advapi32.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
advapi32.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
advapi32.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
advapi32.dll
-
Size
629KB
-
MD5
cd94087e6b441f8c2e94221d990c8117
-
SHA1
07acc7fafbf5ad66fd0143ab572abd231989f8d5
-
SHA256
ac947f739af75be4dcf04ebef6d60afcb0a4959e1acb61f6976e4b93edf6a039
-
SHA512
950f0b1ea788de70dfcf6ff77c58102d06c7c338d3ba44dfc666136d1f829d085e2e692ccc56a0b3c868dd8b7bede134bd749cbc35e927430e27f478d141c8fd
-
SSDEEP
12288:15fzmNzR0M8cuG/lqIpLgbbYHyrr8S76SyrnNA01zBiU9:rm/0M8cuG/lqIhgbbYHyrrJ6SybNPZBt
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource advapi32.dll
Files
-
advapi32.dll.dll windows:6 windows x86 arch:x86
4bae8b74457e0072c0cca72ece51dd4a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
iswctype
_wcstoui64
_ftol2
tolower
_ultow
wcstok
isalnum
isspace
_errno
mbstowcs
_except_handler4_common
wcschr
wcsrchr
memset
memmove
_wcsicmp
_vsnwprintf
memcpy
wcscpy_s
_stricmp
strchr
strrchr
strstr
_vsnprintf
wcstombs
wcsstr
swprintf_s
wcsncpy_s
wcsncmp
swscanf_s
_wcsnicmp
wcstoul
wcscat_s
ntdll
RtlRunOnceExecuteOnce
LdrLoadDll
LdrGetProcedureAddress
RtlRunOnceBeginInitialize
LdrUnloadDll
NtOpenKey
NtQueryValueKey
NtOpenProcessToken
NtQueryInformationToken
NtClose
RtlImageNtHeader
EtwEventWriteEx
ord1
RtlFreeAnsiString
RtlGetCurrentTransaction
DbgPrint
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlIsTextUnicode
RtlUnicodeStringToAnsiString
RtlUnicodeToMultiByteSize
RtlLengthSid
RtlCopyUnicodeString
RtlOemStringToUnicodeString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlCompareMemory
RtlxUnicodeStringToAnsiSize
NlsMbCodePageTag
RtlMakeSelfRelativeSD
RtlInitUnicodeStringEx
RtlxAnsiStringToUnicodeSize
NtSetInformationThread
NtOpenThreadToken
RtlRandom
NtQuerySystemTime
RtlGetNtProductType
RtlGetThreadPreferredUILanguages
RtlSubAuthoritySid
RtlSubAuthorityCountSid
RtlCopySid
RtlUnicodeStringToInteger
RtlConvertSidToUnicodeString
RtlAllocateHandle
RtlIsValidIndexHandle
RtlFreeHandle
RtlEqualSid
NtSetInformationToken
RtlAddAccessAllowedAceEx
RtlFreeSid
RtlAllocateAndInitializeSid
NtCompareTokens
NtDuplicateToken
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlEnumerateGenericTableWithoutSplaying
RtlIsGenericTableEmpty
NtQueryInformationProcess
NtQueryKey
RtlGetLastNtStatus
NtDeviceIoControlFile
NtOpenFile
RtlExpandEnvironmentStrings_U
RtlDuplicateUnicodeString
RtlCreateUnicodeString
EtwEventWrite
EtwEventRegister
NtCreateKey
NtSetValueKey
RtlDeleteElementGenericTable
NtDeleteKey
RtlAppendUnicodeToString
RtlInsertElementGenericTable
RtlInitializeHandleTable
EtwEventUnregister
RtlDestroyHandleTable
NtEnumerateKey
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
RtlStringFromGUID
RtlFormatCurrentUserKeyPath
RtlInitializeGenericTable
RtlLookupElementGenericTable
RtlQueryRegistryValues
RtlNumberGenericTableElements
RtlValidSid
RtlGUIDFromString
RtlUpcaseUnicodeChar
NtQueryVolumeInformationFile
RtlPrefixUnicodeString
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlDetermineDosPathNameType_U
NtQueryInformationFile
RtlGetFullPathName_U
RtlNtStatusToDosErrorNoTeb
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN
RtlAnsiCharToUnicodeChar
RtlDllShutdownInProgress
NtCreateEvent
NtTerminateThread
NtWaitForSingleObject
NtSetEvent
NtClearEvent
NtDelayExecution
RtlExitUserThread
RtlRegisterThreadWithCsrss
NtCancelIoFile
NtWaitForMultipleObjects
NtDuplicateObject
RtlReleaseRelativeName
NtCreateFile
RtlDosPathNameToRelativeNtPathName_U
RtlSetLastWin32Error
NtTraceControl
EtwSendNotification
EtwDeliverDataBlock
EtwEnumerateProcessRegGuids
NtSetSystemInformation
RtlQueryTimeZoneInformation
RtlQueryPerformanceFrequency
EtwpGetCpuSpeed
NtQuerySystemInformation
NtQueryPerformanceCounter
RtlInitializeBitMap
RtlGetNativeSystemInformation
RtlInterlockedClearBitRun
RtlCreateAcl
NtTraceEvent
RtlQueryHeapInformation
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
RtlAdjustPrivilege
RtlImpersonateSelf
EtwProcessPrivateLoggerRequest
NtPowerInformation
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
RtlInitAnsiStringEx
RtlCompareUnicodeString
RtlCreateUnicodeStringFromAsciiz
NtRenameKey
NtLoadKeyEx
RtlInitializeSid
RtlFirstFreeAce
RtlValidAcl
RtlAddAce
RtlAddAuditAccessObjectAce
RtlAddAccessDeniedObjectAce
RtlAddAccessDeniedAceEx
RtlAddAuditAccessAceEx
RtlAddAccessAllowedObjectAce
RtlGetControlSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlCopyString
RtlTimeToSecondsSince1970
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtQueryInformationThread
RtlInitializeSRWLock
RtlEqualUnicodeString
NtQueryObject
NtQueryMutant
NtAlpcQueryInformation
RtlAddAccessAllowedAce
NtCreateKeyTransacted
RtlOpenCurrentUser
NtOpenKeyTransacted
NtQueryMultipleValueKey
NtOpenKeyEx
NtOpenKeyTransactedEx
RtlValidRelativeSecurityDescriptor
NtReplaceKey
NtSaveKey
NtSaveMergedKeys
NtQuerySecurityObject
EtwLogTraceEvent
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlGetVersion
NtReadFile
NtWriteFile
RtlReAllocateHeap
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
kernelbase
EnumUILanguagesW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
AreFileApisANSI
api-ms-win-service-core-l1-1-0
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetServiceStatus
api-ms-win-service-winsvc-l1-1-0
I_ScRpcBindW
StartServiceCtrlDispatcherA
StartServiceA
RegisterServiceCtrlHandlerW
RegisterServiceCtrlHandlerExA
RegisterServiceCtrlHandlerA
QueryServiceStatus
QueryServiceConfigA
QueryServiceConfig2A
OpenServiceA
OpenSCManagerA
NotifyServiceStatusChangeA
CreateServiceA
ControlServiceExA
ControlService
ChangeServiceConfigA
ChangeServiceConfig2A
I_ScRpcBindA
api-ms-win-service-management-l1-1-0
ControlServiceExW
OpenSCManagerW
OpenServiceW
CreateServiceW
DeleteService
CloseServiceHandle
StartServiceW
api-ms-win-service-management-l2-1-0
QueryServiceConfig2W
NotifyServiceStatusChangeW
ChangeServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW
QueryServiceObjectSecurity
QueryServiceStatusEx
SetServiceObjectSecurity
api-ms-win-core-localregistry-l1-1-0
RegSaveKeyExW
RegNotifyChangeKeyValue
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegLoadMUIStringA
RegSaveKeyExA
RegQueryValueExW
RegGetKeySecurity
RegSetKeySecurity
RegRestoreKeyA
RegRestoreKeyW
RegSetValueExW
RegLoadKeyA
RegLoadKeyW
RegOpenKeyExW
RegDeleteKeyExA
RegDeleteKeyExW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegGetValueA
RegGetValueW
RegCreateKeyExA
RegCreateKeyExW
RegFlushKey
RegOpenCurrentUser
RegOpenKeyExA
RegDisablePredefinedCacheEx
RegLoadMUIStringW
RegOpenUserClassesRoot
RegSetValueExA
RegUnLoadKeyA
RegUnLoadKeyW
RegDeleteTreeW
RegDeleteTreeA
RegCloseKey
api-ms-win-core-namedpipe-l1-1-0
ImpersonateNamedPipeClient
api-ms-win-core-processthreads-l1-1-0
CreateThread
GetCurrentThread
TerminateProcess
GetCurrentProcess
GetPriorityClass
OpenThread
GetCurrentThreadId
SetThreadToken
OpenThreadToken
OpenProcessToken
CreateProcessAsUserW
GetCurrentProcessId
GetProcessId
api-ms-win-security-base-l1-1-0
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetWindowsAccountDomainSid
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsTokenRestricted
IsValidAcl
IsValidRelativeSecurityDescriptor
IsValidSecurityDescriptor
IsWellKnownSid
MakeAbsoluteSD
MakeAbsoluteSD2
GetSidIdentifierAuthority
MapGenericMask
PrivilegeCheck
QuerySecurityAccessMask
RevertToSelf
SetAclInformation
SetKernelObjectSecurity
SetPrivateObjectSecurity
SetPrivateObjectSecurityEx
EqualDomainSid
SetSecurityAccessMask
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorRMControl
SetSecurityDescriptorSacl
SetTokenInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorRMControl
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetPrivateObjectSecurity
GetLengthSid
GetKernelObjectSecurity
GetAclInformation
GetAce
FreeSid
FindFirstFreeAce
MakeSelfRelativeSD
EqualSid
IsValidSid
AccessCheckAndAuditAlarmW
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultListAndAuditAlarmW
AccessCheckByTypeResultListAndAuditAlarmByHandleW
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmW
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmW
PrivilegedServiceAuditAlarmW
SetFileSecurityW
GetFileSecurityW
CopySid
GetTokenInformation
AccessCheck
AccessCheckByType
AccessCheckByTypeResultList
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
CheckTokenMembership
ConvertToAutoInheritPrivateObjectSecurity
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateRestrictedToken
CreateWellKnownSid
DeleteAce
DestroyPrivateObjectSecurity
DuplicateToken
DuplicateTokenEx
EqualPrefixSid
kernel32
ReadFile
VirtualAllocEx
VirtualFree
OpenProcess
GlobalMemoryStatusEx
GetActiveProcessorCount
GetSystemInfo
DeviceIoControl
GetSystemWindowsDirectoryW
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
ReleaseMutex
HeapSize
GetComputerNameW
ExpandEnvironmentStringsA
RegKrnInitialize
GetModuleFileNameW
LocalUnlock
LocalLock
GetComputerNameA
SetEvent
DuplicateHandle
CreateMutexW
ReadProcessMemory
DecodePointer
EncodePointer
FreeLibraryAndExitThread
IsWow64Process
GetPrivateProfileIntW
ResetEvent
HeapReAlloc
GetSystemTime
CreateMutexA
InitializeCriticalSection
Wow64RevertWow64FsRedirection
LockResource
SizeofResource
Wow64DisableWow64FsRedirection
GetFileSize
DosDateTimeToFileTime
FileTimeToDosDateTime
GetFileTime
SetErrorMode
FindNextFileW
FindFirstFileExW
SetFileInformationByHandle
CopyFileW
lstrcmpiA
UnmapViewOfFile
SetLastError
LocalFree
LocalAlloc
LocalReAlloc
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GetComputerNameExW
GetProcAddress
LoadLibraryExA
CloseHandle
CreateProcessInternalA
FreeLibrary
GetLastError
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
RegKrnGetGlobalState
LoadLibraryA
SleepEx
GetTickCount
HeapAlloc
GetProcessHeap
CreateFileW
GetFullPathNameW
HeapFree
GetFileAttributesW
SearchPathW
DelayLoadFailureHook
InterlockedCompareExchange
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
GetThreadUILanguage
lstrcmpiW
LoadLibraryW
GetCommandLineW
lstrcmpW
Sleep
GetModuleHandleExW
WriteFile
ExpandEnvironmentStringsW
MoveFileW
DeleteFileW
GetFileAttributesExW
SetFilePointer
OutputDebugStringW
GetLocalTime
FormatMessageW
GetModuleHandleW
CreateFileMappingW
GetFileSizeEx
MapViewOfFile
GetOverlappedResult
CompareFileTime
GetLongPathNameW
LoadResource
FindResourceExW
GetVolumePathNameW
DeleteCriticalSection
WaitForSingleObject
FindClose
GetFileMUIPath
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
VirtualFreeEx
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetFullPathNameA
rpcrt4
RpcBindingCreateW
UuidCreate
RpcBindingSetAuthInfoA
RpcEpResolveBinding
I_RpcSNCHOption
UuidFromStringW
UuidToStringW
RpcExceptionFilter
RpcBindingSetAuthInfoW
RpcSsDestroyClientContext
I_RpcMapWin32Status
I_RpcExceptionFilter
NdrClientCall2
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
RpcBindingSetAuthInfoExA
RpcRaiseException
RpcBindingBind
Exports
Exports
A_SHAFinal
A_SHAInit
A_SHAUpdate
AbortSystemShutdownA
AbortSystemShutdownW
AccessCheck
AccessCheckAndAuditAlarmA
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmA
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmA
AccessCheckByTypeResultListAndAuditAlarmByHandleA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddConditionalAce
AddMandatoryAce
AddUsersToEncryptedFile
AddUsersToEncryptedFileEx
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
AuditComputeEffectivePolicyBySid
AuditComputeEffectivePolicyByToken
AuditEnumerateCategories
AuditEnumeratePerUserPolicy
AuditEnumerateSubCategories
AuditFree
AuditLookupCategoryGuidFromCategoryId
AuditLookupCategoryIdFromCategoryGuid
AuditLookupCategoryNameA
AuditLookupCategoryNameW
AuditLookupSubCategoryNameA
AuditLookupSubCategoryNameW
AuditQueryGlobalSaclA
AuditQueryGlobalSaclW
AuditQueryPerUserPolicy
AuditQuerySecurity
AuditQuerySystemPolicy
AuditSetGlobalSaclA
AuditSetGlobalSaclW
AuditSetPerUserPolicy
AuditSetSecurity
AuditSetSystemPolicy
BackupEventLogA
BackupEventLogW
BuildExplicitAccessWithNameA
BuildExplicitAccessWithNameW
BuildImpersonateExplicitAccessWithNameA
BuildImpersonateExplicitAccessWithNameW
BuildImpersonateTrusteeA
BuildImpersonateTrusteeW
BuildSecurityDescriptorA
BuildSecurityDescriptorW
BuildTrusteeWithNameA
BuildTrusteeWithNameW
BuildTrusteeWithObjectsAndNameA
BuildTrusteeWithObjectsAndNameW
BuildTrusteeWithObjectsAndSidA
BuildTrusteeWithObjectsAndSidW
BuildTrusteeWithSidA
BuildTrusteeWithSidW
CancelOverlappedAccess
ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CheckTokenMembership
ClearEventLogA
ClearEventLogW
CloseCodeAuthzLevel
CloseEncryptedFileRaw
CloseEventLog
CloseServiceHandle
CloseThreadWaitChainSession
CloseTrace
CommandLineFromMsiDescriptor
ComputeAccessTokenFromCodeAuthzLevel
ControlService
ControlServiceExA
ControlServiceExW
ControlTraceA
ControlTraceW
ConvertAccessToSecurityDescriptorA
ConvertAccessToSecurityDescriptorW
ConvertSDToStringSDRootDomainA
ConvertSDToStringSDRootDomainW
ConvertSecurityDescriptorToAccessA
ConvertSecurityDescriptorToAccessNamedA
ConvertSecurityDescriptorToAccessNamedW
ConvertSecurityDescriptorToAccessW
ConvertSecurityDescriptorToStringSecurityDescriptorA
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidA
ConvertSidToStringSidW
ConvertStringSDToSDDomainA
ConvertStringSDToSDDomainW
ConvertStringSDToSDRootDomainA
ConvertStringSDToSDRootDomainW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidA
ConvertStringSidToSidW
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreateCodeAuthzLevel
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessWithLogonW
CreateProcessWithTokenW
CreateRestrictedToken
CreateServiceA
CreateServiceW
CreateTraceInstanceId
CreateWellKnownSid
CredBackupCredentials
CredDeleteA
CredDeleteW
CredEncryptAndMarshalBinaryBlob
CredEnumerateA
CredEnumerateW
CredFindBestCredentialA
CredFindBestCredentialW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialA
CredIsMarshaledCredentialW
CredIsProtectedA
CredIsProtectedW
CredMarshalCredentialA
CredMarshalCredentialW
CredProfileLoaded
CredProfileUnloaded
CredProtectA
CredProtectW
CredReadA
CredReadByTokenHandle
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredRenameA
CredRenameW
CredRestoreCredentials
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredUnprotectA
CredUnprotectW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
CredpConvertCredential
CredpConvertOneCredentialSize
CredpConvertTargetInfo
CredpDecodeCredential
CredpEncodeCredential
CredpEncodeSecret
CryptAcquireContextA
CryptAcquireContextW
CryptContextAddRef
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptDuplicateHash
CryptDuplicateKey
CryptEncrypt
CryptEnumProviderTypesA
CryptEnumProviderTypesW
CryptEnumProvidersA
CryptEnumProvidersW
CryptExportKey
CryptGenKey
CryptGenRandom
CryptGetDefaultProviderA
CryptGetDefaultProviderW
CryptGetHashParam
CryptGetKeyParam
CryptGetProvParam
CryptGetUserKey
CryptHashData
CryptHashSessionKey
CryptImportKey
CryptReleaseContext
CryptSetHashParam
CryptSetKeyParam
CryptSetProvParam
CryptSetProviderA
CryptSetProviderExA
CryptSetProviderExW
CryptSetProviderW
CryptSignHashA
CryptSignHashW
CryptVerifySignatureA
CryptVerifySignatureW
DecryptFileA
DecryptFileW
DeleteAce
DeleteService
DeregisterEventSource
DestroyPrivateObjectSecurity
DuplicateEncryptionInfoFile
DuplicateToken
DuplicateTokenEx
ElfBackupEventLogFileA
ElfBackupEventLogFileW
ElfChangeNotify
ElfClearEventLogFileA
ElfClearEventLogFileW
ElfCloseEventLog
ElfDeregisterEventSource
ElfFlushEventLog
ElfNumberOfRecords
ElfOldestRecord
ElfOpenBackupEventLogA
ElfOpenBackupEventLogW
ElfOpenEventLogA
ElfOpenEventLogW
ElfReadEventLogA
ElfReadEventLogW
ElfRegisterEventSourceA
ElfRegisterEventSourceW
ElfReportEventA
ElfReportEventAndSourceW
ElfReportEventW
EnableTrace
EnableTraceEx
EnableTraceEx2
EncryptFileA
EncryptFileW
EncryptedFileKeyInfo
EncryptionDisable
EnumDependentServicesA
EnumDependentServicesW
EnumServiceGroupW
EnumServicesStatusA
EnumServicesStatusExA
EnumServicesStatusExW
EnumServicesStatusW
EnumerateTraceGuids
EnumerateTraceGuidsEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventAccessControl
EventAccessQuery
EventAccessRemove
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventSetInformation
EventUnregister
EventWrite
EventWriteEndScenario
EventWriteEx
EventWriteStartScenario
EventWriteString
EventWriteTransfer
FileEncryptionStatusA
FileEncryptionStatusW
FindFirstFreeAce
FlushEfsCache
FlushTraceA
FlushTraceW
FreeEncryptedFileKeyInfo
FreeEncryptedFileMetadata
FreeEncryptionCertificateHashList
FreeInheritedFromArray
FreeSid
GetAccessPermissionsForObjectA
GetAccessPermissionsForObjectW
GetAce
GetAclInformation
GetAuditedPermissionsFromAclA
GetAuditedPermissionsFromAclW
GetCurrentHwProfileA
GetCurrentHwProfileW
GetEffectiveRightsFromAclA
GetEffectiveRightsFromAclW
GetEncryptedFileMetadata
GetEventLogInformation
GetExplicitEntriesFromAclA
GetExplicitEntriesFromAclW
GetFileSecurityA
GetFileSecurityW
GetInformationCodeAuthzLevelW
GetInformationCodeAuthzPolicyW
GetInheritanceSourceA
GetInheritanceSourceW
GetKernelObjectSecurity
GetLengthSid
GetLocalManagedApplicationData
GetLocalManagedApplications
GetManagedApplicationCategories
GetManagedApplications
GetMultipleTrusteeA
GetMultipleTrusteeOperationA
GetMultipleTrusteeOperationW
GetMultipleTrusteeW
GetNamedSecurityInfoA
GetNamedSecurityInfoExA
GetNamedSecurityInfoExW
GetNamedSecurityInfoW
GetNumberOfEventLogRecords
GetOldestEventLogRecord
GetOverlappedAccessResults
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSecurityInfo
GetSecurityInfoExA
GetSecurityInfoExW
GetServiceDisplayNameA
GetServiceDisplayNameW
GetServiceKeyNameA
GetServiceKeyNameW
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetThreadWaitChain
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetTrusteeFormA
GetTrusteeFormW
GetTrusteeNameA
GetTrusteeNameW
GetTrusteeTypeA
GetTrusteeTypeW
GetUserNameA
GetUserNameW
GetWindowsAccountDomainSid
I_QueryTagInformation
I_ScGetCurrentGroupStateW
I_ScIsSecurityProcess
I_ScPnPGetServiceName
I_ScQueryServiceConfig
I_ScSendPnPMessage
I_ScSendTSMessage
I_ScSetServiceBitsA
I_ScSetServiceBitsW
I_ScValidatePnPService
IdentifyCodeAuthzLevelW
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
InitiateShutdownA
InitiateShutdownW
InitiateSystemShutdownA
InitiateSystemShutdownExA
InitiateSystemShutdownExW
InitiateSystemShutdownW
InstallApplication
IsTextUnicode
IsTokenRestricted
IsTokenUntrusted
IsValidAcl
IsValidRelativeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
LockServiceDatabase
LogonUserA
LogonUserExA
LogonUserExExW
LogonUserExW
LogonUserW
LookupAccountNameA
LookupAccountNameW
LookupAccountSidA
LookupAccountSidW
LookupPrivilegeDisplayNameA
LookupPrivilegeDisplayNameW
LookupPrivilegeNameA
LookupPrivilegeNameW
LookupPrivilegeValueA
LookupPrivilegeValueW
LookupSecurityDescriptorPartsA
LookupSecurityDescriptorPartsW
LsaAddAccountRights
LsaAddPrivilegesToAccount
LsaClearAuditLog
LsaClose
LsaCreateAccount
LsaCreateSecret
LsaCreateTrustedDomain
LsaCreateTrustedDomainEx
LsaDelete
LsaDeleteTrustedDomain
LsaEnumerateAccountRights
LsaEnumerateAccounts
LsaEnumerateAccountsWithUserRight
LsaEnumeratePrivileges
LsaEnumeratePrivilegesOfAccount
LsaEnumerateTrustedDomains
LsaEnumerateTrustedDomainsEx
LsaFreeMemory
LsaGetQuotasForAccount
LsaGetRemoteUserName
LsaGetSystemAccessAccount
LsaGetUserName
LsaICLookupNames
LsaICLookupNamesWithCreds
LsaICLookupSids
LsaICLookupSidsWithCreds
LsaLookupNames
LsaLookupNames2
LsaLookupPrivilegeDisplayName
LsaLookupPrivilegeName
LsaLookupPrivilegeValue
LsaLookupSids
LsaManageSidNameMapping
LsaNtStatusToWinError
LsaOpenAccount
LsaOpenPolicy
LsaOpenPolicySce
LsaOpenSecret
LsaOpenTrustedDomain
LsaOpenTrustedDomainByName
LsaQueryDomainInformationPolicy
LsaQueryForestTrustInformation
LsaQueryInfoTrustedDomain
LsaQueryInformationPolicy
LsaQuerySecret
LsaQuerySecurityObject
LsaQueryTrustedDomainInfo
LsaQueryTrustedDomainInfoByName
LsaRemoveAccountRights
LsaRemovePrivilegesFromAccount
LsaRetrievePrivateData
LsaSetDomainInformationPolicy
LsaSetForestTrustInformation
LsaSetInformationPolicy
LsaSetInformationTrustedDomain
LsaSetQuotasForAccount
LsaSetSecret
LsaSetSecurityObject
LsaSetSystemAccessAccount
LsaSetTrustedDomainInfoByName
LsaSetTrustedDomainInformation
LsaStorePrivateData
MD4Final
MD4Init
MD4Update
MD5Final
MD5Init
MD5Update
MSChapSrvChangePassword
MSChapSrvChangePassword2
MakeAbsoluteSD
MakeAbsoluteSD2
MakeSelfRelativeSD
MapGenericMask
NotifyBootConfigStatus
NotifyChangeEventLog
NotifyServiceStatusChange
NotifyServiceStatusChangeA
NotifyServiceStatusChangeW
ObjectCloseAuditAlarmA
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmA
ObjectDeleteAuditAlarmW
ObjectOpenAuditAlarmA
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmA
ObjectPrivilegeAuditAlarmW
OpenBackupEventLogA
OpenBackupEventLogW
Sections
.text Size: 458KB - Virtual size: 457KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 142KB - Virtual size: 141KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ