Toolkit_v12[.]5[.]7z

Target

Toolkit_v12.5.7z
Size

24.8MB
MD5

c613abeae01ed0a8a798696311e9eb3d
SHA1

eda40452acc6c2325c56872d8e27fa65776152ed
SHA256

055291dc0fb273ef67891e5fb61165e3019d1f78646fda9c69a2257ccbb72da1
SHA512

bbb7102828489993ff5e88ed98ba19b26da8e37e42cfd12a463d9ffd87f49af44eae856dc22400197bc66cfd0674adee6e36c7af55e59147ad664b208cf2656c
SSDEEP

786432:IpfGPmx3s7b8ZmPO6t/2GGphuZaxIWXynp4ynEnSZxYBa/:2Gn7b8ZXYehuKypSoxT

Score

3^/10

Malware Config

Signatures

Unsigned PE 94 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bin/Dism++CUI.exe
unpack001/Bin/PSFExtractor.exe
unpack001/Bin/ResourceHacker.exe
unpack001/Bin/ToolKitHelper.exe
unpack001/Bin/dvdburn.exe
unpack001/Bin/esddecrypt.exe
unpack001/Bin/x64/7z.dll
unpack001/Bin/x64/7z.exe
unpack001/Bin/x64/DISM10/en-us/VHDProvider.dll.mui
unpack001/Bin/x64/DISM10/en-us/dism.exe.mui
unpack001/Bin/x64/DISM10/en-us/dismapi.dll.mui
unpack001/Bin/x64/DISM10/en-us/dismcore.dll.mui
unpack001/Bin/x64/DISM10/en-us/dismprov.dll.mui
unpack001/Bin/x64/DISM10/en-us/ffuprovider.dll.mui
unpack001/Bin/x64/DISM10/en-us/folderprovider.dll.mui
unpack001/Bin/x64/DISM10/en-us/imagingprovider.dll.mui
unpack001/Bin/x64/DISM10/en-us/logprovider.dll.mui
unpack001/Bin/x64/DISM10/en-us/siloedpackageprovider.dll.mui
unpack001/Bin/x64/DISM10/en-us/wimgapi.dll.mui
unpack001/Bin/x64/DISM10/en-us/wimprovider.dll.mui
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l1-1-0.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l1-1-1.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l2-1-0.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l2-1-1.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l3-1-0.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l4-1-0.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-kernel32-l1-1-0.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-kernel32-l2-1-0.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-ole32-l1-1-0.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-ole32-l1-1-1.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-shlwapi-l1-1-0.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-shlwapi-l1-1-1.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-user32-l1-1-0.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-user32-l1-1-1.dll
unpack001/Bin/x64/DISM81/api-ms-win-downlevel-version-l1-1-0.dll
unpack001/Bin/x64/DISM81/en-us/VHDProvider.dll.mui
unpack001/Bin/x64/DISM81/en-us/compatprovider.dll.mui
unpack001/Bin/x64/DISM81/en-us/dism.exe.mui
unpack001/Bin/x64/DISM81/en-us/dismapi.dll.mui
unpack001/Bin/x64/DISM81/en-us/dismcore.dll.mui
unpack001/Bin/x64/DISM81/en-us/dismprov.dll.mui
unpack001/Bin/x64/DISM81/en-us/folderprovider.dll.mui
unpack001/Bin/x64/DISM81/en-us/imagingprovider.dll.mui
unpack001/Bin/x64/DISM81/en-us/logprovider.dll.mui
unpack001/Bin/x64/DISM81/en-us/wimgapi.dll.mui
unpack001/Bin/x64/DISM81/en-us/wimprovider.dll.mui
unpack001/Bin/x64/NSudo.exe
unpack001/Bin/x64/esdtoolcore.exe
unpack001/Bin/x64/libwim-15.dll
unpack001/Bin/x64/wimlib-imagex.exe
unpack001/Bin/x86/7z.dll
unpack001/Bin/x86/7z.exe
unpack001/Bin/x86/DISM10/en-us/VHDProvider.dll.mui
unpack001/Bin/x86/DISM10/en-us/dism.exe.mui
unpack001/Bin/x86/DISM10/en-us/dismapi.dll.mui
unpack001/Bin/x86/DISM10/en-us/dismcore.dll.mui
unpack001/Bin/x86/DISM10/en-us/dismprov.dll.mui
unpack001/Bin/x86/DISM10/en-us/ffuprovider.dll.mui
unpack001/Bin/x86/DISM10/en-us/folderprovider.dll.mui
unpack001/Bin/x86/DISM10/en-us/imagingprovider.dll.mui
unpack001/Bin/x86/DISM10/en-us/logprovider.dll.mui
unpack001/Bin/x86/DISM10/en-us/siloedpackageprovider.dll.mui
unpack001/Bin/x86/DISM10/en-us/wimgapi.dll.mui
unpack001/Bin/x86/DISM10/en-us/wimprovider.dll.mui
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l1-1-0.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l1-1-1.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l2-1-0.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l2-1-1.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l3-1-0.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l4-1-0.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-kernel32-l1-1-0.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-kernel32-l2-1-0.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-ole32-l1-1-0.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-ole32-l1-1-1.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-shlwapi-l1-1-0.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-shlwapi-l1-1-1.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-user32-l1-1-0.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-user32-l1-1-1.dll
unpack001/Bin/x86/DISM81/api-ms-win-downlevel-version-l1-1-0.dll
unpack001/Bin/x86/DISM81/en-us/VHDProvider.dll.mui
unpack001/Bin/x86/DISM81/en-us/compatprovider.dll.mui
unpack001/Bin/x86/DISM81/en-us/dism.exe.mui
unpack001/Bin/x86/DISM81/en-us/dismapi.dll.mui
unpack001/Bin/x86/DISM81/en-us/dismcore.dll.mui
unpack001/Bin/x86/DISM81/en-us/dismprov.dll.mui
unpack001/Bin/x86/DISM81/en-us/folderprovider.dll.mui
unpack001/Bin/x86/DISM81/en-us/imagingprovider.dll.mui
unpack001/Bin/x86/DISM81/en-us/logprovider.dll.mui
unpack001/Bin/x86/DISM81/en-us/wimgapi.dll.mui
unpack001/Bin/x86/DISM81/en-us/wimprovider.dll.mui
unpack001/Bin/x86/NSudo.exe
unpack001/Bin/x86/esdtoolcore.exe
unpack001/Bin/x86/libwim-15.dll
unpack001/Bin/x86/wimlib-imagex.exe

Files

Toolkit_v12.5.7z
.7z
Bin/AddFonts.ps1
.ps1
Bin/AppLicense/AD2F1837.HPSupportAssistant_v10z8vjag6ke6.xml
Bin/AppLicense/AdvancedMicroDevicesInc-2.AMDLink_0a9344xs7nr4m.xml
Bin/AppLicense/AppUp.IntelGraphicsExperience_8j3eq9eme6ctt.xml
Bin/AppLicense/AppUp.ThunderboltControlCenter_8j3eq9eme6ctt.xml
Bin/AppLicense/CanonicalGroupLimited.Ubuntu18.04onWindows_79rhkp1fndgsc.xml
Bin/AppLicense/Clipchamp.Clipchamp_yxz26nhyzhsrt.xml
Bin/AppLicense/Microsoft.549981c3f5f10_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.AV1VideoExtension_8wekyb3d8bbwe.x64.xml
Bin/AppLicense/Microsoft.AV1VideoExtension_8wekyb3d8bbwe.x86.xml
Bin/AppLicense/Microsoft.BingFinance_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.BingFoodAndDrink_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.BingHealthAndFitness_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.BingMaps_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.BingNews_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.BingSports_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.BingTravel_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.BingWeather_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.D3DMappingLayers_8wekyb3d8bbwe.arm.xml
Bin/AppLicense/Microsoft.D3DMappingLayers_8wekyb3d8bbwe.x64.xml
Bin/AppLicense/Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.GamingApp_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.GetHelp_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.Getstarted_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.HEIFImageExtension_8wekyb3d8bbwe.arm.xml
Bin/AppLicense/Microsoft.HEIFImageExtension_8wekyb3d8bbwe.x64.xml
Bin/AppLicense/Microsoft.HEIFImageExtension_8wekyb3d8bbwe.x86.xml
Bin/AppLicense/Microsoft.HEVCVideoExtension_8wekyb3d8bbwe.arm.xml
Bin/AppLicense/Microsoft.HEVCVideoExtension_8wekyb3d8bbwe.x64.xml
Bin/AppLicense/Microsoft.HEVCVideoExtension_8wekyb3d8bbwe.x86.xml
Bin/AppLicense/Microsoft.HelpAndTips_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.MPEG2VideoExtension_8wekyb3d8bbwe.arm.xml
Bin/AppLicense/Microsoft.MPEG2VideoExtension_8wekyb3d8bbwe.x64.xml
Bin/AppLicense/Microsoft.MPEG2VideoExtension_8wekyb3d8bbwe.x86.xml
Bin/AppLicense/Microsoft.MSPaint_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.Messaging_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.Microsoft3DViewer_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.MicrosoftPowerBIForWindows_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.MinecraftEducationEdition_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.MixedReality.Portal_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.Office.OneNote_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.OneConnect_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.Paint_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.People_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.PowerAutomateDesktop_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.Print3D_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.RawImageExtension_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.Reader_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.RemoteDesktop_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.ScreenSketch_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.SecHealthUI_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.SkypeApp_kzf8qxf38zg5c.xml
Bin/AppLicense/Microsoft.StorePurchaseApp_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.Todos_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.VP9VideoExtensions_8wekyb3d8bbwe.arm.xml
Bin/AppLicense/Microsoft.VP9VideoExtensions_8wekyb3d8bbwe.x64.xml
Bin/AppLicense/Microsoft.VP9VideoExtensions_8wekyb3d8bbwe.x86.xml
Bin/AppLicense/Microsoft.Wallet_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WebMediaExtensions_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WebpImageExtension_8wekyb3d8bbwe.arm.xml
Bin/AppLicense/Microsoft.WebpImageExtension_8wekyb3d8bbwe.x64.xml
Bin/AppLicense/Microsoft.WebpImageExtension_8wekyb3d8bbwe.x86.xml
Bin/AppLicense/Microsoft.Whiteboard_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.Windows.Photos_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WindowsAlarms_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WindowsCalculator_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WindowsCamera_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WindowsDVDPlayer_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WindowsMaps_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WindowsNotepad_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WindowsReadingList_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WindowsScan_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WindowsStore_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.WindowsTerminal_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.Xbox.TCUI_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.XboxApp_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.XboxGameOverlay_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.XboxGamingOverlay_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.XboxIdentityProvider_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.XboxLIVEGames_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.YourPhone_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.ZuneMusic_8wekyb3d8bbwe.xml
Bin/AppLicense/Microsoft.ZuneVideo_8wekyb3d8bbwe.xml
Bin/AppLicense/MicrosoftCorporationII.MicrosoftFamily_8wekyb3d8bbwe.xml
Bin/AppLicense/MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe.xml
Bin/AppLicense/MicrosoftCorporationII.WindowsSubsystemforLinux_8wekyb3d8bbwe.xml
Bin/AppLicense/MicrosoftWindows.Client.WebExperience_cw5n1h2txyewy.xml
Bin/AppLicense/NVIDIACorp.NVIDIAControlPanel_56jybvy8sckqj.xml
Bin/AppLicense/RealtekSemiconductorCorp.RealtekAudioControl_dt26b99r8h8gj.xml
Bin/AppLicense/RivetNetworks.KillerControlCenter_rh07ty8m5nkag.xml
Bin/AppLicense/WavesAudio.MaxxAudioProforDell2020_fh4rh281wavaa.xml
Bin/ConvertReg.ps1
.ps1
Bin/Data.xml
Bin/Dism++CUI.exe
.exe windows:6 windows x86 arch:x86

5d758a1b2b5495441996a1ec6691212b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
FindFirstFileW
FindNextFileW
GetLongPathNameW
InitializeCriticalSectionEx
GetPrivateProfileSectionW
FindClose
GetVolumePathNameW
GetFileAttributesW
UnmapViewOfFile
SetFileAttributesW
MultiByteToWideChar
GetPrivateProfileStringW
Sleep
GetFileAttributesExW
SetFilePointer
MoveFileExW
GetFileSize
DeleteCriticalSection
FreeLibrary
CreateFileMappingW
LocalFree
MapViewOfFile
LoadLibraryExW
OutputDebugStringW
IsDebuggerPresent
WaitForSingleObjectEx
SetEndOfFile
WriteFile
ReadFile
SetFilePointerEx
GetShortPathNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateDirectoryW
RaiseException
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
CloseHandle
GetLastError
CreateFileW
LoadLibraryW
ResetEvent
SetEvent
SleepConditionVariableCS
WakeAllConditionVariable
InitializeConditionVariable
LeaveCriticalSection
EnterCriticalSection
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
SetLastError
GetProcAddress
GetModuleFileNameW
OutputDebugStringA

advapi32

CryptDestroyKey
RegGetValueW
CryptDecrypt
CryptImportKey
CryptAcquireContextW
CryptReleaseContext

ole32

CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringLen
SysAllocString
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear

msvcrt

??_U@YAPAXI@Z
strlen
?terminate@@YAXXZ
_lock
_wcstoui64
_onexit
??1type_info@@UAE@XZ
__wgetmainargs
_cexit
_controlfp
_except_handler4_common
__set_app_type
__p__fmode
free
__CxxFrameHandler3
_CxxThrowException
_vswprintf_s_l
__setusermatherr
_amsg_exit
_initterm
_vscwprintf_l
exit
_XcptFilter
??2@YAPAXI@Z
memcmp
memmove
malloc
_unlock
__p__commode
__dllonexit
memset
_errno
memcpy
wcslen
??3@YAXPAX@Z
wcscpy
_wcsicmp
printf
putchar
_purecall
_wcsupr_s
wcsnlen
wcstoul
_exit
??_V@YAXPAX@Z

shlwapi

SHCreateStreamOnFileW
PathAppendW
SHCreateStreamOnFileEx
PathFindFileNameW
StrChrW
StrCmpIW
StrCmpW
StrCmpNW

wimgapi

WIMSetBootImage
WIMSetTemporaryPath
WIMExportImage
WIMApplyImage
WIMLoadImage
WIMRegisterMessageCallback
WIMGetImageInformation
WIMGetAttributes
WIMCloseHandle
WIMUnregisterMessageCallback
WIMCreateFile

version

VerQueryValueW

crypt32

CryptStringToBinaryW

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/LICENSES/7zip.txt
Bin/LICENSES/NSudo.txt
Bin/LICENSES/ResourceHacker.txt
Bin/LICENSES/ToolkitHelper.txt
Bin/LICENSES/Wimlib.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.10240.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.10586.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.14393.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.15063.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.16299.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.17134.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.17763.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.18362.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.18363.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.19041.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.19042.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.19043.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.19044.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.19045.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W11_10.0.22000.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W11_10.0.22621.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W11_10.0.22622.txt
Bin/Lists/DISM_Templates/RemoveAppsList_W81.txt
Bin/Lists/DISM_Templates/RemovePkgsList_Server_LTSC_2022.txt
Bin/Lists/DISM_Templates/RemovePkgsList_W10.txt
Bin/Lists/DISM_Templates/RemovePkgsList_W11.txt
Bin/Lists/DISM_Templates/RemovePkgsList_W7.txt
Bin/Lists/DISM_Templates/RemovePkgsList_W81.txt
Bin/Lists/Features_Templates/FeaturesList_W10_10.0.17763.txt
Bin/Lists/Features_Templates/FeaturesList_W10_10.0.18362.txt
Bin/Lists/Features_Templates/FeaturesList_W10_10.0.18363.txt
Bin/Lists/Features_Templates/FeaturesList_W10_10.0.19041.txt
Bin/Lists/Features_Templates/FeaturesList_W10_10.0.19042.txt
Bin/Lists/Features_Templates/FeaturesList_W10_10.0.19043.txt
Bin/Lists/Features_Templates/FeaturesList_W10_10.0.19044.txt
Bin/Lists/Features_Templates/FeaturesList_W10_10.0.19045.txt
Bin/Lists/Features_Templates/FeaturesList_W11_10.0.22000.txt
Bin/Lists/Features_Templates/FeaturesList_W11_10.0.22621.txt
Bin/Lists/Features_Templates/FeaturesList_W11_10.0.22622.txt
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_10.0.17763.txt
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_10.0.18362.txt
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_10.0.18363.txt
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_10.0.19041.txt
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_10.0.19042.txt
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_10.0.19043.txt
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_10.0.19044.txt
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_10.0.19045.txt
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_LTSC_2019.txt
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_LTSC_2021.txt
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W11_10.0.22000.txt
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W11_10.0.22621.txt
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W11_10.0.22622.txt
Bin/PSFExtractor.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\PSFExtractor\obj\Release\PSFExtractor.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/PSFExtractor.exe.config
Bin/Patches/W10CUFix/RS1CUFix.reg
Bin/Patches/W10CUFix/RS1CUFix.tpk
Bin/Patches/W10CUFix/TH1CUFix.tpk
Bin/Patches/W10CUFix/TH1CUFix_x64.reg
Bin/Patches/W10CUFix/TH1CUFix_x86.reg
Bin/Patches/W7ESU/ESU.tpk
Bin/Patches/WMCGActTokens.tpk
Bin/ResourceHacker.def
Bin/ResourceHacker.exe
.exe windows:5 windows x86 arch:x86

cee6f2e56c9d0896337240f928b841b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
VariantInit
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

user32

CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToAscii
SystemParametersInfoW
SubtractRect
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCaretPos
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
SendDlgItemMessageW
ScrollWindowEx
ScrollWindow
ScrollDC
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
NotifyWinEvent
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
MapDialogRect
LockWindowUpdate
LoadStringW
LoadMenuIndirectW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvalidateRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenuBarInfo
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawStateW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DeferWindowPos
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIconFromResourceEx
CreateIconFromResource
CreateIcon
CreateDialogIndirectParamW
CreateCaret
CountClipboardFormats
CopyImage
CloseClipboard
ClipCursor
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
BeginDeferWindowPos
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenW
lstrcmpW
WritePrivateProfileStringW
WriteFile
WriteConsoleW
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
UnmapViewOfFile
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
MultiByteToWideChar
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsValidCodePage
InitializeCriticalSection
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetTempFileNameW
GetSystemInfo
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FreeConsole
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateMutexW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringA
CompareStringW
CloseHandle
Sleep
MulDiv

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetDCPenColor
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStretchBltMode
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreatePen
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePen
CreatePatternBrush
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc
TranslateCharsetInfo
GetRandomRgn

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetWkstaGetInfo

ole32

CreateStreamOnHGlobal
ReleaseStgMedium
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CreateDataAdviseHolder
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CoDisconnectObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

msvcrt

memset
memcpy

shell32

ShellExecuteW
Shell_NotifyIconW
DragQueryFileW
DragAcceptFiles
IsUserAnAdmin
SHGetDesktopFolder

comdlg32

ChooseFontW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

shlwapi

PathIsRelativeW

winmm

timeGetTime
sndPlaySoundW
mciSendCommandW
mciGetErrorStringW

oleacc

LresultFromObject

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 89KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/ToolKitHelper.exe
.exe windows:5 windows x86 arch:x86

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

kernel32

RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

ole32

OleInitialize

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.8MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/ToolKitHelper.exe.config
.xml
Bin/XMLs/DefaultLayouts.xml
.xml
Bin/XMLs/LayoutModification.json
Bin/XMLs/LayoutModification.xml
Bin/XMLs/w10_CustomAppsAssociation.xml
.xml
Bin/XMLs/w11_CustomAppsAssociation.xml
.xml
Bin/XMLs/w81_CustomAppsAssociation.xml
.xml
Bin/dvdburn.exe
.exe windows:5 windows x86 arch:x86

29ed54be8e40a7c5481b525444010c27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
LocalFree
Sleep
ReadFile
SetLastError
LocalAlloc
GetFileInformationByHandle
DeviceIoControl
GetLastError
CloseHandle
CreateFileA
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetOverlappedResult
CreateEventA

msvcrt

_strnicmp
fflush
_iob
memmove
_c_exit
_exit
_XcptFilter
_cexit
exit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_vsnprintf
printf

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/esddecrypt.exe
.exe windows:5 windows x86 arch:x86

61c74ba7a04bbfb0ebfdff93d30d7c8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptStringToBinaryW

advapi32

CryptImportKey
CryptHashData
CryptGetHashParam
CryptAcquireContextW
CryptDuplicateHash
CryptReleaseContext
CryptCreateHash
CryptDestroyKey
CryptDecrypt
CryptDestroyHash

kernel32

ReadFile
GetLastError
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
GetProcessHeap
MultiByteToWideChar
GetACP
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
RtlUnwind
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
ExitProcess
GetModuleHandleExW
GetProcAddress
WideCharToMultiByte
WriteFile
GetModuleFileNameW
SetStdHandle
GetConsoleCP
FlushFileBuffers
GetCPInfo
IsValidCodePage
GetOEMCP
SetLastError
GetCurrentThreadId
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
WriteConsoleW
HeapSize

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/wimgapi.dll
.dll windows:10 windows x86 arch:x86

eeeabe85372d9f8dab340e7e32c5bbeb

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:da:06:64:3b:94:f5:75:8c:0e:eb:f3:0d:63:29:87:f5:b0:d2:92:e6:01:67:6f:36:ff:2c:bf:7a:04:b2:cd
Signer

Actual PE Digest

15:da:06:64:3b:94:f5:75:8c:0e:eb:f3:0d:63:29:87:f5:b0:d2:92:e6:01:67:6f:36:ff:2c:bf:7a:04:b2:cd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

wimgapi.pdb

Imports

msvcrt

towlower
strcpy_s
_wcslwr
_wcsrev
wcschr
memmove
_onexit
qsort
__dllonexit
_wcsupr
_unlock
_lock
_except_handler4_common
_XcptFilter
_initterm
swscanf_s
towupper
free
wcstoul
_amsg_exit
wcstok_s
_strnicmp
wcsrchr
memcpy
memcmp
_callnewh
_vscwprintf
_purecall
iswspace
memmove_s
_wcsicmp
_wcstoi64
memcpy_s
strncpy_s
wcsncmp
_wcsnicmp
wcsnlen
_vsnwprintf
malloc
wcsstr
_wtoi
memset

kernel32

CompareStringW
HeapFree
GetProcessHeap
SetLastError
DeleteFileW
CreateFileW
GetFileInformationByHandle
CloseHandle
LocalAlloc
HeapAlloc
GetSystemDirectoryW
LocalFree
GetVolumePathNameW
GetDriveTypeW
RemoveDirectoryW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
SetFileTime
GetFileAttributesW
FindFirstFileW
FindNextFileW
GetLastError
GetTempPathW
GetTempFileNameW
GetFileSize
SetFilePointer
ReadFile
SetFilePointerEx
DeleteCriticalSection
GetSystemInfo
InitializeCriticalSection
SetThreadIdealProcessor
GetCurrentThread
GetEnvironmentVariableW
GetOverlappedResult
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
CreateDirectoryW
WriteFile
SetEndOfFile
CreateEventW
LockFileEx
UnlockFileEx
GetFileSizeEx
DeviceIoControl
HeapReAlloc
GetHandleInformation
WaitForSingleObject
CreateMutexW
GetModuleHandleExW
GetModuleFileNameW
FormatMessageW
ReleaseMutex
WideCharToMultiByte
LocalFileTimeToFileTime
FindClose
DisableThreadLibraryCalls
Sleep
ExpandEnvironmentStringsW
OpenProcess
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
GlobalMemoryStatusEx
GetFinalPathNameByHandleW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
OpenEventW
GetCurrentDirectoryW
GetLongPathNameW
DosDateTimeToFileTime
SetFileInformationByHandle
GetFileInformationByHandleEx
GetPrivateProfileSectionW
GetModuleHandleW
WaitForMultipleObjects
ReleaseSemaphore
SetEvent
CreateSemaphoreW
CreateThread
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCIDToLocaleName
CopyFileExW
GetVolumePathNamesForVolumeNameW
LoadLibraryW
WaitForMultipleObjectsEx
ResetEvent
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTickCount
GetLogicalDriveStringsW
Wow64DisableWow64FsRedirection
CreateProcessW
GetExitCodeProcess
Wow64RevertWow64FsRedirection
CreateSemaphoreExW
GetVolumeNameForVolumeMountPointW

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptCloseAlgorithmProvider

fltlib

FilterSendMessage
FilterAttach
FilterLoad
FilterConnectCommunicationPort

cabinet

ord22
ord20
ord23

advapi32

GetSecurityDescriptorControl
RegDeleteKeyExW
AdjustTokenPrivileges
SetThreadToken
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAccessAllowedAceEx
RevertToSelf
GetSecurityDescriptorLength
GetSecurityInfo
FreeSid
SetSecurityDescriptorDacl
EqualSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegUnLoadKeyW
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegLoadKeyW
RegCloseKey
RegOpenKeyExW

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

user32

CharUpperW

ntdll

RtlInitializeResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
RtlDeleteResource
NtQuerySecurityObject
RtlRaiseStatus
RtlDosPathNameToNtPathName_U_WithStatus
RtlInitializeCriticalSection
DbgPrintEx
NtUnloadKey2
RtlReAllocateHeap
NtYieldExecution
RtlDowncaseUnicodeChar
RtlGetVersion
NtSetSecurityObject
RtlFindAceByType
RtlSetControlSecurityDescriptor
RtlInitUnicodeString
RtlImpersonateSelf
NtQueryVolumeInformationFile
NtCreateFile
NtQueryEaFile
NtQueryInformationProcess
NtQueryInformationFile
RtlGetLastNtStatus
NtSetInformationFile
RtlSetIoCompletionCallback
RtlFreeHeap
NtClose
NtQueryDirectoryFile
RtlAllocateHeap
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlAdjustPrivilege
RtlNtStatusToDosError
NtSetEaFile

rpcrt4

RpcBindingFree
RpcBindingSetAuthInfoW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
UuidCreate
UuidFromStringW
RpcStringFreeW
UuidToStringW
I_RpcMapWin32Status
NdrClientCall2

Exports

Exports

DllCanUnloadNow
DllMain
WIMAddImagePath
WIMAddImagePaths
WIMAddWimbootEntry
WIMApplyImage
WIMCaptureImage
WIMCloseHandle
WIMCommitImageHandle
WIMCopyFile
WIMCreateFile
WIMCreateImageFile
WIMCreateWofCompressedFile
WIMDeleteImage
WIMDeleteImageMounts
WIMEnumImageFiles
WIMExportImage
WIMExtractImageDirectory
WIMExtractImagePath
WIMExtractImagePathByWimHandle
WIMFindFirstImageFile
WIMFindNextImageFile
WIMGetAttributes
WIMGetImageCount
WIMGetImageInformation
WIMGetMessageCallbackCount
WIMGetMountedImageHandle
WIMGetMountedImageInfo
WIMGetMountedImageInfoFromHandle
WIMGetMountedImages
WIMGetWIMBootEntries
WIMGetWIMBootWIMPath
WIMGetWimFileSize
WIMInitFileIOCallbacks
WIMInitializeWofDriver
WIMIsCurrentSystemWimboot
WIMIsReferenceWim
WIMLoadImage
WIMLoadOSInformation
WIMMountImage
WIMMountImageHandle
WIMProcessCustomImage
WIMReadFileEx
WIMReadImageFile
WIMRedirectFolderBeforeApply
WIMRegisterLogFile
WIMRegisterMessageCallback
WIMRemountImage
WIMSetBootImage
WIMSetCachedSigningLevel
WIMSetFileIOCallbackTemporaryPath
WIMSetImageInformation
WIMSetImageUserSpecifiedCreationTime
WIMSetReferenceFile
WIMSetTemporaryPath
WIMSetWimGuid
WIMSingleInstanceFile
WIMSplitFile
WIMUnmountImage
WIMUnmountImageHandle
WIMUnregisterLogFile
WIMUnregisterMessageCallback
WIMUpdateWIMBootEntry
WIMWriteFileWithIntegrity

Sections

.text
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/wimscript.ini
Bin/x64/7z.dll
.dll windows:4 windows x64 arch:x64

4a683d6f78cddf7c7cda44d5a4669025

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysStringLen
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
SysFreeString
SysAllocStringLen

user32

CharUpperW
CharPrevExA

advapi32

SystemFunction036

msvcrt

strcat
strcpy
realloc
memset
free
malloc
__CxxFrameHandler
strlen
strchr
strstr
wcscmp
strcmp
memmove
_CxxThrowException
memcpy
memcmp
_purecall
exit
__C_specific_handler
_beginthreadex
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
Sleep
CreateEventW
SetThreadAffinityMask
ResumeThread
WaitForSingleObject
SetEvent
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
QueryPerformanceCounter
GetOEMCP
DeleteCriticalSection
LocalFileTimeToFileTime
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatusEx
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetProcAddress
GetModuleHandleW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetModuleHandleA

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/7z.exe
.exe windows:4 windows x64 arch:x64

c40fa24fe18adb90df2122ca10e52ab2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysStringLen
VariantClear
VariantCopy
SysAllocString
SysStringByteLen
SysFreeString
SysAllocStringLen

user32

CharUpperW

advapi32

LookupPrivilegeValueW
GetFileSecurityW
SetFileSecurityW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken

msvcrt

_c_exit
_XcptFilter
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_beginthreadex
_isatty
memcmp
_purecall
memset
strlen
wcsstr
_exit
wcscmp
strcmp
memmove
fflush
fputc
fputs
_iob
fgetc
fclose
free
malloc
__CxxFrameHandler
_CxxThrowException
memcpy
_cexit
__initenv
exit
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type

kernel32

ResumeThread
SetThreadAffinityMask
CreateEventW
SetEvent
InitializeCriticalSection
GetVersionExW
CloseHandle
WaitForSingleObject
VirtualFree
VirtualAlloc
GetConsoleMode
SetConsoleMode
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
GetProcessTimes
QueryPerformanceFrequency
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetProcessAffinityMask
OpenEventW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
IsProcessorFeaturePresent
GlobalMemoryStatusEx
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
DeviceIoControl
GetLogicalDriveStringsW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
SetLastError
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetFileInformationByHandle
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW

Sections

.text
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/Microsoft.Dism.Powershell.dll
.dll windows:4 windows x64 arch:x64

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:11:66:1f:01:df:7b:d0:6e:c4:10:9f:fa:34:18:ae:34:44:98:78:68:38:90:89:46:5c:25:3e:e6:86:5c:6d
Signer

Actual PE Digest

f2:11:66:1f:01:df:7b:d0:6e:c4:10:9f:fa:34:18:ae:34:44:98:78:68:38:90:89:46:5c:25:3e:e6:86:5c:6d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Dism.PowerShell.pdb

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/WimMountAdkSetupAmd64.exe
.exe windows:10 windows x64 arch:x64

6bbd7323812674f3361ea37fa1386504

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:e1:64:5a:f5:38:72:e8:49:8d:57:6f:53:8e:d4:ef:be:c0:76:d3:8a:30:50:7f:a2:9b:4b:44:66:34:2f:76
Signer

Actual PE Digest

10:e1:64:5a:f5:38:72:e8:49:8d:57:6f:53:8e:d4:ef:be:c0:76:d3:8a:30:50:7f:a2:9b:4b:44:66:34:2f:76

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WimMountAdkSetupAmd64.pdb

Imports

msvcrt

?terminate@@YAXXZ
memcpy
_fmode
_vsnwprintf
exit
__set_app_type
_exit
__wgetmainargs
towupper
wcschr
_amsg_exit
_XcptFilter
_cexit
fwprintf
__iob_func
_commode
__setusermatherr
wcsncmp
vfwprintf
_initterm
__C_specific_handler
_wcsnicmp
_wfopen
fclose
_wcsicmp
memcpy_s
_wcmdln
memset

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlGetVersion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError

kernel32

GetDriveTypeW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalFree
GetCurrentThreadId
GetProcessHeap
GetSystemInfo
GetNativeSystemInfo
GetLastError
GetModuleFileNameW
GetFullPathNameW
SetLastError
GetFileAttributesW
CloseHandle
HeapAlloc
HeapFree

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
RegCloseKey

shell32

CommandLineToArgvW

user32

MessageBoxW

fltlib

FilterUnload

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/dism.Format.ps1xml
.ps1
Bin/x64/DISM10/dism.Types.ps1xml
.xml
Bin/x64/DISM10/dism.exe
.exe windows:10 windows x64 arch:x64

eedfd4dcfa971fffc7523c276e4a9c41

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:92:2e:db:05:03:65:03:d1:75:28:97:3a:79:a2:60:c7:b9:98:81:28:64:57:26:41:ec:98:6d:3e:24:b3:66
Signer

Actual PE Digest

a2:92:2e:db:05:03:65:03:d1:75:28:97:3a:79:a2:60:c7:b9:98:81:28:64:57:26:41:ec:98:6d:3e:24:b3:66

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

Dism.pdb

Imports

msvcrt

__RTDynamicCast
??3@YAXPEAX@Z
memset
realloc
_errno
wcsstr
wcsncmp
_wcsnicmp
iswalpha
towlower
_snwscanf_s
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcscpy_s
wcsrchr
calloc
malloc
_purecall
_wcsicmp
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_wcslwr_s
wcschr
wprintf
memmove_s
memcpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
memcmp
wcscmp

advapi32

IsValidSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSidSubAuthority
SetSecurityDescriptorOwner
GetSidLengthRequired
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
EventUnregister
EventRegister
EventWriteTransfer
EventActivityIdControl
UnregisterTraceGuids
InitiateSystemShutdownExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
TraceEvent
GetLengthSid
CopySid
IsValidSid
InitializeSid

kernel32

SearchPathW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandleEx
DeviceIoControl
SetFileAttributesW
SetFileInformationByHandle
DeleteFileW
CopyFileExW
GetLongPathNameW
GetFinalPathNameByHandleW
GetDriveTypeW
GetVersionExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
InitializeCriticalSection
EnterCriticalSection
SetEvent
LeaveCriticalSection
GetLastError
CloseHandle
SetThreadUILanguage
SetErrorMode
SetConsoleCtrlHandler
OutputDebugStringW
GetCommandLineW
HeapFree
GetProcessHeap
Sleep
GetCurrentProcess
DeleteCriticalSection
RaiseException
GetCurrentThreadId
CompareStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetStdHandle
HeapAlloc
WriteConsoleW
LocalAlloc
WideCharToMultiByte
WriteFile
LocalFree
GetFileType
GetConsoleMode
GetModuleFileNameW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
MultiByteToWideChar
GetSystemInfo
OpenProcess
QueryFullProcessImageNameW
HeapSize
HeapReAlloc
HeapDestroy
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
FindClose
WaitForSingleObject
LoadLibraryExW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

user32

CharLowerBuffW

oleaut32

SysAllocStringLen
GetErrorInfo
SysAllocStringByteLen
SysStringByteLen
LoadTypeLi
SysAllocString
VarBstrCmp
LoadRegTypeLi
SysStringLen
VariantClear
SysFreeString

ntdll

NtQueryInformationProcess
RtlNtStatusToDosError
RtlGetVersion
NtSetInformationFile
RtlAllocateHeap
RtlFreeHeap

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/dism.psd1
Bin/x64/DISM10/dism.psm1
Bin/x64/DISM10/dismapi.dll
.dll windows:10 windows x64 arch:x64

17e16810013c3fff44cfa1210c86e8bf

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:13:78:be:54:35:08:82:66:00:b1:9c:d8:1e:33:d4:78:c1:44:78:ee:5d:fd:6d:e1:19:a4:c4:5a:01:bd:eb
Signer

Actual PE Digest

49:13:78:be:54:35:08:82:66:00:b1:9c:d8:1e:33:d4:78:c1:44:78:ee:5d:fd:6d:e1:19:a4:c4:5a:01:bd:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

DismApi.pdb

Imports

msvcrt

wcsstr
wcsncmp
wcsrchr
_vsnwprintf
towlower
_snwscanf_s
fclose
wcstok_s
_wfopen
_wcslwr_s
strrchr
_wcsnicmp
iswctype
memcmp
memset
realloc
_errno
fgetws
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcscpy_s
_wcstoui64
wcstoul
iswspace
swscanf_s
_wtoi
wcschr
iswalpha
_wcsicmp
_purecall
_vscprintf
feof
??1type_info@@UEAA@XZ
vsprintf_s
calloc
_vsnprintf
malloc
free
vswprintf_s
_vscwprintf
memmove_s
memcpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
wcscmp

advapi32

RegDeleteKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CheckTokenMembership
AddAccessAllowedAce
RegCloseKey
GetTokenInformation
OpenThreadToken
EqualSid
InitializeAcl
SetSecurityDescriptorDacl
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
GetLengthSid
InitializeSecurityDescriptor

kernel32

MoveFileExW
GetTimeFormatEx
GetSystemTime
SetErrorMode
GetVersionExW
GetProcAddress
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
FindResourceExW
OutputDebugStringW
GetThreadUILanguage
OutputDebugStringA
GetModuleHandleExW
GetLastError
GetModuleFileNameW
FreeLibrary
WideCharToMultiByte
LoadLibraryExW
HeapFree
GetProcessHeap
MultiByteToWideChar
WaitForMultipleObjectsEx
WaitForSingleObject
FormatMessageW
LocalFree
GetSystemInfo
GetCommandLineW
GetLocaleInfoEx
IsWow64Process
GetCurrentProcess
CompareStringW
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetEnvironmentVariableW
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateDirectoryW
CreateEventW
ResumeThread
DuplicateHandle
GetTempFileNameW
GetCurrentThread
ResetEvent
CreateThread
SetEvent
CloseHandle
CreateFileW
SetFilePointer
GetFullPathNameW
ReadFile
GetSystemWindowsDirectoryW
TlsSetValue
UnmapViewOfFile
TlsAlloc
GetLocalTime
GetFileSize
ExitProcess
TlsGetValue
TlsFree
FormatMessageA
CreateFileMappingW
MapViewOfFile
VirtualQuery
ExpandEnvironmentStringsW
GetFileSizeEx
FlushFileBuffers
CopyFileExW
DeleteFileW
SetFileInformationByHandle
GetFileInformationByHandle
SetFileAttributesW
FindClose
DeviceIoControl
FindNextFileW
FindFirstFileW
GetFileInformationByHandleEx
GetModuleFileNameA
WriteFile
CreateMutexW
CreateMutexA
ReleaseMutex
GetVersion
CreateFileA
DeleteFileA
CreateFileMappingA
DebugBreak
GetModuleHandleExA
GetWindowsDirectoryW
IsDebuggerPresent
SetLastError
GetLongPathNameW
GetFinalPathNameByHandleW
SearchPathW
GetFileAttributesW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
StringFromGUID2

user32

CharLowerBuffW

oleaut32

VarBstrCmp
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
LoadTypeLi
LoadRegTypeLi
SysStringLen
SafeArrayGetDim
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
VarBstrCat
SystemTimeToVariantTime

ntdll

RtlInitUnicodeString
NtReadFile
RtlReAllocateHeap
NtClose
RtlExpandEnvironmentStrings
NtQueryInformationFile
NtWaitForSingleObject
NtOpenFile
NtWriteFile
NtYieldExecution
DbgPrintEx
RtlDowncaseUnicodeChar
RtlRaiseStatus
RtlAllocateHeap
RtlGetVersion
NtSetInformationFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosError
RtlFreeHeap

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

Exports

Exports

DismAddCapability
DismAddDriver
DismAddPackage
DismAddProvisionedAppxPackage
DismApplyUnattend
DismCheckImageHealth
DismCleanupMountpoints
DismCloseSession
DismCommitImage
DismDelete
DismDisableFeature
DismEnableFeature
DismGetCapabilities
DismGetCapabilityInfo
DismGetDriverInfo
DismGetDrivers
DismGetFeatureInfo
DismGetFeatureParent
DismGetFeatures
DismGetImageInfo
DismGetLastErrorMessage
DismGetMountedImageInfo
DismGetPackageInfo
DismGetPackageInfoEx
DismGetPackages
DismGetProvisionedAppxPackages
DismGetReservedStorageState
DismInitialize
DismMountImage
DismOpenSession
DismRemountImage
DismRemoveCapability
DismRemoveDriver
DismRemovePackage
DismRemoveProvisionedAppxPackage
DismRestoreImageHealth
DismSetReservedStorageState
DismShutdown
DismUnmountImage
_DismAddAppxPackageFamilyToUninstallBlocklist
_DismAddDriverEx
_DismAddPackageEx
_DismAddPackageFamilyToUninstallBlocklist
_DismAddProvisionedAppSharedPackageContainer
_DismAddProvisionedAppxPackage
_DismApplyCustomDataImage
_DismApplyFfuImage
_DismApplyProvisioningPackage
_DismCaptureSoftwareInventory
_DismCleanImage
_DismEnableDisableFeature
_DismExportDriver
_DismExportSource
_DismGetCapabilitiesEx
_DismGetCapabilityInfoEx
_DismGetCurrentEdition
_DismGetDriversEx
_DismGetEffectiveSystemUILanguage
_DismGetFeaturesEx
_DismGetInstallLanguage
_DismGetKCacheBinaryValue
_DismGetKCacheDwordValue
_DismGetKCacheStringValue
_DismGetLastCBSSessionID
_DismGetNonRemovableAppsPolicy
_DismGetNonRemovableAppxAppsPolicy
_DismGetOSUninstallWindow
_DismGetOsInfo
_DismGetPackageInfoEx
_DismGetProductKeyInfo
_DismGetProvisionedAppSharedPackageContainers
_DismGetProvisionedAppxPackages
_DismGetProvisioningPackageInfo
_DismGetRegistryMountPoint
_DismGetStateFromCBSSessionID
_DismGetTargetCompositionEditions
_DismGetTargetEditions
_DismGetTargetVirtualEditions
_DismGetTemplateAbsolutePath
_DismGetTemplateString
_DismGetUsedSpace
_DismInitiateOSUninstall
_DismOpenSessionEx
_DismOptimizeImage
_DismOptimizeProvisionedAppxPackages
_DismRemoveAppxPackageFamilyFromUninstallBlocklist
_DismRemoveCapabilityEx
_DismRemoveOSUninstall
_DismRemovePackageEx
_DismRemovePackageFamilyFromUninstallBlocklist
_DismRemoveProvisionedAppSharedPackageContainer
_DismRemoveProvisionedAppxPackage
_DismRemoveProvisionedAppxPackageAllUsers
_DismRevertPendingActions
_DismSetAllIntlSettings
_DismSetAppXProvisionedDataFile
_DismSetAppxProvisionedDataFile
_DismSetEdition
_DismSetEdition2
_DismSetFirstBootCommandLine
_DismSetMachineName
_DismSetOSUninstallWindow
_DismSetProductKey
_DismSetSkuIntlDefaults
_DismSetTemplateString
_DismSplitFfuImage
_DismStage
_DismSysprepCleanup
_DismSysprepGeneralize
_DismSysprepSpecialize
_DismValidateProductKey

Sections

.text
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/dismcore.dll
.dll regsvr32 windows:10 windows x64 arch:x64

4a52406f2d12ff5ef0fe82d347319c35

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:9c:c3:21:be:4d:e4:7d:3d:4c:72:fa:7b:ea:f3:63:b7:d3:50:cf:87:26:a3:88:06:49:42:4a:10:33:b8:9d
Signer

Actual PE Digest

88:9c:c3:21:be:4d:e4:7d:3d:4c:72:fa:7b:ea:f3:63:b7:d3:50:cf:87:26:a3:88:06:49:42:4a:10:33:b8:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

DismCore.pdb

Imports

msvcrt

_vsnprintf
strrchr
_wtoi
fclose
wcstok_s
towlower
swscanf_s
_vscprintf
vsprintf_s
wcsstr
wcsncmp
_wcsnicmp
_vsnwprintf
iswctype
_wfopen
fgetws
feof
iswalpha
memcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcsncpy_s
wcscat_s
calloc
memmove_s
memcpy_s
_purecall
_wcsicmp
wcsrchr
wcschr
vswprintf_s
_vscwprintf
wcscpy_s
malloc
_resetstkoflw
free
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
memset

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityDescriptorDacl
EqualSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
GetTokenInformation
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
OpenProcessToken
OpenThreadToken

kernel32

EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
MultiByteToWideChar
GetTempPathW
GetModuleHandleExW
FreeLibrary
Wow64RevertWow64FsRedirection
SetEvent
GetModuleFileNameW
GetModuleHandleW
GetNativeSystemInfo
Wow64DisableWow64FsRedirection
CopyFileExW
CreateEventW
HeapFree
GetProcessHeap
WaitForSingleObject
TerminateProcess
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
GetProcAddress
LoadLibraryExW
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
CompareStringW
GetEnvironmentVariableW
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
TlsFree
TlsGetValue
ExitProcess
GetFileSize
GetLocalTime
TlsAlloc
TlsSetValue
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetVersionExW
SetLastError
SearchPathW
SetFilePointer
ReadFile
DuplicateHandle
GetFileAttributesW
GetSystemDirectoryW
GetSystemInfo
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
FormatMessageW
SetFileAttributesW
MoveFileExW
GetSystemTime
FindClose
FindNextFileW
FindFirstFileW
VirtualProtect
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetFileInformationByHandle
CreateDirectoryW
LocalFree
GetCurrentThread
GetFullPathNameW
GetTempFileNameW
CloseHandle
CreateFileW
SetThreadUILanguage
GetLastError
DeleteCriticalSection
FormatMessageA
VirtualQuery
GetModuleFileNameA
WriteFile
CreateMutexW
CreateMutexA
ReleaseMutex
GetVersion
CreateFileA
DeleteFileA
DeleteFileW
CreateFileMappingA
DebugBreak
GetModuleHandleExA
GetFileSizeEx
GetWindowsDirectoryW
IsDebuggerPresent
FlushFileBuffers
GetFileInformationByHandleEx
DeviceIoControl
SetFileInformationByHandle
GetLongPathNameW
GetFinalPathNameByHandleW
GetCurrentDirectoryW
GetDriveTypeW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessW
GetExitCodeProcess
GetCurrentProcess
LoadLibraryExA

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoSetProxyBlanket
CoRegisterPSClsid

user32

LoadStringW
CharNextW

oleaut32

LoadTypeLibEx
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
VariantInit
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
SetErrorInfo
CreateErrorInfo
GetErrorInfo
UnRegisterTypeLi
RegisterTypeLi

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
NtSetInformationFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/dismcoreps.dll
.dll regsvr32 windows:10 windows x64 arch:x64

70198dcb51b0ecd285a581030c4f37a8

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:88:92:45:12:c2:c0:e1:87:0f:21:18:e8:5d:d6:9d:31:b7:a3:b0:5c:b3:b5:18:b4:a2:9c:b2:cd:6d:6e:54
Signer

Actual PE Digest

5d:88:92:45:12:c2:c0:e1:87:0f:21:18:e8:5d:d6:9d:31:b7:a3:b0:5c:b3:b5:18:b4:a2:9c:b2:cd:6d:6e:54

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DismCorePS.pdb

Imports

msvcrt

_XcptFilter
_initterm
malloc
free
_amsg_exit
__C_specific_handler
memcmp

oleaut32

BSTR_UserUnmarshal64
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserFree
BSTR_UserSize
BSTR_UserMarshal64
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize64
BSTR_UserSize64

rpcrt4

NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
NdrStubCall3
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
CStdStubBuffer_Invoke

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetDismInterfaces
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/dismprov.dll
.dll regsvr32 windows:10 windows x64 arch:x64

5142a12c17e1b90ade7106e621765104

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ff:a8:fb:57:4a:e9:8c:fc:4e:92:37:b2:7b:fd:35:e4:5b:ca:43:1d:9c:b1:fb:f1:2b:64:2c:74:ce:7b:f6:0b
Signer

Actual PE Digest

ff:a8:fb:57:4a:e9:8c:fc:4e:92:37:b2:7b:fd:35:e4:5b:ca:43:1d:9c:b1:fb:f1:2b:64:2c:74:ce:7b:f6:0b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

DISMProv.pdb

Imports

msvcrt

strrchr
iswctype
_wcsicmp
_vsnwprintf
wcschr
_wcsnicmp
wcsncmp
_vsnprintf
fclose
vsprintf_s
_vscprintf
swscanf_s
_wtoi
towlower
feof
__RTDynamicCast
wcstok_s
fgetws
_wfopen
memcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcscat_s
wcscpy_s
wcsrchr
memmove_s
_purecall
vswprintf_s
_vscwprintf
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap
RtlFreeHeap

oleaut32

VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringLen
VarUI4FromStr
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
RegisterTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
UnRegisterTypeLi

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegQueryValueExW
SetSecurityDescriptorDacl
EqualSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey

kernel32

GetCurrentThread
IsDebuggerPresent
GetWindowsDirectoryW
GetFileSizeEx
DebugBreak
CreateFileMappingA
DeleteFileA
CreateFileA
GetVersion
ReleaseMutex
TlsSetValue
UnmapViewOfFile
TlsAlloc
GetLocalTime
GetFileSize
ExitProcess
TlsGetValue
TlsFree
FormatMessageA
CreateFileMappingW
MapViewOfFile
VirtualQuery
GetModuleFileNameA
WriteFile
SetFilePointer
CreateMutexW
GetModuleHandleExA
CreateFileW
GetLastError
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetModuleHandleExW
LockResource
CompareStringW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
GetEnvironmentVariableW
WideCharToMultiByte
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SetLastError
DeviceIoControl
GetFileAttributesW
GetTempFileNameW
DeleteFileW
FlushFileBuffers
GetFullPathNameW
ExpandEnvironmentStringsW
WaitForSingleObject
FormatMessageW
LocalFree
CreateMutexA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
StringFromGUID2
CoCreateInstance
CoRegisterPSClsid
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemFree

user32

CharNextW

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/en-us/VHDProvider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/en-us/dism.exe.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/en-us/dismapi.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/en-us/dismcore.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/en-us/dismprov.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/en-us/ffuprovider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/en-us/folderprovider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/en-us/imagingprovider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/en-us/logprovider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/en-us/siloedpackageprovider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/en-us/wimgapi.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/en-us/wimprovider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/ffuprovider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

c5919438dc502f8cf53faf4d188288a6

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:18:7a:ff:56:44:36:c7:0d:90:bc:46:d2:41:f9:e8:12:76:3e:b1:5e:e5:0f:57:30:ba:05:0f:bb:76:9a:2d
Signer

Actual PE Digest

26:18:7a:ff:56:44:36:c7:0d:90:bc:46:d2:41:f9:e8:12:76:3e:b1:5e:e5:0f:57:30:ba:05:0f:bb:76:9a:2d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

FfuProvider.pdb

Imports

msvcrt

wcstoul
wcsrchr
swscanf
_vsnprintf
iswspace
wcscmp
_wcsnicmp
strchr
__RTDynamicCast
memcmp
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_unlock
_lock
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
malloc
_wcsicmp
_purecall
wcschr
wcstol
_vsnwprintf
_vscwprintf
memmove_s
memcpy_s
vswprintf_s
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
_stricmp
__CxxFrameHandler3

ntdll

RtlDowncaseUnicodeChar
DbgPrintEx
NtYieldExecution
RtlRaiseStatus
NtOpenFile
NtWaitForSingleObject
RtlCaptureContext
RtlLookupFunctionEntry
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationFile
RtlExpandEnvironmentStrings
NtClose
RtlReAllocateHeap
NtReadFile
NtSetInformationFile
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
NtWriteFile
RtlFreeHeap
RtlAllocateHeap
RtlRandom
RtlNumberOfSetBits
RtlFindSetBits
RtlAreBitsClear
RtlSetBits
RtlClearAllBits
RtlVirtualUnwind
RtlInitializeBitMap

advapi32

RegEnumKeyExW
RegUnLoadKeyW
RegLoadKeyW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegFlushKey
RegEnumKeyW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

kernel32

GetQueuedCompletionStatus
PostQueuedCompletionStatus
DeleteFileW
GetFirmwareEnvironmentVariableW
GetDiskFreeSpaceW
GetVolumePathNameW
GetFileTime
InitializeCriticalSectionAndSpinCount
LCIDToLocaleName
SetFilePointer
FreeLibrary
GetVolumeInformationByHandleW
CopyFileW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetOverlappedResult
DeviceIoControl
CreateEventW
CreateIoCompletionPort
GetSystemInfo
TrySubmitThreadpoolCallback
WaitForSingleObject
QueryPerformanceFrequency
SetEvent
HeapFree
GetModuleHandleExW
HeapAlloc
GetProcAddress
GetProcessHeap
SetLastError
GetModuleHandleW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
LoadLibraryExW
InitializeCriticalSection
SetThreadUILanguage
SizeofResource
LockResource
LoadResource
DeleteVolumeMountPointW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
GetFileAttributesW
CompareStringW
CreateFileW
GetFileSizeEx
WriteFile
ReadFile
CloseHandle
GetTempPathW
CreateDirectoryW
RemoveDirectoryW
HeapSize
HeapReAlloc
HeapDestroy
MultiByteToWideChar
WideCharToMultiByte
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
VirtualQuery
FindClose
FindFirstFileW
SetFileAttributesW
FindNextFileW
LCMapStringW
GetDriveTypeW
CopyFileExW
CreateMutexW
GetCurrentThread
SetFilePointerEx
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
ReleaseMutex
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
GetSystemFirmwareTable
FormatMessageW
SearchPathW
GetVersionExW
UnmapViewOfFile
GetFullPathNameW
LocalAlloc
GetFileSize
LocalFree
FindResourceExW
MapViewOfFile
CreateFileMappingW
AcquireSRWLockExclusive

ole32

CoCreateGuid
CoCreateInstance
StringFromGUID2
CoTaskMemFree
ProgIDFromCLSID
CoSetProxyBlanket
CoInitializeEx
CoUninitialize

user32

LoadStringW
CharLowerBuffW
CharNextW

oleaut32

VariantClear
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
VarBstrCmp
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
VariantInit
RegisterTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
SysStringByteLen
GetErrorInfo

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

bcrypt

BCryptGetProperty
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptFinishHash

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 456KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/folderprovider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

bc5b90969edd4db30a52eea7341f792a

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:4c:37:d2:13:43:df:2a:82:6c:1a:31:4a:3d:75:5c:91:9e:c0:e6:8c:d2:39:1d:b1:fa:76:bc:f6:d3:a2:c0
Signer

Actual PE Digest

19:4c:37:d2:13:43:df:2a:82:6c:1a:31:4a:3d:75:5c:91:9e:c0:e6:8c:d2:39:1d:b1:fa:76:bc:f6:d3:a2:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

FolderProvider.pdb

Imports

msvcrt

wcsncmp
_wcsnicmp
wcschr
memcmp
??3@YAXPEAX@Z
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
memmove_s
memcpy_s
_purecall
vswprintf_s
_vscwprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??1type_info@@UEAA@XZ

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

kernel32

SetLastError
GetFileAttributesW
GetFullPathNameW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount

ole32

CoCreateInstance
StringFromGUID2

user32

CharNextW

oleaut32

UnRegisterTypeLi
SysAllocStringLen
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
SysStringLen
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/imagingprovider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

129cb66b05bd7493d29b56e362d15bfb

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:58:a5:3b:04:a4:4c:98:29:86:af:86:e7:76:5f:a2:1f:b8:d0:04:04:44:ab:52:72:9b:e8:de:2d:a4:12:86
Signer

Actual PE Digest

2d:58:a5:3b:04:a4:4c:98:29:86:af:86:e7:76:5f:a2:1f:b8:d0:04:04:44:ab:52:72:9b:e8:de:2d:a4:12:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

ImagingProvider.pdb

Imports

msvcrt

_amsg_exit
_initterm
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memcmp
__RTDynamicCast
_XcptFilter
_vsnwprintf
iswalpha
towlower
wcschr
_snwscanf_s
wcsrchr
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_unlock
_lock
malloc
calloc
memmove_s
memcpy_s
_purecall
_wcsicmp
vswprintf_s
_vscwprintf
_wtoi64
wcstoul
_wcsnicmp
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
memset

ntdll

VerSetConditionMask
RtlVerifyVersionInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

kernel32

FreeLibrary
SearchPathW
GetVersionExW
UnmapViewOfFile
CreateFileW
MapViewOfFile
CreateFileMappingW
SetLastError
CloseHandle
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetLocaleInfoW
GetNumberFormatW
HeapAlloc
GetProcessHeap
HeapFree
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CompareStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapDestroy
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
SetThreadUILanguage
FormatMessageW
LocalFree

ole32

CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2

user32

LoadStringW
CharNextW
CharLowerBuffW

oleaut32

SetErrorInfo
GetErrorInfo
VariantClear
SysAllocStringLen
CreateErrorInfo
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SysStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/logprovider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

30f6c604c14b73bc2e1ce221ecddd6ce

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:6f:e1:10:bb:80:61:a2:a2:cf:9b:e0:13:fb:b2:e4:e5:6b:cd:56:f6:09:a4:01:d8:7a:ba:0c:a6:e8:87:ad
Signer

Actual PE Digest

77:6f:e1:10:bb:80:61:a2:a2:cf:9b:e0:13:fb:b2:e4:e5:6b:cd:56:f6:09:a4:01:d8:7a:ba:0c:a6:e8:87:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

LogProvider.pdb

Imports

msvcrt

_amsg_exit
_XcptFilter
memmove
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
memcmp
_onexit
_initterm
wcsrchr
vsprintf_s
_vscprintf
??1type_info@@UEAA@XZ
swscanf_s
wcsncmp
_wcsnicmp
_wcsicmp
wcschr
towlower
strrchr
iswctype
fclose
_wtoi
wcstok_s
_wfopen
fgetws
feof
_vsnwprintf
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
calloc
memmove_s
memcpy_s
_purecall
vswprintf_s
_vscwprintf
_vsnprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlFreeHeap
RtlAllocateHeap

oleaut32

SysAllocStringLen
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
SysStringLen
SystemTimeToVariantTime
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
VariantTimeToSystemTime
RegisterTypeLi

advapi32

SetSecurityDescriptorDacl
EqualSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegQueryValueExW
FreeSid
CheckTokenMembership
RegQueryInfoKeyW
AllocateAndInitializeSid
RegOpenKeyExW
RegCloseKey

kernel32

SetFilePointer
WriteFile
GetModuleFileNameA
SearchPathW
FreeLibrary
CreateMutexW
CreateMutexA
ReleaseMutex
GetVersion
DeleteFileA
CreateFileMappingA
DebugBreak
GetModuleHandleExA
GetFileSizeEx
GetWindowsDirectoryW
IsDebuggerPresent
GetVersionExW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
FormatMessageA
TlsFree
TlsGetValue
ExitProcess
GetFileSize
TlsSetValue
TlsAlloc
CreateFileA
FormatMessageW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
SetThreadUILanguage
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
HeapAlloc
GetProcessHeap
OutputDebugStringA
HeapFree
CreateDirectoryW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapDestroy
GetEnvironmentVariableW
MultiByteToWideChar
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
CloseHandle
LocalFree
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetTempFileNameW
GetFullPathNameW
GetCurrentThread
WaitForSingleObject
GetFileAttributesW
SetLastError
DeviceIoControl
DeleteFileW
FlushFileBuffers
GetLocalTime

ole32

CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2

user32

LoadStringW
CharNextW

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/pkgmgr.exe
.exe windows:10 windows x64 arch:x64

419050b5e7ba000b4cfab9bfcb293dfa

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:4a:3d:27:29:41:c1:f9:b5:5c:13:f2:5d:f3:24:44:79:4e:bc:bb:02:d8:d3:98:4f:cf:f7:2e:a1:a0:cd:5d
Signer

Actual PE Digest

05:4a:3d:27:29:41:c1:f9:b5:5c:13:f2:5d:f3:24:44:79:4e:bc:bb:02:d8:d3:98:4f:cf:f7:2e:a1:a0:cd:5d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

pkgmgr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
memmove
_o__wcsnicmp
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___p__commode
_o___p___wargv
_o___p___argc
wcsstr
wcschr
wcsrchr
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
memset

api-ms-win-core-file-l1-1-0

FindNextFileW
FindFirstFileW
CompareFileTime
FindClose
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
GetFullPathNameW
CreateFileW
GetFileAttributesW
GetFileAttributesExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetErrorMode

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
TerminateProcess
CreateProcessW
GetCurrentProcessId
OpenProcessToken
GetExitCodeProcess
DeleteProcThreadAttributeList

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

api-ms-win-eventing-consumer-l1-1-0

CloseTrace

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapDestroy
HeapSize

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSRWLockShared
InitializeCriticalSectionEx
CreateMutexExW
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
AcquireSRWLockShared
DeleteCriticalSection
OpenSemaphoreW
ReleaseMutex
WaitForSingleObject

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW
CopyFileW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
DebugBreak
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-com-l1-1-0

CoCreateGuid
StringFromGUID2
CoGetMalloc

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l2-1-0

RegOpenKeyTransactedW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

user32

MessageBoxW

ntdll

RtlFreeHeap
RtlRaiseStatus
NtClose
DbgPrintEx

api-ms-win-core-file-l1-2-0

GetTempPathW

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/siloedpackageprovider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

1b6cfcd37d81b7bb357666ece0bdeb00

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:53:50:60:ce:b9:36:61:b5:a0:f3:14:03:5f:57:49:86:ef:93:a3:08:73:68:80:60:01:03:2c:62:a7:44:cb
Signer

Actual PE Digest

cd:53:50:60:ce:b9:36:61:b5:a0:f3:14:03:5f:57:49:86:ef:93:a3:08:73:68:80:60:01:03:2c:62:a7:44:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

SiloedPackageProvider.pdb

Imports

msvcrt

__RTDynamicCast
memcmp
_vsnwprintf
wcsrchr
??3@YAXPEAX@Z
_onexit
__dllonexit
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_unlock
_lock
malloc
_stricmp
calloc
memmove_s
memcpy_s
_purecall
_wcsicmp
vswprintf_s
_vscwprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??1type_info@@UEAA@XZ
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

kernel32

SetLastError
SearchPathW
GetVersionExW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualProtect
LoadLibraryExA
VirtualQuery
GetSystemInfo
CloseHandle
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
SetThreadUILanguage
FormatMessageW
LocalFree
CreateFileW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
FreeLibrary

ole32

CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2

user32

LoadStringW
UnregisterClassA
CharLowerBuffW
CharNextW

oleaut32

UnRegisterTypeLi
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantClear
SysAllocStringLen
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
SysStringLen
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/ssshim.dll
.dll windows:10 windows x64 arch:x64

d0f6e2501bd35d196e0e868ed32ff584

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:88:54:b8:15:f3:28:95:c8:ed:df:ab:ef:0b:d6:9b:6f:82:6b:56:24:ca:67:50:fe:85:c9:d3:2c:08:e4:3a
Signer

Actual PE Digest

7e:88:54:b8:15:f3:28:95:c8:ed:df:ab:ef:0b:d6:9b:6f:82:6b:56:24:ca:67:50:fe:85:c9:d3:2c:08:e4:3a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ssshim.pdb

Imports

ntdll

__C_specific_handler
LdrLockLoaderLock
LdrUnlockLoaderLock
RtlRaiseStatus
NtQueryAttributesFile
RtlPcToFileHeader
NtOpenKey
NtQueryValueKey
LdrLoadDll
LdrUnloadDll
NtQueryPerformanceCounter
NtClose
RtlAllocateHeap
RtlFreeHeap
NtOpenFile
NtQueryDirectoryFile
NtCreateFile
NtQueryInformationFile
NtReadFile
NtWriteFile
NtSetInformationFile
RtlRaiseException
NtQueryObject
NtQueryInformationProcess
NtOpenProcess
NtDelayExecution
RtlInitString
LdrGetProcedureAddress
RtlQueryEnvironmentVariable_U
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlUpcaseUnicodeChar
RtlDowncaseUnicodeChar
DbgPrintEx
RtlReAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlTimeToTimeFields
RtlDeleteCriticalSection
RtlEnterCriticalSection
strncmp
RtlInitializeCriticalSection
RtlLeaveCriticalSection
_snprintf_s
RtlDosPathNameToNtPathName_U
wcstoul
LdrGetDllHandleEx
DbgPrint
RtlCreateUnicodeStringFromAsciiz
NtQuerySystemTime
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
memmove
memcmp
memcpy
memset

Exports

Exports

SssBindServicingStack
SssGetServicingStackFilePath
SssGetServicingStackFilePathLength
SssGetServicingStackVersion
SssPreloadDownlevelDependencies
SssReleaseServicingStack

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/vhdprovider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

8de4d73c252052e301c1707d37c0aebd

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:0d:e5:bf:c7:8a:2f:f5:11:bb:f3:f8:3b:76:0a:85:d6:43:74:f1:19:3c:51:2d:08:5d:03:61:30:ba:97:d9
Signer

Actual PE Digest

54:0d:e5:bf:c7:8a:2f:f5:11:bb:f3:f8:3b:76:0a:85:d6:43:74:f1:19:3c:51:2d:08:5d:03:61:30:ba:97:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

VhdProvider.pdb

Imports

msvcrt

_amsg_exit
_XcptFilter
towlower
??1type_info@@UEAA@XZ
__dllonexit
_onexit
??3@YAXPEAX@Z
_snwscanf_s
_wcsnicmp
_wtoi
towupper
memcmp
iswspace
_initterm
wcsrchr
_unlock
_lock
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
wcstoul
_vsnwprintf_s
iswalpha
wcsncmp
iswctype
_callnewh
malloc
?terminate@@YAXXZ
_wcsupr
wcstok_s
_stricmp
_purecall
wcsncpy_s
wcscat_s
__C_specific_handler
calloc
_wcsicmp
wcsstr
_vsnwprintf
_vscwprintf
memmove_s
memcpy_s
vswprintf_s
free
wcscpy_s
??_V@YAXPEAX@Z
__CxxFrameHandler3
wcschr
memset

advapi32

OpenThreadToken
OpenProcessToken
RegDeleteKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteTreeW
AdjustTokenPrivileges
RegLoadKeyW
RegUnLoadKeyW
RegEnumKeyExW
DuplicateTokenEx
SetThreadToken
RegGetValueW
RegFlushKey
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

kernel32

WriteFile
GetFileTime
SetFilePointerEx
GetFileSizeEx
ReadFile
VerSetConditionMask
UnlockFileEx
LockFileEx
LoadLibraryW
SetEndOfFile
FreeLibrary
CloseHandle
SizeofResource
LockResource
LoadResource
FindResourceExW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
GetLastError
HeapFree
GetProcessHeap
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
Sleep
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
HeapAlloc
LoadLibraryExW
GetProcAddress
DeleteVolumeMountPointW
GetFileAttributesW
SetFileAttributesW
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteFileW
GetVolumePathNamesForVolumeNameW
SetLastError
MultiByteToWideChar
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RtlCompareMemory
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetModuleHandleW
InitializeCriticalSection
SetThreadUILanguage
CompareStringW
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSectionEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo
CopyFileExW
GetDiskFreeSpaceW
GetTempPathW
GetDriveTypeW
DeviceIoControl
GetLogicalDrives
CreateThread
FindClose
FindNextFileW
FindFirstFileW
GetVolumePathNameW
GetFileInformationByHandle
GetCurrentThread
GetFullPathNameW
GetVolumeInformationW
LocalFree
VirtualQuery
LoadLibraryExA
VirtualProtect
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
VirtualFree
VirtualAlloc
GetSystemDirectoryW
GetDiskFreeSpaceExW
SearchPathW
GetVersionExW
UnmapViewOfFile
LCIDToLocaleName
CreateFileMappingW
MapViewOfFile
SetFilePointer
GetModuleHandleExW
DeleteCriticalSection
FormatMessageW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID
CoTaskMemFree
CoInitializeEx

user32

CharNextW
LoadStringW

oleaut32

SysStringLen
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
SysAllocStringLen
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
SetErrorInfo
SysFreeString
CreateErrorInfo
SysAllocString
VariantClear
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi

ntdll

RtlDowncaseUnicodeChar
DbgPrintEx
NtQueryObject
RtlCompareUnicodeString
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtUnloadKey2
RtlAdjustPrivilege
NtYieldExecution
RtlRaiseStatus
NtOpenFile
RtlReAllocateHeap
RtlSetThreadErrorMode
RtlGetThreadErrorMode
RtlVerifyVersionInfo
RtlFreeHeap
RtlAllocateHeap
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosError
NtQueryDirectoryObject
NtOpenDirectoryObject
NtClose
RtlInitUnicodeString

rpcrt4

UuidToStringW
I_RpcMapWin32Status
UuidCreate
RpcStringFreeW

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 392KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/wimgapi.dll
.dll windows:10 windows x64 arch:x64

9024f54b8ad9560a49127570f52edb39

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:16:40:5e:42:24:55:42:d6:be:e5:f3:d7:d6:a6:f1:ec:3d:d5:f4:d1:10:17:42:d8:47:3f:b5:21:bc:b2:b4
Signer

Actual PE Digest

ef:16:40:5e:42:24:55:42:d6:be:e5:f3:d7:d6:a6:f1:ec:3d:d5:f4:d1:10:17:42:d8:47:3f:b5:21:bc:b2:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

wimgapi.pdb

Imports

msvcrt

wcsncmp
qsort
_wcsnicmp
wcsnlen
wcsstr
_vsnwprintf
_wtoi
swscanf_s
_wcsupr
_wcsicmp
wcstoul
memmove
_onexit
__dllonexit
_unlock
_lock
wcschr
_initterm
malloc
free
_amsg_exit
strncpy_s
wcstok_s
memcpy
memcmp
_callnewh
_vscwprintf
_purecall
iswspace
memmove_s
_wcstoi64
memcpy_s
_strnicmp
towupper
towlower
strcpy_s
_wcslwr
__C_specific_handler
_wcsrev
_XcptFilter
wcsrchr
memset

kernel32

LocalFree
CompareStringW
GetLastError
GetDriveTypeW
RemoveDirectoryW
HeapAlloc
LocalAlloc
CloseHandle
GetFileInformationByHandle
GetSystemDirectoryW
CreateFileW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetTempPathW
GetTempFileNameW
GetFileSize
SetFilePointer
ReadFile
DeleteFileW
DeleteCriticalSection
GetSystemInfo
SetLastError
SetThreadIdealProcessor
GetCurrentThread
GetEnvironmentVariableW
GetOverlappedResult
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
CreateDirectoryW
WriteFile
SetEndOfFile
CreateEventW
LockFileEx
UnlockFileEx
GetFileSizeEx
DeviceIoControl
HeapReAlloc
GetHandleInformation
WaitForSingleObject
CreateMutexW
GetModuleHandleExW
GetModuleFileNameW
FormatMessageW
ReleaseMutex
WideCharToMultiByte
GetProcessHeap
SetFilePointerEx
GetCurrentDirectoryW
OpenProcess
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
GlobalMemoryStatusEx
GetFinalPathNameByHandleW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
ExpandEnvironmentStringsW
OpenEventW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetPrivateProfileSectionW
GetLongPathNameW
WaitForMultipleObjects
ReleaseSemaphore
SetEvent
CreateSemaphoreW
CreateThread
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LCIDToLocaleName
CopyFileExW
SetFileInformationByHandle
GetFileInformationByHandleEx
WaitForMultipleObjectsEx
ResetEvent
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
Sleep
GetLogicalDriveStringsW
Wow64DisableWow64FsRedirection
CreateProcessW
GetExitCodeProcess
Wow64RevertWow64FsRedirection
CreateSemaphoreExW
MultiByteToWideChar
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
DisableThreadLibraryCalls
HeapFree
InitializeCriticalSection
GetModuleHandleW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
LoadLibraryW
GetVolumePathNamesForVolumeNameW

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptCloseAlgorithmProvider

fltlib

FilterSendMessage
FilterAttach
FilterConnectCommunicationPort
FilterLoad

cabinet

ord22
ord20
ord23

advapi32

LookupPrivilegeValueW
SetThreadToken
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAccessAllowedAceEx
RegDeleteKeyExW
RevertToSelf
GetSecurityDescriptorLength
GetSecurityInfo
FreeSid
SetSecurityDescriptorDacl
EqualSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegUnLoadKeyW
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegLoadKeyW
RegCloseKey
RegOpenKeyExW

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

user32

CharUpperW

ntdll

RtlInitializeResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
RtlDeleteResource
NtQuerySecurityObject
RtlRaiseStatus
RtlDosPathNameToNtPathName_U_WithStatus
RtlInitializeCriticalSection
DbgPrintEx
NtUnloadKey2
RtlReAllocateHeap
NtYieldExecution
RtlDowncaseUnicodeChar
RtlGetVersion
NtSetSecurityObject
RtlFindAceByType
RtlSetControlSecurityDescriptor
RtlInitUnicodeString
RtlImpersonateSelf
NtQueryVolumeInformationFile
NtCreateFile
NtQueryEaFile
NtQueryInformationProcess
NtQueryInformationFile
RtlGetLastNtStatus
NtSetInformationFile
RtlSetIoCompletionCallback
RtlFreeHeap
NtClose
NtQueryDirectoryFile
RtlAllocateHeap
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlAdjustPrivilege
RtlNtStatusToDosError
NtSetEaFile

rpcrt4

UuidCreate
RpcBindingFree
I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW
RpcBindingSetAuthInfoW
UuidFromStringW
NdrClientCall3
RpcStringBindingComposeW
RpcBindingFromStringBindingW

Exports

Exports

DllCanUnloadNow
DllMain
WIMAddImagePath
WIMAddImagePaths
WIMAddWimbootEntry
WIMApplyImage
WIMCaptureImage
WIMCloseHandle
WIMCommitImageHandle
WIMCopyFile
WIMCreateFile
WIMCreateImageFile
WIMCreateWofCompressedFile
WIMDeleteImage
WIMDeleteImageMounts
WIMEnumImageFiles
WIMExportImage
WIMExtractImageDirectory
WIMExtractImagePath
WIMExtractImagePathByWimHandle
WIMFindFirstImageFile
WIMFindNextImageFile
WIMGetAttributes
WIMGetImageCount
WIMGetImageInformation
WIMGetMessageCallbackCount
WIMGetMountedImageHandle
WIMGetMountedImageInfo
WIMGetMountedImageInfoFromHandle
WIMGetMountedImages
WIMGetWIMBootEntries
WIMGetWIMBootWIMPath
WIMGetWimFileSize
WIMInitFileIOCallbacks
WIMInitializeWofDriver
WIMIsCurrentSystemWimboot
WIMIsReferenceWim
WIMLoadImage
WIMLoadOSInformation
WIMMountImage
WIMMountImageHandle
WIMProcessCustomImage
WIMReadFileEx
WIMReadImageFile
WIMRedirectFolderBeforeApply
WIMRegisterLogFile
WIMRegisterMessageCallback
WIMRemountImage
WIMSetBootImage
WIMSetCachedSigningLevel
WIMSetFileIOCallbackTemporaryPath
WIMSetImageInformation
WIMSetImageUserSpecifiedCreationTime
WIMSetReferenceFile
WIMSetTemporaryPath
WIMSetWimGuid
WIMSingleInstanceFile
WIMSplitFile
WIMUnmountImage
WIMUnmountImageHandle
WIMUnregisterLogFile
WIMUnregisterMessageCallback
WIMUpdateWIMBootEntry
WIMWriteFileWithIntegrity

Sections

.text
Size: 628KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/wimmount.sys
.sys windows:10 windows x64 arch:x64

16c64541f99f79aa06cfab320e53ad39

Code Sign

33:00:00:05:df:c4:fb:7c:27:99:2d:e4:48:00:00:00:00:05:df
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:6c:4b:c2:95:0e:b4:ce:1d:0a:8f:70:38:8c:be:4f:88:d6:f0:1f:c1:10:ba:02:b7:8a:89:95:1e:1f:73:1d
Signer

Actual PE Digest

30:6c:4b:c2:95:0e:b4:ce:1d:0a:8f:70:38:8c:be:4f:88:d6:f0:1f:c1:10:ba:02:b7:8a:89:95:1e:1f:73:1d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wimmount.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
KeBugCheckEx
RtlCompareMemory
ZwOpenProcess
ProbeForRead
ZwClose
ExEventObjectType
TmTransactionObjectType
ZwCreateEvent
ProbeForWrite
ObOpenObjectByPointer
PsProcessType
KeWaitForMultipleObjects
RtlAppendUnicodeStringToString
__C_specific_handler
ExInitializeResourceLite
KeWaitForSingleObject
KeInitializeEvent
RtlCompareUnicodeString
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
IoGetTopLevelIrp
RtlGetVersion
ObReferenceObjectByHandle
KeSetEvent
PsGetCurrentProcessId
ExDeletePagedLookasideList
IoFileObjectType
ExQueryDepthSList
RtlInitUnicodeString
ExInitializePagedLookasideList
ExpInterlockedPushEntrySList
ObfDereferenceObject
ExDeleteResourceLite
ExpInterlockedPopEntrySList
ZwDuplicateObject

fltmgr.sys

FltSetCallbackDataDirty
FltAcquireResourceShared
FltGetVolumeFromFileObject
FltSendMessage
FltObjectReference
FltObjectDereference
FltCloseClientPort
FltGetVolumeName
FltCreateFileEx2
FltEnumerateInstances
FltFreeSecurityDescriptor
FltCloseCommunicationPort
FltGetRequestorProcessId
FltGetDiskDeviceObject
FltClose
FltSetStreamContext
FltDeleteStreamContext
FltReissueSynchronousIo
FltStartFiltering
FltGetStreamContext
FltReleaseFileNameInformation
FltQueryInformationFile
FltFsControlFile
FltGetFileNameInformation
FltIsDirectory
FltAcquireResourceExclusive
FltSetInformationFile
FltReleaseContext
FltCreateCommunicationPort
FltReleaseResource
FltBuildDefaultSecurityDescriptor
FltCreateFile
FltGetRoutineAddress
FltUntagFile
FltAllocateContext
FltRegisterFilter
FltUnregisterFilter

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 870B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/wimprovider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

8156d4d5cd0118f0aca150c6c5d9670d

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:25:7c:be:4a:2e:e1:72:10:cf:6c:24:0f:52:65:5b:8d:9e:f9:12:f2:f6:c5:5f:8a:94:2a:d4:26:06:ae:46
Signer

Actual PE Digest

45:25:7c:be:4a:2e:e1:72:10:cf:6c:24:0f:52:65:5b:8d:9e:f9:12:f2:f6:c5:5f:8a:94:2a:d4:26:06:ae:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

WimProvider.pdb

Imports

msvcrt

wcstok_s
_vsnwprintf_s
_vsnprintf_s
towupper
_wtoi64
iswspace
iswalpha
_wcsnicmp
wcsstr
memset
wcspbrk
__RTDynamicCast
memcmp
_errno
_onexit
__dllonexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_unlock
_lock
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
_callnewh
malloc
_wcsicmp
wcstoul
_vsnwprintf
wcsncmp
wcschr
wcscat_s
calloc
_wtol
wcscpy_s
wcsncpy_s
memmove_s
wcsrchr
free
_stricmp
_vscwprintf
_strnicmp
_purecall
vswprintf_s
memcpy_s
??_V@YAXPEAX@Z
__C_specific_handler
__CxxFrameHandler3
??3@YAXPEAX@Z

advapi32

EventActivityIdControl
EventWriteTransfer
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
EventRegister
EventUnregister

kernel32

CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
GetModuleFileNameA
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetVersionExW
SearchPathW
WaitForSingleObject
IsDebuggerPresent
ReadFile
WriteFile
RemoveDirectoryW
DebugBreak
SizeofResource
SetLastError
EnterCriticalSection
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
OutputDebugStringW
LockResource
FindResourceExW
LoadResource
DeleteCriticalSection
GetCurrentProcessId
LocalAlloc
LoadLibraryExW
HeapFree
GetProcessHeap
GetFullPathNameW
HeapReAlloc
HeapAlloc
GetLastError
CompareStringW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
LocalFree
DeleteFileW
GetLocaleInfoW
GetNumberFormatW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
SystemTimeToFileTime
FindFirstFileNameW
FindNextFileNameW
FindClose
HeapSize
HeapDestroy
Sleep
InitializeCriticalSectionEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CloseHandle
GetPrivateProfileSectionW
CreateFileW
FormatMessageW
SetThreadUILanguage
CreateEventW
GetOverlappedResult
LoadLibraryW
GetVolumePathNamesForVolumeNameW
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemInfo
VirtualQuery
CreateDirectoryW
GetFileInformationByHandle
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
FindFirstFileW
FindNextFileW
GetModuleHandleW
DeviceIoControl
GetDriveTypeW
GetFinalPathNameByHandleW
SetFileAttributesW
GetFileAttributesW

ole32

CoTaskMemFree
CLSIDFromString
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID

user32

CharNextW
LoadStringW
CharUpperW
CharLowerBuffW

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
VariantTimeToSystemTime
VarDateFromStr
VarBstrCmp
VariantClear
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi

xmllite

CreateXmlWriter
CreateXmlReader

profapi

ord104

ntdll

RtlReAllocateHeap
RtlRaiseStatus
NtYieldExecution
DbgPrintEx
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 428KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/wimserv.exe
.exe windows:10 windows x64 arch:x64

33e7eaaaf2ad66180608acdd4e11da13

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:fe:b1:fc:b7:da:65:d0:ca:56:cd:15:67:32:92:6b:11:ee:d9:34:56:6e:dd:4a:58:32:46:62:9c:b7:c4:de
Signer

Actual PE Digest

d0:fe:b1:fc:b7:da:65:d0:ca:56:cd:15:67:32:92:6b:11:ee:d9:34:56:6e:dd:4a:58:32:46:62:9c:b7:c4:de

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wimserv.pdb

Imports

msvcrt

_strnicmp
wcsstr
strncpy_s
memcpy_s
strcpy_s
swscanf_s
wcsrchr
_vsnwprintf
_wcsicmp
_vscwprintf
wcschr
wcsncmp
memmove_s
_wcsnicmp
towupper
iswspace
_purecall
malloc
_callnewh
free
memcmp
memcpy
memmove
_onexit
qsort
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memset

ntdll

DbgPrintEx
NtYieldExecution
RtlRaiseStatus
RtlReAllocateHeap
NtQueryEaFile
NtSetEaFile
NtSetSecurityObject
RtlFindAceByType
NtClose
RtlDosPathNameToNtPathName_U
RtlGetLastNtStatus
NtQuerySecurityObject
NtQueryVolumeInformationFile
RtlImpersonateSelf
NtQueryInformationProcess
NtCreateFile
NtSetInformationFile
NtQueryInformationFile
RtlNtStatusToDosError
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlAdjustPrivilege
RtlFreeHeap
RtlAllocateHeap
RtlSetControlSecurityDescriptor
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

WaitForMultipleObjects
CreateSemaphoreW
CreateFileMappingW
GetPrivateProfileSectionW
GetHandleInformation
UnlockFileEx
LockFileEx
UnmapViewOfFile
MultiByteToWideChar
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
SetFileTime
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RemoveDirectoryW
GetProcAddress
FreeLibrary
LoadLibraryExW
CreateDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
LoadLibraryW
ResetEvent
Sleep
GetVolumePathNamesForVolumeNameW
CreateMutexW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
GlobalMemoryStatusEx
GetCurrentProcessId
SetFileAttributesW
GetOverlappedResult
HeapAlloc
CreateThread
CloseHandle
SetEvent
GetCurrentThread
GetLastError
LocalFree
CreateFileW
GetTempPathW
CreateSemaphoreExW
DeleteCriticalSection
ReleaseSemaphore
GetModuleFileNameW
CreateEventW
WaitForMultipleObjectsEx
HeapFree
MapViewOfFile
SetLastError
SetThreadIdealProcessor
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
GetEnvironmentVariableW
FindFirstFileW
FindClose
GetVolumeInformationW
GetFileInformationByHandle
OpenProcess
DuplicateHandle
GetDriveTypeW
FindNextFileW
GetFileSizeEx
HeapReAlloc
GetModuleHandleExW
CompareStringW
FormatMessageW
LocalAlloc
WriteFile
ReleaseMutex
WideCharToMultiByte
SetFilePointer
GetLongPathNameW
GetFileInformationByHandleEx
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
ReadFile
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileAttributesW
FlushFileBuffers
GetSystemInfo
DeviceIoControl
DeleteFileW
SetFileInformationByHandle

user32

GetMessageW
DispatchMessageW
TranslateMessage
CharUpperW

rpcrt4

UuidToStringW
I_RpcMapWin32Status
RpcStringFreeW
UuidCreate
UuidFromStringW
RpcServerUseProtseqEpW
NdrServerCallAll
RpcServerRegisterIf
RpcMgmtWaitServerListen
RpcImpersonateClient
RpcRevertToSelf
RpcServerListen
NdrServerCall2
RpcServerRegisterAuthInfoW
RpcMgmtStopServerListening

fltlib

FilterConnectCommunicationPort
FilterSendMessage
FilterGetMessage
FilterReplyMessage
FilterLoad

cabinet

ord22
ord20
ord23

advapi32

GetSecurityDescriptorSacl
EqualSid
AddAccessAllowedAce
RegQueryValueExW
GetTokenInformation
RegEnumKeyExW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
SetThreadToken
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
RevertToSelf
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetAclInformation
OpenEncryptedFileRawW
WriteEncryptedFileRaw
CloseEncryptedFileRaw

bcrypt

BCryptHashData
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider

Sections

.text
Size: 460KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM10/wofadk.sys
.sys windows:10 windows x64 arch:x64

6c6e42d4b24cdef44621ff1a8ab9430d

Code Sign

33:00:00:05:df:c4:fb:7c:27:99:2d:e4:48:00:00:00:00:05:df
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:0d:33:9b:de:78:8f:7c:b6:0c:b7:36:fc:0f:3b:3f:b0:59:65:7c:6c:f8:61:55:20:2a:57:ac:57:36:c1:14
Signer

Actual PE Digest

7d:0d:33:9b:de:78:8f:7c:b6:0c:b7:36:fc:0f:3b:3f:b0:59:65:7c:6c:f8:61:55:20:2a:57:ac:57:36:c1:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wofadk.pdb

Imports

ntoskrnl.exe

ZwClose
SeLockSubjectContext
ZwQueryValueKey
SeUnlockSubjectContext
SeReleaseSubjectContext
RtlEnumerateGenericTableAvl
ExAcquireRundownProtection
RtlLookupElementGenericTableAvl
RtlFreeUnicodeString
SeTokenIsAdmin
RtlDeleteElementGenericTableAvl
RtlAppendUnicodeStringToString
KeGetCurrentIrql
KeDelayExecutionThread
ExRundownCompleted
PsGetProcessImageFileName
IoGetCurrentProcess
ProbeForRead
FsRtlValidateReparsePointBuffer
FsRtlIsNtstatusExpected
TmCurrentTransaction
RtlCompareMemory
RtlInitUnicodeString
RtlEqualUnicodeString
MmMapLockedPagesSpecifyCache
ProbeForWrite
ZwOpenKey
KeIsExecutingDpc
ExSetTimer
ExReleaseSpinLockExclusive
ExDeleteTimer
KeBugCheckEx
EtwSetInformation
ExAllocateTimer
ExTryAcquirePushLockExclusiveEx
ExReleaseSpinLockSharedFromDpcLevel
ExQueueWorkItem
ExAcquirePushLockExclusiveEx
ExReleasePushLockExclusiveEx
EtwWriteTransfer
ExReleaseSpinLockShared
ExAcquireSpinLockShared
KeSetEvent
ExAcquireSpinLockSharedAtDpcLevel
ExAcquireSpinLockExclusive
EtwUnregister
ExReleasePushLockSharedEx
ExAcquirePushLockSharedEx
EtwRegister
KeWaitForSingleObject
SeCaptureSubjectContext
MmMapViewOfSection
ExDeleteLookasideListEx
ZwDeviceIoControlFile
EtwEventEnabled
RtlCheckRegistryKey
ZwCreateSection
ZwQueryInformationThread
RtlSetBit
RtlAreBitsSet
PsInitialSystemProcess
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlRunOnceExecuteOnce
KeStackAttachProcess
KdRefreshDebuggerNotPresent
ZwSetInformationThread
ObReferenceObjectByHandle
swprintf_s
MmUnmapViewOfSection
RtlFindNextForwardRunClear
EtwWrite
IofCallDriver
RtlInitializeBitMap
ZwOpenFile
ExInitializeLookasideListEx
RtlTestBit
KeSetPriorityThread
KeUnstackDetachProcess
_i64tow_s
RtlClearAllBits
IoAllocateWorkItem
RtlAppendUnicodeToString
_wcsicmp
RtlCreateSystemVolumeInformationFolder
IoQueueWorkItemEx
IoFreeWorkItem
KeAllocateCalloutStackEx
IoGetRelatedDeviceObject
ExDeleteNPagedLookasideList
RtlGetCompressionWorkSpaceSize
KeFreeCalloutStack
ExInitializeNPagedLookasideList
KeInitializeMutex
KeReleaseMutex
RtlDecompressBufferEx
RtlDecompressFragment
KeAreAllApcsDisabled
KeInitializeDpc
KeInitializeTimerEx
RtlQueryRegistryValues
KeCancelTimer
KeFlushQueuedDpcs
KeSetCoalescableTimer
RtlCompressBuffer
KeQueryActiveProcessorCountEx
RtlInitializeGenericTableAvl
ExInitializePagedLookasideList
RtlGetVersion
MmGetSystemRoutineAddress
IoWMIRegistrationControl
MmIsThisAnNtAsSystem
KeQueryPriorityThread
KeReleaseSpinLock
__C_specific_handler
ExReleaseRundownProtection
ExAcquireFastMutex
ObfReferenceObject
ExQueryDepthSList
ExpInterlockedPushEntrySList
ExReleaseFastMutex
ExpInterlockedPopEntrySList
RtlCompareUnicodeString
ExInitializeRundownProtection
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
KeExpandKernelStackAndCalloutEx
KeInitializeEvent
ExFreePoolWithTag
ExAllocatePoolWithTag
ExDeletePagedLookasideList
RtlCopyUnicodeString
ExReInitializeRundownProtection
ExWaitForRundownProtectionRelease
ObfDereferenceObject
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
ObDereferenceObjectDeferDelete
_vsnwprintf
ZwQuerySymbolicLinkObject
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
wcscpy_s
ExAllocatePool2
strcpy_s
ZwOpenDirectoryObject
wcschr
_wcsnicmp
wcsrchr
DbgkWerCaptureLiveKernelDump
KeQueryTimeIncrement
KeAcquireSpinLockRaiseToDpc
__chkstk

fltmgr.sys

FltGetRoutineAddress
FltFreeGenericWorkItem
FltQueueGenericWorkItem
FltIsOperationSynchronous
FltSetIoPriorityHintIntoCallbackData
FltPerformAsynchronousIo
FltAllocateGenericWorkItem
FltInitializePushLock
FltDeletePushLock
FltFlushBuffers
FltAllocateDeferredIoWorkItem
FltQueueDeferredIoWorkItem
FltFreePoolAlignedWithTag
FltAcquirePushLockSharedEx
FltDeviceIoControlFile
FltReadFile
FltOpenVolume
FltFreeDeferredIoWorkItem
FltAllocatePoolAlignedWithTag
FltIsIoCanceled
FltCompletePendedPreOperation
FltAcquirePushLockExclusiveEx
FltGetIoPriorityHintFromCallbackData
FltReleasePushLockEx
FltInitExtraCreateParameterLookasideList
FltStartFiltering
FltQueryVolumeInformationFile
FltRegisterFilter
FltGetVolumeFromFileObject
FltCreateFileEx
FltAttachVolume
FltWriteFile
FltQueryInformationFile
FltObjectDereference
FltUntagFile
FltGetFileNameInformationUnsafe
FltParseFileNameInformation
FltCreateFileEx2
FltGetInstanceContext
FltEnumerateInstances
FltTagFile
FltIsDirectory
FltSetInformationFile
FltPerformSynchronousIo
FltLockUserBuffer
FltAllocateCallbackDataEx
FltFreeCallbackData
FltAllocateExtraCreateParameterList
FltInsertExtraCreateParameter
FltCancelFileOpen
FltDeleteStreamContext
FltReleaseFileNameInformation
FltFsControlFile
FltGetEcpListFromCallbackData
FltGetFileNameInformation
FltEnlistInTransaction
FltSetEcpListIntoCallbackData
FltFindExtraCreateParameter
FltAllocateExtraCreateParameterFromLookasideList
FltSetStreamContext
FltSetTransactionContext
FltReferenceContext
FltGetTransactionContext
FltSetStreamHandleContext
FltUnregisterFilter
FltAllocateContext
FltGetVolumeProperties
FltQueryDirectoryFile
FltGetVolumeGuidName
FltReleaseContext
FltDeleteExtraCreateParameterLookasideList
FltGetStreamHandleContext
FltGetStreamContext
FltSetInstanceContext
FltClose
FltGetDiskDeviceObject
FltDeleteInstanceContext
FltSetFileContext

cng.sys

BCryptCreateHash
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

NONPAGE
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

GFIDS
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/Microsoft.Dism.Powershell.dll
.dll windows:4 windows x64 arch:x64

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:88:f7:3d:82:84:84:fe:82:c0:57:50:dd:f0:8c:f9:bc:a1:f6:10:88:4a:53:17:22:66:fe:f6:83:98:07:53
Signer

Actual PE Digest

88:88:f7:3d:82:84:84:fe:82:c0:57:50:dd:f0:8c:f9:bc:a1:f6:10:88:4a:53:17:22:66:fe:f6:83:98:07:53

Digest Algorithm

sha256

PE Digest Matches

true

62:70:41:53:77:de:2c:62:37:a5:a7:59:72:a8:5e:cd:ce:5b:bd:22
Signer

Actual PE Digest

62:70:41:53:77:de:2c:62:37:a5:a7:59:72:a8:5e:cd:ce:5b:bd:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Dism.PowerShell.pdb

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l1-1-0.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-advapi32-l1-1-0.pdb

Exports

Exports

AccessCheck
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddMandatoryAce
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
CheckTokenMembership
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserW
CreateRestrictedToken
CreateWellKnownSid
DeleteAce
DestroyPrivateObjectSecurity
DuplicateToken
DuplicateTokenEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventUnregister
EventWrite
EventWriteString
EventWriteTransfer
FindFirstFreeAce
FreeSid
GetAce
GetAclInformation
GetFileSecurityW
GetKernelObjectSecurity
GetLengthSid
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsTokenRestricted
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
OpenThreadToken
PrivilegeCheck
PrivilegedServiceAuditAlarmW
QuerySecurityAccessMask
RegCloseKey
RegCopyTreeW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyExA
RegDeleteKeyExW
RegDeleteTreeA
RegDeleteTreeW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCacheEx
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegFlushKey
RegGetKeySecurity
RegGetValueA
RegGetValueW
RegLoadAppKeyA
RegLoadAppKeyW
RegLoadKeyA
RegLoadKeyW
RegLoadMUIStringA
RegLoadMUIStringW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegOpenKeyExA
RegOpenKeyExW
RegOpenUserClassesRoot
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegRestoreKeyA
RegRestoreKeyW
RegSaveKeyExA
RegSaveKeyExW
RegSetKeySecurity
RegSetValueExA
RegSetValueExW
RegUnLoadKeyA
RegUnLoadKeyW
RegisterTraceGuidsW
RevertToSelf
SetAclInformation
SetFileSecurityW
SetKernelObjectSecurity
SetSecurityAccessMask
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorRMControl
SetSecurityDescriptorSacl
SetTokenInformation
TraceEvent
TraceMessage
TraceMessageVa
UnregisterTraceGuids

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l1-1-1.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-advapi32-l1-1-1.pdb

Exports

Exports

AccessCheck
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddMandatoryAce
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
CheckTokenMembership
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserW
CreateRestrictedToken
CreateWellKnownSid
DeleteAce
DestroyPrivateObjectSecurity
DuplicateToken
DuplicateTokenEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventUnregister
EventWrite
EventWriteEx
EventWriteString
EventWriteTransfer
FindFirstFreeAce
FreeSid
GetAce
GetAclInformation
GetFileSecurityW
GetKernelObjectSecurity
GetLengthSid
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetWindowsAccountDomainSid
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsTokenRestricted
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
MakeAbsoluteSD
MakeSelfRelativeSD
MapGenericMask
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmW
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmW
OpenProcessToken
OpenThreadToken
PrivilegeCheck
PrivilegedServiceAuditAlarmW
QuerySecurityAccessMask
RegCloseKey
RegCopyTreeW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyExA
RegDeleteKeyExW
RegDeleteTreeA
RegDeleteTreeW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCacheEx
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegFlushKey
RegGetKeySecurity
RegGetValueA
RegGetValueW
RegLoadAppKeyA
RegLoadAppKeyW
RegLoadKeyA
RegLoadKeyW
RegLoadMUIStringA
RegLoadMUIStringW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegOpenKeyExA
RegOpenKeyExW
RegOpenUserClassesRoot
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegRestoreKeyA
RegRestoreKeyW
RegSaveKeyExA
RegSaveKeyExW
RegSetKeySecurity
RegSetValueExA
RegSetValueExW
RegUnLoadKeyA
RegUnLoadKeyW
RegisterTraceGuidsW
RevertToSelf
SetAclInformation
SetFileSecurityW
SetKernelObjectSecurity
SetPrivateObjectSecurity
SetPrivateObjectSecurityEx
SetSecurityAccessMask
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorRMControl
SetSecurityDescriptorSacl
SetThreadToken
SetTokenInformation
TraceEvent
TraceMessageVa
UnregisterTraceGuids

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l2-1-0.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-advapi32-l2-1-0.pdb

Exports

Exports

CloseServiceHandle
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CredDeleteW
CredEnumerateW
CredFree
CredReadDomainCredentialsW
CredReadW
CredWriteDomainCredentialsW
CredWriteW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l2-1-1.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-advapi32-l2-1-1.pdb

Exports

Exports

ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CloseServiceHandle
CloseTrace
ControlService
ControlServiceExA
ControlServiceExW
ControlTraceA
ControlTraceW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CreateServiceA
CreateServiceW
CredDeleteA
CredDeleteW
CredEnumerateA
CredEnumerateW
CredFindBestCredentialA
CredFindBestCredentialW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialW
CredIsProtectedA
CredIsProtectedW
CredMarshalCredentialA
CredMarshalCredentialW
CredProtectA
CredProtectW
CredReadA
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredUnprotectA
CredUnprotectW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
DeleteService
EnableTraceEx2
EnumDependentServicesW
EnumServicesStatusExW
EnumerateTraceGuidsEx
EventAccessControl
EventAccessQuery
EventAccessRemove
NotifyServiceStatusChangeA
NotifyServiceStatusChangeW
OpenSCManagerA
OpenSCManagerW
OpenServiceA
OpenServiceW
OpenTraceW
ProcessTrace
QueryAllTracesA
QueryAllTracesW
QueryServiceConfig2A
QueryServiceConfig2W
QueryServiceConfigA
QueryServiceConfigW
QueryServiceObjectSecurity
QueryServiceStatus
QueryServiceStatusEx
RegisterServiceCtrlHandlerA
RegisterServiceCtrlHandlerExA
RegisterServiceCtrlHandlerExW
RegisterServiceCtrlHandlerW
RegisterTraceGuidsA
RemoveTraceCallback
SetServiceObjectSecurity
SetServiceStatus
SetTraceCallback
StartServiceA
StartServiceCtrlDispatcherA
StartServiceCtrlDispatcherW
StartServiceW
StartTraceA
StartTraceW
StopTraceW
TraceSetInformation

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l3-1-0.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-advapi32-l3-1-0.pdb

Exports

Exports

GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
GetSecurityInfo
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityInfo

Sections

.text
Size: 1024B - Virtual size: 579B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l4-1-0.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-advapi32-l4-1-0.pdb

Exports

Exports

AbortSystemShutdownW
InitiateSystemShutdownExW
LookupAccountNameW
LookupAccountSidW
LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
LookupPrivilegeValueW
LsaEnumerateTrustedDomains
LsaManageSidNameMapping

Sections

.text
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-kernel32-l1-1-0.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-kernel32-l1-1-0.pdb

Exports

Exports

AcquireSRWLockExclusive
AcquireSRWLockShared
AddSIDToBoundaryDescriptor
AddVectoredContinueHandler
AddVectoredExceptionHandler
AllocConsole
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
AttachConsole
Beep
CallbackMayRunLong
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelWaitableTimer
ChangeTimerQueueTimer
CheckRemoteDebuggerPresent
ClearCommBreak
ClearCommError
CloseHandle
ClosePrivateNamespace
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ContinueDebugEvent
ConvertDefaultLocale
CopyFileExW
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFileA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceW
CreateProcessA
CreateProcessW
CreateRemoteThread
CreateRemoteThreadEx
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateWaitableTimerExW
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DecodePointer
DecodeSystemPointer
DefineDosDeviceW
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointW
DeviceIoControl
DisableThreadLibraryCalls
DisassociateCurrentThreadFromCallback
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EncodeSystemPointer
EnterCriticalSection
EnumLanguageGroupLocalesW
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceTypesExA
EnumResourceTypesExW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumUILanguagesW
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeW
FindResourceExW
FindStringOrdinal
FindVolumeClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringW
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeResource
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GetACP
GetCPInfo
GetCPInfoExW
GetCalendarInfoEx
GetCalendarInfoW
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeW
GetComputerNameExA
GetComputerNameExW
GetConsoleCP
GetConsoleCursorInfo
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
GetConsoleTitleW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentProcessorNumberEx
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatEx
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetErrorMode
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileMUIInfo
GetFileMUIPath
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLargePageMinimum
GetLargestConsoleWindowSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameA
GetLongPathNameW
GetMemoryErrorHandlingCapabilities
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNLSVersion
GetNLSVersionEx
GetNamedPipeClientComputerNameW
GetNativeSystemInfo
GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx
GetNumberFormatW
GetNumberOfConsoleInputEvents
GetOEMCP
GetOverlappedResult
GetPhysicallyInstalledSystemMemory
GetPriorityClass
GetProcAddress
GetProcessGroupAffinity
GetProcessHandleCount
GetProcessHeap
GetProcessHeaps
GetProcessId
GetProcessIdOfThread
GetProcessPreferredUILanguages
GetProcessPriorityBoost
GetProcessTimes
GetProcessVersion
GetProcessWorkingSetSizeEx
GetProductInfo
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetShortPathNameW
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultLocaleName
GetSystemDefaultUILanguage
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemFileCacheSize
GetSystemFirmwareTable
GetSystemInfo
GetSystemPreferredUILanguages
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemTimes
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetThreadContext
GetThreadGroupAffinity
GetThreadIOPendingFlag
GetThreadId
GetThreadIdealProcessorEx
GetThreadInformation
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadPriority
GetThreadPriorityBoost
GetThreadTimes
GetThreadUILanguage
GetTickCount
GetTickCount64
GetTimeFormatA
GetTimeFormatEx
GetTimeFormatW
GetTimeZoneInformation
GetTimeZoneInformationForYear
GetUILanguageInfo
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultLocaleName
GetUserDefaultUILanguage
GetUserGeoID
GetUserPreferredUILanguages
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationByHandleW
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetWriteWatch
GlobalMemoryStatusEx
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapQueryInformation
HeapReAlloc
HeapSetInformation
HeapSize
HeapUnlock
HeapValidate
HeapWalk
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitOnceInitialize
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDBCSLeadByte
IsDBCSLeadByteEx
IsDebuggerPresent
IsNLSDefinedString
IsProcessInJob
IsProcessorFeaturePresent
IsThreadAFiber
IsThreadpoolTimerSet
IsValidCodePage
IsValidLanguageGroup
IsValidLocale
IsValidLocaleName
IsWow64Process
LCIDToLocaleName
LCMapStringA
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LeaveCriticalSectionWhenCallbackReturns
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalFileTimeToFileTime
LocaleNameToLCID
LockFile
LockFileEx
LockResource
MapUserPhysicalPages
MapViewOfFile
MapViewOfFileEx
MoveFileExW
MoveFileWithProgressW
MultiByteToWideChar
NeedCurrentDirectoryForExePathA
NeedCurrentDirectoryForExePathW
OpenEventA
OpenEventW
OpenFileMappingW
OpenMutexW
OpenPrivateNamespaceW
OpenProcess
OpenSemaphoreW
OpenThread
OpenWaitableTimerW
OutputDebugStringA
OutputDebugStringW
PeekConsoleInputA
PeekConsoleInputW
PeekNamedPipe
PostQueuedCompletionStatus
ProcessIdToSessionId
PurgeComm
QueryDepthSList
QueryDosDeviceW
QueryFullProcessImageNameA
QueryFullProcessImageNameW
QueryIdleProcessorCycleTime
QueryIdleProcessorCycleTimeEx
QueryMemoryResourceNotification
QueryPerformanceCounter
QueryPerformanceFrequency
QueryProcessAffinityUpdateMode
QueryProcessCycleTime
QueryThreadCycleTime
QueryThreadpoolStackInformation
QueryUnbiasedInterruptTime
QueueUserAPC
QueueUserWorkItem
RaiseException
ReOpenFile
ReadConsoleA
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterA
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ReadConsoleW
ReadDirectoryChangesW
ReadFile
ReadFileEx
ReadFileScatter
ReadProcessMemory
RegisterBadMemoryNotification
ReleaseMutex
ReleaseMutexWhenCallbackReturns
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseSemaphoreWhenCallbackReturns
RemoveDirectoryA
RemoveDirectoryW
RemoveVectoredContinueHandler
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResetWriteWatch
ResolveLocaleName
RestoreLastError
ResumeThread
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SearchPathA
SearchPathW
SetCalendarInfoW
SetCommBreak
SetCommConfig
SetCommMask
SetCommState
SetCommTimeouts
SetComputerNameExW
SetConsoleActiveScreenBuffer
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleScreenBufferInfoEx
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleTitleW
SetConsoleWindowInfo
SetCriticalSectionSpinCount
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDynamicTimeZoneInformation
SetEndOfFile
SetEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetEventWhenCallbackReturns

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-kernel32-l2-1-0.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-kernel32-l2-1-0.pdb

Exports

Exports

AddAtomA
AddAtomW
BackupRead
BackupWrite
BindIoCompletionCallback
ConvertFiberToThread
ConvertThreadToFiber
CopyFileA
CopyFileW
CreateFiber
CreateFileMappingA
CreateFileTransactedW
CreateMailslotA
CreateNamedPipeA
CreateSemaphoreW
DeleteAtom
DeleteFiber
DnsHostnameToComputerNameW
DosDateTimeToFileTime
FatalAppExitA
FatalAppExitW
FileTimeToDosDateTime
FindAtomA
FindAtomW
FindResourceA
FindResourceExA
FindResourceW
GetActiveProcessorCount
GetAtomNameA
GetAtomNameW
GetComputerNameA
GetComputerNameW
GetConsoleWindow
GetDurationFormatEx
GetFirmwareEnvironmentVariableW
GetMaximumProcessorGroupCount
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcessAffinityMask
GetProcessIoCounters
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetShortPathNameA
GetStartupInfoA
GetStringTypeExA
GetSystemPowerStatus
GetSystemWow64DirectoryA
GetSystemWow64DirectoryW
GetTapeParameters
GetTempPathA
GetThreadSelectorEntry
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
InitAtomTable
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFlags
LocalFree
LocalLock
LocalReAlloc
LocalSize
LocalUnlock
MoveFileA
MoveFileExA
MoveFileW
MulDiv
OpenFile
PulseEvent
RaiseFailFastException
RegisterWaitForSingleObject
SetConsoleTitleA
SetFileCompletionNotificationModes
SetFirmwareEnvironmentVariableW
SetHandleCount
SetMailslotInfo
SetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
SetVolumeLabelW
SwitchToFiber
UnregisterWait
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
lstrcatW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-ole32-l1-1-0.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-ole32-l1-1-0.pdb

Exports

Exports

CLSIDFromProgID
CLSIDFromString
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoDisconnectObject
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetApartmentType
CoGetClassObject
CoGetCurrentLogicalThreadId
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetObjectContext
CoGetStdMarshalEx
CoGetTreatAsClass
CoImpersonateClient
CoInitializeEx
CoInitializeSecurity
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoRegisterClassObject
CoRegisterInitializeSpy
CoRegisterMessageFilter
CoReleaseMarshalData
CoRevertToSelf
CoRevokeClassObject
CoRevokeInitializeSpy
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoUnmarshalInterface
CoWaitForMultipleHandles
CreateStreamOnHGlobal
FreePropVariantArray
GetHGlobalFromStream
IIDFromString
ProgIDFromCLSID
PropVariantClear
PropVariantCopy
StringFromCLSID
StringFromGUID2
StringFromIID

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-ole32-l1-1-1.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-ole32-l1-1-1.pdb

Exports

Exports

CLSIDFromProgID
CLSIDFromString
CoAddRefServerProcess
CoCancelCall
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoDisableCallCancellation
CoDisconnectContext
CoDisconnectObject
CoEnableCallCancellation
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetApartmentType
CoGetCallContext
CoGetCallerTID
CoGetCancelObject
CoGetClassObject
CoGetContextToken
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoGetDefaultContext
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetObjectContext
CoGetPSClsid
CoGetStandardMarshal
CoGetStdMarshalEx
CoGetTreatAsClass
CoImpersonateClient
CoInitializeEx
CoInitializeSecurity
CoInvalidateRemoteMachineBindings
CoIsHandlerConnected
CoLockObjectExternal
CoMarshalHresult
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoQueryAuthenticationServices
CoQueryClientBlanket
CoQueryProxyBlanket
CoRegisterClassObject
CoRegisterInitializeSpy
CoRegisterMessageFilter
CoRegisterPSClsid
CoRegisterSurrogate
CoReleaseMarshalData
CoReleaseServerProcess
CoResumeClassObjects
CoRevertToSelf
CoRevokeClassObject
CoRevokeInitializeSpy
CoSetCancelObject
CoSetProxyBlanket
CoSuspendClassObjects
CoSwitchCallContext
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoTestCancel
CoUninitialize
CoUnmarshalHresult
CoUnmarshalInterface
CoWaitForMultipleHandles
CreateErrorInfo
CreateStreamOnHGlobal
FreePropVariantArray
GetErrorInfo
GetHGlobalFromStream
IIDFromString
ProgIDFromCLSID
PropVariantClear
PropVariantCopy
SetErrorInfo
StringFromCLSID
StringFromGUID2
StringFromIID

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-shlwapi-l1-1-0.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-shlwapi-l1-1-0.pdb

Exports

Exports

GetAcceptLanguagesW
HashData
IsInternetESCEnabled
ParseURLW
PathAddBackslashA
PathAddBackslashW
PathAddExtensionA
PathAddExtensionW
PathAppendA
PathAppendW
PathCanonicalizeA
PathCanonicalizeW
PathCommonPrefixA
PathCommonPrefixW
PathCreateFromUrlAlloc
PathCreateFromUrlW
PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathFindNextComponentA
PathFindNextComponentW
PathGetArgsA
PathGetArgsW
PathGetDriveNumberA
PathGetDriveNumberW
PathIsFileSpecA
PathIsFileSpecW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsPrefixA
PathIsPrefixW
PathIsRelativeA
PathIsRelativeW
PathIsRootA
PathIsRootW
PathIsSameRootA
PathIsSameRootW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCServerW
PathIsUNCW
PathIsURLW
PathParseIconLocationA
PathParseIconLocationW
PathRelativePathToA
PathRelativePathToW
PathRemoveBackslashA
PathRemoveBackslashW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathRenameExtensionA
PathRenameExtensionW
PathSkipRootA
PathSkipRootW
PathStripPathA
PathStripPathW
PathStripToRootA
PathStripToRootW
PathUnquoteSpacesA
PathUnquoteSpacesW
QISearch
SHLoadIndirectString
SHRegCloseUSKey
SHRegDeleteUSValueA
SHRegDeleteUSValueW
SHRegEnumUSKeyA
SHRegEnumUSKeyW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetUSValueA
SHRegGetUSValueW
SHRegOpenUSKeyA
SHRegOpenUSKeyW
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetUSValueA
SHRegSetUSValueW
StrCSpnA
StrCSpnIA
StrCSpnIW
StrCSpnW
StrCatBuffA
StrCatBuffW
StrCatChainW
StrChrA
StrChrIA
StrChrIW
StrChrNIW
StrChrNW
StrChrW
StrCmpCA
StrCmpCW
StrCmpICA
StrCmpICW
StrCmpIW
StrCmpLogicalW
StrCmpNA
StrCmpNCA
StrCmpNCW
StrCmpNIA
StrCmpNICA
StrCmpNICW
StrCmpNIW
StrCmpNW
StrCmpW
StrCpyNW
StrDupA
StrDupW
StrIsIntlEqualA
StrIsIntlEqualW
StrPBrkA
StrPBrkW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrSpnA
StrSpnW
StrStrA
StrStrIA
StrStrIW
StrStrNIW
StrStrNW
StrStrW
StrToInt64ExA
StrToInt64ExW
StrToIntA
StrToIntExA
StrToIntExW
StrToIntW
StrTrimA
StrTrimW
UrlApplySchemeW
UrlCanonicalizeW
UrlCombineA
UrlCombineW
UrlCreateFromPathW
UrlEscapeW
UrlFixupW
UrlGetLocationW
UrlGetPartW
UrlIsW
UrlUnescapeA
UrlUnescapeW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-shlwapi-l1-1-1.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-shlwapi-l1-1-1.pdb

Exports

Exports

GetAcceptLanguagesW
HashData
IsCharSpaceA
IsCharSpaceW
IsInternetESCEnabled
ParseURLW
PathAddBackslashA
PathAddBackslashW
PathAddExtensionA
PathAddExtensionW
PathAppendA
PathAppendW
PathCanonicalizeA
PathCanonicalizeW
PathCombineA
PathCombineW
PathCommonPrefixA
PathCommonPrefixW
PathCreateFromUrlAlloc
PathCreateFromUrlW
PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathFindNextComponentA
PathFindNextComponentW
PathGetArgsA
PathGetArgsW
PathGetCharTypeA
PathGetCharTypeW
PathGetDriveNumberA
PathGetDriveNumberW
PathIsFileSpecA
PathIsFileSpecW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsPrefixA
PathIsPrefixW
PathIsRelativeA
PathIsRelativeW
PathIsRootA
PathIsRootW
PathIsSameRootA
PathIsSameRootW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCServerW
PathIsUNCW
PathIsURLW
PathMatchSpecA
PathMatchSpecExA
PathMatchSpecExW
PathMatchSpecW
PathParseIconLocationA
PathParseIconLocationW
PathQuoteSpacesA
PathQuoteSpacesW
PathRelativePathToA
PathRelativePathToW
PathRemoveBackslashA
PathRemoveBackslashW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathRenameExtensionA
PathRenameExtensionW
PathSearchAndQualifyA
PathSearchAndQualifyW
PathSkipRootA
PathSkipRootW
PathStripPathA
PathStripPathW
PathStripToRootA
PathStripToRootW
PathUnExpandEnvStringsA
PathUnExpandEnvStringsW
PathUnquoteSpacesA
PathUnquoteSpacesW
QISearch
SHLoadIndirectString
SHRegCloseUSKey
SHRegDeleteUSValueA
SHRegDeleteUSValueW
SHRegEnumUSKeyA
SHRegEnumUSKeyW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetUSValueA
SHRegGetUSValueW
SHRegOpenUSKeyA
SHRegOpenUSKeyW
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetUSValueA
SHRegSetUSValueW
StrCSpnA
StrCSpnIA
StrCSpnIW
StrCSpnW
StrCatBuffA
StrCatBuffW
StrCatChainW
StrChrA
StrChrIA
StrChrIW
StrChrNIW
StrChrNW
StrChrW
StrCmpCA
StrCmpCW
StrCmpICA
StrCmpICW
StrCmpIW
StrCmpLogicalW
StrCmpNA
StrCmpNCA
StrCmpNCW
StrCmpNIA
StrCmpNICA
StrCmpNICW
StrCmpNIW
StrCmpNW
StrCmpW
StrCpyNW
StrDupA
StrDupW
StrIsIntlEqualA
StrIsIntlEqualW
StrPBrkA
StrPBrkW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrSpnA
StrSpnW
StrStrA
StrStrIA
StrStrIW
StrStrNIW
StrStrNW
StrStrW
StrToInt64ExA
StrToInt64ExW
StrToIntA
StrToIntExA
StrToIntExW
StrToIntW
StrTrimA
StrTrimW
UrlApplySchemeW
UrlCanonicalizeW
UrlCombineA
UrlCombineW
UrlCreateFromPathW
UrlEscapeW
UrlFixupW
UrlGetLocationW
UrlGetPartW
UrlIsW
UrlUnescapeA
UrlUnescapeW

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-user32-l1-1-0.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-user32-l1-1-0.pdb

Exports

Exports

CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
IsCharAlphaA
IsCharAlphaNumericA
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerA
IsCharLowerW
IsCharUpperA
IsCharUpperW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-user32-l1-1-1.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-user32-l1-1-1.pdb

Exports

Exports

CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
IsCharAlphaA
IsCharAlphaNumericA
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerA
IsCharLowerW
IsCharUpperA
IsCharUpperW
LoadStringA
LoadStringW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/api-ms-win-downlevel-version-l1-1-0.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-version-l1-1-0.pdb

Exports

Exports

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerFindFileA
VerFindFileW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/compatprovider.dll
.dll regsvr32 windows:6 windows x64 arch:x64

b39192a46aa822b7b253b1ba4865752f

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/08/2012, 17:49

Not After

30/11/2013, 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:54:e5:99:83:dd:ac:67:2b:13:81:41:5f:b0:97:23:60:18:47:a1:cd:f1:68:5d:50:42:a3:b7:1c:45:7e:4f
Signer

Actual PE Digest

6f:54:e5:99:83:dd:ac:67:2b:13:81:41:5f:b0:97:23:60:18:47:a1:cd:f1:68:5d:50:42:a3:b7:1c:45:7e:4f

Digest Algorithm

sha256

PE Digest Matches

true

0c:e0:a1:15:a6:d7:3f:20:85:2c:aa:40:55:31:85:02:57:8f:7d:5e
Signer

Actual PE Digest

0c:e0:a1:15:a6:d7:3f:20:85:2c:aa:40:55:31:85:02:57:8f:7d:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

CompatProvider.pdb

Imports

msvcrt

_wcsnicmp
??0exception@@QEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
vswprintf_s
wcsrchr
_wcsicmp
_vsnwprintf
wcschr
memset
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
wcsncpy_s
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
__RTDynamicCast
memcmp
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_vscwprintf
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
memcpy_s
malloc
wcscat_s
free
wcscpy_s
_unlock
memcpy

ntdll

RtlFreeHeap
RtlNtStatusToDosError
NtSetInformationFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap

kernel32

ExpandEnvironmentStringsW
MapViewOfFile
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
SetThreadUILanguage
GetVersionExW
SetEnvironmentVariableW
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
CompareStringW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FormatMessageW
LocalFree
CreateFileW
CloseHandle
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
GetNativeSystemInfo
GetFileAttributesW
ReadFile
SetFilePointer
GetStartupInfoW
FreeLibrary
GetExitCodeProcess
CreateProcessW
GetCurrentDirectoryW
WaitForSingleObject
UnmapViewOfFile
SetLastError
CreateFileMappingW
FindFirstFileW
SetFileAttributesW
FindNextFileW
DeviceIoControl
FindClose
SearchPathW

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

user32

CharLowerBuffW
LoadStringW
CharNextW

ole32

StringFromGUID2
CoTaskMemFree
CoCreateGuid
StringFromCLSID
ProgIDFromCLSID
CoCreateInstance

oleaut32

SysFreeString
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
VarBstrCat
SetErrorInfo
CreateErrorInfo
VariantClear
SysAllocStringLen
LoadRegTypeLi

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/dism.Format.ps1xml
.ps1
Bin/x64/DISM81/dism.Types.ps1xml
.xml
Bin/x64/DISM81/dism.exe
.exe windows:6 windows x64 arch:x64

24ffc8bf66aaab58a29d158512e9e38e

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:7e:a9:55:fe:50:20:f2:6a:8a:36:c5:f9:d3:1a:42:be:b4:79:11:50:1e:1c:c0:71:8c:75:d7:61:52:27:d7
Signer

Actual PE Digest

1a:7e:a9:55:fe:50:20:f2:6a:8a:36:c5:f9:d3:1a:42:be:b4:79:11:50:1e:1c:c0:71:8c:75:d7:61:52:27:d7

Digest Algorithm

sha256

PE Digest Matches

true

d7:8b:51:45:b6:fb:89:cc:de:8b:5c:bd:7e:c4:ab:32:c0:6f:04:87
Signer

Actual PE Digest

d7:8b:51:45:b6:fb:89:cc:de:8b:5c:bd:7e:c4:ab:32:c0:6f:04:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

Dism.pdb

Imports

msvcrt

realloc
_errno
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
wcsstr
iswalpha
_wcsnicmp
??0exception@@QEAA@XZ
towlower
memcpy_s
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
wcscpy_s
memcpy
memcmp
_lock
__C_specific_handler
memset
wcsrchr
calloc
malloc
_purecall
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_wcslwr_s
_wcsicmp
wcschr
wprintf
memmove_s
__RTDynamicCast
wcscmp

api-ms-win-downlevel-kernel32-l1-1-0

GetCommandLineW
HeapFree
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
Sleep
OutputDebugStringW
GetModuleHandleW
GetCurrentProcess
GetVersionExW
SearchPathW
MapViewOfFile
GetCurrentThreadId
DeleteCriticalSection
RaiseException
SetErrorMode
CompareStringW
SetThreadUILanguage
GetStdHandle
HeapAlloc
WriteConsoleW
SetConsoleCtrlHandler
WideCharToMultiByte
WriteFile
CloseHandle
GetFileType
GetConsoleMode
GetModuleFileNameW
UnmapViewOfFile
CreateFileMappingW
FindFirstFileW
CopyFileExW
GetLastError
FindClose
DeviceIoControl
FindNextFileW
SetFileAttributesW
GetDriveTypeW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
WaitForSingleObject
GetSystemInfo
HeapDestroy
HeapReAlloc
HeapSize
LoadLibraryExW
FreeLibrary
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetModuleHandleExW
LeaveCriticalSection
SetEvent
EnterCriticalSection
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
InitializeCriticalSection
GetProcAddress
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
ReadFile
SetFilePointer

api-ms-win-downlevel-advapi32-l1-1-1

IsValidSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
CopySid
GetLengthSid
TraceEvent
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExW
SetSecurityDescriptorDacl
OpenProcessToken
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel

api-ms-win-downlevel-advapi32-l4-1-0

LookupPrivilegeValueW
InitiateSystemShutdownExW

api-ms-win-downlevel-ole32-l1-1-1

CoCreateInstance
CoUninitialize
GetErrorInfo
CoInitializeEx
CoInitializeSecurity

api-ms-win-downlevel-kernel32-l2-1-0

LocalAlloc
LocalFree

api-ms-win-downlevel-user32-l1-1-1

CharLowerBuffW

ntdll

RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
RtlNtStatusToDosError
RtlGetVersion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

oleaut32

SysFreeString
SysAllocString
VariantClear
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCmp
LoadTypeLi
LoadRegTypeLi

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/dism.psd1
Bin/x64/DISM81/dism.psm1
Bin/x64/DISM81/dismapi.dll
.dll windows:6 windows x64 arch:x64

ed9d6ce3d8cf98009ecb16f7c00b3174

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:13:e5:7e:f4:63:ea:17:00:6c:1d:eb:f0:d8:4e:a0:92:cb:f0:65:70:f8:88:fc:c7:35:84:aa:0f:ba:a0:1c
Signer

Actual PE Digest

2d:13:e5:7e:f4:63:ea:17:00:6c:1d:eb:f0:d8:4e:a0:92:cb:f0:65:70:f8:88:fc:c7:35:84:aa:0f:ba:a0:1c

Digest Algorithm

sha256

PE Digest Matches

true

0f:53:7e:46:8f:5f:8c:5c:29:93:2a:c8:ce:af:6e:89:c7:db:e7:49
Signer

Actual PE Digest

0f:53:7e:46:8f:5f:8c:5c:29:93:2a:c8:ce:af:6e:89:c7:db:e7:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

DismApi.pdb

Imports

msvcrt

fclose
wcstok_s
fgetws
_wfopen
feof
iswctype
strrchr
rand
??0exception@@QEAA@XZ
_wcslwr_s
_wtoi
towlower
wcsstr
_vsnwprintf
wcsrchr
_wcsnicmp
memcpy_s
malloc
iswalpha
_wcsicmp
_purecall
wcstoul
_wcstoui64
wcschr
iswspace
swscanf_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
memcmp
memcpy
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
wcscpy_s
__C_specific_handler
memset
vsprintf_s
_vscprintf
calloc
_vsnprintf
?what@exception@@UEBAPEBDXZ
free
vswprintf_s
_vscwprintf
memmove_s
??0exception@@QEAA@AEBV0@@Z
wcscmp

api-ms-win-downlevel-kernel32-l1-1-0

FileTimeToLocalFileTime
FileTimeToSystemTime
SearchPathW
WaitForSingleObject
CompareStringW
HeapFree
GetProcessHeap
GetEnvironmentVariableW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetThreadUILanguage
OutputDebugStringA
GetModuleHandleExW
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetVersionExW
GetModuleHandleW
TlsAlloc
GetWindowsDirectoryW
TlsFree
CreateFileA
CreateMutexW
WaitForMultipleObjectsEx
GetFileSizeEx
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
GetVersion
DeleteFileA
DebugBreak
DeleteFileW
ReleaseMutex
CreateThread
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
MultiByteToWideChar
Sleep
QueryPerformanceCounter
OutputDebugStringW
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
WriteFile
GetLastError
ResetEvent
GetCurrentProcess
CreateFileMappingW
GetLocalTime
IsWow64Process
TlsSetValue
FormatMessageA
VirtualQuery
UnmapViewOfFile
MapViewOfFile
TlsGetValue
GetFileSize
ExitProcess
MoveFileExW
GetLocaleInfoW
GetFileAttributesW
GetSystemTime
GetTimeFormatW
SetFilePointer
GetSystemWindowsDirectoryW
CreateEventW
ResumeThread
DuplicateHandle
SetEvent
GetCommandLineW
GetTempFileNameW
GetModuleFileNameA
LoadLibraryExA
CreateMutexA
FormatMessageW
GetFullPathNameW
FindFirstFileW
CopyFileExW
CreateFileW
FlushFileBuffers
GetTempPathW
SetLastError
FindClose
DeviceIoControl
FindNextFileW
CloseHandle
GetFileInformationByHandle
SetFileAttributesW
GetCurrentThread
GetSystemInfo
SetErrorMode
GetSystemTimeAsFileTime
CreateDirectoryW
FindResourceExW

api-ms-win-downlevel-advapi32-l1-1-1

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyExW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
AddAccessAllowedAce
EqualSid
OpenProcessToken
GetTokenInformation
OpenThreadToken
InitializeAcl
SetSecurityDescriptorDacl
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
InitializeSecurityDescriptor
GetLengthSid

api-ms-win-downlevel-ole32-l1-1-1

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeEx
GetErrorInfo

api-ms-win-downlevel-kernel32-l2-1-0

CreateFileMappingA
LocalFree

api-ms-win-downlevel-user32-l1-1-1

CharLowerBuffW

ntdll

RtlFreeHeap
RtlNtStatusToDosError
NtSetInformationFile
RtlVirtualUnwind
RtlGetVersion
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateHeap

oleaut32

SystemTimeToVariantTime
SysAllocStringLen
VarBstrCat
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
LoadTypeLi
LoadRegTypeLi
VariantClear
VarBstrCmp
SysStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantTimeToSystemTime

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

Exports

Exports

DismAddDriver
DismAddPackage
DismApplyUnattend
DismCheckImageHealth
DismCleanupMountpoints
DismCloseSession
DismCommitImage
DismDelete
DismDisableFeature
DismEnableFeature
DismGetDriverInfo
DismGetDrivers
DismGetFeatureInfo
DismGetFeatureParent
DismGetFeatures
DismGetImageInfo
DismGetLastErrorMessage
DismGetMountedImageInfo
DismGetPackageInfo
DismGetPackages
DismInitialize
DismMountImage
DismOpenSession
DismRemountImage
DismRemoveDriver
DismRemovePackage
DismRestoreImageHealth
DismShutdown
DismUnmountImage
_DismAddProvisionedAppxPackage
_DismEnableDisableFeature
_DismExportDriver
_DismGetCurrentEdition
_DismGetFeaturesEx
_DismGetKCacheBinaryValue
_DismGetKCacheDwordValue
_DismGetKCacheStringValue
_DismGetLastCBSSessionID
_DismGetOsInfo
_DismGetProductKeyInfo
_DismGetProvisionedAppxPackages
_DismGetRegistryMountPoint
_DismGetStateFromCBSSessionID
_DismGetTargetEditions
_DismOptimizeImage
_DismRemoveProvisionedAppxPackage
_DismSetAppXProvisionedDataFile
_DismSetEdition
_DismSetFirstBootCommandLine
_DismSetMachineName
_DismSetProductKey
_DismValidateProductKey

Sections

.text
Size: 583KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/dismcore.dll
.dll regsvr32 windows:6 windows x64 arch:x64

ab165f57087b13a51f41e0da5dc834a3

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:b2:c3:3f:b8:78:cd:43:75:37:e4:e8:e6:78:a9:f8:e8:21:f4:2f:f5:c9:3b:da:41:a4:de:f2:e7:e0:46:cc
Signer

Actual PE Digest

8b:b2:c3:3f:b8:78:cd:43:75:37:e4:e8:e6:78:a9:f8:e8:21:f4:2f:f5:c9:3b:da:41:a4:de:f2:e7:e0:46:cc

Digest Algorithm

sha256

PE Digest Matches

true

a3:1e:93:0c:b0:f7:1a:d8:59:53:b8:8d:11:41:21:d1:9b:28:2f:19
Signer

Actual PE Digest

a3:1e:93:0c:b0:f7:1a:d8:59:53:b8:8d:11:41:21:d1:9b:28:2f:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

DismCore.pdb

Imports

msvcrt

fclose
wcstok_s
swscanf_s
fgetws
_wfopen
feof
iswctype
strrchr
_vsnprintf
towlower
_wcsnicmp
_vsnwprintf
vsprintf_s
_vscprintf
rand
wcsstr
memcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
__CxxFrameHandler3
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
__C_specific_handler
memset
wcscat_s
wcsncpy_s
calloc
_purecall
malloc
_resetstkoflw
wcscpy_s
vswprintf_s
_vscwprintf
wcschr
wcsrchr
_wcsicmp
memmove_s
memcpy_s
_wtoi
free
memcpy

api-ms-win-downlevel-kernel32-l1-1-0

TerminateProcess
GetModuleFileNameW
GetModuleHandleW
CopyFileExW
CreateFileA
TlsFree
CreateEventW
GetWindowsDirectoryW
TlsAlloc
GetLocalTime
TlsSetValue
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
FormatMessageA
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
VirtualQuery
GetProcAddress
LoadLibraryExW
WaitForSingleObject
SetEvent
FreeLibrary
TlsGetValue
GetFileSize
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetVersion
ExitProcess
CreateFileMappingW
SetLastError
GetVersionExW
CompareStringW
UnmapViewOfFile
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetModuleHandleExW
MapViewOfFile
SearchPathW
GetTempPathW
FindNextFileW
MultiByteToWideChar
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateFileW
SetThreadUILanguage
GetLastError
SetFileAttributesW
GetCurrentDirectoryW
GetDriveTypeW
DeviceIoControl
FindClose
FindFirstFileW
IsDebuggerPresent
FlushFileBuffers
GetFileSizeEx
DeleteFileA
DebugBreak
DeleteFileW
ReleaseMutex
CreateMutexA
LoadLibraryExA
GetModuleFileNameA
DuplicateHandle
WriteFile
ExpandEnvironmentStringsA
GetCurrentThread
CreateMutexW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
MoveFileExW
GetSystemDirectoryW
FormatMessageW
GetSystemWindowsDirectoryW
GetNativeSystemInfo
GetSystemInfo
CreateProcessW
GetEnvironmentStringsW
GetExitCodeProcess
FreeEnvironmentStringsW
SetFilePointer
ReadFile
GetFileAttributesW

api-ms-win-downlevel-ole32-l1-1-1

SetErrorInfo
CoTaskMemFree
StringFromCLSID
CreateErrorInfo
CoSetProxyBlanket
CoCreateGuid
GetErrorInfo
CoRegisterPSClsid
CoRevokeClassObject
StringFromGUID2
CoCreateInstance
CoRegisterClassObject
ProgIDFromCLSID

api-ms-win-downlevel-user32-l1-1-1

CharNextW
LoadStringW

api-ms-win-downlevel-advapi32-l1-1-1

AdjustTokenPrivileges
GetTokenInformation
EqualSid
OpenThreadToken
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
GetLengthSid
AllocateAndInitializeSid
CheckTokenMembership
RegOpenKeyExW
FreeSid
RegQueryInfoKeyW
InitializeSecurityDescriptor
OpenProcessToken
RegCloseKey

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree
CreateFileMappingA

ntdll

RtlNtStatusToDosError
RtlFreeHeap
RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtSetInformationFile

oleaut32

SysAllocStringLen
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLibEx
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-downlevel-advapi32-l4-1-0

LookupPrivilegeValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/dismcoreps.dll
.dll regsvr32 windows:6 windows x64 arch:x64

3a462efaace87409e839f94892aa61f5

Code Sign

33:00:00:00:5a:ed:2f:f4:e4:20:99:3f:3a:00:00:00:00:00:5a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2014, 17:13

Not After

23/08/2015, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:e9:45:4c:c4:c6:e9:9c:23:22:55:6a:79:1b:1c:85:53:d8:9e:45:76:ef:d7:b7:a5:98:1c:cb:a1:52:4e:92
Signer

Actual PE Digest

32:e9:45:4c:c4:c6:e9:9c:23:22:55:6a:79:1b:1c:85:53:d8:9e:45:76:ef:d7:b7:a5:98:1c:cb:a1:52:4e:92

Digest Algorithm

sha256

PE Digest Matches

true

13:ba:40:7d:8e:b0:90:e3:9e:68:01:25:38:5d:e8:6f:f2:8b:3d:fd
Signer

Actual PE Digest

13:ba:40:7d:8e:b0:90:e3:9e:68:01:25:38:5d:e8:6f:f2:8b:3d:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DismCorePS.pdb

Imports

msvcrt

_amsg_exit
free
malloc
_initterm
__C_specific_handler
_XcptFilter
memcmp

oleaut32

BSTR_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserSize64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserSize
BSTR_UserSize64
BSTR_UserFree64
BSTR_UserUnmarshal64
BSTR_UserMarshal64

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
NdrStubCall3
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllUnregisterProxy
IUnknown_Release_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubForwardingFunction
NdrOleAllocate
CStdStubBuffer_CountRefs

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-downlevel-kernel32-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetDismInterfaces
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/dismprov.dll
.dll regsvr32 windows:6 windows x64 arch:x64

653cb1447af8ec138aa22391936c3669

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:44:bb:0b:0a:e1:47:f5:00:aa:a5:ee:42:ae:2d:c9:7a:66:e8:4c:01:d5:19:87:b1:aa:18:00:62:43:b6:aa
Signer

Actual PE Digest

db:44:bb:0b:0a:e1:47:f5:00:aa:a5:ee:42:ae:2d:c9:7a:66:e8:4c:01:d5:19:87:b1:aa:18:00:62:43:b6:aa

Digest Algorithm

sha256

PE Digest Matches

true

d7:0f:20:70:d2:ce:53:22:5f:fd:24:29:cc:4f:ad:b7:d6:89:88:26
Signer

Actual PE Digest

d7:0f:20:70:d2:ce:53:22:5f:fd:24:29:cc:4f:ad:b7:d6:89:88:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

DISMProv.pdb

Imports

msvcrt

_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
__C_specific_handler
memset
_unlock
__dllonexit
wcscpy_s
calloc
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
wcsrchr
_purecall
vswprintf_s
_vscwprintf
_onexit
memcpy_s
memcmp
free
_wcsicmp
wcschr
_wcsnicmp
_vsnwprintf
_vsnprintf
rand
_vscprintf
vsprintf_s
_wtoi
towlower
strrchr
iswctype
feof
_wfopen
fgetws
swscanf_s
wcstok_s
fclose
malloc
__RTDynamicCast
wcsncpy_s
wcscat_s
memcpy

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

oleaut32

SysAllocString
VarUI4FromStr
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
RegisterTypeLi
UnRegisterTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringByteLen

api-ms-win-downlevel-kernel32-l1-1-0

TlsSetValue
GetLocalTime
CreateFileMappingW
TlsAlloc
GetWindowsDirectoryW
TlsFree
CreateFileA
CreateMutexW
CreateFileW
GetLastError
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetCurrentThread
ExpandEnvironmentStringsA
WriteFile
GetModuleFileNameA
LoadLibraryExA
CreateMutexA
ReleaseMutex
LeaveCriticalSection
RaiseException
EnterCriticalSection
DeleteFileW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetModuleHandleExW
CompareStringW
LockResource
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
FormatMessageA
SetFilePointer
HeapDestroy
HeapAlloc
UnmapViewOfFile
HeapFree
HeapSize
GetProcessHeap
GetVersion
GetSystemInfo
WideCharToMultiByte
DebugBreak
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetFullPathNameW
GetFileAttributesW
FlushFileBuffers
GetTempPathW
SetLastError
DeviceIoControl
DeleteFileA
MapViewOfFile
TlsGetValue
WaitForSingleObject
GetFileSizeEx
GetFileSize
FormatMessageW
VirtualQuery
IsDebuggerPresent
HeapReAlloc
ExitProcess
GetTempFileNameW

api-ms-win-downlevel-ole32-l1-1-1

CoRegisterPSClsid
CoTaskMemFree
CoRevokeClassObject
CoTaskMemRealloc
CoCreateInstance
CoRegisterClassObject
StringFromGUID2
CoUnmarshalInterface
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc

api-ms-win-downlevel-user32-l1-1-1

CharNextW

api-ms-win-downlevel-advapi32-l1-1-1

EqualSid
RegEnumKeyExW
RegQueryInfoKeyW
InitializeSecurityDescriptor
GetTokenInformation
OpenThreadToken
SetSecurityDescriptorDacl
OpenProcessToken
InitializeAcl
AddAccessAllowedAce
RegOpenKeyExW
RegSetValueExW
GetLengthSid
RegCreateKeyExW
RegDeleteValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey

api-ms-win-downlevel-kernel32-l2-1-0

CreateFileMappingA
lstrcmpiW
LocalFree

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/en-us/VHDProvider.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/en-us/compatprovider.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/en-us/dism.exe.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/en-us/dismapi.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/en-us/dismcore.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/en-us/dismprov.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/en-us/folderprovider.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/en-us/imagingprovider.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/en-us/logprovider.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/en-us/wimgapi.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/en-us/wimprovider.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/folderprovider.dll
.dll regsvr32 windows:6 windows x64 arch:x64

69bf22184878d8652491bf025bd98332

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/08/2012, 17:49

Not After

30/11/2013, 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:fe:e0:8e:86:f0:c6:c5:5a:13:f1:3e:5d:f4:77:c2:71:f6:d2:f3:77:ed:90:60:f0:34:91:91:61:91:7e:d3
Signer

Actual PE Digest

fc:fe:e0:8e:86:f0:c6:c5:5a:13:f1:3e:5d:f4:77:c2:71:f6:d2:f3:77:ed:90:60:f0:34:91:91:61:91:7e:d3

Digest Algorithm

sha256

PE Digest Matches

true

5b:ae:f9:36:c2:bd:60:fd:5c:68:80:4c:9c:28:53:9d:83:1b:07:8e
Signer

Actual PE Digest

5b:ae:f9:36:c2:bd:60:fd:5c:68:80:4c:9c:28:53:9d:83:1b:07:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

FolderProvider.pdb

Imports

msvcrt

__CxxFrameHandler3
_vsnwprintf
_wcsnicmp
wcschr
??1type_info@@UEAA@XZ
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
memmove_s
__C_specific_handler
memset
memcpy_s
_purecall
vswprintf_s
wcsncpy_s
_vscwprintf
wcscat_s
free
wcscpy_s
_onexit
memcmp

ntdll

RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateHeap

api-ms-win-downlevel-kernel32-l1-1-0

GetFileAttributesW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
HeapDestroy
HeapAlloc
HeapReAlloc
SetLastError
HeapSize
GetProcessHeap
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetFullPathNameW
HeapFree

api-ms-win-downlevel-user32-l1-1-1

CharNextW

api-ms-win-downlevel-advapi32-l1-1-1

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-downlevel-ole32-l1-1-1

CoCreateInstance
StringFromGUID2

oleaut32

SysFreeString
LoadRegTypeLi
SysAllocStringLen
RegisterTypeLi
SysStringLen
SysAllocStringByteLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysStringByteLen

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/imagingprovider.dll
.dll regsvr32 windows:6 windows x64 arch:x64

b6c9a20bf0991cbb53a24847e7c87df8

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:22:76:e9:fb:8b:88:ca:80:67:b3:cd:65:ce:54:49:f2:f5:a3:84:c6:1d:c0:ba:c1:ff:80:6b:d8:a5:9b:db
Signer

Actual PE Digest

58:22:76:e9:fb:8b:88:ca:80:67:b3:cd:65:ce:54:49:f2:f5:a3:84:c6:1d:c0:ba:c1:ff:80:6b:d8:a5:9b:db

Digest Algorithm

sha256

PE Digest Matches

true

c8:cd:48:e0:42:a9:91:09:e3:e3:60:a1:84:e4:4b:e6:e8:3f:be:68
Signer

Actual PE Digest

c8:cd:48:e0:42:a9:91:09:e3:e3:60:a1:84:e4:4b:e6:e8:3f:be:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

ImagingProvider.pdb

Imports

msvcrt

wcschr
towlower
__RTDynamicCast
memcmp
iswalpha
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_vsnwprintf
wcsncpy_s
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
__C_specific_handler
memset
calloc
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
_purecall
memcpy_s
vswprintf_s
wcsrchr
_vscwprintf
_wcsicmp
wcstoul
_wcsnicmp
wcscat_s
free
wcscpy_s

ntdll

RtlVerifyVersionInfo
VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-downlevel-kernel32-l1-1-0

MapViewOfFile
UnmapViewOfFile
SearchPathW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
CreateFileMappingW
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetLocaleInfoW
GetNumberFormatW
HeapAlloc
GetProcessHeap
HeapFree
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CompareStringW
GetVersionExW
HeapDestroy
HeapReAlloc
HeapSize
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
SetThreadUILanguage
FormatMessageW
FindResourceExW
LoadResource
LockResource
CloseHandle
SetLastError
CreateFileW
FreeLibrary

api-ms-win-downlevel-user32-l1-1-1

LoadStringW
CharLowerBuffW
CharNextW

api-ms-win-downlevel-advapi32-l1-1-1

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-downlevel-ole32-l1-1-1

StringFromGUID2
CoCreateInstance
GetErrorInfo
SetErrorInfo
CreateErrorInfo
ProgIDFromCLSID
CoTaskMemFree

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree

oleaut32

VariantClear
LoadRegTypeLi
SysFreeString
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysAllocStringLen

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/logprovider.dll
.dll regsvr32 windows:6 windows x64 arch:x64

37235cdd2854ed6aa4504d75e91e94ae

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/08/2012, 17:49

Not After

30/11/2013, 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:6a:50:2f:5b:f8:50:f9:00:0b:2c:fb:47:de:63:78:11:1d:8a:35:eb:8a:01:5b:01:a7:95:61:62:82:9b:2d
Signer

Actual PE Digest

c9:6a:50:2f:5b:f8:50:f9:00:0b:2c:fb:47:de:63:78:11:1d:8a:35:eb:8a:01:5b:01:a7:95:61:62:82:9b:2d

Digest Algorithm

sha256

PE Digest Matches

true

a7:9d:f5:17:02:38:3b:76:33:79:6b:6b:d6:ac:ec:06:c6:cc:3d:07
Signer

Actual PE Digest

a7:9d:f5:17:02:38:3b:76:33:79:6b:6b:d6:ac:ec:06:c6:cc:3d:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

LogProvider.pdb

Imports

msvcrt

wcstok_s
fclose
memcmp
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
swscanf_s
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
fgetws
malloc
__C_specific_handler
memset
calloc
memmove_s
_purecall
memcpy_s
vswprintf_s
_vscwprintf
_vsnprintf
wcscat_s
free
_wfopen
wcscpy_s
feof
wcsncpy_s
__dllonexit
rand
_vscprintf
vsprintf_s
_vsnwprintf
_wcsicmp
wcsrchr
wcschr
_wtoi
_wcsnicmp
towlower
strrchr
iswctype
memcpy

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

oleaut32

LoadTypeLi
SysStringLen
RegisterTypeLi
SysFreeString
UnRegisterTypeLi
SysAllocStringLen
SetErrorInfo
CreateErrorInfo
LoadRegTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString

api-ms-win-downlevel-kernel32-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
SearchPathW
ExitProcess
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetFileSize
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
TlsGetValue
VirtualQuery
FormatMessageA
TlsSetValue
SetThreadUILanguage
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
HeapAlloc
GetProcessHeap
OutputDebugStringA
HeapFree
CreateDirectoryW
GetLocalTime
TlsAlloc
GetWindowsDirectoryW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapDestroy
HeapReAlloc
HeapSize
GetVersion
TlsFree
CreateFileA
GetVersionExW
MultiByteToWideChar
GetCurrentThread
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
CloseHandle
FormatMessageW
CreateMutexW
ExpandEnvironmentStringsA
WriteFile
GetModuleFileNameA
GetSystemWindowsDirectoryW
GetSystemInfo
LoadLibraryExA
CreateMutexA
ReleaseMutex
DeleteFileW
GetTempFileNameW
GetFullPathNameW
DebugBreak
DeleteFileA
GetFileAttributesW
SetFilePointer
GetFileSizeEx
FreeLibrary
WaitForSingleObject
FlushFileBuffers
GetTempPathW
SetLastError
DeviceIoControl
IsDebuggerPresent

api-ms-win-downlevel-user32-l1-1-1

CharNextW
LoadStringW

api-ms-win-downlevel-advapi32-l1-1-1

EqualSid
CheckTokenMembership
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
OpenProcessToken
InitializeSecurityDescriptor
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
FreeSid
GetLengthSid

api-ms-win-downlevel-ole32-l1-1-1

CoTaskMemFree
StringFromGUID2
CoCreateInstance
ProgIDFromCLSID

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree
CreateFileMappingA

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/pkgmgr.exe
.exe windows:6 windows x64 arch:x64

3fde5e726066132875ab818c3cf2ba1d

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:84:5e:2e:68:12:0d:0b:07:bb:f4:46:b2:6a:ad:f8:e6:89:2c:cf:16:87:4f:ef:42:72:53:b0:58:b4:1b:70
Signer

Actual PE Digest

08:84:5e:2e:68:12:0d:0b:07:bb:f4:46:b2:6a:ad:f8:e6:89:2c:cf:16:87:4f:ef:42:72:53:b0:58:b4:1b:70

Digest Algorithm

sha256

PE Digest Matches

true

d6:86:0f:5e:b1:a3:89:3a:9e:6d:1b:c0:45:4c:48:a3:8c:e8:62:02
Signer

Actual PE Digest

d6:86:0f:5e:b1:a3:89:3a:9e:6d:1b:c0:45:4c:48:a3:8c:e8:62:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

pkgmgr.pdb

Imports

advapi32

StartTraceW
EnableTrace
ControlTraceW
CloseTrace
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

FormatMessageW
GetFileAttributesW
CreateDirectoryW
GetFileAttributesExW
CreateFileW
FreeLibrary
MoveFileExW
GetSystemTime
GetProcAddress
LoadLibraryW
GetWindowsDirectoryW
DeleteFileW
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
OutputDebugStringA
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetFullPathNameW
GetLastError
ExpandEnvironmentStringsW
GetModuleFileNameW
GetEnvironmentVariableW
GetCurrentProcessId
SetEnvironmentVariableW
LocalFree
GetCurrentProcess
GetModuleHandleExW
LoadLibraryExW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
SetLastError
GetCommandLineW
HeapSetInformation
Sleep
CloseHandle
DeviceIoControl

user32

MessageBoxW

msvcrt

malloc
memmove
wcsrchr
_vsnwprintf
_wcsicmp
_vsnprintf
wcstoul
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
_wcsnicmp
wcschr
free
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_CxxThrowException
__CxxFrameHandler3
wcsstr
memset
?terminate@@YAXXZ
_errno
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memcpy_s
memmove_s
memcpy
strcmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/ssshim.dll
.dll windows:6 windows x64 arch:x64

bb129d3e7f9249ae5b71eb8b840f7923

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/08/2012, 17:49

Not After

30/11/2013, 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:9a:47:78:9f:e2:1e:63:46:4f:10:22:59:f7:c4:af:4b:1a:41:74:1a:4f:f7:22:b7:10:6f:2a:a4:2c:99:29
Signer

Actual PE Digest

99:9a:47:78:9f:e2:1e:63:46:4f:10:22:59:f7:c4:af:4b:1a:41:74:1a:4f:f7:22:b7:10:6f:2a:a4:2c:99:29

Digest Algorithm

sha256

PE Digest Matches

true

83:1e:4e:e1:ca:e8:bc:62:c1:a4:f4:45:16:b0:c7:e8:e3:e9:c7:b2
Signer

Actual PE Digest

83:1e:4e:e1:ca:e8:bc:62:c1:a4:f4:45:16:b0:c7:e8:e3:e9:c7:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ssshim.pdb

Imports

ntdll

LdrLockLoaderLock
LdrUnlockLoaderLock
NtQueryAttributesFile
RtlPcToFileHeader
LdrLoadDll
LdrUnloadDll
NtQueryPerformanceCounter
NtClose
RtlAllocateHeap
RtlFreeHeap
RtlRaiseStatus
NtOpenFile
NtQueryDirectoryFile
NtCreateFile
NtQueryInformationFile
NtReadFile
NtWriteFile
NtSetInformationFile
RtlQueryEnvironmentVariable_U
RtlRaiseException
NtQueryObject
NtQueryInformationProcess
NtOpenProcess
NtDelayExecution
RtlInitString
LdrGetProcedureAddress
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memmove
NtQuerySystemTime
RtlNtStatusToDosErrorNoTeb
DbgPrintEx
RtlDowncaseUnicodeChar
RtlUpcaseUnicodeChar
RtlReAllocateHeap
RtlTimeToTimeFields
strncmp
wcstoul
RtlCreateUnicodeStringFromAsciiz
LdrGetDllHandle
RtlDosPathNameToNtPathName_U
RtlUnicodeToMultiByteN
memset
DbgPrint
memcmp
memcpy
__C_specific_handler

Exports

Exports

SssBindServicingStack
SssGetServicingStackFilePath
SssGetServicingStackFilePathLength
SssPreloadDownlevelDependencies
SssReleaseServicingStack

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/vhdprovider.dll
.dll regsvr32 windows:6 windows x64 arch:x64

7601a7d76fdea99433b38a272ed50746

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:52:fb:96:4a:96:cf:09:51:f2:17:92:fa:d6:44:7a:5b:56:dc:4b:a3:42:d0:8f:13:03:84:f6:dd:88:b2:54
Signer

Actual PE Digest

59:52:fb:96:4a:96:cf:09:51:f2:17:92:fa:d6:44:7a:5b:56:dc:4b:a3:42:d0:8f:13:03:84:f6:dd:88:b2:54

Digest Algorithm

sha256

PE Digest Matches

true

ab:f5:46:df:9d:46:84:5b:c8:0c:b4:6d:fe:06:71:db:f4:6b:0a:dc
Signer

Actual PE Digest

ab:f5:46:df:9d:46:84:5b:c8:0c:b4:6d:fe:06:71:db:f4:6b:0a:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

VhdProvider.pdb

Imports

msvcrt

memcmp
memcpy
bsearch
towupper
_wcsupr
qsort
wcscpy_s
wcsstr
iswalpha
wcsrchr
memmove
_onexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
__C_specific_handler
memset
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
_purecall
wcscat_s
wcsncpy_s
memmove_s
calloc
_wcsicmp
_vsnwprintf
_vscwprintf
memcpy_s
vswprintf_s
free
__dllonexit
iswctype
_wtoi
wcstoul
_wcsnicmp
towlower
wcschr
iswspace

ntdll

RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlReAllocateHeap
RtlEnterCriticalSection
NtQueryObject
NtOpenFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlRaiseStatus
NtYieldExecution
RtlAdjustPrivilege
RtlVerifyVersionInfo
VerSetConditionMask
RtlAllocateHeap
RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlDosPathNameToNtPathName_U
NtOpenDirectoryObject
NtClose
RtlNtStatusToDosError
NtQueryDirectoryObject
RtlInitUnicodeString
RtlVirtualUnwind
RtlCompareMemory

kernel32

GetVersionExW
GetCurrentThread
SearchPathW
MapViewOfFile
UnmapViewOfFile
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
GetLastError
CloseHandle
HeapFree
GetProcessHeap
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
Sleep
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
HeapAlloc
SetVolumeMountPointW
DeleteVolumeMountPointW
GetFileAttributesW
SetFileAttributesW
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteFileW
GetVolumePathNamesForVolumeNameW
SetLastError
MultiByteToWideChar
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SetThreadUILanguage
CompareStringW
HeapDestroy
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FormatMessageW
FindResourceExW
LoadResource
LockResource
LocalFree
GetFullPathNameW
GetFileInformationByHandle
GetVolumePathNameW
CreateThread
SetErrorMode
GetModuleHandleExW
GetSystemDirectoryW
ReadFile
SetFilePointer
FreeLibrary
CreateFileMappingW
SetFilePointerEx
GetFileSizeEx
GetFileTime
SetEndOfFile
UnlockFileEx
WriteFile
LockFileEx
LoadLibraryW
FindNextFileW
FindClose
GetDiskFreeSpaceW
FlushFileBuffers
CopyFileExW
FindFirstFileW
GetTempPathW
VirtualFree
VirtualAlloc
DeviceIoControl
GetLogicalDrives
GetDriveTypeW
GetDiskFreeSpaceExW
GetVolumeInformationW

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegFlushKey
RegEnumValueW
RegDeleteTreeW
RegUnLoadKeyW
OpenThreadToken
RegDeleteKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegLoadKeyW
OpenProcessToken
DuplicateTokenEx
AdjustTokenPrivileges
SetThreadToken

user32

LoadStringW
CharUpperBuffW
CharNextW
UnregisterClassA

ole32

CoCreateInstance
StringFromGUID2
ProgIDFromCLSID
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
RegisterTypeLi
SysStringLen
LoadTypeLi
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadRegTypeLi
SetErrorInfo
SysFreeString
VariantClear
CreateErrorInfo

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

setupapi

CMP_WaitNoPendingInstallEvents

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 562KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/wimgapi.dll
.dll windows:6 windows x64 arch:x64

416ff891aa0619f5711eddb9c9f8f957

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:2a:fe:6a:97:79:ea:ec:83:18:f5:c8:3f:ee:90:87:79:91:6b:93:ea:e5:27:7e:08:92:a1:5f:3d:15:79:40
Signer

Actual PE Digest

05:2a:fe:6a:97:79:ea:ec:83:18:f5:c8:3f:ee:90:87:79:91:6b:93:ea:e5:27:7e:08:92:a1:5f:3d:15:79:40

Digest Algorithm

sha256

PE Digest Matches

true

d1:ea:36:7f:03:21:96:1a:9a:7c:7f:79:ce:75:1e:cd:10:85:e8:02
Signer

Actual PE Digest

d1:ea:36:7f:03:21:96:1a:9a:7c:7f:79:ce:75:1e:cd:10:85:e8:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

wimgapi.pdb

Imports

msvcrt

memmove_s
memcpy_s
iswspace
_purecall
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_vscwprintf
wcstoul
_wcsupr
qsort
wcschr
_wcsrev
_wcslwr
_snwprintf_s
towlower
towupper
_vsnwprintf
_wtoi
memmove
swscanf_s
wcsncmp
_wcsnicmp
wcsnlen
_wcsicmp
wcsrchr
bsearch
memcpy
memset
memcmp
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter

ntdll

RtlDosPathNameToNtPathName_U_WithStatus
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlReAllocateHeap
RtlEnterCriticalSection
RtlGetVersion
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlInitUnicodeString
RtlImpersonateSelf
NtCreateFile
NtQueryInformationFile
NtClose
NtQueryDirectoryFile
RtlAllocateHeap
NtOpenFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtSetSecurityObject
RtlSetControlSecurityDescriptor
NtSetInformationFile
NtQuerySecurityObject
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlRaiseStatus
NtYieldExecution

kernel32

TerminateProcess
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetModuleHandleW
GetCurrentDirectoryW
GetExitCodeProcess
CreateProcessW
LoadLibraryW
GetLogicalDriveStringsW
CopyFileExW
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
GetLastError
CloseHandle
HeapFree
GetProcessHeap
SetLastError
DeleteFileW
RemoveDirectoryW
HeapAlloc
CompareStringW
GetDriveTypeW
GetVersionExW
FlushFileBuffers
GetFileSizeEx
GetSystemInfo
GetFileInformationByHandle
EnterCriticalSection
LeaveCriticalSection
DeviceIoControl
GetEnvironmentVariableW
SetThreadIdealProcessor
GetCurrentThread
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
CreateFileW
WriteFile
FindFirstFileW
FindNextFileW
FindClose
GetTempPathW
GetTempFileNameW
GetFileSize
SetFilePointer
ReadFile
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
GetFullPathNameW
GetHandleInformation
SetFilePointerEx
SetEndOfFile
CreateEventW
InitializeCriticalSectionAndSpinCount
GetOverlappedResult
LocalFree
GetPrivateProfileSectionW
LockFileEx
UnlockFileEx
CreateSemaphoreExW
HeapReAlloc
CreateMutexW
FormatMessageW
WaitForSingleObject
ReleaseMutex
WideCharToMultiByte
GetModuleFileNameW
OpenEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetVolumeInformationW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetSystemDirectoryW
SetEvent
WaitForMultipleObjectsEx
CreateThread
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
DuplicateHandle

advapi32

RegDeleteKeyExW
SetThreadToken
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RevertToSelf
GetSecurityInfo
AddAccessAllowedAceEx
FreeSid
SetSecurityDescriptorDacl
AdjustTokenPrivileges
RegLoadKeyW
RegOpenKeyExW
EqualSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegUnLoadKeyW
RegFlushKey
RegCloseKey
RegSetValueExW
RegCreateKeyExW
LookupPrivilegeValueW

user32

CharUpperW

rpcrt4

RpcBindingFree
RpcBindingSetAuthInfoW
RpcBindingFromStringBindingW
UuidCreate
UuidToStringW
RpcStringFreeW
UuidFromStringW
NdrClientCall3
RpcStringBindingComposeW

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Exports

Exports

DllCanUnloadNow
DllMain
WIMApplyImage
WIMCaptureImage
WIMCloseHandle
WIMCommitImageHandle
WIMCopyFile
WIMCreateFile
WIMCreateImageFile
WIMDeleteImage
WIMDeleteImageMounts
WIMEnumImageFiles
WIMExportImage
WIMExtractImagePath
WIMFindFirstImageFile
WIMFindNextImageFile
WIMGetAttributes
WIMGetImageCount
WIMGetImageInformation
WIMGetMessageCallbackCount
WIMGetMountedImageHandle
WIMGetMountedImageInfo
WIMGetMountedImageInfoFromHandle
WIMGetMountedImages
WIMGetWIMBootEntries
WIMGetWIMBootWIMPath
WIMInitFileIOCallbacks
WIMLoadImage
WIMMountImage
WIMMountImageHandle
WIMProcessCustomImage
WIMReadImageFile
WIMRegisterLogFile
WIMRegisterMessageCallback
WIMRemountImage
WIMSetBootImage
WIMSetFileIOCallbackTemporaryPath
WIMSetImageInformation
WIMSetReferenceFile
WIMSetTemporaryPath
WIMSplitFile
WIMUnmountImage
WIMUnmountImageHandle
WIMUnregisterLogFile
WIMUnregisterMessageCallback
WIMUpdateWIMBootEntry

Sections

.text
Size: 621KB - Virtual size: 621KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/wimmount.sys
.sys windows:6 windows x64 arch:x64

8459d6ee015fae8752ed0f0e4b20ad12

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/08/2012, 17:49

Not After

30/11/2013, 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:f6:38:24:42:e4:b8:56:47:31:40:a9:51:4b:82:2c:92:24:40:a8:db:d2:ab:97:88:a9:85:1a:08:de:b2:0b
Signer

Actual PE Digest

59:f6:38:24:42:e4:b8:56:47:31:40:a9:51:4b:82:2c:92:24:40:a8:db:d2:ab:97:88:a9:85:1a:08:de:b2:0b

Digest Algorithm

sha256

PE Digest Matches

true

1f:96:3d:b6:9e:9d:cc:c0:38:69:0d:4f:52:1f:17:c9:74:b6:a2:9c
Signer

Actual PE Digest

1f:96:3d:b6:9e:9d:cc:c0:38:69:0d:4f:52:1f:17:c9:74:b6:a2:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wimmount.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
RtlCompareMemory
ZwOpenProcess
ObOpenObjectByPointer
KeWaitForMultipleObjects
RtlAppendUnicodeStringToString
ZwClose
ExEventObjectType
MmGetSystemRoutineAddress
ProbeForWrite
ZwCreateEvent
PsProcessType
ProbeForRead
DbgPrint
ExInitializeResourceLite
ObfDereferenceObject
PsGetCurrentProcessId
IoGetTopLevelIrp
ExDeleteResourceLite
RtlCompareUnicodeString
ZwDuplicateObject
KeWaitForSingleObject
ObReferenceObjectByHandle
IoFileObjectType
KeInitializeEvent
KeSetEvent
RtlInitUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlUnwindEx

fltmgr.sys

FltDeleteStreamContext
FltAcquireResourceShared
FltGetVolumeName
FltObjectReference
FltGetVolumeFromFileObject
FltGetRoutineAddress
FltCloseClientPort
FltEnumerateInstances
FltSendMessage
FltObjectDereference
FltStartFiltering
FltReleaseFileNameInformation
FltRegisterFilter
FltAcquireResourceExclusive
FltFsControlFile
FltBuildDefaultSecurityDescriptor
FltCloseCommunicationPort
FltUnregisterFilter
FltGetFileNameInformation
FltAllocateContext
FltClose
FltReleaseContext
FltReleaseResource
FltQueryInformationFile
FltReissueSynchronousIo
FltCreateFile
FltIsDirectory
FltFreeSecurityDescriptor
FltGetDiskDeviceObject
FltSetInformationFile
FltUntagFile
FltGetStreamContext
FltGetRequestorProcessId
FltSetStreamContext
FltCreateCommunicationPort
FltSetCallbackDataDirty

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/wimmountadksetupamd64.exe
.exe windows:6 windows x64 arch:x64

0ac5bf2150ae95b92f6479acf891a998

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/08/2012, 17:49

Not After

30/11/2013, 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:6b:de:19:66:66:f9:95:c9:87:6c:2c:e9:18:d3:df:b7:f5:5a:53:38:b6:09:b5:1b:5e:77:43:58:24:d5:25
Signer

Actual PE Digest

96:6b:de:19:66:66:f9:95:c9:87:6c:2c:e9:18:d3:df:b7:f5:5a:53:38:b6:09:b5:1b:5e:77:43:58:24:d5:25

Digest Algorithm

sha256

PE Digest Matches

true

5b:4d:0b:35:cb:1b:7c:3b:59:09:a5:aa:90:cc:5d:cc:48:3b:5c:91
Signer

Actual PE Digest

5b:4d:0b:35:cb:1b:7c:3b:59:09:a5:aa:90:cc:5d:cc:48:3b:5c:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WimMountAdkSetupAmd64.pdb

Imports

advapi32

RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

CloseHandle
QueryPerformanceCounter
GetFileAttributesW
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
LocalFree
GetSystemInfo
SetLastError
GetLastError
GetModuleFileNameW
GetProcessHeap
HeapFree
GetDriveTypeW
GetNativeSystemInfo
GetFullPathNameW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId

user32

MessageBoxW

msvcrt

__iob_func
_wfopen
_vsnwprintf
wcsncmp
_wcsnicmp
fwprintf
vfwprintf
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wcsicmp
fclose
wcschr
memset

shell32

CommandLineToArgvW

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
RtlFreeHeap
RtlAllocateHeap

fltlib

FilterUnload

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/wimprovider.dll
.dll regsvr32 windows:6 windows x64 arch:x64

e308c737cf6f8517a41180764640ab14

Code Sign

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2014, 17:13

Not After

23/08/2015, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:b3:48:17:33:bb:a1:3c:a4:75:bb:51:0e:fc:a3:a1:88:18:8e:4f:52:4d:58:74:21:a5:a1:b3:9d:6d:50:7a
Signer

Actual PE Digest

9b:b3:48:17:33:bb:a1:3c:a4:75:bb:51:0e:fc:a3:a1:88:18:8e:4f:52:4d:58:74:21:a5:a1:b3:9d:6d:50:7a

Digest Algorithm

sha256

PE Digest Matches

true

96:a9:55:f7:b2:8b:2a:24:26:d3:75:81:56:c9:20:e4:34:ce:fa:fb
Signer

Actual PE Digest

96:a9:55:f7:b2:8b:2a:24:26:d3:75:81:56:c9:20:e4:34:ce:fa:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

WimProvider.pdb

Imports

msvcrt

towupper
memmove
_wcsnicmp
iswspace
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__RTDynamicCast
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
__C_specific_handler
memcmp
memset
_wtoi64
_wcsicmp
wcstoul
_vsnwprintf
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
wcsncmp
wcschr
wcscat_s
memmove_s
calloc
_wtol
wcscpy_s
memcpy_s
_purecall
wcsrchr
vswprintf_s
free
_vscwprintf
wcsncpy_s
_strnicmp
memcpy

api-ms-win-downlevel-kernel32-l1-1-0

LoadLibraryExW
GetModuleHandleExW
OutputDebugStringW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
HeapFree
GetProcessHeap
GetFullPathNameW
HeapReAlloc
HeapAlloc
GetLastError
CompareStringW
DisableThreadLibraryCalls
SetThreadLocale
RaiseException
GetFileAttributesW
GetProcAddress
GetModuleHandleW
FindFirstFileW
FindNextFileW
FindClose
SetLastError
DeleteFileW
GetLocaleInfoW
GetNumberFormatW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
HeapDestroy
HeapSize
GetFileInformationByHandle
CloseHandle
CreateFileW
LockResource
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
LoadResource
FindResourceExW
FormatMessageW
LoadLibraryExA
SetThreadUILanguage
SearchPathW
MapViewOfFile
UnmapViewOfFile
GetVersionExW
CreateFileMappingW
GetThreadLocale

api-ms-win-downlevel-ole32-l1-1-1

StringFromGUID2
CoCreateInstance
CreateErrorInfo
ProgIDFromCLSID
CoTaskMemFree
SetErrorInfo

api-ms-win-downlevel-user32-l1-1-1

CharUpperW
LoadStringW
CharLowerBuffW
CharNextW

api-ms-win-downlevel-advapi32-l1-1-1

RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

api-ms-win-downlevel-kernel32-l2-1-0

GetPrivateProfileSectionW
LocalAlloc
LocalFree

ntdll

RtlNtStatusToDosError
RtlFreeHeap
RtlAllocateHeap
RtlEnterCriticalSection
RtlReAllocateHeap
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlLookupFunctionEntry
RtlCaptureContext
RtlRaiseStatus
NtYieldExecution
RtlVirtualUnwind

oleaut32

VarBstrCmp
VariantClear
SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
SysFreeString
SysAllocString
SysStringLen
LoadTypeLi

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/DISM81/wimserv.exe
.exe windows:6 windows x64 arch:x64

612791beea076a63570ec28bbb501325

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:2e:01:5a:7e:d8:21:2b:52:9d:ce:73:3d:f8:40:c6:fa:3e:a2:0b:55:3d:81:ce:cb:4c:b9:ab:ab:de:4d:30
Signer

Actual PE Digest

0c:2e:01:5a:7e:d8:21:2b:52:9d:ce:73:3d:f8:40:c6:fa:3e:a2:0b:55:3d:81:ce:cb:4c:b9:ab:ab:de:4d:30

Digest Algorithm

sha256

PE Digest Matches

true

fc:43:fa:15:f8:26:5e:93:8a:80:e5:f7:89:a0:d0:3f:38:c6:d7:a4
Signer

Actual PE Digest

fc:43:fa:15:f8:26:5e:93:8a:80:e5:f7:89:a0:d0:3f:38:c6:d7:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wimserv.pdb

Imports

kernel32

CreateSemaphoreExW
ReleaseSemaphore
LockFileEx
UnlockFileEx
CreateSemaphoreW
CreateFileMappingW
MapViewOfFile
CopyFileExW
GetCurrentDirectoryW
CreateThread
HeapSetInformation
WaitForMultipleObjects
CreateEventW
ResetEvent
Sleep
CreateMutexW
CloseHandle
GetLastError
GetProcessHeap
SetEvent
WaitForSingleObject
HeapFree
UnmapViewOfFile
HeapAlloc
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryW
CreateFileW
RemoveDirectoryW
GetVolumeInformationW
GetFileInformationByHandle
DuplicateHandle
GetDriveTypeW
FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
ReadFile
GetTempPathW
DeviceIoControl
GetCurrentThread
LocalFree
FreeLibrary
LoadLibraryExW
GetProcAddress
WaitForMultipleObjectsEx
GetOverlappedResult
FormatMessageW
LocalAlloc
WriteFile
ReleaseMutex
WideCharToMultiByte
SetFilePointer
GetFullPathNameW
GetEnvironmentVariableW
SetFileAttributesW
GetFileAttributesW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetFilePointerEx
DeleteCriticalSection
GetModuleHandleExW
CompareStringW
GetSystemDirectoryW
HeapReAlloc
GetHandleInformation
SetEndOfFile
InitializeCriticalSectionAndSpinCount
DeleteFileW
GetVersionExW
FlushFileBuffers
GetSystemInfo
SetThreadIdealProcessor
GetTempFileNameW

user32

CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW

msvcrt

swscanf_s
_snwprintf_s
wcsnlen
_wtoi
qsort
wcsncmp
memmove_s
memcpy_s
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
wcsrchr
towupper
_vsnwprintf
_wcsnicmp
memmove
_vscwprintf
_XcptFilter
_amsg_exit
memcmp
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_wcsicmp
wcschr
_purecall
iswspace
memcpy
memset
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln

ntdll

RtlInitializeCriticalSection
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlSetControlSecurityDescriptor
NtQuerySecurityObject
RtlImpersonateSelf
NtClose
RtlDosPathNameToNtPathName_U
RtlAdjustPrivilege
RtlInitUnicodeString
NtCreateFile
NtSetInformationFile
NtQueryInformationFile
RtlNtStatusToDosError
RtlAllocateHeap
RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetSecurityObject
RtlGetVersion
RtlEnterCriticalSection
RtlReAllocateHeap
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlRaiseStatus
NtYieldExecution

rpcrt4

NdrServerCallAll
RpcRevertToSelf
RpcServerUseProtseqEpW
UuidFromStringW
RpcServerRegisterAuthInfoW
RpcImpersonateClient
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerListen
NdrServerCall2
RpcServerRegisterIf
RpcStringFreeW
UuidCreate
UuidToStringW

advapi32

RegEnumKeyExW
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegUnLoadKeyW
RegFlushKey
RegSetValueExW
RegLoadKeyW
RevertToSelf
EqualSid
AddAccessAllowedAce
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
SetThreadToken
OpenThreadToken
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetLengthSid
FreeSid
AllocateAndInitializeSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx

Sections

.text
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/NSudo.exe
.exe windows:6 windows x64 arch:x64

1188b455132bc86c7e9e68ae98ce4171

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Documents\Visual Studio 2019\Projects\NSudo\Source\Native\Output\Binaries\Release\x64\NSudoLG.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetModuleFileNameW
OpenProcess
CreateEventW
MultiByteToWideChar
GetTickCount64
LockResource
QueryPerformanceFrequency
FindResourceExW
LoadResource
GetProcAddress
VerSetConditionMask
FreeLibrary
SleepEx
GetFileInformationByHandleEx
QueryPerformanceCounter
LoadLibraryExW
GetModuleHandleExW
ExitProcess
Sleep
RtlUnwindEx
OutputDebugStringW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
SizeofResource
GetLocalTime
GetCurrentProcessId
ResumeThread
WaitForSingleObjectEx
InitializeCriticalSection
GetCurrentProcess
SetPriorityClass
MulDiv
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
CloseHandle
GetThreadUILanguage
GetLastError
GetCurrentThreadId
GetFileAttributesW
CreateFileW
InitializeCriticalSectionEx
LeaveCriticalSection
SetThreadUILanguage
GetCommandLineW
EnterCriticalSection
SetLastError
HeapFree
VerifyVersionInfoW
ReadFile
RtlCaptureContext
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeCriticalSectionAndSpinCount

user32

LoadImageW
DialogBoxParamW
EndDialog
SendMessageW
GetWindowTextW
EndPaint
BeginPaint
DrawIconEx
GetClientRect
LoadIconW
ChangeWindowMessageFilter
DestroyIcon
UnregisterClassW
SetWindowLongPtrW
MonitorFromWindow
GetDC
GetDlgItem
SetWindowTextW

gdi32

DeleteDC
GetDeviceCaps

comdlg32

GetOpenFileNameW

advapi32

AdjustTokenPrivileges
GetAce
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
IsWellKnownSid
AddAce
CreateRestrictedToken
FreeSid
StartServiceW
InitializeAcl
OpenServiceW
GetLengthSid
AddAccessAllowedAce
QueryServiceStatusEx
LookupPrivilegeValueW
SetTokenInformation
OpenProcessToken
SetThreadToken
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation

shell32

DragQueryFileW
DragFinish

ole32

CoInitializeEx

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW
WTSQueryUserToken
WTSEnumerateSessionsW

msvcrt

strcpy_s
__pctype_func
tolower
___mb_cur_max_func
wcsnlen
wcstol
_mbtowc_l
?terminate@@YAXXZ
__wgetmainargs
_msize
_XcptFilter
_errno
_wcmdln
?_set_new_mode@@YAHH@Z
_commode
___lc_codepage_func
realloc
ceil
log10
_clearfp
_set_fmode
_initterm_e
_initterm
_callnewh
memcpy
_wcsnicmp
malloc
free
strncmp
_wcsicmp
strrchr
__DestructExceptionObject
_amsg_exit
memmove
memset
__C_specific_handler
_CxxThrowException
wcsstr
wcsrchr
abort
__set_app_type
memcmp

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/esdtoolcore.exe
.exe windows:10 windows x86 arch:x86

41348224975c12f9caca4673907f7a55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

EsdToolCore.pdb

Imports

msvcrt

__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_purecall
wcschr
memcpy_s
_wtoi
_lock
wprintf
printf
_unlock
_vsnwprintf
_wcsicmp
__dllonexit
_onexit
?terminate@@YAXXZ
wcsrchr
_wcsnicmp
wcsncmp
_vscwprintf
towupper
swscanf_s
wcsnlen
_wcstoi64
wcsstr
strncpy_s
_strnicmp
_wcslwr
_wcsrev
qsort
towlower
_wcsupr
wcstoul
wcstok_s
strcpy_s
memmove_s
iswspace
_wcstoui64
_controlfp
_initterm
_except_handler4_common
memmove
memcpy
memcmp
_ftol2
_wtol
__CxxFrameHandler3
memset

ntdll

NtClose
RtlGetLastNtStatus
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryInformationProcess
NtQueryEaFile
NtCreateFile
RtlImpersonateSelf
RtlInitUnicodeString
NtUnloadKey2
RtlSetControlSecurityDescriptor
RtlFindAceByType
NtSetSecurityObject
NtSetEaFile
RtlInitializeResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
RtlDeleteResource
RtlRaiseStatus
RtlInitializeCriticalSection
DbgPrintEx
NtQueryDirectoryFile
NtWriteFile
NtReadFile
RtlReAllocateHeap
RtlExpandEnvironmentStrings
NtWaitForSingleObject
NtYieldExecution
RtlDowncaseUnicodeChar
NtSetInformationThread
RtlGetVersion
NtShutdownSystem
NtSetInformationProcess
RtlDosPathNameToNtPathName_U
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosError
RtlAdjustPrivilege
NtOpenFile

fltlib

FilterSendMessage
FilterAttach
FilterLoad

cabinet

ord23
ord22
ord20

oleaut32

SysFreeString
SysAllocString

rpcrt4

UuidCreate
RpcStringFreeW
I_RpcMapWin32Status
UuidToStringW
UuidFromStringW

kernel32

GetTempFileNameW
CreateFileW
ReadFile
IsDebuggerPresent
DebugBreak
SetFilePointerEx
GetFileSizeEx
lstrcmpW
SetEndOfFile
WriteFile
GetTimeZoneInformation
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentThreadId
CreateDirectoryW
Sleep
FreeLibrary
LoadLibraryW
FindNextFileW
ExitProcess
MapViewOfFile
SetConsoleCtrlHandler
GetCurrentDirectoryW
FormatMessageW
DeleteCriticalSection
WideCharToMultiByte
GetFileSize
FindFirstFileW
GetVersionExA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFilePointer
CreateFileA
GetFileAttributesW
FindClose
DeleteFileW
VirtualQuery
GetSystemWindowsDirectoryW
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LoadLibraryExW
LocalFree
GetProcessHeap
GetProcAddress
IsWow64Process
GetCurrentProcess
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
DeviceIoControl
SetFileAttributesW
GetLongPathNameW
GetFinalPathNameByHandleW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
CreateFileMappingW
GetDriveTypeW
GetFileInformationByHandleEx
GetFileInformationByHandle
SetFileInformationByHandle
CopyFileExW
FlushFileBuffers
GetModuleHandleExW
HeapFree
UnmapViewOfFile
GlobalMemoryStatusEx
GetSystemDirectoryW
TlsAlloc
ExpandEnvironmentStringsW
TlsFree
GetEnvironmentVariableW
TlsGetValue
TlsSetValue
GetFullPathNameW
CreateSemaphoreW
WaitForSingleObject
ResetEvent
ReleaseSemaphore
CreateThread
CreateEventW
SetLastError
CompareStringW
WaitForMultipleObjects
CloseHandle
SetEvent
GetTempPathW
LCIDToLocaleName
WaitForMultipleObjectsEx
CreateSemaphoreExW
GetOverlappedResult
GetSystemInfo
InitializeCriticalSection
SetThreadIdealProcessor
GetCurrentThread
HeapReAlloc
LocalAlloc
GetHandleInformation
GetVolumeInformationW
LockFileEx
UnlockFileEx
GetVolumePathNamesForVolumeNameW
SetPriorityClass
SetThreadPriority
GetExitCodeThread
GetThreadPriority
GetPriorityClass
OpenProcess
DuplicateHandle
RemoveDirectoryW
MultiByteToWideChar
GetPrivateProfileSectionW

setupapi

SetupFindNextLine
SetupFindFirstLineW
SetupCloseInfFile
SetupGetStringFieldW
SetupGetLineTextW
SetupOpenInfFileW

advapi32

RegDeleteValueW
GetSecurityInfo
AddAccessAllowedAce
CopySid
InitializeAcl
GetLengthSid
SetSecurityInfo
InitiateSystemShutdownExW
GetTokenInformation
OpenThreadToken
RegUnLoadKeyW
RegLoadKeyW
WriteEncryptedFileRaw
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegFlushKey
RegCreateKeyExW
RegQueryInfoKeyW
CloseEncryptedFileRaw
ReadEncryptedFileRaw
OpenEncryptedFileRawW
RegEnumKeyExW
RegEnumValueW
RevertToSelf
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
RegOpenKeyExW
CryptGetUserKey
CryptSetProvParam
CryptAcquireContextW
CryptExportKey
CryptGenKey
CryptDestroyKey
RegQueryValueExW
RegSetValueExW
RegCloseKey
GetSecurityDescriptorLength
CryptReleaseContext
GetNamedSecurityInfoW
ConvertSecurityDescriptorToStringSecurityDescriptorW

shlwapi

StrStrIW

user32

CharUpperW

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptGetProperty

Sections

.text
Size: 820KB - Virtual size: 820KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/imagex.exe
.exe windows:10 windows x64 arch:x64

0c46f702af9a0eeaded48c99b8bf90b9

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:75:37:ca:09:e2:fc:1b:2d:1c:e0:14:71:f6:c5:d8:9c:da:6b:ec:a6:54:d0:8f:fa:52:4b:c2:84:3a:93:da
Signer

Actual PE Digest

2b:75:37:ca:09:e2:fc:1b:2d:1c:e0:14:71:f6:c5:d8:9c:da:6b:ec:a6:54:d0:8f:fa:52:4b:c2:84:3a:93:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

imagex.pdb

Imports

msvcrt

memmove
_onexit
__dllonexit
_unlock
_lock
iswspace
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
memmove_s
wcstok_s
memcmp
_wcsupr
strcpy_s
towlower
_purecall
_wcsrev
_wcslwr
_initterm
__setusermatherr
_strnicmp
memcpy_s
strncpy_s
_wcstoi64
wcsnlen
wcsstr
swscanf_s
wcsncmp
towupper
_cexit
_wcsnicmp
wcschr
_vscwprintf
_exit
exit
_wcsicmp
__iob_func
malloc
_callnewh
free
memcpy
qsort
_vsnwprintf
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wtoi
wcsrchr
_wtol
fflush
printf
wcstoul
memset

ntdll

NtYieldExecution
RtlReAllocateHeap
DbgPrintEx
RtlInitializeCriticalSection
RtlRaiseStatus
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
NtUnloadKey2
RtlInitUnicodeString
NtQuerySecurityObject
RtlImpersonateSelf
NtSetSecurityObject
RtlFindAceByType
RtlSetControlSecurityDescriptor
NtCreateFile
NtQueryEaFile
NtQueryVolumeInformationFile
NtQueryInformationProcess
NtQueryInformationFile
RtlAdjustPrivilege
NtClose
NtQueryDirectoryFile
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlGetLastNtStatus
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
NtSetEaFile
RtlNtStatusToDosError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlDowncaseUnicodeChar

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
QueryPerformanceCounter
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateSemaphoreW
ReleaseSemaphore
GetModuleHandleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetLogicalDrives
GetTempPathW
GlobalMemoryStatusEx
WaitForMultipleObjects
GetPrivateProfileSectionW
DuplicateHandle
GetHandleInformation
GetVolumeInformationW
InitializeCriticalSectionAndSpinCount
OpenProcess
ReleaseMutex
LocalAlloc
GetModuleHandleExW
CreateMutexW
HeapReAlloc
UnlockFileEx
LockFileEx
CreateEventW
SetEndOfFile
RemoveDirectoryW
SetFilePointerEx
SetFilePointer
GetFileSize
SetThreadIdealProcessor
GetSystemInfo
DeleteCriticalSection
GetOverlappedResult
ReadFile
GetCurrentThread
GetCurrentDirectoryW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetFinalPathNameByHandleW
GetLongPathNameW
CreateDirectoryW
HeapAlloc
GetProcessHeap
WideCharToMultiByte
GetLastError
WriteFile
GetConsoleMode
GetConsoleScreenBufferInfo
WriteConsoleW
SetConsoleCursorPosition
GetStdHandle
DeleteFileW
GetVolumePathNamesForVolumeNameW
LoadLibraryW
GetTempFileNameW
GetDriveTypeW
InitializeCriticalSection
LocalFileTimeToFileTime
DosDateTimeToFileTime
MultiByteToWideChar
CreateSemaphoreExW
Wow64RevertWow64FsRedirection
GetExitCodeProcess
CreateProcessW
Wow64DisableWow64FsRedirection
GetLogicalDriveStringsW
lstrcmpW
EnterCriticalSection
FillConsoleOutputCharacterW
LeaveCriticalSection
LCIDToLocaleName
HeapFree
WaitForMultipleObjectsEx
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetCommandLineW
GetEnvironmentVariableW
WaitForSingleObject
OpenEventW
FormatMessageW
LocalFree
SetEvent
SetFileTime
GetSystemWindowsDirectoryW
CloseHandle
CreateThread
ResetEvent
SetLastError
CompareStringW
GetProcAddress
FindClose
FreeLibrary
LoadLibraryExW
GetFileSizeEx
DeviceIoControl
CreateFileW
SetFileAttributesW
GetFileInformationByHandleEx
GetFileInformationByHandle
SetFileInformationByHandle
CopyFileExW
FlushFileBuffers
FindNextFileW
FindFirstFileW
SetConsoleCtrlHandler
GetModuleFileNameW
GetFullPathNameW
GetTickCount64
GetFileAttributesW

user32

LoadStringW
CharPrevW
CharNextW
CharUpperW

shlwapi

PathMatchSpecW
StrStrIW

setupapi

SetupGetLineTextW
SetupFindNextLine
SetupCloseInfFile
SetupFindFirstLineW
SetupOpenInfFileW

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingFree
NdrClientCall3
UuidToStringW
RpcStringFreeW
UuidFromStringW
RpcBindingSetAuthInfoW
I_RpcMapWin32Status
UuidCreate

fltlib

FilterSendMessage
FilterAttach
FilterLoad
FilterConnectCommunicationPort

cabinet

ord22
ord20
ord23

advapi32

WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAccessAllowedAceEx
GetSecurityDescriptorLength
GetSecurityInfo
EqualSid
RegUnLoadKeyW
RegLoadKeyW
OpenThreadToken
GetTokenInformation
RegCloseKey
RegDeleteKeyExW
RegFlushKey
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CheckTokenMembership
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
RevertToSelf
ReadEncryptedFileRaw
RegQueryInfoKeyW
SetThreadToken
CloseEncryptedFileRaw

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyHash

Sections

.text
Size: 628KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/libwim-15.dll
.dll windows:4 windows x64 arch:x64

00837f799e98ba17354b0e000174b764

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
CloseEncryptedFileRaw
LookupPrivilegeValueW
OpenEncryptedFileRawW
OpenProcessToken
ReadEncryptedFileRaw
RegCloseKey
RegCreateKeyExW
RegFlushKey
RegLoadKeyW
RegSetValueExW
RegUnLoadKeyW
SystemFunction036
WriteEncryptedFileRaw

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MoveFileExW
MoveFileW
MultiByteToWideChar
OutputDebugStringA
RaiseException
ReadFile
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEndOfFile
SetEvent
SetFilePointer
SetFilePointerEx
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_beginthreadex
_endthreadex
_errno
_fstat64
_get_osfhandle
_gmtime64
_initterm
_lock
_lseeki64
_open_osfhandle
_setjmp
_stat64
fwprintf
_telli64
_time64
_ultoa
_unlock
_waccess
_wassert
_wcsicmp
_wfopen
_wgetenv
_wmkdir
_wopen
_wstat64
_wtempnam
_wunlink
abort
calloc
exit
fclose
feof
ferror
fflush
fgetwc
fopen
fputc
fputwc
fputws
fread
free
fwrite
getc
getenv
islower
isspace
isupper
iswctype
isxdigit
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
putc
qsort
rand
realloc
signal
srand
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strtol
strtoul
tolower
toupper
towlower
ungetc
ungetwc
vfprintf
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcspbrk
wcsrchr
wcsstr
wcstol
wcstoul
_wstat
longjmp
_write
_strdup
_read
_getcwd
_fdopen
_close

ntdll

NtClose
NtCreateFile
NtFsControlFile
NtOpenFile
NtOpenSymbolicLinkObject
NtQueryDirectoryFile
NtQueryEaFile
NtQueryInformationFile
NtQuerySecurityObject
NtQueryVolumeInformationFile
NtReadFile
NtSetEaFile
NtSetInformationFile
NtSetSecurityObject
NtWaitForSingleObject
NtWriteFile
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlNtStatusToDosError

user32

wsprintfW

Exports

Exports

wimlib_add_empty_image
wimlib_add_image
wimlib_add_image_multisource
wimlib_add_tree
wimlib_compress
wimlib_create_compressor
wimlib_create_decompressor
wimlib_create_new_wim
wimlib_decompress
wimlib_delete_image
wimlib_delete_path
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_free_compressor
wimlib_free_decompressor
wimlib_get_compression_type_string
wimlib_get_compressor_needed_memory
wimlib_get_error_string
wimlib_get_image_description
wimlib_get_image_name
wimlib_get_image_property
wimlib_get_version
wimlib_get_version_string
wimlib_get_wim_info
wimlib_get_xml_data
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join
wimlib_join_with_progress
wimlib_mount_image
wimlib_open_wim
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_rename_path
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_error_file
wimlib_set_error_file_by_name
wimlib_set_image_descripton
wimlib_set_image_flags
wimlib_set_image_name
wimlib_set_image_property
wimlib_set_memory_allocator
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_unmount_image
wimlib_unmount_image_with_progress
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd

Sections

.text
Size: 584KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/oscdimg.exe
.exe windows:10 windows x64 arch:x64

2b559891862d734fae9c7518a336b076

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:21:e9:76:84:a2:d2:b4:0d:c9:1d:2b:b9:fa:6b:f6:02:29:d5:aa:f4:05:95:c8:7e:c7:32:fe:e5:52:fb:5f
Signer

Actual PE Digest

28:21:e9:76:84:a2:d2:b4:0d:c9:1d:2b:b9:fa:6b:f6:02:29:d5:aa:f4:05:95:c8:7e:c7:32:fe:e5:52:fb:5f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

OSCDIMG.pdb

Imports

kernel32

GetVersionExA
SetErrorMode
GetSystemTime
SystemTimeToFileTime
SetFileApisToANSI
SetFileApisToOEM
GetTimeZoneInformation
GetFullPathNameA
GetFullPathNameW
lstrlenW
FindFirstFileW
FindFirstFileA
FindClose
GetLongPathNameW
GetLastError
GetLongPathNameA
HeapFree
CreateFileW
CreateFileA
CloseHandle
WaitForSingleObject
SetEvent
FileTimeToSystemTime
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
ReadFile
GetFileTime
GetFileInformationByHandle
FindNextFileA
FindNextFileW
GetOverlappedResult
SetEndOfFile
SetFilePointer
CreateEventA
WriteFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetModuleHandleA
GetProcessWorkingSetSize
SetProcessWorkingSetSize
InitializeCriticalSection
VirtualFree
SetConsoleCtrlHandler
ExitProcess
FormatMessageA
GetProcessHeap
HeapAlloc
VirtualAlloc
VirtualLock
ResetEvent
GetProcAddress
ReleaseSemaphore
CreateThread
WaitForMultipleObjects
SetThreadPriority
CreateSemaphoreA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetSystemTimeAsFileTime
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep

msvcrt

_wcsicmp
strrchr
_stricmp
wcscpy_s
wcscat_s
strtok
_wfopen
fgetws
feof
fclose
fopen
fgets
swprintf_s
_strnicmp
_strtoui64
strtoul
tolower
atoi
srand
time
__C_specific_handler
vfprintf
_ultoa
rand
_wcsnicmp
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
__setusermatherr
_initterm
_fmode
_commode
wcstok
?terminate@@YAXXZ
memset
wprintf
sprintf_s
strchr
wcschr
_strupr
wcsncmp
strcat_s
strcpy_s
exit
printf
fflush
wcsrchr
fprintf
__iob_func
memcmp
memcpy
strcmp

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x64/wimlib-imagex.exe
.exe windows:4 windows x64 arch:x64

e3ed2ca34e65fe10b25c52b3dbe563fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libwim-15

wimlib_add_image_multisource
wimlib_create_new_wim
wimlib_delete_image
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_get_compression_type_string
wimlib_get_error_string
wimlib_get_image_property
wimlib_get_version_string
wimlib_get_wim_info
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join_with_progress
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_image_property
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd

advapi32

ConvertSecurityDescriptorToStringSecurityDescriptorW

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__iob_func
__lconv_init
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_commode
_errno
_fmode
_fpreset
_gmtime64
_initterm
_lock
_onexit
_putws
_setmode
fwprintf
_unlock
_wcmdln
_wcserror
_wcsicmp
_wfopen
_wgetenv
_wstat64
abort
calloc
exit
fclose
feof
ferror
fflush
fprintf
fputc
fputwc
fputws
fread
free
fwrite
getenv
iswctype
localeconv
malloc
memcpy
memmove
memset
realloc
signal
strerror
strlen
strncmp
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcsrchr
wcstoul
_wcsdup
_isatty

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/7z.dll
.dll windows:4 windows x86 arch:x86

f3dc956f72b38463817f1a764bf2b5a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear

user32

CharPrevExA
CharUpperW

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
exit
strchr
strcat
strcpy
realloc
memset
free
malloc
strlen
wcscmp
strcmp
strstr
memmove
_CxxThrowException
memcpy
memcmp
_purecall
__CxxFrameHandler

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
SetThreadAffinityMask
ResumeThread
WaitForSingleObject
InterlockedIncrement
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetOEMCP
DeleteCriticalSection
GetVersionExW
LocalFileTimeToFileTime
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetProcAddress
GetModuleHandleW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetModuleHandleA

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 938KB - Virtual size: 938KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/7z.exe
.exe windows:4 windows x86 arch:x86

b42d0ac4cbca0dc8c838e1de5e6e28b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear

user32

CharUpperW

advapi32

LookupPrivilegeValueW
GetFileSecurityW
SetFileSecurityW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
OpenProcessToken

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
_ftol
memcmp
_purecall
memset
strlen
wcscmp
wcsstr
strcmp
memmove
fputs
fputc
fflush
fgetc
fclose
_iob
free
malloc
memcpy
_CxxThrowException
__CxxFrameHandler
_isatty
_fileno

kernel32

SetThreadAffinityMask
CreateEventW
SetEvent
InitializeCriticalSection
WaitForSingleObject
SetFileTime
VirtualFree
VirtualAlloc
SetConsoleMode
GetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
IsProcessorFeaturePresent
GlobalMemoryStatus
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
GetLogicalDriveStringsW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
GetFileInformationByHandle
ResumeThread

Sections

.text
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/Microsoft.Dism.Powershell.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:a7:02:99:9b:1c:38:7f:3a:7b:f0:6a:c9:13:b6:c1:3c:59:86:34:e0:cc:0c:e5:8e:ff:da:39:60:9c:18:6e
Signer

Actual PE Digest

e9:a7:02:99:9b:1c:38:7f:3a:7b:f0:6a:c9:13:b6:c1:3c:59:86:34:e0:cc:0c:e5:8e:ff:da:39:60:9c:18:6e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Dism.PowerShell.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/WimMountAdkSetupX86.exe
.exe windows:10 windows x86 arch:x86

c4275804c904a611108869f99d01f656

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7d:3a:ef:10:3a:c7:5d:22:46:ae:7d:03:d7:57:61:52:57:45:17:f0:f0:2e:23:4f:56:a4:a9:78:a4:c8:9e
Signer

Actual PE Digest

0a:7d:3a:ef:10:3a:c7:5d:22:46:ae:7d:03:d7:57:61:52:57:45:17:f0:f0:2e:23:4f:56:a4:a9:78:a4:c8:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WimMountAdkSetupX86.pdb

Imports

msvcrt

_except_handler4_common
?terminate@@YAXXZ
memcpy
exit
_vsnwprintf
_wcmdln
__set_app_type
_initterm
_amsg_exit
towupper
wcschr
_exit
__p__commode
_cexit
_XcptFilter
fwprintf
__iob_func
_controlfp
__p__fmode
wcsncmp
vfwprintf
_wcsnicmp
_wfopen
fclose
_wcsicmp
memcpy_s
__wgetmainargs
__setusermatherr
memset

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlGetVersion
RtlNtStatusToDosError

kernel32

GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
Sleep
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetDriveTypeW
GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
LocalFree
GetSystemInfo
GetNativeSystemInfo
GetLastError
GetModuleFileNameW
GetFullPathNameW
GetFileAttributesW
CloseHandle
HeapAlloc
SetLastError

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
RegCloseKey

shell32

CommandLineToArgvW

user32

MessageBoxW

fltlib

FilterUnload

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/dism.Format.ps1xml
.ps1
Bin/x86/DISM10/dism.Types.ps1xml
.xml
Bin/x86/DISM10/dism.exe
.exe windows:10 windows x86 arch:x86

909ee523b7de598e5845e9f2c06d54db

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:85:46:5e:69:15:f3:2c:26:87:5f:c2:d2:be:9c:0c:26:ca:09:84:44:14:f4:30:bc:69:18:69:bc:24:d0:4f
Signer

Actual PE Digest

8a:85:46:5e:69:15:f3:2c:26:87:5f:c2:d2:be:9c:0c:26:ca:09:84:44:14:f4:30:bc:69:18:69:bc:24:d0:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

Dism.pdb

Imports

msvcrt

__RTDynamicCast
??3@YAXPAX@Z
memcmp
_controlfp
realloc
wcsstr
wcsncmp
_wcsnicmp
iswalpha
towlower
_snwscanf_s
_errno
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
_except_handler4_common
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
wcscpy_s
wcsrchr
calloc
malloc
_purecall
_wcsicmp
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_wcslwr_s
wcschr
wprintf
memmove_s
memcpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
_ftol2
memset

advapi32

IsValidSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
EventUnregister
EventRegister
EventWriteTransfer
EventActivityIdControl
UnregisterTraceGuids
InitiateSystemShutdownExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
TraceEvent
GetLengthSid
CopySid
IsValidSid

kernel32

GetDriveTypeW
SearchPathW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandleEx
DeviceIoControl
SetFileAttributesW
SetFileInformationByHandle
DeleteFileW
CopyFileExW
GetLongPathNameW
GetFinalPathNameByHandleW
GetVersionExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
InitializeCriticalSection
EnterCriticalSection
SetEvent
LeaveCriticalSection
GetLastError
CloseHandle
SetThreadUILanguage
SetErrorMode
SetConsoleCtrlHandler
OutputDebugStringW
GetCommandLineW
HeapFree
GetProcessHeap
Sleep
GetCurrentProcess
DeleteCriticalSection
RaiseException
GetCurrentThreadId
CompareStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetStdHandle
HeapAlloc
WriteConsoleW
LocalAlloc
WideCharToMultiByte
WriteFile
LocalFree
GetFileType
GetConsoleMode
GetModuleFileNameW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
MultiByteToWideChar
GetSystemInfo
OpenProcess
QueryFullProcessImageNameW
HeapSize
HeapReAlloc
HeapDestroy
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
FindClose
WaitForSingleObject
LoadLibraryExW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

user32

CharLowerBuffW

oleaut32

SysAllocStringLen
GetErrorInfo
SysAllocStringByteLen
SysStringByteLen
LoadTypeLi
SysAllocString
VarBstrCmp
LoadRegTypeLi
SysStringLen
VariantClear
SysFreeString

ntdll

NtQueryInformationProcess
RtlNtStatusToDosError
RtlGetVersion
NtSetInformationFile
RtlAllocateHeap
RtlFreeHeap

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/dism.psd1
Bin/x86/DISM10/dism.psm1
Bin/x86/DISM10/dismapi.dll
.dll windows:10 windows x86 arch:x86

01e55754ccfb3960ed97eff57b8cdad6

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:aa:7b:e2:c4:35:47:dc:b0:a5:aa:56:35:97:87:73:25:dc:7e:50:0e:ea:c2:40:9a:92:44:19:8a:b5:ff:62
Signer

Actual PE Digest

cc:aa:7b:e2:c4:35:47:dc:b0:a5:aa:56:35:97:87:73:25:dc:7e:50:0e:ea:c2:40:9a:92:44:19:8a:b5:ff:62

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

DismApi.pdb

Imports

msvcrt

wcsstr
wcsncmp
wcsrchr
_vsnwprintf
towlower
_snwscanf_s
fclose
wcstok_s
_wfopen
_wcslwr_s
strrchr
_wcsnicmp
iswctype
_ftol2
memcmp
realloc
_errno
fgetws
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
wcscpy_s
_wcstoui64
wcstoul
iswspace
swscanf_s
_wtoi
wcschr
iswalpha
_wcsicmp
_purecall
feof
??1type_info@@UAE@XZ
_vscprintf
vsprintf_s
calloc
_vsnprintf
malloc
free
vswprintf_s
_vscwprintf
memmove_s
memcpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??3@YAXPAX@Z
memset

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CheckTokenMembership
AddAccessAllowedAce
RegCloseKey
GetTokenInformation
OpenThreadToken
EqualSid
InitializeAcl
SetSecurityDescriptorDacl
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
GetLengthSid
InitializeSecurityDescriptor

kernel32

MoveFileExW
GetTimeFormatEx
GetSystemTime
SetErrorMode
GetVersionExW
GetProcAddress
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
FindResourceExW
OutputDebugStringW
GetThreadUILanguage
OutputDebugStringA
GetModuleHandleExW
GetLastError
GetModuleFileNameW
FreeLibrary
WideCharToMultiByte
LoadLibraryExW
HeapFree
GetProcessHeap
MultiByteToWideChar
WaitForMultipleObjectsEx
WaitForSingleObject
FormatMessageW
LocalFree
GetLocaleInfoEx
GetCommandLineW
GetFileAttributesW
IsWow64Process
GetCurrentProcess
CompareStringW
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetEnvironmentVariableW
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateDirectoryW
CreateEventW
ResumeThread
DuplicateHandle
GetTempFileNameW
GetCurrentThread
ResetEvent
CreateThread
SetEvent
CloseHandle
CreateFileW
SetFilePointer
GetFullPathNameW
ReadFile
GetSystemWindowsDirectoryW
TlsSetValue
UnmapViewOfFile
TlsAlloc
GetLocalTime
GetFileSize
ExitProcess
TlsGetValue
TlsFree
FormatMessageA
CreateFileMappingW
MapViewOfFile
VirtualQuery
ExpandEnvironmentStringsW
GetFileSizeEx
FlushFileBuffers
CopyFileExW
DeleteFileW
SetFileInformationByHandle
GetFileInformationByHandle
SetFileAttributesW
FindClose
DeviceIoControl
FindNextFileW
FindFirstFileW
GetFileInformationByHandleEx
GetModuleFileNameA
WriteFile
CreateMutexW
CreateMutexA
ReleaseMutex
GetVersion
CreateFileA
DeleteFileA
CreateFileMappingA
DebugBreak
GetModuleHandleExA
GetWindowsDirectoryW
IsDebuggerPresent
SetLastError
GetLongPathNameW
GetFinalPathNameByHandleW
SearchPathW
GetSystemInfo

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
StringFromGUID2

user32

CharLowerBuffW

oleaut32

VarBstrCmp
SafeArrayGetUBound
VariantTimeToSystemTime
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
LoadTypeLi
LoadRegTypeLi
SysStringLen
SafeArrayGetLBound
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
VarBstrCat
SystemTimeToVariantTime

ntdll

RtlInitUnicodeString
NtReadFile
RtlReAllocateHeap
NtClose
RtlExpandEnvironmentStrings
NtQueryInformationFile
NtWaitForSingleObject
NtOpenFile
NtWriteFile
NtYieldExecution
DbgPrintEx
RtlDowncaseUnicodeChar
RtlRaiseStatus
RtlAllocateHeap
RtlGetVersion
NtSetInformationFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosError
RtlFreeHeap

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

Exports

Exports

DismAddCapability
DismAddDriver
DismAddPackage
DismAddProvisionedAppxPackage
DismApplyUnattend
DismCheckImageHealth
DismCleanupMountpoints
DismCloseSession
DismCommitImage
DismDelete
DismDisableFeature
DismEnableFeature
DismGetCapabilities
DismGetCapabilityInfo
DismGetDriverInfo
DismGetDrivers
DismGetFeatureInfo
DismGetFeatureParent
DismGetFeatures
DismGetImageInfo
DismGetLastErrorMessage
DismGetMountedImageInfo
DismGetPackageInfo
DismGetPackageInfoEx
DismGetPackages
DismGetProvisionedAppxPackages
DismGetReservedStorageState
DismInitialize
DismMountImage
DismOpenSession
DismRemountImage
DismRemoveCapability
DismRemoveDriver
DismRemovePackage
DismRemoveProvisionedAppxPackage
DismRestoreImageHealth
DismSetReservedStorageState
DismShutdown
DismUnmountImage
_DismAddAppxPackageFamilyToUninstallBlocklist
_DismAddDriverEx
_DismAddPackageEx
_DismAddPackageFamilyToUninstallBlocklist
_DismAddProvisionedAppSharedPackageContainer
_DismAddProvisionedAppxPackage
_DismApplyCustomDataImage
_DismApplyFfuImage
_DismApplyProvisioningPackage
_DismCaptureSoftwareInventory
_DismCleanImage
_DismEnableDisableFeature
_DismExportDriver
_DismExportSource
_DismGetCapabilitiesEx
_DismGetCapabilityInfoEx
_DismGetCurrentEdition
_DismGetDriversEx
_DismGetEffectiveSystemUILanguage
_DismGetFeaturesEx
_DismGetInstallLanguage
_DismGetKCacheBinaryValue
_DismGetKCacheDwordValue
_DismGetKCacheStringValue
_DismGetLastCBSSessionID
_DismGetNonRemovableAppsPolicy
_DismGetNonRemovableAppxAppsPolicy
_DismGetOSUninstallWindow
_DismGetOsInfo
_DismGetPackageInfoEx
_DismGetProductKeyInfo
_DismGetProvisionedAppSharedPackageContainers
_DismGetProvisionedAppxPackages
_DismGetProvisioningPackageInfo
_DismGetRegistryMountPoint
_DismGetStateFromCBSSessionID
_DismGetTargetCompositionEditions
_DismGetTargetEditions
_DismGetTargetVirtualEditions
_DismGetTemplateAbsolutePath
_DismGetTemplateString
_DismGetUsedSpace
_DismInitiateOSUninstall
_DismOpenSessionEx
_DismOptimizeImage
_DismOptimizeProvisionedAppxPackages
_DismRemoveAppxPackageFamilyFromUninstallBlocklist
_DismRemoveCapabilityEx
_DismRemoveOSUninstall
_DismRemovePackageEx
_DismRemovePackageFamilyFromUninstallBlocklist
_DismRemoveProvisionedAppSharedPackageContainer
_DismRemoveProvisionedAppxPackage
_DismRemoveProvisionedAppxPackageAllUsers
_DismRevertPendingActions
_DismSetAllIntlSettings
_DismSetAppXProvisionedDataFile
_DismSetAppxProvisionedDataFile
_DismSetEdition
_DismSetEdition2
_DismSetFirstBootCommandLine
_DismSetMachineName
_DismSetOSUninstallWindow
_DismSetProductKey
_DismSetSkuIntlDefaults
_DismSetTemplateString
_DismSplitFfuImage
_DismStage
_DismSysprepCleanup
_DismSysprepGeneralize
_DismSysprepSpecialize
_DismValidateProductKey

Sections

.text
Size: 746KB - Virtual size: 745KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/dismcore.dll
.dll regsvr32 windows:10 windows x86 arch:x86

81e469f48dff9211cb0d4dd12c2ff577

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:23:a0:97:bd:03:f3:19:35:3b:63:24:82:4c:cf:d2:94:fb:ca:80:5b:22:99:9c:a6:13:72:03:e7:70:66:c0
Signer

Actual PE Digest

42:23:a0:97:bd:03:f3:19:35:3b:63:24:82:4c:cf:d2:94:fb:ca:80:5b:22:99:9c:a6:13:72:03:e7:70:66:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

DismCore.pdb

Imports

msvcrt

wcstok_s
fclose
iswctype
strrchr
_wtoi
_wfopen
towlower
swscanf_s
_vscprintf
vsprintf_s
iswalpha
_vsnwprintf
_wcsnicmp
wcsncmp
wcsstr
fgetws
feof
??3@YAXPAX@Z
_ftol2
memcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UAE@XZ
_except_handler4_common
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
wcsncpy_s
wcscat_s
calloc
memmove_s
memcpy_s
_purecall
_wcsicmp
wcsrchr
wcschr
vswprintf_s
_vscwprintf
wcscpy_s
malloc
_resetstkoflw
free
??_V@YAXPAX@Z
__CxxFrameHandler3
_vsnprintf
memset

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityDescriptorDacl
EqualSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
GetTokenInformation
OpenThreadToken

kernel32

EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
MultiByteToWideChar
GetTempPathW
GetModuleHandleExW
FreeLibrary
Wow64RevertWow64FsRedirection
SetEvent
GetModuleFileNameW
GetModuleHandleW
GetNativeSystemInfo
Wow64DisableWow64FsRedirection
CopyFileExW
CreateEventW
HeapFree
GetProcessHeap
WaitForSingleObject
TerminateProcess
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
GetProcAddress
LoadLibraryExW
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
CompareStringW
GetEnvironmentVariableW
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
InitializeCriticalSection
GetTickCount
OutputDebugStringA
DuplicateHandle
VirtualQuery
GetFileAttributesW
GetSystemDirectoryW
GetSystemInfo
FormatMessageA
TlsFree
TlsGetValue
ExitProcess
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
FormatMessageW
SetFileAttributesW
GetFileSize
MoveFileExW
GetSystemTime
FindClose
FindNextFileW
FindFirstFileW
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetFileInformationByHandle
CreateDirectoryW
LocalFree
GetCurrentThread
GetFullPathNameW
GetTempFileNameW
CloseHandle
CreateFileW
GetLocalTime
TlsAlloc
TlsSetValue
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetVersionExW
SetLastError
SetThreadUILanguage
SearchPathW
SetFilePointer
ReadFile
GetLastError
DeleteCriticalSection
GetModuleFileNameA
WriteFile
CreateMutexW
CreateMutexA
ReleaseMutex
GetVersion
CreateFileA
DeleteFileA
DeleteFileW
CreateFileMappingA
DebugBreak
GetModuleHandleExA
GetFileSizeEx
GetWindowsDirectoryW
IsDebuggerPresent
FlushFileBuffers
GetFileInformationByHandleEx
DeviceIoControl
SetFileInformationByHandle
GetLongPathNameW
GetFinalPathNameByHandleW
GetCurrentDirectoryW
GetDriveTypeW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessW
GetExitCodeProcess
VirtualProtect
LoadLibraryExA
GetSystemTimeAsFileTime

ole32

StringFromCLSID
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2
CoCreateInstance
CoRegisterClassObject
CoRegisterPSClsid
CoCreateGuid
CoSetProxyBlanket
CoRevokeClassObject

user32

LoadStringW
CharNextW

oleaut32

LoadTypeLibEx
RegisterTypeLi
UnRegisterTypeLi
GetErrorInfo
CreateErrorInfo
SetErrorInfo
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

ntdll

RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
RtlNtStatusToDosError

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/dismcoreps.dll
.dll regsvr32 windows:10 windows x86 arch:x86

9008fbb4297eda8bc58ac66d1b3b5368

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:1b:c1:cf:9d:10:2c:6a:23:65:fb:73:c5:e3:f7:3e:a0:c4:7b:13:46:f0:82:0c:c0:5e:ba:e8:6d:ca:1b:ab
Signer

Actual PE Digest

f6:1b:c1:cf:9d:10:2c:6a:23:65:fb:73:c5:e3:f7:3e:a0:c4:7b:13:46:f0:82:0c:c0:5e:ba:e8:6d:ca:1b:ab

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DismCorePS.pdb

Imports

msvcrt

_XcptFilter
_initterm
malloc
free
_amsg_exit
_except_handler4_common
memcmp

oleaut32

BSTR_UserUnmarshal
BSTR_UserFree
BSTR_UserSize
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
BSTR_UserMarshal

rpcrt4

NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrStubCall2

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetDismInterfaces
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/dismprov.dll
.dll regsvr32 windows:10 windows x86 arch:x86

29c27d01ece9d9a97982111635487a0e

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:e2:0e:af:62:dd:be:b6:ae:4b:0e:36:14:01:e8:76:4f:8f:a8:da:46:b9:f6:27:88:03:7d:58:b0:41:1e:c9
Signer

Actual PE Digest

5a:e2:0e:af:62:dd:be:b6:ae:4b:0e:36:14:01:e8:76:4f:8f:a8:da:46:b9:f6:27:88:03:7d:58:b0:41:1e:c9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

DISMProv.pdb

Imports

msvcrt

_wcsicmp
_vsnwprintf
wcschr
_wcsnicmp
wcsncmp
_vsnprintf
vsprintf_s
swscanf_s
_wtoi
towlower
wcstok_s
_wfopen
fgetws
_vscprintf
strrchr
feof
__RTDynamicCast
_ftol2
iswctype
fclose
memcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UAE@XZ
_except_handler4_common
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
wcscat_s
wcscpy_s
wcsrchr
memmove_s
_purecall
vswprintf_s
_vscwprintf
memcpy_s
free
malloc
wcsncpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??3@YAXPAX@Z
memset

ntdll

RtlAllocateHeap
RtlFreeHeap

oleaut32

VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringLen
VarUI4FromStr
SysAllocString
RegisterTypeLi
UnRegisterTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringByteLen
SysAllocStringByteLen
SysFreeString

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegQueryValueExW
RegDeleteValueW
SetSecurityDescriptorDacl
EqualSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

kernel32

IsDebuggerPresent
GetWindowsDirectoryW
GetFileSizeEx
GetModuleHandleExA
DebugBreak
TlsSetValue
UnmapViewOfFile
TlsAlloc
GetLocalTime
GetFileSize
ExitProcess
TlsGetValue
TlsFree
FormatMessageA
CreateFileMappingW
MapViewOfFile
VirtualQuery
GetModuleFileNameA
WriteFile
SetFilePointer
CreateMutexW
CreateMutexA
ReleaseMutex
GetVersion
CreateFileA
CreateFileMappingA
DeleteFileW
CreateFileW
GetLastError
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetModuleHandleExW
LockResource
CompareStringW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
GetEnvironmentVariableW
WideCharToMultiByte
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SetLastError
DeviceIoControl
GetFileAttributesW
FlushFileBuffers
GetFullPathNameW
ExpandEnvironmentStringsW
WaitForSingleObject
FormatMessageW
LocalFree
GetTempFileNameW
GetCurrentThread
DeleteFileA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
StringFromGUID2
CoCreateInstance
CoRegisterPSClsid
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc

user32

CharNextW

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/en-us/VHDProvider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/en-us/dism.exe.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/en-us/dismapi.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/en-us/dismcore.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/en-us/dismprov.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/en-us/ffuprovider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/en-us/folderprovider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/en-us/imagingprovider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/en-us/logprovider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/en-us/siloedpackageprovider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/en-us/wimgapi.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/en-us/wimprovider.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/ffuprovider.dll
.dll regsvr32 windows:10 windows x86 arch:x86

e8e80325141382d45be7a6a7460b20b8

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:a9:9e:86:ec:bd:7b:eb:9b:97:d2:da:9b:70:41:78:ca:1f:80:5a:45:7e:2a:17:98:99:8c:f8:e1:b0:82:a7
Signer

Actual PE Digest

3e:a9:9e:86:ec:bd:7b:eb:9b:97:d2:da:9b:70:41:78:ca:1f:80:5a:45:7e:2a:17:98:99:8c:f8:e1:b0:82:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

FfuProvider.pdb

Imports

msvcrt

wcstoul
_wcsnicmp
strchr
swscanf
_vsnprintf
iswspace
memset
wcsrchr
__RTDynamicCast
_ftol2
memcmp
??1type_info@@UAE@XZ
_except_handler4_common
_onexit
__dllonexit
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_unlock
_lock
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
malloc
_wcsicmp
_purecall
wcschr
wcstol
_vsnwprintf
_vscwprintf
memmove_s
memcpy_s
vswprintf_s
wcsncpy_s
wcscat_s
free
wcscpy_s
_stricmp
__CxxFrameHandler3

advapi32

RegQueryValueExW
RegLoadKeyW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegFlushKey
RegEnumKeyW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegUnLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

kernel32

WaitForSingleObject
TrySubmitThreadpoolCallback
GetSystemInfo
SetEvent
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DeleteFileW
GetFirmwareEnvironmentVariableW
GetDiskFreeSpaceW
GetVolumePathNameW
GetFileTime
InitializeCriticalSectionAndSpinCount
LCIDToLocaleName
SetFilePointer
FreeLibrary
GetVolumeInformationByHandleW
CopyFileW
DeleteVolumeMountPointW
FindClose
FindFirstFileW
QueryPerformanceFrequency
HeapFree
GetModuleHandleExW
HeapAlloc
GetProcAddress
GetProcessHeap
SetLastError
GetModuleHandleW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
LoadLibraryExW
InitializeCriticalSection
SetThreadUILanguage
SizeofResource
LockResource
LoadResource
FindResourceExW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
GetFileAttributesW
SetFileAttributesW
CreateFileW
GetFileSizeEx
WriteFile
ReadFile
CloseHandle
GetTempPathW
CreateDirectoryW
RemoveDirectoryW
HeapSize
HeapReAlloc
HeapDestroy
MultiByteToWideChar
WideCharToMultiByte
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
ReleaseSRWLockExclusive
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetOverlappedResult
DeviceIoControl
CreateEventW
CreateIoCompletionPort
FindNextFileW
LCMapStringW
GetDriveTypeW
CopyFileExW
CreateMutexW
GetCurrentThread
SetFilePointerEx
AcquireSRWLockExclusive
VirtualQuery
VirtualProtect
GetSystemFirmwareTable
FormatMessageW
QueryDosDeviceW
SearchPathW
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
ReleaseMutex
GetFullPathNameW
LocalAlloc
GetFileSize
LocalFree
IsWow64Process
GetVersionExW
CompareStringW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
LoadLibraryExA

ole32

CoInitializeEx
CoUninitialize
ProgIDFromCLSID
CoTaskMemFree
CoCreateGuid
CoCreateInstance
StringFromGUID2
CoSetProxyBlanket

user32

LoadStringW
CharLowerBuffW
CharNextW

oleaut32

VariantClear
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
VarBstrCmp
SysAllocStringByteLen
SysAllocStringLen
SysStringByteLen
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
VariantInit
GetErrorInfo

ntdll

RtlDowncaseUnicodeChar
DbgPrintEx
NtYieldExecution
NtClose
RtlInitializeBitMap
RtlClearAllBits
RtlRaiseStatus
NtOpenFile
NtWaitForSingleObject
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationFile
RtlExpandEnvironmentStrings
RtlAreBitsClear
RtlReAllocateHeap
NtReadFile
NtSetInformationFile
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
NtWriteFile
RtlFreeHeap
RtlAllocateHeap
RtlRandom
RtlNumberOfSetBits
RtlFindSetBits
RtlSetBits

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

bcrypt

BCryptDestroyHash
BCryptHashData
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptGetProperty
BCryptFinishHash

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 446KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/folderprovider.dll
.dll regsvr32 windows:10 windows x86 arch:x86

821bf684328ddf2aab5330f2b6b6146f

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:c2:42:d7:88:28:53:5f:d8:2f:7c:b0:39:8b:d5:24:0a:91:9c:63:2f:7e:b9:a7:d3:52:3c:19:20:20:08:2c
Signer

Actual PE Digest

a1:c2:42:d7:88:28:53:5f:d8:2f:7c:b0:39:8b:d5:24:0a:91:9c:63:2f:7e:b9:a7:d3:52:3c:19:20:20:08:2c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

FolderProvider.pdb

Imports

msvcrt

wcschr
_wcsnicmp
wcsncmp
??3@YAXPAX@Z
memcmp
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
memmove_s
memcpy_s
_purecall
vswprintf_s
_vscwprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??1type_info@@UAE@XZ

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

kernel32

SetLastError
GetFileAttributesW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetFullPathNameW

ole32

StringFromGUID2
CoCreateInstance

user32

CharNextW

oleaut32

RegisterTypeLi
SysAllocStringLen
LoadRegTypeLi
SysAllocStringByteLen
SysFreeString
UnRegisterTypeLi
SysAllocString
SysStringByteLen
LoadTypeLi
SysStringLen

ntdll

RtlFreeHeap
RtlAllocateHeap

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/imagingprovider.dll
.dll regsvr32 windows:10 windows x86 arch:x86

dd8bbe05b890f630cee5208afdee2e00

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:9a:5f:ef:1a:58:df:19:bf:ba:ed:55:84:87:49:d4:42:f7:44:67:9c:c0:7d:84:6c:70:01:fb:21:7e:89:8f
Signer

Actual PE Digest

78:9a:5f:ef:1a:58:df:19:bf:ba:ed:55:84:87:49:d4:42:f7:44:67:9c:c0:7d:84:6c:70:01:fb:21:7e:89:8f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

ImagingProvider.pdb

Imports

msvcrt

_amsg_exit
?terminate@@YAXXZ
_initterm
__RTDynamicCast
__dllonexit
_onexit
??1type_info@@UAE@XZ
_errno
realloc
memcmp
_except_handler4_common
_vsnwprintf
iswalpha
towlower
wcschr
_snwscanf_s
wcsrchr
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
_unlock
_lock
malloc
calloc
memmove_s
memcpy_s
_purecall
_wcsicmp
vswprintf_s
_vscwprintf
_wtoi64
wcstoul
_wcsnicmp
wcsncpy_s
wcscat_s
free
wcscpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??3@YAXPAX@Z
memset

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

kernel32

FreeLibrary
SearchPathW
GetVersionExW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
SetLastError
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetLocaleInfoW
GetNumberFormatW
HeapAlloc
GetProcessHeap
HeapFree
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CompareStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapDestroy
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SetThreadUILanguage
FormatMessageW
LocalFree
CloseHandle
CreateFileW

ole32

CoTaskMemFree
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID

user32

LoadStringW
CharLowerBuffW
CharNextW

oleaut32

GetErrorInfo
VariantClear
SysAllocStringLen
LoadRegTypeLi
SetErrorInfo
CreateErrorInfo
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString

ntdll

VerSetConditionMask
RtlVerifyVersionInfo

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/logprovider.dll
.dll regsvr32 windows:10 windows x86 arch:x86

3259ce14ce0607c6c5d1a657ca7418a7

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:02:16:21:f8:08:5c:89:36:ea:6b:fb:f7:29:18:ae:08:48:73:7e:ec:34:82:fb:75:73:76:17:45:b1:0c:e8
Signer

Actual PE Digest

06:02:16:21:f8:08:5c:89:36:ea:6b:fb:f7:29:18:ae:08:48:73:7e:ec:34:82:fb:75:73:76:17:45:b1:0c:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

LogProvider.pdb

Imports

msvcrt

_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
memcmp
_except_handler4_common
wcsrchr
vsprintf_s
_vscprintf
_vsnwprintf
swscanf_s
_errno
wcsncmp
_wcsnicmp
_wcsicmp
wcschr
towlower
strrchr
iswctype
fclose
_wtoi
wcstok_s
_wfopen
fgetws
feof
realloc
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
calloc
memmove_s
memcpy_s
_purecall
vswprintf_s
_vscwprintf
_vsnprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??3@YAXPAX@Z
memset

ntdll

RtlAllocateHeap
RtlFreeHeap

oleaut32

SysAllocStringLen
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
SysStringLen
SystemTimeToVariantTime
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
VariantTimeToSystemTime
RegisterTypeLi

advapi32

SetSecurityDescriptorDacl
EqualSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegQueryValueExW
FreeSid
RegQueryInfoKeyW
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExW
RegCloseKey

kernel32

UnmapViewOfFile
GetVersionExW
SearchPathW
FreeLibrary
CreateMutexA
ReleaseMutex
GetVersion
CreateFileA
DeleteFileA
DebugBreak
GetModuleHandleExA
GetFileSizeEx
GetWindowsDirectoryW
IsDebuggerPresent
CreateFileMappingW
MapViewOfFile
CreateMutexW
SetFilePointer
WriteFile
GetModuleFileNameA
VirtualQuery
FormatMessageA
TlsSetValue
TlsAlloc
GetLocalTime
GetFileSize
ExitProcess
TlsGetValue
CreateFileMappingA
GetSystemWindowsDirectoryW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
SetThreadUILanguage
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
HeapAlloc
GetProcessHeap
OutputDebugStringA
HeapFree
CreateDirectoryW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapDestroy
GetEnvironmentVariableW
MultiByteToWideChar
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
CloseHandle
FormatMessageW
LocalFree
ExpandEnvironmentStringsW
GetTempFileNameW
GetFullPathNameW
GetCurrentThread
WaitForSingleObject
GetFileAttributesW
SetLastError
DeviceIoControl
DeleteFileW
FlushFileBuffers
TlsFree

ole32

CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2

user32

LoadStringW
CharNextW

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/pkgmgr.exe
.exe windows:10 windows x86 arch:x86

51041c79d3110d37dbfdd9069eedbb85

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:3a:6e:42:86:ca:ea:00:18:0c:7f:e2:3b:f7:50:97:51:80:d2:9d:77:7b:b5:80:7a:57:3c:1e:6c:1c:dd:29
Signer

Actual PE Digest

62:3a:6e:42:86:ca:ea:00:18:0c:7f:e2:3b:f7:50:97:51:80:d2:9d:77:7b:b5:80:7a:57:3c:1e:6c:1c:dd:29

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

pkgmgr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o__wcsnicmp
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstoul
_except_handler4_common
__current_exception
__current_exception_context
_o__controlfp_s
_o__configure_wide_argv
_o__configthreadlocale
_o___stdio_common_vswprintf
_o__errno
_o___stdio_common_vsprintf
_o___p__commode
_o___p___wargv
_o___p___argc
_o__exit
_o__cexit
_o__callnewh
_o__crt_atexit
wcsstr
wcschr
wcsrchr
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-file-l1-1-0

CompareFileTime
FindClose
GetFileAttributesExW
GetFileAttributesW
CreateFileW
FindNextFileW
FindFirstFileW
GetFullPathNameW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
GetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetCommandLineW
SetEnvironmentVariableW

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
OpenProcessToken
GetExitCodeProcess
GetCurrentProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
ControlTraceW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

api-ms-win-eventing-consumer-l1-1-0

CloseTrace

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
GetProcessHeap
HeapDestroy
HeapFree
HeapSize
HeapReAlloc

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSRWLockShared
InitializeCriticalSectionEx
CreateMutexExW
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
AcquireSRWLockShared
DeleteCriticalSection
OpenSemaphoreW
ReleaseMutex
WaitForSingleObject

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
LoadLibraryW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-com-l1-1-0

CoCreateGuid
StringFromGUID2
CoGetMalloc

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l2-1-0

RegOpenKeyTransactedW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

user32

MessageBoxW

ntdll

RtlFreeHeap
RtlRaiseStatus
DbgPrintEx
NtClose

api-ms-win-core-file-l1-2-0

GetTempPathW

Sections

.text
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/siloedpackageprovider.dll
.dll regsvr32 windows:10 windows x86 arch:x86

076b96c66f54af631982747f92dcbb6a

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:d3:55:7a:7b:42:87:9d:ee:4a:1c:0b:f2:47:06:ce:0b:1f:91:5d:3e:ae:14:93:4c:47:9c:1e:ee:48:80:b5
Signer

Actual PE Digest

46:d3:55:7a:7b:42:87:9d:ee:4a:1c:0b:f2:47:06:ce:0b:1f:91:5d:3e:ae:14:93:4c:47:9c:1e:ee:48:80:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

SiloedPackageProvider.pdb

Imports

msvcrt

wcsrchr
_vsnwprintf
??3@YAXPAX@Z
memcmp
realloc
_errno
__RTDynamicCast
_onexit
__dllonexit
_except_handler4_common
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
_unlock
_lock
malloc
_stricmp
calloc
memmove_s
memcpy_s
_purecall
_wcsicmp
vswprintf_s
_vscwprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??1type_info@@UAE@XZ
memset

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

kernel32

SetLastError
GetVersionExW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
FreeLibrary
SearchPathW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SetThreadUILanguage
FormatMessageW
LocalFree
CreateFileW
CloseHandle
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
VirtualQuery
GetSystemInfo

ole32

CoTaskMemFree
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID

user32

UnregisterClassA
LoadStringW
CharLowerBuffW
CharNextW

oleaut32

SetErrorInfo
GetErrorInfo
VariantClear
CreateErrorInfo
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
SysAllocStringLen
SysFreeString
UnRegisterTypeLi
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/ssshim.dll
.dll windows:10 windows x86 arch:x86

c2b683814925d0aa3dbbba53c2939c14

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:87:4f:16:ef:da:05:69:95:5a:0a:43:9b:06:58:c1:66:0a:1f:b5:e6:f5:bd:81:17:9d:a0:bd:46:47:13:97
Signer

Actual PE Digest

3f:87:4f:16:ef:da:05:69:95:5a:0a:43:9b:06:58:c1:66:0a:1f:b5:e6:f5:bd:81:17:9d:a0:bd:46:47:13:97

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ssshim.pdb

Imports

ntdll

LdrLockLoaderLock
LdrUnlockLoaderLock
RtlRaiseStatus
NtQueryAttributesFile
RtlPcToFileHeader
NtOpenKey
NtQueryValueKey
LdrLoadDll
LdrUnloadDll
NtQueryPerformanceCounter
NtClose
RtlAllocateHeap
RtlFreeHeap
NtOpenFile
NtQueryDirectoryFile
NtCreateFile
NtQueryInformationFile
NtReadFile
NtWriteFile
NtSetInformationFile
RtlRaiseException
NtQueryObject
NtQueryInformationProcess
NtOpenProcess
NtDelayExecution
RtlInitString
LdrGetProcedureAddress
RtlQueryEnvironmentVariable_U
NtTerminateProcess
RtlUnhandledExceptionFilter
RtlUpcaseUnicodeChar
RtlDowncaseUnicodeChar
DbgPrintEx
RtlReAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlTimeToTimeFields
RtlDeleteCriticalSection
RtlEnterCriticalSection
strncmp
RtlInitializeCriticalSection
RtlLeaveCriticalSection
_snprintf_s
RtlDosPathNameToNtPathName_U
wcstoul
LdrGetDllHandleEx
DbgPrint
RtlCreateUnicodeStringFromAsciiz
NtQuerySystemTime
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
RtlUnwind
memmove
memcmp
memcpy
memset

Exports

Exports

SssBindServicingStack
SssGetServicingStackFilePath
SssGetServicingStackFilePathLength
SssGetServicingStackVersion
SssPreloadDownlevelDependencies
SssReleaseServicingStack

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/vhdprovider.dll
.dll regsvr32 windows:10 windows x86 arch:x86

8dab350ce1fcbc467091e1b67ec1d7a4

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:be:bc:70:7c:32:52:a7:83:c6:a5:a7:80:d8:8e:00:6a:f5:f8:f7:62:34:52:8f:61:0b:81:5c:66:46:39:ee
Signer

Actual PE Digest

6f:be:bc:70:7c:32:52:a7:83:c6:a5:a7:80:d8:8e:00:6a:f5:f8:f7:62:34:52:8f:61:0b:81:5c:66:46:39:ee

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

VhdProvider.pdb

Imports

msvcrt

_initterm
_amsg_exit
_XcptFilter
_except_handler4_common
__dllonexit
_onexit
memcmp
??1type_info@@UAE@XZ
wcsncmp
_wcsnicmp
iswalpha
??3@YAXPAX@Z
wcsrchr
wcschr
towlower
_snwscanf_s
_unlock
_lock
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
iswctype
_wtoi
towupper
wcstoul
_vsnwprintf_s
_callnewh
malloc
?terminate@@YAXXZ
_wcsupr
wcstok_s
qsort
_stricmp
_purecall
wcsncpy_s
wcscat_s
calloc
_wcsicmp
wcsstr
_vsnwprintf
_vscwprintf
memmove_s
memcpy_s
vswprintf_s
free
wcscpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
iswspace
memset

advapi32

OpenThreadToken
OpenProcessToken
RegQueryValueExW
RegSetValueExW
RegDeleteTreeW
AdjustTokenPrivileges
RegLoadKeyW
RegUnLoadKeyW
RegEnumKeyExW
RegFlushKey
DuplicateTokenEx
SetThreadToken
RegGetValueW
RegDeleteKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

kernel32

GetFileTime
SetFilePointerEx
GetFileSizeEx
ReadFile
VerSetConditionMask
GetSystemInfo
SetEndOfFile
UnlockFileEx
LockFileEx
LoadLibraryW
WriteFile
FreeLibrary
CloseHandle
SizeofResource
LockResource
LoadResource
FindResourceExW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
GetLastError
HeapFree
GetProcessHeap
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
Sleep
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
HeapAlloc
LoadLibraryExW
GetProcAddress
DeleteVolumeMountPointW
GetFileAttributesW
SetFileAttributesW
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteFileW
GetVolumePathNamesForVolumeNameW
SetLastError
MultiByteToWideChar
DisableThreadLibraryCalls
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetModuleHandleW
InitializeCriticalSection
SetThreadUILanguage
CompareStringW
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CopyFileExW
GetDiskFreeSpaceW
GetTempPathW
GetDriveTypeW
DeviceIoControl
GetLogicalDrives
CreateThread
FindClose
FindNextFileW
FindFirstFileW
GetVolumePathNameW
GetFileInformationByHandle
GetCurrentThread
GetFullPathNameW
LocalFree
FormatMessageW
GetModuleHandleExW
VirtualQuery
LoadLibraryExA
VirtualProtect
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
VirtualFree
VirtualAlloc
GetSystemDirectoryW
GetDiskFreeSpaceExW
GetVolumeInformationW
SearchPathW
GetVersionExW
UnmapViewOfFile
LCIDToLocaleName
CreateFileMappingW
MapViewOfFile
SetFilePointer
GetThreadLocale

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID
CoTaskMemFree
CoInitializeEx

user32

CharNextW
LoadStringW

oleaut32

SysStringByteLen
SysStringLen
SysAllocStringByteLen
LoadRegTypeLi
SysAllocStringLen
VariantClear
SafeArrayGetElement
SysFreeString
SetErrorInfo
CreateErrorInfo
SysAllocString
UnRegisterTypeLi
LoadTypeLi
SafeArrayDestroy
SafeArrayGetUBound
RegisterTypeLi

ntdll

RtlDowncaseUnicodeChar
DbgPrintEx
NtQueryObject
RtlCompareUnicodeString
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtUnloadKey2
RtlAdjustPrivilege
NtYieldExecution
RtlRaiseStatus
NtOpenFile
RtlReAllocateHeap
RtlSetThreadErrorMode
RtlGetThreadErrorMode
RtlVerifyVersionInfo
RtlFreeHeap
RtlAllocateHeap
RtlFreeUnicodeString
RtlCompareMemory
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosError
NtQueryDirectoryObject
NtOpenDirectoryObject
NtClose
RtlInitUnicodeString

rpcrt4

I_RpcMapWin32Status
UuidCreate
UuidToStringW
RpcStringFreeW

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/wimgapi.dll
.dll windows:10 windows x86 arch:x86

41a0322678ae0b75eaa934bf4b21bd17

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:31:5b:f1:22:c6:98:00:5d:f6:b9:85:79:28:e4:27:f1:9f:56:83:8d:62:6f:52:9b:70:7f:ab:f1:10:60:64
Signer

Actual PE Digest

9a:31:5b:f1:22:c6:98:00:5d:f6:b9:85:79:28:e4:27:f1:9f:56:83:8d:62:6f:52:9b:70:7f:ab:f1:10:60:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

wimgapi.pdb

Imports

msvcrt

wcsncmp
qsort
_wcsnicmp
wcsnlen
wcsstr
_vsnwprintf
_wtoi
swscanf_s
_wcsupr
_wcsicmp
wcstoul
memmove
_onexit
__dllonexit
_unlock
_lock
wcschr
_initterm
malloc
free
_amsg_exit
strncpy_s
wcstok_s
memcpy
memcmp
_callnewh
_vscwprintf
_purecall
iswspace
memmove_s
_wcstoi64
memcpy_s
_strnicmp
towupper
towlower
strcpy_s
_wcslwr
_except_handler4_common
_wcsrev
_XcptFilter
wcsrchr
memset

kernel32

GetDriveTypeW
RemoveDirectoryW
HeapFree
CompareStringW
GetLastError
SetLastError
LocalFree
GetSystemDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetTempPathW
GetTempFileNameW
GetFileSize
SetFilePointer
ReadFile
SetFilePointerEx
DeleteCriticalSection
GetSystemInfo
HeapAlloc
LocalAlloc
GetCurrentThread
GetEnvironmentVariableW
GetOverlappedResult
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
CreateDirectoryW
WriteFile
SetEndOfFile
CreateEventW
LockFileEx
UnlockFileEx
GetFileSizeEx
DeviceIoControl
HeapReAlloc
GetHandleInformation
WaitForSingleObject
CreateMutexW
GetModuleHandleExW
GetModuleFileNameW
FormatMessageW
ReleaseMutex
WideCharToMultiByte
GetProcessHeap
CloseHandle
GetFileInformationByHandle
CreateFileW
InitializeCriticalSection
GetCurrentDirectoryW
OpenProcess
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
GlobalMemoryStatusEx
GetFinalPathNameByHandleW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
OpenEventW
ExpandEnvironmentStringsW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetPrivateProfileSectionW
GetModuleHandleW
GetLongPathNameW
ReleaseSemaphore
SetEvent
CreateSemaphoreW
CreateThread
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LCIDToLocaleName
CopyFileExW
SetFileInformationByHandle
GetFileInformationByHandleEx
WaitForMultipleObjectsEx
ResetEvent
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
Sleep
GetLogicalDriveStringsW
Wow64DisableWow64FsRedirection
CreateProcessW
GetExitCodeProcess
Wow64RevertWow64FsRedirection
CreateSemaphoreExW
MultiByteToWideChar
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
DisableThreadLibraryCalls
DeleteFileW
SetThreadIdealProcessor
WaitForMultipleObjects
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
LoadLibraryW
GetVolumePathNamesForVolumeNameW

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptCloseAlgorithmProvider

fltlib

FilterSendMessage
FilterAttach
FilterLoad
FilterConnectCommunicationPort

cabinet

ord23
ord22
ord20

advapi32

LookupPrivilegeValueW
SetThreadToken
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
RegDeleteKeyExW
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAccessAllowedAceEx
RevertToSelf
GetSecurityDescriptorLength
GetSecurityInfo
FreeSid
SetSecurityDescriptorDacl
EqualSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegUnLoadKeyW
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegLoadKeyW
RegCloseKey
RegOpenKeyExW

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

user32

CharUpperW

ntdll

RtlInitializeResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
RtlDeleteResource
NtQuerySecurityObject
RtlRaiseStatus
RtlDosPathNameToNtPathName_U_WithStatus
RtlInitializeCriticalSection
DbgPrintEx
NtUnloadKey2
RtlReAllocateHeap
NtYieldExecution
RtlDowncaseUnicodeChar
RtlGetVersion
NtSetSecurityObject
RtlFindAceByType
RtlSetControlSecurityDescriptor
RtlInitUnicodeString
RtlImpersonateSelf
NtQueryVolumeInformationFile
NtCreateFile
NtQueryEaFile
NtQueryInformationProcess
NtQueryInformationFile
RtlGetLastNtStatus
NtSetInformationFile
RtlSetIoCompletionCallback
RtlFreeHeap
NtClose
NtQueryDirectoryFile
RtlAllocateHeap
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlAdjustPrivilege
RtlNtStatusToDosError
NtSetEaFile

rpcrt4

UuidCreate
RpcBindingFree
I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW
RpcBindingSetAuthInfoW
UuidFromStringW
NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW

Exports

Exports

DllCanUnloadNow
DllMain
WIMAddImagePath
WIMAddImagePaths
WIMAddWimbootEntry
WIMApplyImage
WIMCaptureImage
WIMCloseHandle
WIMCommitImageHandle
WIMCopyFile
WIMCreateFile
WIMCreateImageFile
WIMCreateWofCompressedFile
WIMDeleteImage
WIMDeleteImageMounts
WIMEnumImageFiles
WIMExportImage
WIMExtractImageDirectory
WIMExtractImagePath
WIMExtractImagePathByWimHandle
WIMFindFirstImageFile
WIMFindNextImageFile
WIMGetAttributes
WIMGetImageCount
WIMGetImageInformation
WIMGetMessageCallbackCount
WIMGetMountedImageHandle
WIMGetMountedImageInfo
WIMGetMountedImageInfoFromHandle
WIMGetMountedImages
WIMGetWIMBootEntries
WIMGetWIMBootWIMPath
WIMGetWimFileSize
WIMInitFileIOCallbacks
WIMInitializeWofDriver
WIMIsCurrentSystemWimboot
WIMIsReferenceWim
WIMLoadImage
WIMLoadOSInformation
WIMMountImage
WIMMountImageHandle
WIMProcessCustomImage
WIMReadFileEx
WIMReadImageFile
WIMRedirectFolderBeforeApply
WIMRegisterLogFile
WIMRegisterMessageCallback
WIMRemountImage
WIMSetBootImage
WIMSetCachedSigningLevel
WIMSetFileIOCallbackTemporaryPath
WIMSetImageInformation
WIMSetImageUserSpecifiedCreationTime
WIMSetReferenceFile
WIMSetTemporaryPath
WIMSetWimGuid
WIMSingleInstanceFile
WIMSplitFile
WIMUnmountImage
WIMUnmountImageHandle
WIMUnregisterLogFile
WIMUnregisterMessageCallback
WIMUpdateWIMBootEntry
WIMWriteFileWithIntegrity

Sections

.text
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/wimmount.sys
.sys windows:10 windows x86 arch:x86

bd282f682829ee21810e5022d0d11dc3

Code Sign

33:00:00:05:df:c4:fb:7c:27:99:2d:e4:48:00:00:00:00:05:df
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:59:0c:7a:4e:51:c4:7d:f1:42:36:34:70:dd:a0:b9:f0:c7:55:d4:12:81:d7:a7:43:71:a2:a3:52:6f:9c:d1
Signer

Actual PE Digest

8a:59:0c:7a:4e:51:c4:7d:f1:42:36:34:70:dd:a0:b9:f0:c7:55:d4:12:81:d7:a7:43:71:a2:a3:52:6f:9c:d1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wimmount.pdb

Imports

ntoskrnl.exe

KeWaitForSingleObject
RtlUnwind
KeBugCheckEx
RtlCompareMemory
ZwOpenProcess
ProbeForRead
ZwClose
ExEventObjectType
TmTransactionObjectType
ZwCreateEvent
ProbeForWrite
ObOpenObjectByPointer
PsProcessType
KeWaitForMultipleObjects
RtlAppendUnicodeStringToString
InterlockedPopEntrySList
ExInitializeResourceLite
InterlockedPushEntrySList
RtlCompareUnicodeString
KeInitializeEvent
ExFreePoolWithTag
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
IoGetTopLevelIrp
RtlGetVersion
ObReferenceObjectByHandle
KeSetEvent
PsGetCurrentProcessId
ExDeletePagedLookasideList
IoFileObjectType
RtlInitUnicodeString
ExInitializePagedLookasideList
ObfDereferenceObject
ExDeleteResourceLite
ZwDuplicateObject

fltmgr.sys

FltUnregisterFilter
FltAcquireResourceShared
FltGetVolumeFromFileObject
FltSendMessage
FltObjectReference
FltObjectDereference
FltCloseClientPort
FltGetVolumeName
FltCreateFileEx2
FltEnumerateInstances
FltFreeSecurityDescriptor
FltCloseCommunicationPort
FltGetRequestorProcessId
FltGetDiskDeviceObject
FltClose
FltSetStreamContext
FltDeleteStreamContext
FltReissueSynchronousIo
FltStartFiltering
FltGetStreamContext
FltReleaseFileNameInformation
FltQueryInformationFile
FltFsControlFile
FltGetFileNameInformation
FltIsDirectory
FltAcquireResourceExclusive
FltSetInformationFile
FltReleaseContext
FltCreateCommunicationPort
FltReleaseResource
FltBuildDefaultSecurityDescriptor
FltCreateFile
FltGetRoutineAddress
FltUntagFile
FltAllocateContext
FltRegisterFilter
FltSetCallbackDataDirty

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/wimprovider.dll
.dll regsvr32 windows:10 windows x86 arch:x86

73d24cd01793ef7443966b83b79d0e8e

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:09:db:c6:8a:1f:ca:de:5b:1b:38:e0:32:3d:f3:2e:c0:f7:e5:b9:b3:6c:37:3b:c7:8f:a8:8e:6e:c2:37:fc
Signer

Actual PE Digest

0a:09:db:c6:8a:1f:ca:de:5b:1b:38:e0:32:3d:f3:2e:c0:f7:e5:b9:b3:6c:37:3b:c7:8f:a8:8e:6e:c2:37:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

WimProvider.pdb

Imports

msvcrt

wcstok_s
_vsnwprintf_s
_vsnprintf_s
towupper
_wtoi64
iswspace
iswalpha
_wcsnicmp
wcsstr
wcspbrk
__RTDynamicCast
memcmp
_errno
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
_unlock
_lock
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
_callnewh
malloc
_wcsicmp
wcstoul
_vsnwprintf
wcsncmp
wcschr
wcscat_s
calloc
_wtol
wcscpy_s
wcsncpy_s
memmove_s
wcsrchr
free
_stricmp
_vscwprintf
_strnicmp
_purecall
vswprintf_s
memcpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??3@YAXPAX@Z
memset

advapi32

EventActivityIdControl
EventWriteTransfer
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
EventRegister
EventUnregister

kernel32

OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
GetModuleFileNameA
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetVersionExW
SearchPathW
WaitForSingleObject
GetPrivateProfileSectionW
DebugBreak
IsDebuggerPresent
ReadFile
WriteFile
RemoveDirectoryW
CreateMutexExW
SizeofResource
SetLastError
EnterCriticalSection
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
OutputDebugStringW
LockResource
FindResourceExW
LoadResource
DeleteCriticalSection
GetModuleHandleW
LoadLibraryExW
HeapFree
GetProcessHeap
GetFullPathNameW
HeapReAlloc
HeapAlloc
GetLastError
CompareStringW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
LocalFree
DeleteFileW
GetLocaleInfoW
GetNumberFormatW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
SystemTimeToFileTime
FindFirstFileNameW
FindNextFileNameW
FindClose
HeapSize
HeapDestroy
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetDriveTypeW
CloseHandle
CreateFileW
FormatMessageW
SetThreadUILanguage
LocalAlloc
CreateEventW
GetOverlappedResult
LoadLibraryW
GetVolumePathNamesForVolumeNameW
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemInfo
VirtualQuery
CreateDirectoryW
GetFileInformationByHandle
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
FindFirstFileW
FindNextFileW
GetCurrentProcessId
DeviceIoControl
GetFinalPathNameByHandleW
SetFileAttributesW
GetFileAttributesW

ole32

CoTaskMemFree
ProgIDFromCLSID
CLSIDFromString
CoCreateInstance
StringFromGUID2

user32

LoadStringW
CharNextW
CharLowerBuffW
CharUpperW

oleaut32

SysStringLen
LoadTypeLi
SysAllocString
SysFreeString
LoadRegTypeLi
VariantTimeToSystemTime
VarDateFromStr
VarBstrCmp
VariantClear
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
CreateErrorInfo
SetErrorInfo

xmllite

CreateXmlWriter
CreateXmlReader

profapi

ord104

ntdll

RtlReAllocateHeap
RtlRaiseStatus
NtYieldExecution
DbgPrintEx
RtlAllocateHeap
RtlNtStatusToDosError
RtlFreeHeap

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/wimserv.exe
.exe windows:10 windows x86 arch:x86

2b9731764764cafdbbcaf0f80e456791

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:41:67:3a:26:ec:34:df:ad:d7:2f:3d:fe:88:2b:dc:74:e5:fc:9a:43:15:f1:be:26:93:e1:9f:02:b2:8d:f6
Signer

Actual PE Digest

75:41:67:3a:26:ec:34:df:ad:d7:2f:3d:fe:88:2b:dc:74:e5:fc:9a:43:15:f1:be:26:93:e1:9f:02:b2:8d:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wimserv.pdb

Imports

msvcrt

_wcsicmp
_vscwprintf
wcschr
_wcsnicmp
towupper
wcsncmp
wcsrchr
swscanf_s
strcpy_s
memcpy_s
strncpy_s
_strnicmp
_vsnwprintf
wcsstr
iswspace
_purecall
malloc
_callnewh
free
qsort
memmove_s
memcpy
memmove
_onexit
__dllonexit
memcmp
_unlock
_lock
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memset

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateSemaphoreW
MultiByteToWideChar
GetPrivateProfileSectionW
GetHandleInformation
UnlockFileEx
LockFileEx
LocalFileTimeToFileTime
SetFileTime
GetVolumePathNameW
SetEndOfFile
SetFilePointerEx
GetVolumeNameForVolumeMountPointW
LoadLibraryW
GetVolumePathNamesForVolumeNameW
WaitForMultipleObjects
TerminateProcess
GetCurrentProcess
RemoveDirectoryW
GetProcAddress
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
ResetEvent
Sleep
CreateMutexW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
FreeLibrary
GetCurrentProcessId
LoadLibraryExW
GetOverlappedResult
HeapAlloc
CreateThread
CloseHandle
GetCurrentThread
SetEvent
LocalFree
CreateFileW
GetTempPathW
CreateSemaphoreExW
DeleteCriticalSection
ReleaseSemaphore
GetModuleFileNameW
GetModuleHandleExW
GetLastError
CreateEventW
WaitForMultipleObjectsEx
HeapFree
SetLastError
SetThreadIdealProcessor
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
GetEnvironmentVariableW
FindFirstFileW
FindClose
GetVolumeInformationW
GetFileInformationByHandle
OpenProcess
DuplicateHandle
GetDriveTypeW
FindNextFileW
GetFileSizeEx
ReadFile
CreateDirectoryW
CompareStringW
FormatMessageW
LocalAlloc
WriteFile
ReleaseMutex
WideCharToMultiByte
SetFilePointer
GetLongPathNameW
GetFileInformationByHandleEx
SetFileInformationByHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
DosDateTimeToFileTime
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileAttributesW
FlushFileBuffers
GetSystemInfo
DeviceIoControl
DeleteFileW
HeapReAlloc
SetFileAttributesW
GlobalMemoryStatusEx

user32

GetMessageW
CharUpperW
TranslateMessage
DispatchMessageW

rpcrt4

I_RpcMapWin32Status
RpcMgmtStopServerListening
RpcRevertToSelf
RpcImpersonateClient
RpcMgmtWaitServerListen
RpcServerListen
NdrServerCall2
UuidCreate
RpcStringFreeW
UuidToStringW
RpcServerRegisterIf
RpcServerUseProtseqEpW
UuidFromStringW
RpcServerRegisterAuthInfoW

fltlib

FilterConnectCommunicationPort
FilterGetMessage
FilterSendMessage
FilterLoad
FilterReplyMessage

cabinet

ord20
ord23
ord22

ntdll

DbgPrintEx
NtYieldExecution
RtlRaiseStatus
RtlReAllocateHeap
NtQueryEaFile
NtSetEaFile
NtSetSecurityObject
RtlFindAceByType
RtlSetControlSecurityDescriptor
NtClose
RtlDosPathNameToNtPathName_U
RtlGetLastNtStatus
NtQuerySecurityObject
NtQueryVolumeInformationFile
RtlImpersonateSelf
NtQueryInformationProcess
NtCreateFile
NtSetInformationFile
NtQueryInformationFile
RtlNtStatusToDosError
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlAdjustPrivilege
RtlFreeHeap
RtlAllocateHeap

advapi32

AllocateAndInitializeSid
RegQueryValueExW
EqualSid
AddAccessAllowedAce
GetTokenInformation
RegEnumKeyExW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
InitializeAcl
GetLengthSid
SetThreadToken
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetAclInformation
OpenEncryptedFileRawW
WriteEncryptedFileRaw
CloseEncryptedFileRaw
RevertToSelf

bcrypt

BCryptFinishHash
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptHashData

Sections

.text
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM10/wofadk.sys
.sys windows:10 windows x86 arch:x86

6fd88fc02b6a371af72d8f682f3b1d74

Code Sign

33:00:00:05:df:c4:fb:7c:27:99:2d:e4:48:00:00:00:00:05:df
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:d3:18:a4:4f:65:fb:cf:ac:39:00:7a:d5:09:fb:5f:be:ac:9e:15:bf:4b:0c:ac:73:e7:24:53:57:8c:f0:24
Signer

Actual PE Digest

4a:d3:18:a4:4f:65:fb:cf:ac:39:00:7a:d5:09:fb:5f:be:ac:9e:15:bf:4b:0c:ac:73:e7:24:53:57:8c:f0:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wofadk.pdb

Imports

ntoskrnl.exe

SeCaptureSubjectContext
ZwOpenKey
ZwClose
SeLockSubjectContext
ZwQueryValueKey
SeUnlockSubjectContext
SeReleaseSubjectContext
RtlEnumerateGenericTableAvl
ExAcquireRundownProtection
RtlLookupElementGenericTableAvl
RtlFreeUnicodeString
SeTokenIsAdmin
RtlDeleteElementGenericTableAvl
RtlAppendUnicodeStringToString
KeDelayExecutionThread
ExRundownCompleted
PsGetProcessImageFileName
IoGetCurrentProcess
ProbeForRead
FsRtlValidateReparsePointBuffer
FsRtlIsNtstatusExpected
KeIsExecutingDpc
ExSetTimer
ExReleaseSpinLockExclusive
ExDeleteTimer
KeBugCheckEx
EtwSetInformation
ExAllocateTimer
TmCurrentTransaction
ExReleaseSpinLockSharedFromDpcLevel
ExQueueWorkItem
ExAcquirePushLockExclusiveEx
ExReleasePushLockExclusiveEx
EtwWriteTransfer
ExReleaseSpinLockShared
ExAcquireSpinLockShared
KeSetEvent
ExAcquireSpinLockSharedAtDpcLevel
ExAcquireSpinLockExclusive
EtwUnregister
ExReleasePushLockSharedEx
ExAcquirePushLockSharedEx
EtwRegister
KeWaitForSingleObject
KeQueryPriorityThread
KeGetCurrentThread
MmMapViewOfSection
ExDeleteLookasideListEx
ZwDeviceIoControlFile
RtlInitializeGenericTableAvl
RtlCheckRegistryKey
ZwCreateSection
ZwQueryInformationThread
RtlSetBit
RtlAreBitsSet
PsInitialSystemProcess
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlRunOnceExecuteOnce
KeStackAttachProcess
KdRefreshDebuggerNotPresent
ZwSetInformationThread
ObReferenceObjectByHandle
swprintf_s
MmUnmapViewOfSection
RtlFindNextForwardRunClear
EtwWrite
IofCallDriver
RtlInitializeBitMap
ZwOpenFile
ExInitializeLookasideListEx
RtlTestBit
KeSetPriorityThread
KeUnstackDetachProcess
_i64tow_s
RtlClearAllBits
IoAllocateWorkItem
RtlAppendUnicodeToString
_wcsicmp
RtlCreateSystemVolumeInformationFolder
IoQueueWorkItemEx
IoFreeWorkItem
KeAllocateCalloutStackEx
IoGetRelatedDeviceObject
ExDeleteNPagedLookasideList
RtlGetCompressionWorkSpaceSize
KeFreeCalloutStack
ExInitializeNPagedLookasideList
KeInitializeMutex
KeReleaseMutex
RtlDecompressBufferEx
RtlDecompressFragment
KeAreAllApcsDisabled
KeInitializeDpc
KeInitializeTimerEx
RtlQueryRegistryValues
KeCancelTimer
KeFlushQueuedDpcs
KeSetCoalescableTimer
RtlCompressBuffer
KeQueryActiveProcessorCountEx
ExInitializePagedLookasideList
RtlGetVersion
MmGetSystemRoutineAddress
IoWMIRegistrationControl
MmIsThisAnNtAsSystem
memset
RtlUnwind
EtwEventEnabled
RtlCompareMemory
RtlInitUnicodeString
RtlEqualUnicodeString
MmMapLockedPagesSpecifyCache
ProbeForWrite
InterlockedPopEntrySList
ExReleaseRundownProtection
InterlockedPushEntrySList
ObfReferenceObject
RtlCompareUnicodeString
ExInitializeRundownProtection
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
KeExpandKernelStackAndCalloutEx
KeInitializeEvent
ExFreePoolWithTag
ExAllocatePoolWithTag
ExDeletePagedLookasideList
RtlCopyUnicodeString
ExReInitializeRundownProtection
ExWaitForRundownProtectionRelease
ObfDereferenceObject
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
_vsnwprintf
ZwQuerySymbolicLinkObject
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
wcscpy_s
ExAllocatePool2
strcpy_s
ZwOpenDirectoryObject
wcschr
_wcsnicmp
wcsrchr
DbgkWerCaptureLiveKernelDump
KeQueryTimeIncrement
KeTickCount
ExTryAcquirePushLockExclusiveEx
ObDereferenceObjectDeferDelete
_alldiv
_allmul
_allrem
_aulldiv
memcmp
memcpy
memmove
_alloca_probe

hal

KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfReleaseSpinLock
KfAcquireSpinLock

fltmgr.sys

FltTagFile
FltQueryVolumeInformationFile
FltFreeGenericWorkItem
FltQueueGenericWorkItem
FltIsOperationSynchronous
FltSetIoPriorityHintIntoCallbackData
FltPerformAsynchronousIo
FltAllocateGenericWorkItem
FltInitializePushLock
FltDeletePushLock
FltFlushBuffers
FltAllocateDeferredIoWorkItem
FltQueueDeferredIoWorkItem
FltFreePoolAlignedWithTag
FltAcquirePushLockSharedEx
FltDeviceIoControlFile
FltReadFile
FltOpenVolume
FltFreeDeferredIoWorkItem
FltAllocatePoolAlignedWithTag
FltIsIoCanceled
FltCompletePendedPreOperation
FltAcquirePushLockExclusiveEx
FltGetIoPriorityHintFromCallbackData
FltReleasePushLockEx
FltFindExtraCreateParameter
FltAllocateExtraCreateParameterFromLookasideList
FltInitExtraCreateParameterLookasideList
FltStartFiltering
FltGetRoutineAddress
FltRegisterFilter
FltGetVolumeFromFileObject
FltCreateFileEx
FltAttachVolume
FltWriteFile
FltQueryInformationFile
FltObjectDereference
FltUntagFile
FltGetFileNameInformationUnsafe
FltParseFileNameInformation
FltCreateFileEx2
FltGetInstanceContext
FltEnumerateInstances
FltSetEcpListIntoCallbackData
FltIsDirectory
FltSetInformationFile
FltPerformSynchronousIo
FltLockUserBuffer
FltAllocateCallbackDataEx
FltFreeCallbackData
FltAllocateExtraCreateParameterList
FltInsertExtraCreateParameter
FltCancelFileOpen
FltDeleteStreamContext
FltReleaseFileNameInformation
FltFsControlFile
FltGetEcpListFromCallbackData
FltGetFileNameInformation
FltSetStreamContext
FltSetTransactionContext
FltReferenceContext
FltGetTransactionContext
FltSetStreamHandleContext
FltEnlistInTransaction
FltUnregisterFilter
FltAllocateContext
FltGetVolumeProperties
FltQueryDirectoryFile
FltGetVolumeGuidName
FltReleaseContext
FltDeleteExtraCreateParameterLookasideList
FltGetStreamHandleContext
FltGetStreamContext
FltSetInstanceContext
FltClose
FltGetDiskDeviceObject
FltDeleteInstanceContext
FltSetFileContext

cng.sys

BCryptCreateHash
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

NONPAGE
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGER32C
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/Microsoft.Dism.Powershell.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:eb:15:7a:b9:12:b6:d7:bb:60:52:3a:d8:3f:a4:3c:11:12:f2:36:89:36:c2:a1:e0:4e:30:5c:27:e1:d7:06
Signer

Actual PE Digest

86:eb:15:7a:b9:12:b6:d7:bb:60:52:3a:d8:3f:a4:3c:11:12:f2:36:89:36:c2:a1:e0:4e:30:5c:27:e1:d7:06

Digest Algorithm

sha256

PE Digest Matches

true

b4:bc:92:94:e2:b4:ee:cf:4d:80:5d:e7:fe:41:e7:08:f8:2c:1a:45
Signer

Actual PE Digest

b4:bc:92:94:e2:b4:ee:cf:4d:80:5d:e7:fe:41:e7:08:f8:2c:1a:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Dism.PowerShell.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l1-1-0.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-advapi32-l1-1-0.pdb

Exports

Exports

AccessCheck
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddMandatoryAce
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
CheckTokenMembership
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserW
CreateRestrictedToken
CreateWellKnownSid
DeleteAce
DestroyPrivateObjectSecurity
DuplicateToken
DuplicateTokenEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventUnregister
EventWrite
EventWriteString
EventWriteTransfer
FindFirstFreeAce
FreeSid
GetAce
GetAclInformation
GetFileSecurityW
GetKernelObjectSecurity
GetLengthSid
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsTokenRestricted
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
OpenThreadToken
PrivilegeCheck
PrivilegedServiceAuditAlarmW
QuerySecurityAccessMask
RegCloseKey
RegCopyTreeW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyExA
RegDeleteKeyExW
RegDeleteTreeA
RegDeleteTreeW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCacheEx
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegFlushKey
RegGetKeySecurity
RegGetValueA
RegGetValueW
RegLoadAppKeyA
RegLoadAppKeyW
RegLoadKeyA
RegLoadKeyW
RegLoadMUIStringA
RegLoadMUIStringW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegOpenKeyExA
RegOpenKeyExW
RegOpenUserClassesRoot
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegRestoreKeyA
RegRestoreKeyW
RegSaveKeyExA
RegSaveKeyExW
RegSetKeySecurity
RegSetValueExA
RegSetValueExW
RegUnLoadKeyA
RegUnLoadKeyW
RegisterTraceGuidsW
RevertToSelf
SetAclInformation
SetFileSecurityW
SetKernelObjectSecurity
SetSecurityAccessMask
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorRMControl
SetSecurityDescriptorSacl
SetTokenInformation
TraceEvent
TraceMessage
TraceMessageVa
UnregisterTraceGuids

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l1-1-1.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-advapi32-l1-1-1.pdb

Exports

Exports

AccessCheck
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddMandatoryAce
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
CheckTokenMembership
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserW
CreateRestrictedToken
CreateWellKnownSid
DeleteAce
DestroyPrivateObjectSecurity
DuplicateToken
DuplicateTokenEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventUnregister
EventWrite
EventWriteEx
EventWriteString
EventWriteTransfer
FindFirstFreeAce
FreeSid
GetAce
GetAclInformation
GetFileSecurityW
GetKernelObjectSecurity
GetLengthSid
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetWindowsAccountDomainSid
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsTokenRestricted
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
MakeAbsoluteSD
MakeSelfRelativeSD
MapGenericMask
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmW
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmW
OpenProcessToken
OpenThreadToken
PrivilegeCheck
PrivilegedServiceAuditAlarmW
QuerySecurityAccessMask
RegCloseKey
RegCopyTreeW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyExA
RegDeleteKeyExW
RegDeleteTreeA
RegDeleteTreeW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCacheEx
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegFlushKey
RegGetKeySecurity
RegGetValueA
RegGetValueW
RegLoadAppKeyA
RegLoadAppKeyW
RegLoadKeyA
RegLoadKeyW
RegLoadMUIStringA
RegLoadMUIStringW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegOpenKeyExA
RegOpenKeyExW
RegOpenUserClassesRoot
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegRestoreKeyA
RegRestoreKeyW
RegSaveKeyExA
RegSaveKeyExW
RegSetKeySecurity
RegSetValueExA
RegSetValueExW
RegUnLoadKeyA
RegUnLoadKeyW
RegisterTraceGuidsW
RevertToSelf
SetAclInformation
SetFileSecurityW
SetKernelObjectSecurity
SetPrivateObjectSecurity
SetPrivateObjectSecurityEx
SetSecurityAccessMask
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorRMControl
SetSecurityDescriptorSacl
SetThreadToken
SetTokenInformation
TraceEvent
TraceMessageVa
UnregisterTraceGuids

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l2-1-0.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-advapi32-l2-1-0.pdb

Exports

Exports

CloseServiceHandle
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CredDeleteW
CredEnumerateW
CredFree
CredReadDomainCredentialsW
CredReadW
CredWriteDomainCredentialsW
CredWriteW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l2-1-1.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-advapi32-l2-1-1.pdb

Exports

Exports

ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CloseServiceHandle
CloseTrace
ControlService
ControlServiceExA
ControlServiceExW
ControlTraceA
ControlTraceW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CreateServiceA
CreateServiceW
CredDeleteA
CredDeleteW
CredEnumerateA
CredEnumerateW
CredFindBestCredentialA
CredFindBestCredentialW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialW
CredIsProtectedA
CredIsProtectedW
CredMarshalCredentialA
CredMarshalCredentialW
CredProtectA
CredProtectW
CredReadA
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredUnprotectA
CredUnprotectW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
DeleteService
EnableTraceEx2
EnumDependentServicesW
EnumServicesStatusExW
EnumerateTraceGuidsEx
EventAccessControl
EventAccessQuery
EventAccessRemove
NotifyServiceStatusChangeA
NotifyServiceStatusChangeW
OpenSCManagerA
OpenSCManagerW
OpenServiceA
OpenServiceW
OpenTraceW
ProcessTrace
QueryAllTracesA
QueryAllTracesW
QueryServiceConfig2A
QueryServiceConfig2W
QueryServiceConfigA
QueryServiceConfigW
QueryServiceObjectSecurity
QueryServiceStatus
QueryServiceStatusEx
RegisterServiceCtrlHandlerA
RegisterServiceCtrlHandlerExA
RegisterServiceCtrlHandlerExW
RegisterServiceCtrlHandlerW
RegisterTraceGuidsA
RemoveTraceCallback
SetServiceObjectSecurity
SetServiceStatus
SetTraceCallback
StartServiceA
StartServiceCtrlDispatcherA
StartServiceCtrlDispatcherW
StartServiceW
StartTraceA
StartTraceW
StopTraceW
TraceSetInformation

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l3-1-0.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-advapi32-l3-1-0.pdb

Exports

Exports

GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
GetSecurityInfo
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityInfo

Sections

.text
Size: 1024B - Virtual size: 579B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l4-1-0.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-advapi32-l4-1-0.pdb

Exports

Exports

AbortSystemShutdownW
InitiateSystemShutdownExW
LookupAccountNameW
LookupAccountSidW
LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
LookupPrivilegeValueW
LsaEnumerateTrustedDomains
LsaManageSidNameMapping

Sections

.text
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-kernel32-l1-1-0.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-kernel32-l1-1-0.pdb

Exports

Exports

AcquireSRWLockExclusive
AcquireSRWLockShared
AddSIDToBoundaryDescriptor
AddVectoredContinueHandler
AddVectoredExceptionHandler
AllocConsole
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
AttachConsole
Beep
CallbackMayRunLong
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelWaitableTimer
ChangeTimerQueueTimer
CheckRemoteDebuggerPresent
ClearCommBreak
ClearCommError
CloseHandle
ClosePrivateNamespace
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ContinueDebugEvent
ConvertDefaultLocale
CopyFileExW
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFileA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceW
CreateProcessA
CreateProcessW
CreateRemoteThread
CreateRemoteThreadEx
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateWaitableTimerExW
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DecodePointer
DecodeSystemPointer
DefineDosDeviceW
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointW
DeviceIoControl
DisableThreadLibraryCalls
DisassociateCurrentThreadFromCallback
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EncodeSystemPointer
EnterCriticalSection
EnumLanguageGroupLocalesW
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceTypesExA
EnumResourceTypesExW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumUILanguagesW
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeW
FindResourceExW
FindStringOrdinal
FindVolumeClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringW
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeResource
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GetACP
GetCPInfo
GetCPInfoExW
GetCalendarInfoEx
GetCalendarInfoW
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeW
GetComputerNameExA
GetComputerNameExW
GetConsoleCP
GetConsoleCursorInfo
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
GetConsoleTitleW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentProcessorNumberEx
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatEx
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetErrorMode
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileMUIInfo
GetFileMUIPath
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLargePageMinimum
GetLargestConsoleWindowSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameA
GetLongPathNameW
GetMemoryErrorHandlingCapabilities
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNLSVersion
GetNLSVersionEx
GetNamedPipeClientComputerNameW
GetNativeSystemInfo
GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx
GetNumberFormatW
GetNumberOfConsoleInputEvents
GetOEMCP
GetOverlappedResult
GetPhysicallyInstalledSystemMemory
GetPriorityClass
GetProcAddress
GetProcessGroupAffinity
GetProcessHandleCount
GetProcessHeap
GetProcessHeaps
GetProcessId
GetProcessIdOfThread
GetProcessPreferredUILanguages
GetProcessPriorityBoost
GetProcessTimes
GetProcessVersion
GetProcessWorkingSetSizeEx
GetProductInfo
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetShortPathNameW
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultLocaleName
GetSystemDefaultUILanguage
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemFileCacheSize
GetSystemFirmwareTable
GetSystemInfo
GetSystemPreferredUILanguages
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemTimes
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetThreadContext
GetThreadGroupAffinity
GetThreadIOPendingFlag
GetThreadId
GetThreadIdealProcessorEx
GetThreadInformation
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadPriority
GetThreadPriorityBoost
GetThreadTimes
GetThreadUILanguage
GetTickCount
GetTickCount64
GetTimeFormatA
GetTimeFormatEx
GetTimeFormatW
GetTimeZoneInformation
GetTimeZoneInformationForYear
GetUILanguageInfo
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultLocaleName
GetUserDefaultUILanguage
GetUserGeoID
GetUserPreferredUILanguages
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationByHandleW
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetWriteWatch
GlobalMemoryStatusEx
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapQueryInformation
HeapReAlloc
HeapSetInformation
HeapSize
HeapUnlock
HeapValidate
HeapWalk
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitOnceInitialize
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDBCSLeadByte
IsDBCSLeadByteEx
IsDebuggerPresent
IsNLSDefinedString
IsProcessInJob
IsProcessorFeaturePresent
IsThreadAFiber
IsThreadpoolTimerSet
IsValidCodePage
IsValidLanguageGroup
IsValidLocale
IsValidLocaleName
IsWow64Process
LCIDToLocaleName
LCMapStringA
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LeaveCriticalSectionWhenCallbackReturns
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalFileTimeToFileTime
LocaleNameToLCID
LockFile
LockFileEx
LockResource
MapUserPhysicalPages
MapViewOfFile
MapViewOfFileEx
MoveFileExW
MoveFileWithProgressW
MultiByteToWideChar
NeedCurrentDirectoryForExePathA
NeedCurrentDirectoryForExePathW
OpenEventA
OpenEventW
OpenFileMappingW
OpenMutexW
OpenPrivateNamespaceW
OpenProcess
OpenSemaphoreW
OpenThread
OpenWaitableTimerW
OutputDebugStringA
OutputDebugStringW
PeekConsoleInputA
PeekConsoleInputW
PeekNamedPipe
PostQueuedCompletionStatus
ProcessIdToSessionId
PurgeComm
QueryDepthSList
QueryDosDeviceW
QueryFullProcessImageNameA
QueryFullProcessImageNameW
QueryIdleProcessorCycleTime
QueryIdleProcessorCycleTimeEx
QueryMemoryResourceNotification
QueryPerformanceCounter
QueryPerformanceFrequency
QueryProcessAffinityUpdateMode
QueryProcessCycleTime
QueryThreadCycleTime
QueryThreadpoolStackInformation
QueryUnbiasedInterruptTime
QueueUserAPC
QueueUserWorkItem
RaiseException
ReOpenFile
ReadConsoleA
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterA
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ReadConsoleW
ReadDirectoryChangesW
ReadFile
ReadFileEx
ReadFileScatter
ReadProcessMemory
RegisterBadMemoryNotification
ReleaseMutex
ReleaseMutexWhenCallbackReturns
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseSemaphoreWhenCallbackReturns
RemoveDirectoryA
RemoveDirectoryW
RemoveVectoredContinueHandler
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResetWriteWatch
ResolveLocaleName
RestoreLastError
ResumeThread
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SearchPathA
SearchPathW
SetCalendarInfoW
SetCommBreak
SetCommConfig
SetCommMask
SetCommState
SetCommTimeouts
SetComputerNameExW
SetConsoleActiveScreenBuffer
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleScreenBufferInfoEx
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleTitleW
SetConsoleWindowInfo
SetCriticalSectionSpinCount
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDynamicTimeZoneInformation
SetEndOfFile
SetEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetEventWhenCallbackReturns

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-kernel32-l2-1-0.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-kernel32-l2-1-0.pdb

Exports

Exports

AddAtomA
AddAtomW
BackupRead
BackupWrite
BindIoCompletionCallback
ConvertFiberToThread
ConvertThreadToFiber
CopyFileA
CopyFileW
CreateFiber
CreateFileMappingA
CreateFileTransactedW
CreateMailslotA
CreateNamedPipeA
CreateSemaphoreW
DeleteAtom
DeleteFiber
DnsHostnameToComputerNameW
DosDateTimeToFileTime
FatalAppExitA
FatalAppExitW
FileTimeToDosDateTime
FindAtomA
FindAtomW
FindResourceA
FindResourceExA
FindResourceW
GetActiveProcessorCount
GetAtomNameA
GetAtomNameW
GetComputerNameA
GetComputerNameW
GetConsoleWindow
GetDurationFormatEx
GetFirmwareEnvironmentVariableW
GetMaximumProcessorGroupCount
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcessAffinityMask
GetProcessIoCounters
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetShortPathNameA
GetStartupInfoA
GetStringTypeExA
GetSystemPowerStatus
GetSystemWow64DirectoryA
GetSystemWow64DirectoryW
GetTapeParameters
GetTempPathA
GetThreadSelectorEntry
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
InitAtomTable
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFlags
LocalFree
LocalLock
LocalReAlloc
LocalSize
LocalUnlock
MoveFileA
MoveFileExA
MoveFileW
MulDiv
OpenFile
PulseEvent
RaiseFailFastException
RegisterWaitForSingleObject
SetConsoleTitleA
SetFileCompletionNotificationModes
SetFirmwareEnvironmentVariableW
SetHandleCount
SetMailslotInfo
SetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
SetVolumeLabelW
SwitchToFiber
UnregisterWait
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
lstrcatW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-ole32-l1-1-0.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-ole32-l1-1-0.pdb

Exports

Exports

CLSIDFromProgID
CLSIDFromString
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoDisconnectObject
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetApartmentType
CoGetClassObject
CoGetCurrentLogicalThreadId
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetObjectContext
CoGetStdMarshalEx
CoGetTreatAsClass
CoImpersonateClient
CoInitializeEx
CoInitializeSecurity
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoRegisterClassObject
CoRegisterInitializeSpy
CoRegisterMessageFilter
CoReleaseMarshalData
CoRevertToSelf
CoRevokeClassObject
CoRevokeInitializeSpy
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoUnmarshalInterface
CoWaitForMultipleHandles
CreateStreamOnHGlobal
FreePropVariantArray
GetHGlobalFromStream
IIDFromString
ProgIDFromCLSID
PropVariantClear
PropVariantCopy
StringFromCLSID
StringFromGUID2
StringFromIID

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-ole32-l1-1-1.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-ole32-l1-1-1.pdb

Exports

Exports

CLSIDFromProgID
CLSIDFromString
CoAddRefServerProcess
CoCancelCall
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoDisableCallCancellation
CoDisconnectContext
CoDisconnectObject
CoEnableCallCancellation
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetApartmentType
CoGetCallContext
CoGetCallerTID
CoGetCancelObject
CoGetClassObject
CoGetContextToken
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoGetDefaultContext
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetObjectContext
CoGetPSClsid
CoGetStandardMarshal
CoGetStdMarshalEx
CoGetTreatAsClass
CoImpersonateClient
CoInitializeEx
CoInitializeSecurity
CoInvalidateRemoteMachineBindings
CoIsHandlerConnected
CoLockObjectExternal
CoMarshalHresult
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoQueryAuthenticationServices
CoQueryClientBlanket
CoQueryProxyBlanket
CoRegisterClassObject
CoRegisterInitializeSpy
CoRegisterMessageFilter
CoRegisterPSClsid
CoRegisterSurrogate
CoReleaseMarshalData
CoReleaseServerProcess
CoResumeClassObjects
CoRevertToSelf
CoRevokeClassObject
CoRevokeInitializeSpy
CoSetCancelObject
CoSetProxyBlanket
CoSuspendClassObjects
CoSwitchCallContext
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoTestCancel
CoUninitialize
CoUnmarshalHresult
CoUnmarshalInterface
CoWaitForMultipleHandles
CreateErrorInfo
CreateStreamOnHGlobal
FreePropVariantArray
GetErrorInfo
GetHGlobalFromStream
IIDFromString
ProgIDFromCLSID
PropVariantClear
PropVariantCopy
SetErrorInfo
StringFromCLSID
StringFromGUID2
StringFromIID

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-shlwapi-l1-1-0.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-shlwapi-l1-1-0.pdb

Exports

Exports

GetAcceptLanguagesW
HashData
IsInternetESCEnabled
ParseURLW
PathAddBackslashA
PathAddBackslashW
PathAddExtensionA
PathAddExtensionW
PathAppendA
PathAppendW
PathCanonicalizeA
PathCanonicalizeW
PathCommonPrefixA
PathCommonPrefixW
PathCreateFromUrlAlloc
PathCreateFromUrlW
PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathFindNextComponentA
PathFindNextComponentW
PathGetArgsA
PathGetArgsW
PathGetDriveNumberA
PathGetDriveNumberW
PathIsFileSpecA
PathIsFileSpecW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsPrefixA
PathIsPrefixW
PathIsRelativeA
PathIsRelativeW
PathIsRootA
PathIsRootW
PathIsSameRootA
PathIsSameRootW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCServerW
PathIsUNCW
PathIsURLW
PathParseIconLocationA
PathParseIconLocationW
PathRelativePathToA
PathRelativePathToW
PathRemoveBackslashA
PathRemoveBackslashW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathRenameExtensionA
PathRenameExtensionW
PathSkipRootA
PathSkipRootW
PathStripPathA
PathStripPathW
PathStripToRootA
PathStripToRootW
PathUnquoteSpacesA
PathUnquoteSpacesW
QISearch
SHLoadIndirectString
SHRegCloseUSKey
SHRegDeleteUSValueA
SHRegDeleteUSValueW
SHRegEnumUSKeyA
SHRegEnumUSKeyW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetUSValueA
SHRegGetUSValueW
SHRegOpenUSKeyA
SHRegOpenUSKeyW
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetUSValueA
SHRegSetUSValueW
StrCSpnA
StrCSpnIA
StrCSpnIW
StrCSpnW
StrCatBuffA
StrCatBuffW
StrCatChainW
StrChrA
StrChrIA
StrChrIW
StrChrNIW
StrChrNW
StrChrW
StrCmpCA
StrCmpCW
StrCmpICA
StrCmpICW
StrCmpIW
StrCmpLogicalW
StrCmpNA
StrCmpNCA
StrCmpNCW
StrCmpNIA
StrCmpNICA
StrCmpNICW
StrCmpNIW
StrCmpNW
StrCmpW
StrCpyNW
StrDupA
StrDupW
StrIsIntlEqualA
StrIsIntlEqualW
StrPBrkA
StrPBrkW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrSpnA
StrSpnW
StrStrA
StrStrIA
StrStrIW
StrStrNIW
StrStrNW
StrStrW
StrToInt64ExA
StrToInt64ExW
StrToIntA
StrToIntExA
StrToIntExW
StrToIntW
StrTrimA
StrTrimW
UrlApplySchemeW
UrlCanonicalizeW
UrlCombineA
UrlCombineW
UrlCreateFromPathW
UrlEscapeW
UrlFixupW
UrlGetLocationW
UrlGetPartW
UrlIsW
UrlUnescapeA
UrlUnescapeW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-shlwapi-l1-1-1.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-shlwapi-l1-1-1.pdb

Exports

Exports

GetAcceptLanguagesW
HashData
IsCharSpaceA
IsCharSpaceW
IsInternetESCEnabled
ParseURLW
PathAddBackslashA
PathAddBackslashW
PathAddExtensionA
PathAddExtensionW
PathAppendA
PathAppendW
PathCanonicalizeA
PathCanonicalizeW
PathCombineA
PathCombineW
PathCommonPrefixA
PathCommonPrefixW
PathCreateFromUrlAlloc
PathCreateFromUrlW
PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathFindNextComponentA
PathFindNextComponentW
PathGetArgsA
PathGetArgsW
PathGetCharTypeA
PathGetCharTypeW
PathGetDriveNumberA
PathGetDriveNumberW
PathIsFileSpecA
PathIsFileSpecW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsPrefixA
PathIsPrefixW
PathIsRelativeA
PathIsRelativeW
PathIsRootA
PathIsRootW
PathIsSameRootA
PathIsSameRootW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCServerW
PathIsUNCW
PathIsURLW
PathMatchSpecA
PathMatchSpecExA
PathMatchSpecExW
PathMatchSpecW
PathParseIconLocationA
PathParseIconLocationW
PathQuoteSpacesA
PathQuoteSpacesW
PathRelativePathToA
PathRelativePathToW
PathRemoveBackslashA
PathRemoveBackslashW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathRenameExtensionA
PathRenameExtensionW
PathSearchAndQualifyA
PathSearchAndQualifyW
PathSkipRootA
PathSkipRootW
PathStripPathA
PathStripPathW
PathStripToRootA
PathStripToRootW
PathUnExpandEnvStringsA
PathUnExpandEnvStringsW
PathUnquoteSpacesA
PathUnquoteSpacesW
QISearch
SHLoadIndirectString
SHRegCloseUSKey
SHRegDeleteUSValueA
SHRegDeleteUSValueW
SHRegEnumUSKeyA
SHRegEnumUSKeyW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetUSValueA
SHRegGetUSValueW
SHRegOpenUSKeyA
SHRegOpenUSKeyW
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetUSValueA
SHRegSetUSValueW
StrCSpnA
StrCSpnIA
StrCSpnIW
StrCSpnW
StrCatBuffA
StrCatBuffW
StrCatChainW
StrChrA
StrChrIA
StrChrIW
StrChrNIW
StrChrNW
StrChrW
StrCmpCA
StrCmpCW
StrCmpICA
StrCmpICW
StrCmpIW
StrCmpLogicalW
StrCmpNA
StrCmpNCA
StrCmpNCW
StrCmpNIA
StrCmpNICA
StrCmpNICW
StrCmpNIW
StrCmpNW
StrCmpW
StrCpyNW
StrDupA
StrDupW
StrIsIntlEqualA
StrIsIntlEqualW
StrPBrkA
StrPBrkW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrSpnA
StrSpnW
StrStrA
StrStrIA
StrStrIW
StrStrNIW
StrStrNW
StrStrW
StrToInt64ExA
StrToInt64ExW
StrToIntA
StrToIntExA
StrToIntExW
StrToIntW
StrTrimA
StrTrimW
UrlApplySchemeW
UrlCanonicalizeW
UrlCombineA
UrlCombineW
UrlCreateFromPathW
UrlEscapeW
UrlFixupW
UrlGetLocationW
UrlGetPartW
UrlIsW
UrlUnescapeA
UrlUnescapeW

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-user32-l1-1-0.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-user32-l1-1-0.pdb

Exports

Exports

CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
IsCharAlphaA
IsCharAlphaNumericA
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerA
IsCharLowerW
IsCharUpperA
IsCharUpperW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-user32-l1-1-1.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-user32-l1-1-1.pdb

Exports

Exports

CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
IsCharAlphaA
IsCharAlphaNumericA
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerA
IsCharLowerW
IsCharUpperA
IsCharUpperW
LoadStringA
LoadStringW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/api-ms-win-downlevel-version-l1-1-0.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-downlevel-version-l1-1-0.pdb

Exports

Exports

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerFindFileA
VerFindFileW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/compatprovider.dll
.dll regsvr32 windows:6 windows x86 arch:x86

225eb014809aee6e84e3dd59feffd57d

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:42:33:5e:a1:07:75:50:db:13:9e:90:76:84:ed:37:3b:22:3b:5d:18:c2:a9:38:fd:16:2a:74:3f:34:71:20
Signer

Actual PE Digest

54:42:33:5e:a1:07:75:50:db:13:9e:90:76:84:ed:37:3b:22:3b:5d:18:c2:a9:38:fd:16:2a:74:3f:34:71:20

Digest Algorithm

sha256

PE Digest Matches

true

92:d3:49:5a:7a:51:f5:0f:24:da:e4:0b:3a:7e:97:61:8d:5d:52:8a
Signer

Actual PE Digest

92:d3:49:5a:7a:51:f5:0f:24:da:e4:0b:3a:7e:97:61:8d:5d:52:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

CompatProvider.pdb

Imports

msvcrt

wcschr
_wcsicmp
__RTDynamicCast
memcmp
_vsnwprintf
_wcsnicmp
wcsncpy_s
wcsrchr
_except_handler4_common
realloc
_errno
__CxxFrameHandler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QAE@XZ
memset
?what@exception@@UBEPBDXZ
calloc
_purecall
vswprintf_s
_vscwprintf
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s
malloc
wcscat_s
free
wcscpy_s
memcpy

kernel32

WaitForSingleObject
SetFileAttributesW
FindNextFileW
DeviceIoControl
FindClose
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
SetThreadUILanguage
GetVersionExW
SetEnvironmentVariableW
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetCurrentDirectoryW
CompareStringW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
FormatMessageW
LocalFree
CreateFileW
CloseHandle
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
GetNativeSystemInfo
GetFileAttributesW
ReadFile
SetFilePointer
FreeLibrary
CreateProcessW
GetExitCodeProcess
GetStartupInfoW
FindFirstFileW
CreateFileMappingW
SetLastError
UnmapViewOfFile
MapViewOfFile
SearchPathW
ExpandEnvironmentStringsW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

user32

CharLowerBuffW
CharNextW
LoadStringW

ole32

CoCreateGuid
ProgIDFromCLSID
CoTaskMemFree
CoCreateInstance
StringFromGUID2
StringFromCLSID

oleaut32

LoadTypeLi
UnRegisterTypeLi
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
VarBstrCat
SetErrorInfo
CreateErrorInfo
VariantClear
SysAllocStringLen
LoadRegTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
SysFreeString

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
NtSetInformationFile

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/dism.Format.ps1xml
.ps1
Bin/x86/DISM81/dism.Types.ps1xml
.xml
Bin/x86/DISM81/dism.exe
.exe windows:6 windows x86 arch:x86

c32889e572eef3a734161be8e976fe00

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:c3:9d:a2:96:49:f7:8e:c0:61:fb:4f:bb:14:6b:dd:dc:59:86:75:31:71:b9:c9:78:27:97:ac:f0:11:42:47
Signer

Actual PE Digest

e1:c3:9d:a2:96:49:f7:8e:c0:61:fb:4f:bb:14:6b:dd:dc:59:86:75:31:71:b9:c9:78:27:97:ac:f0:11:42:47

Digest Algorithm

sha256

PE Digest Matches

true

89:1d:47:97:c1:48:88:63:ce:7e:ab:1f:4a:e2:6c:56:e2:24:16:f5
Signer

Actual PE Digest

89:1d:47:97:c1:48:88:63:ce:7e:ab:1f:4a:e2:6c:56:e2:24:16:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

Dism.pdb

Imports

msvcrt

_unlock
_lock
??1type_info@@UAE@XZ
wcsstr
iswalpha
_wcsnicmp
towlower
__dllonexit
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_onexit
__CxxFrameHandler3
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QAE@XZ
wcscpy_s
_errno
realloc
_except_handler4_common
memset
wcsrchr
calloc
malloc
_purecall
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_controlfp
_wcslwr_s
_wcsicmp
wcschr
wprintf
memmove_s
memcpy_s
?terminate@@YAXXZ
memcmp
_ftol2
__RTDynamicCast
memcpy

api-ms-win-downlevel-kernel32-l1-1-0

OutputDebugStringW
GetCommandLineW
HeapFree
GetProcessHeap
SizeofResource
SetThreadUILanguage
LoadResource
FindResourceExW
Sleep
SetConsoleCtrlHandler
CloseHandle
GetCurrentProcess
LockResource
GetLastError
LeaveCriticalSection
SetEvent
DeleteCriticalSection
RaiseException
EnterCriticalSection
SetErrorMode
CompareStringW
InitializeCriticalSection
GetStdHandle
HeapAlloc
WriteConsoleW
WideCharToMultiByte
WriteFile
GetFileType
GetConsoleMode
GetModuleFileNameW
GetProcAddress
GetVersionExW
GetModuleHandleW
SearchPathW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
FindFirstFileW
CopyFileExW
FindClose
DeviceIoControl
FindNextFileW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
WaitForSingleObject
GetSystemInfo
HeapDestroy
HeapReAlloc
HeapSize
MultiByteToWideChar
LoadLibraryExW
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetModuleHandleExW
SetFileAttributesW
GetDriveTypeW
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetCurrentThreadId
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
ReadFile
SetFilePointer

api-ms-win-downlevel-advapi32-l1-1-1

GetLengthSid
IsValidSecurityDescriptor
GetAclInformation
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetTraceEnableLevel
RegisterTraceGuidsW
TraceEvent
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
InitializeAcl
RegOpenKeyExW
IsValidSid
GetTraceEnableFlags
CopySid
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-downlevel-advapi32-l4-1-0

InitiateSystemShutdownExW
LookupPrivilegeValueW

api-ms-win-downlevel-ole32-l1-1-1

GetErrorInfo
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree
LocalAlloc

api-ms-win-downlevel-user32-l1-1-1

CharLowerBuffW

oleaut32

SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VarBstrCmp
VariantClear

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

ntdll

RtlNtStatusToDosError
RtlGetVersion
RtlAllocateHeap
RtlFreeHeap
NtSetInformationFile

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/dism.psd1
Bin/x86/DISM81/dism.psm1
Bin/x86/DISM81/dismapi.dll
.dll windows:6 windows x86 arch:x86

1677cfdc8e95d43f01da7bbbff5c7380

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:9d:51:e3:c4:8b:84:0f:a0:f7:cd:0b:1f:5a:d1:7b:78:1b:cb:98:ce:26:76:85:dd:e8:fa:ed:76:96:94:18
Signer

Actual PE Digest

57:9d:51:e3:c4:8b:84:0f:a0:f7:cd:0b:1f:5a:d1:7b:78:1b:cb:98:ce:26:76:85:dd:e8:fa:ed:76:96:94:18

Digest Algorithm

sha256

PE Digest Matches

true

05:c2:2b:f8:5e:95:9c:3b:73:db:c5:12:1f:bb:51:ea:42:c0:6e:dc
Signer

Actual PE Digest

05:c2:2b:f8:5e:95:9c:3b:73:db:c5:12:1f:bb:51:ea:42:c0:6e:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

DismApi.pdb

Imports

msvcrt

fclose
wcstok_s
fgetws
_wfopen
feof
iswctype
strrchr
rand
_wcslwr_s
_wtoi
towlower
wcsstr
_vsnwprintf
wcsrchr
_wcsnicmp
_except_handler4_common
realloc
_errno
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QAE@XZ
wcscpy_s
memset
vsprintf_s
_vscprintf
calloc
_vsnprintf
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
swscanf_s
iswspace
wcschr
memcmp
_ftol2
_wcstoui64
wcstoul
_purecall
_wcsicmp
iswalpha
malloc
free
vswprintf_s
_vscwprintf
memmove_s
memcpy_s
memcpy

api-ms-win-downlevel-kernel32-l1-1-0

SearchPathW
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareStringW
HeapFree
GetProcessHeap
GetEnvironmentVariableW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetThreadUILanguage
OutputDebugStringA
GetModuleHandleExW
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FormatMessageW
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetVersionExW
GetModuleHandleW
GetFileSize
TlsGetValue
MapViewOfFile
UnmapViewOfFile
VirtualQuery
WaitForSingleObject
IsDebuggerPresent
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
FormatMessageA
GetVersion
GetFileSizeEx
DeleteFileA
WaitForMultipleObjectsEx
DebugBreak
DeleteFileW
ReleaseMutex
MultiByteToWideChar
CreateMutexA
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
LoadLibraryExA
CreateThread
ExpandEnvironmentStringsW
TlsSetValue
GetLocalTime
CreateFileMappingW
TlsAlloc
GetWindowsDirectoryW
TlsFree
CreateFileA
CreateMutexW
ExpandEnvironmentStringsA
WriteFile
GetLastError
GetModuleFileNameA
ExitProcess
MoveFileExW
GetLocaleInfoW
GetSystemTime
GetTimeFormatW
SetFilePointer
GetSystemWindowsDirectoryW
CreateEventW
ResumeThread
DuplicateHandle
ResetEvent
GetCurrentProcess
IsWow64Process
GetTempFileNameW
GetFullPathNameW
FindFirstFileW
CopyFileExW
CreateFileW
FlushFileBuffers
GetTempPathW
SetLastError
FindClose
DeviceIoControl
FindNextFileW
CloseHandle
GetFileInformationByHandle
SetFileAttributesW
GetCurrentThread
GetSystemInfo
GetFileAttributesW
CreateDirectoryW
GetCommandLineW
GetTickCount
SetErrorMode
FindResourceExW
SetEvent

api-ms-win-downlevel-advapi32-l1-1-1

RegCreateKeyExW
AddAccessAllowedAce
EqualSid
RegOpenKeyExW
GetTokenInformation
OpenThreadToken
RegCloseKey
RegSetValueExW
OpenProcessToken
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegQueryValueExW
InitializeAcl
SetSecurityDescriptorDacl
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
InitializeSecurityDescriptor
GetLengthSid

api-ms-win-downlevel-ole32-l1-1-1

CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
GetErrorInfo

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree
CreateFileMappingA

api-ms-win-downlevel-user32-l1-1-1

CharLowerBuffW

oleaut32

SafeArrayUnaccessData
SysStringByteLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VarBstrCat
SysAllocStringByteLen
SysAllocString
SysStringLen
VarBstrCmp
VariantClear
LoadRegTypeLi
LoadTypeLi
SafeArrayAccessData
SafeArrayDestroy
SysFreeString

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlGetVersion
RtlNtStatusToDosError
NtSetInformationFile

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Exports

Exports

DismAddDriver
DismAddPackage
DismApplyUnattend
DismCheckImageHealth
DismCleanupMountpoints
DismCloseSession
DismCommitImage
DismDelete
DismDisableFeature
DismEnableFeature
DismGetDriverInfo
DismGetDrivers
DismGetFeatureInfo
DismGetFeatureParent
DismGetFeatures
DismGetImageInfo
DismGetLastErrorMessage
DismGetMountedImageInfo
DismGetPackageInfo
DismGetPackages
DismInitialize
DismMountImage
DismOpenSession
DismRemountImage
DismRemoveDriver
DismRemovePackage
DismRestoreImageHealth
DismShutdown
DismUnmountImage
_DismAddProvisionedAppxPackage
_DismEnableDisableFeature
_DismExportDriver
_DismGetCurrentEdition
_DismGetFeaturesEx
_DismGetKCacheBinaryValue
_DismGetKCacheDwordValue
_DismGetKCacheStringValue
_DismGetLastCBSSessionID
_DismGetOsInfo
_DismGetProductKeyInfo
_DismGetProvisionedAppxPackages
_DismGetRegistryMountPoint
_DismGetStateFromCBSSessionID
_DismGetTargetEditions
_DismOptimizeImage
_DismRemoveProvisionedAppxPackage
_DismSetAppXProvisionedDataFile
_DismSetEdition
_DismSetFirstBootCommandLine
_DismSetMachineName
_DismSetProductKey
_DismValidateProductKey

Sections

.text
Size: 381KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/dismcore.dll
.dll regsvr32 windows:6 windows x86 arch:x86

2329fbd73c4ef2cc461fbcef83716787

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:74:09:5d:56:10:cd:b4:ea:55:c5:37:fa:ae:06:b5:b4:77:e7:e8:6d:df:1a:84:b5:09:40:4b:df:fc:2f:f3
Signer

Actual PE Digest

af:74:09:5d:56:10:cd:b4:ea:55:c5:37:fa:ae:06:b5:b4:77:e7:e8:6d:df:1a:84:b5:09:40:4b:df:fc:2f:f3

Digest Algorithm

sha256

PE Digest Matches

true

80:02:77:f2:77:c1:84:49:2f:2c:87:06:ab:11:52:4c:e2:58:2a:91
Signer

Actual PE Digest

80:02:77:f2:77:c1:84:49:2f:2c:87:06:ab:11:52:4c:e2:58:2a:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

DismCore.pdb

Imports

msvcrt

fclose
wcstok_s
swscanf_s
fgetws
_wfopen
iswctype
strrchr
_vsnprintf
memmove_s
towlower
_wcsnicmp
_wtoi
_vsnwprintf
vsprintf_s
_vscprintf
rand
wcsstr
_wcsicmp
wcsrchr
wcschr
_vscwprintf
vswprintf_s
wcscpy_s
_resetstkoflw
malloc
_purecall
calloc
wcsncpy_s
wcscat_s
memset
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
__CxxFrameHandler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
feof
??0exception@@QAE@XZ
memcmp
_ftol2
memcpy_s
free
memcpy

api-ms-win-downlevel-kernel32-l1-1-0

TerminateProcess
GetModuleFileNameW
GetModuleHandleW
CopyFileExW
WaitForSingleObject
CreateMutexW
CreateEventW
SetEvent
CreateFileA
TlsFree
GetWindowsDirectoryW
TlsAlloc
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
GetLocalTime
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
TlsSetValue
GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleHandleExW
GetTempPathW
FormatMessageA
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetVersion
VirtualQuery
TlsGetValue
GetFileSize
ExitProcess
MultiByteToWideChar
CompareStringW
SetLastError
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetVersionExW
OutputDebugStringW
UnmapViewOfFile
MapViewOfFile
SearchPathW
ExpandEnvironmentStringsA
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateFileW
GetDriveTypeW
GetCurrentDirectoryW
SetFileAttributesW
FindNextFileW
DeviceIoControl
FindClose
FindFirstFileW
IsDebuggerPresent
FlushFileBuffers
GetFileSizeEx
DeleteFileA
DebugBreak
DeleteFileW
ReleaseMutex
CreateMutexA
SetThreadUILanguage
LoadLibraryExA
GetModuleFileNameA
GetLastError
GetCurrentThread
WriteFile
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
MoveFileExW
GetSystemDirectoryW
FormatMessageW
DuplicateHandle
CreateProcessW
GetEnvironmentStringsW
GetSystemWindowsDirectoryW
GetNativeSystemInfo
GetSystemInfo
GetExitCodeProcess
FreeEnvironmentStringsW
CreateFileMappingW
GetFileAttributesW
ReadFile
SetFilePointer

api-ms-win-downlevel-ole32-l1-1-1

CoSetProxyBlanket
CoCreateGuid
SetErrorInfo
CoRegisterPSClsid
ProgIDFromCLSID
CoRegisterClassObject
CoTaskMemFree
CreateErrorInfo
GetErrorInfo
StringFromGUID2
CoRevokeClassObject
StringFromCLSID
CoCreateInstance

api-ms-win-downlevel-user32-l1-1-1

CharNextW
LoadStringW

api-ms-win-downlevel-advapi32-l1-1-1

OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
EqualSid
RegQueryInfoKeyW
RegOpenKeyExW
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
AddAccessAllowedAce
GetLengthSid

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree
CreateFileMappingA

oleaut32

SystemTimeToVariantTime
LoadTypeLibEx
VariantTimeToSystemTime
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString

api-ms-win-downlevel-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-downlevel-advapi32-l4-1-0

LookupPrivilegeValueW

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
NtSetInformationFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/dismcoreps.dll
.dll regsvr32 windows:6 windows x86 arch:x86

9c9ef7ff09516fac6d9f5a330a92a91c

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:a1:cc:d8:16:ef:74:c2:11:02:41:f9:6d:89:e3:a8:bf:cb:65:86:dc:e2:c0:f2:43:19:a0:75:43:e3:13:66
Signer

Actual PE Digest

29:a1:cc:d8:16:ef:74:c2:11:02:41:f9:6d:89:e3:a8:bf:cb:65:86:dc:e2:c0:f2:43:19:a0:75:43:e3:13:66

Digest Algorithm

sha256

PE Digest Matches

true

f4:0c:a1:c3:2b:f2:ed:8d:39:67:2b:eb:6c:22:42:38:e8:95:86:3a
Signer

Actual PE Digest

f4:0c:a1:c3:2b:f2:ed:8d:39:67:2b:eb:6c:22:42:38:e8:95:86:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DismCorePS.pdb

Imports

msvcrt

_amsg_exit
free
malloc
_initterm
_except_handler4_common
_XcptFilter
memcmp

oleaut32

LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
LPSAFEARRAY_UserSize

rpcrt4

CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllUnregisterProxy
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrStubCall2
NdrStubForwardingFunction
NdrOleAllocate
CStdStubBuffer_CountRefs

api-ms-win-downlevel-kernel32-l1-1-0

DisableThreadLibraryCalls
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetDismInterfaces
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/dismprov.dll
.dll regsvr32 windows:6 windows x86 arch:x86

0cb2eb57ed354b426a5d346eafc02385

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

94:f9:f2:48:45:bf:73:48:67:0b:f2:9a:a1:40:fe:c8:c3:ea:63:af:34:09:ac:12:e7:a7:57:0c:62:5b:ae:03
Signer

Actual PE Digest

94:f9:f2:48:45:bf:73:48:67:0b:f2:9a:a1:40:fe:c8:c3:ea:63:af:34:09:ac:12:e7:a7:57:0c:62:5b:ae:03

Digest Algorithm

sha256

PE Digest Matches

true

1b:37:5a:f9:04:15:2f:05:2f:07:58:0d:35:e3:d3:e1:d3:7f:f3:83
Signer

Actual PE Digest

1b:37:5a:f9:04:15:2f:05:2f:07:58:0d:35:e3:d3:e1:d3:7f:f3:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

DISMProv.pdb

Imports

msvcrt

realloc
_errno
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
memset
_except_handler4_common
wcscat_s
calloc
??0exception@@QAE@XZ
memmove_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
wcsrchr
_purecall
vswprintf_s
memcmp
_vscwprintf
_lock
memcpy_s
_wcsicmp
wcschr
_wcsnicmp
_vsnwprintf
_vsnprintf
rand
_vscprintf
vsprintf_s
_wtoi
towlower
strrchr
iswctype
feof
_wfopen
fgetws
swscanf_s
wcstok_s
fclose
free
__RTDynamicCast
_unlock
__dllonexit
wcsncpy_s
_onexit
malloc
wcscpy_s
memcpy

ntdll

RtlAllocateHeap
RtlFreeHeap

oleaut32

VarUI4FromStr
SysAllocString
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
RegisterTypeLi
UnRegisterTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString

api-ms-win-downlevel-kernel32-l1-1-0

GetWindowsDirectoryW
TlsFree
CreateFileA
CreateMutexW
GetCurrentThread
CreateFileW
GetLastError
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetFileSize
ExitProcess
GetProcAddress
LoadLibraryExW
GetModuleHandleW
ExpandEnvironmentStringsA
WriteFile
GetModuleFileNameA
LoadLibraryExA
CreateMutexA
ReleaseMutex
DeleteFileW
LeaveCriticalSection
RaiseException
EnterCriticalSection
MultiByteToWideChar
DebugBreak
LoadResource
FindResourceExW
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetModuleHandleExW
CompareStringW
LockResource
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
TlsAlloc
GetVersion
SetFilePointer
WideCharToMultiByte
GetSystemInfo
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetFullPathNameW
GetFileAttributesW
FlushFileBuffers
GetTempPathW
SetLastError
DeviceIoControl
CreateFileMappingW
GetLocalTime
TlsSetValue
WaitForSingleObject
FormatMessageW
FormatMessageA
VirtualQuery
DeleteFileA
UnmapViewOfFile
GetFileSizeEx
IsDebuggerPresent
MapViewOfFile
GetProcessHeap
TlsGetValue
SizeofResource
GetTempFileNameW

api-ms-win-downlevel-ole32-l1-1-1

CoRevokeClassObject
CoTaskMemFree
CoRegisterClassObject
CoRegisterPSClsid
CoCreateInstance
StringFromGUID2
CoUnmarshalInterface
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoTaskMemRealloc

api-ms-win-downlevel-user32-l1-1-1

CharNextW

api-ms-win-downlevel-advapi32-l1-1-1

InitializeSecurityDescriptor
EqualSid
RegQueryInfoKeyW
RegCloseKey
SetSecurityDescriptorDacl
GetTokenInformation
OpenThreadToken
InitializeAcl
OpenProcessToken
AddAccessAllowedAce
RegEnumKeyExW
RegOpenKeyExW
GetLengthSid
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

api-ms-win-downlevel-kernel32-l2-1-0

lstrcmpiW
CreateFileMappingA
LocalFree

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/en-us/VHDProvider.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/en-us/compatprovider.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/en-us/dism.exe.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/en-us/dismapi.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/en-us/dismcore.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/en-us/dismprov.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/en-us/folderprovider.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/en-us/imagingprovider.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/en-us/logprovider.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/en-us/wimgapi.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/en-us/wimprovider.dll.mui
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/folderprovider.dll
.dll regsvr32 windows:6 windows x86 arch:x86

39b95571bf5f2db51cf93877fe2ae9b4

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/08/2012, 17:49

Not After

30/11/2013, 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:e1:64:8b:3b:0f:e8:d6:48:39:41:39:f3:86:81:a6:52:43:4a:cb:4e:18:fa:68:13:8e:bf:8e:11:03:b9:92
Signer

Actual PE Digest

7b:e1:64:8b:3b:0f:e8:d6:48:39:41:39:f3:86:81:a6:52:43:4a:cb:4e:18:fa:68:13:8e:bf:8e:11:03:b9:92

Digest Algorithm

sha256

PE Digest Matches

true

48:e1:f7:18:00:e6:47:76:bc:2c:2e:69:77:1d:93:13:6f:4f:c4:84
Signer

Actual PE Digest

48:e1:f7:18:00:e6:47:76:bc:2c:2e:69:77:1d:93:13:6f:4f:c4:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

FolderProvider.pdb

Imports

msvcrt

wcschr
wcsncpy_s
__CxxFrameHandler3
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_vsnwprintf
malloc
memmove_s
memset
_wcsnicmp
memcpy_s
_purecall
vswprintf_s
_vscwprintf
wcscat_s
free
wcscpy_s
??1type_info@@UAE@XZ
memcmp

api-ms-win-downlevel-kernel32-l1-1-0

DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SetLastError
GetFileAttributesW
GetCurrentThreadId
OutputDebugStringW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetFullPathNameW
GetCurrentProcessId

api-ms-win-downlevel-user32-l1-1-1

CharNextW

api-ms-win-downlevel-advapi32-l1-1-1

RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

api-ms-win-downlevel-ole32-l1-1-1

StringFromGUID2
CoCreateInstance

oleaut32

UnRegisterTypeLi
LoadRegTypeLi
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi

ntdll

RtlFreeHeap
RtlAllocateHeap

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/imagingprovider.dll
.dll regsvr32 windows:6 windows x86 arch:x86

f603a837bf1baa758be24d7ab511380a

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:24:ee:fa:45:28:46:6f:64:4e:4d:02:ac:9d:8d:d9:cf:29:79:bd:6f:cc:bf:66:9b:48:c3:f0:18:95:35:2c
Signer

Actual PE Digest

a6:24:ee:fa:45:28:46:6f:64:4e:4d:02:ac:9d:8d:d9:cf:29:79:bd:6f:cc:bf:66:9b:48:c3:f0:18:95:35:2c

Digest Algorithm

sha256

PE Digest Matches

true

fc:ca:c6:a3:2f:d8:6e:d4:fd:e4:d8:5f:46:26:5b:e7:73:df:05:f0
Signer

Actual PE Digest

fc:ca:c6:a3:2f:d8:6e:d4:fd:e4:d8:5f:46:26:5b:e7:73:df:05:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

ImagingProvider.pdb

Imports

msvcrt

memcmp
__RTDynamicCast
wcsrchr
wcschr
towlower
_except_handler4_common
iswalpha
_vsnwprintf
realloc
_errno
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
malloc
memset
calloc
??0exception@@QAE@XZ
memmove_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
wcsncpy_s
_purecall
memcpy_s
vswprintf_s
_vscwprintf
_wcsicmp
wcstoul
_wcsnicmp
wcscat_s
free
wcscpy_s

api-ms-win-downlevel-kernel32-l1-1-0

GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
DisableThreadLibraryCalls
MapViewOfFile
UnmapViewOfFile
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetLocaleInfoW
GetNumberFormatW
HeapAlloc
GetProcessHeap
HeapFree
FileTimeToLocalFileTime
GetVersionExW
GetDateFormatW
GetTimeFormatW
CompareStringW
CreateFileMappingW
HeapDestroy
HeapReAlloc
HeapSize
SetLastError
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SetThreadUILanguage
FormatMessageW
FindResourceExW
LoadResource
LockResource
CloseHandle
CreateFileW
FreeLibrary
FileTimeToSystemTime
SearchPathW

api-ms-win-downlevel-user32-l1-1-1

LoadStringW
CharNextW
CharLowerBuffW

api-ms-win-downlevel-advapi32-l1-1-1

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-downlevel-ole32-l1-1-1

SetErrorInfo
GetErrorInfo
CoCreateInstance
StringFromGUID2
CreateErrorInfo
ProgIDFromCLSID
CoTaskMemFree

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree

oleaut32

SysFreeString
RegisterTypeLi
VariantClear
LoadRegTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysAllocStringLen

ntdll

RtlVerifyVersionInfo
VerSetConditionMask

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/logprovider.dll
.dll regsvr32 windows:6 windows x86 arch:x86

f1b04dcdcdc47e7f36aa63318efeaafb

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:1c:83:5f:7e:45:a2:02:73:e8:6d:a6:da:16:0b:44:7b:cc:c3:ac:38:13:3f:e4:df:3d:a0:e5:12:dc:61:20
Signer

Actual PE Digest

a8:1c:83:5f:7e:45:a2:02:73:e8:6d:a6:da:16:0b:44:7b:cc:c3:ac:38:13:3f:e4:df:3d:a0:e5:12:dc:61:20

Digest Algorithm

sha256

PE Digest Matches

true

8a:bf:e6:36:3e:3b:31:f7:e7:83:5c:33:87:1e:e3:9d:47:c1:53:27
Signer

Actual PE Digest

8a:bf:e6:36:3e:3b:31:f7:e7:83:5c:33:87:1e:e3:9d:47:c1:53:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

LogProvider.pdb

Imports

msvcrt

_except_handler4_common
realloc
_errno
__CxxFrameHandler3
??1type_info@@UAE@XZ
_onexit
memcmp
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
memset
calloc
memmove_s
_purecall
memcpy_s
vswprintf_s
_vscwprintf
_vsnprintf
wcscat_s
free
fclose
wcscpy_s
wcstok_s
wcsncpy_s
__dllonexit
rand
_vscprintf
vsprintf_s
_vsnwprintf
_wcsicmp
wcsrchr
wcschr
_wtoi
_wcsnicmp
towlower
strrchr
iswctype
feof
_wfopen
fgetws
swscanf_s
memcpy

ntdll

RtlAllocateHeap
RtlFreeHeap

oleaut32

SetErrorInfo
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
CreateErrorInfo
SysFreeString
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi

api-ms-win-downlevel-kernel32-l1-1-0

UnmapViewOfFile
CreateFileMappingW
ExitProcess
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MapViewOfFile
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetFileSize
TlsGetValue
VirtualQuery
SearchPathW
SetThreadUILanguage
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
HeapAlloc
GetProcessHeap
OutputDebugStringA
HeapFree
CreateDirectoryW
FormatMessageA
TlsSetValue
WideCharToMultiByte
GetLocalTime
LockResource
LoadResource
FindResourceExW
HeapDestroy
HeapReAlloc
HeapSize
GetVersion
TlsAlloc
GetWindowsDirectoryW
TlsFree
CreateFileA
MultiByteToWideChar
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
CloseHandle
FormatMessageW
CreateMutexW
ExpandEnvironmentStringsA
WriteFile
GetSystemWindowsDirectoryW
GetSystemInfo
GetModuleFileNameA
LoadLibraryExA
CreateMutexA
GetTempFileNameW
GetFullPathNameW
GetVersionExW
GetCurrentThread
ReleaseMutex
GetFileAttributesW
SetFilePointer
DeleteFileW
FreeLibrary
WaitForSingleObject
FlushFileBuffers
GetTempPathW
SetLastError
DeviceIoControl
DebugBreak
DeleteFileA
GetFileSizeEx
IsDebuggerPresent
SizeofResource

api-ms-win-downlevel-user32-l1-1-1

CharNextW
LoadStringW

api-ms-win-downlevel-advapi32-l1-1-1

EqualSid
FreeSid
CheckTokenMembership
GetTokenInformation
OpenThreadToken
InitializeSecurityDescriptor
OpenProcessToken
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
GetLengthSid
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
AllocateAndInitializeSid

api-ms-win-downlevel-ole32-l1-1-1

StringFromGUID2
CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID

api-ms-win-downlevel-kernel32-l2-1-0

LocalFree
CreateFileMappingA

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/pkgmgr.exe
.exe windows:6 windows x86 arch:x86

23df54cc733b5d47543a8b235b7f377b

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:8b:3b:f0:34:6e:47:ff:6e:e2:36:62:e1:c6:23:79:b5:51:85:43:d9:18:b5:b3:21:e2:b6:be:fc:5e:6d:cc
Signer

Actual PE Digest

8f:8b:3b:f0:34:6e:47:ff:6e:e2:36:62:e1:c6:23:79:b5:51:85:43:d9:18:b5:b3:21:e2:b6:be:fc:5e:6d:cc

Digest Algorithm

sha256

PE Digest Matches

true

ca:68:42:a9:71:d2:e0:71:dd:4e:46:32:d2:73:37:bf:a1:80:d3:10
Signer

Actual PE Digest

ca:68:42:a9:71:d2:e0:71:dd:4e:46:32:d2:73:37:bf:a1:80:d3:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

pkgmgr.pdb

Imports

advapi32

StartTraceW
EnableTrace
ControlTraceW
CloseTrace
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

SetEnvironmentVariableW
DeviceIoControl
GetFileAttributesW
CreateDirectoryW
GetFileAttributesExW
CreateFileW
FreeLibrary
MoveFileExW
GetSystemTime
GetProcAddress
LoadLibraryW
GetWindowsDirectoryW
DeleteFileW
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
OutputDebugStringA
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetFullPathNameW
GetLastError
ExpandEnvironmentStringsW
GetModuleFileNameW
GetEnvironmentVariableW
GetCurrentProcessId
FormatMessageW
GetModuleHandleExW
LoadLibraryExW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
SetLastError
GetCommandLineW
HeapSetInformation
Sleep
CloseHandle
GetCurrentProcess
LocalFree

user32

MessageBoxW

msvcrt

malloc
memmove
wcsrchr
_vsnwprintf
_wcsicmp
_vsnprintf
wcstoul
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_wcsnicmp
wcschr
free
??3@YAXPAX@Z
??2@YAPAXI@Z
_CxxThrowException
__CxxFrameHandler3
wcsstr
memcpy
_controlfp
?terminate@@YAXXZ
_except_handler4_common
_errno
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
memmove_s
memcmp
memset

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/ssshim.dll
.dll windows:6 windows x86 arch:x86

6dedd39118a4761aaad08c8ece7a7625

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/08/2012, 17:49

Not After

30/11/2013, 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:69:34:58:11:a2:57:5b:56:eb:85:36:fa:0d:22:14:4b:16:b4:4d:c1:42:e1:eb:33:1d:c7:16:15:d4:44:cc
Signer

Actual PE Digest

c4:69:34:58:11:a2:57:5b:56:eb:85:36:fa:0d:22:14:4b:16:b4:4d:c1:42:e1:eb:33:1d:c7:16:15:d4:44:cc

Digest Algorithm

sha256

PE Digest Matches

true

dc:d1:b8:60:64:53:6b:f0:06:7f:50:da:3a:3f:73:1c:d8:8f:41:eb
Signer

Actual PE Digest

dc:d1:b8:60:64:53:6b:f0:06:7f:50:da:3a:3f:73:1c:d8:8f:41:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ssshim.pdb

Imports

ntdll

LdrLockLoaderLock
LdrUnlockLoaderLock
NtQueryAttributesFile
RtlPcToFileHeader
LdrLoadDll
LdrUnloadDll
NtQueryPerformanceCounter
NtClose
RtlAllocateHeap
RtlFreeHeap
RtlRaiseStatus
NtOpenFile
NtQueryDirectoryFile
NtCreateFile
NtQueryInformationFile
NtReadFile
NtWriteFile
NtSetInformationFile
RtlQueryEnvironmentVariable_U
RtlRaiseException
NtQueryObject
NtQueryInformationProcess
NtOpenProcess
NtDelayExecution
RtlInitString
LdrGetProcedureAddress
NtTerminateProcess
RtlCaptureContext
RtlUnhandledExceptionFilter
memmove
NtQuerySystemTime
RtlNtStatusToDosErrorNoTeb
DbgPrintEx
RtlDowncaseUnicodeChar
RtlUpcaseUnicodeChar
RtlReAllocateHeap
RtlTimeToTimeFields
strncmp
wcstoul
RtlCreateUnicodeStringFromAsciiz
LdrGetDllHandle
RtlDosPathNameToNtPathName_U
_aulldvrm
RtlUnicodeToMultiByteN
memset
DbgPrint
memcmp
memcpy
RtlUnwind

Exports

Exports

SssBindServicingStack
SssGetServicingStackFilePath
SssGetServicingStackFilePathLength
SssPreloadDownlevelDependencies
SssReleaseServicingStack

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/vhdprovider.dll
.dll regsvr32 windows:6 windows x86 arch:x86

7519c05de92cae46fd71a5091be0bc25

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:8f:c9:28:7a:7a:69:60:8b:d1:9a:55:94:e7:cc:07:31:cd:b7:10:54:db:9a:51:fb:8c:d9:b7:05:e2:80:47
Signer

Actual PE Digest

31:8f:c9:28:7a:7a:69:60:8b:d1:9a:55:94:e7:cc:07:31:cd:b7:10:54:db:9a:51:fb:8c:d9:b7:05:e2:80:47

Digest Algorithm

sha256

PE Digest Matches

true

10:66:ea:fa:39:53:e1:d5:60:f0:a3:60:16:5f:d6:99:d3:24:0d:9b
Signer

Actual PE Digest

10:66:ea:fa:39:53:e1:d5:60:f0:a3:60:16:5f:d6:99:d3:24:0d:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

VhdProvider.pdb

Imports

msvcrt

memmove
iswctype
_wtoi
wcstoul
_wcsnicmp
towlower
towupper
iswspace
wcsrchr
iswalpha
wcsstr
_wcsupr
qsort
bsearch
wcschr
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
malloc
memset
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
_purecall
wcscat_s
wcsncpy_s
memmove_s
calloc
_wcsicmp
_vsnwprintf
_vscwprintf
memcpy_s
vswprintf_s
free
wcscpy_s
memcpy
memcmp

kernel32

SetEndOfFile
GetFileTime
GetFileSizeEx
SetFilePointerEx
CreateFileMappingW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
GetLastError
CloseHandle
HeapFree
GetProcessHeap
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
Sleep
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
HeapAlloc
SetVolumeMountPointW
DeleteVolumeMountPointW
GetFileAttributesW
SetFileAttributesW
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteFileW
GetVolumePathNamesForVolumeNameW
SetLastError
MultiByteToWideChar
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SetThreadUILanguage
CompareStringW
UnlockFileEx
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FormatMessageW
FindResourceExW
LoadResource
LockResource
LocalFree
GetFullPathNameW
GetFileInformationByHandle
GetVolumePathNameW
CreateThread
SetErrorMode
GetModuleHandleExW
GetSystemDirectoryW
ReadFile
SetFilePointer
FreeLibrary
WriteFile
LockFileEx
LoadLibraryW
GetTempPathW
DeviceIoControl
GetLogicalDrives
UnmapViewOfFile
MapViewOfFile
SearchPathW
GetDriveTypeW
GetDiskFreeSpaceExW
GetVolumeInformationW
HeapDestroy
VirtualFree
VirtualAlloc
FindFirstFileW
CopyFileExW
FlushFileBuffers
GetDiskFreeSpaceW
FindClose
FindNextFileW
GetCurrentThread
GetVersionExW

advapi32

RegLoadKeyW
RegUnLoadKeyW
OpenProcessToken
DuplicateTokenEx
AdjustTokenPrivileges
SetThreadToken
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegFlushKey
RegEnumValueW
RegDeleteTreeW
RegDeleteKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
OpenThreadToken

user32

LoadStringW
CharNextW
CharUpperBuffW
UnregisterClassA

ole32

CoUninitialize
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID
CoTaskMemFree
CoInitializeEx

oleaut32

SysAllocStringByteLen
SysAllocStringLen
LoadRegTypeLi
VariantClear
SysStringByteLen
UnRegisterTypeLi
LoadTypeLi
SysStringLen
RegisterTypeLi
SysAllocString
CreateErrorInfo
SetErrorInfo
SysFreeString

ntdll

RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlReAllocateHeap
NtQueryObject
NtOpenFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlRaiseStatus
NtYieldExecution
RtlAdjustPrivilege
RtlEnterCriticalSection
RtlVerifyVersionInfo
VerSetConditionMask
RtlInitUnicodeString
NtQueryDirectoryObject
RtlAllocateHeap
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtOpenDirectoryObject
NtClose
RtlNtStatusToDosError
RtlCompareMemory

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

setupapi

CMP_WaitNoPendingInstallEvents

version

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/wimgapi.dll
.dll windows:6 windows x86 arch:x86

e024500126be52bdb4d2125bbe04c1ee

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:4e:b1:7b:d5:b6:bf:28:9b:18:57:b5:1a:9a:8c:5e:71:ac:7c:50:ee:1b:85:b6:31:87:9d:8b:c5:8e:c1:fe
Signer

Actual PE Digest

8d:4e:b1:7b:d5:b6:bf:28:9b:18:57:b5:1a:9a:8c:5e:71:ac:7c:50:ee:1b:85:b6:31:87:9d:8b:c5:8e:c1:fe

Digest Algorithm

sha256

PE Digest Matches

true

e8:db:1d:af:ec:88:71:7a:a0:8f:92:c6:e6:a7:87:20:9b:b3:03:be
Signer

Actual PE Digest

e8:db:1d:af:ec:88:71:7a:a0:8f:92:c6:e6:a7:87:20:9b:b3:03:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

wimgapi.pdb

Imports

msvcrt

memmove_s
memcpy_s
bsearch
memcpy
memset
memcmp
iswspace
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_vscwprintf
wcstoul
_wcsupr
qsort
wcschr
_wcsrev
_wcslwr
_snwprintf_s
towlower
towupper
_vsnwprintf
_wtoi
memmove
swscanf_s
wcsncmp
_wcsnicmp
wcsnlen
_wcsicmp
wcsrchr
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetModuleHandleW
GetCurrentDirectoryW
GetExitCodeProcess
CreateProcessW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
GetLastError
CloseHandle
HeapFree
GetProcessHeap
SetLastError
DeleteFileW
RemoveDirectoryW
HeapAlloc
CompareStringW
GetDriveTypeW
GetVersionExW
FlushFileBuffers
GetFileSizeEx
GetSystemInfo
GetFileInformationByHandle
EnterCriticalSection
LeaveCriticalSection
DeviceIoControl
GetEnvironmentVariableW
SetThreadIdealProcessor
GetCurrentThread
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
CreateFileW
WriteFile
FindFirstFileW
FindNextFileW
FindClose
GetTempPathW
GetTempFileNameW
GetFileSize
SetFilePointer
ReadFile
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
GetFullPathNameW
GetHandleInformation
SetFilePointerEx
SetEndOfFile
CreateEventW
InitializeCriticalSectionAndSpinCount
GetOverlappedResult
LocalFree
GetPrivateProfileSectionW
LockFileEx
UnlockFileEx
DuplicateHandle
LoadLibraryW
CreateMutexW
FormatMessageW
WaitForSingleObject
ReleaseMutex
WideCharToMultiByte
GetModuleFileNameW
OpenEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetVolumeInformationW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetSystemDirectoryW
SetEvent
WaitForMultipleObjectsEx
CreateThread
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
CreateSemaphoreExW
CopyFileExW
GetLogicalDriveStringsW
HeapReAlloc

ntdll

RtlDosPathNameToNtPathName_U_WithStatus
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlReAllocateHeap
RtlEnterCriticalSection
RtlGetVersion
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlInitUnicodeString
RtlImpersonateSelf
NtCreateFile
NtQueryInformationFile
NtClose
NtQueryDirectoryFile
RtlAllocateHeap
NtOpenFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtSetSecurityObject
RtlSetControlSecurityDescriptor
NtSetInformationFile
NtQuerySecurityObject
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlRaiseStatus
NtYieldExecution

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyExW
SetThreadToken
RegQueryValueExW
RegEnumKeyExW
RegLoadKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RevertToSelf
GetSecurityInfo
AddAccessAllowedAceEx
FreeSid
SetSecurityDescriptorDacl
EqualSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegUnLoadKeyW
RegFlushKey

user32

CharUpperW

rpcrt4

RpcBindingFree
RpcBindingSetAuthInfoW
RpcBindingFromStringBindingW
UuidCreate
UuidToStringW
RpcStringFreeW
UuidFromStringW
NdrClientCall2
RpcStringBindingComposeW

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Exports

Exports

DllCanUnloadNow
DllMain
WIMApplyImage
WIMCaptureImage
WIMCloseHandle
WIMCommitImageHandle
WIMCopyFile
WIMCreateFile
WIMCreateImageFile
WIMDeleteImage
WIMDeleteImageMounts
WIMEnumImageFiles
WIMExportImage
WIMExtractImagePath
WIMFindFirstImageFile
WIMFindNextImageFile
WIMGetAttributes
WIMGetImageCount
WIMGetImageInformation
WIMGetMessageCallbackCount
WIMGetMountedImageHandle
WIMGetMountedImageInfo
WIMGetMountedImageInfoFromHandle
WIMGetMountedImages
WIMGetWIMBootEntries
WIMGetWIMBootWIMPath
WIMInitFileIOCallbacks
WIMLoadImage
WIMMountImage
WIMMountImageHandle
WIMProcessCustomImage
WIMReadImageFile
WIMRegisterLogFile
WIMRegisterMessageCallback
WIMRemountImage
WIMSetBootImage
WIMSetFileIOCallbackTemporaryPath
WIMSetImageInformation
WIMSetReferenceFile
WIMSetTemporaryPath
WIMSplitFile
WIMUnmountImage
WIMUnmountImageHandle
WIMUnregisterLogFile
WIMUnregisterMessageCallback
WIMUpdateWIMBootEntry

Sections

.text
Size: 506KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/wimmount.sys
.sys windows:6 windows x86 arch:x86

2c5e2ea9029b499daea37942675b781a

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/08/2012, 17:49

Not After

30/11/2013, 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:25:42:c1:1b:62:47:44:4e:31:02:0a:60:04:d9:99:da:ef:d5:30:c1:6d:4b:c0:86:67:fa:f7:e2:57:ff:14
Signer

Actual PE Digest

b5:25:42:c1:1b:62:47:44:4e:31:02:0a:60:04:d9:99:da:ef:d5:30:c1:6d:4b:c0:86:67:fa:f7:e2:57:ff:14

Digest Algorithm

sha256

PE Digest Matches

true

c0:2c:d9:51:f4:ff:99:2d:4f:de:01:7e:f9:5c:ac:16:98:30:33:a4
Signer

Actual PE Digest

c0:2c:d9:51:f4:ff:99:2d:4f:de:01:7e:f9:5c:ac:16:98:30:33:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wimmount.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
RtlCompareMemory
ZwOpenProcess
ObOpenObjectByPointer
KeWaitForMultipleObjects
RtlAppendUnicodeStringToString
ZwClose
ExEventObjectType
MmGetSystemRoutineAddress
ProbeForWrite
memmove
ZwCreateEvent
PsProcessType
ProbeForRead
DbgPrint
ExInitializeResourceLite
ObfDereferenceObject
PsGetCurrentProcessId
IoGetTopLevelIrp
ExDeleteResourceLite
RtlCompareUnicodeString
ZwDuplicateObject
KeWaitForSingleObject
ObReferenceObjectByHandle
IoFileObjectType
KeInitializeEvent
KeSetEvent
RtlInitUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlUnwind

fltmgr.sys

FltSetStreamContext
FltAcquireResourceShared
FltGetVolumeName
FltObjectReference
FltGetVolumeFromFileObject
FltGetRoutineAddress
FltCloseClientPort
FltEnumerateInstances
FltSendMessage
FltObjectDereference
FltStartFiltering
FltReleaseFileNameInformation
FltRegisterFilter
FltAcquireResourceExclusive
FltFsControlFile
FltBuildDefaultSecurityDescriptor
FltCloseCommunicationPort
FltUnregisterFilter
FltGetFileNameInformation
FltAllocateContext
FltClose
FltReleaseContext
FltReleaseResource
FltQueryInformationFile
FltReissueSynchronousIo
FltCreateFile
FltIsDirectory
FltFreeSecurityDescriptor
FltGetDiskDeviceObject
FltSetInformationFile
FltCreateCommunicationPort
FltUntagFile
FltGetStreamContext
FltGetRequestorProcessId
FltDeleteStreamContext
FltSetCallbackDataDirty

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/wimmountadksetupx86.exe
.exe windows:6 windows x86 arch:x86

9f701f226d9d5efbc88d2373417a3a2f

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/08/2012, 17:49

Not After

30/11/2013, 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f8:b3:2f:fe:36:77:12:f7:8c:b5:c1:33:c2:13:96:70:48:6b:f2:89:da:ee:68:23:33:2f:1b:df:09:4a:ad:da
Signer

Actual PE Digest

f8:b3:2f:fe:36:77:12:f7:8c:b5:c1:33:c2:13:96:70:48:6b:f2:89:da:ee:68:23:33:2f:1b:df:09:4a:ad:da

Digest Algorithm

sha256

PE Digest Matches

true

cd:11:68:46:c5:97:57:f1:1b:d0:8d:3b:53:3f:78:97:40:76:e1:24
Signer

Actual PE Digest

cd:11:68:46:c5:97:57:f1:1b:d0:8d:3b:53:3f:78:97:40:76:e1:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WimMountAdkSetupX86.pdb

Imports

advapi32

RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

CloseHandle
GetCurrentProcessId
GetFileAttributesW
HeapAlloc
TerminateProcess
LocalFree
GetSystemInfo
SetLastError
GetLastError
GetModuleFileNameW
GetProcessHeap
HeapFree
GetDriveTypeW
GetNativeSystemInfo
GetFullPathNameW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcess
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter

user32

MessageBoxW

msvcrt

__iob_func
_wfopen
_vsnwprintf
wcsncmp
_wcsnicmp
fwprintf
vfwprintf
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_wcsicmp
fclose
wcschr

shell32

CommandLineToArgvW

ntdll

RtlNtStatusToDosError
RtlFreeHeap
RtlAllocateHeap

fltlib

FilterUnload

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/wimprovider.dll
.dll regsvr32 windows:6 windows x86 arch:x86

58dc712111ae37f171fda65548396cf4

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:c3:62:88:2b:1d:45:32:28:0b:67:9c:c1:94:76:b7:c2:0f:21:48:88:bc:cf:27:df:cb:e3:bb:f1:e2:9d:b1
Signer

Actual PE Digest

61:c3:62:88:2b:1d:45:32:28:0b:67:9c:c1:94:76:b7:c2:0f:21:48:88:bc:cf:27:df:cb:e3:bb:f1:e2:9d:b1

Digest Algorithm

sha256

PE Digest Matches

true

a2:16:e0:69:41:28:4f:f5:0a:9f:a7:f4:23:52:6f:fd:be:b7:5f:29
Signer

Actual PE Digest

a2:16:e0:69:41:28:4f:f5:0a:9f:a7:f4:23:52:6f:fd:be:b7:5f:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

WimProvider.pdb

Imports

msvcrt

towupper
_strnicmp
_except_handler4_common
_onexit
__dllonexit
memmove
_wcsnicmp
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
iswspace
malloc
memset
_wtoi64
_wcsicmp
wcstoul
_vsnwprintf
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
wcsncmp
wcschr
wcscat_s
memmove_s
calloc
_wtol
wcscpy_s
memcpy_s
_purecall
wcsrchr
vswprintf_s
free
_vscwprintf
wcsncpy_s
memcmp
memcpy
__RTDynamicCast

api-ms-win-downlevel-kernel32-l1-1-0

LoadLibraryExW
GetModuleHandleExW
OutputDebugStringW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
HeapFree
GetProcessHeap
GetFullPathNameW
HeapReAlloc
HeapAlloc
GetLastError
CompareStringW
DisableThreadLibraryCalls
SetThreadLocale
RaiseException
GetProcAddress
GetModuleHandleW
GetFileAttributesW
FindFirstFileW
FindClose
SetLastError
DeleteFileW
GetLocaleInfoW
GetNumberFormatW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
HeapDestroy
HeapSize
GetFileInformationByHandle
CloseHandle
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
LockResource
LoadResource
SearchPathW
MapViewOfFile
UnmapViewOfFile
GetVersionExW
CreateFileMappingW
FindNextFileW
LoadLibraryExA
GetThreadLocale
FindResourceExW
FormatMessageW
SetThreadUILanguage

api-ms-win-downlevel-ole32-l1-1-1

CoTaskMemFree
SetErrorInfo
StringFromGUID2
ProgIDFromCLSID
CreateErrorInfo
CoCreateInstance

api-ms-win-downlevel-user32-l1-1-1

CharUpperW
CharNextW
CharLowerBuffW
LoadStringW

api-ms-win-downlevel-advapi32-l1-1-1

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-downlevel-kernel32-l2-1-0

GetPrivateProfileSectionW
LocalAlloc
LocalFree

oleaut32

SysStringLen
VarBstrCmp
VariantClear
SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
SysFreeString
LoadTypeLi
SysAllocString

ntdll

RtlEnterCriticalSection
RtlReAllocateHeap
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlFreeHeap
RtlNtStatusToDosError
RtlRaiseStatus
NtYieldExecution
RtlAllocateHeap

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/DISM81/wimserv.exe
.exe windows:6 windows x86 arch:x86

292660bc107b273a71fb0b3af81f3c77

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/11/2013, 22:11

Not After

11/02/2015, 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:35

Not After

24/12/2014, 17:35

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:bf:04:86:84:5d:9e:be:0c:7a:28:b6:62:5f:ed:1d:7f:ed:92:9e:7e:e9:69:73:b3:3d:b5:ec:59:80:ee:25
Signer

Actual PE Digest

58:bf:04:86:84:5d:9e:be:0c:7a:28:b6:62:5f:ed:1d:7f:ed:92:9e:7e:e9:69:73:b3:3d:b5:ec:59:80:ee:25

Digest Algorithm

sha256

PE Digest Matches

true

91:c6:d2:b9:fe:cf:ea:30:22:cb:58:a4:0d:3f:39:60:1c:b8:be:f2
Signer

Actual PE Digest

91:c6:d2:b9:fe:cf:ea:30:22:cb:58:a4:0d:3f:39:60:1c:b8:be:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wimserv.pdb

Imports

kernel32

CreateSemaphoreW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileExW
GetCurrentDirectoryW
GetModuleHandleW
CreateThread
HeapSetInformation
WaitForMultipleObjects
CreateEventW
ResetEvent
Sleep
CreateMutexW
CloseHandle
GetLastError
GetProcessHeap
SetEvent
WaitForSingleObject
HeapFree
HeapAlloc
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryW
CreateFileW
RemoveDirectoryW
GetVolumeInformationW
GetFileInformationByHandle
DuplicateHandle
GetDriveTypeW
FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
ReadFile
GetTempPathW
DeviceIoControl
GetCurrentThread
LocalFree
FreeLibrary
LoadLibraryExW
GetProcAddress
WaitForMultipleObjectsEx
GetOverlappedResult
FormatMessageW
LocalAlloc
WriteFile
ReleaseMutex
WideCharToMultiByte
SetFilePointer
GetFullPathNameW
GetEnvironmentVariableW
SetFileAttributesW
GetFileAttributesW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetFilePointerEx
DeleteCriticalSection
GetModuleHandleExW
CompareStringW
GetSystemDirectoryW
HeapReAlloc
GetHandleInformation
SetEndOfFile
InitializeCriticalSectionAndSpinCount
DeleteFileW
GetVersionExW
FlushFileBuffers
GetSystemInfo
SetThreadIdealProcessor
GetTempFileNameW
CreateSemaphoreExW
ReleaseSemaphore
LockFileEx
UnlockFileEx

user32

CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW

msvcrt

_wtoi
qsort
memmove_s
wcsnlen
memset
memcpy
iswspace
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_snwprintf_s
swscanf_s
wcsncmp
wcsrchr
towupper
_XcptFilter
memcmp
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_vsnwprintf
_wcsnicmp
memmove
_vscwprintf
_wcsicmp
wcschr
memcpy_s
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit

rpcrt4

RpcRevertToSelf
RpcServerUseProtseqEpW
UuidFromStringW
RpcServerRegisterAuthInfoW
RpcImpersonateClient
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerListen
NdrServerCall2
RpcServerRegisterIf
RpcStringFreeW
UuidCreate
UuidToStringW

advapi32

RegEnumKeyExW
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegUnLoadKeyW
RegFlushKey
RegSetValueExW
RegLoadKeyW
RevertToSelf
EqualSid
AddAccessAllowedAce
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetThreadToken
OpenThreadToken
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
GetLengthSid
FreeSid
AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

ntdll

RtlInitializeCriticalSection
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlInitializeResource
NtSetSecurityObject
RtlSetControlSecurityDescriptor
NtQuerySecurityObject
RtlImpersonateSelf
NtClose
RtlDosPathNameToNtPathName_U
RtlAdjustPrivilege
RtlInitUnicodeString
NtCreateFile
NtSetInformationFile
NtQueryInformationFile
RtlNtStatusToDosError
RtlAllocateHeap
RtlFreeHeap
RtlAcquireResourceExclusive
RtlGetVersion
RtlEnterCriticalSection
RtlReAllocateHeap
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlRaiseStatus
NtYieldExecution

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/NSudo.exe
.exe windows:6 windows x86 arch:x86

16026b739637a8b250930b6e8e3c054c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Documents\Visual Studio 2019\Projects\NSudo\Source\Native\Output\Binaries\Release\Win32\NSudoLG.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetModuleFileNameW
OpenProcess
CreateEventW
MultiByteToWideChar
GetTickCount64
LockResource
QueryPerformanceFrequency
FindResourceExW
LoadResource
GetProcAddress
VerSetConditionMask
FreeLibrary
SleepEx
GetFileInformationByHandleEx
QueryPerformanceCounter
LoadLibraryExW
GetModuleHandleExW
ExitProcess
Sleep
OutputDebugStringW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SizeofResource
GetLocalTime
GetCurrentProcessId
ResumeThread
WaitForSingleObjectEx
InitializeCriticalSection
GetCurrentProcess
SetPriorityClass
MulDiv
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
CloseHandle
GetThreadUILanguage
GetLastError
GetCurrentThreadId
GetFileAttributesW
CreateFileW
InitializeCriticalSectionEx
LeaveCriticalSection
SetThreadUILanguage
GetCommandLineW
EnterCriticalSection
SetLastError
HeapFree
ReadFile
VerifyVersionInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount

user32

EndPaint
BeginPaint
DrawIconEx
GetClientRect
GetWindowTextW
LoadIconW
ChangeWindowMessageFilter
DestroyIcon
UnregisterClassW
MonitorFromWindow
GetDC
SendMessageW
EndDialog
SetWindowLongW
DialogBoxParamW
LoadImageW
GetDlgItem
SetWindowTextW

gdi32

DeleteDC
GetDeviceCaps

comdlg32

GetOpenFileNameW

advapi32

AdjustTokenPrivileges
GetAce
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
IsWellKnownSid
AddAce
CreateRestrictedToken
FreeSid
StartServiceW
InitializeAcl
OpenServiceW
GetLengthSid
AddAccessAllowedAce
QueryServiceStatusEx
LookupPrivilegeValueW
SetTokenInformation
OpenProcessToken
SetThreadToken
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation

shell32

DragQueryFileW
DragFinish

ole32

CoInitializeEx

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSEnumerateProcessesW
WTSQueryUserToken

msvcrt

_initterm_e
_set_fmode
__p__commode
_controlfp_s
_errno
strcpy_s
__pctype_func
tolower
___mb_cur_max_func
wcsnlen
wcstol
_mbtowc_l
_wcsicmp
__wgetmainargs
strrchr
_msize
_XcptFilter
__set_app_type
malloc
_callnewh
?_set_new_mode@@YAHH@Z
___lc_codepage_func
realloc
_CIlog10
ceil
_clearfp
_except_handler4_common
_amsg_exit
memmove
memset
free
_CxxThrowException
wcsstr
wcsrchr
__CxxFrameHandler3
_initterm
_wcsnicmp
_wcmdln
strncmp
memcpy
?terminate@@YAXXZ

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/esdtoolcore.exe
.exe windows:10 windows x86 arch:x86

e4e9dcd1c6a818d13c22ad6a7eee0047

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

EsdToolCore.pdb

Imports

msvcrt

__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_purecall
wcschr
memcpy_s
_wtoi
_lock
wprintf
printf
_unlock
_vsnwprintf
_wcsicmp
__dllonexit
_onexit
?terminate@@YAXXZ
wcsrchr
_wcsnicmp
wcsncmp
_vscwprintf
towupper
swscanf_s
wcsnlen
_wcstoi64
wcsstr
strncpy_s
_strnicmp
_wcslwr
_wcsrev
qsort
towlower
_wcsupr
wcstoul
wcstok_s
strcpy_s
memmove_s
iswspace
_wcstoui64
_controlfp
_initterm
_except_handler4_common
memmove
memcpy
memcmp
_ftol2
_wtol
__CxxFrameHandler3
memset

ntdll

NtClose
RtlGetLastNtStatus
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryInformationProcess
NtQueryEaFile
NtCreateFile
RtlImpersonateSelf
RtlInitUnicodeString
NtUnloadKey2
RtlSetControlSecurityDescriptor
RtlFindAceByType
NtSetSecurityObject
NtSetEaFile
RtlInitializeResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
RtlDeleteResource
RtlRaiseStatus
RtlInitializeCriticalSection
DbgPrintEx
NtQueryDirectoryFile
NtWriteFile
NtReadFile
RtlReAllocateHeap
RtlExpandEnvironmentStrings
NtWaitForSingleObject
NtYieldExecution
RtlDowncaseUnicodeChar
NtSetInformationThread
RtlGetVersion
NtShutdownSystem
NtSetInformationProcess
RtlDosPathNameToNtPathName_U
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosError
RtlAdjustPrivilege
NtOpenFile

fltlib

FilterSendMessage
FilterLoad
FilterAttach

cabinet

ord23
ord22
ord20

oleaut32

SysFreeString
SysAllocString

rpcrt4

UuidCreate
RpcStringFreeW
I_RpcMapWin32Status
UuidToStringW
UuidFromStringW

kernel32

WriteFile
GetTimeZoneInformation
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentThreadId
FreeLibrary
LoadLibraryW
SetLastError
ExitProcess
CreateFileMappingW
SetConsoleCtrlHandler
GetCurrentDirectoryW
FormatMessageW
DeleteCriticalSection
WideCharToMultiByte
GetFileSize
MultiByteToWideChar
GetVersionExA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFilePointer
CreateFileA
GetFullPathNameW
WaitForSingleObject
VirtualQuery
GetSystemWindowsDirectoryW
OutputDebugStringW
CreateThread
CreateEventW
CompareStringW
CloseHandle
LoadLibraryExW
GetTempPathW
LocalFree
SetEvent
RemoveDirectoryW
IsWow64Process
GetCurrentProcess
CreateDirectoryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcmpW
DeviceIoControl
SetFileAttributesW
GetLongPathNameW
GetFinalPathNameByHandleW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
CreateSemaphoreW
GetDriveTypeW
GetFileInformationByHandleEx
GetFileInformationByHandle
SetFileInformationByHandle
CopyFileExW
FlushFileBuffers
Sleep
FindNextFileW
FindFirstFileW
GetFileAttributesW
FindClose
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
GetProcAddress
HeapAlloc
GetModuleHandleExW
HeapFree
ExpandEnvironmentStringsW
MapViewOfFile
GetEnvironmentVariableW
UnmapViewOfFile
GlobalMemoryStatusEx
GetSystemDirectoryW
ReleaseSemaphore
TlsAlloc
ResetEvent
WaitForMultipleObjects
TlsFree
TlsGetValue
GetPrivateProfileSectionW
TlsSetValue
GetFileSizeEx
SetFilePointerEx
DebugBreak
IsDebuggerPresent
SetEndOfFile
ReadFile
GetCurrentThread
CreateFileW
GetTickCount
GetTempFileNameW
LCIDToLocaleName
WaitForMultipleObjectsEx
CreateSemaphoreExW
GetVolumePathNamesForVolumeNameW
SetPriorityClass
SetThreadPriority
GetExitCodeThread
GetOverlappedResult
GetSystemInfo
InitializeCriticalSection
SetThreadIdealProcessor
HeapReAlloc
GetThreadPriority
GetPriorityClass
LocalAlloc
GetHandleInformation
GetVolumeInformationW
LockFileEx
UnlockFileEx
OpenProcess
DuplicateHandle

setupapi

SetupFindNextLine
SetupFindFirstLineW
SetupCloseInfFile
SetupGetStringFieldW
SetupGetLineTextW
SetupOpenInfFileW

advapi32

GetSecurityInfo
RegUnLoadKeyW
RegLoadKeyW
RegFlushKey
SetSecurityInfo
InitiateSystemShutdownExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
WriteEncryptedFileRaw
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegEnumValueW
RegQueryInfoKeyW
CloseEncryptedFileRaw
ReadEncryptedFileRaw
OpenEncryptedFileRawW
RevertToSelf
CopySid
OpenThreadToken
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
InitializeAcl
GetLengthSid
AddAccessAllowedAce
RegOpenKeyExW
CryptGetUserKey
CryptSetProvParam
CryptAcquireContextW
CryptExportKey
CryptGenKey
CryptDestroyKey
RegQueryValueExW
RegSetValueExW
RegCloseKey
CryptReleaseContext
GetNamedSecurityInfoW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorLength

shlwapi

StrStrIW

user32

CharUpperW

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

bcrypt

BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptCreateHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptGetProperty

Sections

.text
Size: 828KB - Virtual size: 827KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/imagex.exe
.exe windows:10 windows x86 arch:x86

bab6ba01ebde937f44a6e3da9e111a49

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:03:47:41:62:13:ac:f2:67:54:f2:1c:64:9d:39:05:01:79:e0:73:1c:58:7d:67:b7:00:92:16:b7:66:70:09
Signer

Actual PE Digest

16:03:47:41:62:13:ac:f2:67:54:f2:1c:64:9d:39:05:01:79:e0:73:1c:58:7d:67:b7:00:92:16:b7:66:70:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

imagex.pdb

Imports

msvcrt

_wcsupr
strcpy_s
towlower
qsort
_wcsrev
_wcslwr
_strnicmp
memcpy_s
strncpy_s
_wcstoi64
wcsnlen
wcsstr
wcstok_s
wcsncmp
towupper
_wcsnicmp
wcschr
_vscwprintf
_wcsicmp
__iob_func
memmove_s
iswspace
_purecall
malloc
_callnewh
free
wcstoul
_vsnwprintf
memcmp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_wtoi
wcsrchr
_wtol
fflush
printf
swscanf_s
memset

ntdll

NtYieldExecution
RtlReAllocateHeap
DbgPrintEx
RtlInitializeCriticalSection
RtlRaiseStatus
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
NtUnloadKey2
RtlInitUnicodeString
NtQuerySecurityObject
RtlImpersonateSelf
NtSetEaFile
NtSetSecurityObject
RtlSetControlSecurityDescriptor
NtCreateFile
NtQueryEaFile
NtQueryVolumeInformationFile
NtQueryInformationProcess
NtQueryInformationFile
RtlAdjustPrivilege
NtClose
NtQueryDirectoryFile
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlGetLastNtStatus
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
RtlFindAceByType
RtlNtStatusToDosError
RtlDowncaseUnicodeChar

kernel32

GetSystemTimeAsFileTime
GetTickCount
ReleaseMutex
LocalAlloc
GetCurrentThreadId
CreateMutexW
HeapReAlloc
UnlockFileEx
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetModuleHandleExW
LockFileEx
CreateEventW
SetEndOfFile
GetTempPathW
DeleteFileW
RemoveDirectoryW
SetFilePointerEx
SetFilePointer
GetFileSize
SetThreadIdealProcessor
GetSystemInfo
GetTempFileNameW
GetOverlappedResult
ReadFile
GetDriveTypeW
lstrcmpW
GetCurrentThread
OpenProcess
GetSystemWindowsDirectoryW
InitializeCriticalSectionAndSpinCount
FindClose
GetCurrentDirectoryW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetFinalPathNameByHandleW
GetLongPathNameW
CreateDirectoryW
FindNextFileW
FindFirstFileW
SetConsoleCtrlHandler
GetModuleFileNameW
GetFullPathNameW
GetTickCount64
GetFileAttributesW
CompareStringW
SetLastError
LocalFree
FormatMessageW
HeapFree
LeaveCriticalSection
FillConsoleOutputCharacterW
EnterCriticalSection
GetLogicalDrives
GetVolumePathNamesForVolumeNameW
LoadLibraryW
InitializeCriticalSection
GetStdHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
MultiByteToWideChar
CreateSemaphoreExW
Wow64RevertWow64FsRedirection
GetExitCodeProcess
CreateProcessW
Wow64DisableWow64FsRedirection
GetLogicalDriveStringsW
SetConsoleCursorPosition
WriteConsoleW
GetConsoleScreenBufferInfo
GetConsoleMode
LCIDToLocaleName
WriteFile
GetLastError
WaitForMultipleObjectsEx
WideCharToMultiByte
TlsSetValue
GetCommandLineW
GetProcessHeap
GetEnvironmentVariableW
HeapAlloc
WaitForSingleObject
OpenEventW
GetVolumeInformationW
GetHandleInformation
SetEvent
DuplicateHandle
GetPrivateProfileSectionW
CloseHandle
CreateThread
ResetEvent
WaitForMultipleObjects
ReleaseSemaphore
GetProcAddress
CreateSemaphoreW
FreeLibrary
LoadLibraryExW
GetFileSizeEx
DeviceIoControl
CreateFileW
SetFileAttributesW
GetFileInformationByHandleEx
GetFileInformationByHandle
SetFileInformationByHandle
CopyFileExW
FlushFileBuffers
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalMemoryStatusEx
GetSystemDirectoryW
TlsAlloc
TlsFree
DeleteCriticalSection
TlsGetValue

user32

CharPrevW
CharNextW
LoadStringW
CharUpperW

shlwapi

PathMatchSpecW
StrStrIW

setupapi

SetupOpenInfFileW
SetupFindFirstLineW
SetupCloseInfFile
SetupGetLineTextW
SetupFindNextLine

rpcrt4

RpcBindingFree
RpcBindingSetAuthInfoW
UuidToStringW
RpcStringFreeW
RpcBindingFromStringBindingW
UuidCreate
I_RpcMapWin32Status
UuidFromStringW
NdrClientCall2
RpcStringBindingComposeW

fltlib

FilterSendMessage
FilterAttach
FilterLoad
FilterConnectCommunicationPort

cabinet

ord22
ord20
ord23

advapi32

InitializeSecurityDescriptor
InitializeAcl
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAccessAllowedAceEx
GetLengthSid
AddAccessAllowedAce
FreeSid
GetSecurityDescriptorLength
GetSecurityInfo
OpenProcessToken
AllocateAndInitializeSid
RevertToSelf
ReadEncryptedFileRaw
RegQueryInfoKeyW
AdjustTokenPrivileges
SetThreadToken
SetSecurityDescriptorDacl
LookupPrivilegeValueW
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegFlushKey
RegDeleteKeyExW
RegCloseKey
GetTokenInformation
OpenThreadToken
EqualSid
CheckTokenMembership
RegLoadKeyW
RegUnLoadKeyW

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

bcrypt

BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptGetProperty
BCryptCreateHash
BCryptHashData

Sections

.text
Size: 582KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/libwim-15.dll
.dll windows:4 windows x86 arch:x86

177db15880a3279696633581d336089c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
CloseEncryptedFileRaw
LookupPrivilegeValueW
OpenEncryptedFileRawW
OpenProcessToken
ReadEncryptedFileRaw
RegCloseKey
RegCreateKeyExW
RegFlushKey
RegLoadKeyW
RegSetValueExW
RegUnLoadKeyW
SystemFunction036
WriteEncryptedFileRaw

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
IsWow64Process
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MoveFileExW
MoveFileW
MultiByteToWideChar
OutputDebugStringA
RaiseException
ReadFile
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEndOfFile
SetEvent
SetFilePointer
SetFilePointerEx
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__mb_cur_max
_amsg_exit
_assert
_beginthreadex
_endthreadex
_errno
_fstat64
_get_osfhandle
_gmtime64
_initterm
_iob
_lock
_lseeki64
_open_osfhandle
_setjmp3
fwprintf
_telli64
_ultoa
_unlock
_waccess
_wcsicmp
_wfopen
_wgetenv
_wmkdir
_wopen
_wstat64
_wtempnam
_wunlink
abort
atoi
calloc
exit
fclose
feof
ferror
fflush
fgetwc
fopen
fputc
fputwc
fputws
fread
free
fwrite
getc
getenv
islower
isspace
isupper
iswctype
isxdigit
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
putc
qsort
rand
realloc
setlocale
srand
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strtol
strtoul
tolower
toupper
towlower
ungetc
ungetwc
vfprintf
time
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcspbrk
wcsrchr
wcsstr
wcstol
wcstombs
wcstoul
_wstat
_stat
longjmp
_write
_strdup
_read
_getcwd
_fdopen
_close

ntdll

NtClose
NtCreateFile
NtFsControlFile
NtOpenFile
NtOpenSymbolicLinkObject
NtQueryDirectoryFile
NtQueryEaFile
NtQueryInformationFile
NtQuerySecurityObject
NtQueryVolumeInformationFile
NtReadFile
NtSetEaFile
NtSetInformationFile
NtSetSecurityObject
NtWaitForSingleObject
NtWriteFile
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlNtStatusToDosError

user32

wsprintfW

Exports

Exports

wimlib_add_empty_image
wimlib_add_image
wimlib_add_image_multisource
wimlib_add_tree
wimlib_compress
wimlib_create_compressor
wimlib_create_decompressor
wimlib_create_new_wim
wimlib_decompress
wimlib_delete_image
wimlib_delete_path
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_free_compressor
wimlib_free_decompressor
wimlib_get_compression_type_string
wimlib_get_compressor_needed_memory
wimlib_get_error_string
wimlib_get_image_description
wimlib_get_image_name
wimlib_get_image_property
wimlib_get_version
wimlib_get_version_string
wimlib_get_wim_info
wimlib_get_xml_data
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join
wimlib_join_with_progress
wimlib_mount_image
wimlib_open_wim
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_rename_path
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_error_file
wimlib_set_error_file_by_name
wimlib_set_image_descripton
wimlib_set_image_flags
wimlib_set_image_name
wimlib_set_image_property
wimlib_set_memory_allocator
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_unmount_image
wimlib_unmount_image_with_progress
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd

Sections

.text
Size: 582KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/oscdimg.exe
.exe windows:10 windows x86 arch:x86

e13c5064ed79dccef09e9c3a0be87abb

Code Sign

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/08/2021, 18:05

Not After

15/09/2022, 18:05

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:02:81:79:cc:a9:55:21:b9:e0:50:e8:3a:8d:6b:e1:1a:14:5c:5a:89:43:6b:db:8d:8d:48:69:13:7f:f8:74
Signer

Actual PE Digest

9c:02:81:79:cc:a9:55:21:b9:e0:50:e8:3a:8d:6b:e1:1a:14:5c:5a:89:43:6b:db:8d:8d:48:69:13:7f:f8:74

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

OSCDIMG.pdb

Imports

kernel32

GetVersionExA
SetErrorMode
GetSystemTime
SystemTimeToFileTime
SetFileApisToANSI
SetFileApisToOEM
GetTimeZoneInformation
GetFullPathNameA
GetFullPathNameW
lstrlenW
FindFirstFileW
FindFirstFileA
FindClose
GetLongPathNameW
GetLastError
GetLongPathNameA
HeapFree
CreateFileW
CreateFileA
CloseHandle
WaitForSingleObject
SetEvent
FileTimeToSystemTime
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
ReadFile
GetFileTime
GetFileInformationByHandle
FindNextFileA
FindNextFileW
GetOverlappedResult
SetEndOfFile
SetFilePointer
CreateEventA
WriteFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetModuleHandleA
GetProcessWorkingSetSize
SetProcessWorkingSetSize
InitializeCriticalSection
VirtualFree
SetConsoleCtrlHandler
ExitProcess
FormatMessageA
GetProcessHeap
HeapAlloc
VirtualAlloc
VirtualLock
ResetEvent
GetProcAddress
ReleaseSemaphore
CreateThread
WaitForMultipleObjects
SetThreadPriority
CreateSemaphoreA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep

msvcrt

sprintf_s
wprintf
wcsrchr
_wcsicmp
strrchr
_stricmp
wcscpy_s
wcscat_s
strtok
_wfopen
fgetws
feof
fclose
fopen
fgets
swprintf_s
_strnicmp
_strtoui64
strtoul
tolower
atoi
srand
time
vfprintf
_ultoa
rand
_wcsnicmp
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
wcstok
_except_handler4_common
?terminate@@YAXXZ
_controlfp
memcpy
wcschr
_strupr
wcsncmp
strcat_s
strcpy_s
exit
printf
fflush
fprintf
strchr
__iob_func
memcmp
memset

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/x86/wimlib-imagex.exe
.exe windows:4 windows x86 arch:x86

821831e619b1d3f0415e047c23b0e09b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libwim-15

wimlib_add_image_multisource
wimlib_create_new_wim
wimlib_delete_image
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_get_compression_type_string
wimlib_get_error_string
wimlib_get_image_property
wimlib_get_version_string
wimlib_get_wim_info
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join_with_progress
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_image_property
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd

advapi32

ConvertSecurityDescriptorToStringSecurityDescriptorW

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__lconv_init
__mb_cur_max
__p__commode
__p__fmode
__p__wcmdln
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_errno
_commode
_fmode
_fpreset
_gmtime64
_initterm
_iob
_lock
_onexit
_putws
_setmode
fwprintf
_unlock
_wcserror
_wcsicmp
_wfopen
_wgetenv
_wstat64
abort
atoi
calloc
exit
fclose
feof
ferror
fflush
fprintf
fputc
fputwc
fputws
fread
free
fwrite
getenv
iswctype
localeconv
malloc
memcpy
memmove
memset
realloc
setlocale
signal
strchr
strerror
strlen
strncmp
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcsrchr
wcstoul
_wcsdup
_isatty

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CREDITS.txt
Changelog.txt
DONATE.jpg
.jpg
LICENSE.txt
Packs/Apps/GettingApps.txt
Packs/EdgeChromium/w7/DownloadExtract.cmd
.cmd .vbs
Packs/EdgeChromium/w7/Windows6.1-KB4474419-v3-x64.txt
Packs/EdgeChromium/w7/Windows6.1-KB4474419-v3-x86.txt
Packs/EdgeChromium/w7/Windows6.1-KB4490628-x64.txt
Packs/EdgeChromium/w7/Windows6.1-KB4490628-x86.txt
Packs/EdgeChromium/w7/Windows6.1-KB4592510-x64.txt
Packs/EdgeChromium/w7/Windows6.1-KB4592510-x86.txt
Packs/EdgeChromium/w7/Windows6.1-KB5001027-x64.txt
Packs/EdgeChromium/w7/Windows6.1-KB5001027-x86.txt
Packs/EdgeChromium/w7/Windows6.1-KB5006749-x64.txt
Packs/EdgeChromium/w7/Windows6.1-KB5006749-x86.txt
Packs/EdgeChromium/w81/DownloadExtract.cmd
.cmd .vbs
Packs/EdgeChromium/w81/Windows8.1-KB5001027-x64.txt
Packs/EdgeChromium/w81/Windows8.1-KB5001027-x86.txt
Packs/NetFX462/DownloadExtract.cmd
.cmd .vbs
Packs/NetFX48/w10/DownloadExtract.cmd
.cmd .vbs
Packs/NetFX48/w7/DownloadExtract.cmd
.cmd .vbs
Packs/NetFX48/w81/DownloadExtract.cmd
.cmd .vbs
Packs/PowerShell7/DownloadExtract.cmd
.cmd .vbs
Packs/PowerShell7/Windows6.1-KB3118401-x64.txt
Packs/PowerShell7/Windows6.1-KB3118401-x86.txt
Packs/PowerShell7/Windows8.1-KB3118401-x64.txt
Packs/PowerShell7/Windows8.1-KB3118401-x86.txt
Packs/VCRuntime/w7/DownloadExtract.cmd
.cmd .vbs
Packs/VCRuntime/w7/Windows6.1-KB3118401-x64.txt
Packs/VCRuntime/w7/Windows6.1-KB3118401-x86.txt
Packs/VCRuntime/w81/DownloadExtract.cmd
.cmd .vbs
Packs/VCRuntime/w81/Windows8.1-KB3118401-x64.txt
Packs/VCRuntime/w81/Windows8.1-KB3118401-x86.txt
Packs/WMF/w7/DownloadExtract.cmd
.cmd .vbs
Packs/WMF/w7/InstallOrder.txt
Packs/WMF/w7/Windows6.1-KB2809215-x64.txt
Packs/WMF/w7/Windows6.1-KB3033929-x64.txt
Packs/WMF/w7/Windows6.1-KB3033929-x86.txt
Packs/WMF/w7/Windows6.1-KB3191566-x64.txt
Packs/WMF/w7/Windows6.1-KB3191566-x86.txt
Packs/WMF/w81/DownloadExtract.cmd
.cmd .vbs
Packs/WMF/w81/Windows8.1-KB3191564-x64.txt
Packs/WMF/w81/Windows8.1-KB3191564-x86.txt
README.txt
Start.cmd
Toolkit.cmd
.cmd .vbs
Website.url

Resubmissions

Sharing

General

Malware Config

Signatures

Files

5d758a1b2b5495441996a1ec6691212b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

msvcrt

shlwapi

wimgapi

version

crypt32

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 40B

.rsrc Size: 1KB - Virtual size: 1KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 10KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

cee6f2e56c9d0896337240f928b841b7

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

netapi32

ole32

comctl32

msvcrt

shell32

comdlg32

winspool.drv

shlwapi

winmm

oleacc

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.itext Size: 8KB - Virtual size: 7KB

.data Size: 39KB - Virtual size: 38KB

.bss Size: - Virtual size: 89KB

.idata Size: 17KB - Virtual size: 16KB

.didata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 160B

.tls Size: - Virtual size: 76B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 267KB - Virtual size: 267KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 40B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3.1MB - Virtual size: 3.1MB

.itext
Size: 8KB - Virtual size: 7KB

.data
Size: 39KB - Virtual size: 38KB

.bss
Size: - Virtual size: 89KB

.idata
Size: 17KB - Virtual size: 16KB

.didata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 160B

.tls
Size: - Virtual size: 76B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 267KB - Virtual size: 267KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 11.8MB - Virtual size: 11.8MB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 120B

.rsrc
Size: 1024B - Virtual size: 1016B

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB

33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0
Certificate

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

15:da:06:64:3b:94:f5:75:8c:0e:eb:f3:0d:63:29:87:f5:b0:d2:92:e6:01:67:6f:36:ff:2c:bf:7a:04:b2:cd
Signer

.text
Size: 564KB - Virtual size: 563KB

.data
Size: 1024B - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 20KB - Virtual size: 20KB