wkernelbase.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
KernelBase.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
KernelBase.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
KernelBase.dll
-
Size
816KB
-
MD5
74f6866831aece43a5d7f74217f82fbe
-
SHA1
733a146e2eec03eec3867047405195f9c40263af
-
SHA256
8e2ac679d2d120154f87c0ffc6cf9f05d072310656df9341b755ed29698be303
-
SHA512
608a929fc89cc7b493f1a8335ecaa10d673100c11492931eb38fb0d7492c3d8fc0a323bcbf613f9f2d091a202bdec7fe4f3c7b61b737a82391433cea5fb3f012
-
SSDEEP
24576:Sx5KW5xdE4vNqqA3RWmjVMCTTeuSA3y1A4uBkjrx8K:S6yxv1U7TOZLuBkjrS
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource KernelBase.dll
Files
-
KernelBase.dll.dll windows:6 windows x86 arch:x86
46dfdb1cc1435f1afadfbf361c04ff8a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ntdll
RtlFreeHeap
RtlAllocateHeap
RtlAcquireSRWLockShared
RtlDeleteBoundaryDescriptor
NtDeletePrivateNamespace
NtCreatePrivateNamespace
NtOpenPrivateNamespace
NtQueryInformationProcess
RtlPrefixUnicodeString
NtClose
RtlAcquireSRWLockExclusive
RtlAddSIDToBoundaryDescriptor
RtlCompareUnicodeString
RtlReleaseSRWLockExclusive
RtlCreateBoundaryDescriptor
RtlInitUnicodeStringEx
RtlReleaseSRWLockShared
NlsMbCodePageTag
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlFreeUnicodeString
RtlFreeAnsiString
LdrResSearchResource
_wcsicmp
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN
RtlEnterCriticalSection
NtQueryInformationFile
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlUpcaseUnicodeChar
RtlInitializeCriticalSection
RtlGetAce
swprintf_s
NtNotifyChangeDirectoryFile
RtlGetLastNtStatus
NtOpenKey
RtlSetLastWin32Error
_wcsnicmp
NtFsControlFile
RtlEqualSid
RtlSetCurrentTransaction
NtSetInformationFile
RtlEqualUnicodeString
TpWaitForWait
NtWaitForSingleObject
NtQueryVolumeInformationFile
RtlGetCurrentTransaction
TpReleaseWait
NtCreateFile
RtlNtStatusToDosError
RtlQueryInformationAcl
RtlGetLastWin32Error
NtFlushBuffersFile
NtCreateEvent
RtlFindAceByType
RtlDosPathNameToNtPathName_U_WithStatus
wcscat_s
RtlReleasePrivilege
NtQueryValueKey
TpSetWait
NtQueryEaFile
NtOpenFile
wcscpy_s
RtlpMergeSecurityAttributeInformation
RtlDosPathNameToNtPathName_U
RtlAcquirePrivilege
RtlIsDosDeviceName_U
NtOpenMutant
RtlDetermineDosPathNameType_U
RtlUnicodeStringToOemString
NtCreateKey
_vsnwprintf
NtReleaseMutant
NtSetValueKey
NtCreateKeyTransacted
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
NtQueryDirectoryFile
wcschr
iswalpha
memmove
RtlLocateExtendedFeature
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlGetEnabledExtendedFeatures
RtlGetExtendedContextLength
RtlSetExtendedFeaturesMask
RtlInitializeExtendedContext
RtlLocateLegacyContext
RtlGetExtendedFeaturesMask
RtlCopyContext
_vsnprintf
NtTerminateProcess
RtlCaptureContext
RtlUnhandledExceptionFilter
_aullshr
NtEnumerateKey
RtlGetLocaleFileMappingAddress
NtGetNlsSectionPtr
RtlNormalizeString
EtwEventEnabled
RtlLocaleNameToLcid
wcspbrk
EtwEventRegister
EtwEventUnregister
NtSetDefaultLocale
RtlUnicodeStringToInteger
RtlLcidToLocaleName
RtlOpenCurrentUser
NtEnumerateValueKey
RtlLCIDToCultureName
qsort
RtlpCreateProcessRegistryInfo
RtlpGetLCIDFromLangInfoNode
RtlCultureNameToLCID
RtlpIsQualifiedLanguage
RtlpGetNameFromLangInfoNode
RtlpInitializeLangRegistryInfo
RtlpLoadUserUIByPolicy
RtlpLoadMachineUIByPolicy
RtlpMuiFreeLangRegistryInfo
NtQueryInstallUILanguage
RtlSetThreadPreferredUILanguages
RtlGetProcessPreferredUILanguages
LdrFindResourceEx_U
LdrAccessResource
RtlGetThreadPreferredUILanguages
RtlSetProcessPreferredUILanguages
RtlpQueryDefaultUILanguage
RtlGetSystemPreferredUILanguages
RtlGetUserPreferredUILanguages
RtlpGetSystemDefaultUILanguage
RtlGetUILanguageInfo
RtlGetFileMUIPath
RtlIsNormalizedString
RtlIdnToNameprepUnicode
RtlIdnToUnicode
RtlIdnToAscii
RtlExpandEnvironmentStrings_U
RtlAppendUnicodeToString
RtlLoadString
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
NtDeleteKey
EtwEventWrite
NtMapViewOfSection
NtCreateSection
NtQueryDefaultLocale
NtNotifyChangeKey
NtOpenProcessToken
NtQueryInformationToken
WinSqmIsOptedIn
WinSqmAddToStream
RtlTimeFieldsToTime
RtlUTF8ToUnicodeN
RtlUnicodeToUTF8N
_wcslwr
_wtol
RtlIntegerToUnicodeString
NtDeleteValueKey
RtlRunOnceExecuteOnce
DbgPrint
RtlInitAnsiStringEx
toupper
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlUnicodeToMultiByteSize
RtlQueryInformationActivationContext
DbgPrintEx
RtlReleaseActivationContext
NtOpenThreadToken
NtSetInformationThread
NtOpenDirectoryObject
RtlLengthRequiredSid
RtlGetAppContainerSidType
RtlConvertSidToUnicodeString
RtlGetAppContainerParent
RtlSubAuthoritySid
TpAllocCleanupGroup
TpQueryPoolStackInformation
TpSetPoolStackInformation
TpAllocWait
TpAllocPool
TpCallbackMayRunLong
TpSimpleTryPost
TpSetPoolMinThreads
TpAllocWork
TpAllocIoCompletion
TpAllocTimer
wcsncpy_s
NtQueryMultipleValueKey
RtlReAllocateHeap
RtlImageNtHeader
wcsstr
NtDuplicateObject
NtSetSystemInformation
NtDeviceIoControlFile
NtSetInformationProcess
RtlExitUserProcess
RtlEncodePointer
RtlRaiseException
RtlDecodePointer
RtlExitUserThread
NtYieldExecution
RtlInitializeCriticalSectionAndSpinCount
vswprintf_s
RtlSizeHeap
_strnicmp
isalpha
RtlFormatCurrentUserKeyPath
RtlRunOnceInitialize
NtQueryEvent
NtResetEvent
RtlCreateUnicodeStringFromAsciiz
NtQueryKey
RtlCreateUnicodeString
RtlValidSecurityDescriptor
RtlStringFromGUID
NtLoadKeyEx
RtlRandomEx
RtlLengthSecurityDescriptor
RtlMakeSelfRelativeSD
strncat
_strlwr
ApiSetQueryApiSetPresence
NtQueryVirtualMemory
NtQuerySystemInformation
RtlStringFromGUIDEx
RtlQueryPackageIdentityEx
NtOpenProcessTokenEx
NtQueryWnfStateData
RtlNtStatusToDosErrorNoTeb
NtCreateWnfStateName
NtDeleteWnfStateName
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlFreeSid
RtlInitializeSRWLock
WinSqmIncrementDWORD
WinSqmSetDWORD
WinSqmSetString
NtQuerySecurityObject
RtlGetDaclSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlAddAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlSetControlSecurityDescriptor
NtSetSecurityObject
memcpy_s
RtlLengthSid
RtlCopySid
RtlExpandEnvironmentStrings
wcsncmp
NtUnmapViewOfSection
RtlValidSid
RtlDowncaseUnicodeString
RtlAllocateAndInitializeSid
RtlIsParentOfChildAppContainer
WinSqmStartSession
WinSqmAddToStreamEx
WinSqmEndSession
TpReleaseWork
TpPostWork
NtGetCachedSigningLevel
NtDuplicateToken
NtAllocateLocallyUniqueId
NtAccessCheck
NtAccessCheckByType
NtAccessCheckByTypeResultList
NtSetInformationToken
NtAdjustPrivilegesToken
NtAdjustGroupsToken
NtPrivilegeCheck
NtAccessCheckAndAuditAlarm
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtOpenObjectAuditAlarm
NtPrivilegeObjectAuditAlarm
NtCloseObjectAuditAlarm
NtDeleteObjectAuditAlarm
NtPrivilegedServiceAuditAlarm
RtlEqualPrefixSid
RtlInitializeSid
RtlIdentifierAuthoritySid
RtlSubAuthorityCountSid
RtlAreAllAccessesGranted
RtlAreAnyAccessesGranted
RtlMapGenericMask
RtlValidAcl
RtlSetInformationAcl
RtlDeleteAce
RtlAddAccessAllowedAce
RtlAddMandatoryAce
RtlAddResourceAttributeAce
RtlAddScopedPolicyIDAce
RtlAddAccessDeniedAce
RtlAddAccessDeniedAceEx
RtlAddAuditAccessAce
RtlAddAuditAccessAceEx
RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedObjectAce
RtlAddAuditAccessObjectAce
RtlFirstFreeAce
RtlValidRelativeSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlNewSecurityObject
RtlConvertToAutoInheritSecurityObject
RtlNewSecurityObjectEx
RtlNewSecurityObjectWithMultipleInheritance
RtlSetSecurityObject
RtlSetSecurityObjectEx
RtlQuerySecurityObject
RtlDeleteSecurityObject
RtlAbsoluteToSelfRelativeSD
RtlSelfRelativeToAbsoluteSD
RtlImpersonateSelf
NtImpersonateAnonymousToken
NtFilterToken
RtlCheckTokenCapability
RtlCheckTokenMembershipEx
RtlSelfRelativeToAbsoluteSD2
RtlGetSecurityDescriptorRMControl
RtlSetSecurityDescriptorRMControl
RtlIsPackageSid
RtlIsCapabilitySid
NtSetCachedSigningLevel
RtlDosApplyFileIsolationRedirection_Ustr
LdrGetDllHandleByName
RtlDosSearchPath_Ustr
RtlImageNtHeaderEx
LdrGetDllHandleByMapping
RtlGetActiveActivationContext
LdrAddLoadAsDataTable
RtlWow64EnableFsRedirectionEx
LdrGetDllPath
RtlReleasePath
LdrLoadDll
LdrRemoveLoadAsDataTable
LdrUnloadAlternateResourceModule
LdrUnloadDll
LdrDisableThreadCalloutsForDll
LdrGetDllFullName
RtlPcToFileHeader
LdrGetDllHandle
LdrAddRefDll
RtlInitString
LdrGetProcedureAddressForCaller
LdrAddDllDirectory
LdrRemoveDllDirectory
LdrSetDefaultDllDirectories
LdrResolveDelayLoadedAPI
LdrResolveDelayLoadsFromDll
LdrQueryOptionalDelayLoadedAPI
LdrGetProcedureAddress
RtlGetProductInfo
SbSelectProcedure
RtlGetVersion
LdrFindResource_U
LdrResGetRCConfig
LdrpResGetResourceDirectory
RtlImageDirectoryEntryToData
LdrResFindResourceDirectory
LdrResFindResource
LdrGetFileNameFromLoadAsDataTable
wcsrchr
LdrLoadAlternateResourceModuleEx
LdrLoadAlternateResourceModule
LdrpResGetMappingSize
LdrRscIsTypeExist
wcstoul
NtLockVirtualMemory
NtUnlockVirtualMemory
NtReadVirtualMemory
NtProtectVirtualMemory
NtWriteVirtualMemory
NtFlushInstructionCache
NtAllocateVirtualMemory
NtFreeVirtualMemory
RtlFlushSecureMemoryCache
NtOpenEvent
NtGetWriteWatch
NtResetWriteWatch
NtSetInformationVirtualMemory
NtAllocateUserPhysicalPages
NtFreeUserPhysicalPages
NtMapUserPhysicalPages
RtlUnsubscribeWnfStateChangeNotification
RtlxAnsiStringToUnicodeSize
NlsMbOemCodePageTag
RtlxOemStringToUnicodeSize
RtlxUnicodeStringToOemSize
RtlxUnicodeStringToAnsiSize
RtlOemStringToUnicodeString
NtQueryObject
NtReadFile
NtWriteFile
NtLockFile
NtUnlockFile
RtlActivateActivationContextUnsafeFast
RtlDeactivateActivationContextUnsafeFast
NtCancelIoFile
NtCancelIoFileEx
NtCancelSynchronousIoFile
NtReadFileScatter
NtWriteFileGather
RtlInitializeCriticalSectionEx
NtSetEvent
NtClearEvent
NtPulseEvent
NtCreateSemaphore
NtOpenSemaphore
NtReleaseSemaphore
NtCreateMutant
NtWaitForMultipleObjects
NtCreateTimer
NtOpenTimer
NtSetTimerEx
NtCancelTimer
RtlRunOnceBeginInitialize
RtlRunOnceComplete
RtlSleepConditionVariableCS
RtlSleepConditionVariableSRW
RtlRaiseStatus
RtlBarrier
RtlInitBarrier
RtlWaitOnAddress
NtSignalAndWaitForSingleObject
RtlRegisterWait
RtlDeregisterWaitEx
RtlCreateTimerQueue
NtDelayExecution
RtlCreateTimer
RtlUpdateTimer
RtlDeleteTimer
RtlDeleteTimerQueueEx
RtlQueueWorkItem
DbgUiContinue
DbgUiWaitStateChange
DbgUiConvertStateChangeStructure
CsrGetProcessId
NtOpenProcess
DbgUiConnectToDbg
DbgUiDebugActiveProcess
DbgUiStopDebugging
NtSetInformationObject
RtlTimeToTimeFields
RtlCutoverTimeToSystemTime
NtSetSystemTime
RtlGetSystemTimePrecise
RtlpCheckDynamicTimeZoneInformation
RtlDefaultNpAcl
NtCreateNamedPipeFile
RtlPrefixString
NtCreateLowBoxToken
RtlDestroyEnvironment
NtCreateSymbolicLinkObject
NtCreateDirectoryObjectEx
RtlGetAppContainerNamedObjectPath
RtlDosPathNameToRelativeNtPathName_U_WithStatus
LdrAppxHandleIntegrityFailure
NtOpenSection
NtFlushVirtualMemory
NtUnmapViewOfSectionEx
NtCreateIoCompletion
NtSetIoCompletion
NtRemoveIoCompletion
NtRemoveIoCompletionEx
RtlGetCurrentProcessorNumberEx
NtQuerySystemInformationEx
RtlReportSilentProcessExit
NtRaiseHardError
RtlGetNativeSystemInformation
RtlQueryEnvironmentVariable_U
strchr
LdrGetDllDirectory
RtlCreateProcessParametersEx
RtlDestroyProcessParameters
NtWow64WriteVirtualMemory64
DbgUiGetThreadDebugObject
RtlCreateEnvironmentEx
RtlGetExePath
RtlGetFullPathName_UstrEx
NtCreateUserProcess
LdrQueryImageFileKeyOption
NtWow64AllocateVirtualMemory64
NtResumeThread
NtRemoveProcessDebug
CsrFreeCaptureBuffer
Exports
Exports
AccessCheck
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AcquireSRWLockExclusive
AcquireSRWLockShared
AcquireStateLock
ActivateActCtx
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddDllDirectory
AddMandatoryAce
AddRefActCtx
AddResourceAttributeAce
AddSIDToBoundaryDescriptor
AddScopedPolicyIDAce
AddVectoredContinueHandler
AddVectoredExceptionHandler
AdjustTokenGroups
AdjustTokenPrivileges
AllocConsole
AllocateAndInitializeSid
AllocateLocallyUniqueId
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
AppContainerDeriveSidFromMoniker
AppContainerFreeMemory
AppContainerLookupDisplayNameMrtReference
AppContainerLookupMoniker
AppContainerRegisterSid
AppContainerUnregisterSid
AppXFreeMemory
AppXGetApplicationData
AppXGetDevelopmentMode
AppXGetOSMaxVersionTested
AppXGetOSMinVersion
AppXGetPackageCapabilities
AppXGetPackageSid
AppXGetPackageState
AppXLookupDisplayName
AppXLookupMoniker
AppXPostSuccessExtension
AppXPreCreationExtension
AppXReleaseAppXContext
AppXSetPackageState
AreAllAccessesGranted
AreAnyAccessesGranted
AreFileApisANSI
AreThereVisibleLogoffScriptsInternal
AreThereVisibleShutdownScriptsInternal
AttachConsole
BaseCheckAppcompatCache
BaseCheckAppcompatCacheEx
BaseCleanupAppcompatCacheSupport
BaseDllFreeResourceId
BaseDllMapResourceIdW
BaseDumpAppcompatCache
BaseFlushAppcompatCache
BaseFormatObjectAttributes
BaseFreeAppCompatDataForProcess
BaseInitAppcompatCacheSupport
BaseIsAppcompatInfrastructureDisabled
BaseMarkFileForDelete
BaseReadAppCompatDataForProcess
BaseUpdateAppcompatCache
BasepAdjustObjectAttributesForPrivateNamespace
BasepCopyFileCallback
BasepCopyFileExW
BasepNotifyTrackingService
Beep
BemCopyReference
BemCreateContractFrom
BemCreateReference
BemFreeContract
BemFreeReference
CLOSE_LOCAL_HANDLE_INTERNAL
CallbackMayRunLong
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelWaitableTimer
ChangeTimerQueueTimer
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckGroupPolicyEnabled
CheckIfStateChangeNotificationExists
CheckRemoteDebuggerPresent
CheckTokenCapability
CheckTokenMembership
CheckTokenMembershipEx
ChrCmpIA
ChrCmpIW
ClearCommBreak
ClearCommError
CloseHandle
ClosePackageInfo
ClosePrivateNamespace
CloseState
CloseStateAtom
CloseStateChangeNotification
CloseStateContainer
CloseStateLock
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CommitStateAtom
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ContinueDebugEvent
ConvertDefaultLocale
ConvertToAutoInheritPrivateObjectSecurity
CopyContext
CopyFile2
CopyFileExW
CopySid
CreateActCtxW
CreateAppContainerToken
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFile2
CreateFileA
CreateFileMappingFromApp
CreateFileMappingNumaW
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceW
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessA
CreateProcessAsUserW
CreateProcessInternalA
CreateProcessInternalW
CreateProcessW
CreateRemoteThread
CreateRemoteThreadEx
CreateRestrictedToken
CreateSemaphoreExW
CreateStateAtom
CreateStateChangeNotification
CreateStateContainer
CreateStateLock
CreateStateSubcontainer
CreateSymbolicLinkW
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateWaitableTimerExW
CreateWellKnownSid
CtrlRoutine
DeactivateActCtx
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DecodePointer
DecodeSystemPointer
DefineDosDeviceW
DelayLoadFailureHook
DelayLoadFailureHookLookup
DeleteAce
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeleteStateAtomValue
DeleteStateContainer
DeleteStateContainerValue
DeleteSynchronizationBarrier
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointW
DestroyPrivateObjectSecurity
DeviceIoControl
DisablePredefinedHandleTableInternal
DisableThreadLibraryCalls
DisassociateCurrentThreadFromCallback
DisconnectNamedPipe
DnsHostnameToComputerNameExW
DsBindWithSpnExW
DsCrackNamesW
DsFreeDomainControllerInfoW
DsFreeNameResultW
DsFreePasswordCredentials
DsGetDomainControllerInfoW
DsMakePasswordCredentialsW
DsUnBindW
DuplicateHandle
DuplicateStateContainerHandle
DuplicateToken
DuplicateTokenEx
EmptyWorkingSet
EncodePointer
EncodeSystemPointer
EnterCriticalPolicySectionInternal
EnterCriticalSection
EnterSynchronizationBarrier
EnumCalendarInfoExEx
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsExEx
EnumDateFormatsExW
EnumDateFormatsW
EnumDeviceDrivers
EnumDynamicTimeZoneInformation
EnumLanguageGroupLocalesW
EnumPageFilesA
EnumPageFilesW
EnumProcessModules
EnumProcessModulesEx
EnumProcesses
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceTypesExA
EnumResourceTypesExW
EnumSystemCodePagesW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumTimeFormatsEx
EnumTimeFormatsW
EnumUILanguagesW
EnumerateStateAtomValues
EnumerateStateContainerItems
EqualDomainSid
EqualPrefixSid
EqualSid
EscapeCommFunction
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventSetInformation
EventUnregister
EventWrite
EventWriteEx
EventWriteString
EventWriteTransfer
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FatalAppExitA
FatalAppExitW
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindActCtxSectionGuid
FindActCtxSectionStringW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstFreeAce
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeW
FindPackagesByPackageFamily
FindResourceExW
FindStringOrdinal
FindVolumeClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringW
ForceSyncFgPolicyInternal
FormatApplicationUserModelId
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeGPOListInternalA
FreeGPOListInternalW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeResource
FreeSid
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GenerateGPNotificationInternal
GetACP
GetAcceptLanguagesA
GetAcceptLanguagesW
GetAce
GetAclInformation
GetAdjustObjectAttributesForPrivateNamespaceRoutine
GetAppContainerAce
GetAppContainerNamedObjectPath
GetAppModelVersion
GetApplicationRecoveryCallback
GetApplicationRestartSettings
GetApplicationUserModelId
GetAppliedGPOListInternalA
GetAppliedGPOListInternalW
GetCPFileNameFromRegistry
GetCPHashNode
GetCPInfo
GetCPInfoExW
GetCachedSigningLevel
GetCalendar
GetCalendarInfoEx
GetCalendarInfoW
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeW
GetComputerNameExA
GetComputerNameExW
GetConsoleCP
GetConsoleCursorInfo
GetConsoleInputExeNameA
GetConsoleInputExeNameW
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
GetConsoleTitleW
GetCurrencyFormatEx
GetCurrencyFormatW
GetCurrentActCtx
GetCurrentApplicationUserModelId
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentPackageApplicationContext
GetCurrentPackageApplicationResourcesContext
GetCurrentPackageContext
GetCurrentPackageFamilyName
GetCurrentPackageFullName
GetCurrentPackageId
GetCurrentPackageInfo
GetCurrentPackagePath
GetCurrentPackageResourcesContext
GetCurrentPackageSecurityContext
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentProcessorNumberEx
GetCurrentThread
GetCurrentThreadId
GetCurrentThreadStackLimits
GetDateFormatA
GetDateFormatEx
GetDateFormatW
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetDynamicTimeZoneInformation
GetDynamicTimeZoneInformationEffectiveYears
GetEightBitStringToUnicodeSizeRoutine
GetEightBitStringToUnicodeStringRoutine
GetEnabledXStateFeatures
GetEnvironmentStrings
GetEnvironmentStringsA
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetEraNameCountedString
GetErrorMode
GetExitCodeProcess
GetExitCodeThread
GetFallbackDisplayName
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileMUIInfo
GetFileMUIPath
GetFileSecurityW
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetGPOListInternalA
GetGPOListInternalW
GetGeoInfoW
GetHandleInformation
GetHivePath
GetKernelObjectSecurity
GetLargePageMinimum
GetLargestConsoleWindowSize
GetLastError
GetLengthSid
GetLocalTime
GetLocaleInfoA
GetLocaleInfoEx
GetLocaleInfoHelper
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameA
GetLongPathNameW
GetMappedFileNameA
GetMappedFileNameW
GetMemoryErrorHandlingCapabilities
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameA
Sections
.text Size: 751KB - Virtual size: 751KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ