x64-[.]x32[.]-installer[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

x64-.x32.-installer.zip
Size

36.4MB
MD5

0adf2bb080471a237b827fc04b371a1a
SHA1

531f43bae1159ddd7ff819b60c52b25785a66c0b
SHA256

32c0071c2d29ab355d8ddf934df81328f33896d32604290c71bcca4f63d4ee8f
SHA512

f52c3aa180bb8ae09e9900836f03f71da7bed1769b7c2ea893b30510a3807fabf17841641c7c7633e3c4b510eb295dcf8ea9146fbe5a843f2ee3ab1d29c5a096
SSDEEP

786432:nkguf+ZEt9UZ+tDAhaeZsL1nWrnl87seC8GWXee:kgufpt9UZPhae7r27se9GWXee

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack003/UpdateAgent/umrdp.dll
unpack003/aadtb/aadtb.dll
unpack003/aadtb/kerberos.dll
unpack003/uireng/htui.dll
unpack003/uireng/uireng.dll
unpack003/vwlanui/FXSUTILITY.dll
unpack003/vwlanui/cscui.dll
unpack003/vwlanui/wlanui.dll

Files

x64-.x32.-installer.zip
.zip

Password: 2024
password.jpg
.jpg

Password: 2024
x64.-x32.-setup.zip
.zip

Password: 2024
UpdateAgent/UpdateAgent.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

6889babfc88aeedab5cdd8d238e06967

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:d3:6f:4a:f9:a3:35:61:17:a0:e6:49:3a:fd:69:c2:a1:dd:c9:92:fd:df:84:20:0d:3a:54:1e:8b:db:02:90
Signer

Actual PE Digest

4a:d3:6f:4a:f9:a3:35:61:17:a0:e6:49:3a:fd:69:c2:a1:dd:c9:92:fd:df:84:20:0d:3a:54:1e:8b:db:02:90

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

UpdateAgent.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wfopen
_o__wsplitpath_s
_o__wtof
_o__wtoi
_o_fclose
_o_feof
_o_fgetws
_o_free
memmove
_o_iswctype
_o_iswspace
_o_malloc
_o_memcpy_s
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstoul
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__cexit
_o__callnewh
wcsstr
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
strrchr
wcsrchr
strchr
wcschr
__C_specific_handler
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsnlen
strcmp
strncmp
wcsncmp

ntdll

RtlNtStatusToDosError
NtSetInformationFile
RtlCompareUnicodeString
NtUnloadKey2
RtlDosPathNameToNtPathName_U_WithStatus
RtlAdjustPrivilege
NtLoadKey2
NtDelayExecution
NtShutdownSystem
NtQueryLicenseValue
RtlDestroyEnvironment
NtSetInformationProcess
RtlCreateEnvironmentEx
RtlSetEnvironmentVariable
RtlDowncaseUnicodeChar
RtlExpandEnvironmentStrings_U
RtlInitUnicodeStringEx
RtlLengthSid
RtlDuplicateUnicodeString
NtQueryPerformanceCounter
NtFlushKey
DbgPrintEx
NtQueryVolumeInformationFile
RtlValidAcl
NtAdjustPrivilegesToken
RtlSetSaclSecurityDescriptor
RtlCreateUnicodeStringFromAsciiz
NtQueryValueKey
DbgPrint
NtCreateFile
RtlFreeHeap
NtClose
RtlQueryEnvironmentVariable_U
LdrLoadDll
RtlDosPathNameToNtPathName_U
LdrUnloadDll
LdrGetDllHandle
NtOpenKey
NtWriteFile
LdrGetProcedureAddress
NtQueryObject
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlTimeToTimeFields
RtlDeleteCriticalSection
RtlNtStatusToDosErrorNoTeb
RtlLengthSecurityDescriptor
RtlValidSid
NtOpenProcessToken
RtlSetOwnerSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMakeSelfRelativeSD
NtDuplicateToken
RtlSetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlQueryInformationAcl
RtlGetOwnerSecurityDescriptor
RtlAllocateAndInitializeSid
RtlRaiseStatus
RtlCreateHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlReAllocateHeap
RtlInitUnicodeString
NtSetInformationThread
NtQueryInformationThread
RtlDestroyHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetGroupSecurityDescriptor
RtlCopySid
NtOpenThreadToken
RtlGetVersion
RtlSetGroupSecurityDescriptor
RtlCreateSecurityDescriptor
RtlFindAceByType
RtlGetDaclSecurityDescriptor
RtlDeleteSecurityObject
NtYieldExecution
NtQueryKey
NtDeleteKey
RtlSetCurrentTransaction
NtEnumerateKey
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtEnumerateValueKey
NtOpenKeyEx
RtlGetAce
RtlpApplyLengthFunction
RtlAddAccessAllowedAceEx
NtReadFile
NtCreateKeyTransacted
RtlNewSecurityObjectEx
NtDeleteFile
NtSetSecurityObject
RtlGetCurrentTransaction
NtDeleteValueKey
RtlAddAce
NtQueryAttributesFile
NtFlushBuffersFile
NtDuplicateObject
NtFsControlFile
NtQueryInformationFile
RtlCreateAcl
NtCreateKey
NtOpenKeyTransactedEx
NtQueryDirectoryFile
NtQuerySecurityObject
NtSetValueKey
NtOpenFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetEaFile
RtlReleaseRelativeName
NtQueryEaFile
NtWaitForSingleObject
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlCreateEnvironment
NtQuerySystemTime
RtlSetControlSecurityDescriptor
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
RtlIsTextUnicode
RtlUnicodeToMultiByteSize
RtlConvertSidToUnicodeString
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlExpandEnvironmentStrings
NtQueryInformationToken
VerSetConditionMask

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorLength
GetTokenInformation
AddAccessAllowedAce
GetLengthSid
DestroyPrivateObjectSecurity
MakeSelfRelativeSD
InitializeAcl
InitializeSecurityDescriptor
FreeSid
CopySid
EqualSid
SetSecurityDescriptorDacl
CreatePrivateObjectSecurityWithMultipleInheritance
GetSecurityDescriptorControl
AllocateAndInitializeSid
IsValidSid
AdjustTokenPrivileges
IsValidAcl
AddAccessAllowedAceEx
CheckTokenMembership
IsValidSecurityDescriptor

api-ms-win-core-file-l1-1-0

SetEndOfFile
GetLogicalDriveStringsW
SetFileTime
GetShortPathNameW
DeleteFileW
GetLogicalDrives
GetVolumeInformationW
GetFileSizeEx
FindFirstFileW
GetFileInformationByHandle
FindNextFileW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointer
GetDiskFreeSpaceW
ReadFile
RemoveDirectoryW
GetFullPathNameW
DeleteFileA
SetFilePointerEx
CreateFileA
CreateDirectoryW
CreateFileW
GetFileType
SetFileAttributesW
GetFileAttributesW
FindFirstFileExW
FindClose
GetDriveTypeW
GetFinalPathNameByHandleW
GetLongPathNameW
GetTempFileNameW
GetFileSize
WriteFile
GetDiskFreeSpaceExW

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExA
GetModuleFileNameA
GetProcAddress
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegSetKeySecurity
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSRWLockShared
InitializeCriticalSectionEx
CreateMutexW
ResetEvent
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
WaitForSingleObjectEx
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSemaphore
AcquireSRWLockShared
OpenEventW
EnterCriticalSection
CreateSemaphoreExW
DeleteCriticalSection
WaitForMultipleObjectsEx
CreateMutexA
SetEvent
TryEnterCriticalSection
CreateEventW
ReleaseSRWLockExclusive
InitializeSRWLock
ReleaseMutex
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapValidate
HeapReAlloc
HeapCompact
HeapFree
HeapCreate
HeapWalk
HeapAlloc
HeapDestroy
HeapSize
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetErrorMode
UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
SetErrorMode
RaiseException

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateGuid
CoGetMalloc
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
StringFromGUID2

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetCurrentProcess
GetThreadPriority
TlsSetValue
CreateProcessA
SetPriorityClass
GetExitCodeThread
GetPriorityClass
TlsAlloc
GetProcessId
TlsGetValue
ExitProcess
OpenThreadToken
OpenProcessToken
GetCurrentThreadId
TlsFree
CreateProcessW
TerminateProcess
GetCurrentThread
CreateThread
GetCurrentProcessId
GetExitCodeProcess

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCommandLineW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-eventing-provider-l1-1-0

EventWriteString
EventProviderEnabled
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetWindowsDirectoryW
GlobalMemoryStatusEx
GetComputerNameExW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetSystemInfo
GetTickCount64
GetVersion
GetSystemDirectoryW
GetVersionExW
GetTickCount
GetVersionExA
GetLocalTime

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetTempPathW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-localization-l1-2-0

ResolveLocaleName
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
LocalFree
GlobalLock
LocalAlloc
GlobalSize

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
MoveFileW
GlobalMemoryStatus
WaitForMultipleObjects
CreateFileMappingA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualFree
CreateFileMappingW
MapViewOfFile
VirtualAlloc
VirtualQuery
VirtualProtect
UnmapViewOfFile

crypt32

CertVerifyCertificateChainPolicy
CryptHashCertificate2

rpcrt4

I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW
UuidFromStringW
UuidCreate

oleaut32

SysAllocString
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation

api-ms-win-core-file-l2-1-0

CopyFileExW
GetFileInformationByHandleEx
MoveFileExW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvCertFromChain

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree

api-ms-win-security-provider-l1-1-0

SetSecurityInfo

wer

WerReportAddFile
WerReportSetUIOption
WerReportSubmit
WerReportCreate
WerReportCloseHandle
WerReportSetParameter

api-ms-win-core-localization-obsolete-l1-2-0

LCIDToLocaleName

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathMatchSpecW

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-security-cryptoapi-l1-1-0

CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_PropertyW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

Exports

Exports

CreateDeploymentSession
CreateDeploymentSessionEx
CreateOfflineDeploymentSession
UA_CommitActionList
UA_CreateActionList
UA_CreateDownloadList
UA_CreateDownloadListFromActionList
UA_CreatePackageListFromDownloadList
UA_InstallActionList
UA_ReleaseDownloadList

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 597KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpdateAgent/umrdp.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

bff07caf688b91e60cdaae6df2eb7470

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

umrdp.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
memcpy
_onexit
memmove
memset
_purecall
wcsstr
memcpy_s
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
malloc
wcsrchr
wcschr
rand
srand
time
_wcsicmp
_vsnwprintf
__C_specific_handler

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW
GetSystemWindowsDirectoryW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-1-0

SetEvent
ResetEvent
WaitForMultipleObjectsEx
CreateEventW
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSection
CancelWaitableTimer
LeaveCriticalSection
EnterCriticalSection
SetWaitableTimer

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExA
FreeLibrary
LoadStringW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
TerminateProcess
CreateThread

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

IsValidAcl
IsValidSid
GetSidIdentifierAuthority
FreeSid
AddAccessAllowedAceEx
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ImpersonateLoggedOnUser
GetTokenInformation
CreateWellKnownSid
CheckTokenMembership
RevertToSelf
GetSidSubAuthorityCount
GetSidSubAuthority
CopySid
EqualSid

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileW
ReadFile
QueryDosDeviceW
GetFileSize
WriteFile

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW

api-ms-win-core-registry-l1-1-0

RegOpenUserClassesRoot
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegGetValueW
RegNotifyChangeKeyValue
RegCloseKey
RegQueryValueExW
RegOpenCurrentUser
RegDeleteValueW
RegOpenKeyExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

EtwEventWriteFull
RtlMultiByteToUnicodeN
NtCreateFile
RtlOpenCurrentUser
RtlNtStatusToDosError
NtMakePermanentObject
NtMakeTemporaryObject
NtClose
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtCreateSymbolicLinkObject
RtlInitUnicodeString
NtQueryInformationProcess
EtwEventActivityIdControl
DbgPrint
RtlInitializeGenericTable
RtlEnumerateGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
EtwEventRegister
RtlGetSuiteMask
EtwEventUnregister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwEventWrite

advapi32

TraceMessage

user32

PeekMessageW
MsgWaitForMultipleObjectsEx
PostThreadMessageW
UnregisterClassW
DefWindowProcW
RegisterClassExW
PostMessageW
DestroyWindow
DispatchMessageW
CreateWindowExW
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetClassInfoExW

kernel32

CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
InitializeCriticalSectionEx
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CreateThreadpool
CloseThreadpool
CloseThreadpoolCleanupGroup
CancelIoEx
WaitForMultipleObjects
GetThreadId
ProcessIdToSessionId
ReadFileEx
GetModuleHandleW
QueueUserAPC
WaitForSingleObjectEx
lstrcmpiW
DeleteTimerQueueTimer
CreateTimerQueueTimer
FreeLibraryAndExitThread
GetProcessHeap
GetModuleHandleExW
GetTickCount64
ReleaseSemaphore
VerifyVersionInfoW
UnregisterWait
SleepEx
TlsSetValue
TlsAlloc
GetSystemInfo
SwitchToThread
CreateSemaphoreW
TlsGetValue
TlsFree
OpenThread
ResumeThread

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventActivityIdControl
EventRegister

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Status

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb/aadtb.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

70f4288e9e404bb3c7e552766ee39c43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aadtb.pdb

Imports

cryptngc

NgcDecryptWithSymmetricPopKey
NgcImportSymmetricPopKey
NgcSignWithSymmetricPopKey
NgcEnumContainers

certenroll

ord51
ord50

dsreg

DsrFreeJoinInfoEx
DsrGetJoinInfoEx

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

crypt32

CryptSignAndEncodeCertificate
CryptExportPublicKeyInfo
CryptProtectData
CryptUnprotectData
CertGetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CryptEncodeObject
CertSetCertificateContextProperty
CryptHashCertificate
CertFreeCertificateContext
CertCreateCertificateContext
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertFindCertificateInStore
CertCloseStore
CertOpenStore

ncrypt

NCryptOpenStorageProvider
NCryptOpenKey
NCryptFinalizeKey
NCryptSetProperty
NCryptCreatePersistedKey
NCryptDeleteKey
NCryptFreeObject
NCryptSignHash

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
RtlImageNtHeader

gdi32

DeleteObject
GetObjectW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
AcquireSRWLockExclusive
OpenSemaphoreW
CreateEventExW
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
LeaveCriticalSection
WaitForSingleObjectEx
SetEvent
ResetEvent
DeleteCriticalSection
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventActivityIdControl
EventUnregister

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapAlloc

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
HSTRING_UserMarshal64
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringLen
HSTRING_UserSize64
WindowsCompareStringOrdinal
HSTRING_UserUnmarshal
HSTRING_UserFree64
WindowsDuplicateString
WindowsDeleteString
HSTRING_UserMarshal
HSTRING_UserUnmarshal64
HSTRING_UserSize
WindowsCreateStringReference
WindowsConcatString
WindowsCreateString
HSTRING_UserFree

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-com-l1-1-0

CoMarshalInterThreadInterfaceInStream
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoGetObjectContext
CoCreateGuid
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoGetCallContext
CoGetInterfaceAndReleaseStream
CoGetApartmentType

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptGetProvParam
CryptAcquireContextW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
SetThreadStackGuarantee
CreateProcessW
TerminateProcess
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
Sleep

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
CopySid
GetTokenInformation
GetLengthSid

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

rpcrt4

NdrOleFree
CStdStubBuffer_IsIIDSupported
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_AddRef
NdrDllGetClassObject
NdrDllCanUnloadNow
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
NdrStubForwardingFunction

api-ms-win-core-com-midlproxystub-l1-1-0

NdrProxyForwardingFunction3
CStdStubBuffer2_Disconnect
ObjectStublessClient7
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient10
CStdStubBuffer2_Connect
CStdStubBuffer2_CountRefs

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueW
RegDeleteTreeW
RegCloseKey
RegGetValueW
RegSetValueExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

sspicli

LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaFreeReturnBuffer
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

wincorlib

?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
??0ClassNotRegisteredException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0COMException@Platform@@QE$AAA@HPE$AAVString@1@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
??0Delegate@Platform@@QE$AAA@XZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
??0Object@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z

msvcrt

_vscwprintf
_purecall
__ExceptionPtrDestroy
__ExceptionPtrCopy
__ExceptionPtrCurrentException
__ExceptionPtrCreate
?terminate@@YAXXZ
wcsstr
??_V@YAXPEAX@Z
_wcsicmp
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__ExceptionPtrRethrow
wcsnlen
wcschr
??2@YAPEAX_KHPEBDH@Z
wcsrchr
?name@type_info@@QEBAPEBDXZ
__RTtypeid
malloc
swprintf_s
_wcslwr_s
wcspbrk
iswspace
__C_specific_handler
time
wcscspn
wcsspn
_wcsicoll
wcsncmp
_wcsnicmp
_wcsupr_s
difftime
_vsnwprintf
_vsnprintf_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
__ExceptionPtrCopyException
_wtol
_wtoi
??0exception@@QEAA@AEBQEBDH@Z
memcpy_s
wcslen
_CxxThrowException
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
_initterm
realloc
__CxxFrameHandler3
??3@YAXPEAX@Z
_callnewh
memcpy
memmove
_vsnprintf
wcscat_s
wcsncpy_s
__RTDynamicCast
_gmtime64_s
wcsftime
memcmp
vswprintf_s
memmove_s
_wcsdup
memset
free

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-capability-l1-1-0

CapabilityCheck

Exports

Exports

AADTBAcquireToken
AADTBAcquireTokenEx
AADTBFreeString
AADTBFreeStruct
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 797KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb/kerberos.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

70eafd38c1a04874613054e13e80c0b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

KERBEROS.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__ultow
_o__wcsicmp
memmove
_o_free
_o_malloc
_o_qsort
_o_strcpy_s
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok
_o_wcstok_s
_o_wcstol
_o_wcstoul
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3
wcsrchr
wcschr

api-ms-win-crt-string-l1-1-0

memset
strcmp
wcscmp
wcsncmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExA

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
SetThreadStackGuarantee
SetThreadToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetACP

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCompareMemory
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetComputerNameExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW

api-ms-win-security-base-l1-1-0

RevertToSelf
CheckTokenMembership
GetTokenInformation
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
IsTokenRestricted
EqualSid

api-ms-win-core-synch-l1-1-0

ResetEvent
SetEvent
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSemaphore
OpenSemaphoreW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObjectEx
OpenEventW
CreateEventW
InitializeCriticalSection
InitializeSRWLock
TryAcquireSRWLockExclusive

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetEnvironmentVariableW
SetCurrentDirectoryW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

CreateDirectoryW
FileTimeToLocalFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventProviderEnabled
EventRegister
EventUnregister

msasn1

ASN1DEREncGeneralizedTime
ASN1_Encode
ASN1intxisuint32
ASN1_FreeDecoded
ASN1_FreeEncoded
ASN1intx2uint32
ASN1intx2int32
ASN1_CreateEncoder
ASN1_Decode
ASN1ztcharstring_free
ASN1bitstring_free
ASN1BERDecCharString
ASN1_CreateModule
ASN1BERDecU32Val
ASN1DEREncBitString
ASN1BERDecZeroCharString
ASN1BEREncObjectIdentifier
ASN1BERDecObjectIdentifier
ASN1BERDecBitString
ASN1charstring_free
ASN1DEREncOctetString
ASN1BERDecS32Val
ASN1BEREncOpenType
ASN1BEREncSX
ASN1DecAlloc
ASN1Free
ASN1BERDecSkip
ASN1BEREncBool
ASN1BEREncEndOfContents
ASN1DEREncCharString
ASN1BEREncS32
ASN1EncSetError
ASN1objectidentifier_free
ASN1BERDecBool
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecNotEndOfContents
ASN1BERDecOctetString
ASN1BEREncU32
ASN1BERDecPeekTag
ASN1BERDecGeneralizedTime
ASN1intx_setuint32
ASN1BERDecExplicitTag
ASN1DecSetError
ASN1octetstring_free
ASN1BERDecSXVal
ASN1BERDecOpenType2
ASN1_CloseDecoder
ASN1intx_free
ASN1_CreateDecoder
ASN1_CloseEncoder

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
QueueUserWorkItem
UnregisterWaitEx
ChangeTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpiA
lstrlenW
lstrcmpW

ntdll

RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlGetElementGenericTable
RtlDeleteTimerQueueEx
RtlImageNtHeader
RtlLeaveCriticalSection
RtlLengthRequiredSid
RtlSubAuthorityCountSid
RtlTimeToTimeFields
RtlTimeFieldsToTime
RtlValidSid
RtlNtStatusToDosError
NtSetEvent
EtwUnregisterTraceGuids
RtlFreeHeap
RtlAllocateHeap
RtlEqualComputerName
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
RtlDuplicateUnicodeString
RtlEraseUnicodeString
RtlAnsiStringToUnicodeString
EtwLogTraceEvent
RtlRunDecodeUnicodeString
RtlCopyUnicodeString
RtlCopyLuid
NtOpenProcess
RtlAvlInsertNodeEx
RtlAvlRemoveNode
RtlAppendUnicodeStringToString
RtlInitUnicodeStringEx
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlCompareUnicodeString
RtlInitializeGenericTable
RtlIntegerToUnicodeString
WinSqmSetDWORD
RtlValidateUnicodeString
RtlPrefixUnicodeString
NtSetInformationThread
RtlUpcaseUnicodeString
NtQuerySystemTime
RtlDowncaseUnicodeString
RtlSystemTimeToLocalTime
RtlEqualUnicodeString
RtlRegisterWait
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlIpv6StringToAddressExW
RtlDeregisterWait
RtlIpv4StringToAddressExW
NtClose
NtWaitForSingleObject
NtOpenEvent
NtCreateEvent
RtlInitUnicodeString
NtAllocateLocallyUniqueId
WinSqmIncrementDWORD
EtwTraceMessage
RtlInitializeGenericTableAvl
RtlInitializeResource
RtlDeleteResource
RtlEnumerateGenericTableAvl
RtlEqualDomainName
RtlFreeUnicodeString
RtlDeleteElementGenericTableAvl
RtlConvertSharedToExclusive
RtlLookupElementGenericTableAvl
RtlAcquireResourceShared
RtlReleaseResource
RtlInsertElementGenericTableAvl
RtlAcquireResourceExclusive
RtlDeleteTimerQueue
RtlCreateTimer
RtlCreateTimerQueue
NtSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
NtOpenProcessToken
RtlAllocateAndInitializeSid
NtOpenThreadToken
EtwEventWriteTransfer
EtwEventActivityIdControl
NtDuplicateToken
RtlCopySid
RtlEqualSid
RtlLengthSid
RtlSubAuthoritySid
RtlInitializeSid
NtQueryInformationToken
NtDuplicateObject
RtlFreeSid
RtlUniform
NtQuerySystemInformation
EtwEventUnregister
EtwEventRegister
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection

msvcp_win

??Bios_base@std@@QEBA_NXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
ControlTraceW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
UnmapViewOfFile
VirtualProtect
CreateFileMappingW
OpenFileMappingW
MapViewOfFileEx

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-security-activedirectoryclient-l1-1-0

DsUnBindW
DsFreeNameResultW
DsBindWithSpnExW
DsCrackNamesW

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DllMain
KerbCreateTokenFromTicketForKdc
KerbDomainChangeCallback
KerbIsInitialized
KerbKdcCallBack
KerbMakeKdcCall
Kerberos
SpInitialize
SpInstanceInit
SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 888KB - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb/mfcm120u.dll
.dll windows:6 windows x64 arch:x64

Password: 2024

e40941c527acf51b3d91baf5a58943c2

Code Sign

33:00:00:00:cc:cb:b8:13:eb:5d:72:2d:45:00:00:00:00:00:cc
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:148C-C4B9-2066,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2016, 20:17

Not After

02/11/2017, 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/11/2016, 22:09

Not After

17/02/2018, 22:09

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b7:8b:f1:e8:ee:b0:e1:f6:09:59:f1:26:23:b0:36:d1:7e:6f:c5:55:c2:69:57:ec:52:87:9d:bc:e7:73:05:83
Signer

Actual PE Digest

b7:8b:f1:e8:ee:b0:e1:f6:09:59:f1:26:23:b0:36:d1:7e:6f:c5:55:c2:69:57:ec:52:87:9d:bc:e7:73:05:83

Digest Algorithm

sha256

PE Digest Matches

true

e3:a5:07:92:76:86:ff:ca:58:10:77:7b:cc:f4:d5:d2:2f:2d:aa:08
Signer

Actual PE Digest

e3:a5:07:92:76:86:ff:ca:58:10:77:7b:cc:f4:d5:d2:2f:2d:aa:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFCM120U.amd64.pdb

Imports

kernel32

DecodePointer
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
OutputDebugStringW
IsProcessorFeaturePresent
Sleep
EncodePointer

msvcr120

?terminate@@YAXXZ
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memset
__FrameUnwindFilter
_cexit
??_V@YAXPEAX@Z
free
__CxxFrameHandler3
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtCapturePreviousContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
_purecall
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
_onexit
__C_specific_handler
_lock
__dllonexit
_calloc_crt
_unlock

user32

SetWindowPos
GetWindow
SendMessageW
GetClientRect
PostMessageW
CopyRect

mfc120u

ord13057
ord4207
ord2477
ord2485
ord11895
ord3461
ord7277
ord2170
ord473
ord2192
ord2294
ord13056
ord4290
ord7924
ord13721
ord13619
ord8388
ord12990
ord5140
ord7432
ord13625
ord8352
ord5250
ord12481
ord13355
ord7718
ord7721
ord3752
ord3159
ord3160
ord4987
ord5267
ord5455
ord8922
ord5243
ord5471
ord4990
ord5133
ord4970
ord5651
ord7346
ord7347
ord7337
ord5131
ord7804
ord9822
ord8781
ord6158
ord2302
ord13358
ord8349
ord3804
ord2272
ord3963
ord3166
ord6030
ord6618
ord2455
ord820
ord1338
ord7065
ord11776
ord7312
ord5976
ord11725
ord11679
ord3670
ord371
ord8798
ord3163
ord10080
ord3130
ord11309
ord8495
ord2180
ord2179
ord269
ord1498
ord1028
ord1636
ord1030

mscoree

_CorDllMain

Exports

Exports

AfxmReleaseManagedReferences

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi
uireng/htui.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

21d1e5400522e04edf30278ff3ede414

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

htui.pdb

Imports

msvcrt

_vsnwprintf
_XcptFilter
_amsg_exit
free
malloc
_initterm
strncmp
memmove
memcpy
memcmp
__C_specific_handler
wcstol
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

ReadFile
WriteProfileStringW
lstrlenW
WriteFile
SetFilePointer
CreateFileW
GlobalAlloc
GlobalFree
CloseHandle
GlobalLock
GetProfileStringW
GlobalUnlock
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetLocaleInfoW
MultiByteToWideChar
LocalAlloc
LocalFree

gdi32

BitBlt
CreateCompatibleBitmap
SaveDC
SelectObject
CreateCompatibleDC
RealizePalette
StretchDIBits
GetStockObject
GetDIBits
DeleteDC
CreateHalftonePalette
SelectPalette
SetColorAdjustment
GetObjectW
ExcludeClipRect
SetStretchBltMode
RestoreDC
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

user32

DefWindowProcW
CallWindowProcW
PostMessageW
GetWindow
GetWindowRect
DestroyWindow
GetWindowLongW
IsWindowVisible
SetWindowPos
SetActiveWindow
EnumChildWindows
SetWindowLongPtrW
FillRect
CreateWindowExW
GetDC
ScreenToClient
SendMessageW
EndDialog
DialogBoxParamW
GetActiveWindow
LoadStringW
GetWindowTextW
EnableWindow
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
GetParent
SetScrollPos
CheckDlgButton
GetDlgItem
GetClientRect
SetWindowLongW
SetScrollRange
SetCursor
EndDeferWindowPos
GetWindowDC
LoadCursorW
SetWindowContextHelpId
SetFocus
WinHelpW
IsDlgButtonChecked
IsWindowEnabled
SendDlgItemMessageW
RegisterClassW
SetDlgItemTextW
ClientToScreen
GetDlgCtrlID
BeginDeferWindowPos
ShowWindow
GetWindowLongPtrW
ChildWindowFromPointEx
SetClassLongPtrW
SetWindowTextW
GetSystemMetrics
DeferWindowPos

Exports

Exports

DllMain
HTUI_ColorAdjustment
HTUI_ColorAdjustmentA
HTUI_ColorAdjustmentW
HTUI_DeviceColorAdjustment
HTUI_DeviceColorAdjustmentA
HTUI_DeviceColorAdjustmentW

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uireng/mfps.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b82cca7515779e1b40c12e0ae7d47f31

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:0f:31:5f:01:1e:33:dc:67:52:29:61:55:6f:b2:0d:97:b1:3b:45:08:51:06:f5:8c:4c:17:1b:c1:29:9e:88
Signer

Actual PE Digest

0e:0f:31:5f:01:1e:33:dc:67:52:29:61:55:6f:b2:0d:97:b1:3b:45:08:51:06:f5:8c:4c:17:1b:c1:29:9e:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFPS.pdb

Imports

msvcrt

_purecall
_callnewh
_amsg_exit
strnlen
_initterm
__C_specific_handler
strncpy_s
malloc
_lock
qsort
free
_XcptFilter
_unlock
__dllonexit
_onexit
memcpy
memcmp
memset

rpcrt4

CStdStubBuffer_Invoke
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrStubCall3
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrClientCall3
NdrStubForwardingFunction
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-com-midlproxystub-l1-1-0

CStdStubBuffer2_Disconnect
ObjectStublessClient13
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
ObjectStublessClient12
NdrProxyForwardingFunction5
ObjectStublessClient10
NdrProxyForwardingFunction9
ObjectStublessClient3
ObjectStublessClient15
ObjectStublessClient7
ObjectStublessClient5
NdrProxyForwardingFunction3
CStdStubBuffer2_Connect
NdrProxyForwardingFunction24
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient22
ObjectStublessClient17
ObjectStublessClient20
ObjectStublessClient23
ObjectStublessClient19
ObjectStublessClient16
NdrProxyForwardingFunction25
ObjectStublessClient21
NdrProxyForwardingFunction7
NdrProxyForwardingFunction8
NdrProxyForwardingFunction6
ObjectStublessClient4
ObjectStublessClient18
ObjectStublessClient14
ObjectStublessClient11
CStdStubBuffer2_CountRefs

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserSize64
HSTRING_UserFree
HSTRING_UserSize
HSTRING_UserMarshal64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserUnmarshal
HSTRING_UserUnmarshal64

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TlsSetValue
GetCurrentProcessId
TlsGetValue
TerminateProcess

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uireng/msvproc.dll
.dll windows:10 windows x64 arch:x64

389e5a0860b40569131881a60d566a2a

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:93:20:39:81:ca:2d:a5:4e:1a:91:ea:de:be:9e:96:6d:78:2f:06:c2:78:59:08:69:f8:e3:13:dc:75:0e:cb
Signer

Actual PE Digest

ca:93:20:39:81:ca:2d:a5:4e:1a:91:ea:de:be:9e:96:6d:78:2f:06:c2:78:59:08:69:f8:e3:13:dc:75:0e:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MSVPROC.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-string-l1-1-0

memset
memmove_s
strnlen

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__gcvt_s
_o__i64toa_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o___std_exception_destroy
memmove
_o__ultoa_s
_o_acos
_o_atan2
_o_atoi
_o_ceil
_o_cos
_o_free
_o_log
_o_malloc
_o_pow
_o_qsort
_o_realloc
_o_sin
_o_sqrt
_o_strncpy_s
_o_wcstombs_s
__CxxFrameHandler4
__std_terminate
__C_specific_handler
__CxxFrameHandler3
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o__cexit
_o___stdio_common_vswprintf
_CxxThrowException
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__callnewh
memcmp
memcpy
_o___std_type_info_destroy_list

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsConcatString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
InitializeCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
AcquireSRWLockExclusive
ResetEvent
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
SetEvent
CreateEventW
ReleaseSRWLockShared
AcquireSRWLockShared
DeleteCriticalSection
CreateSemaphoreExW
CreateMutexExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
InitializeSRWLock

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegCloseKey

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

rtworkq

RtwqCancelWorkItem
RtwqPutWaitingWorkItem
RtwqCreateAsyncResult

api-ms-win-crt-math-l1-1-0

sqrtf

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 930KB - Virtual size: 930KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uireng/uireng.dll
.dll windows:10 windows x64 arch:x64

c2ca58b2270719afbdbaea723f8d2d76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

uireng.pdb

Imports

msvcrt

wcsrchr
wcschr
memcpy
memmove
_wcsnicmp
_CxxThrowException
_wtoi
wcstol
_wcsupr
wcsstr
wcstoul
_wcstoui64
_itow_s
wcscpy_s
__CxxFrameHandler3
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
_vsnprintf
_wcsicmp
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
_snwscanf_s
_vscwprintf
wcscmp

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
EventUnregister
StartTraceW
UnregisterTraceGuids
RegOpenKeyW
RegisterTraceGuidsW
GetTraceEnableFlags
EnableTrace
FlushTraceW
EnableTraceEx
ControlTraceW
EventWriteString
OpenTraceW
ProcessTrace
CloseTrace
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

gdi32

CreateSolidBrush
StretchBlt
CreateCompatibleDC
CreateDCW
ExcludeClipRect
DeleteObject
CreatePen
SelectObject
GetStockObject
Rectangle
ExtCreatePen
MoveToEx
LineTo
PolyBezier
SetDCBrushColor
Ellipse
DeleteDC
GetCurrentObject
CreateCompatibleBitmap
BitBlt
GetObjectW

gdiplus

GdipAlloc
GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipCloneImage

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
ExitProcess
OpenProcess
K32GetModuleFileNameExW
LocalFree
GetSystemTimeAsFileTime
ReadProcessMemory
GetTimeFormatW
GetFileAttributesW
RemoveDirectoryW
ExpandEnvironmentStringsW
CreateDirectoryW
WaitForMultipleObjects
CreateThread
Sleep
UnregisterWait
RegisterWaitForSingleObject
FindFirstFileW
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
ReadFile
FreeLibrary
GetWindowsDirectoryW
LoadLibraryW
ResumeThread
GetSystemDirectoryW
FindNextFileW
GetDriveTypeW
GetLongPathNameW
SizeofResource
WriteFile
UnmapViewOfFile
MultiByteToWideChar
LockResource
DeleteFileW
LoadResource
FindResourceW
GetFileSize
WideCharToMultiByte
CreateFileMappingW
SearchPathW
DuplicateHandle
ResetEvent
GetThreadPriority
GetCurrentThread
MapViewOfFile
SetEvent
CreateEventW
InitializeConditionVariable
SetThreadPriority
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
HeapReAlloc
DeleteCriticalSection
LoadLibraryExW
FindClose
GetVersionExW
GetProductInfo
FileTimeToSystemTime
MoveFileExW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
QueryFullProcessImageNameW

msdrm

DRMIsWindowProtected

ntdll

RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlGetFullPathName_UEx
RtlInitUnicodeString
NtApphelpCacheControl
NtQueryValueKey
NtClose
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeStringEx
NtQueryInformationProcess
ZwClose
ZwOpenKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlFormatCurrentUserKeyPath
ZwCreateFile

ole32

CoCreateInstance
StringFromGUID2
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateGuid
CLSIDFromString

oleacc

GetRoleTextW

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString
SysStringLen

shell32

CommandLineToArgvW
ShellExecuteW
SHFileOperationW

shlwapi

PathRemoveBlanksW
PathRemoveExtensionW
SHCreateStreamOnFileEx
PathFindFileNameW
PathCombineW

user32

CallNextHookEx
SetWindowsHookExW
GetClientRect
SetLayeredWindowAttributes
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
ShowWindow
RegisterWindowMessageW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
WindowFromPoint
GetWindowThreadProcessId
GetGUIThreadInfo
GetCursorInfo
ReleaseDC
UnhookWindowsHookEx
GetDC
GetDesktopWindow
DrawIcon
GetIconInfo
LoadCursorW
GetWindowRect
GetClassNameW
InternalGetWindowText
GetParent
GetWindowLongPtrW
GetKeyState
GetKeyNameTextW
MapVirtualKeyW
GetWindowInfo
PtInRect
GetAsyncKeyState
LoadImageW
GetSystemMetrics
GetDoubleClickTime
IsHungAppWindow
GetRawInputDeviceInfoW
GetPointerDevices
DestroyWindow
RegisterRawInputDevices
RegisterClassExW
CreateWindowExW
UnregisterClassW
FillRect
SetWindowLongPtrW
CopyImage
SetWindowPos
GetWindowTextW
EnableWindow
ReleaseCapture
SystemParametersInfoW
GetDlgItem
SwitchDesktop
SetCapture
GetProcessDefaultLayout
FindWindowW
LoadIconW
IsRectEmpty
CreateDesktopW
ClientToScreen
IsDialogMessageW
CloseDesktop
GetThreadDesktop
SetThreadDesktop
SendMessageW
SetProcessDefaultLayout
CreateDialogParamW
GetWindowTextLengthW
GetCursorPos
InvalidateRect
UpdateWindow
FindWindowExW
WindowFromPhysicalPoint
DefWindowProcW
GetRawInputData
EndPaint
SetWinEventHook
GetWindowLongW
ShowWindowAsync
UnhookWinEvent
PhysicalToLogicalPointForPerMonitorDPI
EnumWindows
BeginPaint

aepic

PicFreeFileInfo
PicRetrieveFileInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

xmllite

CreateXmlWriter

hid

HidP_GetLinkCollectionNodes
HidP_GetValueCaps
HidP_GetUsageValue
HidP_GetUsages
HidP_GetCaps

msimg32

AlphaBlend

rpcrt4

RpcServerListen
RpcServerRegisterIf2
NdrServerCall2
RpcServerUseProtseqEpW
NdrServerCallAll

Exports

Exports

UirGetScreenComment
UirInitializeEngine
UirIsRecordingActive
UirOutCreateOutputFile
UirPauseRecordingSession
UirResumeRecordingSession
UirStartRecordingSession
UirStopRecordingSession
UirUninitializeEngine
UirUpdateRecordingSession

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vwlanui/FXSUTILITY.dll
.dll regsvr32 windows:10 windows x64 arch:x64

ec1a2365fa398033b2b727fc15766ebb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FXSUTILITY.pdb

Imports

msvcrt

wcscmp
memcmp
memcpy
memset
wcschr
_wsplitpath_s
??1type_info@@UEAA@XZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
malloc
free
_purecall
wcscat_s
realloc
__C_specific_handler
__CxxFrameHandler3
iswspace
_vsnwprintf

fxsapi

FaxOpenPort
FaxGetRoutingInfoW
FaxSetGeneralConfiguration
FaxGetGeneralConfiguration
FaxSetOutboxConfiguration
FaxGetOutboxConfiguration
FaxSetSecurityEx2
FaxGetSecurityEx2
FaxGetExtensionDataW
FaxSetExtensionDataW
FaxAccessCheckEx2
FaxSetPortExW
FaxClose
FaxEnumPortsExW
FaxConnectFaxServerW
FaxFreeBuffer
FaxCheckValidFaxFolder
FaxSetRoutingInfoW

shlwapi

PathIsNetworkPathW
StrChrW
PathIsRelativeW
SHAutoComplete
PathFileExistsW
PathMakePrettyW

winspool.drv

EnumPrintersW

kernel32

GetModuleHandleW
FreeLibrary
lstrcmpiW
VirtualQuery
LoadLibraryExW
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
LocalAlloc
GetCurrentProcess
TerminateProcess
HeapFree
HeapAlloc
GetProcessHeap
CompareStringW
ExpandEnvironmentStringsW
GetLocaleInfoW
GetFileAttributesW
LoadLibraryW
DeleteCriticalSection
GetCurrentThread
OutputDebugStringW
GetLocaleInfoEx
GetUserPreferredUILanguages
GetFullPathNameW
LoadLibraryExA
ExpandEnvironmentStringsA
SetLastError
GetProcAddress
LoadResource
HeapDestroy
FindResourceExW
GetSystemInfo
DisableThreadLibraryCalls
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
VirtualAlloc
lstrcpynW
EnterCriticalSection
VirtualProtect
SizeofResource
CreateProcessW
LocalFree
CloseHandle
GetLastError
GetVersionExW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetLocalTime
SetUnhandledExceptionFilter

shell32

SHCreateDirectoryExW
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString
UnRegisterTypeLi

ole32

CoInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
HWND_UserUnmarshal64
HWND_UserMarshal64
HWND_UserMarshal
HWND_UserSize64
HWND_UserFree64
HWND_UserFree
HWND_UserUnmarshal
HWND_UserSize

user32

DialogBoxParamW
GetWindowTextW
CallWindowProcW
GetParent
EnableWindow
ShowWindow
GetDlgItemTextW
SetWindowPos
MessageBoxW
SetWindowLongPtrW
GetWindowLongPtrW
GetDlgItem
LoadStringW
PostMessageW
SendMessageW
SetWindowTextW
GetWindowTextLengthW
SetActiveWindow
FindWindowW
CharPrevW
CharNextW
CheckDlgButton
GetDlgItemInt
SetFocus
SetDlgItemTextW
EndDialog
IsDlgButtonChecked
SetDlgItemInt
SendDlgItemMessageW

advapi32

RegOpenKeyExW
RegQueryValueExA
RegEnumValueW
MapGenericMask
RegDeleteValueW
RegCloseKey
RegOpenKeyExA
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
TraceMessage
OpenThreadToken
OpenServiceW
ChangeServiceConfigW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSecurityDescriptorControl
SetThreadToken
DuplicateTokenEx
StartServiceW
FreeSid
OpenProcessToken
EnumDependentServicesW
GetSecurityDescriptorLength
MakeSelfRelativeSD
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
SetEntriesInAclW
ControlService

rpcrt4

NdrDllUnregisterProxy
NdrDllRegisterProxy
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
NdrDllGetClassObject
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrDllCanUnloadNow
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy

aclui

ord1

Exports

Exports

CanSendToFaxRecipient
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo
SendToFaxRecipient

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vwlanui/cscui.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b18197d343870a8734e284f0be2f6713

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cscui.pdb

Imports

msvcrt

memcmp
floor
memcpy
?terminate@@YAXXZ
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_CxxThrowException
memmove
memmove_s
memset
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
_wcsdup
free
_purecall
memcpy_s
_vsnwprintf
sqrt

shell32

ord155
ord18
ord19
ord256
SHCreateDataObject
AssocCreateForClasses
SHCreateDefaultExtractIcon
SHGetDesktopFolder
SHCreateShellItemArrayFromDataObject
SHGetKnownFolderIDList
SHGetFileInfoW
ord28
SHCreateItemFromParsingName
ord165
ord162
ord704
SHCreateShellItemArrayFromShellItem
ord16
SHGetItemFromObject
SHCreateDefaultContextMenu
SHCreateItemFromIDList
SHGetIDListFromObject
ord152
SHBindToParent
SHBindToFolderIDListParentEx
ShellExecuteExW
ord102
SHParseDisplayName
ord190
SHChangeNotify
SHBindToObject
ord241
SHBindToFolderIDListParent
ord680

shlwapi

PathRemoveBackslashW
StrRetToBufW
SHStrDupW
ord619
PathFindExtensionW
ord16
ord174
ord157
ord158
StrChrW
PathAddBackslashW
ord540
ord615
StrStrW
PathCompactPathW
ord354
ord176
ord172
StrFormatByteSizeW
PathGetDriveNumberW
PathBuildRootW
ord388
PathIsUNCServerShareW
PathIsUNCServerW
ord217
AssocQueryStringW
PathParseIconLocationW
PathFindFileNameW
PathIsContentTypeW
PathCompactPathExW
ord199
PathIsUNCW
ord437
ord219
StrDupW
ord215
StrToIntW
ord476
StrToIntA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
AdjustTokenPrivileges
RevertToSelf
GetTokenInformation

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
ResumeThread
GetCurrentThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
TlsFree
CreateThread

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceBeginInitialize
SleepConditionVariableSRW
Sleep

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateMutexW
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateMutexExW
SetEvent
AcquireSRWLockShared
SetWaitableTimer
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSection
AcquireSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
ResetEvent
CreateEventW
ReleaseSRWLockShared

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadResource
LoadStringW
GetModuleFileNameA
LoadStringA
LockResource
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibraryAndExitThread
FreeLibrary
LoadLibraryExW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapReAlloc
GetProcessHeap

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-core-com-l1-1-0

CoRevertToSelf
CoGetCallContext
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
CoCancelCall
CoDisableCallCancellation
StringFromIID
CoEnableCallCancellation
CoCreateGuid
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
StringFromCLSID
CoQueryProxyBlanket
CLSIDFromString
CoWaitForMultipleHandles
CoSetProxyBlanket
CoTaskMemAlloc
StringFromGUID2
PropVariantClear
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance
CoCreateInstanceEx

api-ms-win-core-file-l1-1-0

FindClose
FindNextFileW
FindFirstFileW
GetDriveTypeW
CompareFileTime
GetFileAttributesW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegEnumValueW
RegOpenCurrentUser
RegOpenKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-string-l2-1-0

CharLowerW
CharUpperW
CharNextW

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

rpcrt4

NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_QueryInterface
NdrDllCanUnloadNow
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_AddRef
NdrOleAllocate
CStdStubBuffer_Connect
NdrOleFree

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient7
ObjectStublessClient3
ObjectStublessClient11
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient12
ObjectStublessClient10
ObjectStublessClient5
ObjectStublessClient4

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
GetSystemPowerStatus

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
DeactivateActCtx
ReleaseActCtx
ActivateActCtx

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW
lstrcmpW

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA
GetNumberFormatW

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

ntdll

EtwEventWrite
EtwEventEnabled
EtwEventUnregister
RtlReleaseResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlDeleteResource
RtlInitializeResource
RtlGetLengthWithoutTrailingPathSeperators
RtlGetLengthWithoutLastFullDosOrNtPathElement
EtwEventRegister
RtlAppendPathElement
RtlpEnsureBufferSize
RtlInitUnicodeString
RtlFreeUnicodeString
RtlNtStatusToDosError
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlpApplyLengthFunction

user32

MsgWaitForMultipleObjectsEx
GetWindowTextW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW
EndDialog
SystemParametersInfoW
MapWindowPoints
GetWindowRect
ShowWindow
GetParent
IsDlgButtonChecked
GetDoubleClickTime
EnableWindow
CheckDlgButton
LoadImageW
ReleaseDC
SetWindowTextW
GetWindowDC
GetClientRect
GetDlgItem
SetDlgItemTextW
SetWindowLongPtrW
GetMenuItemInfoW
GetWindowLongPtrW
DestroyIcon
GetMenuItemCount
GetMenuItemID
LoadCursorW
SetCursor
InsertMenuItemW
DestroyMenu
CreatePopupMenu
InsertMenuW
PostMessageW
DeleteMenu
SetForegroundWindow
SetWindowPos
SendMessageW
RegisterClipboardFormatW
FindWindowW
SetPropW
RemovePropW
SetMenuItemInfoW
SetProcessDPIAware
DialogBoxParamW
GetMenuStringW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CPlApplet
CSCOptions_RunDLL
CSCOptions_RunDLLA
CSCOptions_RunDLLW
CSCUIInitialize
CSCUIOptionsPropertySheet
CSCUIRemoveFolderFromCache
CSCUISetState
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vwlanui/wlanui.dll
.dll windows:10 windows x64 arch:x64

8da5534d168dd3aaf6fa0c1f3519d0ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wlanui.pdb

Imports

msvcrt

?terminate@@YAXXZ
_itow
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
__C_specific_handler
_beginthreadex
_endthreadex
log
memcmp
memcpy
memset
??1type_info@@UEAA@XZ
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
towlower
iswctype
vswprintf_s
_vscwprintf
mbtowc
_vsnwprintf
memmove_s
_purecall
memcpy_s
free
malloc
wcsncpy_s
logf
wcscmp

ntdll

WinSqmIncrementDWORD
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwTraceMessage
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData

gdi32

SelectObject
GetDeviceCaps
CreateSolidBrush
GetStockObject
Rectangle
SetBkMode
SetTextColor
DeleteObject
GetTextExtentPoint32W

kernel32

DeactivateActCtx
DelayLoadFailureHook
ResolveDelayLoadedAPI
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetLastError
LoadLibraryExW
lstrcmpiW
RaiseException
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
HeapAlloc
GetProcessHeap
FindResourceW
LockResource
HeapFree
LocalFree
FormatMessageW
GlobalAlloc
GlobalFree
SetLastError
WideCharToMultiByte
HeapSize
HeapReAlloc
HeapDestroy
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
CloseHandle
lstrcmpW
CreateActCtxW
ActivateActCtx
ReleaseActCtx

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoImpersonateClient
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
StringFromGUID2
CoGetObject
CLSIDFromString
OleUninitialize
OleInitialize
CoRevertToSelf
CoSetProxyBlanket

shlwapi

ord12
ord213

user32

GetLastInputInfo
CreateWindowExW
UnregisterClassA
CheckRadioButton
IsDlgButtonChecked
CheckDlgButton
MoveWindow
GetWindowInfo
SetWindowTextW
MessageBoxW
EndPaint
DrawIcon
DrawTextW
GetSysColor
BeginPaint
LoadIconW
PostMessageW
InvalidateRect
GetClientRect
ClientToScreen
SetCapture
SetTimer
SetDlgItemTextW
LoadStringW
KillTimer
ReleaseCapture
GetWindowTextW
GetWindowTextLengthW
ShowWindow
IsWindowEnabled
IsWindowVisible
SetFocus
EnableWindow
GetDlgItem
SetClassLongPtrW
SetWindowPos
GetDoubleClickTime
DestroyWindow
SetWindowLongPtrW
GetWindowLongPtrW
EnumChildWindows
GetWindowLongW
TranslateMessage
GetSystemMetrics
GetWindowRect
ReleaseDC
GetDC
GetParent
GetDlgCtrlID
SendMessageW
SetDlgItemInt
GetDlgItemInt
CharNextW
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects
SystemParametersInfoW
GetKeyState
GetMessageW
GetClassNameW

uxtheme

DrawThemeBackground
OpenThemeData
CloseThemeData
DrawThemeText
IsThemePartDefined

wlanapi

WlanUtf8SsidToDisplayName
WlanQueryAutoConfigParameter
WlanGetProfile
WlanFreeMemory
WlanSetProfileEapUserData
WlanOpenHandle
WlanStringToSsid
WlanCloseHandle
WlanReasonCodeToString
WlanSetProfile
WlanQueryInterface
WlanGetProfileEapUserDataInfo

gdiplus

GdipCreateBitmapFromHBITMAP
GdipDisposeImageAttributes
GdipDisposeImage
GdipSetInterpolationMode
GdipCreateHBITMAPFromBitmap
GdipCreateImageAttributes
GdipAlloc
GdipSetImageAttributesWrapMode
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipDrawImageRectRectI
GdiplusStartup
GdipCreateBitmapFromStream
GdipCloneImage
GdipGetImageHeight
GdiplusShutdown
GdipFree

dui70

?DefaultAction@Element@DirectUI@@UEAAJXZ
?Release@Value@DirectUI@@QEAAXXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?GetClass@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetHeight@Element@DirectUI@@QEAAJH@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetForegroundStdColor@Element@DirectUI@@QEAAJH@Z
?SetBackgroundStdColor@Element@DirectUI@@QEAAJH@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetActive@Element@DirectUI@@QEAAJH@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?IsMSAAEnabled@HWNDElement@DirectUI@@UEAA_NXZ
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?GetClassInfoW@HWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?SetMultiline@Edit@DirectUI@@QEAAJ_N@Z
?Create@NativeHWNDHost@DirectUI@@SAJPEBGPEAUHWND__@@PEAUHICON__@@HHHHHHIPEAPEAV12@@Z
?DestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
?Enter@Edit@DirectUI@@SA?AVUID@@XZ
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?SetXML@DUIXmlParser@DirectUI@@QEAAJPEBGPEAUHINSTANCE__@@1@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHICON__@@_N11@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHBITMAP__@@EI_N11@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
StrToID
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?CreateStyleParser@HWNDElement@DirectUI@@UEAAJPEAPEAVDUIXmlParser@2@@Z
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
??0HWNDElement@DirectUI@@QEAA@XZ
??1HWNDElement@DirectUI@@UEAA@XZ
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?_OnUIStateChanged@HWNDElement@DirectUI@@MEAAXGG@Z
UnInitThread
UnInitProcessPriv
InitThread
InitProcessPriv
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetEncodedContentString@Element@DirectUI@@QEAAJPEAG_K@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?BackgroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?ForegroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?DoubleBuffered@Element@DirectUI@@QEAAX_N@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?RemoveAll@Element@DirectUI@@QEAAJXZ
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?RemoveLocalValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZ@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Destroy@Layout@DirectUI@@QEAAXXZ

Exports

Exports

DllGetClassObject
WLFreeProfile
WLFreeProfileXml
WLInvokeProfileUI
WLInvokeProfileUIFromXMLFile
WlanUIEditProfile

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

Password: 2024

Password: 2024

6889babfc88aeedab5cdd8d238e06967

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

4a:d3:6f:4a:f9:a3:35:61:17:a0:e6:49:3a:fd:69:c2:a1:dd:c9:92:fd:df:84:20:0d:3a:54:1e:8b:db:02:90Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-security-base-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-memory-l1-1-0

crypt32

rpcrt4

oleaut32

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-shutdown-l1-1-0

wintrust

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-provider-l1-1-0

wer

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-errorhandling-l1-1-2

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

4a:d3:6f:4a:f9:a3:35:61:17:a0:e6:49:3a:fd:69:c2:a1:dd:c9:92:fd:df:84:20:0d:3a:54:1e:8b:db:02:90
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

PAGE
Size: 10KB - Virtual size: 10KB

.rdata
Size: 597KB - Virtual size: 596KB

.data
Size: 26KB - Virtual size: 41KB

.pdata
Size: 46KB - Virtual size: 45KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 254KB - Virtual size: 254KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 9KB - Virtual size: 8KB

.didat
Size: 1024B - Virtual size: 824B

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 1KB - Virtual size: 1KB