TpmCoreProvisioning[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

TpmCoreProvisioning.dll
Size

1.0MB
MD5

c11209bd7401e43873a4bbad7f7fd6bf
SHA1

d0d4d53182a916d8fb9d46fb272f9d950e8ed943
SHA256

a83aad0905df32611f1c3036ff41bafb44f35cf7a6e5905c05edd88f26640882
SHA512

f41269044f44441d39dd49f20e12905b2f55946f6dba67f7542e2b97f433661c17568e457eaba02ec71262cda01d1f20f3f7e8697d98ae5176e24ff4d94e3edb
SSDEEP

24576:M0VYWhvhUp6EpD0NquigXnXfjsQv6DV43bhEp8W:MWhvNNqDgXX7eDVY1Ep8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TpmCoreProvisioning.dll

Files

TpmCoreProvisioning.dll
.dll windows:10 windows x86 arch:x86

8eba5c9bbbff00ce8c8901a4a990a1d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

TpmCoreProvisioning.pdb

Imports

msvcp_win

?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
?_Xbad_alloc@std@@YAXXZ
??Bid@locale@std@@QAEIXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?widen@?$ctype@G@std@@QBEGD@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__fseeki64
_o__get_stream_buffer_pointers
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime32
_o__lock_file
_o__mktime32
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__unlock_file
_o__wcsicmp
_o__wcsnicmp
_o_btowc
_o_ceil
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fputc
_o_fread
_o_free
_o_fsetpos
_o_fwrite
_o_malloc
_o_mbstowcs_s
_o_memcpy_s
_o_setvbuf
_o_strtoul
_o_terminate
_o_ungetc
_o_wcsftime
_o_wcsncpy_s
_o_wcstok_s
_o_wcstombs
_o_wcstoul
_o_wmemcpy_s
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

ntdll

NtQueryWnfStateData
RtlCompareMemory
RtlGetPersistedStateLocation
RtlPublishWnfStateData
ZwQueryValueKey
RtlInitUnicodeString
NtClose
ZwOpenKey
RtlNtStatusToDosError

crypt32

CertFindExtension
CryptStringToBinaryW
CryptImportPublicKeyInfoEx2
CertCreateCertificateContext
CertFreeCertificateContext
CertCreateCertificateChainEngine
CertCloseStore
CertFreeCertificateChain
CertGetNameStringW
CryptDecodeObject
CertGetCertificateChain
CertAddEncodedCertificateToStore
CertDeleteCertificateFromStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CryptBinaryToStringW
CryptBinaryToStringA
CertFreeCertificateChainEngine

ncrypt

BCryptDecrypt
BCryptVerifySignature
BCryptGenerateSymmetricKey
NCryptSignHash
NCryptCreateClaim
NCryptDecrypt
BCryptGenRandom
BCryptSetProperty
NCryptImportKey
NCryptDeleteKey
NCryptSetProperty
NCryptCreatePersistedKey
NCryptGetProperty
NCryptExportKey
NCryptFinalizeKey
NCryptOpenStorageProvider
NCryptOpenKey
NCryptFreeObject
NCryptEncrypt

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExW
LoadLibraryExW
LoadResource
GetProcAddress
GetModuleHandleExA
GetModuleHandleW
FreeLibrary
SizeofResource
LockResource

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateSemaphoreExW
InitializeCriticalSection
SetEvent
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
EnterCriticalSection
AcquireSRWLockShared
CreateEventExW
WaitForSingleObject
CreateMutexW
DeleteCriticalSection
WaitForMultipleObjectsEx
ReleaseMutex
CreateMutexExW
CreateEventW
WaitForSingleObjectEx
OpenSemaphoreW
OpenEventW
OpenMutexW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSize
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThread
OpenThreadToken
SetThreadToken
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegDeleteKeyExW
RegCreateKeyExW
RegCloseKey
RegFlushKey
RegGetValueW
RegQueryValueExW
RegDeleteValueW

api-ms-win-security-base-l1-1-0

IsValidSecurityDescriptor
GetSecurityDescriptorLength
RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoGetApartmentType
CoWaitForMultipleHandles
CoUninitialize
CoTaskMemFree

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory
RoInitialize

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetSystemTime
GetSystemDirectoryW
GetLocalTime
GetSystemWindowsDirectoryW
GetTickCount

winhttp

WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpConnect
WinHttpReadData
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpAddRequestHeaders

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

oleaut32

VariantInit
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile
FindNextFileW
CreateDirectoryW
WriteFile
FindFirstFileExW
FindClose

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-file-l2-1-0

CopyFile2

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

devobj

DevObjGetClassDevs
DevObjCreateDeviceInfoList
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail

umpdc

Pdcv2ActivationClientUnregister
Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientActivate
Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientRegister

api-ms-win-core-kernel32-legacy-l1-1-1

GetFirmwareType

Exports

Exports

DllCanUnloadNow
Tpm20CanClearUsingAuthPolicy
Tpm20ClearUsingAuthPolicy
Tpm20GetCompleteManufacturerVersion
Tpm20GetResetResumeCount
Tpm20IsResetLockoutCountNeeded
Tpm20ResetLockoutCountIfNeeded
Tpm2CreateWindowsNvBits
Tpm2ReadWindowsNvBit
Tpm2SetWindowsNvBit
TpmAddBlockedCommand
TpmCertCheckEkCertMatchedEkPub
TpmCertDeleteHealthCert
TpmCertDeleteHealthEndpoint
TpmCertGetCurrentProtocolVersion
TpmCertGetEkCertFromWeb
TpmCertGetFormattedHASUrl
TpmCertGetFormattedUrl
TpmCertGetFwLinkId
TpmCertGetHASProtocolVersion
TpmCertGetHealthCert
TpmCertGetHealthCertFromWeb
TpmCertGetHealthCorrelationId
TpmCertGetHealthEndpoint
TpmCertGetHealthForceRetrieve
TpmCertGetHealthStatusCode
TpmCertGetHealthStatusRequestBlob
TpmCertGetIsActiveZeroExhaust
TpmCertGetMaximumSupportedProtocolVersion
TpmCertGetPreferredMaximumProtocolVersion
TpmCertGetTpmManufacturerId
TpmCertGetWindowsAik
TpmCertInstallEkCertInRegistry
TpmCertInstallNvEkCerts
TpmCertIsHealthCertOnBootEnabled
TpmCertParseHealthResponse
TpmCertPostHealthXmlData
TpmCertQueryEkPub
TpmCertSetEkAttestationOverride
TpmCertSetHealthEndpoint
TpmCertSetHealthForceRetrieve
TpmCertSetHealthStatusCode
TpmCertSetPreferredMaximumProtocolVersion
TpmCertVerifyHealthCertFromWeb
TpmChangeOwnerAuth
TpmCheckCreateWindowsAIK
TpmCheckIFXRSAKeyGenVulnerability
TpmClear
TpmClearUsingPhysicalPresence
TpmClearWithPolicyOrPPI
TpmConvertToOwnerAuth
TpmCreateEndorsementKeyPair
TpmCreateHealthAttestationClaim
TpmCreateHealthStatusClaim
TpmDeleteOwnerAuth
TpmDisable
TpmDisableAutoProvisioning
TpmEKCertValidateAndCleanup
TpmEnable
TpmEnableAutoProvisioning
TpmEnrollWindowsAikCertificate
TpmFetchEkCertificate
TpmGatherLogs
TpmGatherTpmData
TpmGetCapLockoutInfo
TpmGetDeviceInformation
TpmGetDictionaryAttackParameters
TpmGetEffectiveGroupPolicyOwnerAuthLevel
TpmGetEndorsementKeyCertificateState
TpmGetHealthCertRequest
TpmGetOrderlyShutdownInfo
TpmGetOwnerAuth
TpmGetOwnerAuthForEscrow
TpmGetOwnerAuthStatus
TpmGetOwnershipAuthBits
TpmGetPPIVersion
TpmGetPhysicalPresenceConfirmationStatus
TpmGetPhysicalPresenceRequest
TpmGetPhysicalPresenceResponse
TpmGetPhysicalPresenceTransition
TpmGetPssSalt
TpmGetRandomAuthValue
TpmGetSignedEKFromVendorCommand
TpmGetSrkADThumbprint
TpmGetSrkPublicKeyModulus
TpmGetTaskCompletionStatus
TpmGetTcgLog
TpmGetTpmVersion
TpmGetVerificationRequest
TpmGet_IsPpiVersion12
TpmGet_IsTpmPresent
TpmGet_IsTpmVersion20
TpmGet_ManufacturerId
TpmGet_ManufacturerVersion
TpmGet_ManufacturerVersionInfo
TpmGet_PhysicalPresenceVersionInfo
TpmGet_SpecVersion
TpmGet_TpmVersionInfo
TpmHasVulnerableFW
TpmHealthCertGetAndVerify
TpmImportOwnerAuth
TpmIsActivated
TpmIsAutoProvisioningEnabled
TpmIsAutoProvisioningEnabledEx
TpmIsCommandBlocked
TpmIsCommandPresent
TpmIsEnabled
TpmIsEndorsementKeyPairPresent
TpmIsFIPS
TpmIsKeyAttestationCapable
TpmIsLockedOut
TpmIsOwned
TpmIsOwnerClearDisabled
TpmIsOwnershipAllowed
TpmIsPhysicalClearDisabled
TpmIsPhysicalPresenceHardwareEnabled
TpmIsReady
TpmIsReadyInformation
TpmIsSrkAuthCompatible
TpmIsUseLegacyDictionaryAttackParametersPolicySet
TpmManufacturerId_From_TpmVersionInfo
TpmManufacturerVersionInfo_From_TpmVersionInfo
TpmManufacturerVersion_From_TpmVersionInfo
TpmOwnerAuthEscrowed
TpmPrepForNgc
TpmProvision
TpmRemoveBlockedCommand
TpmRemoveRegisteredWindowsAIK
TpmResetAuthLockOut
TpmResetSrkAuth
TpmRetrieveEkCertOrReschedule
TpmRetrieveEkCertificate
TpmRetrieveEkCertificateURL
TpmRetrieveHealthCertOrReschedule
TpmRetrieveHealthCertificate
TpmSelfTest
TpmSetDictionaryAttackParameters
TpmSetInstance
TpmSetPhysicalPresenceRequest
TpmSetPhysicalPresenceRequestEx
TpmSetToLegacyDictionaryAttackParameters
TpmSpecVersion_From_TpmVersionInfo
TpmTakeOwnership
TpmUnattendedSetup
TpmVerifyDeviceHealth
TpmWriteInformationSnapshotFile

Sections

.text
Size: 967KB - Virtual size: 966KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8eba5c9bbbff00ce8c8901a4a990a1d8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

crypt32

ncrypt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

rpcrt4

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

winhttp

api-ms-win-core-timezone-l1-1-0

oleaut32

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-io-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

devobj

umpdc

api-ms-win-core-kernel32-legacy-l1-1-1

Exports

Exports

Sections

.text Size: 967KB - Virtual size: 966KB

.data Size: 5KB - Virtual size: 7KB

.idata Size: 15KB - Virtual size: 15KB

.didat Size: 512B - Virtual size: 220B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 967KB - Virtual size: 966KB

.data
Size: 5KB - Virtual size: 7KB

.idata
Size: 15KB - Virtual size: 15KB

.didat
Size: 512B - Virtual size: 220B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 38KB - Virtual size: 37KB