WsmWmiPl[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

WsmWmiPl.dll
Size

230KB
MD5

ed366d5a56e42e7d2ddeaa80a8da835b
SHA1

47132424568c7b2a5ea345a6b006c6ee1d46725d
SHA256

eae23098a5494343cf3846d34345565464b594d90f978831edb8f509fd09c82a
SHA512

75e46652cb289812c15107b84998585756385c8b695d45360178ed0a73c0fa16f7f5a6e8b8c9bf0729871c7b133927b74e657021c90abae6ef6fe593be19476f
SSDEEP

3072:0x86sPNfaClsiWcaDwuqo3E3v515p9ImoExPRFRrJQICkyFk07bHQilHjyx+xi44:0e0cR3vL/9ImoStqImO07bwQHj4+xJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WsmWmiPl.dll

Files

WsmWmiPl.dll
.dll windows:6 windows x86 arch:x86

e5ff238ab53ad46096471c45dfee8c12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WsmWmiPl.pdb

Imports

msvcrt

_except_handler4_common
iswalnum
??1type_info@@UAE@XZ
_initterm
malloc
free
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
memcpy_s
??0exception@@QAE@ABV0@@Z
iswalpha
_errno
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
wcstoul
iswspace
wcstok_s
_HUGE
wcsncmp
_fpclass
wcsstr
towlower
iswdigit
_vsnwprintf
_itow
_wtoi
wcschr
_ultow
_wcslwr
_purecall
wcsrchr
_wcsicmp
_wcsicoll
wcscpy_s
wcstod
memmove_s
_ftol2
memset

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
TraceMessage

api-ms-win-core-synch-l1-2-0

Sleep
ResetEvent
CreateEventW
SetEvent
WaitForSingleObject
WaitForMultipleObjectsEx

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

oleaut32

GetErrorInfo
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetDim
VariantCopy
VarCmp
SysAllocString
VariantClear
VariantInit
SysStringLen
SysFreeString

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
CreateThread
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

miutils

_IsLifeCycleIndicationQuery@12
RtlInitializeCachedFastLock
??1WMISchema@@UAE@XZ
MI_Hash
RtlDeleteCachedFastLock
_WMIEventToCIMIndication@12
RtlTryAcquireCachedFastLockShared
RtlReleaseCachedFastLockShared
RtlQueueAcquireCachedFastLockExclusive
RtlReleaseCachedFastLockExclusive
RtlQueueAcquireCachedFastLockShared
?GetNoneCachedWmiClass@WMISchema@@UAGJPBGPAUIWbemServices@@AAV?$CComPtr@UIWbemClassObject@@@ATL@@PAUIConversionContext@@@Z
RtlInterlockedWakeAll
RtlInterlockedCompareWait
??0WMISchema@@QAE@XZ

wsmsvc

??1?$AutoRelease@UIWbemQuery@@@@QAE@XZ
??0?$AutoRelease@UIWbemQuery@@@@QAE@PAUIWbemQuery@@@Z
FwXmlIsSimpleContentOrEmpty
WSManDeliverEndSubscriptionNotification
WSManDeliverEvent
WSManClosePublisherHandle
??0?$AutoRelease@UIEnumWbemClassObject@@@@QAE@PAUIEnumWbemClassObject@@@Z
WSManCloseObjectHandle
WSManEnumeratorAddEvent
?StringCchEndsWithCI@@YGHPBG0@Z
?StringTrimWhitespace@@YGPAGPAG@Z
?ParseHeaders@CWSManResourceNoResourceUri@@QAEHPAVIRequestContext@@PAU_FWXML_ELEMENT@@11@Z
??1CWSManResourceNoResourceUri@@UAE@XZ
??0CWSManResourceNoResourceUri@@QAE@H@Z
WSManPluginInteractiveCallback
?CreateAnEvent@SoapSemanticConverter@@QAEKKPAVSemanticMessage@@AAVBufferFormatter@@PAVIRequestContext@@@Z
??1SoapSemanticConverter@@QAE@XZ
??0SoapSemanticConverter@@QAE@XZ
?DuplicateCurrentToken@CSecurity@@SGHPAPAXKPAU_SECURITY_ATTRIBUTES@@W4_SECURITY_IMPERSONATION_LEVEL@@W4_TOKEN_TYPE@@H@Z
?ImpersonateUserOrSelf@CSecurity@@SGHW4CallSiteId@@PAX@Z
??1?$AutoDelete@VIQueryDASHSMASHInterface@@@@QAE@XZ
??1?$AutoDelete@VISpecification@@@@QAE@XZ
??0?$AutoDelete@VIQueryDASHSMASHInterface@@@@QAE@XZ
?AppendXmlEndElemWithPrefix@TSTRBUFFER@@QAEJPBG0@Z
??4?$AutoDelete@VIQueryDASHSMASHInterface@@@@QAEAAV0@PAVIQueryDASHSMASHInterface@@@Z
??0?$AutoDelete@VISpecification@@@@QAE@XZ
??0?$AutoDelete@VISpecification@@@@QAE@PAVISpecification@@@Z
??4?$AutoDelete@VISpecification@@@@QAEAAV0@PAVISpecification@@@Z
?Free@WSManMemory@@SGXPAXH@Z
?Alloc@WSManMemory@@SGPAXIHW4_NitsFaultMode@@@Z
WSManPluginObjectResult
?WSManError@@YGXPBGK0KPAVIRequestContext@@@Z
??1CErrorContext@@UAE@XZ
??0CErrorContext@@QAE@_N@Z
?CompleteWithErrorContext@CRequestContext@@QAEXPAU_WSMAN_PLUGIN_REQUEST@@@Z
??1CRequestContext@@UAE@XZ
??0CRequestContext@@QAE@XZ
??1CWSManCriticalSection@@QAE@XZ
WSManPluginOperationComplete
??0?$AutoDelete@VWmiEnumContext@@@@QAE@XZ
??1?$AutoDelete@VWmiEnumContext@@@@QAE@XZ
??1TSTRBUFFER@@QAE@XZ
??1?$AutoRelease@UIWbemServices@@@@QAE@XZ
??1?$AutoDeleteVector@G@@QAE@XZ
?GetWsmanData@TSTRBUFFER@@QAEXPAU_WSMAN_DATA@@@Z
?Reset@TSTRBUFFER@@QAEXXZ
??0TSTRBUFFER@@QAE@XZ
?Reset@BufferFormatter@@UAEXXZ
??1BufferFormatter@@UAE@XZ
??0BufferFormatter@@QAE@XZ
?GetErrorCode@CErrorContext@@UBEKXZ
?Acquire@CWSManCriticalSection@@QAEXXZ
?Release@CWSManCriticalSection@@QAEXXZ
??0CWSManCriticalSection@@QAE@XZ
?IsValid@CWSManCriticalSection@@QBEHXZ
??0AutoHandle@@QAE@PAX@Z
?GetToken@CSecurity@@SGPAXXZ
??0AutoLocalFree@@QAE@XZ
?ExtractSidFromToken@CSecurity@@SGHPAVIRequestContext@@PAXAAVAutoLocalFree@@@Z
??0AutoBstr@@QAE@PAG@Z
??4AutoBstr@@QAEAAV0@PAG@Z
?AllocBstr@WSManMemory@@SGPAGPBGHH@Z
?WrapperCoSetProxyBlanket@@YGJPAUIUnknown@@KKPAGKKPAXKW4BehaviourForNoInterfaceError@@@Z
??0?$AutoRelease@UIClientSecurity@@@@QAE@XZ
??0?$AutoRelease@UIWbemLocator@@@@QAE@XZ
??4?$AutoRelease@UIWbemServices@@@@QAEAAV0@PAUIWbemServices@@@Z
??0?$AutoRelease@UIWbemServices@@@@QAE@PAUIWbemServices@@@Z
??0?$AutoRelease@UIWbemServices@@@@QAE@XZ
??4?$AutoDeleteVector@G@@QAEAAV0@PAG@Z
??0?$AutoDeleteVector@G@@QAE@XZ
??1?$AutoRelease@UIClientSecurity@@@@QAE@XZ
??1?$AutoRelease@UIWbemLocator@@@@QAE@XZ
??1AutoBstr@@QAE@XZ
??1AutoLocalFree@@QAE@XZ
??1AutoHandle@@QAE@XZ
??0AutoBstr@@QAE@XZ
?StringCchEqualsCI@@YGHPBG0@Z
??0?$AutoRelease@VGeneralSinkEx@@@@QAE@PAVGeneralSinkEx@@@Z
??0?$AutoDelete@VTSTRBUFFER@@@@QAE@PAVTSTRBUFFER@@@Z
??4?$AutoRelease@UIWbemClassObject@@@@QAEAAV0@PAUIWbemClassObject@@@Z
??0?$AutoRelease@UIWbemClassObject@@@@QAE@XZ
??1?$AutoRelease@VGeneralSinkEx@@@@QAE@XZ
??1?$AutoDelete@VTSTRBUFFER@@@@QAE@XZ
??1?$AutoRelease@UIWbemClassObject@@@@QAE@XZ
?Append@TSTRBUFFER@@QAEJPBG@Z
??0?$AutoRelease@UIWbemObjectTextSrc@@@@QAE@XZ
??1?$AutoRelease@UIWbemObjectTextSrc@@@@QAE@XZ
?StringCchEquals@@YGHPBG0@Z
?AppendXmlStartFragment@TSTRBUFFER@@QAEJXZ
?AppendXmlEndFragment@TSTRBUFFER@@QAEJXZ
??0?$AutoRelease@VEnumSinkEx@@@@QAE@PAVEnumSinkEx@@@Z
??4?$AutoDelete@VWmiEnumContext@@@@QAEAAV0@PAVWmiEnumContext@@@Z
??0?$AutoRelease@UIEnumWbemClassObject@@@@QAE@XZ
??0?$AutoRelease@UIWbemClassObject@@@@QAE@PAUIWbemClassObject@@@Z
??1?$AutoRelease@VEnumSinkEx@@@@QAE@XZ
??1?$AutoRelease@UIEnumWbemClassObject@@@@QAE@XZ
?AppendXmlEndItem@TSTRBUFFER@@QAEJXZ
?AppendXmlStartItem@TSTRBUFFER@@QAEJXZ
FwXmlCloseParser
??4?$AutoDelete@G@@QAEAAV0@PAG@Z
??0?$AutoDelete@G@@QAE@XZ
??1?$AutoDelete@G@@QAE@XZ
??0AutoBstrNoAlloc@@QAE@XZ
?GrowBuffer@BufferFormatter@@UAEKXZ
?StringCchStartsWithCI@@YGHPBG0@Z
?StringCchStartsWith@@YGHPBG0@Z
FwXmlCompareElementName
FwXmlGetElementNameEx
FwXmlNumChildren
FwXmlGetChild
?SafeStringToUI64@@YGJPBGEHPA_KPAVIRequestContext@@K@Z
?ParseEprElement@CWSManEPR@@SGPAV1@PAVIRequestContext@@PAU_FWXML_ELEMENT@@@Z
?GetUri@CWSManResource@@QAEPBGXZ
?GetKeyCount@CWSManResourceNoResourceUri@@QAEKXZ
?GetKeys@CWSManResourceNoResourceUri@@QAEPAU_WSMAN_KEY@@XZ
?Parse@CWSManResource@@SGPAV1@PAVIRequestContext@@PBGH@Z
FwXmlNumConsecutiveChildrenWithName
FwXmlNumChildrenWithName
FwXmlCompareName
FwXmlGetAttributeValue
?RecordMIFailure@IRequestContext@@QAEXW4_MI_Result@@K@Z
FwXmlGetElementName
FwXmlHasText
FwXmlIsSimpleContent
FwXmlGetSimpleContentEx
FwXmlIsNull
FwXmlIsEmpty
?AppendXmlStartElem@TSTRBUFFER@@QAEJPBGHKPAU_XML_ATTRIB@@@Z
?AppendXmlStartElemWithPrefix@TSTRBUFFER@@QAEJPBG0HKPAU_XML_ATTRIB@@@Z
?AppendXmlEndElem@TSTRBUFFER@@QAEJPBG@Z
?AppendEscapeXmlContent@TSTRBUFFER@@QAEJPBG_N@Z
?AppendXmlStartElemWithNamespaces@TSTRBUFFER@@QAEJPBGKPAU_XML_NAMESPACE_PREFIX@@HKPAU_XML_ATTRIB@@@Z
?AppendXmlStartElemWithNamespacesAndPrefixes@TSTRBUFFER@@QAEJPBG0KPAU_XML_NAMESPACE_PREFIX@@HKPAU_XML_ATTRIB@@@Z
FwXmlParserCreate
FwXmlParseText
FwXmlGetEntryNameEx
?StringToDword@@YGHPBGPAK@Z
??0?$AutoDeleteVector@E@@QAE@XZ
??1?$AutoDeleteVector@E@@QAE@XZ
?RestoreAllPrivileges@@YGHPAU_TOKEN_PRIVILEGES@@@Z
?EnableAllPrivileges@@YGHPAPAE@Z
?SetLocale@CRequestContext@@QAE_NPBGK@Z
??0?$AutoRelease@UIErrorInfo@@@@QAE@XZ
??0?$AutoRelease@UIWbemPathKeyList@@@@QAE@PAUIWbemPathKeyList@@@Z
??0?$AutoRelease@UIWbemPath@@@@QAE@PAUIWbemPath@@@Z
??0?$AutoDelete@VCWSManResource@@@@QAE@PAVCWSManResource@@@Z
??0?$AutoRelease@VCWSManEPR@@@@QAE@PAVCWSManEPR@@@Z
??0?$AutoRelease@UIUnknown@@@@QAE@XZ
??0?$AutoRelease@UIWbemQualifierSet@@@@QAE@XZ
??0?$AutoDeleteVector@PAG@@QAE@PAPAG@Z
??4?$AutoDelete@VTSTRBUFFER@@@@QAEAAV0@PAVTSTRBUFFER@@@Z
??0?$AutoRelease@UIWbemContext@@@@QAE@PAUIWbemContext@@@Z
??0?$AutoRelease@UIWbemContext@@@@QAE@XZ
??4?$AutoDeleteVector@E@@QAEAAV0@PAE@Z
??1?$AutoRelease@UIErrorInfo@@@@QAE@XZ
??1?$AutoRelease@UIWbemContext@@@@QAE@XZ
??1?$AutoRelease@UIWbemPathKeyList@@@@QAE@XZ
??1?$AutoRelease@UIWbemPath@@@@QAE@XZ
??1?$AutoDelete@VCWSManResource@@@@QAE@XZ
??1?$AutoRelease@VCWSManEPR@@@@QAE@XZ
??1?$AutoRelease@UIUnknown@@@@QAE@XZ
??1?$AutoRelease@UIWbemQualifierSet@@@@QAE@XZ
??1?$AutoDeleteVector@PAG@@QAE@XZ
??1AutoBstrNoAlloc@@QAE@XZ
?SetSize@TSTRBUFFER@@QAEJII@Z
?AllocSysString@TSTRBUFFER@@QBEJPAPAG@Z
?GetCharInUse@TSTRBUFFER@@QBEIXZ
?AppendChar@TSTRBUFFER@@QAEJG@Z
?Append@TSTRBUFFER@@QAEJPBGII@Z
?Resize@RBUFFER@@QAEHI@Z
?StringIsBlank@@YGHPBG@Z
??4AutoBstrNoAlloc@@QAEAAV0@PAG@Z
WSManEncodeObject
??0?$AutoDeleteVector@G@@QAE@PAG@Z
?CopyString@@YGPAGPBGABHAAVIRequestContext@@@Z
??0AutoHandle@@QAE@XZ
??0AutoLibrary@@QAE@PAUHINSTANCE__@@@Z
??1AutoLibrary@@QAE@XZ
??4AutoHandle@@QAEAAV0@PAX@Z
?IsEventEnabled@EventHandler@WSMan@@SG_NABU_EVENT_DESCRIPTOR@@@Z
?ReAlloc@WSManMemory@@SGPAXPAXIHW4_NitsFaultMode@@@Z
?FormatDataDescriptor@EventHandler@WSMan@@SGXAAU_EVENT_DATA_DESCRIPTOR@@AAJ@Z
?Write@EventHandler@WSMan@@SGXABU_EVENT_DESCRIPTOR@@KPAU_EVENT_DATA_DESCRIPTOR@@@Z

crypt32

CryptStringToBinaryW

api-ms-win-security-base-l1-2-0

RevertToSelf

api-ms-win-core-kernel32-legacy-l1-1-1

GetComputerNameW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

??0?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ
??0?$SafeMap_Iterator@VKey@Locale@@K@@QAE@AAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??0?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@ABV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??1?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ
??1?$SafeMap_Iterator@VKey@Locale@@K@@QAE@XZ
??1?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ
??1CWSManCriticalSectionWithConditionVar@@QAE@XZ
??_7?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@6B@
?Acquire@?$SafeMap@VKey@CWmiPtrCache@@VMapping@2@V?$SafeMap_Iterator@VKey@CWmiPtrCache@@VMapping@2@@@@@UBEXXZ
?Acquire@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UBEXXZ
?Acquire@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAEXXZ
?Acquired@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE_NXZ
?AsReference@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAEAAV1@XZ
?Data@?$SafeMap_Iterator@VKey@Locale@@K@@IBEAAV?$STLMap@VKey@Locale@@K@@XZ
?DeInitialize@?$SafeMap@VKey@CWmiPtrCache@@VMapping@2@V?$SafeMap_Iterator@VKey@CWmiPtrCache@@VMapping@2@@@@@UAE_NAAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UAE_NAAVIRequestContext@@@Z
?GetInitError@CWSManCriticalSection@@QBEKXZ
?GetMap@?$SafeMap_Iterator@VKey@Locale@@K@@QBEAAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?GetMap@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QBEABV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?Initialize@?$SafeMap@VKey@CWmiPtrCache@@VMapping@2@V?$SafeMap_Iterator@VKey@CWmiPtrCache@@VMapping@2@@@@@UAE_NAAVIRequestContext@@@Z
?Initialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UAE_NAAVIRequestContext@@@Z
?IsValid@?$SafeMap_Iterator@VKey@CWmiPtrCache@@VMapping@2@@@QBE_NXZ
?IsValid@?$SafeMap_Iterator@VKey@Locale@@K@@QBE_NXZ
?Release@?$SafeMap@VKey@CWmiPtrCache@@VMapping@2@V?$SafeMap_Iterator@VKey@CWmiPtrCache@@VMapping@2@@@@@UBEXXZ
?Release@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UBEXXZ
?Reset@?$SafeMap_Iterator@VKey@Locale@@K@@QAEXXZ
?SkipOrphans@?$SafeMap_Iterator@VKey@Locale@@K@@IAEXXZ
WSManPluginShutdown
WSManPluginStartup
WSManProvCreate
WSManProvDelete
WSManProvEnumerate
WSManProvGet
WSManProvIdentify
WSManProvInvoke
WSManProvPullEvents
WSManProvPut
WSManProvSubscribe
WSManProvUnsubscribe

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5ff238ab53ad46096471c45dfee8c12

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

oleaut32

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-debug-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

miutils

wsmsvc

crypt32

api-ms-win-security-base-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 198KB - Virtual size: 197KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 13KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 20B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 198KB - Virtual size: 197KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 13KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 20B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 16KB - Virtual size: 15KB