x64__x32__installer[.]zip

Resubmissions

16/05/2024, 01:03

240516-bejj7adb4v 8

16/05/2024, 01:00

240516-bcp9ysdb84 8

Sharing

Copy URL

Twitter E-mail

General

Target

x64__x32__installer.zip
Size

36.3MB
MD5

c6889a6c481216295eece89a11f80bc9
SHA1

265df72757b5101bcc39ec93ac4e743c06957948
SHA256

021a74eff95fd3fa721b8523db57c46068e7bcb300a5a4a2ca427b487a003688
SHA512

dacbe4f69867cc7894c11edf748d8ea92d78a4568c03f9e7707c5f81272af7ed156f0d4606885cf006807ef3694fab62977108f0fbff32f59675d4a7e7258c9d
SSDEEP

786432:Xu7DbLheixqCLoL8ZX06zPxsXNBL9dibHZyHsZiOqKN5Dtmr:X89Dq4oS/PiNBLMyHsA4NNtmr

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack002/SettingSync/SettingSync.dll
unpack002/SettingSync/prflbmsg.dll
unpack002/fontext/fontext.dll
unpack002/fontext/tquery.dll
unpack002/samsrv/psisdecd.dll
unpack002/samsrv/samsrv.dll
unpack002/winsrv/winsrv.dll

Files

x64__x32__installer.zip
.zip

Password: 2024
password.jpg
x64__x32___setup.zip
.zip

Password: 2024
SettingSync/SettingSync.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

7b47ecf8ca02907cd93bfb196ed60609

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingSync.pdb

Imports

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
_amsg_exit
_initterm
_XcptFilter
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memset
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
memcmp
??8type_info@@QEBAHAEBV0@@Z
_callnewh
_CxxThrowException
memcpy
_unlock
_lock
wcsncmp
wcsstr
_get_errno
_set_errno
wcschr
__C_specific_handler
sprintf
_vsnprintf
memmove_s
realloc
malloc
free
_purecall
_vsnprintf_s
__CxxFrameHandler3
??0exception@@QEAA@AEBV0@@Z
iswalnum
swscanf_s
wcstok
wcstoul
wcscpy_s
_wcsicmp
swscanf
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
memmove
sqrt

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
InitializeCriticalSection
CreateMutexExW
LeaveCriticalSection
OpenSemaphoreW
InitializeCriticalSectionEx
WaitForSingleObject
OpenEventW
InitializeSRWLock
SetEvent
DeleteCriticalSection
CreateEventExW
ReleaseSemaphore
WaitForSingleObjectEx
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
CreateProcessW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetUserDefaultLocaleName
SetLocaleInfoW
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenCurrentUser

api-ms-win-core-file-l1-1-0

CompareFileTime
GetFileAttributesExW
DeleteFileW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
Sleep

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StopTraceW
StartTraceW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
FindActCtxSectionStringW
QueryActCtxW
DeactivateActCtx
CreateActCtxW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

SHExpandEnvironmentStringsW
PathFileExistsW
PathFindNextComponentW
PathRelativePathToW

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrCmpICW

api-ms-win-shlwapi-winrt-storage-l1-1-1

IUnknown_GetWindow
ord635
ord187

api-ms-win-rtcore-ntuser-window-l1-1-0

FindWindowW
PostMessageW
PeekMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
FindWindowExW
SendNotifyMessageW
GetClassNameW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

coremessaging

CoreUICreate

ntdll

RtlGetSuiteMask
NtQueryInformationToken
NtQueryInformationProcess
RtlGetDeviceFamilyInfoEnum

coreuicomponents

CoreUIFactoryCreate

slc

SLIsWindowsGenuineLocal

wevtapi

EvtOpenChannelConfig
EvtSetChannelConfigProperty
EvtSaveChannelConfig
EvtClose

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-localization-private-l1-1-0

LoadStringByReference

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingSync/prflbmsg.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SettingSync/sfc_os.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

9baa3994eb281cb30c87de1285042424

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:00:37:ab:a3:bc:e1:da:b4:be:b5:80:de:73:32:f9:0d:40:c6:05:18:c8:bb:96:9f:60:c7:92:3f:a6:01:d2
Signer

Actual PE Digest

1e:00:37:ab:a3:bc:e1:da:b4:be:b5:80:de:73:32:f9:0d:40:c6:05:18:c8:bb:96:9f:60:c7:92:3f:a6:01:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sfc_os.pdb

Imports

ntdll

RtlInitUnicodeString
NtReadFile
RtlReAllocateHeap
NtClose
ZwMapViewOfSection
NtQueryInformationFile
RtlCopyMappedMemory
RtlFreeHeap
ZwQueryInformationFile
NtQueryDirectoryFile
ZwClose
NtOpenFile
RtlNotifyFeatureUsage
RtlCreateServiceSid
RtlEqualSid
RtlCreateUnicodeString
RtlDosPathNameToNtPathName_U
RtlCopyUnicodeString
ZwCreateSection
ZwQueryWnfStateData
RtlAllocateHeap
ZwUnmapViewOfSection
__C_specific_handler
RtlVirtualUnwind
memmove
RtlFreeUnicodeString
RtlLookupFunctionEntry
RtlCaptureContext
RtlSetLastWin32Error
RtlNtStatusToDosError
ShipAssertMsgW
RtlQueryFeatureConfiguration
memcpy
memset

api-ms-win-core-libraryloader-l1-1-0

GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetKeySecurity
RegOpenKeyExW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetAce
GetAclInformation
GetSecurityDescriptorDacl

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

Exports

Exports

BeginFileMapEnumeration
CloseFileMapEnumeration
GetNextFileMapContent
SRSetRestorePointA
SRSetRestorePointW
SfcClose
SfcConnectToServer
SfcFileException
SfcGetNextProtectedFile
SfcInitProt
SfcInitiateScan
SfcInstallProtectedFiles
SfcIsFileProtected
SfcIsKeyProtected
SfcTerminateWatcherThread
SfpDeleteCatalog
SfpInstallCatalog
SfpVerifyFile

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fontext/fontext.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

15d10ff5cde51d34d0483b38e6ef093a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fontext.pdb

Imports

msvcrt

_vsnwprintf
__CxxFrameHandler3
memcpy
memcmp
memmove
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
bsearch_s
_wcsnset_s
wcsstr
_wtoi
wcstok_s
_wcsicmp
__C_specific_handler
iswxdigit
wcschr
swprintf_s
memcpy_s
_CxxThrowException
memmove_s
_stricmp
_strcmpi
_vsnprintf
_vsnprintf_s
memset

propsys

VariantCompare
VariantToPropVariant
PropVariantToVariant
PSGetPropertyFromPropertyStorage
PSPropertyBag_ReadType
PSPropertyBag_ReadInt
InitPropVariantFromStringVector
InitPropVariantFromFileTime
PSCreateMemoryPropertyStore
VariantGetStringElem
VariantGetElementCount
PSFormatForDisplay
PSPropertyBag_ReadStr

shell32

ord155
ord19
SHBindToParent
SHGetPathFromIDListW
SHGetKnownFolderPath
SHGetFolderPathW
ord256
ord702
SHCreateShellItemArrayFromIDLists
SHParseDisplayName
ord25
ord701
SHCreateDataObject
ord16
SHGetIconOverlayIndexW
SHCreateDefaultContextMenu
SHGetSpecialFolderLocation
ord680
ord152
AssocCreateForClasses
ord727
ShellExecuteExW
SHChangeNotify
ord763
ord17
ord18
SHBindToObject

shlwapi

PathFindFileNameA
ord204
ord156
ord618
ord24
ord514
PathRemoveExtensionA
ord197
ord12
ord639
ord174
ord215
ord16
StrDupW
StrStrW
PathRenameExtensionW
AssocCreate
ord158
ord538
ord172
ord176
ord256
PathFileExistsW
PathCompactPathExW
StrChrW
PathStripPathW
ord619
ord268
ord199
PathRemoveFileSpecA
StrRetToBufW
PathFindExtensionW
PathRemoveFileSpecW
PathRemoveExtensionW
PathCombineW
PathIsPrefixW
SHCreateStreamOnFileW
ord219
PathAppendW
PathAddBackslashW
PathStripToRootW
PathIsUNCW
SHStrDupW
PathFindFileNameW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadResource
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameA
LoadLibraryExW
FindResourceExW
LockResource
GetModuleHandleW
SizeofResource
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSemaphore
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseMutex
LeaveCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
CreateSemaphoreExW
CreateMutexExW
EnterCriticalSection
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
OpenProcessToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
IsDBCSLeadByte
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileA
GetFileSize
CompareFileTime
GetDiskFreeSpaceExW
SetEndOfFile
CreateFileW
GetDriveTypeW
ReadFile
SetFilePointer
FindNextFileW
DeleteFileW
SetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindClose

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-security-base-l1-1-0

GetFileSecurityW
DuplicateToken
AccessCheck
SetSecurityDescriptorDacl
CreateWellKnownSid
InitializeSecurityDescriptor
MapGenericMask

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar
CompareStringOrdinal
CompareStringEx

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemRealloc
CoGetMalloc
StringFromGUID2
PropVariantClear
CoCreateInstance
CoUninitialize
CoInitializeEx

mpr

WNetGetConnectionW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree
GlobalAlloc

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

oleaut32

VariantClear
SysAllocString
VariantInit

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetEntriesInAclW

gdi32

RemoveFontResourceExW
AddFontResourceW
RemoveFontResourceW
DeleteObject
AddFontResourceExW
EnumFontFamiliesExW
GetFontResourceInfoW
GetDeviceCaps
SetTextColor
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetTextMetricsW
CreateSolidBrush
CreateCompatibleDC
DeleteDC
MoveToEx
LineTo
GetTextExtentPointI
ExtTextOutW
GetTextExtentExPointI
GetTextExtentExPointW
GetGlyphIndicesW
SetBkColor
GetLayout
CreateDIBSection
SetBkMode
SetTextAlign
GetTextCharsetInfo

kernel32

CreateFileMappingA
ReleaseActCtx
_lclose
LZOpenFileW
LZClose
_lopen
LZRead
LZSeek
lstrcmpW
GlobalSize
QueryActCtxW
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx
DeactivateActCtx
GlobalUnlock
GlobalLock
lstrcmpiA
lstrlenW
MulDiv

ntdll

EtwLogTraceEvent
WinSqmAddToStream
EtwEventWriteTransfer

ole32

ReleaseStgMedium
CoGetObject
CreateBindCtx

user32

PeekMessageW
GetSysColorBrush
GetParent
GetDlgItem
CreateDialogParamW
DrawTextW
DefWindowProcW
InvalidateRect
ScrollWindowEx
SetRect
SetScrollInfo
GetClientRect
EndPaint
GetMessageW
BeginPaint
IsDialogMessageW
TranslateMessage
DispatchMessageW
SetWindowTextW
ShowWindow
SendMessageW
SetWindowLongPtrW
GetWindowLongPtrW
LoadImageW
FillRect
CreateWindowExW
RegisterClassW
GetFocus
SetWindowPos
UnregisterClassW
DestroyWindow
DrawIconEx
MessageBoxW
ReleaseDC
GetDC
GetDesktopWindow
PostMessageW
DestroyIcon
DrawTextExW
GetActiveWindow
RegisterClipboardFormatW
GetSystemMetrics
GetWindowRect
InsertMenuItemW
LoadCursorW
SetCursor
SetMenuItemInfoW
GetMenuItemInfoW
MoveWindow
SetPropW
GetPropW
SetTimer
KillTimer
RemovePropW

uxtheme

BufferedPaintInit
EndBufferedPaint
BeginBufferedPaint
BufferedPaintUnInit

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DownloadAndInstallOptionalFontsAsync
InstallFontFile

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fontext/tquery.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

d6529d4862689a5078952162a13ec6b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

tquery.pdb

Imports

msvcrt

memcpy
_errno
??1type_info@@UEAA@XZ
_onexit
log
realloc
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
wcstol
iswalpha
??0exception@@QEAA@AEBQEBD@Z
_wcsicmp
__dllonexit
wcstoul
wcschr
_unlock
_lock
_wcsnicmp
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
_wcsnset
wcsstr
strchr
towupper
?terminate@@YAXXZ
iswspace
wcsspn
__CxxFrameHandler3
_initterm
calloc
swscanf
iswdigit
wcscspn
_ultow
wcsncpy_s
malloc
swprintf
memmove_s
floor
iswxdigit
wcsncmp
swprintf_s
_itow_s
_amsg_exit
__iob_func
_aligned_free
_aligned_malloc
qsort
__uncaught_exception
free
wcscat_s
wcscpy_s
__C_specific_handler
_vsnprintf_s
_XcptFilter
_wcsupr
memmove
??0exception@@QEAA@AEBV0@@Z
memset
??0exception@@QEAA@XZ
localeconv
strcspn
??1exception@@UEAA@XZ
sprintf_s
abort
_wsetlocale
__crtLCMapStringW
memcpy_s
__crtCompareStringW
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
_ismbblead
___mb_cur_max_func
memcmp
___lc_codepage_func
___lc_handle_func
__pctype_func
setlocale
_vsnwprintf
___lc_collate_cp_func
toupper
_wtol
bsearch
wcsrchr
strncmp
fprintf
_vsnprintf
_ultow_s
strerror
wcscmp

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
FreeLibrary
GetModuleFileNameA
LockResource
GetModuleFileNameW
SizeofResource
GetModuleHandleW
LoadStringW
GetModuleHandleExW
LoadLibraryExW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-1-0

SetWaitableTimerEx
CreateSemaphoreExW
EnterCriticalSection
SetEvent
OpenEventW
CreateEventW
ReleaseSemaphore
InitializeCriticalSection
DeleteCriticalSection
CreateMutexExW
TryAcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex
CreateWaitableTimerExW
ReleaseSRWLockExclusive
LeaveCriticalSection
ResetEvent
AcquireSRWLockExclusive
AcquireSRWLockShared
SleepEx
WaitForMultipleObjectsEx
InitializeSRWLock
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapSetInformation
HeapDestroy
HeapSize
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetErrorMode
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsGetValue
QueueUserAPC
GetPriorityClass
GetProcessId
TerminateProcess
OpenProcessToken
GetCurrentProcessId
TlsSetValue
GetCurrentThreadId
CreateThread
GetCurrentThread
OpenThreadToken
ResumeThread

api-ms-win-core-localization-l1-2-0

LCMapStringEx
ResolveLocaleName
IsValidLocaleName
GetSystemDefaultLCID
GetCalendarInfoW
LocaleNameToLCID
GetLocaleInfoW
GetUserDefaultLangID
GetSystemDefaultLangID
GetLocaleInfoEx
GetNLSVersion
GetUserDefaultLCID
LCMapStringW
IsDBCSLeadByteEx
GetCPInfo
GetSystemPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SafeArrayDestroyDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCreate
SysFreeString
SafeArrayPutElement
SafeArrayDestroy
VariantInit
SysAllocStringLen
LoadTypeLi
SafeArrayAllocData
SafeArrayCopy
SysStringLen
VarR8FromCy
VariantChangeTypeEx
VariantTimeToSystemTime
VarR8FromDec
SysAllocString
VarDecFromR8
VariantCopy
SystemTimeToVariantTime
VariantClear
SysStringByteLen
LoadRegTypeLi
SafeArrayCreateVector
GetErrorInfo
VariantChangeType
SysAllocStringByteLen
SetErrorInfo
VarUI4FromStr

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
SleepConditionVariableSRW
Sleep
InitOnceComplete
WakeAllConditionVariable

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
StringFromGUID2
CoCreateFreeThreadedMarshaler
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemRealloc
CLSIDFromProgID
PropVariantClear
PropVariantCopy
CLSIDFromString
CoTaskMemFree
CoGetMalloc
CoCreateGuid
CreateStreamOnHGlobal
CoGetClassObject

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteKeyExW
RegOpenKeyExW
RegGetValueW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SubmitThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperW

api-ms-win-core-string-l1-1-0

GetStringTypeExW
WideCharToMultiByte
CompareStringW
GetStringTypeW
CompareStringOrdinal
CompareStringEx
MultiByteToWideChar
FoldStringW

ntdll

NtQuerySecurityAttributesToken
RtlFreeHeap
RtlAllocateHeap
RtlCompareUnicodeString
NtClose
EtwEventEnabled
RtlCompareMemory
RtlGetPersistedStateLocation
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlNtStatusToDosError
RtlInitUnicodeString
VerSetConditionMask
RtlIsStateSeparationEnabled
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
EtwEventSetInformation
RtlUpcaseUnicodeChar

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW
lstrlenA

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
FlushViewOfFile
MapViewOfFile
VirtualAlloc
CreateFileMappingW
UnmapViewOfFile
VirtualFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CompareStringA

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetLogicalProcessorInformationEx
GetSystemInfo
GetTickCount
GetVersionExW
GetSystemDirectoryW
GetLocalTime
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
FileTimeToLocalFileTime
GetFileInformationByHandle
GetLogicalDrives
ReadFile
GetFileTime
CreateFileA
DeleteFileW
GetFileAttributesW
DeleteFileA
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
CompareFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
CreateFileW
GetDiskFreeSpaceW
SetEndOfFile
GetFileSize
FlushFileBuffers
WriteFileEx
GetVolumePathNameW
ReadFileEx
GetFileSizeEx
WriteFile

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventWriteTransfer
EventEnabled
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
RevertToSelf
GetAclInformation
SetSecurityDescriptorOwner
GetAce
GetSidSubAuthority
GetSidLengthRequired
CopySid
InitializeSid
ImpersonateLoggedOnUser
IsValidSid
AddAce
GetLengthSid
AddAccessAllowedAce
AccessCheck
SetSecurityDescriptorGroup
EqualSid
GetSecurityDescriptorLength
InitializeAcl
SetFileSecurityW
InitializeSecurityDescriptor
FreeSid
GetTokenInformation

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree
GlobalAlloc

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIW
QISearch
StrStrW
StrStrIW
StrChrW
StrCmpIW

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName
GetSystemDefaultLocaleName

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-namedpipe-l1-1-0

SetNamedPipeHandleState
ImpersonateNamedPipeClient
PeekNamedPipe
TransactNamedPipe
DisconnectNamedPipe
ConnectNamedPipe
GetNamedPipeClientComputerNameW
WaitNamedPipeW
CreateNamedPipeW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
GetSystemPowerStatus
CopyFileA

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-path-l1-1-0

PathCchFindExtension

api-ms-win-core-shlwapi-legacy-l1-1-0

PathStripPathW
PathFileExistsW
PathFindExtensionW
PathIsRootW
PathIsSameRootW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

cryptdll

MD5Init
MD5Final
MD5Update

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-processthreads-l1-1-1

GetThreadTimes

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-job-l2-1-0

CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
SetInformationJobObject

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-shell-namespace-l1-1-0

SHCreateItemFromParsingName

Exports

Exports

??0CDriveInfo@@QEAA@PEBGK@Z
??0CFullPath@@QEAA@PEBG@Z
??0CFullPropSpec@@QEAA@AEBV0@@Z
??0CMemSerStream@@QEAA@PEAEK@Z
??0CPidLookupTable@@QEAA@XZ
??0CUnNormalizer@@QEAA@XZ
??0CiStorage@@QEAA@PEBGKPEAUICiCAdviseStatus@@KH@Z
??0XAct@@QEAA@XZ
??1CAllocStorageVariant@@IEAA@XZ
??1CMemSerStream@@UEAA@XZ
??1CPhysStorage@@UEAA@XZ
??1CPidLookupTable@@QEAA@XZ
??1CiStorage@@UEAA@XZ
?CoTaskAllocator@@3VCCoTaskAllocator@@A
?ContainsDrive@CDriveInfo@@SAHPEBG@Z
?GetBlob@CMemDeSerStream@@UEAAXPEAEK@Z
?GetByte@CMemDeSerStream@@UEAAEXZ
?GetChar@CMemDeSerStream@@UEAAXPEADK@Z
?GetDiskSpace@CDriveInfo@@QEAAXAEA_J0@Z
?GetDouble@CMemDeSerStream@@UEAANXZ
?GetDrive@CDriveInfo@@SAXPEBGPEAG@Z
?GetFloat@CMemDeSerStream@@UEAAMXZ
?GetGUID@CMemDeSerStream@@UEAAXAEAU_GUID@@@Z
?GetLong@CMemDeSerStream@@UEAAJXZ
?GetSectorSize@CDriveInfo@@QEAAKXZ
?GetString@CMemDeSerStream@@UEAAPEADXZ
?GetULong@CMemDeSerStream@@UEAAKXZ
?GetUShort@CMemDeSerStream@@UEAAGXZ
?GetWChar@CMemDeSerStream@@UEAAXPEAGK@Z
?GetWString@CMemDeSerStream@@UEAAPEAGXZ
?Init@CPidLookupTable@@QEAAHPEAVPRcovStorageObj@@@Z
?IsSameDrive@CDriveInfo@@QEAAHPEBG@Z
?IsWriteProtected@CDriveInfo@@QEAAHXZ
?MakePath@CFullPath@@QEAAXPEBG@Z
?PeekULong@CMemDeSerStream@@UEAAKXZ
?PutBlob@CMemSerStream@@UEAAXPEBEK@Z
?PutByte@CMemSerStream@@UEAAXE@Z
?PutChar@CMemSerStream@@UEAAXPEBDK@Z
?PutDouble@CMemSerStream@@UEAAXN@Z
?PutFloat@CMemSerStream@@UEAAXM@Z
?PutGUID@CMemSerStream@@UEAAXAEBU_GUID@@@Z
?PutLong@CMemSerStream@@UEAAXJ@Z
?PutString@CMemSerStream@@UEAAXPEBD@Z
?PutULong@CMemSerStream@@UEAAXK@Z
?PutUShort@CMemSerStream@@UEAAXG@Z
?PutWChar@CMemSerStream@@UEAAXPEBGK@Z
?PutWString@CMemSerStream@@UEAAXPEBG@Z
?QueryPidLookupTable@CiStorage@@QEAAPEAVPRcovStorageObj@@K@Z
?Read@CCiFile@@QEAAXXZ
?ResetType@CAllocStorageVariant@@IEAAXAEAVPMemoryAllocator@@@Z
?SetProperty@CFullPropSpec@@QEAAHPEBG@Z
?SetProperty@CFullPropSpec@@QEAAXK@Z
?SkipBlob@CMemDeSerStream@@UEAAXK@Z
?SkipByte@CMemDeSerStream@@UEAAXXZ
?SkipChar@CMemDeSerStream@@UEAAXK@Z
?SkipDouble@CMemDeSerStream@@UEAAXXZ
?SkipFloat@CMemDeSerStream@@UEAAXXZ
?SkipGUID@CMemDeSerStream@@UEAAXXZ
?SkipLong@CMemDeSerStream@@UEAAXXZ
?SkipULong@CMemDeSerStream@@UEAAXXZ
?SkipUShort@CMemDeSerStream@@UEAAXXZ
?SkipWChar@CMemDeSerStream@@UEAAXK@Z
?UnNormalizeKey@CUnNormalizer@@QEAAXAEBVCKeyBuf@@AEAUtagPROPVARIANT@@PEAGK@Z
AccessDebugTracer
AccessRetailTracer
CIState
CreatePropMapperStorage
CreatePropMapperStorage2
CreateSecurityStoreStorage
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ExceptInitialize
ExternPropagateEventToOpenQueries
ForceMasterMerge
PerfmonClose
PerfmonCollect
PerfmonIDXClose
PerfmonIDXCollect
PerfmonIDXOpen
PerfmonOpen
RetailTracerDisable
RetailTracerEnable
RetailTracerReleaseAll
UseLowFragmentationHeap
ciDelete
ciNew
ciNewNoThrow

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 715KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samsrv/ploptin.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

a15d25238a38fb7a58961094780b417f

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:e2:70:57:74:4b:37:57:87:7b:6a:a2:dc:f6:bd:7a:8a:82:23:37:94:40:f8:6d:f9:19:05:98:e5:81:42:80
Signer

Actual PE Digest

a3:e2:70:57:74:4b:37:57:87:7b:6a:a2:dc:f6:bd:7a:8a:82:23:37:94:40:f8:6d:f9:19:05:98:e5:81:42:80

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ploptin.pdb

Imports

msvcrt

_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1type_info@@UEAA@XZ
??1exception@@UEAA@XZ
memcpy
__CxxFrameHandler3
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
__dllonexit
free
bsearch
_wcsicmp
_purecall
_onexit
memset

ntdll

RtlCaptureContext
RtlUniform
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
LockResource
LoadResource
FindResourceExW
SizeofResource

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
HSTRING_UserUnmarshal64
HSTRING_UserFree64
WindowsDeleteString
HSTRING_UserSize64
HSTRING_UserFree
WindowsDuplicateString
HSTRING_UserSize
HSTRING_UserMarshal64
HSTRING_UserUnmarshal
HSTRING_UserMarshal
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockShared

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegDeleteKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

rpcrt4

NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrStubForwardingFunction
NdrStubCall3
CStdStubBuffer_Invoke
NdrDllCanUnloadNow
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
CStdStubBuffer_DebugServerRelease
NdrOleFree
NdrOleAllocate
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_IsIIDSupported

api-ms-win-core-com-midlproxystub-l1-1-0

CStdStubBuffer2_QueryInterface
CStdStubBuffer2_Connect
NdrProxyForwardingFunction3
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
CStdStubBuffer2_Disconnect
CStdStubBuffer2_CountRefs

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DeleteApplicationEligibilityForPrelaunch
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
IsApplicationEligibleForPrelaunch
IsApplicationOptedOutOfPrelaunch
RecordApplicationEligibilityForPrelaunch

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samsrv/psisdecd.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

b044249165197572d7896d48a9ea9a8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

psisdecd.pdb

Imports

msvcrt

??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
memcpy
memcmp
_vsnwprintf
_vsnprintf
ldiv
swprintf_s
wcscpy_s
wcscat_s
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
memset
wcsstr
wcschr
_stricmp
gmtime
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
tolower
isupper
mktime
memcpy_s
wcstol
malloc
free
_purecall
realloc
__C_specific_handler
memmove_s
__CxxFrameHandler3
wcscmp

winmm

timeGetTime

kernel32

GetSystemTime
HeapFree
HeapAlloc
GetProcessHeap
WriteFile
GetTempPathW
CreateFileW
GetLocalTime
ExpandEnvironmentStringsW
LoadLibraryW
MoveFileExW
GetLocaleInfoEx
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
VirtualProtect
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
InitializeCriticalSection
GetTickCount64
GetSystemInfo
DeleteCriticalSection
VirtualQuery
CreateMutexW
WaitForSingleObject
LocalAlloc
ReleaseMutex
GetLastError
LockResource
CloseHandle
LoadResource
FindResourceW
LocalFree
SystemTimeToFileTime
GetModuleHandleW
GetTickCount
WaitForMultipleObjects
CreateEventW
SetEvent
CreateThread
ResetEvent
SizeofResource
lstrcpynW
GetModuleFileNameW
MultiByteToWideChar
DisableThreadLibraryCalls
FindResourceExW
HeapDestroy
GetProcAddress
FreeLibrary
lstrcpyW
lstrcmpiW
LoadLibraryExW
lstrlenA
WideCharToMultiByte

advapi32

RegQueryValueExW
RegCloseKey
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW

user32

PostThreadMessageW
RegisterWindowMessageW
CharNextW
CharPrevW
PeekMessageW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc

oleaut32

SysAllocStringLen
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringLen
VariantChangeType
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantClear
SysFreeString
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samsrv/samsrv.dll
.dll windows:10 windows x64 arch:x64

bea2ebb04593433925dd72776b14627f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

samsrv.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcscspn
memset
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ultow
_o__wcsicmp
_o__wcsnicmp
_o__wcsupr
memmove
_o__wtoi
_o_bsearch_s
_o_free
_o_malloc
_o_qsort_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok
_o_wcstoul
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_CxxThrowException
__CxxFrameHandler3
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
__C_specific_handler
memcmp
memcpy

ntdll

RtlFreeSid
NtRaiseHardError
RtlGetProductInfo
EtwGetTraceEnableFlags
RtlAllocateAndInitializeSid
EtwGetTraceLoggerHandle
NtAllocateLocallyUniqueId
NtOpenProcessToken
NtImpersonateAnonymousToken
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
NtAdjustPrivilegesToken
RtlNtStatusToDosErrorNoTeb
NtDeleteObjectAuditAlarm
NtSetValueKey
RtlAddAccessDeniedAce
RtlInitUnicodeStringEx
RtlAdjustPrivilege
RtlAddAce
NtDeleteValueKey
NtOpenKey
NtEnumerateKey
NtDeleteKey
NtQueryKey
EtwLogTraceEvent
RtlValidAcl
RtlLengthSecurityDescriptor
RtlMakeSelfRelativeSD
EtwUnregisterTraceGuids
RtlValidRelativeSecurityDescriptor
RtlCopySecurityDescriptor
wcsncmp
RtlImageNtHeader
RtlGetSaclSecurityDescriptor
RtlQueryInformationAcl
RtlGetOwnerSecurityDescriptor
NtRestoreKey
NtSetInformationThread
RtlCheckTokenMembershipEx
RtlIsMultiSessionSku
NtAccessCheck
RtlCreateAndSetSD
RtlSetSecurityObject
RtlCreateUnicodeStringFromAsciiz
RtlValidateUnicodeString
NtSetEvent
RtlCheckTokenCapability
RtlCompareString
RtlAcquireResourceExclusive
RtlInitializeResource
NtDuplicateObject
RtlReleaseResource
RtlAcquireResourceShared
RtlDeleteResource
NtOpenProcess
LdrUnloadDll
LdrGetProcedureAddress
RtlQueryRegistryValuesEx
RtlNtStatusToDosError
RtlInitializeCriticalSection
RtlGetGroupSecurityDescriptor
RtlIdentifierAuthoritySid
NtQueryInformationToken
RtlCreateUnicodeString
RtlDuplicateUnicodeString
NtCreateToken
RtlEqualDomainName
RtlCompareUnicodeStrings
RtlpNtEnumerateSubKey
RtlUnicodeStringToInteger
RtlInitString
RtlCompareUnicodeString
RtlEqualUnicodeString
RtlAreAllAccessesGranted
RtlInitializeBitMap
NtCloseObjectAuditAlarm
RtlDecompressBufferEx
RtlIntegerToUnicodeString
RtlDnsHostNameToComputerName
RtlGetCompressionWorkSpaceSize
RtlGetDaclSecurityDescriptor
RtlApplyRXactNoFlush
DbgPrint
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlCreateAcl
RtlGetSuiteMask
RtlAddAuditAccessAce
RtlStartRXact
RtlFreeAnsiString
NtOpenThreadToken
RtlAnsiStringToUnicodeString
RtlFindMessage
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlSubAuthorityCountSid
RtlTimeToTimeFields
RtlEqualComputerName
RtlUnicodeStringToAnsiString
RtlUpcaseUnicodeStringToOemString
RtlOemStringToUnicodeString
NtFlushKey
RtlGetNtProductType
RtlFreeUnicodeString
RtlGetAce
RtlConvertSidToUnicodeString
RtlpNtSetValueKey
RtlSetDaclSecurityDescriptor
RtlAppendUnicodeToString
RtlSubAuthoritySid
RtlMapGenericMask
RtlpNtCreateKey
RtlAppendUnicodeStringToString
RtlInitializeSid
RtlSetOwnerSecurityDescriptor
RtlInitializeRXact
RtlSetSaclSecurityDescriptor
RtlClearAllBits
NtQueryValueKey
RtlAddAttributeActionToRXact
RtlSetBits
RtlFreeHeap
RtlAllocateHeap
NtOpenThread
RtlSetAllBits
NtQuerySystemTime
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlLengthRequiredSid
RtlCopyUnicodeString
RtlInitializeCriticalSectionAndSpinCount
RtlEqualSid
RtlCopySid
RtlpNtQueryValueKey
NtClose
RtlLengthSid
RtlpNtOpenKey
NtAccessCheckAndAuditAlarm
RtlAddActionToRXact
NtPrivilegedServiceAuditAlarm
RtlInitUnicodeString
EtwTraceMessage
RtlVerifyVersionInfo
NtDelayExecution
RtlAbortRXact
RtlValidSid
RtlUnicodeToOemN
EtwEventRegister
EtwEventWrite
RtlStringFromGUID
EtwEventUnregister
NtCreateEvent
RtlDeleteSecurityObject
NtPrivilegeCheck
NtQueryObject
RtlxUnicodeStringToOemSize

api-ms-win-security-base-l1-1-0

CheckTokenMembership
GetSecurityDescriptorLength
IsValidSid
GetLengthSid
ImpersonateLoggedOnUser
EqualSid
RevertToSelf
GetSecurityDescriptorDacl

api-ms-win-core-registry-l1-1-0

RegUnLoadKeyW
RegDeleteKeyExA
RegCreateKeyExA
RegLoadKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegSetValueExA
RegNotifyChangeKeyValue
RegEnumValueW
RegCloseKey
RegQueryValueExA
RegGetValueW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
ReleaseMutex
InitializeCriticalSectionEx
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenSemaphoreW
LeaveCriticalSection
CreateEventW
EnterCriticalSection
InitializeSRWLock
SleepEx

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetWindowsDirectoryW
GetComputerNameExW
GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW
GetLocalTime
GetVersionExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringEx
GetStringTypeW

api-ms-win-security-lsalookup-l1-1-1

EnumerateIdentityProviders
ReleaseIdentityProviderEnumContext
GetIdentityProviderInfoByGUID
GetIdentityProviderInfoByName

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
MoveFileW

api-ms-win-core-processthreads-l1-1-0

SetProcessShutdownParameters
CreateThread
SetThreadStackGuarantee
GetCurrentProcessId
TlsFree
TerminateProcess
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetCurrentProcess
TlsSetValue

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-file-l1-1-0

DeleteFileW
FlushFileBuffers
GetFileSize
SetFileInformationByHandle
CreateFileW
SetFilePointer
FindFirstFileExW
WriteFile
FindClose
CompareFileTime
CreateDirectoryW
FindFirstFileW
FindNextFileW
RemoveDirectoryW

api-ms-win-core-handle-l1-1-0

CloseHandle

bcrypt

BCryptEncrypt
BCryptDestroyKey
BCryptGetProperty
BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptDeriveKeyPBKDF2
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptSetProperty
BCryptCreateHash
BCryptGenerateSymmetricKey
BCryptGenRandom

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetTimeZoneInformation

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags

lsasrv

LsarSetInformationPolicy
LsaIRegisterNotification
LsaIAuditSamEvent
LsaIFree_LSAPR_POLICY_INFORMATION
LsarQueryInformationPolicy
LsarClose
LsaIOpenPolicyTrusted
LsaINoConnectedUserPolicy
LsaINotifyChangeNotification
LsaIQueryInformationPolicyTrusted
LsaISamIndicatedDsStarted
LsarQueryDomainInformationPolicy
LsaIHealthCheck
LsaIChangeSecretCipherKey
LsaISetNewSyskey
LsaIAuditNotifyPackageLoad
LsaIRetrieveCurrentUserSid
LsaIAdtAuditingEnabledByCategory
LsaIRegisterPolicyChangeNotificationCallback
LsaILookupWellKnownName
LsaISafeMode

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
VirtualProtect

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW
StartTraceW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

crypt32

CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CryptDecodeObjectEx
CryptBinaryToStringW
CertDuplicateCertificateContext
CertFreeCertificateContext
CertFindExtension

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

Exports

Exports

RtlDeleteElementGenericTable2
RtlInitializeGenericTable2
RtlInsertElementGenericTable2
RtlLookupElementGenericTable2
SAM_MIDL_user_allocate
SAM_MIDL_user_free
SamDsExtAlloc
SamDsExtFree
SamIAccountRestrictions
SamIAddDSNameToAlias
SamIChangePasswordForeignUser
SamIClaimIsValid
SamIConnect
SamIConvertSecurityAttributesToClaimsBlob
SamICopyCurrentDomainAccountSettings
SamICreateKrbTgt
SamIDecodeClaimsBlob
SamIDecodeClaimsBlobIntoClaimsSet
SamIDecodeClaimsBlobToAuthz
SamIDemote
SamIDemoteUndo
SamIDoFSMORoleChange
SamIFreeAuthzSecurityAttributesInfo
SamIFreeClaimsBlob
SamIFreeDecodedClaimsSet
SamIFreeLookupNamesInfo
SamIFreeLookupSidsInfo
SamIFreeOidList
SamIFreeRealmList
SamIFreeSecurityAttributesInfo
SamIFreeSidAndAttributesList
SamIFreeSidArray
SamIFreeVoid
SamIFree_SAMPR_DISPLAY_INFO_BUFFER
SamIFree_SAMPR_DOMAIN_INFO_BUFFER
SamIFree_SAMPR_ENUMERATION_BUFFER
SamIFree_SAMPR_GET_GROUPS_BUFFER
SamIFree_SAMPR_RETURNED_USTRING_ARRAY
SamIFree_SAMPR_ULONG_ARRAY
SamIFree_SAMPR_USER_INFO_BUFFER
SamIFree_UserInternal6Information
SamIGetAliasMembership
SamIGetConfigurationOidList
SamIGetDefaultAdministratorName
SamIGetResourceGroupMembershipsTransitive
SamIGetResourceGroupMembershipsTransitive2
SamIGetUserLogonInformation
SamIGetUserLogonInformation2
SamIGetUserLogonInformation3
SamIGetUserLogonInformationEx
SamIHandleObjectUpdate
SamIImpersonateNullSession
SamIInitialize
SamIIsDownlevelDcUpgrade
SamIIsExtendedSidMode
SamIIsRebootAfterPromotion
SamIIsSetupInProgress
SamILoadDownlevelDatabase
SamILookupNamesBySid
SamILookupNamesInDomain
SamILookupSidsByName
SamILoopbackConnect
SamIMixedDomain
SamIMixedDomain2
SamINT4UpgradeInProgress
SamINetLogonPing
SamINotifyRoleChange
SamIOpenUserByAlternateId
SamIPromote
SamIPromoteUndo
SamIPurgeSecrets
SamIQueryAccountSecretsCachability
SamIQueryCapabilities
SamIQueryRealmList
SamIQueryServerRole
SamIQueryServerRole2
SamIRandomizeStoredPassword
SamIRandomizeStoredPasswordWithoutExpirationCheck
SamIRemoveDSNameFromAlias
SamIReplaceDownlevelDatabase
SamIReplicateAccountData
SamIResetBadPwdCountOnPdc
SamIRetrieveMultiplePrimaryCredentials
SamIRetrieveNGCKeyCredential
SamIRetrievePrimaryCredentials
SamIRevertNullSession
SamIScorePassword
SamISetAuditingInformation
SamISetMachinePassword
SamISetPasswordForeignUser2
SamISetPasswordForeignUser3
SamISetPasswordInfoOnDc
SamIStorePrimaryCredentials
SamITransformClaims
SamIUPNFromUserHandle
SamIUnLoadDownlevelDatabase
SamIUninitialize
SamIUpdateLogonStatistics
SamIValidateAccountName
SamIValidateNewAccountName
SampAccountControlToFlags
SampAcquireReadLock
SampAcquireSamLockExclusive
SampAcquireWriteLock
SampAddAccountToGroupMembers
SampAddAccountsAndApplyMemberships
SampAddDeltaTime
SampAddNonLocalDomainRelativeMemberships
SampAddSameDomainMemberToGlobalOrUniversalGroup
SampAddUserToGroup
SampAlInvalidateAliasInformation
SampAllocateNextCurrentRidFromIndex
SampApplyDomainUpdatesForAllDomains
SampAssignPrimaryGroup
SampAuditAccountEnableDisableChange
SampAuditAccountNameChange
SampAuditAnyEvent
SampAuditGroupTypeChange
SampAuditSidHistory
SampBuildDsNameFromSid
SampBuildSamProtection
SampCalculateLmAndNtOwfPasswords
SampChangeAliasAccountName
SampChangeGroupAccountName
SampChangeUserAccountName
SampCheckForAccountLockout
SampCheckGroupTypeBits
SampCheckSidType
SampCommitBufferedWrites
SampCompareDisplayStrings
SampComputePasswordExpired
SampConnect
SampConvertUiListToApiList
SampCopyUserSupplementalCredentialsForDCPromo
SampCreateAccountContext2
SampCreateAliasInDomain
SampCreateContextEx
SampCreateDefaultUPN
SampCreateFullSid
SampCreateGroupInDomain
SampCreateUserInDomain
SampCurrentThreadOwnsLock
SampDeReferenceContext
SampDecrementActiveThreads
SampDecryptCredentialData
SampDeleteContext
SampDeleteDsDirsToDeleteKey
SampDeleteKeyForPostBootPromote
SampDeltaChangeNotify
SampDsChangePasswordUser
SampDsConvertReadAttrBlock
SampDsGetPrimaryDomainStart
SampDsInitializeSingleDomain
SampDsIsRunning
SampDsMakeAttrBlock
SampDsSetBuiltinDomainPolicy
SampDsSetDomainPolicy
SampDsSetPasswordUser
SampDsUpdateContextAttributes
SampDuplicateGroupInfo
SampDuplicateMachineInfo
SampDuplicateOemGroupInfo
SampDuplicateOemUserInfo
SampDuplicateUnicodeString
SampDuplicateUserInfo
SampEncryptCredentialData
SampExamineSid
SampExtendDefinedDomains
SampFlagsToAccountControl
SampFlagsToAccountControlEx
SampFreeGroupInfo
SampFreeMachineInfo
SampFreeOemGroupInfo
SampFreeOemUserInfo
SampFreeUnicodeString
SampFreeUserInfo
SampGenerateRandomPassword
SampGetAccessAttribute
SampGetAccountDomainInfo
SampGetBehaviorVersion
SampGetCurrentOwnerAndPrimaryGroup
SampGetDisableOutboundRSO
SampGetDisableRSOOnPDCForward
SampGetDisableResetBadPwdCountForward
SampGetDisableSingleObjectRepl
SampGetDnsDomainNameFromIndex
SampGetDomainContextFromIndex
SampGetDomainObjectFromAccountContext
SampGetDomainObjectFromIndex
SampGetDomainServerRoleFromIndex
SampGetDomainSidFromAccountContext
SampGetDomainSidFromIndex
SampGetDomainSidListForSam
SampGetDomainUpgradeTasks
SampGetDownLevelDomainControllersPresent
SampGetExtendedAttribute
SampGetExternalNameFromIndex
SampGetFixedAttributes
SampGetHasNeverTime
SampGetIgnoreGCFailures
SampGetLogLevel
SampGetNT4UpgradeInProgress
SampGetNewAccountSecurityNt4
SampGetNextUnmodifiedRidFromIndex
SampGetNoGcLogonEnforceKerberosIpCheck
SampGetNoGcLogonEnforceNTLMCheck
SampGetObjectSD
SampGetObjectTypeNameFromIndex
SampGetPasswordMustChangeWithUF_UAC
SampGetReverseMembershipTransitive
SampGetSamSubsystemName
SampGetSerialNumberDomain2
SampGetServerObjectName
SampGetSidArrayAttribute
SampGetSidAttribute
SampGetSuccessAccountAuditingEnabled
SampGetUlongArrayAttribute
SampGetUnicodeStringAttribute
SampGetUserAccountControlComputed
SampGetUserAccountSettings
SampGetWillNeverTime
SampImpersonateClient
SampIncreaseBadPwdCountLoopback
SampIncrementActiveThreads
SampIncrementNetlogonChangeLogSerialNumber
SampInvalidateDomainCache
SampIsAccountBuiltIn
SampIsAuditingEnabled
SampIsBuiltinDomain
SampIsDomainHosted
SampIsServiceRunning
SampIsSetupInProgress
SampLogPrint
SampLookupContext
SampMarkPerAttributeInvalidFromWhichFields
SampNeedUserAccountSettingsDuringQuery
SampNetLogonNotificationRequired
SampNotifyAuditChange
SampNotifyReplicatedInChange
SampPasswordChangeNotify
SampPasswordChangeNotifyWorker
SampPositionOfHighestBit
SampQueryCapabilities
SampQueryInformationUserInternal
SampQueryUserSupplementalCredentialsRegistry
SampReadExtendedAttributes
SampRecordSystemSchemaVerisonInRegistry
SampReferenceContext
SampRegObjToDsObj
SampReleaseReadLock
SampReleaseSamLockExclusive
SampReleaseWriteLock
SampRemoveAccountFromGroupMembers
SampRemoveSameDomainMemberFromGlobalOrUniversalGroup
SampRemoveUserFromGroup
SampRenameKrbtgtAccount
SampReplaceUserLogonHours
SampReplaceUserV1aFixed
SampRetrieveGroupV1Fixed
SampRetrieveMultipleCredentials
SampRetrieveUserPasswords
SampRetrieveUserV1aFixed
SampRevertToSelf
SampRtlWellKnownPrivilegeCheck
SampSetAccessAttribute
SampSetAdminPassword
SampSetAttributeAccess
SampSetComputerObjectDsName
SampSetDSRMPasswordWorker
SampSetExtendedAttributeAccess
SampSetFixedAttributes
SampSetGlobalDsSids
SampSetPassword
SampSetPasswordInfoOnPdcByHandle
SampSetPasswordInfoOnPdcByIndex
SampSetSerialNumberDomain2
SampSetTransactionDomain
SampSetTransactionWithinDomain
SampSetUnicodeStringAttribute
SampSetUserAccountControl
SampSplitSid
SampStoreObjectAttributes
SampStringFromGuid
SampTraceEvent
SampUpdateAccountDisabledFlag
SampUpdateComputedUserAccountControlBits
SampUpdateMixedModeAndFindDomain
SampUpdatePerformanceCounters
SampUpgradeUserParmsActual
SampUsingDsData
SampValidateDomainCacheCallback
SampValidateDomainControllerCreation
SampValidatePwdSettingAttempt
SampValidateRegAttributes
SampWriteEventLog
SampWriteGroupType
SamrAddMemberToAlias
SamrAddMemberToGroup
SamrCloseHandle
SamrCreateUser2InDomain
SamrCreateUserInDomain
SamrDeleteAlias
SamrDeleteGroup
SamrDeleteUser
SamrEnumerateUsersInDomain
SamrEnumerateUsersInDomain2
SamrGetAliasMembership
SamrGetGroupsForUser
SamrGetMembersInAlias
SamrLookupIdsInDomain
SamrLookupNamesInDomain
SamrLookupNamesInDomain2
SamrOpenAlias
SamrOpenDomain
SamrOpenGroup
SamrOpenUser
SamrQueryDisplayInformation
SamrQueryInformationDomain
SamrQueryInformationUser
SamrQueryInformationUser2
SamrQuerySecurityObject
SamrRemoveMemberFromAlias
SamrRemoveMemberFromGroup
SamrRidToSid
SamrSetInformationAlias
SamrSetInformationGroup
SamrSetInformationUser
SamrSetSecurityObject
SamrValidatePassword

Sections

.text
Size: 639KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi
winsrv/winhttp.dll
.dll windows:10 windows x64 arch:x64

900f8c09b2cb3c88bf2a6a5fddf2ab39

Code Sign

33:00:00:03:8c:38:5d:5c:2e:74:83:cc:fb:00:00:00:00:03:8c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:81:9b:a7:ab:51:64:90:84:9f:d7:4d:24:82:bc:cf:8c:5f:d2:62:ac:83:b3:4b:bd:98:df:2c:34:2f:ab:b6
Signer

Actual PE Digest

13:81:9b:a7:ab:51:64:90:84:9f:d7:4d:24:82:bc:cf:8c:5f:d2:62:ac:83:b3:4b:bd:98:df:2c:34:2f:ab:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

winhttp.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsnlen
wcscmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__strtoui64
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
memmove
_o__wtoi
_o_iscntrl
_o_isdigit
_o_isspace
_o_iswdigit
_o_iswspace
_o_qsort
_o_rand
_o_tolower
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok
_o_wcstok_s
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
wcschr
wcsstr
wcsrchr
memcmp
memcpy

ntdll

RtlInitUnicodeString
RtlSubscribeWnfStateChangeNotification
RtlGetDeviceFamilyInfoEnum
NtQueryLicenseValue
RtlGetVersion
RtlIpv4AddressToStringExW
RtlPublishWnfStateData
RtlGUIDFromString
NtOpenFile
RtlDllShutdownInProgress
NtSetInformationObject
RtlVirtualUnwind
RtlIpv6AddressToStringExW
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlCaptureContext
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlConvertSidToUnicodeString
RtlMoveMemory
EtwTraceMessageVa
EtwUnregisterTraceGuids
RtlValidSid
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlLengthSid
RtlAllocateHeap
RtlIpv4AddressToStringW
RtlFreeUnicodeString
RtlFreeHeap
NtCreateFile
RtlCanonicalizeDomainName
RtlLookupFunctionEntry

api-ms-win-core-synch-l1-1-0

CreateMutexExW
CreateSemaphoreExW
OpenSemaphoreW
CreateEventA
TryAcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseMutex
CreateEventExA
ReleaseSemaphore
ReleaseSRWLockShared
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ResetEvent
WaitForMultipleObjectsEx
WaitForSingleObjectEx
SetEvent
InitializeSRWLock
CreateEventW

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalAlloc
LocalFree
GlobalFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapSize
HeapFree

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegSetValueExW
RegDeleteKeyExW
RegDeleteValueW
RegQueryInfoKeyA
RegGetValueW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegGetValueA

api-ms-win-security-credentials-l1-1-0

CredReadDomainCredentialsW
CredEnumerateW
CredWriteW
CredDeleteW
CredReadW
CredFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

CreateFileW
FindClose
WriteFile
GetFileSizeEx
ReadFile
LocalFileTimeToFileTime
DeleteFileW
SetFilePointer
RemoveDirectoryW
SetFileAttributesW
SetEndOfFile
FindNextFileW
FindFirstFileW
CompareFileTime
CreateDirectoryW
GetFileAttributesW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceInitialize
Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

FormatMessageW
IdnToAscii

api-ms-win-core-processthreads-l1-1-0

DeleteProcThreadAttributeList
CreateProcessAsUserW
InitializeProcThreadAttributeList
SetThreadToken
GetCurrentThreadId
CreateThread
GetCurrentProcess
OpenProcessToken
GetCurrentThread
OpenThreadToken
UpdateProcThreadAttribute
TerminateProcess
GetCurrentProcessId
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
ResumeThread

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetModuleHandleExA
FreeLibrary
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CallbackMayRunLong
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
WaitForThreadpoolWaitCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolCleanupGroup
CreateThreadpoolWork

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWrite
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-wow64-l1-1-1

Wow64SetThreadDefaultGuestMachine

api-ms-win-security-base-l1-1-0

CheckTokenMembership
EqualSid
ImpersonateLoggedOnUser
GetSidSubAuthorityCount
GetTokenInformation
GetSidSubAuthority
IsValidSid
RevertToSelf
AddAccessAllowedAce
GetAce
SetTokenInformation
CreateRestrictedToken
DuplicateTokenEx
AccessCheck
InitializeAcl
AddMandatoryAce
CopySid
GetLengthSid

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetProcessMitigationPolicy

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW
StrStrA
StrCmpNICA
StrCmpNCA
StrStrIA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcmpiW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalReAlloc

api-ms-win-core-url-l1-1-0

UrlCanonicalizeW
UrlUnescapeA
UrlCombineW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualAlloc
UnmapViewOfFile
VirtualFree
OpenFileMappingW
CreateFileMappingW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

kernelbase

AppContainerUnregisterSid
SubscribeWdagEnabledStateChange
GetIsWdagEnabled
AppContainerRegisterSid
UnsubscribeEdpEnabledStateChange
SubscribeEdpEnabledStateChange
UnsubscribeWdagEnabledStateChange
GetIsEdpEnabled

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Private1
SvchostPushServiceGlobals
WinHttpAddRequestHeaders
WinHttpAddRequestHeadersEx
WinHttpAutoProxySvcMain
WinHttpCheckPlatform
WinHttpCloseHandle
WinHttpConnect
WinHttpConnectionDeletePolicyEntries
WinHttpConnectionDeleteProxyInfo
WinHttpConnectionFreeNameList
WinHttpConnectionFreeProxyInfo
WinHttpConnectionFreeProxyList
WinHttpConnectionGetNameList
WinHttpConnectionGetProxyInfo
WinHttpConnectionGetProxyList
WinHttpConnectionSetPolicyEntries
WinHttpConnectionSetProxyInfo
WinHttpConnectionUpdateIfIndexTable
WinHttpCrackUrl
WinHttpCreateProxyResolver
WinHttpCreateUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpFreeProxyResult
WinHttpFreeProxyResultEx
WinHttpFreeProxySettings
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetProxyForUrlEx
WinHttpGetProxyForUrlEx2
WinHttpGetProxyForUrlHvsi
WinHttpGetProxyResult
WinHttpGetProxyResultEx
WinHttpGetProxySettingsVersion
WinHttpGetTunnelSocket
WinHttpOpen
WinHttpOpenRequest
WinHttpPacJsWorkerMain
WinHttpProbeConnectivity
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpReadData
WinHttpReadProxySettings
WinHttpReadProxySettingsHvsi
WinHttpReceiveResponse
WinHttpResetAutoProxy
WinHttpSaveProxyCredentials
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetDefaultProxyConfiguration
WinHttpSetOption
WinHttpSetProxySettingsPerUser
WinHttpSetSecureLegacyServersAppCompat
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
WinHttpWebSocketClose
WinHttpWebSocketCompleteUpgrade
WinHttpWebSocketQueryCloseStatus
WinHttpWebSocketReceive
WinHttpWebSocketSend
WinHttpWebSocketShutdown
WinHttpWriteData
WinHttpWriteProxySettings

Sections

.text
Size: 788KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winsrv/winsrv.dll
.dll windows:10 windows x64 arch:x64

0d19b1428d247b1ecfbcab1de7b681ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

winsrv.pdb

Imports

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
NtOpenProcessToken
RtlCreateSecurityDescriptor
RtlCreateTagHeap
RtlFreeHeap
RtlCreateUserThread
NtClose
NtReadVirtualMemory
NtQueryInformationToken
NtSetInformationThread
NtOpenProcess
NtQueryInformationProcess
RtlSetDaclSecurityDescriptor
DbgPrintEx
RtlAllocateHeap

csrsrv

CsrDereferenceProcess
CsrLockedReferenceProcess
CsrLockProcessByClientId
CsrUnlockProcess

basesrv

BaseGetProcessCrtlRoutine

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

SrvEndTask
UserCreateCallbackThread
UserHardError
UserServerDllInitialization

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

Password: 2024

7b47ecf8ca02907cd93bfb196ed60609

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shlwapi-winrt-storage-l1-1-1

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-rtcore-ntuser-synch-l1-1-0

coremessaging

ntdll

coreuicomponents

slc

wevtapi

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-localization-private-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

Exports

Exports

Sections

.text Size: 461KB - Virtual size: 461KB

.rdata Size: 183KB - Virtual size: 183KB

.data Size: 6KB - Virtual size: 29KB

.pdata Size: 29KB - Virtual size: 29KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 5KB - Virtual size: 4KB

Password: 2024

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 12KB - Virtual size: 12KB

Password: 2024

9baa3994eb281cb30c87de1285042424

.text
Size: 461KB - Virtual size: 461KB

.rdata
Size: 183KB - Virtual size: 183KB

.data
Size: 6KB - Virtual size: 29KB

.pdata
Size: 29KB - Virtual size: 29KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 12KB - Virtual size: 12KB

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

1e:00:37:ab:a3:bc:e1:da:b4:be:b5:80:de:73:32:f9:0d:40:c6:05:18:c8:bb:96:9f:60:c7:92:3f:a6:01:d2
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 512B - Virtual size: 144B