModule
EngFreePrivateUserMem
EngFreeSectionMem
EngFreeUserMem
EngGetCurrentCodePage
EngGetCurrentProcessId
EngGetCurrentThreadId
EngGetDriverName
EngGetFileChangeTime
EngGetFilePath
EngGetForm
EngGetLastError
EngGetPrinter
EngGetPrinterData
EngGetPrinterDataFileName
EngGetPrinterDriver
EngGetProcessHandle
EngGetTickCount
EngGetType1FontList
EngGradientFill
EngHangNotification
EngInitializeSafeSemaphore
EngIsSemaphoreOwned
EngIsSemaphoreOwnedByCurrentThread
EngLineTo
EngLoadImage
EngLoadModule
EngLoadModuleForWrite
EngLockDirectDrawSurface
EngLockDriverObj
EngLockSurface
EngLpkInstalled
EngMapEvent
EngMapFile
EngMapFontFile
EngMapFontFileFD
EngMapModule
EngMapSection
EngMarkBandingSurface
EngModifySurface
EngMovePointer
EngMulDiv
EngMultiByteToUnicodeN
EngMultiByteToWideChar
EngNineGrid
EngPaint
EngPlgBlt
EngProbeForRead
EngProbeForReadAndWrite
EngQueryDeviceAttribute
EngQueryLocalTime
EngQueryPalette
EngQueryPerformanceCounter
EngQueryPerformanceFrequency
EngQuerySystemAttribute
EngReadStateEvent
EngReleaseSemaphore
EngRestoreFloatingPointState
EngSaveFloatingPointState
EngSecureMem
EngSetEvent
EngSetLastError
EngSetPointerShape
EngSetPointerTag
EngSetPrinterData
EngSort
EngStretchBlt
EngStretchBltROP
EngStrokeAndFillPath
EngStrokePath
EngTextOut
EngTransparentBlt
EngUnicodeToMultiByteN
EngUnloadImage
EngUnlockDirectDrawSurface
EngUnlockDriverObj
EngUnlockSurface
EngUnmapEvent
EngUnmapFile
EngUnmapFontFile
EngUnmapFontFileFD
EngUnsecureMem
EngWaitForSingleObject
EngWideCharToMultiByte
EngWritePrinter
FLOATOBJ_Add
FLOATOBJ_AddFloat
FLOATOBJ_AddFloatObj
FLOATOBJ_AddLong
FLOATOBJ_Div
FLOATOBJ_DivFloat
FLOATOBJ_DivFloatObj
FLOATOBJ_DivLong
FLOATOBJ_Equal
FLOATOBJ_EqualLong
FLOATOBJ_GetFloat
FLOATOBJ_GetLong
FLOATOBJ_GreaterThan
FLOATOBJ_GreaterThanLong
FLOATOBJ_LessThan
FLOATOBJ_LessThanLong
FLOATOBJ_Mul
FLOATOBJ_MulFloat
FLOATOBJ_MulFloatObj
FLOATOBJ_MulLong
FLOATOBJ_Neg
FLOATOBJ_SetFloat
FLOATOBJ_SetLong
FLOATOBJ_Sub
FLOATOBJ_SubFloat
FLOATOBJ_SubFloatObj
FLOATOBJ_SubLong
FONTOBJ_cGetAllGlyphHandles
FONTOBJ_cGetGlyphs
FONTOBJ_pQueryGlyphAttrs
FONTOBJ_pfdg
FONTOBJ_pifi
FONTOBJ_pjOpenTypeTablePointer
FONTOBJ_pvTrueTypeFontFile
FONTOBJ_pwszFontFilePaths
FONTOBJ_pxoGetXform
FONTOBJ_vGetInfo
HT_ComputeRGBGammaTable
HT_Get8BPPFormatPalette
HT_Get8BPPMaskPalette
HeapVidMemAllocAligned
PALOBJ_cGetColors
PATHOBJ_bCloseFigure
PATHOBJ_bEnum
PATHOBJ_bEnumClipLines
PATHOBJ_bMoveTo
PATHOBJ_bPolyBezierTo
PATHOBJ_bPolyLineTo
PATHOBJ_vEnumStart
PATHOBJ_vEnumStartClipLines
PATHOBJ_vGetBounds
RtlAnsiCharToUnicodeChar
RtlMultiByteToUnicodeN
RtlRaiseException
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
RtlUnwind
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeToMultiByteN
STROBJ_bEnum
STROBJ_bEnumPositionsOnly
STROBJ_bGetAdvanceWidths
STROBJ_dwGetCodePage
STROBJ_fxBreakExtra
STROBJ_fxCharacterExtra
STROBJ_vEnumStart
VidMemFree
WNDOBJ_bEnum
WNDOBJ_cEnumStart
WNDOBJ_vSetConsumer
XFORMOBJ_bApplyXform
XFORMOBJ_iGetFloatObjXform
XFORMOBJ_iGetXform
XLATEOBJ_cGetPalette
XLATEOBJ_hGetColorTransform
XLATEOBJ_iXlate
XLATEOBJ_piVector
_abnormal_termination
_except_handler2
_global_unwind2
_itoa
_itow
_local_unwind2

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kbdfall
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/WININET.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CommitUrlCacheEntryA
CommitUrlCacheEntryW
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryW
CreateUrlCacheGroup
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DetectAutoProxyUrl
DllInstall
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpEndRequestA
HttpEndRequestW
HttpOpenRequestA
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetSetCookieA
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
ParseX509EncodedCertificateForListBoxEntry
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
ReadUrlCacheEntryStream
RegisterUrlCacheNotification
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath
UrlZonesDetach
_GetFileExtensionFromUrl

Sections

UPX0
Size: - Virtual size: 392KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/WINLOGON.EXE
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 268KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/WINMM.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CloseDriver
DefDriverProc
DriverCallback
DrvGetModuleHandle
GetDriverModuleHandle
MigrateAllDrivers
MigrateSoundEvents
NotifyCallbackData
OpenDriver
PlaySound
PlaySoundA
PlaySoundW
SendDriverMessage
WOW32DriverCallback
WOW32ResolveMultiMediaHandle
WOWAppExit
WinmmLogoff
WinmmLogon
_gfxLogoff@0
_gfxLogon@4
aux32Message
auxGetDevCapsA
auxGetDevCapsW
auxGetNumDevs
auxGetVolume
auxOutMessage
auxSetVolume
gfxAddGfx
gfxBatchChange
gfxCreateGfxFactoriesList
gfxCreateZoneFactoriesList
gfxDestroyDeviceInterfaceList
gfxEnumerateGfxs
gfxModifyGfx
gfxOpenGfx
gfxRemoveGfx
joy32Message
joyConfigChanged
joyGetDevCapsA
joyGetDevCapsW
joyGetNumDevs
joyGetPos
joyGetPosEx
joyGetThreshold
joyReleaseCapture
joySetCapture
joySetThreshold
mci32Message
mciDriverNotify
mciDriverYield
mciExecute
mciFreeCommandResource
mciGetCreatorTask
mciGetDeviceIDA
mciGetDeviceIDFromElementIDA
mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
mciGetDriverData
mciGetErrorStringA
mciGetErrorStringW
mciGetYieldProc
mciLoadCommandResource
mciSendCommandA
mciSendCommandW
mciSendStringA
mciSendStringW
mciSetDriverData
mciSetYieldProc
mid32Message
midiConnect
midiDisconnect
midiInAddBuffer
midiInClose
midiInGetDevCapsA
midiInGetDevCapsW
midiInGetErrorTextA
midiInGetErrorTextW
midiInGetID
midiInGetNumDevs
midiInMessage
midiInOpen
midiInPrepareHeader
midiInReset
midiInStart
midiInStop
midiInUnprepareHeader
midiOutCacheDrumPatches
midiOutCachePatches
midiOutClose
midiOutGetDevCapsA
midiOutGetDevCapsW
midiOutGetErrorTextA
midiOutGetErrorTextW
midiOutGetID
midiOutGetNumDevs
midiOutGetVolume
midiOutLongMsg
midiOutMessage
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutSetVolume
midiOutShortMsg
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamPause
midiStreamPosition
midiStreamProperty
midiStreamRestart
midiStreamStop
mixerClose
mixerGetControlDetailsA
mixerGetControlDetailsW
mixerGetDevCapsA
mixerGetDevCapsW
mixerGetID
mixerGetLineControlsA
mixerGetLineControlsW
mixerGetLineInfoA
mixerGetLineInfoW
mixerGetNumDevs
mixerMessage
mixerOpen
mixerSetControlDetails
mmDrvInstall
mmGetCurrentTask
mmTaskBlock
mmTaskCreate
mmTaskSignal
mmTaskYield
mmioAdvance
mmioAscend
mmioClose
mmioCreateChunk
mmioDescend
mmioFlush
mmioGetInfo
mmioInstallIOProcA
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRead
mmioRenameA
mmioRenameW
mmioSeek
mmioSendMessage
mmioSetBuffer
mmioSetInfo
mmioStringToFOURCCA
mmioStringToFOURCCW
mmioWrite
mmsystemGetVersion
mod32Message
mxd32Message
sndPlaySoundA
sndPlaySoundW
tid32Message
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetSystemTime
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
waveInGetErrorTextW
waveInGetID
waveInGetNumDevs
waveInGetPosition
waveInMessage
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutBreakLoop
waveOutClose
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutGetErrorTextA
waveOutGetErrorTextW
waveOutGetID
waveOutGetNumDevs
waveOutGetPitch
waveOutGetPlaybackRate
waveOutGetPosition
waveOutGetVolume
waveOutMessage
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutSetPitch
waveOutSetPlaybackRate
waveOutSetVolume
waveOutUnprepareHeader
waveOutWrite
wid32Message
winmmDbgOut
winmmSetDebugLevel
wod32Message

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/WINSPOOL.DRV
.dll windows:5 windows x86 arch:x86

b5eabf0e7e7eaf5ec1a240a527bb27e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

winspool.pdb

Imports

msvcrt

wcslen
_wcsicmp
memmove
wcschr
_wcsnicmp
wcsncmp
wcsncpy
wcsrchr
wcspbrk
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
free
_initterm
malloc
_adjust_fdiv
_vsnwprintf
_except_handler3

ntdll

NtQueryInformationProcess
NtFsControlFile

gdi32

CreateDCW
GetDeviceCaps
DeleteDC

kernel32

GetTempPathW
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryW
SetLastError
GetModuleFileNameW
GetSystemDirectoryW
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
LocalFree
lstrcmpW
WriteFile
GetCurrentProcessId
CloseHandle
DeactivateActCtx
LoadLibraryExW
ActivateActCtx
LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateThread
CreateEventW
ReleaseActCtx
GetFileAttributesW
InterlockedIncrement
InterlockedDecrement
LocalAlloc
GetFileType
CreateFileW
GetFullPathNameW
lstrcmpiW
VirtualFree
VirtualAlloc
LoadLibraryA
GetVersionExW
GetTickCount
CreateActCtxW
WaitForSingleObject
ReleaseMutex
Sleep
CreateProcessW
GetSystemWindowsDirectoryW
CreateMutexW
ProcessIdToSessionId
lstrlenW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetModuleHandleW
FormatMessageW
SearchPathW
GetCurrentDirectoryW
FindClose
FindFirstFileW
ResetEvent
WriteProfileStringW
GetProfileStringW
GlobalFree
GlobalAlloc
DnsHostnameToComputerNameW
GetTempFileNameW
DelayLoadFailureHook
GetFileSize
SetEndOfFile
ReadFile
SetFilePointer
DeleteFileW
HeapDestroy
HeapAlloc
HeapCreate
HeapFree
InterlockedCompareExchange
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateDirectoryW
lstrcpynW
GetSystemInfo
CopyFileW

rpcrt4

RpcMgmtIsServerListening
RpcSmDestroyClientContext
NdrClientCall2
I_RpcExceptionFilter
RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW

advapi32

SetSecurityDescriptorDacl
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegOpenCurrentUser
RegEnumValueW
RegOpenKeyExW
IsValidSecurityDescriptor
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
GetSecurityDescriptorDacl
RegSetValueExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

user32

GetWindowLongW
GetDesktopWindow
EndDialog
BringWindowToTop
SetWindowLongW
SendDlgItemMessageW
GetDlgItemTextW
MessageBoxW
GetForegroundWindow
SendNotifyMessageW
AllowSetForegroundWindow
GetMessageW
LoadStringW
GetProcessWindowStation
GetUserObjectInformationW
FindWindowW
DialogBoxParamW
PostMessageW
GetGUIThreadInfo
GetParent
GetWindow
WinHelpW
GetLastActivePopup
EnableWindow
MsgWaitForMultipleObjects
SetFocus
SetForegroundWindow
PeekMessageW
DispatchMessageW
TranslateMessage

Exports

Exports

ADVANCEDSETUPDIALOG
AbortPrinter
AddFormA
AddFormW
AddJobA
AddJobW
AddMonitorA
AddMonitorW
AddPortA
AddPortExA
AddPortExW
AddPortW
AddPrintProcessorA
AddPrintProcessorW
AddPrintProvidorA
AddPrintProvidorW
AddPrinterA
AddPrinterConnectionA
AddPrinterConnectionW
AddPrinterDriverA
AddPrinterDriverExA
AddPrinterDriverExW
AddPrinterDriverW
AddPrinterW
AdvancedDocumentPropertiesA
AdvancedDocumentPropertiesW
AdvancedSetupDialog
ClosePrinter
CloseSpoolFileHandle
CommitSpoolData
ConfigurePortA
ConfigurePortW
ConnectToPrinterDlg
ConvertAnsiDevModeToUnicodeDevmode
ConvertUnicodeDevModeToAnsiDevmode
CreatePrinterIC
DEVICECAPABILITIES
DEVICEMODE
DeleteFormA
DeleteFormW
DeleteMonitorA
DeleteMonitorW
DeletePortA
DeletePortW
DeletePrintProcessorA
DeletePrintProcessorW
DeletePrintProvidorA
DeletePrintProvidorW
DeletePrinter
DeletePrinterConnectionA
DeletePrinterConnectionW
DeletePrinterDataA
DeletePrinterDataExA
DeletePrinterDataExW
DeletePrinterDataW
DeletePrinterDriverA
DeletePrinterDriverExA
DeletePrinterDriverExW
DeletePrinterDriverW
DeletePrinterIC
DeletePrinterKeyA
DeletePrinterKeyW
DevQueryPrint
DevQueryPrintEx
DeviceCapabilities
DeviceCapabilitiesA
DeviceCapabilitiesW
DeviceMode
DevicePropertySheets
DocumentEvent
DocumentPropertiesA
DocumentPropertiesW
DocumentPropertySheets
EXTDEVICEMODE
EndDocPrinter
EndPagePrinter
EnumFormsA
EnumFormsW
EnumJobsA
EnumJobsW
EnumMonitorsA
EnumMonitorsW
EnumPortsA
EnumPortsW
EnumPrintProcessorDatatypesA
EnumPrintProcessorDatatypesW
EnumPrintProcessorsA
EnumPrintProcessorsW
EnumPrinterDataA
EnumPrinterDataExA
EnumPrinterDataExW
EnumPrinterDataW
EnumPrinterDriversA
EnumPrinterDriversW
EnumPrinterKeyA
EnumPrinterKeyW
EnumPrintersA
EnumPrintersW
ExtDeviceMode
FindClosePrinterChangeNotification
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FlushPrinter
FreePrinterNotifyInfo
GetDefaultPrinterA
GetDefaultPrinterW
GetFormA
GetFormW
GetJobA
GetJobW
GetPrintProcessorDirectoryA
GetPrintProcessorDirectoryW
GetPrinterA
GetPrinterDataA
GetPrinterDataExA
GetPrinterDataExW
GetPrinterDataW
GetPrinterDriverA
GetPrinterDriverDirectoryA
GetPrinterDriverDirectoryW
GetPrinterDriverW
GetPrinterW
GetSpoolFileHandle
IsValidDevmodeA
IsValidDevmodeW
OpenPrinterA
OpenPrinterW
PerfClose
PerfCollect
PerfOpen
PlayGdiScriptOnPrinterIC
PrinterMessageBoxA
PrinterMessageBoxW
PrinterProperties
QueryColorProfile
QueryRemoteFonts
QuerySpoolMode
ReadPrinter
ResetPrinterA
ResetPrinterW
ScheduleJob
SeekPrinter
SetAllocFailCount
SetDefaultPrinterA
SetDefaultPrinterW
SetFormA
SetFormW
SetJobA
SetJobW
SetPortA
SetPortW
SetPrinterA
SetPrinterDataA
SetPrinterDataExA
SetPrinterDataExW
SetPrinterDataW
SetPrinterW
SplDriverUnloadComplete
SpoolerDevQueryPrintW
SpoolerInit
SpoolerPrinterEvent
StartDocDlgA
StartDocDlgW
StartDocPrinterA
StartDocPrinterW
StartPagePrinter
WaitForPrinterChange
WritePrinter
XcvDataW

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/WINSRV.DLL
.dll windows:5 windows x86 arch:x86

c2560b6c40ed5838c0ea788e86119da3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

winsrv.pdb

Imports

user32

GetTaskmanWindow
GetWindow
PostMessageW
DialogBoxParamW
EndDialog
GetDlgItemTextW
IsDlgButtonChecked
SendDlgItemMessageW
CheckRadioButton
GetWindowPlacement
SetWindowPlacement
EnableMenuItem
LoadMenuW
AppendMenuW
SetMenuItemInfoW
PtInRect
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
GetForegroundWindow
CreateWindowExW
GetSystemMenu
GetLastActivePopup
GetCursorPos
WindowFromPoint
DefWindowProcW
SetCursor
TrackPopupMenuEx
UnpackDDElParam
CreateIconFromResourceEx
ReuseDDElParam
ShowWindowAsync
ReplyMessage
ScrollDC
SetScrollInfo
GetKeyboardLayout
IsWinEventHookInstalled
NotifyWinEvent
SetActiveWindow
MonitorFromRect
GetMonitorInfoW
AdjustWindowRectEx
GetCaretBlinkTime
VkKeyScanW
IsIconic
ClientToScreen
ScreenToClient
ActivateKeyboardLayout
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
CopyIcon
DestroyIcon
ShowWindow
LoadStringW
ReleaseCapture
SetCapture
GetKeyboardState
ToUnicodeEx
SetThreadDesktop
SetWindowsHookExW
GetMessageW
UnhookWindowsHookEx
TranslateMessageEx
GetKeyState
SetConsoleReserveKeys
MapVirtualKeyW
CloseWindowStation
GetUserObjectInformationW
CloseDesktop
PrivateExtractIconExW
LoadCursorW
LoadImageW
RegisterClassExW
SendMessageTimeoutW
IsWindow
IsWindowEnabled
GetWindowTextW
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage
GetWindowRect
GetSysColor
MapWindowPoints
OffsetRect
InflateRect
GetSystemMetrics
GetClientRect
SetForegroundWindow
InvalidateRect
KillTimer
SetWindowPos
SetFocus
SendMessageW
GetDlgItem
SetTimer
SetDlgItemTextW
EndPaint
LoadBitmapW
DrawEdge
DrawIcon
BeginPaint
LoadIconW
GetClassLongW
GetPropW
SetWindowTextW
SetWindowLongW
DestroyWindow
ReleaseDC
FillRect
GetDC
GetWindowLongW
GetClassNameW
RecordShutdownReason
GetGUIThreadInfo
SendInput
GetLastInputInfo
SystemParametersInfoW
CtxInitUser32
GetWindowTextLengthW
wsprintfW
MBToWCSEx
PostThreadMessageW
WCSToMBEx
MB_GetString
SoftModalMessageBox
MessageBoxTimeoutW
BroadcastSystemMessageW
RegisterWindowMessageW
GetWindowThreadProcessId
MessageBoxExW
EnumThreadWindows
SendNotifyMessageW
SendMessageCallbackW
CreateDialogParamW
IsDialogMessageW
CallMsgFilterW

ntdll

NtNotifyChangeKey
NtSetSystemInformation
NtQueryValueKey
RtlInitUnicodeString
NtOpenKey
NtQueryInformationProcess
RtlFreeSid
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
NtResetEvent
NtWaitForMultipleObjects
NtCreateEvent
swprintf
NtSetInformationThread
RtlUnicodeStringToInteger
NtClose
RtlOpenCurrentUser
NtSetEvent
LdrFlushAlternateResourceModules
RtlCreateUserThread
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
NtQueryInformationToken
NtAlertThread
DbgUiIssueRemoteBreakin
DbgBreakPoint
_ltow
NtOpenProcessToken
RtlNtStatusToDosError
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
NtOpenThreadToken
wcsncmp
NtClearEvent
NtWaitForSingleObject
NtTerminateProcess
NtQueryInformationThread
NtReplyPort
RtlEqualUnicodeString
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlFreeUnicodeString
wcslen
RtlFindMessage
NtResumeThread
RtlFreeHeap
RtlAnsiStringToUnicodeString
RtlInitAnsiString
memmove
RtlCreateUnicodeString
RtlFreeAnsiString
_strnicmp
strstr
RtlUnicodeStringToAnsiString
NtReadVirtualMemory
NtDeviceIoControlFile
NtMakeTemporaryObject
wcscmp
NtQueryDirectoryObject
NtOpenDirectoryObject
_chkstk
NtRequestWaitReplyPort
NtConnectPort
wcscpy
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCopySid
_alloca_probe
RtlGetDaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
NtRequestPort
RtlCreateTagHeap
RtlCreateHeap
RtlAllocateHeap
NtEnumerateValueKey
wcsncpy
NtQueryKey
RtlDosSearchPath_U
NtDuplicateObject
NtOpenProcess
RtlInitializeCriticalSectionAndSpinCount
RtlSizeHeap
NtMapViewOfSection
NtCreateSection
NtUnmapViewOfSection
NtVdmControl
NtTerminateThread
RtlCompareUnicodeString
atoi
_itoa
NtReleaseMutant
NtCreateMutant
NtQueryVirtualMemory
RtlUnwind
RtlPrefixUnicodeString
RtlIntegerToUnicodeString
RtlMultiByteToUnicodeN
RtlOemToUnicodeN
RtlUnicodeToMultiByteSize
RtlUnicodeToOemN
RtlInitCodePageTable
RtlUnicodeToMultiByteN
RtlCustomCPToUnicodeN
wcschr
wcsrchr
wcsstr
_wcsupr
NtProtectVirtualMemory
RtlImageDirectoryEntryToData
RtlReAllocateHeap
RtlConsoleMultiByteToUnicodeN
RtlDeleteCriticalSection

kernel32

InitializeCriticalSection
LocalReAlloc
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleFileNameW
TerminateProcess
UnhandledExceptionFilter
SetNamedPipeHandleState
GlobalAlloc
GlobalSize
WTSGetActiveConsoleSessionId
GetCPInfo
WideCharToMultiByte
OpenProfileUserMapping
GetPrivateProfileStringW
CloseProfileUserMapping
lstrcpyW
GlobalAddAtomA
GlobalLock
lstrcpynW
GlobalUnlock
GlobalFree
SetProcessWorkingSetSize
GetStringTypeW
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
FindResourceExW
LoadResource
LockResource
lstrlenA
Beep
TlsSetValue
TlsGetValue
GetExitCodeThread
GetExitCodeProcess
SetFilePointer
GetSystemDirectoryA
CreateFileA
GetOEMCP
GetACP
TlsAlloc
IsValidCodePage
lstrlenW
DuplicateHandle
ReadFile
CreateThread
GetCurrentThread
GetCurrentProcess
CreateFileW
SetUnhandledExceptionFilter
TransactNamedPipe
WaitForSingleObject
GetOverlappedResult
WaitNamedPipeW
OpenEventW
SetEvent
SetClientTimeZoneInformation
LoadLibraryExA
SetLastError
CreateRemoteThread
WaitForMultipleObjects
OpenProcess
CreateEventW
GetLastError
Sleep
CloseHandle
GetModuleHandleW
LocalAlloc
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
LoadLibraryA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
DelayLoadFailureHook

basesrv

BaseSrvNlsUpdateRegistryCache
BaseSrvNlsLogon
BaseSetProcessCreateNotify

gdi32

CreateSolidBrush
DeleteObject
DeleteDC
GdiTransparentBlt
SelectObject
CreateCompatibleDC
GdiGetSpoolMessage
GdiInitSpool
bMakePathNameW
SetBitmapBits
CreateCompatibleBitmap
StretchDIBits
CombineRgn
InvertRgn
CreateDIBitmap
GetDIBits
PolyPatBlt
StretchBlt
GetBitmapBits
SetFontEnumeration
GetTextFaceW
EnumFontFamiliesExW
GetTextExtentPoint32W
CreateFontIndirectW
GdiAddFontResourceW
CreateBitmap
BitBlt
GetTextMetricsW
GetCharWidth32W
SetBkMode
GetStockObject
ExtTextOutW
PatBlt
GetRgnBox
GetCurrentObject
GdiConsoleTextOut
GdiFlush
GetRegionData
CreateRectRgn
CreateDCW
GetDeviceCaps
SetDIBitsToDevice
GetNearestColor
SetDCBrushColor
SetTextColor
SetBkColor
TranslateCharsetInfo
GetStringBitmapW
GdiFullscreenControl
SelectPalette
SetSystemPaletteUse
RealizePalette
GetLayout
SetLayout
GetObjectW

csrsrv

CsrSetForegroundPriority
CsrSetBackgroundPriority
CsrCreateWait
CsrMoveSatisfiedWait
CsrDereferenceWait
CsrNotifyWait
CsrValidateMessageBuffer
CsrPopulateDosDevices
CsrDereferenceProcess
CsrReferenceThread
CsrShutdownProcesses
CsrLockThreadByClientId
CsrUnlockThread
CsrAddStaticServerThread
CsrLockProcessByClientId
CsrUnlockProcess
CsrExecServerThread
CsrConnectToUser
CsrDereferenceThread
CsrImpersonateClient
CsrRevertToSelf
CsrQueryApiPort
CsrGetProcessLuid

Exports

Exports

ConServerDllInitialization
UserServerDllInitialization
_UserSoundSentry
_UserTestTokenForInteractive

Sections

.text
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

FE_TEXT
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/WINSTA.DLL
.dll windows:5 windows x86 arch:x86

5b5fee6c529ba5ea8ab31c3e7c5ca696

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

winsta.pdb

Imports

ntdll

RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
DbgPrint
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlUnicodeToMultiByteN
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlUnwind
RtlNtStatusToDosError
RtlUnicodeToMultiByteSize
wcslen

rpcrt4

I_RpcExceptionFilter
NdrClientCall2
RpcBindingFree
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcSsDestroyClientContext

kernel32

CreateEventW
VirtualQuery
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
lstrlenA
CreateThread
GetExitCodeThread
GetLastError
GetCurrentProcessId
WaitForSingleObject
SetLastError
lstrlenW
LocalFree
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
CloseHandle

netapi32

NetApiBufferFree
NetWkstaGetInfo

user32

MsgWaitForMultipleObjects
PeekMessageW
wsprintfW

Exports

Exports

LogonIdFromWinStationNameA
LogonIdFromWinStationNameW
RemoteAssistancePrepareSystemRestore
ServerGetInternetConnectorStatus
ServerLicensingClose
ServerLicensingDeactivateCurrentPolicy
ServerLicensingFreePolicyInformation
ServerLicensingGetAvailablePolicyIds
ServerLicensingGetPolicy
ServerLicensingGetPolicyInformationA
ServerLicensingGetPolicyInformationW
ServerLicensingLoadPolicy
ServerLicensingOpenA
ServerLicensingOpenW
ServerLicensingSetPolicy
ServerLicensingUnloadPolicy
ServerQueryInetConnectorInformationA
ServerQueryInetConnectorInformationW
ServerSetInternetConnectorStatus
WinStationActivateLicense
WinStationAutoReconnect
WinStationBroadcastSystemMessage
WinStationCheckLoopBack
WinStationCloseServer
WinStationConnectA
WinStationConnectCallback
WinStationConnectW
WinStationDisconnect
WinStationEnumerateA
WinStationEnumerateLicenses
WinStationEnumerateProcesses
WinStationEnumerateW
WinStationEnumerate_IndexedA
WinStationEnumerate_IndexedW
WinStationFreeGAPMemory
WinStationFreeMemory
WinStationGenerateLicense
WinStationGetAllProcesses
WinStationGetLanAdapterNameA
WinStationGetLanAdapterNameW
WinStationGetMachinePolicy
WinStationGetProcessSid
WinStationGetTermSrvCountersValue
WinStationInstallLicense
WinStationIsHelpAssistantSession
WinStationNameFromLogonIdA
WinStationNameFromLogonIdW
WinStationNtsdDebug
WinStationOpenServerA
WinStationOpenServerW
WinStationQueryInformationA
WinStationQueryInformationW
WinStationQueryLicense
WinStationQueryLogonCredentialsW
WinStationQueryUpdateRequired
WinStationRegisterConsoleNotification
WinStationRemoveLicense
WinStationRenameA
WinStationRenameW
WinStationRequestSessionsList
WinStationReset
WinStationSendMessageA
WinStationSendMessageW
WinStationSendWindowMessage
WinStationServerPing
WinStationSetInformationA
WinStationSetInformationW
WinStationSetPoolCount
WinStationShadow
WinStationShadowStop
WinStationShutdownSystem
WinStationTerminateProcess
WinStationUnRegisterConsoleNotification
WinStationVirtualOpen
WinStationWaitSystemEvent
_NWLogonQueryAdmin
_NWLogonSetAdmin
_WinStationAnnoyancePopup
_WinStationBeepOpen
_WinStationBreakPoint
_WinStationCallback
_WinStationCheckForApplicationName
_WinStationFUSCanRemoteUserDisconnect
_WinStationGetApplicationInfo
_WinStationNotifyDisconnectPipe
_WinStationNotifyLogoff
_WinStationNotifyLogon
_WinStationNotifyNewSession
_WinStationReInitializeSecurity
_WinStationReadRegistry
_WinStationShadowTarget
_WinStationShadowTargetSetup
_WinStationUpdateClientCachedCredentials
_WinStationUpdateSettings
_WinStationUpdateUserConfig
_WinStationWaitForConnect

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
I386/SYSTEM32/WINTRUST.DLL
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AddPersonalTrustDBPages
CatalogCompactHashDatabase
CryptCATAdminAcquireContext
CryptCATAdminAddCatalog
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminPauseServiceForBackup
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminRemoveCatalog
CryptCATAdminResolveCatalogPath
CryptCATCDFClose
CryptCATCDFEnumAttributes
CryptCATCDFEnumAttributesWithCDFTag
CryptCATCDFEnumCatAttributes
CryptCATCDFEnumMembers
CryptCATCDFEnumMembersByCDFTag
CryptCATCDFEnumMembersByCDFTagEx
CryptCATCDFOpen
CryptCATCatalogInfoFromContext
CryptCATClose
CryptCATEnumerateAttr
CryptCATEnumerateCatAttr
CryptCATEnumerateMember
CryptCATGetAttrInfo
CryptCATGetCatAttrInfo
CryptCATGetMemberInfo
CryptCATHandleFromStore
CryptCATOpen
CryptCATPersistStore
CryptCATPutAttrInfo
CryptCATPutCatAttrInfo
CryptCATPutMemberInfo
CryptCATStoreFromHandle
CryptCATVerifyMember
CryptSIPCreateIndirectData
CryptSIPGetInfo
CryptSIPGetRegWorkingFlags
CryptSIPGetSignedDataMsg
CryptSIPPutSignedDataMsg
CryptSIPRemoveSignedDataMsg
CryptSIPVerifyIndirectData
DllRegisterServer
DllUnregisterServer
DriverCleanupPolicy
DriverFinalPolicy
DriverInitializePolicy
FindCertsByIssuer
GenericChainCertificateTrust
GenericChainFinalProv
HTTPSCertificateTrust
HTTPSFinalProv
I_CryptCatAdminMigrateToNewCatDB
IsCatalogFile
MsCatConstructHashTag
MsCatFreeHashTag
OfficeCleanupPolicy
OfficeInitializePolicy
OpenPersonalTrustDBDialog
OpenPersonalTrustDBDialogEx
SoftpubAuthenticode
SoftpubCheckCert
SoftpubCleanup
SoftpubDefCertInit
SoftpubDllRegisterServer
SoftpubDllUnregisterServer
SoftpubDumpStructure
SoftpubFreeDefUsageCallData
SoftpubInitialize
SoftpubLoadDefUsageCallData
SoftpubLoadMessage
SoftpubLoadSignature
TrustDecode
TrustFindIssuerCertificate
TrustFreeDecode
TrustIsCertificateSelfSigned
TrustOpenStores
WTHelperCertCheckValidSignature
WTHelperCertFindIssuerCertificate
WTHelperCertIsSelfSigned
WTHelperCheckCertUsage
WTHelperGetAgencyInfo
WTHelperGetFileHandle
WTHelperGetFileHash
WTHelperGetFileName
WTHelperGetKnownUsages
WTHelperGetProvCertFromChain
WTHelperGetProvPrivateDataFromChain
WTHelperGetProvSignerFromChain
WTHelperIsInRootStore
WTHelperOpenKnownStores
WTHelperProvDataFromStateData
WVTAsn1CatMemberInfoDecode
WVTAsn1CatMemberInfoEncode
WVTAsn1CatNameValueDecode
WVTAsn1CatNameValueEncode
WVTAsn1SpcFinancialCriteriaInfoDecode
WVTAsn1SpcFinancialCriteriaInfoEncode
WVTAsn1SpcIndirectDataContentDecode
WVTAsn1SpcIndirectDataContentEncode
WVTAsn1SpcLinkDecode
WVTAsn1SpcLinkEncode
WVTAsn1SpcMinimalCriteriaInfoDecode
WVTAsn1SpcMinimalCriteriaInfoEncode
WVTAsn1SpcPeImageDataDecode
WVTAsn1SpcPeImageDataEncode
WVTAsn1SpcSigInfoDecode
WVTAsn1SpcSigInfoEncode
WVTAsn1SpcSpAgencyInfoDecode
WVTAsn1SpcSpAgencyInfoEncode
WVTAsn1SpcSpOpusInfoDecode
WVTAsn1SpcSpOpusInfoEncode
WVTAsn1SpcStatementTypeDecode
WVTAsn1SpcStatementTypeEncode
WinVerifyTrust
WinVerifyTrustEx
WintrustAddActionID
WintrustAddDefaultForUsage
WintrustCertificateTrust
WintrustGetDefaultForUsage
WintrustGetRegPolicyFlags
WintrustLoadFunctionPointers
WintrustRemoveActionID
WintrustSetRegPolicyFlags
mscat32DllRegisterServer
mscat32DllUnregisterServer
mssip32DllRegisterServer
mssip32DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/WLDAP32.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

LdapGetLastError
LdapMapErrorToWin32
LdapUTF8ToUnicode
LdapUnicodeToUTF8
ber_alloc_t
ber_bvdup
ber_bvecfree
ber_bvfree
ber_first_element
ber_flatten
ber_free
ber_init
ber_next_element
ber_peek_tag
ber_printf
ber_scanf
ber_skip_tag
cldap_open
cldap_openA
cldap_openW
ldap_abandon
ldap_add
ldap_addA
ldap_addW
ldap_add_ext
ldap_add_extA
ldap_add_extW
ldap_add_ext_s
ldap_add_ext_sA
ldap_add_ext_sW
ldap_add_s
ldap_add_sA
ldap_add_sW
ldap_bind
ldap_bindA
ldap_bindW
ldap_bind_s
ldap_bind_sA
ldap_bind_sW
ldap_check_filterA
ldap_check_filterW
ldap_cleanup
ldap_close_extended_op
ldap_compare
ldap_compareA
ldap_compareW
ldap_compare_ext
ldap_compare_extA
ldap_compare_extW
ldap_compare_ext_s
ldap_compare_ext_sA
ldap_compare_ext_sW
ldap_compare_s
ldap_compare_sA
ldap_compare_sW
ldap_conn_from_msg
ldap_connect
ldap_control_free
ldap_control_freeA
ldap_control_freeW
ldap_controls_free
ldap_controls_freeA
ldap_controls_freeW
ldap_count_entries
ldap_count_references
ldap_count_values
ldap_count_valuesA
ldap_count_valuesW
ldap_count_values_len
ldap_create_page_control
ldap_create_page_controlA
ldap_create_page_controlW
ldap_create_sort_control
ldap_create_sort_controlA
ldap_create_sort_controlW
ldap_create_vlv_controlA
ldap_create_vlv_controlW
ldap_delete
ldap_deleteA
ldap_deleteW
ldap_delete_ext
ldap_delete_extA
ldap_delete_extW
ldap_delete_ext_s
ldap_delete_ext_sA
ldap_delete_ext_sW
ldap_delete_s
ldap_delete_sA
ldap_delete_sW
ldap_dn2ufn
ldap_dn2ufnA
ldap_dn2ufnW
ldap_encode_sort_controlA
ldap_encode_sort_controlW
ldap_err2string
ldap_err2stringA
ldap_err2stringW
ldap_escape_filter_element
ldap_escape_filter_elementA
ldap_escape_filter_elementW
ldap_explode_dn
ldap_explode_dnA
ldap_explode_dnW
ldap_extended_operation
ldap_extended_operationA
ldap_extended_operationW
ldap_extended_operation_sA
ldap_extended_operation_sW
ldap_first_attribute
ldap_first_attributeA
ldap_first_attributeW
ldap_first_entry
ldap_first_reference
ldap_free_controls
ldap_free_controlsA
ldap_free_controlsW
ldap_get_dn
ldap_get_dnA
ldap_get_dnW
ldap_get_next_page
ldap_get_next_page_s
ldap_get_option
ldap_get_optionA
ldap_get_optionW
ldap_get_paged_count
ldap_get_values
ldap_get_valuesA
ldap_get_valuesW
ldap_get_values_len
ldap_get_values_lenA
ldap_get_values_lenW
ldap_init
ldap_initA
ldap_initW
ldap_memfree
ldap_memfreeA
ldap_memfreeW
ldap_modify
ldap_modifyA
ldap_modifyW
ldap_modify_ext
ldap_modify_extA
ldap_modify_extW
ldap_modify_ext_s
ldap_modify_ext_sA
ldap_modify_ext_sW
ldap_modify_s
ldap_modify_sA
ldap_modify_sW
ldap_modrdn
ldap_modrdn2
ldap_modrdn2A
ldap_modrdn2W
ldap_modrdn2_s
ldap_modrdn2_sA
ldap_modrdn2_sW
ldap_modrdnA
ldap_modrdnW
ldap_modrdn_s
ldap_modrdn_sA
ldap_modrdn_sW
ldap_msgfree
ldap_next_attribute
ldap_next_attributeA
ldap_next_attributeW
ldap_next_entry
ldap_next_reference
ldap_open
ldap_openA
ldap_openW
ldap_parse_extended_resultA
ldap_parse_extended_resultW
ldap_parse_page_control
ldap_parse_page_controlA
ldap_parse_page_controlW
ldap_parse_reference
ldap_parse_referenceA
ldap_parse_referenceW
ldap_parse_result
ldap_parse_resultA
ldap_parse_resultW
ldap_parse_sort_control
ldap_parse_sort_controlA
ldap_parse_sort_controlW
ldap_parse_vlv_controlA
ldap_parse_vlv_controlW
ldap_perror
ldap_rename_ext
ldap_rename_extA
ldap_rename_extW
ldap_rename_ext_s
ldap_rename_ext_sA
ldap_rename_ext_sW
ldap_result
ldap_result2error
ldap_sasl_bindA
ldap_sasl_bindW
ldap_sasl_bind_sA
ldap_sasl_bind_sW
ldap_search
ldap_searchA
ldap_searchW
ldap_search_abandon_page
ldap_search_ext
ldap_search_extA
ldap_search_extW
ldap_search_ext_s
ldap_search_ext_sA
ldap_search_ext_sW
ldap_search_init_page
ldap_search_init_pageA
ldap_search_init_pageW
ldap_search_s
ldap_search_sA
ldap_search_sW
ldap_search_st
ldap_search_stA
ldap_search_stW
ldap_set_dbg_flags
ldap_set_dbg_routine
ldap_set_option
ldap_set_optionA
ldap_set_optionW
ldap_simple_bind
ldap_simple_bindA
ldap_simple_bindW
ldap_simple_bind_s
ldap_simple_bind_sA
ldap_simple_bind_sW
ldap_sslinit
ldap_sslinitA
ldap_sslinitW
ldap_start_tls_sA
ldap_start_tls_sW
ldap_startup
ldap_stop_tls_s
ldap_ufn2dn
ldap_ufn2dnA
ldap_ufn2dnW
ldap_unbind
ldap_unbind_s
ldap_value_free
ldap_value_freeA
ldap_value_freeW
ldap_value_free_len

Sections

UPX0
Size: - Virtual size: 116KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/WS2HELP.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

WahCloseApcHelper
WahCloseHandleHelper
WahCloseNotificationHandleHelper
WahCloseSocketHandle
WahCloseThread
WahCompleteRequest
WahCreateHandleContextTable
WahCreateNotificationHandle
WahCreateSocketHandle
WahDestroyHandleContextTable
WahDisableNonIFSHandleSupport
WahEnableNonIFSHandleSupport
WahEnumerateHandleContexts
WahInsertHandleContext
WahNotifyAllProcesses
WahOpenApcHelper
WahOpenCurrentThread
WahOpenHandleHelper
WahOpenNotificationHandleHelper
WahQueueUserApc
WahReferenceContextByHandle
WahRemoveHandleContext
WahWaitForNotification

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/WS2_32.DLL
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

FreeAddrInfoW
GetAddrInfoW
GetNameInfoW
WEP
WPUCompleteOverlappedRequest
WSAAccept
WSAAddressToStringA
WSAAddressToStringW
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAAsyncGetServByName
WSAAsyncGetServByPort
WSAAsyncSelect
WSACancelAsyncRequest
WSACancelBlockingCall
WSACleanup
WSACloseEvent
WSAConnect
WSACreateEvent
WSADuplicateSocketA
WSADuplicateSocketW
WSAEnumNameSpaceProvidersA
WSAEnumNameSpaceProvidersW
WSAEnumNetworkEvents
WSAEnumProtocolsA
WSAEnumProtocolsW
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAGetQOSByName
WSAGetServiceClassInfoA
WSAGetServiceClassInfoW
WSAGetServiceClassNameByClassIdA
WSAGetServiceClassNameByClassIdW
WSAHtonl
WSAHtons
WSAInstallServiceClassA
WSAInstallServiceClassW
WSAIoctl
WSAIsBlocking
WSAJoinLeaf
WSALookupServiceBeginA
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextA
WSALookupServiceNextW
WSANSPIoctl
WSANtohl
WSANtohs
WSAProviderConfigChange
WSARecv
WSARecvDisconnect
WSARecvFrom
WSARemoveServiceClass
WSAResetEvent
WSASend
WSASendDisconnect
WSASendTo
WSASetBlockingHook
WSASetEvent
WSASetLastError
WSASetServiceA
WSASetServiceW
WSASocketA
WSASocketW
WSAStartup
WSAStringToAddressA
WSAStringToAddressW
WSAUnhookBlockingHook
WSAWaitForMultipleEvents
WSApSetPostRoutine
WSCDeinstallProvider
WSCEnableNSProvider
WSCEnumProtocols
WSCGetProviderPath
WSCInstallNameSpace
WSCInstallProvider
WSCUnInstallNameSpace
WSCUpdateProvider
WSCWriteNameSpaceOrder
WSCWriteProviderOrder
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/WSOCK32.DLL
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AcceptEx
EnumProtocolsA
EnumProtocolsW
GetAcceptExSockaddrs
GetAddressByNameA
GetAddressByNameW
GetNameByTypeA
GetNameByTypeW
GetServiceA
GetServiceW
GetTypeByNameA
GetTypeByNameW
MigrateWinsockConfiguration
NPLoadNameSpaces
SetServiceA
SetServiceW
TransmitFile
WEP
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAAsyncGetServByName
WSAAsyncGetServByPort
WSAAsyncSelect
WSACancelAsyncRequest
WSACancelBlockingCall
WSACleanup
WSAGetLastError
WSAIsBlocking
WSARecvEx
WSASetBlockingHook
WSASetLastError
WSAStartup
WSAUnhookBlockingHook
WSApSetPostRoutine
__WSAFDIsSet
accept
bind
closesocket
connect
dn_expand
gethostbyaddr
gethostbyname
gethostname
getnetbyname
getpeername
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_network
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
rcmd
recv
recvfrom
rexec
rresvport
s_perror
select
send
sendto
sethostname
setsockopt
shutdown
socket

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/WTSAPI32.DLL
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

WTSCloseServer
WTSDisconnectSession
WTSEnumerateProcessesA
WTSEnumerateProcessesW
WTSEnumerateServersA
WTSEnumerateServersW
WTSEnumerateSessionsA
WTSEnumerateSessionsW
WTSFreeMemory
WTSLogoffSession
WTSOpenServerA
WTSOpenServerW
WTSQuerySessionInformationA
WTSQuerySessionInformationW
WTSQueryUserConfigA
WTSQueryUserConfigW
WTSQueryUserToken
WTSRegisterSessionNotification
WTSSendMessageA
WTSSendMessageW
WTSSetSessionInformationA
WTSSetSessionInformationW
WTSSetUserConfigA
WTSSetUserConfigW
WTSShutdownSystem
WTSTerminateProcess
WTSUnRegisterSessionNotification
WTSVirtualChannelClose
WTSVirtualChannelOpen
WTSVirtualChannelPurgeInput
WTSVirtualChannelPurgeOutput
WTSVirtualChannelQuery
WTSVirtualChannelRead
WTSVirtualChannelWrite
WTSWaitSystemEvent

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
I386/SYSTEM32/XPSP2RES.DLL
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
I386/TXTSETUP.SIF
I386/WINDOWSSHELL.MANIFEST
.xml
I386/WINSXS/MANIFESTS/X86_MICROSOFT.TOOLS.VISUALCPLUSPLUS.RUNTIME-LIBRARIES_6595B64144CCF1DF_6.0.0.0_X-WW_FF9986D7.CAT
I386/WINSXS/MANIFESTS/X86_MICROSOFT.TOOLS.VISUALCPLUSPLUS.RUNTIME-LIBRARIES_6595B64144CCF1DF_6.0.0.0_X-WW_FF9986D7.MANIFEST
.xml
I386/WINSXS/MANIFESTS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.0.0_X-WW_1382D70A.CAT
I386/WINSXS/MANIFESTS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.0.0_X-WW_1382D70A.MANIFEST
.xml
I386/WINSXS/X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.0.0_X-WW_1382D70A/COMCTL32.DLL
.dll windows:5 windows x86 arch:x86

09bac26da5b34fc1acb7b7a3e823cf90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcsncpy
_ftol
wcslen
_except_handler3
memmove
wcscpy

ntdll

RtlRunEncodeUnicodeString
RtlRunDecodeUnicodeString

gdi32

GetObjectW
DeleteDC
SelectObject
RectVisible
BitBlt
CreateBitmapIndirect
CreateDIBSection
GetDIBColorTable
CreateCompatibleDC
PatBlt
GetTextMetricsW
CreateFontIndirectW
GetClipBox
CreateBitmap
GetDeviceCaps
GetTextExtentPointW
GetCharWidthW
GetLayout
GetBkColor
CreateFontW
RestoreDC
IntersectClipRect
SaveDC
CreateSolidBrush
StretchDIBits
CreateCompatibleBitmap
CreateRectRgn
SetWindowOrgEx
OffsetWindowOrgEx
TranslateCharsetInfo
Polyline
CreatePen
CreateDCW
ExcludeClipRect
CombineRgn
CreateHalftonePalette
CreatePalette
GetTextExtentPoint32W
RealizePalette
SelectPalette
UnrealizeObject
StretchBlt
SetBrushOrgEx
GetDCOrgEx
EnumFontFamiliesExW
CreatePatternBrush
GetNearestColor
SetTextAlign
GetTextAlign
SelectClipRgn
GetPaletteEntries
SetPixelV
SetPixel
GetPixel
SetDIBColorTable
GetBitmapBits
MaskBlt
SetStretchBltMode
CreateEllipticRgn
Ellipse
GetCharABCWidthsW
GetCharABCWidthsA
GetTextCharsetInfo
GetTextCharset
ExtTextOutA
GetTextExtentPointA
GetTextColor
GetBkMode
TextOutW
PlayEnhMetaFile
Rectangle
LineTo
MoveToEx
GetCurrentObject
CreateRectRgnIndirect
SetViewportOrgEx
GetClipRgn
OffsetRgn
GetBrushOrgEx
GetTextFaceW
GetCharWidthA
GetDIBits
SetDIBits
SetBoundsRect
CreateRoundRectRgn
CreatePolygonRgn
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
GetStockObject
GdiAlphaBlend
QueryFontAssocStatus
GdiTransparentBlt
SetLayoutWidth
GdiGradientFill
GdiGetCharDimensions
GetCharWidthInfo
FrameRgn
DeleteObject

kernel32

EnterCriticalSection
InitializeCriticalSection
GlobalAddAtomW
GetACP
DeleteCriticalSection
LoadLibraryW
lstrcmpiW
lstrcmpiA
FreeResource
LockResource
LoadResource
FindResourceW
CloseHandle
GetCurrentProcess
GetTickCount
lstrcpyA
lstrlenA
MulDiv
UnhandledExceptionFilter
ActivateActCtx
DeactivateActCtx
SizeofResource
InterlockedDecrement
InterlockedIncrement
lstrcmpW
EnumResourceLanguagesW
FindResourceExW
GetLocaleInfoW
GetModuleHandleW
GetUserDefaultLCID
GetThreadLocale
FindResourceExA
ReleaseActCtx
GetCurrentActCtx
lstrcpynA
GetNumberFormatW
GetProfileIntW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
IsBadCodePtr
InterlockedExchange
IsBadWritePtr
GetCurrentProcessId
GetCurrentThreadId
IsDBCSLeadByte
lstrcmpA
CompareStringA
CompareStringW
GetSystemDefaultLCID
IsBadReadPtr
SetLastError
IsValidLocale
ConvertDefaultLocale
GetVersionExW
LocalLock
LocalUnlock
GlobalFree
GetCPInfo
Sleep
GetOEMCP
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalLock
GetUserDefaultLangID
GetDateFormatW
EnumCalendarInfoW
GetStringTypeExW
GetCalendarInfoA
GlobalHandle
GetLocalTime
GetTimeFormatW
lstrcatW
GetLastError
GetStringTypeW
GetStringTypeA
IsDBCSLeadByteEx
GetLogicalDrives
FindClose
FindNextFileW
FindFirstFileW
HeapSize
GlobalFlags
GetModuleHandleA
GetVersionExA
CreateFileW
GetWindowsDirectoryW
DelayLoadFailureHook
IsProcessorFeaturePresent
lstrcpyW
MultiByteToWideChar
LocalReAlloc
WideCharToMultiByte
lstrlenW
lstrcpynW
LocalSize
LoadLibraryA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
LocalFree
LocalAlloc
DisableThreadLibraryCalls
MapViewOfFile
CreateFileMappingW
GetFileSize
LeaveCriticalSection
UnmapViewOfFile

user32

GetDoubleClickTime
GetParent
IsRectEmpty
GetWindowLongW
SystemParametersInfoW
InflateRect
EndPaint
BeginPaint
LoadStringW
TrackMouseEvent
SetCapture
PtInRect
PostMessageW
GetAsyncKeyState
GetWindowDC
SetWindowPos
GetMonitorInfoW
MonitorFromPoint
ClientToScreen
EnumChildWindows
ScreenToClient
RedrawWindow
GetClassInfoW
RegisterClassW
LoadCursorW
DrawTextExW
GetSysColorBrush
GetCursorPos
SetFocus
UnregisterClassW
CharLowerW
GetSysColor
WaitMessage
ReleaseCapture
CallMsgFilterW
GetMessageTime
MessageBeep
ScrollWindowEx
SetRectEmpty
wsprintfW
GetMessagePos
GetDlgItem
EnumDisplayDevicesW
FillRect
GetDCEx
RegisterWindowMessageW
LoadImageW
CreateDialogIndirectParamW
CreateDialogIndirectParamA
ShowWindow
SendDlgItemMessageW
IsChild
IsWindowEnabled
EnableWindow
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
GetClassNameW
SetLastErrorEx
GetDlgCtrlID
GetNextDlgTabItem
SetWindowTextW
IsDialogMessageW
MapDialogRect
SetForegroundWindow
CopyImage
MonitorFromWindow
DestroyIcon
SetDlgItemTextW
SetCursor
SetWindowTextA
WinHelpW
SetActiveWindow
GetActiveWindow
PostQuitMessage
GetMessageW
GetDesktopWindow
IsZoomed
CreateWindowExA
DrawIconEx
DrawFrameControl
GetIconInfo
GetWindow
MoveWindow
GetWindowTextW
GetPropW
GetWindowThreadProcessId
SetPropW
RemovePropW
CallWindowProcW
SendNotifyMessageW
CloseDesktop
EnumWindows
SetThreadDesktop
GetThreadDesktop
OpenDesktopW
EnumDesktopsW
GetProcessWindowStation
SetCursorPos
DrawIcon
LoadIconW
GetScrollPos
GetScrollRange
GetScrollInfo
ShowScrollBar
EnableScrollBar
SetScrollPos
SetScrollRange
SetScrollInfo
GetMenuItemID
GetMenuItemCount
GetMenuItemInfoW
GetSubMenu
GetSystemMenu
CheckMenuItem
SetMenu
GetMenuState
SubtractRect
CreateIconIndirect
CopyIcon
CharNextA
CharPrevW
DrawFocusRect
FrameRect
ChildWindowFromPoint
EndDialog
GetScrollBarInfo
SetWindowRgn
LoadBitmapW
AnimateWindow
GetClassLongW
DeleteMenu
InsertMenuItemW
GetKeyboardLayout
ShowCaret
HideCaret
DestroyMenu
TrackPopupMenuEx
IsClipboardFormatAvailable
EnableMenuItem
LoadMenuW
GetAncestor
PeekMessageA
OemToCharBuffW
IsCharLowerW
CharToOemBuffW
OemToCharBuffA
IsCharLowerA
CharToOemBuffA
CharUpperBuffW
CharUpperBuffA
CharLowerBuffW
CharLowerBuffA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MapVirtualKeyW
GetCaretPos
AdjustWindowRectEx
GetWindowTextLengthW
DrawFrame
DrawStateW
GetNextDlgGroupItem
AppendMenuW
CreatePopupMenu
MonitorFromRect
TrackPopupMenu
AdjustWindowRect
GetKeyNameTextW
SetCaretPos
GrayStringW
CreateCaret
DestroyCaret
ReplyMessage
InSendMessage
InvertRect
GetShellWindow
DestroyCursor
GetUpdateRgn
GetWindowRgn
ValidateRect
LockWindowUpdate
SetKeyboardState
GetKeyboardState
SendMessageA
PostMessageA
SetParent
TabbedTextOutW
GetCaretBlinkTime
DragDetect
IsCharAlphaNumericW
ScrollDC
GetClipboardData
CharNextW
UpdateWindow
NotifyWinEvent
PeekMessageW
GetSystemMetrics
GetFocus
TranslateMessage
DispatchMessageW
IsWindowVisible
GetUpdateRect
MapWindowPoints
UnionRect
IsWindow
DestroyWindow
GetDC
ReleaseDC
InvalidateRect
CopyRect
GetClientRect
IntersectRect
EqualRect
MBToWCSEx
GetCursorFrameInfo
WCSToMBEx
GetWindowRect
OffsetRect
DefWindowProcW
DrawEdge
SetRect
DrawTextW
GetWindowLongA
SetWindowLongW
GetKeyState
GetCapture
KillTimer
SendMessageW
GetWindowInfo
GetCursor
GetForegroundWindow
GetMenu
SetLayeredWindowAttributes
InvalidateRgn
WindowFromPoint
SetTimer
CreateWindowExW
DialogBoxIndirectParamW
RegisterClassExW
GetClassInfoExW

advapi32

RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegEnumValueW
RegQueryValueExA
RegOpenKeyExA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegSetValueExW
OpenProcessToken

shlwapi

ord219
StrCatW
StrCatBuffW
ord429
SHRegGetBoolUSValueW
StrCmpIW

Exports

Exports

CreateMappedBitmap
CreatePropertySheetPage
CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
CreateStatusWindowA
CreateStatusWindowW
CreateToolbar
CreateToolbarEx
CreateUpDownControl
DefSubclassProc
DestroyPropertySheetPage
DllGetVersion
DllInstall
DrawInsert
DrawShadowText
DrawStatusText
DrawStatusTextA
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
GetEffectiveClientRect
GetMUILanguage
GetWindowSubclass
HIMAGELIST_QueryInterface
ImageList_Add
ImageList_AddIcon
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Duplicate
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetFlags
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_ReadEx
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetFilter
ImageList_SetFlags
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ImageList_WriteEx
InitCommonControls
InitCommonControlsEx
InitMUILanguage
InitializeFlatSB
LBItemFromPt
MakeDragList
MenuHelp
PropertySheet
PropertySheetA
PropertySheetW
RemoveWindowSubclass
SetWindowSubclass
ShowHideMenuCtl
UninitializeFlatSB
_TrackMouseEvent

Sections

.text
Size: 542KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MODELRAM.EXE
.exe windows:4 windows x86 arch:x86

48bcb8c8f418f3828fc939bb498f0b51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantClear

user32

CharUpperW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
strlen
fputc
fflush
fgetc
fclose
_iob
free
malloc
wcscmp
wcsstr
strcmp
memcpy
memmove
_purecall
memcmp
__CxxFrameHandler
_CxxThrowException
fputs

kernel32

FormatMessageW
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
lstrlenW
lstrcatW
VirtualFree
VirtualAlloc
SetConsoleMode
GetConsoleMode
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetConsoleCtrlHandler
WaitForMultipleObjects
GetFileInformationByHandle
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetModuleHandleA
FindFirstFileW
FindClose
GetTickCount
GetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
GetCommandLineW
SetFileApisToOEM
GetLastError
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExW
GetModuleFileNameW
LocalFree
GetSystemDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PROJECTINFO.INI
[BOOT]/Boot-NoEmul.img

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 696KB

UPX1 Size: 334KB - Virtual size: 336KB

.rsrc Size: 41KB - Virtual size: 44KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 274KB - Virtual size: 273KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 713KB - Virtual size: 712KB

.reloc Size: 14KB - Virtual size: 13KB

fe78a77dc56023bb52e529d0ef86d150

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

rpcrt4

Exports

Exports

Sections

.text Size: 465KB - Virtual size: 464KB

.data Size: 11KB - Virtual size: 17KB

.rsrc Size: 106KB - Virtual size: 106KB

.reloc Size: 19KB - Virtual size: 18KB

1883e642b24153991f1cc921af0e5b3e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

gdi32

kernel32

advapi32

ole32

version

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 80KB

.data Size: 1KB - Virtual size: 52KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 6KB - Virtual size: 5KB

ba9c2a6e0d3a4d9e2dfe5069b390c530

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 114KB - Virtual size: 113KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

07984062a8a7c300bf4147488555d4b6

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

rpcrt4

advapi32

Exports

UPX0
Size: - Virtual size: 696KB

UPX1
Size: 334KB - Virtual size: 336KB

.rsrc
Size: 41KB - Virtual size: 44KB

.text
Size: 274KB - Virtual size: 273KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 713KB - Virtual size: 712KB

.reloc
Size: 14KB - Virtual size: 13KB

.text
Size: 465KB - Virtual size: 464KB

.data
Size: 11KB - Virtual size: 17KB

.rsrc
Size: 106KB - Virtual size: 106KB

.reloc
Size: 19KB - Virtual size: 18KB

.text
Size: 80KB - Virtual size: 80KB

.data
Size: 1KB - Virtual size: 52KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 114KB - Virtual size: 113KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 51KB - Virtual size: 50KB

.data
Size: 1024B - Virtual size: 544B

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 45KB - Virtual size: 45KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 3KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 32KB

UPX1
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 972B

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 1024B - Virtual size: 964B

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 3KB

.edata
Size: 384B - Virtual size: 344B

INIT
Size: 512B - Virtual size: 418B

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 384B - Virtual size: 364B

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 512B - Virtual size: 8B

UPX0
Size: - Virtual size: 636KB

UPX1
Size: 395KB - Virtual size: 396KB

.rsrc
Size: 18KB - Virtual size: 20KB