zdazd[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

zdazd.zip
Size

6.9MB
MD5

abf0d7fe1bb638ffbf7e4716f003ab30
SHA1

801b4170f335d421bb69f9aa8eae0f33c60c054e
SHA256

25f00d0a3b327a9b5727100d630126aee908a06b2093110ece691caa0e40ccb5
SHA512

d994502f129d5b4df9fe9ad415c561104479eb2aeee9869a6b71d95bc57705a7180726ffd2a43d3a92d86b6f0e097c7b0ad058232486d473192d78a82ce8715c
SSDEEP

196608:R/rt8WIIwHkO5gxGuhhCcIzVE2jKuLxBV8:R/rt8rHfuxBhSyDmjO

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack002/SettingSync/SettingSync.dll
unpack002/SettingSync/prflbmsg.dll
unpack002/fontext/fontext.dll
unpack002/fontext/tquery.dll
unpack002/fphc/MCRecvSrc.dll
unpack002/fphc/fphc.dll
unpack002/winsrv/winsrv.dll

Files

zdazd.zip
.zip

Password: infected
x64__x32___setup.zip
.zip

Password: 2024
SettingSync/SettingSync.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

7b47ecf8ca02907cd93bfb196ed60609

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingSync.pdb

Imports

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
_amsg_exit
_initterm
_XcptFilter
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memset
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
memcmp
??8type_info@@QEBAHAEBV0@@Z
_callnewh
_CxxThrowException
memcpy
_unlock
_lock
wcsncmp
wcsstr
_get_errno
_set_errno
wcschr
__C_specific_handler
sprintf
_vsnprintf
memmove_s
realloc
malloc
free
_purecall
_vsnprintf_s
__CxxFrameHandler3
??0exception@@QEAA@AEBV0@@Z
iswalnum
swscanf_s
wcstok
wcstoul
wcscpy_s
_wcsicmp
swscanf
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
memmove
sqrt

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
InitializeCriticalSection
CreateMutexExW
LeaveCriticalSection
OpenSemaphoreW
InitializeCriticalSectionEx
WaitForSingleObject
OpenEventW
InitializeSRWLock
SetEvent
DeleteCriticalSection
CreateEventExW
ReleaseSemaphore
WaitForSingleObjectEx
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
CreateProcessW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetUserDefaultLocaleName
SetLocaleInfoW
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenCurrentUser

api-ms-win-core-file-l1-1-0

CompareFileTime
GetFileAttributesExW
DeleteFileW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
Sleep

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StopTraceW
StartTraceW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
FindActCtxSectionStringW
QueryActCtxW
DeactivateActCtx
CreateActCtxW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

SHExpandEnvironmentStringsW
PathFileExistsW
PathFindNextComponentW
PathRelativePathToW

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrCmpICW

api-ms-win-shlwapi-winrt-storage-l1-1-1

IUnknown_GetWindow
ord635
ord187

api-ms-win-rtcore-ntuser-window-l1-1-0

FindWindowW
PostMessageW
PeekMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
FindWindowExW
SendNotifyMessageW
GetClassNameW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

coremessaging

CoreUICreate

ntdll

RtlGetSuiteMask
NtQueryInformationToken
NtQueryInformationProcess
RtlGetDeviceFamilyInfoEnum

coreuicomponents

CoreUIFactoryCreate

slc

SLIsWindowsGenuineLocal

wevtapi

EvtOpenChannelConfig
EvtSetChannelConfigProperty
EvtSaveChannelConfig
EvtClose

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-localization-private-l1-1-0

LoadStringByReference

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingSync/prflbmsg.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SettingSync/sfc_os.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

9baa3994eb281cb30c87de1285042424

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:00:37:ab:a3:bc:e1:da:b4:be:b5:80:de:73:32:f9:0d:40:c6:05:18:c8:bb:96:9f:60:c7:92:3f:a6:01:d2
Signer

Actual PE Digest

1e:00:37:ab:a3:bc:e1:da:b4:be:b5:80:de:73:32:f9:0d:40:c6:05:18:c8:bb:96:9f:60:c7:92:3f:a6:01:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sfc_os.pdb

Imports

ntdll

RtlInitUnicodeString
NtReadFile
RtlReAllocateHeap
NtClose
ZwMapViewOfSection
NtQueryInformationFile
RtlCopyMappedMemory
RtlFreeHeap
ZwQueryInformationFile
NtQueryDirectoryFile
ZwClose
NtOpenFile
RtlNotifyFeatureUsage
RtlCreateServiceSid
RtlEqualSid
RtlCreateUnicodeString
RtlDosPathNameToNtPathName_U
RtlCopyUnicodeString
ZwCreateSection
ZwQueryWnfStateData
RtlAllocateHeap
ZwUnmapViewOfSection
__C_specific_handler
RtlVirtualUnwind
memmove
RtlFreeUnicodeString
RtlLookupFunctionEntry
RtlCaptureContext
RtlSetLastWin32Error
RtlNtStatusToDosError
ShipAssertMsgW
RtlQueryFeatureConfiguration
memcpy
memset

api-ms-win-core-libraryloader-l1-1-0

GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetKeySecurity
RegOpenKeyExW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetAce
GetAclInformation
GetSecurityDescriptorDacl

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

Exports

Exports

BeginFileMapEnumeration
CloseFileMapEnumeration
GetNextFileMapContent
SRSetRestorePointA
SRSetRestorePointW
SfcClose
SfcConnectToServer
SfcFileException
SfcGetNextProtectedFile
SfcInitProt
SfcInitiateScan
SfcInstallProtectedFiles
SfcIsFileProtected
SfcIsKeyProtected
SfcTerminateWatcherThread
SfpDeleteCatalog
SfpInstallCatalog
SfpVerifyFile

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fontext/fontext.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

15d10ff5cde51d34d0483b38e6ef093a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fontext.pdb

Imports

msvcrt

_vsnwprintf
__CxxFrameHandler3
memcpy
memcmp
memmove
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
bsearch_s
_wcsnset_s
wcsstr
_wtoi
wcstok_s
_wcsicmp
__C_specific_handler
iswxdigit
wcschr
swprintf_s
memcpy_s
_CxxThrowException
memmove_s
_stricmp
_strcmpi
_vsnprintf
_vsnprintf_s
memset

propsys

VariantCompare
VariantToPropVariant
PropVariantToVariant
PSGetPropertyFromPropertyStorage
PSPropertyBag_ReadType
PSPropertyBag_ReadInt
InitPropVariantFromStringVector
InitPropVariantFromFileTime
PSCreateMemoryPropertyStore
VariantGetStringElem
VariantGetElementCount
PSFormatForDisplay
PSPropertyBag_ReadStr

shell32

ord155
ord19
SHBindToParent
SHGetPathFromIDListW
SHGetKnownFolderPath
SHGetFolderPathW
ord256
ord702
SHCreateShellItemArrayFromIDLists
SHParseDisplayName
ord25
ord701
SHCreateDataObject
ord16
SHGetIconOverlayIndexW
SHCreateDefaultContextMenu
SHGetSpecialFolderLocation
ord680
ord152
AssocCreateForClasses
ord727
ShellExecuteExW
SHChangeNotify
ord763
ord17
ord18
SHBindToObject

shlwapi

PathFindFileNameA
ord204
ord156
ord618
ord24
ord514
PathRemoveExtensionA
ord197
ord12
ord639
ord174
ord215
ord16
StrDupW
StrStrW
PathRenameExtensionW
AssocCreate
ord158
ord538
ord172
ord176
ord256
PathFileExistsW
PathCompactPathExW
StrChrW
PathStripPathW
ord619
ord268
ord199
PathRemoveFileSpecA
StrRetToBufW
PathFindExtensionW
PathRemoveFileSpecW
PathRemoveExtensionW
PathCombineW
PathIsPrefixW
SHCreateStreamOnFileW
ord219
PathAppendW
PathAddBackslashW
PathStripToRootW
PathIsUNCW
SHStrDupW
PathFindFileNameW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadResource
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameA
LoadLibraryExW
FindResourceExW
LockResource
GetModuleHandleW
SizeofResource
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSemaphore
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseMutex
LeaveCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
CreateSemaphoreExW
CreateMutexExW
EnterCriticalSection
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
OpenProcessToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
IsDBCSLeadByte
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileA
GetFileSize
CompareFileTime
GetDiskFreeSpaceExW
SetEndOfFile
CreateFileW
GetDriveTypeW
ReadFile
SetFilePointer
FindNextFileW
DeleteFileW
SetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindClose

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-security-base-l1-1-0

GetFileSecurityW
DuplicateToken
AccessCheck
SetSecurityDescriptorDacl
CreateWellKnownSid
InitializeSecurityDescriptor
MapGenericMask

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar
CompareStringOrdinal
CompareStringEx

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemRealloc
CoGetMalloc
StringFromGUID2
PropVariantClear
CoCreateInstance
CoUninitialize
CoInitializeEx

mpr

WNetGetConnectionW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree
GlobalAlloc

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

oleaut32

VariantClear
SysAllocString
VariantInit

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetEntriesInAclW

gdi32

RemoveFontResourceExW
AddFontResourceW
RemoveFontResourceW
DeleteObject
AddFontResourceExW
EnumFontFamiliesExW
GetFontResourceInfoW
GetDeviceCaps
SetTextColor
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetTextMetricsW
CreateSolidBrush
CreateCompatibleDC
DeleteDC
MoveToEx
LineTo
GetTextExtentPointI
ExtTextOutW
GetTextExtentExPointI
GetTextExtentExPointW
GetGlyphIndicesW
SetBkColor
GetLayout
CreateDIBSection
SetBkMode
SetTextAlign
GetTextCharsetInfo

kernel32

CreateFileMappingA
ReleaseActCtx
_lclose
LZOpenFileW
LZClose
_lopen
LZRead
LZSeek
lstrcmpW
GlobalSize
QueryActCtxW
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx
DeactivateActCtx
GlobalUnlock
GlobalLock
lstrcmpiA
lstrlenW
MulDiv

ntdll

EtwLogTraceEvent
WinSqmAddToStream
EtwEventWriteTransfer

ole32

ReleaseStgMedium
CoGetObject
CreateBindCtx

user32

PeekMessageW
GetSysColorBrush
GetParent
GetDlgItem
CreateDialogParamW
DrawTextW
DefWindowProcW
InvalidateRect
ScrollWindowEx
SetRect
SetScrollInfo
GetClientRect
EndPaint
GetMessageW
BeginPaint
IsDialogMessageW
TranslateMessage
DispatchMessageW
SetWindowTextW
ShowWindow
SendMessageW
SetWindowLongPtrW
GetWindowLongPtrW
LoadImageW
FillRect
CreateWindowExW
RegisterClassW
GetFocus
SetWindowPos
UnregisterClassW
DestroyWindow
DrawIconEx
MessageBoxW
ReleaseDC
GetDC
GetDesktopWindow
PostMessageW
DestroyIcon
DrawTextExW
GetActiveWindow
RegisterClipboardFormatW
GetSystemMetrics
GetWindowRect
InsertMenuItemW
LoadCursorW
SetCursor
SetMenuItemInfoW
GetMenuItemInfoW
MoveWindow
SetPropW
GetPropW
SetTimer
KillTimer
RemovePropW

uxtheme

BufferedPaintInit
EndBufferedPaint
BeginBufferedPaint
BufferedPaintUnInit

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DownloadAndInstallOptionalFontsAsync
InstallFontFile

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fontext/tquery.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

d6529d4862689a5078952162a13ec6b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

tquery.pdb

Imports

msvcrt

memcpy
_errno
??1type_info@@UEAA@XZ
_onexit
log
realloc
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
wcstol
iswalpha
??0exception@@QEAA@AEBQEBD@Z
_wcsicmp
__dllonexit
wcstoul
wcschr
_unlock
_lock
_wcsnicmp
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
_wcsnset
wcsstr
strchr
towupper
?terminate@@YAXXZ
iswspace
wcsspn
__CxxFrameHandler3
_initterm
calloc
swscanf
iswdigit
wcscspn
_ultow
wcsncpy_s
malloc
swprintf
memmove_s
floor
iswxdigit
wcsncmp
swprintf_s
_itow_s
_amsg_exit
__iob_func
_aligned_free
_aligned_malloc
qsort
__uncaught_exception
free
wcscat_s
wcscpy_s
__C_specific_handler
_vsnprintf_s
_XcptFilter
_wcsupr
memmove
??0exception@@QEAA@AEBV0@@Z
memset
??0exception@@QEAA@XZ
localeconv
strcspn
??1exception@@UEAA@XZ
sprintf_s
abort
_wsetlocale
__crtLCMapStringW
memcpy_s
__crtCompareStringW
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
_ismbblead
___mb_cur_max_func
memcmp
___lc_codepage_func
___lc_handle_func
__pctype_func
setlocale
_vsnwprintf
___lc_collate_cp_func
toupper
_wtol
bsearch
wcsrchr
strncmp
fprintf
_vsnprintf
_ultow_s
strerror
wcscmp

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
FreeLibrary
GetModuleFileNameA
LockResource
GetModuleFileNameW
SizeofResource
GetModuleHandleW
LoadStringW
GetModuleHandleExW
LoadLibraryExW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-1-0

SetWaitableTimerEx
CreateSemaphoreExW
EnterCriticalSection
SetEvent
OpenEventW
CreateEventW
ReleaseSemaphore
InitializeCriticalSection
DeleteCriticalSection
CreateMutexExW
TryAcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex
CreateWaitableTimerExW
ReleaseSRWLockExclusive
LeaveCriticalSection
ResetEvent
AcquireSRWLockExclusive
AcquireSRWLockShared
SleepEx
WaitForMultipleObjectsEx
InitializeSRWLock
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapSetInformation
HeapDestroy
HeapSize
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetErrorMode
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsGetValue
QueueUserAPC
GetPriorityClass
GetProcessId
TerminateProcess
OpenProcessToken
GetCurrentProcessId
TlsSetValue
GetCurrentThreadId
CreateThread
GetCurrentThread
OpenThreadToken
ResumeThread

api-ms-win-core-localization-l1-2-0

LCMapStringEx
ResolveLocaleName
IsValidLocaleName
GetSystemDefaultLCID
GetCalendarInfoW
LocaleNameToLCID
GetLocaleInfoW
GetUserDefaultLangID
GetSystemDefaultLangID
GetLocaleInfoEx
GetNLSVersion
GetUserDefaultLCID
LCMapStringW
IsDBCSLeadByteEx
GetCPInfo
GetSystemPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SafeArrayDestroyDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCreate
SysFreeString
SafeArrayPutElement
SafeArrayDestroy
VariantInit
SysAllocStringLen
LoadTypeLi
SafeArrayAllocData
SafeArrayCopy
SysStringLen
VarR8FromCy
VariantChangeTypeEx
VariantTimeToSystemTime
VarR8FromDec
SysAllocString
VarDecFromR8
VariantCopy
SystemTimeToVariantTime
VariantClear
SysStringByteLen
LoadRegTypeLi
SafeArrayCreateVector
GetErrorInfo
VariantChangeType
SysAllocStringByteLen
SetErrorInfo
VarUI4FromStr

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
SleepConditionVariableSRW
Sleep
InitOnceComplete
WakeAllConditionVariable

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
StringFromGUID2
CoCreateFreeThreadedMarshaler
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemRealloc
CLSIDFromProgID
PropVariantClear
PropVariantCopy
CLSIDFromString
CoTaskMemFree
CoGetMalloc
CoCreateGuid
CreateStreamOnHGlobal
CoGetClassObject

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteKeyExW
RegOpenKeyExW
RegGetValueW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SubmitThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperW

api-ms-win-core-string-l1-1-0

GetStringTypeExW
WideCharToMultiByte
CompareStringW
GetStringTypeW
CompareStringOrdinal
CompareStringEx
MultiByteToWideChar
FoldStringW

ntdll

NtQuerySecurityAttributesToken
RtlFreeHeap
RtlAllocateHeap
RtlCompareUnicodeString
NtClose
EtwEventEnabled
RtlCompareMemory
RtlGetPersistedStateLocation
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlNtStatusToDosError
RtlInitUnicodeString
VerSetConditionMask
RtlIsStateSeparationEnabled
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
EtwEventSetInformation
RtlUpcaseUnicodeChar

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW
lstrlenA

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
FlushViewOfFile
MapViewOfFile
VirtualAlloc
CreateFileMappingW
UnmapViewOfFile
VirtualFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CompareStringA

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetLogicalProcessorInformationEx
GetSystemInfo
GetTickCount
GetVersionExW
GetSystemDirectoryW
GetLocalTime
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
FileTimeToLocalFileTime
GetFileInformationByHandle
GetLogicalDrives
ReadFile
GetFileTime
CreateFileA
DeleteFileW
GetFileAttributesW
DeleteFileA
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
CompareFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
CreateFileW
GetDiskFreeSpaceW
SetEndOfFile
GetFileSize
FlushFileBuffers
WriteFileEx
GetVolumePathNameW
ReadFileEx
GetFileSizeEx
WriteFile

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventWriteTransfer
EventEnabled
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
RevertToSelf
GetAclInformation
SetSecurityDescriptorOwner
GetAce
GetSidSubAuthority
GetSidLengthRequired
CopySid
InitializeSid
ImpersonateLoggedOnUser
IsValidSid
AddAce
GetLengthSid
AddAccessAllowedAce
AccessCheck
SetSecurityDescriptorGroup
EqualSid
GetSecurityDescriptorLength
InitializeAcl
SetFileSecurityW
InitializeSecurityDescriptor
FreeSid
GetTokenInformation

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree
GlobalAlloc

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIW
QISearch
StrStrW
StrStrIW
StrChrW
StrCmpIW

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName
GetSystemDefaultLocaleName

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-namedpipe-l1-1-0

SetNamedPipeHandleState
ImpersonateNamedPipeClient
PeekNamedPipe
TransactNamedPipe
DisconnectNamedPipe
ConnectNamedPipe
GetNamedPipeClientComputerNameW
WaitNamedPipeW
CreateNamedPipeW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
GetSystemPowerStatus
CopyFileA

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-path-l1-1-0

PathCchFindExtension

api-ms-win-core-shlwapi-legacy-l1-1-0

PathStripPathW
PathFileExistsW
PathFindExtensionW
PathIsRootW
PathIsSameRootW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

cryptdll

MD5Init
MD5Final
MD5Update

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-processthreads-l1-1-1

GetThreadTimes

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-job-l2-1-0

CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
SetInformationJobObject

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-shell-namespace-l1-1-0

SHCreateItemFromParsingName

Exports

Exports

??0CDriveInfo@@QEAA@PEBGK@Z
??0CFullPath@@QEAA@PEBG@Z
??0CFullPropSpec@@QEAA@AEBV0@@Z
??0CMemSerStream@@QEAA@PEAEK@Z
??0CPidLookupTable@@QEAA@XZ
??0CUnNormalizer@@QEAA@XZ
??0CiStorage@@QEAA@PEBGKPEAUICiCAdviseStatus@@KH@Z
??0XAct@@QEAA@XZ
??1CAllocStorageVariant@@IEAA@XZ
??1CMemSerStream@@UEAA@XZ
??1CPhysStorage@@UEAA@XZ
??1CPidLookupTable@@QEAA@XZ
??1CiStorage@@UEAA@XZ
?CoTaskAllocator@@3VCCoTaskAllocator@@A
?ContainsDrive@CDriveInfo@@SAHPEBG@Z
?GetBlob@CMemDeSerStream@@UEAAXPEAEK@Z
?GetByte@CMemDeSerStream@@UEAAEXZ
?GetChar@CMemDeSerStream@@UEAAXPEADK@Z
?GetDiskSpace@CDriveInfo@@QEAAXAEA_J0@Z
?GetDouble@CMemDeSerStream@@UEAANXZ
?GetDrive@CDriveInfo@@SAXPEBGPEAG@Z
?GetFloat@CMemDeSerStream@@UEAAMXZ
?GetGUID@CMemDeSerStream@@UEAAXAEAU_GUID@@@Z
?GetLong@CMemDeSerStream@@UEAAJXZ
?GetSectorSize@CDriveInfo@@QEAAKXZ
?GetString@CMemDeSerStream@@UEAAPEADXZ
?GetULong@CMemDeSerStream@@UEAAKXZ
?GetUShort@CMemDeSerStream@@UEAAGXZ
?GetWChar@CMemDeSerStream@@UEAAXPEAGK@Z
?GetWString@CMemDeSerStream@@UEAAPEAGXZ
?Init@CPidLookupTable@@QEAAHPEAVPRcovStorageObj@@@Z
?IsSameDrive@CDriveInfo@@QEAAHPEBG@Z
?IsWriteProtected@CDriveInfo@@QEAAHXZ
?MakePath@CFullPath@@QEAAXPEBG@Z
?PeekULong@CMemDeSerStream@@UEAAKXZ
?PutBlob@CMemSerStream@@UEAAXPEBEK@Z
?PutByte@CMemSerStream@@UEAAXE@Z
?PutChar@CMemSerStream@@UEAAXPEBDK@Z
?PutDouble@CMemSerStream@@UEAAXN@Z
?PutFloat@CMemSerStream@@UEAAXM@Z
?PutGUID@CMemSerStream@@UEAAXAEBU_GUID@@@Z
?PutLong@CMemSerStream@@UEAAXJ@Z
?PutString@CMemSerStream@@UEAAXPEBD@Z
?PutULong@CMemSerStream@@UEAAXK@Z
?PutUShort@CMemSerStream@@UEAAXG@Z
?PutWChar@CMemSerStream@@UEAAXPEBGK@Z
?PutWString@CMemSerStream@@UEAAXPEBG@Z
?QueryPidLookupTable@CiStorage@@QEAAPEAVPRcovStorageObj@@K@Z
?Read@CCiFile@@QEAAXXZ
?ResetType@CAllocStorageVariant@@IEAAXAEAVPMemoryAllocator@@@Z
?SetProperty@CFullPropSpec@@QEAAHPEBG@Z
?SetProperty@CFullPropSpec@@QEAAXK@Z
?SkipBlob@CMemDeSerStream@@UEAAXK@Z
?SkipByte@CMemDeSerStream@@UEAAXXZ
?SkipChar@CMemDeSerStream@@UEAAXK@Z
?SkipDouble@CMemDeSerStream@@UEAAXXZ
?SkipFloat@CMemDeSerStream@@UEAAXXZ
?SkipGUID@CMemDeSerStream@@UEAAXXZ
?SkipLong@CMemDeSerStream@@UEAAXXZ
?SkipULong@CMemDeSerStream@@UEAAXXZ
?SkipUShort@CMemDeSerStream@@UEAAXXZ
?SkipWChar@CMemDeSerStream@@UEAAXK@Z
?UnNormalizeKey@CUnNormalizer@@QEAAXAEBVCKeyBuf@@AEAUtagPROPVARIANT@@PEAGK@Z
AccessDebugTracer
AccessRetailTracer
CIState
CreatePropMapperStorage
CreatePropMapperStorage2
CreateSecurityStoreStorage
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ExceptInitialize
ExternPropagateEventToOpenQueries
ForceMasterMerge
PerfmonClose
PerfmonCollect
PerfmonIDXClose
PerfmonIDXCollect
PerfmonIDXOpen
PerfmonOpen
RetailTracerDisable
RetailTracerEnable
RetailTracerReleaseAll
UseLowFragmentationHeap
ciDelete
ciNew
ciNewNoThrow

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 715KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fphc/MCRecvSrc.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

c68229fa7cee41e4e3a038d1091a0717

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MCRecvSrc.pdb

Imports

msvcrt

_strnicmp
isdigit
isalpha
toupper
iswdigit
iswalpha
??1type_info@@UEAA@XZ
memmove
memcpy
_CxxThrowException
_vsnwprintf
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
strncmp
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
towupper
realloc
_ltoa_s
_onexit
_ultow_s
__dllonexit
_unlock
_lock
strchr
wcschr
memcpy_s
_wcsnicmp
__CxxFrameHandler3
wcsncmp
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
iswxdigit
rand
_wcsicmp
_ltow_s
_ui64tow_s
wcsstr
towlower
_ultoa_s
_vsnprintf_s
_i64tow_s
qsort
wcsrchr
strncpy_s
strnlen
?terminate@@YAXXZ
_initterm
malloc
free
_amsg_exit
_XcptFilter
_purecall
_callnewh
??3@YAXPEAX@Z
memchr
memcmp
memset
wcscmp

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
ReleaseSemaphore
SetEvent
CreateSemaphoreExW
WaitForSingleObject
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitializeSRWLock
ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
CreateMutexExW
ReleaseMutex

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
TlsGetValue
TlsSetValue

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount
GetTickCount64
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
GetFeatureEnabledState

api-ms-win-core-file-l1-1-0

SetFilePointer
ReadFile
CreateFileW

dxgi

CreateDXGIFactory2

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

crypt32

CryptStringToBinaryW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 901KB - Virtual size: 901KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fphc/fphc.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

abf25aa0ca18c07bc5fd4b445bb18091

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fphc.pdb

Imports

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
memmove_s
wcsncmp
_purecall
vswprintf_s
_vsnwprintf
wcscat_s
wcscpy_s
_vscwprintf
wcsnlen
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_XcptFilter
_amsg_exit
free
_initterm
malloc
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
realloc
_lock
_unlock
wcsncpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__dllonexit
__CxxFrameHandler3
_onexit
memset
??3@YAXPEAX@Z
wcsstr
toupper
wcscmp

oleaut32

VarUI4FromStr
SysStringLen
RegisterTypeLi
SysFreeString
SysAllocStringLen
UnRegisterTypeLi
LoadTypeLi
SysAllocString

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleHandleW
LockResource
LoadStringW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
FreeLibrary

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSection

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

SetThreadLocale
FormatMessageW
GetThreadLocale

ntdll

RtlNtStatusToDosError
EtwEventWriteTransfer
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlIntegerToUnicodeString
RtlTimeToTimeFields
RtlApplicationVerifierStop
EtwTraceMessage
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA

user32

UnregisterClassA

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
HeapAlloc

ws2_32

ntohl
ntohs

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
EventProviderEnabled

fwpuclnt

IkeextSaEnum2
FwpmEngineOpen0
FwpmFilterDestroyEnumHandle0
FwpmFreeMemory0
FwpmFilterCreateEnumHandle0
FwpmEngineClose0
FwpmGetAppIdFromFileName0
FwpmNetEventCreateEnumHandle0
FwpmFilterEnum0
FwpmNetEventEnum5
FwpmNetEventDestroyEnumHandle0
IPsecSaContextCreateEnumHandle0
IPsecSaContextEnum1
IPsecSaContextDestroyEnumHandle0
IkeextSaDestroyEnumHandle0
FwpmFilterGetById0
FwpmProviderGetByKey0
IkeextSaCreateEnumHandle0
FwpmProviderContextGetByKey3

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi
winsrv/winhttp.dll
.dll windows:10 windows x64 arch:x64

900f8c09b2cb3c88bf2a6a5fddf2ab39

Code Sign

33:00:00:03:8c:38:5d:5c:2e:74:83:cc:fb:00:00:00:00:03:8c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:81:9b:a7:ab:51:64:90:84:9f:d7:4d:24:82:bc:cf:8c:5f:d2:62:ac:83:b3:4b:bd:98:df:2c:34:2f:ab:b6
Signer

Actual PE Digest

13:81:9b:a7:ab:51:64:90:84:9f:d7:4d:24:82:bc:cf:8c:5f:d2:62:ac:83:b3:4b:bd:98:df:2c:34:2f:ab:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

winhttp.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsnlen
wcscmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__strtoui64
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
memmove
_o__wtoi
_o_iscntrl
_o_isdigit
_o_isspace
_o_iswdigit
_o_iswspace
_o_qsort
_o_rand
_o_tolower
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok
_o_wcstok_s
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
wcschr
wcsstr
wcsrchr
memcmp
memcpy

ntdll

RtlInitUnicodeString
RtlSubscribeWnfStateChangeNotification
RtlGetDeviceFamilyInfoEnum
NtQueryLicenseValue
RtlGetVersion
RtlIpv4AddressToStringExW
RtlPublishWnfStateData
RtlGUIDFromString
NtOpenFile
RtlDllShutdownInProgress
NtSetInformationObject
RtlVirtualUnwind
RtlIpv6AddressToStringExW
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlCaptureContext
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlConvertSidToUnicodeString
RtlMoveMemory
EtwTraceMessageVa
EtwUnregisterTraceGuids
RtlValidSid
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlLengthSid
RtlAllocateHeap
RtlIpv4AddressToStringW
RtlFreeUnicodeString
RtlFreeHeap
NtCreateFile
RtlCanonicalizeDomainName
RtlLookupFunctionEntry

api-ms-win-core-synch-l1-1-0

CreateMutexExW
CreateSemaphoreExW
OpenSemaphoreW
CreateEventA
TryAcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseMutex
CreateEventExA
ReleaseSemaphore
ReleaseSRWLockShared
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ResetEvent
WaitForMultipleObjectsEx
WaitForSingleObjectEx
SetEvent
InitializeSRWLock
CreateEventW

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalAlloc
LocalFree
GlobalFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapSize
HeapFree

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegSetValueExW
RegDeleteKeyExW
RegDeleteValueW
RegQueryInfoKeyA
RegGetValueW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegGetValueA

api-ms-win-security-credentials-l1-1-0

CredReadDomainCredentialsW
CredEnumerateW
CredWriteW
CredDeleteW
CredReadW
CredFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

CreateFileW
FindClose
WriteFile
GetFileSizeEx
ReadFile
LocalFileTimeToFileTime
DeleteFileW
SetFilePointer
RemoveDirectoryW
SetFileAttributesW
SetEndOfFile
FindNextFileW
FindFirstFileW
CompareFileTime
CreateDirectoryW
GetFileAttributesW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceInitialize
Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

FormatMessageW
IdnToAscii

api-ms-win-core-processthreads-l1-1-0

DeleteProcThreadAttributeList
CreateProcessAsUserW
InitializeProcThreadAttributeList
SetThreadToken
GetCurrentThreadId
CreateThread
GetCurrentProcess
OpenProcessToken
GetCurrentThread
OpenThreadToken
UpdateProcThreadAttribute
TerminateProcess
GetCurrentProcessId
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
ResumeThread

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetModuleHandleExA
FreeLibrary
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CallbackMayRunLong
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
WaitForThreadpoolWaitCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolCleanupGroup
CreateThreadpoolWork

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWrite
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-wow64-l1-1-1

Wow64SetThreadDefaultGuestMachine

api-ms-win-security-base-l1-1-0

CheckTokenMembership
EqualSid
ImpersonateLoggedOnUser
GetSidSubAuthorityCount
GetTokenInformation
GetSidSubAuthority
IsValidSid
RevertToSelf
AddAccessAllowedAce
GetAce
SetTokenInformation
CreateRestrictedToken
DuplicateTokenEx
AccessCheck
InitializeAcl
AddMandatoryAce
CopySid
GetLengthSid

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetProcessMitigationPolicy

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW
StrStrA
StrCmpNICA
StrCmpNCA
StrStrIA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcmpiW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalReAlloc

api-ms-win-core-url-l1-1-0

UrlCanonicalizeW
UrlUnescapeA
UrlCombineW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualAlloc
UnmapViewOfFile
VirtualFree
OpenFileMappingW
CreateFileMappingW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

kernelbase

AppContainerUnregisterSid
SubscribeWdagEnabledStateChange
GetIsWdagEnabled
AppContainerRegisterSid
UnsubscribeEdpEnabledStateChange
SubscribeEdpEnabledStateChange
UnsubscribeWdagEnabledStateChange
GetIsEdpEnabled

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Private1
SvchostPushServiceGlobals
WinHttpAddRequestHeaders
WinHttpAddRequestHeadersEx
WinHttpAutoProxySvcMain
WinHttpCheckPlatform
WinHttpCloseHandle
WinHttpConnect
WinHttpConnectionDeletePolicyEntries
WinHttpConnectionDeleteProxyInfo
WinHttpConnectionFreeNameList
WinHttpConnectionFreeProxyInfo
WinHttpConnectionFreeProxyList
WinHttpConnectionGetNameList
WinHttpConnectionGetProxyInfo
WinHttpConnectionGetProxyList
WinHttpConnectionSetPolicyEntries
WinHttpConnectionSetProxyInfo
WinHttpConnectionUpdateIfIndexTable
WinHttpCrackUrl
WinHttpCreateProxyResolver
WinHttpCreateUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpFreeProxyResult
WinHttpFreeProxyResultEx
WinHttpFreeProxySettings
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetProxyForUrlEx
WinHttpGetProxyForUrlEx2
WinHttpGetProxyForUrlHvsi
WinHttpGetProxyResult
WinHttpGetProxyResultEx
WinHttpGetProxySettingsVersion
WinHttpGetTunnelSocket
WinHttpOpen
WinHttpOpenRequest
WinHttpPacJsWorkerMain
WinHttpProbeConnectivity
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpReadData
WinHttpReadProxySettings
WinHttpReadProxySettingsHvsi
WinHttpReceiveResponse
WinHttpResetAutoProxy
WinHttpSaveProxyCredentials
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetDefaultProxyConfiguration
WinHttpSetOption
WinHttpSetProxySettingsPerUser
WinHttpSetSecureLegacyServersAppCompat
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
WinHttpWebSocketClose
WinHttpWebSocketCompleteUpgrade
WinHttpWebSocketQueryCloseStatus
WinHttpWebSocketReceive
WinHttpWebSocketSend
WinHttpWebSocketShutdown
WinHttpWriteData
WinHttpWriteProxySettings

Sections

.text
Size: 788KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winsrv/winsrv.dll
.dll windows:10 windows x64 arch:x64

0d19b1428d247b1ecfbcab1de7b681ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

winsrv.pdb

Imports

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
NtOpenProcessToken
RtlCreateSecurityDescriptor
RtlCreateTagHeap
RtlFreeHeap
RtlCreateUserThread
NtClose
NtReadVirtualMemory
NtQueryInformationToken
NtSetInformationThread
NtOpenProcess
NtQueryInformationProcess
RtlSetDaclSecurityDescriptor
DbgPrintEx
RtlAllocateHeap

csrsrv

CsrDereferenceProcess
CsrLockedReferenceProcess
CsrLockProcessByClientId
CsrUnlockProcess

basesrv

BaseGetProcessCrtlRoutine

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

SrvEndTask
UserCreateCallbackThread
UserHardError
UserServerDllInitialization

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: 2024

Password: 2024

7b47ecf8ca02907cd93bfb196ed60609

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shlwapi-winrt-storage-l1-1-1

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-rtcore-ntuser-synch-l1-1-0

coremessaging

ntdll

coreuicomponents

slc

wevtapi

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-localization-private-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

Exports

Exports

Sections

.text Size: 461KB - Virtual size: 461KB

.rdata Size: 183KB - Virtual size: 183KB

.data Size: 6KB - Virtual size: 29KB

.pdata Size: 29KB - Virtual size: 29KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 5KB - Virtual size: 4KB

Password: 2024

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 12KB - Virtual size: 12KB

Password: 2024

9baa3994eb281cb30c87de1285042424

Code Sign

.text
Size: 461KB - Virtual size: 461KB

.rdata
Size: 183KB - Virtual size: 183KB

.data
Size: 6KB - Virtual size: 29KB

.pdata
Size: 29KB - Virtual size: 29KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 12KB - Virtual size: 12KB

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

1e:00:37:ab:a3:bc:e1:da:b4:be:b5:80:de:73:32:f9:0d:40:c6:05:18:c8:bb:96:9f:60:c7:92:3f:a6:01:d2
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 512B - Virtual size: 144B