wkernel32.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e01a4b58f6b44c2b223fa3fe7784ddb0b9bef666b802efe464eec78b23635c00.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
e01a4b58f6b44c2b223fa3fe7784ddb0b9bef666b802efe464eec78b23635c00.dll
Resource
win10v2004-20240419-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
e01a4b58f6b44c2b223fa3fe7784ddb0b9bef666b802efe464eec78b23635c00
-
Size
1.1MB
-
MD5
0eabe92e150f3442a0a84332a588c922
-
SHA1
611c4399be91e0398cdad87ee63a0afee462b53a
-
SHA256
e01a4b58f6b44c2b223fa3fe7784ddb0b9bef666b802efe464eec78b23635c00
-
SHA512
e90f664d655ce622c012278468e5cbb9d39df13c97d01f78a2761a106b1a94218172f44095a365e3f3e267f7e59d209523d54370c942d0141b216134728cd371
-
SSDEEP
24576:sOOdRQs8zMfVaL/JSfjbc5Q7zUalpamR:sljQ8fXzZXR
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e01a4b58f6b44c2b223fa3fe7784ddb0b9bef666b802efe464eec78b23635c00
Files
-
e01a4b58f6b44c2b223fa3fe7784ddb0b9bef666b802efe464eec78b23635c00.dll windows:6 windows x86 arch:x86
40e5dbc11a97d0f42fdb08586deb586e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
api-ms-win-core-rtlsupport-l1-1-0
RtlUnwind
RtlCaptureContext
RtlCaptureStackBackTrace
ntdll
NtCreateEvent
NtDuplicateObject
RtlConvertSidToUnicodeString
NtNotifyChangeKey
RtlRunOnceInitialize
NtResetEvent
RtlValidSecurityDescriptor
RtlOpenCurrentUser
strncat
_strlwr
NtQueryInstallUILanguage
RtlpConvertCultureNamesToLCIDs
RtlpConvertLCIDsToCultureNames
EtwEventEnabled
RtlSetProcessPreferredUILanguages
RtlExpandEnvironmentStrings_U
RtlUnicodeStringToInteger
RtlLCIDToCultureName
RtlIdnToUnicode
RtlIdnToNameprepUnicode
RtlIdnToAscii
RtlIsNormalizedString
RtlNormalizeString
RtlIntegerToUnicodeString
_ui64tow
_wtol
_wcslwr
RtlUnhandledExceptionFilter
NtTerminateProcess
wcsncpy
wcsncmp
RtlReadThreadProfilingData
RtlQueryThreadProfiling
RtlDisableThreadProfiling
RtlEnableThreadProfiling
RtlSetExtendedFeaturesMask
RtlGetExtendedFeaturesMask
RtlLocateExtendedFeature
RtlCopyContext
RtlGetEnabledExtendedFeatures
RtlGetExtendedContextLength
RtlInitializeExtendedContext
RtlLocateLegacyContext
NtRaiseException
EtwEventWriteNoRegistration
RtlRegisterWait
RtlSetIoCompletionCallback
RtlQueueWorkItem
RtlDeregisterWait
NtOpenEvent
NtResetWriteWatch
NtGetWriteWatch
NtMapUserPhysicalPagesScatter
NtMapUserPhysicalPages
NtFreeUserPhysicalPages
NtAllocateUserPhysicalPages
NtUnlockVirtualMemory
NtLockVirtualMemory
RtlOemStringToUnicodeString
RtlSetEnvironmentStrings
RtlComputeImportTableHash
bsearch
RtlEncodeSystemPointer
RtlFindCharInUnicodeString
RtlNtPathNameToDosPathName
NtApphelpCacheControl
RtlRandom
RtlFindActivationContextSectionGuid
RtlFindActivationContextSectionString
RtlDoesFileExists_U
RtlCreateActivationContext
DbgPrintEx
RtlImageNtHeaderEx
RtlSetThreadPreferredUILanguages
RtlQueryActivationContextApplicationSettings
RtlGetThreadPreferredUILanguages
RtlQueryInformationActivationContext
RtlMultiAppendUnicodeStringBuffer
RtlpEnsureBufferSize
RtlGetLengthWithoutLastFullDosOrNtPathElement
RtlpApplyLengthFunction
RtlGetActiveActivationContext
RtlDeactivateActivationContext
RtlActivateActivationContext
RtlZombifyActivationContext
RtlReleaseActivationContext
RtlAddRefActivationContext
NtSetInformationJobObject
NtCreateJobSet
NtQueryInformationJobObject
NtTerminateJobObject
NtAssignProcessToJobObject
NtOpenJobObject
NtCreateJobObject
tolower
atol
isdigit
toupper
RtlGetCurrentDirectory_U
RtlCopyLuid
RtlFreeOemString
RtlCreateEnvironment
RtlCreateEnvironmentEx
RtlDestroyEnvironment
NtQueryEvent
CsrClientCallServer
CsrAllocateCaptureBuffer
CsrAllocateMessagePointer
CsrFreeCaptureBuffer
NtDeviceIoControlFile
RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
NtMapViewOfSection
NtUnmapViewOfSection
RtlFreeUserStack
RtlProcessFlsData
RtlAllocateActivationContextStack
RtlFreeActivationContextStack
RtlCreateUserStack
TpCaptureCaller
NtSuspendThread
NtSetContextThread
NtGetContextThread
RtlAllocateAndInitializeSid
RtlFreeSid
NtSignalAndWaitForSingleObject
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlRunOnceExecuteOnce
RtlSleepConditionVariableSRW
RtlSleepConditionVariableCS
NtOpenPrivateNamespace
NtCreatePrivateNamespace
NtDeletePrivateNamespace
RtlInitializeSRWLock
RtlAddIntegrityLabelToBoundaryDescriptor
RtlAddSIDToBoundaryDescriptor
RtlCreateBoundaryDescriptor
NtProtectVirtualMemory
strcpy_s
NtReplacePartitionUnit
RtlCompareUnicodeString
RtlRaiseStatus
NtQueryInformationToken
RtlInitializeSid
RtlSubAuthoritySid
LdrLoadDll
LdrGetProcedureAddress
LdrUnloadDll
RtlQueryRegistryValues
NtQuerySystemInformationEx
RtlDecodeSystemPointer
RtlWow64LogMessageInEventLogger
RtlxAnsiStringToUnicodeSize
NtIsSystemResumeAutomatic
NtGetDevicePowerState
NtSetThreadExecutionState
NtInitiatePowerAction
NtPowerInformation
NtSetVolumeInformationFile
RtlQueryEnvironmentVariable_U
RtlGetFullPathName_U
RtlIsNameLegalDOS8Dot3
RtlGetCurrentProcessorNumberEx
_allshl
NtOpenThreadToken
NtSetInformationThread
LdrLoadAlternateResourceModuleEx
LdrLoadAlternateResourceModule
LdrpResGetMappingSize
LdrRscIsTypeExist
LdrFindResource_U
_strcmpi
strncat_s
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
strchr
RtlInitAnsiStringEx
RtlCreateUnicodeString
RtlUpcaseUnicodeChar
wcstoul
LdrGetFileNameFromLoadAsDataTable
wcsrchr
NtQueryVirtualMemory
RtlCultureNameToLCID
LdrResFindResourceDirectory
LdrResFindResource
LdrFindResourceEx_U
LdrpResGetResourceDirectory
RtlImageDirectoryEntryToData
LdrResGetRCConfig
RtlVerifyVersionInfo
RtlGetProductInfo
RtlLcidToLocaleName
RtlGetUILanguageInfo
NtCreateMailslotFile
RtlExtendedLargeIntegerDivide
_stricmp
RtlCleanUpTEBLangLists
RtlImageNtHeader
RtlSetThreadPoolStartFunc
LdrSetDllManifestProber
RtlSetUserCallbackExceptionFilter
RtlSetUnhandledExceptionFilter
RtlEncodePointer
RtlGetNativeSystemInformation
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
LdrQueryImageFileExecutionOptions
_aulldiv
RtlSetUserValueHeap
RtlReAllocateHeap
RtlAllocateHandle
RtlFreeHandle
RtlDeregisterSecureMemoryCacheCallback
RtlRegisterSecureMemoryCacheCallback
RtlCompactHeap
RtlSizeHeap
RtlGetUserInfoHeap
RtlLockHeap
RtlIsValidHandle
RtlUnlockHeap
NtQuerySystemInformation
RtlInitString
NtSetSystemEnvironmentValueEx
RtlGUIDFromString
NtQuerySystemEnvironmentValueEx
swprintf_s
_alldiv
NtFlushBuffersFile
RtlGetLastNtStatus
RtlDosPathNameToNtPathName_U_WithStatus
RtlEqualSid
RtlQueryInformationAcl
RtlGetAce
NtRaiseHardError
NtQueryVolumeInformationFile
LdrAddRefDll
NtCreateKeyTransacted
RtlDetermineDosPathNameType_U
_vsnwprintf
RtlUnicodeStringToOemString
RtlWow64EnableFsRedirection
NtCancelIoFile
NtCancelSynchronousIoFile
NtNotifyChangeDirectoryFile
RtlActivateActivationContextUnsafeFast
RtlDeactivateActivationContextUnsafeFast
NtQueryDirectoryFile
NtWaitForSingleObject
RtlGetThreadErrorMode
RtlSetThreadErrorMode
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
NtOpenProcessToken
RtlNtStatusToDosErrorNoTeb
EtwEventRegister
EtwEventWrite
EtwEventUnregister
NtCreateSection
NtQuerySection
RtlGetVersion
RtlQueryElevationFlags
NtSetInformationProcess
RtlCharToInteger
strncpy_s
RtlGetLongestNtPathLength
RtlEqualString
RtlFreeAnsiString
RtlCopyUnicodeString
RtlDosPathNameToNtPathName_U
NtLockFile
NtReadFile
RtlIsTextUnicode
NtDeleteValueKey
NtEnumerateKey
RtlFormatCurrentUserKeyPath
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlPrefixUnicodeString
CsrVerifyRegion
NtAllocateVirtualMemory
NtWriteFile
NtFreeVirtualMemory
NtUnlockFile
NtEnumerateValueKey
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN
RtlQueryAtomInAtomTable
NtQueryInformationAtom
RtlDeleteAtomFromAtomTable
NtDeleteAtom
RtlLookupAtomInAtomTable
NtFindAtom
RtlAddAtomToAtomTable
NtAddAtom
RtlCreateAtomTable
RtlDestroyAtomTable
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlEqualUnicodeString
RtlIsDosDeviceName_U
DbgUiStopDebugging
DbgUiContinue
DbgUiWaitStateChange
DbgUiConvertStateChangeStructure
NtFlushInstructionCache
NtQueryInformationThread
DbgUiGetThreadDebugObject
NtSetInformationDebugObject
DbgUiIssueRemoteBreakin
DbgUiConnectToDbg
DbgUiDebugActiveProcess
CsrGetProcessId
NtOpenProcess
NtSetSystemTime
RtlReleasePrivilege
RtlAcquirePrivilege
_allmul
RtlCutoverTimeToSystemTime
NtSetSystemInformation
RtlTimeFieldsToTime
RtlTimeToTimeFields
NtQueryInformationProcess
RtlGetCurrentTransaction
RtlSetCurrentTransaction
_wcsicmp
wcsncpy_s
wcscat_s
RtlPrefixString
wcsstr
wcschr
RtlCreateUnicodeStringFromAsciiz
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlInitUnicodeStringEx
NlsMbCodePageTag
RtlxUnicodeStringToAnsiSize
RtlUnicodeStringToAnsiString
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlNtStatusToDosError
RtlDnsHostNameToComputerName
RtlFreeUnicodeString
RtlUnicodeToMultiByteSize
wcscspn
wcscpy_s
memmove
_memicmp
NtCreateKey
NtSetValueKey
NtFlushKey
RtlInitUnicodeString
NtOpenKey
NtQueryValueKey
NtClose
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationFile
NtSetSecurityObject
NtSetEaFile
NtQuerySecurityObject
RtlLengthSecurityDescriptor
NtQueryEaFile
NtQueryInformationFile
NtOpenFile
memset
_wcsnicmp
NtCreateFile
NtFsControlFile
memcpy
RtlSetLastWin32Error
RtlAllocateHeap
RtlCreateAcl
RtlAddAccessAllowedAce
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlFreeHeap
RtlInitializeExceptionChain
TpAllocPool
TpSetPoolMinThreads
TpSetPoolStackInformation
TpQueryPoolStackInformation
TpAllocCleanupGroup
TpSimpleTryPost
TpAllocWork
TpAllocTimer
TpAllocWait
TpAllocIoCompletion
TpCallbackMayRunLong
RtlQueryEnvironmentVariable
NtWriteVirtualMemory
NtOpenDirectoryObject
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
wcspbrk
NtWow64WriteVirtualMemory64
RtlDestroyProcessParameters
RtlCreateProcessParametersEx
NtResumeThread
DbgPrint
NtRemoveProcessDebug
LdrQueryImageFileKeyOption
NtCreateUserProcess
RtlGetFullPathName_UstrEx
RtlDecodePointer
RtlKnownExceptionFilter
RtlRaiseException
NtRequestWaitReplyPort
NtOpenKeyTransacted
NtQueryKey
NtOpenKeyEx
NtOpenKeyTransactedEx
RtlValidRelativeSecurityDescriptor
NtDeleteKey
NtLoadKey
NtUnloadKey
NtNotifyChangeMultipleKeys
NtRestoreKey
NtSaveKeyEx
RtlLengthSid
RtlMakeSelfRelativeSD
_strnicmp
strncmp
NtDuplicateToken
RtlTryAcquirePebLock
_vsnprintf
NtWaitForMultipleObjects
RtlReleasePebLock
NtClearEvent
RtlWerpReportException
LdrResSearchResource
NtWow64ReadVirtualMemory64
NtWow64QueryInformationProcess64
RtlCompareMemory
WerReportSQMEvent
LdrUnlockLoaderLock
LdrLockLoaderLock
NtAccessCheck
VerSetConditionMask
WinSqmIsOptedIn
strcat_s
RtlExitUserThread
RtlExitUserProcess
_aullrem
kernelbase
BaseReleaseProcessDllPath
BaseGetProcessExePath
BaseGetProcessDllPath
LoadStringByReference
InternalLcidToName
NlsIsUserDefaultLocale
GetUserInfo
GetPtrCalDataArray
GetPtrCalData
GetStringTableEntry
CheckGroupPolicyEnabled
OpenRegKey
GetCPHashNode
Internal_EnumSystemCodePages
Internal_EnumUILanguages
Internal_EnumLanguageGroupLocales
Internal_EnumSystemLanguageGroups
Internal_EnumDateFormats
Internal_EnumTimeFormats
KernelBaseGetGlobalData
InvalidateTzSpecificCache
IsDBCSLeadByte
CreateFileMappingNumaW
CompareStringA
LoadStringBaseExW
BaseInvalidateDllSearchPathCache
BaseInvalidateProcessSearchPathCache
BaseDllFreeResourceId
BaseDllMapResourceIdW
GetUserDefaultUILanguage
EnumUILanguagesW
AreFileApisANSI
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsExW
EnumDateFormatsW
EnumLanguageGroupLocalesW
EnumSystemCodePagesW
EnumSystemLanguageGroupsW
EnumSystemLocalesEx
EnumSystemLocalesW
EnumTimeFormatsW
GetLocaleInfoA
GetStringTypeA
GetSystemDefaultUILanguage
IsDBCSLeadByteEx
MapViewOfFileExNuma
SetFileApisToANSI
SetFileApisToOEM
VirtualAllocExNuma
EnumCalendarInfoExEx
EnumDateFormatsExEx
EnumTimeFormatsEx
GetCurrencyFormatEx
GetEraNameCountedString
GetNumberFormatEx
GetSystemDefaultLocaleName
GetUserDefaultLocaleName
LCIDToLocaleName
GetNamedLocaleHashNode
GetLocaleInfoHelper
GetUserInfoWord
GetCalendar
SpecialMBToWC
Internal_EnumCalendarInfo
NlsValidateLocale
BaseReleaseProcessExePath
api-ms-win-core-processthreads-l1-1-0
TlsGetValue
SetThreadPriority
SetProcessShutdownParameters
SetPriorityClass
ResumeThread
QueueUserAPC
ProcessIdToSessionId
OpenThread
GetThreadPriorityBoost
GetThreadPriority
GetStartupInfoW
GetProcessTimes
GetPriorityClass
GetExitCodeThread
GetCurrentThreadId
GetCurrentThread
GetProcessId
GetProcessIdOfThread
GetThreadId
GetCurrentProcessId
CreateRemoteThreadEx
GetExitCodeProcess
TlsFree
TlsAlloc
TerminateThread
TerminateProcess
SwitchToThread
SuspendThread
SetThreadStackGuarantee
SetThreadPriorityBoost
OpenProcessToken
TlsSetValue
SetProcessAffinityUpdateMode
QueryProcessAffinityUpdateMode
GetProcessVersion
CreateRemoteThread
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcess
api-ms-win-core-heap-l1-1-0
HeapCreate
HeapSetInformation
HeapQueryInformation
HeapLock
HeapDestroy
GetProcessHeap
GetProcessHeaps
HeapWalk
HeapValidate
HeapUnlock
HeapCompact
HeapSummary
api-ms-win-core-memory-l1-1-0
MapViewOfFileEx
ReadProcessMemory
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
WriteProcessMemory
VirtualQueryEx
VirtualQuery
VirtualProtectEx
FlushViewOfFile
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
api-ms-win-core-handle-l1-1-0
DuplicateHandle
GetHandleInformation
SetHandleInformation
CloseHandle
api-ms-win-core-synch-l1-1-0
OpenProcess
OpenSemaphoreW
OpenWaitableTimerW
ReleaseMutex
ReleaseSemaphore
OpenMutexW
SetEvent
SetWaitableTimer
SleepEx
WaitForMultipleObjectsEx
WaitForSingleObjectEx
OpenEventW
OpenEventA
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
CreateWaitableTimerExW
CreateSemaphoreExW
CreateEventA
CreateEventW
CancelWaitableTimer
CreateEventExA
CreateEventExW
CreateMutexA
CreateMutexExA
CreateMutexExW
ResetEvent
CreateMutexW
api-ms-win-core-file-l1-1-0
GetFullPathNameW
GetFullPathNameA
SetFileTime
QueryDosDeviceW
CreateFileW
LockFile
GetFileSize
SetEndOfFile
WriteFile
SetFilePointer
ReadFile
WriteFileEx
WriteFileGather
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
RemoveDirectoryW
GetDiskFreeSpaceW
CreateDirectoryW
DefineDosDeviceW
FindFirstFileExA
FindFirstFileExW
FindClose
GetFileType
FlushFileBuffers
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
GetFileTime
DeleteFileA
GetFileAttributesA
FindNextFileW
FindFirstFileW
GetLogicalDriveStringsW
GetTempFileNameW
GetVolumeInformationW
CompareFileTime
CreateDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindCloseChangeNotification
FindFirstFileA
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindNextChangeNotification
FindNextFileA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
UnlockFileEx
GetDriveTypeA
GetDriveTypeW
GetFileAttributesExA
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetVolumeInformationByHandleW
LocalFileTimeToFileTime
LockFileEx
ReadFileScatter
ReadFileEx
RemoveDirectoryA
SetFileAttributesA
SetFileInformationByHandle
SetFilePointerEx
SetFileValidData
UnlockFile
api-ms-win-core-io-l1-1-0
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetQueuedCompletionStatus
CreateIoCompletionPort
CancelIoEx
GetOverlappedResult
DeviceIoControl
api-ms-win-core-threadpool-l1-1-0
ChangeTimerQueueTimer
CreateTimerQueue
UnregisterWaitEx
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueueTimer
api-ms-win-core-libraryloader-l1-1-0
GetModuleHandleA
GetModuleHandleW
GetModuleHandleExA
GetModuleHandleExW
LoadResource
LockResource
SizeofResource
GetProcAddress
GetModuleFileNameA
FreeLibraryAndExitThread
FindStringOrdinal
DisableThreadLibraryCalls
LoadLibraryExA
GetModuleFileNameW
FindResourceExW
FreeLibrary
LoadLibraryExW
FreeResource
api-ms-win-core-namedpipe-l1-1-0
PeekNamedPipe
DisconnectNamedPipe
CreatePipe
ConnectNamedPipe
GetNamedPipeAttribute
GetNamedPipeClientComputerNameW
WaitNamedPipeW
SetNamedPipeHandleState
CreateNamedPipeW
TransactNamedPipe
api-ms-win-core-misc-l1-1-0
IsWow64Process
LCMapStringA
LocalLock
LocalReAlloc
LocalUnlock
GlobalAlloc
FormatMessageW
FormatMessageA
NeedCurrentDirectoryForExePathA
EnumSystemLocalesA
PulseEvent
Sleep
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
lstrcmpW
lstrcmpiW
lstrcpynA
lstrcpynW
lstrlenA
FatalAppExitA
NeedCurrentDirectoryForExePathW
FatalAppExitW
LocalAlloc
GlobalFree
lstrlenW
LocalFree
IsProcessInJob
api-ms-win-core-sysinfo-l1-1-0
GetLocalTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTickCount64
GetTimeZoneInformation
GetTimeZoneInformationForYear
GetVersion
GetVersionExA
GetVersionExW
GetWindowsDirectoryW
SetLocalTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetDynamicTimeZoneInformation
GetLogicalProcessorInformation
GetSystemInfo
GetLogicalProcessorInformationEx
GetWindowsDirectoryA
GlobalMemoryStatusEx
GetTickCount
GetSystemTime
SystemTimeToFileTime
GetComputerNameExW
GetComputerNameExA
api-ms-win-core-localization-l1-1-0
VerLanguageNameA
FindNLSStringEx
SetThreadLocale
NlsWriteEtwEvent
NlsEventDataDescCreate
ConvertDefaultLocale
VerLanguageNameW
SetLocaleInfoW
SetCalendarInfoW
LCMapStringW
IsValidLocale
IsValidLanguageGroup
IsValidCodePage
IsNLSDefinedString
GetUserDefaultLCID
GetUserDefaultLangID
GetThreadLocale
GetSystemDefaultLCID
GetSystemDefaultLangID
GetProcessPreferredUILanguages
GetOEMCP
GetLocaleInfoW
GetCPInfoExW
GetCPInfo
GetACP
GetFileMUIPath
FindNLSString
NlsUpdateSystemLocale
NlsUpdateLocale
NlsGetCacheUpdateCount
NlsCheckPolicy
GetCalendarInfoW
GetCalendarInfoEx
GetLocaleInfoEx
GetSystemPreferredUILanguages
GetThreadPreferredUILanguages
GetThreadUILanguage
GetUILanguageInfo
GetUserPreferredUILanguages
IsValidLocaleName
LCMapStringEx
LocaleNameToLCID
ResolveLocaleName
GetFileMUIInfo
api-ms-win-core-processenvironment-l1-1-0
GetEnvironmentStrings
GetEnvironmentVariableW
SearchPathW
SetStdHandleEx
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetEnvironmentStringsW
SetEnvironmentStringsW
GetEnvironmentVariableA
GetStdHandle
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
api-ms-win-core-string-l1-1-0
GetStringTypeW
GetStringTypeExW
FoldStringW
CompareStringW
WideCharToMultiByte
CompareStringOrdinal
CompareStringEx
MultiByteToWideChar
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-errorhandling-l1-1-0
GetLastError
GetErrorMode
RaiseException
SetErrorMode
SetLastError
api-ms-win-core-fibers-l1-1-0
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
api-ms-win-core-util-l1-1-0
Beep
api-ms-win-core-profile-l1-1-0
QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-security-base-l1-1-0
AllocateAndInitializeSid
FreeSid
DuplicateToken
AccessCheck
Exports
Exports
AcquireSRWLockExclusive
AcquireSRWLockShared
ActivateActCtx
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AddDllDirectory
AddIntegrityLabelToBoundaryDescriptor
AddLocalAlternateComputerNameA
AddLocalAlternateComputerNameW
AddRefActCtx
AddSIDToBoundaryDescriptor
AddSecureMemoryCacheCallback
AddVectoredContinueHandler
AddVectoredExceptionHandler
AdjustCalendarDate
AllocConsole
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
AreFileApisANSI
AssignProcessToJobObject
AttachConsole
BackupRead
BackupSeek
BackupWrite
BaseCheckAppcompatCache
BaseCheckAppcompatCacheEx
BaseCheckRunApp
BaseCleanupAppcompatCacheSupport
BaseDllReadWriteIniFile
BaseDumpAppcompatCache
BaseFlushAppcompatCache
BaseFormatObjectAttributes
BaseFormatTimeOut
BaseGenerateAppCompatData
BaseGetNamedObjectDirectory
BaseInitAppcompatCacheSupport
BaseIsAppcompatInfrastructureDisabled
BaseQueryModuleData
BaseSetLastNTError
BaseThreadInitThunk
BaseUpdateAppcompatCache
BaseVerifyUnicodeString
Basep8BitStringToDynamicUnicodeString
BasepAllocateActivationContextActivationBlock
BasepAnsiStringToDynamicUnicodeString
BasepCheckAppCompat
BasepCheckBadapp
BasepCheckWinSaferRestrictions
BasepFreeActivationContextActivationBlock
BasepFreeAppCompatData
BasepMapModuleHandle
Beep
BeginUpdateResourceA
BeginUpdateResourceW
BindIoCompletionCallback
BuildCommDCBA
BuildCommDCBAndTimeoutsA
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallNamedPipeA
CallNamedPipeW
CallbackMayRunLong
CancelDeviceWakeupRequest
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelTimerQueueTimer
CancelWaitableTimer
ChangeTimerQueueTimer
CheckElevation
CheckElevationEnabled
CheckForReadOnlyResource
CheckNameLegalDOS8Dot3A
CheckNameLegalDOS8Dot3W
CheckRemoteDebuggerPresent
ClearCommBreak
ClearCommError
CloseConsoleHandle
CloseHandle
ClosePrivateNamespace
CloseProfileUserMapping
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CmdBatNotification
CommConfigDialogA
CommConfigDialogW
CompareCalendarDates
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ConsoleMenuControl
ContinueDebugEvent
ConvertCalDateTimeToSystemTime
ConvertDefaultLocale
ConvertFiberToThread
ConvertNLSDayOfWeekToWin32DayOfWeek
ConvertSystemTimeToCalDateTime
ConvertThreadToFiber
ConvertThreadToFiberEx
CopyContext
CopyFileA
CopyFileExA
CopyFileExW
CopyFileTransactedA
CopyFileTransactedW
CopyFileW
CopyLZFile
CreateActCtxA
CreateActCtxW
CreateBoundaryDescriptorA
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExA
CreateDirectoryExW
CreateDirectoryTransactedA
CreateDirectoryTransactedW
CreateDirectoryW
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFiber
CreateFiberEx
CreateFileA
CreateFileMappingA
CreateFileMappingNumaA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileTransactedA
CreateFileTransactedW
CreateFileW
CreateHardLinkA
CreateHardLinkTransactedA
CreateHardLinkTransactedW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectA
CreateJobObjectW
CreateJobSet
CreateMailslotA
CreateMailslotW
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeA
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceA
CreatePrivateNamespaceW
CreateProcessA
CreateProcessAsUserW
CreateProcessInternalA
CreateProcessInternalW
CreateProcessW
CreateRemoteThread
CreateRemoteThreadEx
CreateSemaphoreA
CreateSemaphoreExA
CreateSemaphoreExW
CreateSemaphoreW
CreateSocketHandle
CreateSymbolicLinkA
CreateSymbolicLinkTransactedA
CreateSymbolicLinkTransactedW
CreateSymbolicLinkW
CreateTapePartition
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
CreateWaitableTimerA
CreateWaitableTimerExA
CreateWaitableTimerExW
CreateWaitableTimerW
CtrlRoutine
DeactivateActCtx
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DebugBreakProcess
DebugSetProcessKillOnExit
DecodePointer
DecodeSystemPointer
DefineDosDeviceA
DefineDosDeviceW
DelayLoadFailureHook
DeleteAtom
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileTransactedA
DeleteFileTransactedW
DeleteFileW
DeleteProcThreadAttributeList
DeleteTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointA
DeleteVolumeMountPointW
DeviceIoControl
DisableThreadLibraryCalls
DisableThreadProfiling
DisassociateCurrentThreadFromCallback
DisconnectNamedPipe
DnsHostnameToComputerNameA
DnsHostnameToComputerNameW
DosDateTimeToFileTime
DosPathToSessionPathA
DosPathToSessionPathW
DuplicateConsoleHandle
DuplicateHandle
EnableThreadProfiling
EncodePointer
EncodeSystemPointer
EndUpdateResourceA
EndUpdateResourceW
EnterCriticalSection
EnumCalendarInfoA
EnumCalendarInfoExA
EnumCalendarInfoExEx
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsA
EnumDateFormatsExA
EnumDateFormatsExEx
EnumDateFormatsExW
EnumDateFormatsW
EnumLanguageGroupLocalesA
EnumLanguageGroupLocalesW
EnumResourceLanguagesA
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceLanguagesW
EnumResourceNamesA
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceNamesW
EnumResourceTypesA
EnumResourceTypesExA
EnumResourceTypesExW
EnumResourceTypesW
EnumSystemCodePagesA
EnumSystemCodePagesW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemLanguageGroupsA
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumTimeFormatsA
EnumTimeFormatsEx
EnumTimeFormatsW
EnumUILanguagesA
EnumUILanguagesW
EnumerateLocalComputerNamesA
EnumerateLocalComputerNamesW
EraseTape
EscapeCommFunction
ExitProcess
ExitThread
ExitVDM
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExpungeConsoleCommandHistoryA
ExpungeConsoleCommandHistoryW
FatalAppExitA
FatalAppExitW
FatalExit
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindActCtxSectionGuid
FindActCtxSectionStringA
FindActCtxSectionStringW
FindAtomA
FindAtomW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileNameTransactedW
FindFirstFileNameW
FindFirstFileTransactedA
FindFirstFileTransactedW
FindFirstFileW
FindFirstStreamTransactedW
FindFirstStreamW
FindFirstVolumeA
FindFirstVolumeMountPointA
FindFirstVolumeMountPointW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileNameW
FindNextFileW
FindNextStreamW
FindNextVolumeA
FindNextVolumeMountPointA
FindNextVolumeMountPointW
FindNextVolumeW
FindResourceA
FindResourceExA
FindResourceExW
FindResourceW
FindStringOrdinal
FindVolumeClose
FindVolumeMountPointClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringA
FoldStringW
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeResource
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GetACP
GetActiveProcessorCount
GetActiveProcessorGroupCount
GetApplicationRecoveryCallback
GetApplicationRestartSettings
GetAtomNameA
GetAtomNameW
GetBinaryType
GetBinaryTypeA
GetBinaryTypeW
GetCPInfo
GetCPInfoExA
GetCPInfoExW
GetCalendarDateFormat
GetCalendarDateFormatEx
GetCalendarDaysInMonth
GetCalendarDifferenceInDays
GetCalendarInfoA
GetCalendarInfoEx
GetCalendarInfoW
GetCalendarMonthsInYear
GetCalendarSupportedDateRange
GetCalendarWeekNumber
GetComPlusPackageInstallStatus
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeTransactedA
GetCompressedFileSizeTransactedW
GetCompressedFileSizeW
GetComputerNameA
GetComputerNameExA
GetComputerNameExW
GetComputerNameW
GetConsoleAliasA
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
GetConsoleAliasW
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP
GetConsoleCharType
GetConsoleCommandHistoryA
GetConsoleCommandHistoryLengthA
GetConsoleCommandHistoryLengthW
GetConsoleCommandHistoryW
GetConsoleCursorInfo
GetConsoleCursorMode
GetConsoleDisplayMode
GetConsoleFontInfo
GetConsoleFontSize
GetConsoleHardwareState
GetConsoleHistoryInfo
GetConsoleInputExeNameA
GetConsoleInputExeNameW
GetConsoleInputWaitHandle
GetConsoleKeyboardLayoutNameA
GetConsoleKeyboardLayoutNameW
GetConsoleMode
GetConsoleNlsMode
GetConsoleOriginalTitleA
GetConsoleOriginalTitleW
GetConsoleOutputCP
GetConsoleProcessList
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
GetConsoleSelectionInfo
GetConsoleTitleA
GetConsoleTitleW
GetConsoleWindow
GetCurrencyFormatA
GetCurrencyFormatEx
GetCurrencyFormatW
GetCurrentActCtx
GetCurrentConsoleFont
GetCurrentConsoleFontEx
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentProcessorNumberEx
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatEx
GetDateFormatW
GetDefaultCommConfigA
GetDefaultCommConfigW
GetDevicePowerState
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDllDirectoryA
GetDllDirectoryW
GetDriveTypeA
GetDriveTypeW
GetDurationFormat
GetDurationFormatEx
GetDynamicTimeZoneInformation
GetEnabledXStateFeatures
GetEnvironmentStrings
GetEnvironmentStringsA
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetEraNameCountedString
GetErrorMode
GetExitCodeProcess
GetExitCodeThread
GetExpandedNameA
GetExpandedNameW
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesTransactedA
GetFileAttributesTransactedW
GetFileAttributesW
GetFileBandwidthReservation
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileMUIInfo
GetFileMUIPath
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleA
Sections
.text Size: 832KB - Virtual size: 770KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 64KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 64KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 64KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ