InstallService[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

InstallService.dll
Size

1.9MB
MD5

625a37002b0d8660f29f786ae5dddf83
SHA1

75eca1fa309d6cbe30ff2c073feb7c00e115f0d2
SHA256

c119cb72aa1a3db754b74c7bc7fdd3c24f7fb2dbeb1e39d665b1df11329b00d7
SHA512

514cbb50adad3e6e4b123714ec6cbef5f26a5e51326cb2f25f7c340515ff9c80aed0a1e1ea232d811182615ad690bbe4e11d9da0b9e6d6a180d846de6c97a3cd
SSDEEP

49152:lryOlntyrp+vRRQa7Y+jqIBU6RSyGFlNQxSptdfzkT4R7q3iYDc1XS7:lryOJypaQa7NjqYU6HGZQxS/dfzkbSY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
InstallService.dll

Files

InstallService.dll
.dll windows:10 windows x86 arch:x86

7f33a44be98cff3d7153a28eeadacddd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

InstallService.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__lock_file
_o__mktime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__unlock_file
_o__wcsicmp
_o__wcstoui64
memmove
_o__wtoi
_o__wtoi64
_o_ceil
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_isalnum
_o_iswspace
_o_malloc
_o_mbstowcs
_o_mbstowcs_s
_o_rand
_o_realloc
_o_setvbuf
_o_srand
_o_strncpy_s
_o_strtol
_o_terminate
_o_ungetc
_o_ungetwc
_o_wcscat_s
_o_wcscpy_s
_o_wcsftime
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstombs
_o_wcstombs_s
_o_wcstoul
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__fseeki64
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler3
memcmp
memcpy
__std_type_info_compare
wcsstr
strrchr
wcschr
strchr

api-ms-win-crt-string-l1-1-0

wcsncpy
wcsnlen
memset

umpdc

Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientActivate

ntdll

RtlWow64IsWowGuestMachineSupported
RtlSetBit
RtlClearAllBits
RtlInitializeBitMap
RtlConvertDeviceFamilyInfoToString
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
NtQueryWnfStateData
RtlIsMultiUsersInSessionSku

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageFullNameFromToken

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
LoadStringW
GetModuleFileNameA
GetModuleHandleExA
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
FindStringOrdinal

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
SetEvent
InitializeCriticalSectionAndSpinCount
CreateEventW
DeleteCriticalSection
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
CreateEventExW
InitializeSRWLock
CreateMutexW
InitializeCriticalSectionEx
AcquireSRWLockShared
ResetEvent
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
SetThreadToken
GetCurrentThread
OpenThreadToken
OpenProcessToken
ProcessIdToSessionId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageA
LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventActivityIdControl
EventSetInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete
InitOnceExecuteOnce
WakeByAddressAll
WaitOnAddress

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount
GetVersionExA

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
RegEnumValueW
RegGetValueW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
FreeLibraryWhenCallbackReturns
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolWork

rpcrt4

RpcAsyncCompleteCall
I_RpcExceptionFilter
RpcBindingFree
I_RpcBindingInqLocalClientPID
UuidCreate
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcStringBindingComposeW
NdrAsyncClientCall
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
RpcAsyncCancelCall

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-security-capability-l1-1-0

CapabilityCheck

oleaut32

SysAllocString
SysStringLen
VariantTimeToSystemTime
VariantInit
SysAllocStringByteLen
SysFreeString
SetErrorInfo
VarBstrCmp
VariantClear
GetErrorInfo
SysStringByteLen

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

CompareFileTime
GetFileAttributesW
GetTempFileNameW
FileTimeToLocalFileTime
ReadFile
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
CreateFileW
CreateDirectoryW
GetFinalPathNameByHandleW
SetFileInformationByHandle
FindFirstFileExW
GetFileSizeEx
WriteFile
FindFirstFileW
FindNextFileW
FindClose

winhttp

WinHttpCloseHandle
WinHttpCrackUrl
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpen
WinHttpConnect
WinHttpCreateUrl
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-shell-namespace-l1-1-0

SHGetIDListFromObject

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchRemoveExtension
PathCchStripToRoot
PathCchRemoveFileSpec
PathCchAddExtension
PathCchAppend

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
FlushViewOfFile
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetEnvironmentVariableW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetTempPathW

userenv

ExpandEnvironmentStringsForUserW

api-ms-win-core-kernel32-legacy-l1-1-1

PowerClearRequest
PowerSetRequest

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-ham-apphistory-l1-1-0

HamQueryPackageUsageInfo

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptAcquireContextW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord67
ord68
ord66
ord69

wldp

WldpIsAppApprovedByPolicy

msvcp_win

?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPBD@Z
_Thrd_id
?_Xinvalid_argument@std@@YAXPBD@Z
?uncaught_exceptions@std@@YAHXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?uncaught_exception@std@@YA_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAG3AAPAG@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?_Incref@facet@locale@std@@UAEXXZ
?id@?$ctype@G@std@@2V0locale@2@A
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
_Mtx_unlock
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
??1_Lockit@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?get@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QBE?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBG4@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
_Cnd_wait
?__ExceptionPtrToBool@@YA_NPBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
_Cnd_register_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
_Cnd_broadcast
?__ExceptionPtrDestroy@@YAXPAX@Z
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
_Cnd_unregister_at_thread_exit
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?_Xbad_alloc@std@@YAXXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
_Xtime_get_ticks
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_init_in_situ
_Cnd_init_in_situ
?widen@?$ctype@G@std@@QBEGD@Z
?_XGetLastError@std@@YAXXZ
??0task_continuation_context@Concurrency@@AAE@XZ
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?_Xbad_function_call@std@@YAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
_Mtx_lock

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

mpr

WNetGetConnectionW

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW
StartServiceW

api-ms-win-ntuser-sysparams-l1-1-0

GetMonitorInfoW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f33a44be98cff3d7153a28eeadacddd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

umpdc

ntdll

api-ms-win-appmodel-runtime-internal-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

rpcrt4

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-security-capability-l1-1-0

oleaut32

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-1-0

winhttp

api-ms-win-core-url-l1-1-0

api-ms-win-shell-namespace-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-2-0

userenv

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-ham-apphistory-l1-1-0

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-core-apiquery-l1-1-0

combase

wldp

msvcp_win

api-ms-win-crt-time-l1-1-0

api-ms-win-core-psapi-l1-1-0

mpr

api-ms-win-service-management-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 29KB - Virtual size: 133KB

.idata
Size: 19KB - Virtual size: 19KB

.didat
Size: 1024B - Virtual size: 544B

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 103KB - Virtual size: 102KB