lsasrv.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
739f1b506a0525995fa31ff1598ea680_NeikiAnalytics.dll
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
739f1b506a0525995fa31ff1598ea680_NeikiAnalytics.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
739f1b506a0525995fa31ff1598ea680_NeikiAnalytics
-
Size
760KB
-
MD5
739f1b506a0525995fa31ff1598ea680
-
SHA1
131c24f485931874424975448cb783966a87132e
-
SHA256
c5fbbe32f5828a3ee89f93ef534052d18c359f564a15933e365f0e56e42d07b8
-
SHA512
ffff96fc9b9384955fd960107854cbbed0e4935ed19780f4e4c84d0919556461dd149766c1c913ef9ffd51127da8a1f9934f4e5ea300fe968499690ebe00374d
-
SSDEEP
12288:K9IdN99oAm1A54L1NAX/tWfqInLLHXH0C433X5lYUWx6SycQZ:fdNV74pNAXIfqInLLHX23X46SyrZ
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 739f1b506a0525995fa31ff1598ea680_NeikiAnalytics
Files
-
739f1b506a0525995fa31ff1598ea680_NeikiAnalytics.dll windows:5 windows x86 arch:x86
907f1eeae0e9768a9031b83c2f4673de
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
advapi32
GetUserNameA
RegisterTraceGuidsW
TraceEvent
LsaClose
CredFree
CredUnmarshalCredentialW
SystemFunction036
RegQueryValueExA
SystemFunction005
SystemFunction004
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
CryptAcquireContextA
CryptGetProvParam
CryptSetKeyParam
CryptCreateHash
SystemFunction040
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptGetHashParam
CryptGetKeyParam
CryptExportKey
LsaRetrievePrivateData
LsaStorePrivateData
AllocateAndInitializeSid
FreeSid
GetSidIdentifierAuthority
GetSidSubAuthority
LookupAccountNameW
LogonUserW
IsValidSid
A_SHAInit
A_SHAUpdate
A_SHAFinal
ImpersonateSelf
SetThreadToken
OpenSCManagerW
QueryServiceStatus
ChangeServiceConfigW
EnumDependentServicesW
ControlService
StartServiceW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
RegCreateKeyW
LsaSetDomainInformationPolicy
LookupAccountSidW
LsaSetInformationPolicy
AccessCheck
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegLoadKeyW
RegUnLoadKeyW
LsaQueryDomainInformationPolicy
LsaQueryTrustedDomainInfoByName
LsaCreateTrustedDomainEx
LsaOpenTrustedDomain
LsaOpenTrustedDomainByName
LsaDelete
ImpersonateLoggedOnUser
SystemFunction029
SystemFunction007
LsaICLookupSidsWithCreds
LsaICLookupNamesWithCreds
ConvertSidToStringSidW
LsaOpenPolicy
LsaQueryInformationPolicy
EqualSid
LsaICLookupSids
LsaICLookupNames
GetWindowsAccountDomainSid
EqualDomainSid
ConvertStringSidToSidW
DuplicateTokenEx
AllocateLocallyUniqueId
OpenProcessToken
GetTokenInformation
FileEncryptionStatusW
I_ScIsSecurityProcess
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
IsWellKnownSid
MD5Init
MD5Update
MD5Final
CheckTokenMembership
ReportEventA
RegDeleteKeyW
CryptGenKey
SystemFunction035
IsTokenRestricted
RegNotifyChangeKeyValue
RegOpenKeyW
GetSidSubAuthorityCount
CryptGetUserKey
CryptAcquireContextW
AdjustTokenPrivileges
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptDecrypt
CryptImportKey
CryptDestroyKey
RevertToSelf
CryptEncrypt
GetLengthSid
CopySid
CryptGenRandom
LsaFreeMemory
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
CryptSetProvParam
CryptReleaseContext
OpenThreadToken
CredpEncodeCredential
CredpDecodeCredential
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
GetTraceLoggerHandle
kernel32
GetDiskFreeSpaceA
GlobalMemoryStatus
SetComputerNameExW
DebugBreak
OpenFileMappingW
GetModuleFileNameA
GetProfileStringA
CreateFileA
GetVersionExA
GetModuleHandleA
DuplicateHandle
CompareFileTime
lstrcmpW
DeleteCriticalSection
InitializeCriticalSection
FlushViewOfFile
GetSystemDirectoryW
GetDriveTypeW
IsBadWritePtr
FlushFileBuffers
GetLocalTime
MoveFileW
CopyFileW
GetWindowsDirectoryW
VerifyVersionInfoA
GetComputerNameA
ExitThread
GetThreadLocale
SetThreadLocale
LocalReAlloc
MultiByteToWideChar
WideCharToMultiByte
GetDateFormatW
FileTimeToLocalFileTime
GetTimeFormatW
SetWaitableTimer
OpenProcess
CompareStringW
CreateWaitableTimerW
LoadLibraryA
VerifyVersionInfoW
SetProcessShutdownParameters
SetConsoleCtrlHandler
OpenEventW
SetEnvironmentVariableW
GetEnvironmentVariableW
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
CreateMutexW
ReleaseMutex
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
ReleaseSemaphore
SetProcessWorkingSetSize
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
SearchPathW
TlsAlloc
RaiseException
QueueUserWorkItem
CreateTimerQueueTimer
RegisterWaitForSingleObjectEx
DeleteTimerQueueTimer
UnregisterWaitEx
WaitForSingleObjectEx
HeapFree
MapViewOfFileEx
VirtualAllocEx
lstrcmpiW
ExpandEnvironmentStringsW
GetComputerNameExW
FormatMessageW
GetTickCount
GetCurrentProcess
GetCurrentThreadId
SetEvent
GetSystemDefaultLCID
GetLocaleInfoW
FreeLibrary
FindFirstFileW
lstrcpyW
GetModuleFileNameW
GetModuleHandleW
CloseHandle
GetLastError
CreateThread
lstrlenA
LocalFree
InterlockedDecrement
InterlockedIncrement
TlsSetValue
TlsGetValue
LocalAlloc
VirtualFree
VirtualLock
VirtualAlloc
DnsHostnameToComputerNameW
SetFileAttributesW
CreateDirectoryW
lstrlenW
GetCurrentThread
GetProcAddress
LoadLibraryW
CreateFileW
DeleteFileW
GetSystemTimeAsFileTime
WriteFile
GetComputerNameW
ReadFile
GetFileSize
ResetEvent
Sleep
InterlockedExchange
SetLastError
IsBadReadPtr
GetVolumePathNameW
DeviceIoControl
UnmapViewOfFile
MapViewOfFile
GetFileAttributesW
GetVolumeInformationW
WaitForSingleObject
CreateFileMappingW
SetFilePointer
GetSystemInfo
SetFileTime
GetFileTime
GetCurrentProcessId
CreateEventW
GetVersionExW
FindClose
FindNextFileW
mpr
WNetCancelConnection2W
WNetAddConnection2W
msasn1
ASN1DecAlloc
ASN1BERDecObjectIdentifier
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BEREncObjectIdentifier
ASN1BEREncEndOfContents
ASN1_CreateModule
ASN1BEREncOctetString
ASN1BERDecPeekTag
ASN1Free
ASN1objectidentifier_free
ASN1BERDecOctetString
ASN1octetstring_free
ASN1ztcharstring_free
ASN1BEREncU32
ASN1BERDecU32Val
ASN1DecSetError
ASN1BEREncBitString
ASN1BERDecNotEndOfContents
ASN1BEREncCharString
ASN1BERDecZeroCharString
ASN1BEREncRemoveZeroBits
ASN1BERDecBitString
ASN1bitstring_free
ASN1_CreateDecoder
ASN1_CreateEncoder
ASN1_CloseDecoder
ASN1_FreeDecoded
ASN1_Encode
ASN1_FreeEncoded
ASN1_Decode
ASN1_CloseEncoder
ASN1BERDecExplicitTag
msvcrt
_resetstkoflw
_ultoa
wcstol
_vsnprintf
strrchr
_strnicmp
strchr
_strcmpi
_ltow
_except_handler3
wcsncpy
swprintf
wcscmp
wcscat
wcscpy
_wcsicmp
wcschr
wcsrchr
memmove
wcslen
mbstowcs
strncpy
sprintf
_snwprintf
_wcsnicmp
wcsncat
qsort
wcsncmp
wcsstr
free
malloc
netapi32
NetUserGetInfo
DsGetDcNameW
DsEnumerateDomainTrustsW
NetShareGetInfo
DsRoleFreeMemory
Netbios
NetUseDel
DsGetDcNameWithAccountW
NetUseAdd
I_NetNameValidate
NetApiBufferAllocate
NetAlertRaiseEx
I_NetNameCanonicalize
NetUserModalsGet
NetShareDel
NetRemoteTOD
NetApiBufferFree
ntdll
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
NtQuerySystemTime
RtlEqualUnicodeString
RtlInitUnicodeString
RtlUpcaseUnicodeStringToOemString
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
NtClose
NtQueryInformationToken
NtOpenThreadToken
RtlLengthSid
RtlEqualSid
RtlNtStatusToDosError
RtlRegisterWait
RtlDeregisterWait
RtlAcquireResourceShared
RtlReleaseResource
NtSetInformationThread
NtQueryInformationFile
NtFsControlFile
NtCreateFile
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
NtReadFile
NtSetInformationFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtFlushBuffersFile
RtlGetDaclSecurityDescriptor
NtWriteFile
NtQueryVolumeInformationFile
RtlAcquireResourceExclusive
NtQueryObject
RtlCompareMemory
RtlAllocateAndInitializeSid
NtSetEvent
NtOpenEvent
NtCreateEvent
RtlInitializeResource
NtSetSecurityObject
RtlAddAccessAllowedAce
RtlCreateAcl
NtCreatePort
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyPort
NtReplyWaitReceivePort
NtFreeVirtualMemory
NtAllocateVirtualMemory
RtlAnsiStringToUnicodeString
NtRequestWaitReplyPort
RtlCompareUnicodeString
NtDuplicateObject
RtlCreateUnicodeStringFromAsciiz
RtlInitString
RtlGetNtProductType
RtlRunDecodeUnicodeString
NtAllocateLocallyUniqueId
RtlSubAuthorityCountSid
RtlCopySid
RtlTimeFieldsToTime
NtDeviceIoControlFile
RtlCopyUnicodeString
RtlCreateHeap
NtMapViewOfSection
NtUnmapViewOfSection
RtlDestroyHeap
RtlAllocateHeap
DbgBreakPoint
NtOpenProcessToken
NtQuerySystemInformation
NtPrivilegedServiceAuditAlarm
NtPrivilegeCheck
NtOpenProcess
NtOpenThread
NtQueryInformationProcess
NtWriteVirtualMemory
NtReadVirtualMemory
NtImpersonateClientOfPort
RtlImpersonateSelf
NtWaitForSingleObject
NtSetInformationObject
NtSetInformationToken
NtDuplicateToken
RtlCopyLuid
NtQueryValueKey
NtOpenKey
NtOpenFile
RtlQueryInformationAcl
VerSetConditionMask
RtlAdjustPrivilege
NtCreateToken
RtlSetOwnerSecurityDescriptor
RtlIdentifierAuthoritySid
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlCopyString
RtlEqualString
NtListenPort
NtConnectPort
NtRaiseHardError
NtFlushKey
NtSetValueKey
NtImpersonateAnonymousToken
NtAdjustPrivilegesToken
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
NtEnumerateValueKey
NtEnumerateKey
RtlValidSid
RtlPrefixUnicodeString
RtlConvertSharedToExclusive
RtlEqualDomainName
RtlGetAce
RtlLengthSecurityDescriptor
RtlMakeSelfRelativeSD
RtlRandom
NtQueryInformationThread
RtlFreeSid
RtlpNtOpenKey
RtlInitializeRXact
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInsertElementGenericTableAvl
RtlConvertExclusiveToShared
RtlpNtEnumerateSubKey
NtDeleteObjectAuditAlarm
RtlVerifyVersionInfo
LdrLoadDll
RtlpNtQueryValueKey
RtlAreAllAccessesGranted
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarm
RtlMapGenericMask
RtlSetSecurityObject
RtlNewSecurityObject
NtAccessCheckAndAuditAlarm
RtlIntegerToChar
NtPrivilegeObjectAuditAlarm
NtQuerySecurityObject
RtlFreeOemString
RtlUnicodeStringToOemString
RtlOemStringToUnicodeString
RtlImageNtHeader
RtlValidRelativeSecurityDescriptor
RtlStartRXact
RtlAbortRXact
RtlApplyRXact
RtlAddActionToRXact
NtCloseObjectAuditAlarm
RtlUnicodeStringToInteger
RtlTimeToSecondsSince1970
RtlRunEncodeUnicodeString
NtSetSystemTime
NtResetEvent
RtlMoveMemory
DbgPrint
ntdsapi
DsFreeNameResultW
DsCrackNamesW
DsBindW
DsCrackSpn3W
DsUnBindW
rpcrt4
UuidToStringW
RpcServerListen
I_RpcExceptionFilter
RpcBindingVectorFree
RpcEpRegisterW
RpcServerInqBindings
RpcRevertToSelf
RpcImpersonateClient
UuidCreate
I_RpcMapWin32Status
NdrServerCall2
RpcBindingServerFromClient
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcStringFreeW
RpcServerUseProtseqEpW
RpcServerRegisterAuthInfoW
I_RpcBindingInqLocalClientPID
I_RpcBindingIsClientLocal
I_RpcBindingInqTransportType
RpcUserFree
RpcMgmtEnableIdleCleanup
RpcBindingInqAuthClientW
RpcBindingSetAuthInfoW
RpcSsGetContextBinding
NdrClientCall2
RpcBindingFromStringBindingW
RpcBindingFree
RpcStringBindingComposeW
RpcServerInqDefaultPrincNameW
RpcServerRegisterIf
NdrMesTypeDecode2
NdrMesTypeEncode2
NdrMesTypeAlignSize2
MesDecodeIncrementalHandleCreate
MesEncodeIncrementalHandleCreate
RpcRevertToSelfEx
RpcServerUnregisterIf
RpcServerRegisterIfEx
UuidFromStringW
RpcBindingSetAuthInfoExW
RpcEpResolveBinding
RpcNetworkIsProtseqValidW
MesHandleFree
MesIncrementalHandleReset
samlib
SamFreeMemory
samsrv
SamIChangePasswordForeignUser2
SamrOpenUser
SamIFree_SAMPR_ULONG_ARRAY
SamIOpenUserByAlternateId
SamrCloseHandle
SamIFree_SAMPR_GET_GROUPS_BUFFER
SamIFree_SAMPR_USER_INFO_BUFFER
SamrGetGroupsForUser
SamrQueryInformationUser
SamIFreeSidAndAttributesList
SamIGetUserLogonInformation
SampUsingDsData
SamIFreeSidArray
SamIGetResourceGroupMembershipsTransitive
SamIIsSetupInProgress
SamrOpenDomain
SamIConnect
SamIGetAliasMembership
SamISetAuditingInformation
SamIQueryServerRole
SamrEnumerateUsersInDomain
SamIAmIGC
SamIMixedDomain
SamIIsDownlevelDcUpgrade
SamIGetBootKeyInformation
SamIDoFSMORoleChange
SamIIsRebootAfterPromotion
SamIGCLookupNames
SamIFreeVoid
SamrRidToSid
SamIIsExtendedSidMode
SamIFree_SAMPR_RETURNED_USTRING_ARRAY
SamrLookupIdsInDomain
SamIGCLookupSids
SamrSetInformationUser
SamrCreateUser2InDomain
SamrDeleteUser
SamIGetInterdomainTrustAccountPasswordsForUpgrade
SamIEnumerateInterdomainTrustAccountsForUpgrade
SamIMixedDomain2
SamrLookupNamesInDomain
secur32
CredUnmarshalTargetInfo
SecpTranslateNameEx
SecpTranslateName
SecCacheSspiPackages
LsaRegisterPolicyChangeNotification
SecpFreeMemory
user32
GetSystemMetrics
wsprintfW
LoadStringW
GetMessageTime
GetCursorPos
Exports
Exports
DsRolerDcAsDc
DsRolerDcAsReplica
DsRolerDemoteDc
DsRolerGetDcOperationProgress
DsRolerGetDcOperationResults
LsaIAddNameToLogonSession
LsaIAllocateHeap
LsaIAllocateHeapZero
LsaIAuditAccountLogon
LsaIAuditAccountLogonEx
LsaIAuditKdcEvent
LsaIAuditKerberosLogon
LsaIAuditLogonUsingExplicitCreds
LsaIAuditNotifyPackageLoad
LsaIAuditPasswordAccessEvent
LsaIAuditSamEvent
LsaICallPackage
LsaICallPackageEx
LsaICallPackagePassthrough
LsaICancelNotification
LsaIChangeSecretCipherKey
LsaICryptProtectData
LsaICryptUnprotectData
LsaIDsNotifiedObjectChange
LsaIEnumerateSecrets
LsaIEventNotify
LsaIFilterSids
LsaIForestTrustFindMatch
LsaIFreeForestTrustInfo
LsaIFreeHeap
LsaIFreeReturnBuffer
LsaIFree_LSAI_PRIVATE_DATA
LsaIFree_LSAI_SECRET_ENUM_BUFFER
LsaIFree_LSAPR_ACCOUNT_ENUM_BUFFER
LsaIFree_LSAPR_CR_CIPHER_VALUE
LsaIFree_LSAPR_POLICY_DOMAIN_INFORMATION
LsaIFree_LSAPR_POLICY_INFORMATION
LsaIFree_LSAPR_PRIVILEGE_ENUM_BUFFER
LsaIFree_LSAPR_PRIVILEGE_SET
LsaIFree_LSAPR_REFERENCED_DOMAIN_LIST
LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR
LsaIFree_LSAPR_TRANSLATED_NAMES
LsaIFree_LSAPR_TRANSLATED_SIDS
LsaIFree_LSAPR_TRUSTED_DOMAIN_INFO
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER_EX
LsaIFree_LSAPR_TRUST_INFORMATION
LsaIFree_LSAPR_UNICODE_STRING
LsaIFree_LSAPR_UNICODE_STRING_BUFFER
LsaIFree_LSAP_SITENAME_INFO
LsaIFree_LSAP_SITE_INFO
LsaIFree_LSAP_SUBNET_INFO
LsaIFree_LSAP_UPN_SUFFIXES
LsaIFree_LSA_FOREST_TRUST_COLLISION_INFORMATION
LsaIFree_LSA_FOREST_TRUST_INFORMATION
LsaIGetBootOption
LsaIGetCallInfo
LsaIGetForestTrustInformation
LsaIGetLogonGuid
LsaIGetNbAndDnsDomainNames
LsaIGetPrivateData
LsaIGetSerialNumberPolicy
LsaIGetSerialNumberPolicy2
LsaIGetSiteName
LsaIHealthCheck
LsaIImpersonateClient
LsaIInitializeWellKnownSids
LsaIIsChannelBindingEnabled
LsaIIsClassIdLsaClass
LsaIIsDsPaused
LsaIIsSuppressChannelBindingInfo
LsaIKerberosRegisterTrustNotification
LsaILookupWellKnownName
LsaINotifyChangeNotification
LsaINotifyNetlogonParametersChangeW
LsaINotifyPasswordChanged
LsaIOpenPolicyTrusted
LsaIQueryForestTrustInfo
LsaIQueryInformationPolicyTrusted
LsaIQuerySiteInfo
LsaIQuerySubnetInfo
LsaIQueryUpnSuffixes
LsaIRegisterNotification
LsaIRegisterPolicyChangeNotificationCallback
LsaISafeMode
LsaISamIndicatedDsStarted
LsaISetBootOption
LsaISetClientDnsHostName
LsaISetLogonGuidInLogonSession
LsaISetPrivateData
LsaISetSerialNumberPolicy
LsaISetTimesSecret
LsaISetupWasRun
LsaITestCall
LsaIUnregisterAllPolicyChangeNotificationCallback
LsaIUnregisterPolicyChangeNotificationCallback
LsaIUpdateForestTrustInformation
LsaIWriteAuditEvent
LsapAuOpenSam
LsapCheckBootMode
LsapDsDebugInitialize
LsapDsInitializeDsStateInfo
LsapDsInitializePromoteInterface
LsapInitLsa
LsarAddPrivilegesToAccount
LsarClose
LsarCreateAccount
LsarCreateSecret
LsarCreateTrustedDomain
LsarCreateTrustedDomainEx
LsarDelete
LsarEnumerateAccounts
LsarEnumeratePrivileges
LsarEnumeratePrivilegesAccount
LsarEnumerateTrustedDomains
LsarEnumerateTrustedDomainsEx
LsarGetQuotasForAccount
LsarGetSystemAccessAccount
LsarLookupNames
LsarLookupPrivilegeDisplayName
LsarLookupPrivilegeName
LsarLookupPrivilegeValue
LsarLookupSids
LsarLookupSids2
LsarOpenAccount
LsarOpenPolicy
LsarOpenPolicySce
LsarOpenSecret
LsarOpenTrustedDomain
LsarOpenTrustedDomainByName
LsarQueryDomainInformationPolicy
LsarQueryForestTrustInformation
LsarQueryInfoTrustedDomain
LsarQueryInformationPolicy
LsarQuerySecret
LsarQuerySecurityObject
LsarQueryTrustedDomainInfo
LsarQueryTrustedDomainInfoByName
LsarRemovePrivilegesFromAccount
LsarSetDomainInformationPolicy
LsarSetForestTrustInformation
LsarSetInformationPolicy
LsarSetInformationTrustedDomain
LsarSetQuotasForAccount
LsarSetSecret
LsarSetSecurityObject
LsarSetSystemAccessAccount
LsarSetTrustedDomainInfoByName
ServiceInit
Sections
.text Size: 632KB - Virtual size: 631KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 63KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE