04052024_0707_x64__x32__installer[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

04052024_0707_x64__x32__installer.zip
Size

8.1MB
MD5

8a91579ff87e6d336e41d7acc9b512b4
SHA1

7126519ff9115da34567bf805ead832f7d035d9f
SHA256

15bbddd1091275f2fbf16ca9540db97d947659fb6b388d52ec5b0d7dc52e03bd
SHA512

c2d47c10c79d64ccb99542c718a57d5644d95f5c01f6f48e774344b351eb3945d97e6d0b32f86c55c2f9d107937aeeb7480215d9495a71b11f8f9d0563dfde24
SSDEEP

196608:dhqg+0dQgkgH0+joBinvDImVDEAZs8Z6gnZ182tTh:d4g+0d2FBinvDTy8nnZ1Th

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack002/coredpus/cdosys.dll
unpack002/coredpus/coredpus.dll
unpack002/iasnap/iasnap.dll
unpack002/iasnap/mprddm.dll
unpack002/srhelper/PortableDeviceApi.dll
unpack002/srhelper/srhelper.dll
unpack002/winmde/daxexec.dll
unpack002/winmde/mi.dll

Files

04052024_0707_x64__x32__installer.zip
.zip

Password: 2024
password.jpg
x64__x32___setup.zip
.zip

Password: 2024
coredpus/cdosys.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

79823c80321949fbbf83a840442912fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cdosys.pdb

Imports

msvcrt

_lock
_unlock
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
wcsrchr
wcstok
isspace
strtoul
bsearch
qsort
towlower
toupper
tolower
_strdup
isdigit
_XcptFilter
memchr
memcmp
memset
_amsg_exit
_initterm
__CxxFrameHandler3
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__dllonexit
_onexit
towupper
atol
_wcslwr
strncmp
wcsncmp
strchr
_vsnwprintf
printf
strspn
sscanf_s
strrchr
strstr
_memicmp
swscanf
strpbrk
strcspn
wcsstr
_stricmp
_purecall
strcpy_s
realloc
strcat_s
malloc
free
_vsnprintf
_wsplitpath_s
iswspace
wcschr
_wcsnicmp
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__C_specific_handler
_wcsicmp
strcmp
wcscmp

kernel32

GetTimeZoneInformation
CompareFileTime
TlsAlloc
ResetEvent
IsDBCSLeadByteEx
GetModuleHandleExW
GetModuleHandleW
DebugBreak
IsValidCodePage
GetStringTypeW
GetFileTime
GlobalUnlock
GlobalHandle
GlobalFree
GlobalLock
SetUnhandledExceptionFilter
GlobalReAlloc
GetSystemDefaultLangID
GetCPInfo
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
FormatMessageA
GetLastError
MultiByteToWideChar
FormatMessageW
GetVersionExA
LoadLibraryA
FreeLibrary
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetSystemInfo
TlsFree
TlsGetValue
TlsSetValue
GetCurrentProcess
VirtualQuery
VirtualFree
VirtualAlloc
VirtualProtect
LoadLibraryExA
lstrcmpiA
lstrcpynA
WideCharToMultiByte
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceExA
GetModuleFileNameA
GetUserDefaultLCID
DisableThreadLibraryCalls
FileTimeToSystemTime
SystemTimeToFileTime
GetDateFormatA
GetTimeFormatA
GetDateFormatW
GetTimeFormatW
lstrlenA
GetCurrentProcessId
GetTickCount
CreateFileA
CloseHandle
GetSystemTimeAsFileTime
lstrlenW
GetACP
GetThreadLocale
GetLocaleInfoW
GetCurrentThreadId
LocalFree
GetTempPathA
GetTempFileNameA
CopyFileA
SetFileAttributesA
CreateFileW
CreateEventA
GetFileSize
ReadFile
GetOverlappedResult
WriteFile
SetFilePointer
SetEndOfFile
FlushFileBuffers
FindFirstFileA
FindNextFileA
FindClose
GetLocaleInfoA
GetCurrentThread
SetEvent
WaitForSingleObject
GetSystemTime
Sleep
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
GlobalAlloc

oleaut32

SetErrorInfo
VariantTimeToSystemTime
SafeArrayPutElement
SafeArrayCreateVector
CreateErrorInfo
VariantCopyInd
SysFreeString
SysAllocString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VariantChangeType
VariantCopy
SysAllocStringLen
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi
SystemTimeToVariantTime

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoCreateGuid
ProgIDFromCLSID
PropVariantClear
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

urlmon

CopyBindInfo
CoInternetGetSession
CoInternetParseUrl

winhttp

WinHttpSetOption
WinHttpCrackUrl

shlwapi

UrlCombineW

inetcomm

MimeOleInetDateToFileTime
MimeOleGetPropertySchema
MimeOleSetCompatMode
MimeOleCreateMessage
MimeOleGetInternat

advapi32

RegDeleteValueA
RegNotifyChangeKeyValue
ImpersonateLoggedOnUser
RevertToSelf
OpenThreadToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA

user32

DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
PostThreadMessageA
CharPrevA
CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 637KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
coredpus/coredpus.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

da479abc35be8e8d4aa3ee967e3e2b03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

coredpus.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
_onexit
memcmp
__CxxFrameHandler3
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
_initterm
__C_specific_handler
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_lock
?terminate@@YAXXZ
_callnewh
__dllonexit
_amsg_exit
_unlock
memset
??0exception@@QEAA@AEBV0@@Z
_XcptFilter
malloc
exit
memcpy_s
_wcsicmp
ldiv
_vsnprintf_s
memmove_s
wcschr
_wtol
wcsstr
wcsncat_s
wcscpy_s
wcsrchr
wcsncmp
sprintf_s
strncpy_s
_set_errno
_errno
strtol
strchr
strrchr
_wcsnicmp
_ltow_s
wcstoul
iswdigit
iswspace
_fpclass
_vsnwprintf
_purecall
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
free
wcscmp

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventRegister
EventWriteTransfer
EventUnregister

oleaut32

SysAllocStringByteLen
VariantInit
SystemTimeToVariantTime
SysStringByteLen
SysAllocStringLen
SysAllocString
VariantChangeTypeEx
VariantTimeToSystemTime
SysFreeString
VariantChangeType
VariantClear

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObjectEx
OpenSemaphoreW
EnterCriticalSection
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
WaitForSingleObject
CreateSemaphoreExW
CreateMutexExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

dmoleaututils

SafeArrayToBase64Str
Base64StrToSafeArray
SafeArrayToMultiString
MultiStringToSafeArray

dmcmnutils

SafeMultiByteToWideChar
DmGetActiveUserSid
UnicodeToMB
InvStrCmpW
IsPhoneOS
BigStrcat
InvStrCmpNIW
InvStrCmpIW
CopyString

dmiso8601utils

ISO8601StringToSystemTime
SystemTimeToISO8601String

policymanager

EnterprisePolicyManagerStore_IsValidPolicy
EnterprisePolicyManagerStore_IsAreaPolicySLAPIAllowed
EnterprisePolicyManagerStore_IsValidArea

ntdll

RtlIsStateSeparationEnabled

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

xmllite

CreateXmlWriter
CreateXmlReaderInputWithEncodingName
CreateXmlReader
CreateXmlWriterOutputWithEncodingName

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteTreeW
RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegGetValueW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateInstance
GetHGlobalFromStream
StringFromGUID2
CLSIDFromString
CoTaskMemFree
CreateStreamOnHGlobal

api-ms-win-shcore-stream-l1-1-0

IStream_Size
SHCreateMemStream

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

FindFirstFileW
FindNextFileW
FindClose

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

dmcfgutils

CfgUtilParseConfigDataTypeName
CfgUtilGetConfigDataTypeName

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iasnap/iasnap.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

276f643c51184b2ed8bddd2d24642366

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

iasnap.pdb

Imports

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
malloc
_callnewh
free
wcspbrk
wcschr
wcsspn
_wcsicmp
_purecall
_CxxThrowException
_XcptFilter
_amsg_exit
?what@exception@@UEBAPEBDXZ
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
iswdigit
sprintf_s
wcsrchr
_unlock
__dllonexit
_onexit
memmove
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
__C_specific_handler
memcpy
??0exception@@QEAA@AEBQEBD@Z
_initterm
memcpy_s
vsprintf_s
__CxxFrameHandler3
wcstoul
_ultow
wcscpy_s
wcstok
swscanf
wcscat_s
_strnicmp
_wcsupr_s
memset

atl

ord16
ord21
ord15
ord18
ord22
ord32

iassvcs

IASGetLocalDictionary
IASGlobalUnlock
IASGlobalLock
IASRegisterComponent
IASVariantChangeType

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIpv6StringToAddressW
RtlFreeHeap
RtlImageNtHeader
RtlAllocateHeap

advapi32

CloseServiceHandle
OpenSCManagerA
QueryServiceStatusEx
OpenServiceA
AllocateAndInitializeSid
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
TraceMessage
FreeSid
EqualSid

kernel32

DisableThreadLibraryCalls
Sleep
UnhandledExceptionFilter
CloseHandle
GetCurrentProcess
GetModuleFileNameW
GetLocalTime
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
SystemTimeToFileTime
CompareFileTime
TryEnterCriticalSection
SwitchToThread
FormatMessageA
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseSemaphore
SetThreadStackGuarantee
GetCurrentThreadId
WideCharToMultiByte
DeleteCriticalSection
LocalFree
GetLastError
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InitializeCriticalSection
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo

oleaut32

VariantInit
VariantClear
SysAllocString
VariantCopy
LoadRegTypeLi
SetErrorInfo
UnRegisterTypeLi
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantTimeToSystemTime
SysFreeString

rtutils

TraceVprintfExA
TraceDeregisterW
TraceRegisterExW

ws2_32

WSAGetLastError
htonl
GetNameInfoW

api-ms-win-core-com-l1-1-0

CoGetClassObject
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iasnap/mfds.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

57d7b97c9bb98b4b08ebf6acadfa64e1

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:44:62:f2:fe:ba:aa:17:d5:10:2d:0f:41:a9:a3:81:85:a5:48:72:54:4a:49:e9:0e:9a:fa:c8:e8:e1:10:36
Signer

Actual PE Digest

d9:44:62:f2:fe:ba:aa:17:d5:10:2d:0f:41:a9:a3:81:85:a5:48:72:54:4a:49:e9:0e:9a:fa:c8:e8:e1:10:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFDS.pdb

Imports

msvcrt

_purecall
memmove
wcscmp
_onexit
_lock
__dllonexit
_unlock
realloc
wcscat_s
wcscpy_s
_errno
memmove_s
free
malloc
towlower
_wcsicmp
iswdigit
_initterm
_ultoa_s
_wcsnicmp
wcsrchr
towupper
wcsncmp
_vsnprintf
wcsstr
_wcslwr
_ltoa_s
_i64toa_s
_gcvt_s
qsort
strncpy_s
strnlen
swprintf_s
__CxxFrameHandler3
_vsnwprintf_s
_wtoi
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
wcsncpy_s
_amsg_exit
__C_specific_handler
memcpy_s
calloc
memcpy
_XcptFilter
wcslen
memset
memcmp
iswalpha
_callnewh

oleaut32

SafeArrayUnaccessData
VariantClear
SafeArrayAccessData
SafeArrayCreate
SysAllocStringLen
VarUI4FromStr
SafeArrayDestroy
SysFreeString

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
ResetEvent
InitializeCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
InitializeSRWLock
WaitForSingleObject
LeaveCriticalSection
ReleaseSRWLockShared
EnterCriticalSection
AcquireSRWLockShared
CreateEventW
CreateSemaphoreExW
WaitForMultipleObjectsEx
ReleaseSemaphore
OpenEventW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
CreateThread
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue
SetThreadPriority
GetCurrentThread
GetThreadPriority
TlsSetValue

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoFreeUnusedLibraries
PropVariantCopy
CoCreateGuid
IIDFromString
CoTaskMemFree
StringFromGUID2
StringFromCLSID
CreateStreamOnHGlobal
PropVariantClear

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
SizeofResource
LoadLibraryExW
GetProcAddress
FindResourceExW
GetModuleHandleW
LoadResource
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegDeleteValueW
RegGetValueW
RegCloseKey

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW
lstrlenW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime
GetVersionExW
GetSystemInfo

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-mm-time-l1-1-0

timeGetTime
timeGetDevCaps
timeEndPeriod
timeBeginPeriod

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalAlloc

api-ms-win-core-file-l1-1-0

CreateFileW
WriteFile
GetFullPathNameW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-security-trustee-l1-1-0

BuildTrusteeWithSidW

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
VirtualFree
VirtualAlloc

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFamilyName

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InitAACAudioStream_
InitAC3AudioStream_
InitBDAVLPCMAudioStream_
InitDDPlusAudioStream_
InitDTSAudioStream_
InitH264Stream_
InitHEVCStream_
InitLPCMAudioStream_
InitLPCMMiracastAudioStream_
InitMpeg1VideoStream_
InitMpeg2VideoStream_
InitMpegAudioStream_
InitTrueHDAudioStream_
PESHeaderLength
PESPacketLength
PESPacketPTSinPCR
PackMuxRate
PackSCR
xCreateCannedMediaType
xMediaSubTypeTransform

Sections

.text
Size: 741KB - Virtual size: 741KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iasnap/mprddm.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

3789382f99badeacc871c4d16f2e91e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mprddm.pdb

Imports

msvcrt

_strcmpi
mbstowcs_s
wcscmp
wcstok_s
memmove
memset
strcmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
abort
memcmp
calloc
__crtLCMapStringW
memcpy
__crtCompareStringW
___lc_collate_cp_func
___lc_codepage_func
___lc_handle_func
__pctype_func
_errno
___mb_cur_max_func
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
_itow_s
strchr
wcscpy_s
realloc
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
_wcsdup
setlocale
_stricmp
_itow
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
strstr
_wtol
_ltow
iswdigit
__C_specific_handler
_vsnprintf
_itoa_s
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
time
wcschr
rand
_wtoi
srand
??3@YAXPEAX@Z
wcstombs
malloc
free
_wcsicmp
wcsstr
_purecall
__CxxFrameHandler3

kernel32

ReleaseMutex
MultiByteToWideChar
GlobalAlloc
WideCharToMultiByte
GetSystemTimeAsFileTime
GetModuleFileNameA
CreateSemaphoreExW
SetLastError
ReleaseSemaphore
DeleteCriticalSection
DeviceIoControl
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
GetCurrentThreadId
FormatMessageW
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
GetProcessHeap
GetModuleHandleW
HeapReAlloc
IsDebuggerPresent
Sleep
ExpandEnvironmentStringsW
GetComputerNameW
FreeLibrary
LoadLibraryExW
InitializeSRWLock
HeapCreate
SetWaitableTimer
CreateWaitableTimerW
InitializeCriticalSection
CreateThread
GetLocalTime
HeapDestroy
GetWindowsDirectoryW
GetQueuedCompletionStatus
CreateFileW
PostQueuedCompletionStatus
GetOverlappedResult
CreateIoCompletionPort
SetThreadExecutionState
GetTimeFormatW
GetDateFormatW
CreateThreadpool
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpool
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
SetConsoleCtrlHandler
LoadLibraryExA
SetProcessShutdownParameters
InitializeCriticalSectionAndSpinCount
CreateFileA
CreateEventA
CompareStringA
lstrcmpiW
TryEnterCriticalSection
GetStringTypeW
EncodePointer
DecodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetTickCount
LocalFree
SetEvent
LocalAlloc
WaitForMultipleObjectsEx
GetCurrentProcessId
HeapAlloc
CloseHandle
GetLastError
CreateEventW
OpenProcess
DuplicateHandle
WaitForSingleObject
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
HeapFree
CreateMutexW
DebugBreak
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetModuleHandleExW

advapi32

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
RegEnumKeyW
LsaClose
LsaOpenPolicy
LsaRetrievePrivateData
LsaStorePrivateData
LsaFreeMemory
CryptAcquireContextW
RegSetValueExW
RegOpenKeyW
PerfSetCounterRefValue
PerfStopProvider
PerfStartProviderEx
PerfCreateInstance
PerfDeleteInstance
PerfSetCounterSetInfo
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue
RegCloseKey
RegOpenKeyExA
CryptReleaseContext
RegSetValueExA
RegCreateKeyExA
CryptGenRandom
RegQueryValueExA
CryptAcquireContextA
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyExW
TraceMessage

ntdll

RtlIpv4AddressToStringA
RtlCreateTimerQueue
RtlCreateTimer
RtlUpdateTimer
RtlDeleteTimerQueueEx
RtlGetNtProductType
RtlIpv6AddressToStringA
RtlIpv4AddressToStringW
RtlIpv6StringToAddressA
RtlIpv6AddressToStringW
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
RtlFreeHeap
RtlAllocateHeap
EtwTraceMessage
RtlNtStatusToDosError
RtlInitUnicodeString

ole32

CoCreateGuid
CoInitializeEx
CLSIDFromString
CoUninitialize

rasapi32

RasFreeEapUserIdentityW
RasGetEntryDialParamsW
RasGetEntryPropertiesW
RasGetEapUserIdentityW
DDMGetRasDialingParams
RasConnectionNotificationW
RasGetConnectStatusW
DDMGetProtocolStartParams
DDMGetEapInfo
DDMComputeLuid
DDMUpdateProtocolConfigInfoFromEntry
DDMGetTunnelEndpoints
DDMGetRasDialParams
DDMGetPhoneBookContext
DDMFreeRemoteEndpoint
DDMGetPhonebookInfo
DDMFreePhonebookContext
RasGetHport
RasGetEntryAdvancedProperties
RasHangUpW
DDMGetEapUserIdentityW
RasDialW
DDMRasPbkEntryCleanup
RasFreeEntryAdvancedProperties
RasGetCustomAuthDataW
DDMFreeDialingParam
RasGetSubEntryHandleW

rpcrt4

UuidFromStringA
UuidFromStringW
UuidIsNil
UuidCreate
RpcRevertToSelf
RpcImpersonateClient

rtutils

RouterLogEventStringW
RouterLogEventW
RouterLogRegisterW
RouterLogDeregisterW
LogEventW
TraceDeregisterA
LogEventA
TraceVprintfExA
TracePrintfA
TraceRegisterExA

user32

LoadStringA
LoadStringW

iashlpr

AllocateAttributes
MemAllocIas
ShutdownIas
InitializeIas
DoRequest
MemFreeIas
FreeAttributes

ws2_32

ntohs
ntohl
htonl
inet_addr
inet_ntoa
WSAStringToAddressW
GetAddrInfoW
WSAGetLastError
FreeAddrInfoW
WSACleanup
WSAStartup

iphlpapi

DeleteProxyArpEntry
DeleteIpForwardEntry
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToGuid
SetIpInterfaceEntry
GetIpAddrTable
ConvertInterfaceGuidToLuid
SetIpStatisticsEx
SetCurrentThreadCompartmentId
InitializeIpInterfaceEntry
ConvertInterfaceLuidToIndex
GetCurrentThreadCompartmentId
GetAdaptersAddresses
CreateProxyArpEntry
ConvertIpv4MaskToLength

dnsapi

DnsDhcpSrvRegisterTerm
DnsDhcpSrvRegisterHostName
DnsSetConfigDword
DnsDhcpSrvRegisterInit

dhcpcsvc

DhcpRenewIpAddressLease
DhcpLeaseIpAddress
DhcpNotifyConfigChange
DhcpReleaseIpAddressLease

crypt32

CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertNameToStrW
CertDuplicateCertificateContext
CertCloseStore
CertCreateCertificateContext
CertFindCertificateInStore
CertFindChainInStore
CertGetNameStringW
CertCompareCertificate
CertOpenStore
CryptHashCertificate
CertGetCertificateContextProperty

eappcfg

EapHostPeerFreeErrorMemory
EapHostPeerQueryCredentialInputFields
EapHostPeerFreeMemory
EapHostPeerGetMethods

rasman

RasRegisterPnPHandler
RasGetFramingCapabilities
RasSetConnectionUserData
RasActivateRoute
RasPortGetProtocolCompression
RasGetTimeSinceLastActivity
RasCompressionGetInfo
RasGetInfo
RasPortCancelReceive
RasPortSetProtocolCompression
RasFreeBuffer
RasDeAllocateRoute
RasAllocateRoute
RasPortDisconnect
RasGetProtocolInfo
RasPortEnum
RasPortOpen
RasGetPortUserData
RasPortGetBundle
RasBundleGetPort
RasSendNotification
RasBundleClearStatisticsEx
RasSetTunnelEndPoints
RasDeviceGetInfo
RasCompressionSetInfo
RasInitialize
RasGetBuffer
RasPortSend
RasSendProtocolResultToRasman
RasUpdateDefaultRouteSettings
RasGetUnicodeDeviceName
RasPortConnectComplete
RasServerPortClose
RasPortListen
RasIsPulseDial
RasDeviceSetInfo
RasDeviceConnect
RasUpdateQoSPolicies
RasGetDeviceConfigInfo
RasSetDeviceConfigInfo
RasPortGetStatisticsEx
RasBundleGetStatisticsEx
RasPortClearStatistics
RasSetPortUserData
RasPortReceive
RasEnableIpSec
RasClearPortUserData
RasRequestNotification
RasSetRouterUsage
RasPortSetFramingEx
RasProtocolStarted
RasPortGetStatistics
RasReferenceRasman
RasGetKey
RasGetConnectInfo
RasGetConnectionUserData

eappprxy

EapHostPeerUninitialize
EapHostPeerInitialize

api-ms-win-devices-config-l1-1-1

CM_Get_Device_ID_ListW
CM_Locate_DevNodeW
CM_Open_DevNode_Key
CM_Get_Device_ID_List_SizeW
CM_MapCrToWin32Err

api-ms-win-core-heap-l2-1-0

GlobalFree

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegGetValueW

api-ms-win-core-processthreads-l1-1-0

TerminateThread
ExitThread

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-file-l1-1-0

DefineDosDeviceW

oleaut32

SysAllocString
SysFreeString
SafeArrayCreate
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayPutElement

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
OpenServiceA

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
StartServiceW

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-synch-l1-1-0

CreateMutexA

api-ms-win-core-localization-l1-2-0

GetACP

nsi

NsiGetParameterEx
NsiGetParameter
NsiSetAllParametersEx
NsiGetAllParametersEx
NsiEnumerateObjectsAllParametersEx

winnsi

NsiRpcDeregisterChangeNotification
NsiRpcRegisterChangeNotification
NsiConnectToServer
NsiDisconnectFromServer

fwpuclnt

FwpmTransactionCommit0
FwpmEngineClose0
FwpmFilterAdd0
IPsecSaDestroyEnumHandle0
IPsecSaCreateEnumHandle0
FwpmTransactionAbort0
FwpmFreeMemory0
FwpmProviderContextDeleteByKey0
FwpmProviderContextAdd0
FwpmEngineOpen0
FwpmProviderContextAdd2
FwpmFilterDeleteByKey0
IPsecSaEnum0
IPsecSaInitiateAsync0
FwpmTransactionBegin0

Exports

Exports

DDMAdminConnectionClearStats
DDMAdminConnectionEnum
DDMAdminConnectionEnumEx
DDMAdminConnectionGetInfo
DDMAdminConnectionGetInfoEx
DDMAdminInterfaceConnect
DDMAdminInterfaceDisconnect
DDMAdminPortClearStats
DDMAdminPortDisconnect
DDMAdminPortEnum
DDMAdminPortGetInfo
DDMAdminPortReset
DDMAdminRemoveQuarantine
DDMAdminRoutingDomainConnectionEnumEx
DDMAdminServerGetInfo
DDMAdminServerGetInfoEx
DDMAdminServerSetInfo
DDMAdminServerSetInfoEx
DDMAdminUpdateConnection
DDMAdminUpdateQoSPolicies
DDMConnectInterface
DDMDisconnectInterface
DDMGetIdentityAttributes
DDMHandleRoutingDomainConfigChange
DDMPlumbRDIkev2TunnelPolicy
DDMPostCleanup
DDMRegisterConnectionNotification
DDMSendUserMessage
DDMServiceInitialize
DDMServicePostListens
DDMTransportCreate
DdmDeleteIkev2PskPolicy
DdmGetKey
DdmPlumbIkev2PskPolicy
DdmSetKey
DdmUpdateGlobalPhoneBookContext
IfObjectConnectionChangeNotification
IfObjectFreePhonebookContext
IfObjectGetStatistics
IfObjectLoadDestinationInfo
IfObjectLoadPhonebookInfo
IfObjectSetDialoutHoursRestriction
IfObjectUpdatePbkExtraInfo
IfObjectUpdatePbkInfo
MarkInterfaceAsReachable
RasAcctConfigChangeNotification
RasAcctProviderFreeAttributes
RasAcctProviderInitialize
RasAcctProviderInterimAccounting
RasAcctProviderStartAccounting
RasAcctProviderStopAccounting
RasAcctProviderTerminate
RasAuthConfigChangeNotification
RasAuthProviderAuthenticateUser
RasAuthProviderFreeAttributes
RasAuthProviderInitialize
RasAuthProviderTerminate
RasConnectionInitiate
ReConnectInterface
ReConnectPersistentInterface
TimerQInsert
TimerQRemove

Sections

.text
Size: 617KB - Virtual size: 617KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi
srhelper/PortableDeviceApi.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

5e8b54c7834ae32bb269474f1e70d7a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PortableDeviceApi.pdb

Imports

msvcrt

realloc
wcsncmp
_vscwprintf
_callnewh
_errno
_wcsicmp
calloc
memmove_s
??1type_info@@UEAA@XZ
memset
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
wcsnlen
_purecall
wcscat_s
_lock
_XcptFilter
_amsg_exit
wcscpy_s
_initterm
?terminate@@YAXXZ
free
malloc
wcsncpy_s
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
vswprintf_s
_CxxThrowException
memcmp
memcpy
wcscmp

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibraryAndExitThread
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameA
SizeofResource
LockResource
LoadResource
GetProcAddress
FindResourceExW
GetModuleHandleExW
LoadStringW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
CreateEventW
AcquireSRWLockExclusive
SetEvent
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
EnterCriticalSection
ReleaseSemaphore
CreateMutexExW
InitializeCriticalSection
CreateSemaphoreExW
LeaveCriticalSection
DeleteCriticalSection
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

CreateThread
OpenProcessToken
GetCurrentThread
OpenThreadToken
TerminateProcess
ResumeThread
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

rpcrt4

NdrCStdStubBuffer_Release
NdrStubCall3
CStdStubBuffer_IsIIDSupported
NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
NdrDllGetClassObject
NdrDllRegisterProxy
CStdStubBuffer_Connect
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Invoke
NdrOleAllocate
CStdStubBuffer_QueryInterface
NdrStubForwardingFunction
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrClientCall3

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
TraceEvent
GetTraceEnableLevel
RegisterTraceGuidsW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-security-base-l1-1-0

GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation

api-ms-win-core-io-l1-1-0

CancelIoEx
DeviceIoControl
GetOverlappedResult

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
CallbackMayRunLong
FreeLibraryWhenCallbackReturns

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

kernel32

GetCurrentPackageFamilyName
lstrcmpiW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srhelper/sppobjs.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

2a792d67dfe610abcc350de541c7dfbc

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:43:01:14:ec:d7:38:aa:e6:df:7a:0e:8e:ab:73:da:5a:99:e6:b6:4f:52:c1:29:e2:5b:c0:e1:8c:1a:16:f8
Signer

Actual PE Digest

b8:43:01:14:ec:d7:38:aa:e6:df:7a:0e:8e:ab:73:da:5a:99:e6:b6:4f:52:c1:29:e2:5b:c0:e1:8c:1a:16:f8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sppobjs.pdb

Imports

msvcrt

memchr
memcmp
memmove
__CxxFrameHandler3
_wtoi
_itow_s
memcpy
_wcsicmp
memset
_onexit
__dllonexit
swscanf_s
_wcsnicmp
_purecall
memcpy_s
wcsncmp
wcschr
_wtol
wcsstr
_unlock
log10
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
wcscmp

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateEventW
ReleaseSRWLockExclusive
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
ReleaseSemaphore

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
UnmapViewOfFile
VirtualQuery

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
OpenProcessToken
SetThreadPriority
TerminateProcess
GetCurrentProcess
GetThreadPriority
OpenThread
SetPriorityClass

api-ms-win-core-rtlsupport-l1-1-0

RtlAddFunctionTable
RtlVirtualUnwind
RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetComputerNameExW
GetSystemTime
GetVersionExW
GetVersionExA
GetLocalTime

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegEnumKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

GetProcessAffinityMask
UnregisterWaitEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteTimerQueueTimer
FileTimeToSystemTime
CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
RegisterWaitForSingleObject
ChangeTimerQueueTimer
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
OpenProcess
AssignProcessToJobObject
CreateJobObjectW
SetInformationJobObject
InitializeCriticalSection
CreateThread

ntdll

RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
NtQueryInformationThread
NtSetInformationThread
NtSetInformationProcess
NtQuerySystemInformation

oleaut32

BSTR_UserFree64
BSTR_UserFree
BSTR_UserMarshal64
LPSAFEARRAY_UserSize64
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserUnmarshal64
BSTR_UserSize64
VariantInit
SysAllocString
SysStringByteLen
SysFreeString
SysStringLen
VariantCopy
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
LPSAFEARRAY_UserSize
GetErrorInfo
LPSAFEARRAY_UserFree64
VariantClear
LPSAFEARRAY_UserMarshal64
BSTR_UserUnmarshal
BSTR_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal
BSTR_UserSize

clipc

ClipQueryAssociateId
ClipOpen
ClipClose

api-ms-win-core-com-l1-1-0

CoDisconnectContext
CoFreeUnusedLibraries
CoGetInterfaceAndReleaseStream
CoRegisterPSClsid
CoRevokeClassObject
CoRegisterClassObject
CoMarshalInterThreadInterfaceInStream
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegSetKeySecurity

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
GetTimeZoneInformation

api-ms-win-core-file-l1-1-0

WriteFile
CompareFileTime
ReadFile

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-l1-2-0

GetUserGeoID
GetSystemDefaultLangID
LCMapStringW

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-io-l1-1-1

CancelIo

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrOleFree
UuidCreate
CStdStubBuffer_AddRef
I_RpcMapWin32Status
NdrCStdStubBuffer_Release
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
RpcStringFreeW
UuidToStringW
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
RpcImpersonateClient
RpcRevertToSelfEx
CStdStubBuffer_Invoke
UuidFromStringW
CStdStubBuffer_Connect

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-security-base-l1-1-0

FreeSid
CheckTokenMembership
EqualSid
AllocateAndInitializeSid
GetTokenInformation

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

combase

ord2
ord3
ord4

netapi32

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

cryptbase

SystemFunction036

Exports

Exports

SppPluginCanUnloadNow
SppPluginCreateInstance
SppPluginInitialize
SppPluginShutdown
SppPluginVersion

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srhelper/srhelper.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b962a3d0b5b6a82892fdfc5fb626c050

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

srhelper.pdb

Imports

msvcrt

strchr
_vscwprintf
memcmp
__C_specific_handler
free
malloc
wcscat_s
realloc
qsort
_callnewh
_XcptFilter
_amsg_exit
_initterm
memcpy
_wcsicmp
_vsnwprintf
memset

sxshared

SxTracerGetThreadContextRetail
SxTracerShouldTrackFailure
SxTracerDebuggerBreak

spp

SppFreeGroupPropArray

kernel32

GetSystemTimeAsFileTime
CopyFileW
GetFileSizeEx
ReadFile
WriteFile
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
lstrcpynW
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
CloseHandle
DisableThreadLibraryCalls
HeapDestroy
GetTickCount64
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
LocalFree
GetFileAttributesW
CreateDirectoryW
DeleteFileW
GetCurrentThread
SetLastError
ExpandEnvironmentStringsW
SetFileAttributesW
GetDateFormatW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
GetLastError
FindFirstFileW
MoveFileExW
CreateFileW
FindClose
RaiseException
DeleteCriticalSection

user32

CharPrevW
CharNextW

advapi32

AdjustTokenPrivileges
RegUnLoadKeyW
RegCloseKey
DeregisterEventSource
ReportEventW
RegisterEventSourceW
EqualSid
CreateWellKnownSid
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
CopySid
GetTokenInformation
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegLoadKeyW

ntdll

EtwTraceMessage
RtlComputeCrc32
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlGetLastNtStatus
RtlFreeHeap
RtlCreateSystemVolumeInformationFolder
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlNtStatusToDosError
NtSetInformationFile
NtQueryInformationFile

rpcrt4

NdrMesTypeDecode3
MesDecodeBufferHandleCreate
NdrMesTypeEncode3
MesHandleFree
I_RpcExceptionFilter
MesEncodeDynBufferHandleCreate

ole32

CLSIDFromString
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
StringFromCLSID
CoTaskMemAlloc
CoCreateGuid

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr

setupapi

SetupDiClassNameFromGuidW

drvstore

DriverPackageClose
DriverPackageOpenW
DriverPackageGetVersionInfoW
DriverStoreOpenW
DriverStoreEnumW
DriverStoreClose
DriverStoreDriverPackageResolveCallbackW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winmde/MMDevAPI.dll
.dll regsvr32 windows:10 windows x64 arch:x64

a7d2c90cee1460527c702933e341f400

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:47:68:aa:ed:a2:09:d6:5f:52:c6:5e:88:53:66:29:50:1e:48:8a:98:df:e3:10:48:ba:15:7e:47:91:12:19
Signer

Actual PE Digest

68:47:68:aa:ed:a2:09:d6:5f:52:c6:5e:88:53:66:29:50:1e:48:8a:98:df:e3:10:48:ba:15:7e:47:91:12:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MMDevAPI.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcsncmp
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wtoi
_o_calloc
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
_o_wcstoul
__CxxFrameHandler3
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__std_terminate
__C_specific_handler
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameA
SizeofResource
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleFileNameW
LoadResource
FindResourceExW
DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
EnterCriticalSection
ReleaseSemaphore
ResetEvent
LeaveCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSection
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
OpenSemaphoreW
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventExW
CreateMutexExW
CreateEventW
SetEvent
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapFree
GetProcessHeap
HeapSize
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegDeleteTreeW

api-ms-win-core-processthreads-l1-1-0

OpenThread
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
ProcessIdToSessionId
GetCurrentProcessId

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadLocale
SetThreadLocale

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall3
RpcStringFreeW

ntdll

EtwGetTraceLoggerHandle
EtwTraceMessage
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlGetPersistedStateLocation
ShipAssert
EtwLogTraceEvent
EtwNotificationRegister
EtwNotificationUnregister
EtwSendNotification
RtlDllShutdownInProgress
RtlQueryPackageClaims

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
TrySubmitThreadpoolCallback
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
SetThreadpoolWait

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-io-l1-1-1

CancelSynchronousIo
CancelIo
GetOverlappedResultEx

api-ms-win-core-io-l1-1-0

CancelIoEx
DeviceIoControl

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

devobj

DevObjGetClassDevs
DevObjGetDeviceInterfacePropertyKeys
DevObjGetDeviceInterfaceAlias
DevObjGetDeviceInterfaceProperty
DevObjOpenDeviceInterfaceRegKey
DevObjSetDeviceProperty
DevObjCreateDeviceInfoList
DevObjDestroyDeviceInfoList
DevObjGetDeviceProperty
DevObjEnumDeviceInfo
DevObjGetDeviceInstanceId
DevObjOpenDeviceInfo
DevObjOpenDeviceInterface
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInterfaces
DevObjSetDeviceInterfaceProperty

api-ms-win-service-private-l1-1-0

UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage
RecordFeatureError

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-localization-private-l1-1-0

LoadStringByReference

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ActivateAudioInterfaceAsync
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 32B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winmde/Windows.Graphics.dll
.dll windows:10 windows x64 arch:x64

67e017ee26a48ed652efdca3e950c52a

Code Sign

33:00:00:02:ec:65:79:ad:1e:67:08:90:13:00:00:00:00:02:ec
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:e4:5e:6e:e1:7b:9d:b3:b9:07:64:d8:5e:40:9a:dd:d0:f7:31:c4:38:cb:b4:90:92:63:5c:fe:e2:12:4b:d9
Signer

Actual PE Digest

84:e4:5e:6e:e1:7b:9d:b3:b9:07:64:d8:5e:40:9a:dd:d0:f7:31:c4:38:cb:b4:90:92:63:5c:fe:e2:12:4b:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Graphics.pdb

Imports

msvcrt

_CxxThrowException
memcpy
memmove
??0exception@@QEAA@XZ
memcmp
memset
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_purecall
_callnewh
_amsg_exit
free
?what@exception@@UEBAPEBDXZ
__C_specific_handler
?terminate@@YAXXZ
_lock
__CxxFrameHandler3
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
pow
??0exception@@QEAA@AEBQEBDH@Z
toupper
??_V@YAXPEAX@Z
realloc
??1exception@@UEAA@XZ
malloc
??3@YAXPEAX@Z
??0exception@@QEAA@AEBQEBD@Z
_XcptFilter
memcpy_s
_vsnwprintf
_initterm
sqrt

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateSemaphoreExW
InitializeSRWLock
AcquireSRWLockShared
LeaveCriticalSection
CreateMutexExW
WaitForSingleObject
CreateEventExW
AcquireSRWLockExclusive
EnterCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockShared
ReleaseMutex
ReleaseSemaphore
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
OpenProcessToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister
EventProviderEnabled

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

shcore

ord251
ord255
ord246
ord250
ord252
ord240
ord253
CreateRandomAccessStreamOverStream
CreateStreamOverRandomAccessStream
SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask
CreateRandomAccessStreamOnFile
GetDpiForMonitor
ord244
GetScaleFactorForMonitor

ntdll

RtlWakeAllConditionVariable
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlSleepConditionVariableSRW
RtlCaptureStackBackTrace
wcsrchr
RtlIsMultiSessionSku
memmove_s
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlLoadString

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-file-l1-1-0

SetFilePointer
CreateFileW
GetFileAttributesW
ReadFile

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevFreeObjectProperties

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winmde/daxexec.dll
.dll windows:10 windows x64 arch:x64

5041e351eed7fd789520bd199556516e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

daxexec.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
_o_calloc
memmove
_o_free
_o_malloc
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcsncat_s
_o_wcsncpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__invalid_parameter_noinfo_noreturn
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__invalid_parameter_noinfo
_o__aligned_malloc
_o__initialize_onexit_table
_o__aligned_free
wcschr
__std_type_info_compare
_o___stdio_common_vswprintf
_o__initialize_narrow_environment
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcsncmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObject
InitializeCriticalSectionEx
ResetEvent
WaitForSingleObjectEx
OpenSemaphoreW
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseSRWLockShared
ReleaseMutex
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW
CreateSemaphoreExW
CreateEventExW
SetEvent
AcquireSRWLockExclusive
LeaveCriticalSection
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetProcessId
TlsFree
GetCurrentProcessId
OpenProcessToken
TerminateProcess
GetCurrentProcess
OpenThreadToken
TlsSetValue
CreateProcessAsUserW
TlsAlloc
OpenThread
TlsGetValue
SuspendThread
SetThreadToken
ProcessIdToSessionId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

rpcrt4

CStdStubBuffer_QueryInterface
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_Invoke
NdrOleAllocate
NdrCStdStubBuffer2_Release
NdrStubCall3
Ndr64AsyncClientCall
RpcBindingFree
RpcAsyncCancelCall
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcBindingFromStringBindingW
IUnknown_AddRef_Proxy
RpcAsyncInitializeHandle
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_Release_Proxy

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventProviderEnabled
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce

api-ms-win-core-com-midlproxystub-l1-1-0

NdrProxyForwardingFunction4
CStdStubBuffer2_Disconnect
NdrProxyForwardingFunction5
ObjectStublessClient3
NdrProxyForwardingFunction3
CStdStubBuffer2_Connect
CStdStubBuffer2_QueryInterface
ObjectStublessClient6
CStdStubBuffer2_CountRefs

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegGetValueW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegOpenCurrentUser
RegSetValueExW
RegOpenKeyExW

ntdll

RtlUpcaseUnicodeChar
RtlValidSid
NtOpenKeyTransactedEx
NtRenameKey
NtCreateKey
NtSetInformationKey
NtQueryInformationFile
NtDuplicateObject
NtQueryAttributesFile
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
NtDeleteValueKey
NtQueryDirectoryFileEx
NtSetSecurityObject
NtNotifyChangeKey
NtDeleteFile
NtFlushKey
NtCreateKeyTransacted
NtSetInformationFile
NtNotifyChangeMultipleKeys
NtOpenKeyEx
NtOpenKey
NtEnumerateValueKey
NtEnumerateKey
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtDeleteKey
NtQueryMultipleValueKey
NtQueryKey
NtSetInformationJobObject
NtTerminateJobObject
NtMakeTemporaryObject
NtQueryDirectoryFile
NtCreateJobObject
NtCreateMutant
NtOpenMutant
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlDosPathNameToNtPathName_U_WithStatus
RtlCopySid
EtwEventUnregister
EtwEventWrite
NtSetValueKey
EtwEventRegister
NtOpenJobObject
NtQuerySecurityAttributesToken
NtOpenFile
RtlFindAceByType
RtlEqualSid
RtlGetLastNtStatus
NtQueryInformationProcess
RtlLengthSid
RtlFreeHeap
RtlAllocateHeap
NtWaitForMultipleObjects
PssNtFreeSnapshot
PssNtCaptureSnapshot
NtOpenProcess
NtAlpcSendWaitReceivePort
NtAlpcConnectPort
RtlAllocateAndInitializeSid
NtQuerySystemInformation
NtClose
NtWaitForSingleObject
NtOpenEvent
EtwEventWriteNoRegistration
ZwUpdateWnfStateData
ZwQueryWnfStateNameInformation
NtOpenKeyTransacted
NtQueryValueKey
RtlDeriveCapabilitySidsFromName
wcsstr
NtCreateFile
RtlInitUnicodeString
NtQueryFullAttributesFile
RtlExpandEnvironmentStrings
NtQueryObject
RtlQueryEnvironmentVariable
RtlQueryResourcePolicy
RtlRunOnceComplete
RtlWow64IsWowGuestMachineSupported
RtlNtStatusToDosError
RtlFreeSid
RtlAdjustPrivilege
NtTerminateProcess
RtlCreateServiceSid
NtDuplicateToken
NtQueryInformationToken
RtlRunOnceExecuteOnce
RtlRunOnceBeginInitialize
NtQuerySecurityObject
RtlSleepConditionVariableSRW
RtlWakeAllConditionVariable
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive

api-ms-win-security-base-private-l1-1-1

CreateAppContainerToken

api-ms-win-core-file-l1-1-0

GetVolumePathNameW
CreateFileW
GetFileSizeEx
SetFileInformationByHandle
WriteFile
ReadFile
FlushFileBuffers
SetFileAttributesW
CreateDirectoryW
FindClose
GetVolumeInformationW
FindFirstFileW
GetFileInformationByHandle
GetFileAttributesW
DeleteFileW
RemoveDirectoryW
GetFinalPathNameByHandleW
GetLongPathNameW
FindNextFileW
FindFirstFileExW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

fltlib

FilterInstanceCreate
FilterInstanceClose
FilterConnectCommunicationPort
FilterAttach
FilterLoad
FilterSendMessage

profapi

ord102
ord101

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathAllocCombine
PathAllocCanonicalize
PathIsUNCEx
PathCchRemoveBackslash

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-console-l1-2-0

AttachConsole
FreeConsole

api-ms-win-core-console-l2-1-0

GenerateConsoleCtrlEvent

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW
PathUnExpandEnvStringsW

api-ms-win-core-wow64-l1-1-0

Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection

api-ms-win-core-job-l2-1-0

AssignProcessToJobObject

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrIsIntlEqualW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-windowserrorreporting-l1-1-0

GetApplicationRestartSettings

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-psm-key-l1-1-0

PsmGetApplicationNameFromKey
PsmGetPackageFullNameFromKey

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentDirectoryA

api-ms-win-core-io-l1-1-0

DeviceIoControl

container

?CreateContainer@container@@YAXPEAXAEBUContainer@DefinitionFile@1@_N0@Z
WcRegisterForContainerTerminationNotification
WcCleanupContainer
WcIsContainerQuiescent
WcGetContainerIdentifier
WcReleaseContainerTerminationNotification
?GetContainerIdentifierString@container@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PEAX@Z
WcGetComRegistryRoot

api-ms-win-appmodel-identity-l1-2-0

AppContainerDeriveSidFromMoniker

api-ms-win-appmodel-state-l1-2-0

GetStateFolder
GetSecureSystemAppDataFolder
GetSystemAppDataFolder
GetPublisherRootFolder
OpenStateExplicit
CloseState

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

msvcp_win

?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPEADK@Z
_Make_dir
_File_size
_Remove_dir
_Unlink
_Stat
_Lstat
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Open_dir
_Read_dir
_Close_dir
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?_Xout_of_range@std@@YAXPEBD@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Xtime_get_ticks
_Query_perf_frequency
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Query_perf_counter
_Thrd_yield
_Thrd_sleep
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

appxdeploymentclient

ord68

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

AddLookaside
AddProcessToHeliumContainer
CheckAppXPackageBreakaway
CheckApplicationInCurrentPackage
CloseAppExecutionAlias
CloseJitvSilo
CompleteAppExecutionAliasProcessCreation
CreateAppExecutionAlias
CreateDesktopAppXActivationInfo
CreateDesktopAppXLocalCacheStructure
CreateDesktopAppXTombstoneFile
CreateJitvSilo
CurrentThreadIsInVirtualizationContext
DetokenizeDesktopAppXOfflineRegistry
DisableDesktopAppXDebuggingForPackage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DoesPackageHaveElevationCapability
DoesPackageHaveUIAccessCapability
DoesPluginSupportCentennial
EnableDesktopAppXDebuggingForPackage
EnsureDesktopAppXPackageShutdown
EnterPackageVirtualizationContext
FreeAppExecutionAliasInfo
FreeAppExecutionAliasInfoWithLicenseRundown
FreeDesktopAppXActivationInfo
FreeDesktopAppXLaunchContext
GetAppExecutionAliasApplicationUserModelId
GetAppExecutionAliasExecutable
GetAppExecutionAliasPackageFamilyName
GetAppExecutionAliasPackageFullName
GetApplicationExecutableRelativePath
GetDesktopAppXComRootHandle
LeavePackageVirtualizationContext
LoadAppExecutionAliasInfo
MigrateWritablePackageRootData
OpenAppExecutionAlias
OpenAppExecutionAliasForUser
PerformAppxLicenseRundown
PersistAppExecutionAliasToFile
PostCreateProcessDesktopAppXActivation
PrepareDesktopAppXActivation
RegisterDesktopAppXPackageFamily
RegisterDesktopAppXPackageFamilyIfNecessary
RemoveDesktopAppXMetadataForFolder
RemoveLookaside
SetDesktopAppXMetadataForFolder
SetDesktopAppXMetadataForPackage
TryActivateDesktopAppXApplication
VerifyFileIsTrustedAndInPackage

Sections

.text
Size: 485KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winmde/mi.dll
.dll windows:10 windows x64 arch:x64

89d27046cb786351e771526caf261b26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mi.pdb

Imports

msvcrt

memcpy
wcstoul
swprintf_s
_wcsicmp
_set_output_format
_ui64tow_s
_i64tow_s
_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
memset
wcscpy_s
wcscmp

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetCurrentThread
TerminateProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-security-base-l1-1-0

ImpersonateSelf
RevertToSelf

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadStringW
DisableThreadLibraryCalls
LoadLibraryExW
GetProcAddress

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

ntdll

RtlEqualSid

miutils

Instance_SetElementArrayItem
RCClass_AddElementQualifier
XMLDOM_Parse
RCClass_AddMethodParameterQualifierArray
RCClass_AddElementArray
OSC_Type_GetSize
RCClass_New
RCClass_AddElementQualifierArrayItem
OSC_StringToMiValue
RCClass_AddMethodParameter
Instance_IsDynamic
RCClass_AddClassQualifier
RCClass_AddMethodQualifier
RCClass_AddElementQualifierArray
RCClass_AddMethodParameterQualifier
RCClass_AddClassQualifierArray
RCClass_AddMethodQualifierArrayItem
Instance_SetElementArray
RCClass_AddClassQualifierArrayItem
Config_GetRegString
Instance_InitDynamic
PublishDebugMessage
SubscriptionDeliveryOptions_Create
MiErrorCategoryFromWindowsError
RtlDeleteCachedFastLock
RtlQueueAcquireCachedFastLockExclusive
RtlReleaseCachedFastLockExclusive
Instance_New
RtlInitializeCachedFastLock
DestinationOptions_Create
Class_New
RtlInterlockedCompareWait
RtlInterlockedWakeAll
CimErrorFromErrorCode
OperationOptions_Create
DestinationOptions_Duplicate
DestinationOptions_MigrateOptions
OperationOptions_MigrateOptions
SubscriptionDeliveryOptions_MigrateOptions
Options_FindValue
RtlQueueAcquireCachedFastLockShared
Config_GetProtocolHandlerDetails
RtlReleaseCachedFastLockShared
RtlTryAcquireCachedFastLockShared
RCClass_AddMethod
MI_Hash
RCClass_AddElement
RCClass_AddElementArrayItem
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifierArray
XMLDOM_Free

Exports

Exports

MI_Application_InitializeV1
mi_clientFT_V1

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winmde/winmde.dll
.dll regsvr32 windows:10 windows x64 arch:x64

30d9f815f3d0fe0f8f3741c9f2dc893e

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:4b:2a:de:25:d5:55:ad:40:78:2f:bc:c9:58:69:63:5f:98:c0:a8:8f:ba:61:ea:05:d9:8c:b3:ea:28:ed:3b
Signer

Actual PE Digest

15:4b:2a:de:25:d5:55:ad:40:78:2f:bc:c9:58:69:63:5f:98:c0:a8:8f:ba:61:ea:05:d9:8c:b3:ea:28:ed:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

winmde.pdb

Imports

msvcrt

_XcptFilter
_callnewh
rand
towlower
iswxdigit
memmove
_onexit
_ui64tow_s
wcsstr
_i64tow_s
_vsnprintf
_ltoa_s
_i64toa_s
_amsg_exit
realloc
__CxxFrameHandler3
memset
_initterm
_ui64toa_s
_ultoa_s
_wtol
towupper
iswalpha
iswdigit
isalpha
isdigit
_ultow_s
wcschr
_vsnwprintf
bsearch
_errno
_lock
_unlock
memcpy
__C_specific_handler
_wcsicmp
_ltow_s
toupper
islower
_gcvt_s
_wcsnicmp
wcsncmp
__dllonexit
strnlen
memcmp
memchr
strncpy_s
strncmp
qsort
_purecall
memcpy_s
free
malloc
wcsncpy_s
wcscmp

api-ms-win-core-synch-l1-1-0

CreateWaitableTimerExW
ReleaseSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
SetEvent
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
WaitForSingleObject
CreateEventA
OpenEventW
CreateEventExW
OpenSemaphoreW
InitializeSRWLock
CreateSemaphoreExW
ResetEvent
SetWaitableTimer
ReleaseSemaphore
AcquireSRWLockShared
CreateEventW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventEnabled
EventUnregister
EventWriteTransfer

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
SizeofResource
GetProcAddress
GetModuleFileNameW
FreeLibrary
LoadResource
FindResourceExW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegSetValueExW
RegGetValueW
RegDeleteValueW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegCreateKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceExecuteOnce
Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetProcessTimes
TlsGetValue
TlsSetValue
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateThread

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak
OutputDebugStringA

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount
GetTickCount64

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize
WriteFile
GetFileAttributesExW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

ntdll

RtlInitUnicodeString
NtDeviceIoControlFile
NtQuerySystemInformation
NtClose
NtCreateFile

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait

sspicli

QueryContextAttributesW
EncryptMessage

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

d3d11

D3D11CreateDevice

rtworkq

RtwqCancelDeadline
RtwqSetLongRunning
RtwqCreateAsyncResult
RtwqInvokeCallback

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-toolhelp-l1-1-0

Process32FirstW
Process32NextW
CreateToolhelp32Snapshot

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
VirtualQueryEx
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MFCreateNetVRoot
MFCreateWMPMDEOpCenter
MFCreateWinMDEOpCenter

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

Password: 2024

79823c80321949fbbf83a840442912fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

oleaut32

ole32

version

urlmon

winhttp

shlwapi

inetcomm

advapi32

user32

Exports

Exports

Sections

.text Size: 637KB - Virtual size: 636KB

.rdata Size: 285KB - Virtual size: 285KB

.data Size: 35KB - Virtual size: 43KB

.pdata Size: 20KB - Virtual size: 19KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 9KB - Virtual size: 8KB

Password: 2024

da479abc35be8e8d4aa3ee967e3e2b03

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-provider-l1-1-0

oleaut32

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

dmoleaututils

dmcmnutils

dmiso8601utils

policymanager

ntdll

api-ms-win-core-libraryloader-l1-2-0

xmllite

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

dmcfgutils

Exports

Exports

Sections

.text Size: 207KB - Virtual size: 206KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 3KB - Virtual size: 5KB

.text
Size: 637KB - Virtual size: 636KB

.rdata
Size: 285KB - Virtual size: 285KB

.data
Size: 35KB - Virtual size: 43KB

.pdata
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 207KB - Virtual size: 206KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 72B

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 928B

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

d9:44:62:f2:fe:ba:aa:17:d5:10:2d:0f:41:a9:a3:81:85:a5:48:72:54:4a:49:e9:0e:9a:fa:c8:e8:e1:10:36
Signer