wkernelbase.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
KernelBase.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
KernelBase.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
KernelBase.dll
-
Size
269KB
-
MD5
a52d3d13ff656a2846d1e7ca4e597e57
-
SHA1
95a79908e38a7456c00c1bbe415e4ef13f95e127
-
SHA256
160ef66ca712ffaa274986b829c30741905554c50fd917a14cbc8166baa434a1
-
SHA512
e72526d45f0937794f5b9e4a3fafd5c4c83f325094fe4537a7191c97fe08ff5a0e1cd14f3fa555def8a1ce66a82842675461e4932c14f499894e933858b4496b
-
SSDEEP
6144:JfU3YEUxMZtu3cluZTbbpngjRcwV03M3Cn4pHeXdDs:JfGYEgMZtur1bbpnSRcwV0c3Cn4pHADs
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource KernelBase.dll
Files
-
KernelBase.dll.dll windows:6 windows x86 arch:x86
9546109cd69307bec3e0b0502137da71
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ntdll
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
_vsnwprintf
memset
RtlFreeAnsiString
RtlFreeHeap
RtlAllocateHeap
CsrVerifyRegion
RtlGetNativeSystemInformation
NtQuerySystemInformation
RtlCreateTagHeap
NtQueryInformationProcess
NtSetInformationProcess
NtClose
NtSetInformationFile
NtCreateIoCompletion
NtSetIoCompletion
RtlSetLastWin32Error
SbSelectProcedure
NtRemoveIoCompletion
RtlDeactivateActivationContextUnsafeFast
NtRemoveIoCompletionEx
RtlActivateActivationContextUnsafeFast
NtCreateNamedPipeFile
NtOpenFile
NtWaitForSingleObject
NtFsControlFile
NtCreateEvent
NtQueryInformationFile
_allmul
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlDefaultNpAcl
RtlDosPathNameToNtPathName_U
RtlAppendUnicodeStringToString
_wcsnicmp
RtlPrefixString
RtlInitUnicodeString
RtlFreeUnicodeString
RtlDetermineDosPathNameType_U
RtlCreateUnicodeString
memcpy
NtDeviceIoControlFile
NtCreateFile
RtlTimeToTimeFields
RtlTimeFieldsToTime
RtlAcquirePrivilege
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlCutoverTimeToSystemTime
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleasePrivilege
NtSetSystemTime
RtlUnicodeStringToInteger
wcschr
wcscpy_s
RtlpCheckDynamicTimeZoneInformation
_stricmp
_wcsicmp
RtlDeregisterWaitEx
RtlCreateTimerQueue
NtDelayExecution
RtlCreateTimer
RtlUpdateTimer
RtlDeleteTimer
RtlDeleteTimerQueueEx
RtlRegisterWait
wcsrchr
NtQueryValueKey
NtOpenKey
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlxOemStringToUnicodeSize
NlsMbOemCodePageTag
RtlxUnicodeStringToOemSize
RtlxUnicodeStringToAnsiSize
LdrEnumerateLoadedModules
NtAllocateVirtualMemory
_alloca_probe
RtlReleasePebLock
RtlQueryEnvironmentVariable
RtlAcquirePebLock
wcsncmp
RtlUnicodeStringToOemString
RtlOemStringToUnicodeString
RtlRaiseException
NtDuplicateObject
NtQueryObject
NtSetInformationObject
NtQueryVolumeInformationFile
NtLockFile
NtUnlockFile
RtlNtStatusToDosError
NtReadFile
NtWriteFile
NtCancelIoFileEx
NtReadFileScatter
NtWriteFileGather
RtlWow64EnableFsRedirectionEx
memmove
NtFlushBuffersFile
NtCreateSection
NtOpenSection
NtMapViewOfSection
NtFlushVirtualMemory
RtlFlushSecureMemoryCache
NtUnmapViewOfSection
NtReadVirtualMemory
NtFlushInstructionCache
NtWriteVirtualMemory
NtProtectVirtualMemory
NtFreeVirtualMemory
NtQueryVirtualMemory
NtQuerySystemInformationEx
RtlGetCurrentProcessorNumberEx
NtOpenProcess
RtlExitUserProcess
NtTerminateProcess
RtlReportSilentProcessExit
NtRaiseHardError
RtlRaiseStatus
RtlInitUnicodeStringEx
RtlQueryEnvironmentVariable_U
strchr
RtlInitAnsiStringEx
RtlUpcaseUnicodeChar
RtlEqualUnicodeString
RtlCompareMemory
NtQueryDirectoryObject
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtOpenDirectoryObject
RtlSetEnvironmentStrings
RtlSetEnvironmentVariable
RtlSetEnvironmentVar
RtlExpandEnvironmentStrings
RtlUnicodeToOemN
RtlUnicodeToMultiByteSize
RtlExpandEnvironmentStrings_U
RtlInitializeCriticalSectionAndSpinCount
RtlInitializeCriticalSectionEx
NtSetEvent
NtClearEvent
NtPulseEvent
NtCreateSemaphore
NtReleaseSemaphore
NtCreateMutant
NtReleaseMutant
NtCreateTimer
NtSetTimerEx
NtCancelTimer
NtOpenEvent
NtOpenSemaphore
NtOpenMutant
NtWaitForMultipleObjects
NtOpenTimer
RtlExitUserThread
LdrUnloadAlternateResourceModule
LdrRemoveLoadAsDataTable
RtlImageNtHeader
LdrUnloadDll
LdrDisableThreadCalloutsForDll
LdrUnlockLoaderLock
LdrLockLoaderLock
LdrGetDllHandle
LdrAddRefDll
RtlComputePrivatizedDllName_U
RtlPcToFileHeader
LdrGetProcedureAddress
RtlInitString
NtQueryAttributesFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlGetVersion
LdrAccessResource
RtlReAllocateHeap
LdrAddLoadAsDataTable
RtlGetActiveActivationContext
LdrWx86FormatVirtualImage
NtQuerySection
LdrGetDllHandleByMapping
RtlImageNtHeaderEx
RtlDosSearchPath_Ustr
LdrGetDllHandleByName
RtlDosApplyFileIsolationRedirection_Ustr
LdrLoadDll
LdrFindResource_U
RtlFreeSid
RtlSetSaclSecurityDescriptor
RtlAddMandatoryAce
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
DbgPrint
NtOpenThread
NtSetInformationThread
NtQueryInformationThread
NtTerminateThread
TpCheckTerminateWorker
RtlCaptureStackBackTrace
NtSuspendThread
NtResumeThread
RtlClearBits
RtlAreBitsSet
NtQueueApcThread
ord8
RtlQueryInformationActivationContext
RtlFlsAlloc
RtlProcessFlsData
RtlFlsFree
NtYieldExecution
RtlFreeActivationContextStack
RtlReleaseActivationContext
RtlActivateActivationContextEx
RtlAllocateActivationContextStack
NtCreateThreadEx
TpCaptureCaller
RtlFindClearBitsAndSet
RtlFormatMessageEx
RtlInitAnsiString
RtlFindMessage
RtlLoadString
RtlUnicodeToMultiByteN
RtlUnlockHeap
RtlFreeHandle
RtlIsValidHandle
RtlLockHeap
RtlSetUserValueHeap
RtlAllocateHandle
_aulldiv
RtlCreateHeap
RtlDestroyHeap
RtlQueryHeapInformation
RtlValidateHeap
RtlGetProcessHeaps
RtlCompactHeap
RtlWalkHeap
RtlSetHeapInformation
RtlInitializeHandleTable
RtlIsDosDeviceName_U
RtlAnsiCharToUnicodeChar
RtlIntegerToChar
wcsncpy_s
RtlGetCurrentDirectory_U
RtlSetThreadErrorMode
toupper
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtQueryFullAttributesFile
NtNotifyChangeDirectoryFile
NtQueryDirectoryFile
RtlGetFullPathName_UEx
RtlSetCurrentDirectory_U
ord1
NtQueryEaFile
NtIsProcessInJob
NtDuplicateToken
NtAllocateLocallyUniqueId
NtAccessCheck
NtAccessCheckByType
NtAccessCheckByTypeResultList
NtOpenProcessToken
NtOpenThreadToken
NtQueryInformationToken
NtSetInformationToken
NtAdjustPrivilegesToken
NtAdjustGroupsToken
NtPrivilegeCheck
NtAccessCheckAndAuditAlarm
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtOpenObjectAuditAlarm
NtPrivilegeObjectAuditAlarm
NtCloseObjectAuditAlarm
NtDeleteObjectAuditAlarm
NtPrivilegedServiceAuditAlarm
RtlValidSid
RtlEqualSid
RtlEqualPrefixSid
RtlLengthRequiredSid
RtlInitializeSid
RtlIdentifierAuthoritySid
RtlSubAuthoritySid
RtlSubAuthorityCountSid
RtlCopySid
RtlAreAllAccessesGranted
RtlAreAnyAccessesGranted
RtlMapGenericMask
RtlValidAcl
RtlQueryInformationAcl
RtlSetInformationAcl
RtlAddAce
RtlDeleteAce
RtlGetAce
RtlAddAccessAllowedAceEx
RtlAddAccessDeniedAce
RtlAddAccessDeniedAceEx
RtlAddAuditAccessAce
RtlAddAuditAccessAceEx
RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedObjectAce
RtlAddAuditAccessObjectAce
RtlFirstFreeAce
RtlValidSecurityDescriptor
RtlValidRelativeSecurityDescriptor
RtlLengthSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlSetControlSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlNewSecurityObject
RtlConvertToAutoInheritSecurityObject
RtlNewSecurityObjectEx
RtlNewSecurityObjectWithMultipleInheritance
RtlSetSecurityObject
RtlSetSecurityObjectEx
RtlQuerySecurityObject
RtlDeleteSecurityObject
RtlAbsoluteToSelfRelativeSD
RtlSelfRelativeToAbsoluteSD
NtSetSecurityObject
NtQuerySecurityObject
RtlImpersonateSelf
NtImpersonateAnonymousToken
NtFilterToken
RtlSelfRelativeToAbsoluteSD2
RtlGetSecurityDescriptorRMControl
RtlSetSecurityDescriptorRMControl
CsrClientConnectToServer
RtlUnhandledExceptionFilter
RtlGetLocaleFileMappingAddress
NtGetNlsSectionPtr
RtlNormalizeString
NtSetValueKey
RtlOpenCurrentUser
wcspbrk
RtlLcidToLocaleName
EtwEventUnregister
EtwEventEnabled
EtwEventRegister
NtSetDefaultLocale
RtlLocaleNameToLcid
NtEnumerateValueKey
RtlpMuiFreeLangRegistryInfo
RtlCultureNameToLCID
qsort
RtlpIsQualifiedLanguage
RtlpGetLCIDFromLangInfoNode
RtlpGetNameFromLangInfoNode
NtQueryInstallUILanguage
RtlLCIDToCultureName
RtlpLoadUserUIByPolicy
RtlpLoadMachineUIByPolicy
RtlpCreateProcessRegistryInfo
RtlpInitializeLangRegistryInfo
LdrFindResourceEx_U
RtlGetFileMUIPath
RtlGetUILanguageInfo
RtlpGetSystemDefaultUILanguage
RtlGetThreadPreferredUILanguages
RtlGetProcessPreferredUILanguages
RtlpQueryDefaultUILanguage
RtlGetSystemPreferredUILanguages
RtlGetUserPreferredUILanguages
NtCreateKey
NtDeleteKey
NtEnumerateKey
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
RtlCopyUnicodeString
EtwEventWrite
NtQueryDefaultLocale
NtNotifyChangeKey
swprintf_s
RtlUTF8ToUnicodeN
RtlUnicodeToUTF8N
NtDeleteValueKey
RtlUnwind
DbgPrintEx
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
TpAllocPool
TpSetPoolMinThreads
TpSetPoolStackInformation
TpQueryPoolStackInformation
TpAllocCleanupGroup
TpSimpleTryPost
TpAllocWork
TpAllocTimer
TpAllocWait
TpAllocIoCompletion
TpCallbackMayRunLong
NtQueryMultipleValueKey
Exports
Exports
AccessCheck
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AcquireSRWLockExclusive
AcquireSRWLockShared
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddDllDirectory
AddMandatoryAce
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
AreFileApisANSI
BaseDllFreeResourceId
BaseDllMapResourceIdW
BaseGetProcessDllPath
BaseGetProcessExePath
BaseInvalidateDllSearchPathCache
BaseInvalidateProcessSearchPathCache
BaseReleaseProcessDllPath
BaseReleaseProcessExePath
Beep
BemCopyReference
BemCreateContractFrom
BemCreateReference
BemFreeContract
BemFreeReference
CallbackMayRunLong
CancelIoEx
CancelThreadpoolIo
CancelWaitableTimer
ChangeTimerQueueTimer
CheckGroupPolicyEnabled
CheckTokenMembership
CloseHandle
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ConvertDefaultLocale
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFileA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeW
CreatePipe
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateRemoteThread
CreateRemoteThreadEx
CreateRestrictedToken
CreateSemaphoreExW
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateWaitableTimerExW
CreateWellKnownSid
DebugBreak
DecodePointer
DecodeSystemPointer
DefineDosDeviceW
DeleteAce
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointW
DestroyPrivateObjectSecurity
DeviceIoControl
DisableThreadLibraryCalls
DisassociateCurrentThreadFromCallback
DisconnectNamedPipe
DuplicateHandle
DuplicateToken
DuplicateTokenEx
EncodePointer
EncodeSystemPointer
EnterCriticalSection
EnumCalendarInfoExEx
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsExEx
EnumDateFormatsExW
EnumDateFormatsW
EnumLanguageGroupLocalesW
EnumSystemCodePagesW
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumTimeFormatsEx
EnumTimeFormatsW
EnumUILanguagesW
EqualDomainSid
EqualPrefixSid
EqualSid
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FatalAppExitA
FatalAppExitW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstFreeAce
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeW
FindResourceExW
FindStringOrdinal
FindVolumeClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringW
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeResource
FreeSid
GetACP
GetAce
GetAclInformation
GetCPFileNameFromRegistry
GetCPHashNode
GetCPInfo
GetCPInfoExW
GetCalendar
GetCalendarInfoEx
GetCalendarInfoW
GetCommandLineA
GetCommandLineW
GetComputerNameExA
GetComputerNameExW
GetCurrencyFormatEx
GetCurrencyFormatW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStrings
GetEnvironmentStringsA
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetEraNameCountedString
GetErrorMode
GetExitCodeProcess
GetExitCodeThread
GetFallbackDisplayName
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileMUIInfo
GetFileMUIPath
GetFileSecurityW
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetHandleInformation
GetKernelObjectSecurity
GetLastError
GetLengthSid
GetLocalTime
GetLocaleInfoA
GetLocaleInfoEx
GetLocaleInfoHelper
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameA
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNLSVersion
GetNLSVersionEx
GetNamedLocaleHashNode
GetNamedPipeAttribute
GetNamedPipeClientComputerNameW
GetNumberFormatEx
GetNumberFormatW
GetOEMCP
GetOverlappedResult
GetPriorityClass
GetPrivateObjectSecurity
GetProcAddress
GetProcessHeap
GetProcessHeaps
GetProcessId
GetProcessIdOfThread
GetProcessPreferredUILanguages
GetProcessTimes
GetProcessVersion
GetPtrCalData
GetPtrCalDataArray
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetShortPathNameW
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetStartupInfoW
GetStdHandle
GetStringTableEntry
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultLocaleName
GetSystemDefaultUILanguage
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemPreferredUILanguages
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetTempFileNameW
GetThreadId
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadPriority
GetThreadPriorityBoost
GetThreadUILanguage
GetTickCount
GetTickCount64
GetTimeZoneInformation
GetTimeZoneInformationForYear
GetTokenInformation
GetUILanguageInfo
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultLocaleName
GetUserDefaultUILanguage
GetUserInfo
GetUserInfoWord
GetUserPreferredUILanguages
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationByHandleW
GetVolumeInformationW
GetVolumePathNameW
GetWindowsAccountDomainSid
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalMemoryStatusEx
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapQueryInformation
HeapReAlloc
HeapSetInformation
HeapSize
HeapSummary
HeapUnlock
HeapValidate
HeapWalk
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InitializeSecurityDescriptor
InitializeSid
InterlockedCompareExchange
InterlockedCompareExchange64
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedFlushSList
InterlockedIncrement
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedPushListSList
InternalLcidToName
Internal_EnumCalendarInfo
Internal_EnumDateFormats
Internal_EnumLanguageGroupLocales
Internal_EnumSystemCodePages
Internal_EnumSystemLanguageGroups
Internal_EnumSystemLocales
Internal_EnumTimeFormats
Internal_EnumUILanguages
InvalidateTzSpecificCache
IsDBCSLeadByte
IsDBCSLeadByteEx
IsDebuggerPresent
IsNLSDefinedString
IsProcessInJob
IsThreadpoolTimerSet
IsTokenRestricted
IsValidAcl
IsValidCodePage
IsValidLanguageGroup
IsValidLocale
IsValidLocaleName
IsValidRelativeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
IsWow64Process
KernelBaseGetGlobalData
LCIDToLocaleName
LCMapStringA
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LeaveCriticalSectionWhenCallbackReturns
LoadLibraryExA
LoadLibraryExW
LoadResource
LoadStringA
LoadStringBaseExW
LoadStringByReference
LoadStringW
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalLock
LocalReAlloc
LocalUnlock
LocaleNameToLCID
LockFile
LockFileEx
LockResource
MakeAbsoluteSD
MakeAbsoluteSD2
MakeSelfRelativeSD
MapGenericMask
MapViewOfFile
MapViewOfFileEx
MapViewOfFileExNuma
MultiByteToWideChar
NeedCurrentDirectoryForExePathA
NeedCurrentDirectoryForExePathW
NlsCheckPolicy
NlsDispatchAnsiEnumProc
NlsEventDataDescCreate
NlsGetACPFromLocale
NlsGetCacheUpdateCount
NlsIsUserDefaultLocale
NlsUpdateLocale
NlsUpdateSystemLocale
NlsValidateLocale
NlsWriteEtwEvent
NotifyMountMgr
NotifyRedirectedStringChange
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmW
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmW
OpenEventA
OpenEventW
OpenFileMappingW
OpenMutexW
OpenProcess
OpenProcessToken
OpenRegKey
OpenSemaphoreW
OpenThread
OpenThreadToken
OpenWaitableTimerW
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
PrivilegeCheck
PrivilegedServiceAuditAlarmW
ProcessIdToSessionId
PulseEvent
QueryDepthSList
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryProcessAffinityUpdateMode
QuerySecurityAccessMask
QueryThreadpoolStackInformation
QueueUserAPC
RaiseException
ReadFile
ReadFileEx
ReadFileScatter
ReadProcessMemory
RegisterWaitForSingleObjectEx
ReleaseMutex
ReleaseMutexWhenCallbackReturns
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
Sections
.text Size: 255KB - Virtual size: 254KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ