x64-[.]x32[.]-installer[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

x64-.x32.-installer.zip
Size

36.2MB
MD5

ffffd58dcac7a687c8bd4ead3fc623a5
SHA1

d8648e59d55f8ea95a38dff6261ae721778247f0
SHA256

7ed61f91f8f42d6212c5333eca1efe6db7e383602ad5a7ef31edc62d07dddb9f
SHA512

6d851061850a728f7a114198c984b3034f5a9e7a323fa33860d423513ef9085b6869ba61faca64445726deeed8525673cbe3d5b9727a285de74c0ce6eff2ad63
SSDEEP

786432:YeAlVQ3uqurqInA0QYKQr6f1iSiQiIf+X4ANKDKg:VwUuqur+gr69iS1hf+e

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack003/UpdateAgent/mskeyprotcli.dll
unpack003/UpdateAgent/softpub.dll
unpack003/UpdateAgent/umrdp.dll
unpack003/aadtb/aadtb.dll
unpack003/aadtb/kerberos.dll
unpack003/taskcomp/ppcsnap.dll
unpack003/taskcomp/scecli.dll
unpack003/taskcomp/taskcomp.dll
unpack003/uireng/htui.dll
unpack003/uireng/uireng.dll

Files

x64-.x32.-installer.zip
.zip

Password: 2024
password.jpg
.jpg

Password: 2024
x64.-x32.-setup.zip
.zip

Password: 2024
UpdateAgent/UpdateAgent.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

6889babfc88aeedab5cdd8d238e06967

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:d3:6f:4a:f9:a3:35:61:17:a0:e6:49:3a:fd:69:c2:a1:dd:c9:92:fd:df:84:20:0d:3a:54:1e:8b:db:02:90
Signer

Actual PE Digest

4a:d3:6f:4a:f9:a3:35:61:17:a0:e6:49:3a:fd:69:c2:a1:dd:c9:92:fd:df:84:20:0d:3a:54:1e:8b:db:02:90

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

UpdateAgent.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wfopen
_o__wsplitpath_s
_o__wtof
_o__wtoi
_o_fclose
_o_feof
_o_fgetws
_o_free
memmove
_o_iswctype
_o_iswspace
_o_malloc
_o_memcpy_s
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstoul
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__cexit
_o__callnewh
wcsstr
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
strrchr
wcsrchr
strchr
wcschr
__C_specific_handler
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsnlen
strcmp
strncmp
wcsncmp

ntdll

RtlNtStatusToDosError
NtSetInformationFile
RtlCompareUnicodeString
NtUnloadKey2
RtlDosPathNameToNtPathName_U_WithStatus
RtlAdjustPrivilege
NtLoadKey2
NtDelayExecution
NtShutdownSystem
NtQueryLicenseValue
RtlDestroyEnvironment
NtSetInformationProcess
RtlCreateEnvironmentEx
RtlSetEnvironmentVariable
RtlDowncaseUnicodeChar
RtlExpandEnvironmentStrings_U
RtlInitUnicodeStringEx
RtlLengthSid
RtlDuplicateUnicodeString
NtQueryPerformanceCounter
NtFlushKey
DbgPrintEx
NtQueryVolumeInformationFile
RtlValidAcl
NtAdjustPrivilegesToken
RtlSetSaclSecurityDescriptor
RtlCreateUnicodeStringFromAsciiz
NtQueryValueKey
DbgPrint
NtCreateFile
RtlFreeHeap
NtClose
RtlQueryEnvironmentVariable_U
LdrLoadDll
RtlDosPathNameToNtPathName_U
LdrUnloadDll
LdrGetDllHandle
NtOpenKey
NtWriteFile
LdrGetProcedureAddress
NtQueryObject
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlTimeToTimeFields
RtlDeleteCriticalSection
RtlNtStatusToDosErrorNoTeb
RtlLengthSecurityDescriptor
RtlValidSid
NtOpenProcessToken
RtlSetOwnerSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMakeSelfRelativeSD
NtDuplicateToken
RtlSetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlQueryInformationAcl
RtlGetOwnerSecurityDescriptor
RtlAllocateAndInitializeSid
RtlRaiseStatus
RtlCreateHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlReAllocateHeap
RtlInitUnicodeString
NtSetInformationThread
NtQueryInformationThread
RtlDestroyHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetGroupSecurityDescriptor
RtlCopySid
NtOpenThreadToken
RtlGetVersion
RtlSetGroupSecurityDescriptor
RtlCreateSecurityDescriptor
RtlFindAceByType
RtlGetDaclSecurityDescriptor
RtlDeleteSecurityObject
NtYieldExecution
NtQueryKey
NtDeleteKey
RtlSetCurrentTransaction
NtEnumerateKey
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtEnumerateValueKey
NtOpenKeyEx
RtlGetAce
RtlpApplyLengthFunction
RtlAddAccessAllowedAceEx
NtReadFile
NtCreateKeyTransacted
RtlNewSecurityObjectEx
NtDeleteFile
NtSetSecurityObject
RtlGetCurrentTransaction
NtDeleteValueKey
RtlAddAce
NtQueryAttributesFile
NtFlushBuffersFile
NtDuplicateObject
NtFsControlFile
NtQueryInformationFile
RtlCreateAcl
NtCreateKey
NtOpenKeyTransactedEx
NtQueryDirectoryFile
NtQuerySecurityObject
NtSetValueKey
NtOpenFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetEaFile
RtlReleaseRelativeName
NtQueryEaFile
NtWaitForSingleObject
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlCreateEnvironment
NtQuerySystemTime
RtlSetControlSecurityDescriptor
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
RtlIsTextUnicode
RtlUnicodeToMultiByteSize
RtlConvertSidToUnicodeString
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlExpandEnvironmentStrings
NtQueryInformationToken
VerSetConditionMask

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorLength
GetTokenInformation
AddAccessAllowedAce
GetLengthSid
DestroyPrivateObjectSecurity
MakeSelfRelativeSD
InitializeAcl
InitializeSecurityDescriptor
FreeSid
CopySid
EqualSid
SetSecurityDescriptorDacl
CreatePrivateObjectSecurityWithMultipleInheritance
GetSecurityDescriptorControl
AllocateAndInitializeSid
IsValidSid
AdjustTokenPrivileges
IsValidAcl
AddAccessAllowedAceEx
CheckTokenMembership
IsValidSecurityDescriptor

api-ms-win-core-file-l1-1-0

SetEndOfFile
GetLogicalDriveStringsW
SetFileTime
GetShortPathNameW
DeleteFileW
GetLogicalDrives
GetVolumeInformationW
GetFileSizeEx
FindFirstFileW
GetFileInformationByHandle
FindNextFileW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointer
GetDiskFreeSpaceW
ReadFile
RemoveDirectoryW
GetFullPathNameW
DeleteFileA
SetFilePointerEx
CreateFileA
CreateDirectoryW
CreateFileW
GetFileType
SetFileAttributesW
GetFileAttributesW
FindFirstFileExW
FindClose
GetDriveTypeW
GetFinalPathNameByHandleW
GetLongPathNameW
GetTempFileNameW
GetFileSize
WriteFile
GetDiskFreeSpaceExW

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExA
GetModuleFileNameA
GetProcAddress
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegSetKeySecurity
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSRWLockShared
InitializeCriticalSectionEx
CreateMutexW
ResetEvent
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
WaitForSingleObjectEx
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSemaphore
AcquireSRWLockShared
OpenEventW
EnterCriticalSection
CreateSemaphoreExW
DeleteCriticalSection
WaitForMultipleObjectsEx
CreateMutexA
SetEvent
TryEnterCriticalSection
CreateEventW
ReleaseSRWLockExclusive
InitializeSRWLock
ReleaseMutex
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapValidate
HeapReAlloc
HeapCompact
HeapFree
HeapCreate
HeapWalk
HeapAlloc
HeapDestroy
HeapSize
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetErrorMode
UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
SetErrorMode
RaiseException

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateGuid
CoGetMalloc
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
StringFromGUID2

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetCurrentProcess
GetThreadPriority
TlsSetValue
CreateProcessA
SetPriorityClass
GetExitCodeThread
GetPriorityClass
TlsAlloc
GetProcessId
TlsGetValue
ExitProcess
OpenThreadToken
OpenProcessToken
GetCurrentThreadId
TlsFree
CreateProcessW
TerminateProcess
GetCurrentThread
CreateThread
GetCurrentProcessId
GetExitCodeProcess

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCommandLineW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-eventing-provider-l1-1-0

EventWriteString
EventProviderEnabled
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetWindowsDirectoryW
GlobalMemoryStatusEx
GetComputerNameExW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetSystemInfo
GetTickCount64
GetVersion
GetSystemDirectoryW
GetVersionExW
GetTickCount
GetVersionExA
GetLocalTime

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetTempPathW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-localization-l1-2-0

ResolveLocaleName
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
LocalFree
GlobalLock
LocalAlloc
GlobalSize

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
MoveFileW
GlobalMemoryStatus
WaitForMultipleObjects
CreateFileMappingA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualFree
CreateFileMappingW
MapViewOfFile
VirtualAlloc
VirtualQuery
VirtualProtect
UnmapViewOfFile

crypt32

CertVerifyCertificateChainPolicy
CryptHashCertificate2

rpcrt4

I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW
UuidFromStringW
UuidCreate

oleaut32

SysAllocString
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation

api-ms-win-core-file-l2-1-0

CopyFileExW
GetFileInformationByHandleEx
MoveFileExW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvCertFromChain

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree

api-ms-win-security-provider-l1-1-0

SetSecurityInfo

wer

WerReportAddFile
WerReportSetUIOption
WerReportSubmit
WerReportCreate
WerReportCloseHandle
WerReportSetParameter

api-ms-win-core-localization-obsolete-l1-2-0

LCIDToLocaleName

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathMatchSpecW

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-security-cryptoapi-l1-1-0

CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_PropertyW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

Exports

Exports

CreateDeploymentSession
CreateDeploymentSessionEx
CreateOfflineDeploymentSession
UA_CommitActionList
UA_CreateActionList
UA_CreateDownloadList
UA_CreateDownloadListFromActionList
UA_CreatePackageListFromDownloadList
UA_InstallActionList
UA_ReleaseDownloadList

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 597KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpdateAgent/mskeyprotcli.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

3f10585a6ff54cf3ff2e08c522645520

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mskeyprotcli.pdb

Imports

msvcrt

memcpy_s
_CxxThrowException
memcmp
_purecall
_vsnwprintf
realloc
_errno
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
strrchr
memmove_s
calloc
wcsspn
wcscspn
wcsstr
_wcsicmp
wcstol
_set_errno
_XcptFilter
isdigit
_callnewh
memset
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
??1type_info@@UEAA@XZ
memcpy
malloc
free
_amsg_exit
__CxxFrameHandler3
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleFileNameA
SizeofResource
GetModuleHandleExW
FindResourceExW
LoadLibraryExW
FreeLibrary
LockResource
GetModuleHandleW
LoadResource
GetProcAddress

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW

bcrypt

BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptImportKey
BCryptExportKey
BCryptGenerateSymmetricKey
BCryptHashData
BCryptDestroyHash
BCryptFinishHash
BCryptDestroyKey
BCryptCloseAlgorithmProvider

api-ms-win-core-heap-l1-1-0

HeapSize
HeapDestroy
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseMutex
WaitForSingleObjectEx
CreateEventW
CreateSemaphoreExW
ReleaseSemaphore
CreateMutexExW
CreateEventExW
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
ReleaseSRWLockExclusive

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegEnumValueW
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteTreeW
RegDeleteValueW
RegDeleteKeyExW
RegSetValueExW
RegOpenKeyExW
RegOpenCurrentUser
RegGetValueW
RegCloseKey

api-ms-win-core-com-l1-1-0

CoTaskMemFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError

ntasn1

ord2
ord5
ord4

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlUnhandledExceptionFilter
NtTerminateProcess
RtlImageNtHeader
EtwGetTraceEnableFlags
LdrDisableThreadCalloutsForDll
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
EventActivityIdControl

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetProcessIdOfThread
OpenThreadToken
OpenThread
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread
SetThreadStackGuarantee

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLocaleName
GetThreadPreferredUILanguages

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcAsyncCompleteCall
RpcSsDestroyClientContext
MesBufferHandleReset
RpcAsyncCancelCall
MesDecodeBufferHandleCreate
UuidCreate
I_RpcBindingInqLocalClientPID
RpcAsyncInitializeHandle
NdrMesTypeAlignSize3
MesHandleFree
NdrMesTypeEncode3
RpcBindingFromStringBindingW
Ndr64AsyncClientCall
MesEncodeFixedBufferHandleCreate
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
IsValidSid
RevertToSelf
ImpersonateLoggedOnUser
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetTokenInformation

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

crypt32

CryptProtectData
CryptUnprotectMemory
CryptUnprotectData
CryptProtectMemory

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

userenv

GetProfileType

sspicli

LsaDeregisterLogonProcess
LogonUserExExW
LsaRegisterLogonProcess
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage
LsaConnectUntrusted

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

Exports

Exports

GetKeyProtectionInterface

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpdateAgent/softpub.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

66e2d1b2cdab292d56111a45637c4a3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

softpub.pdb

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Exports

Exports

AddPersonalTrustDBPages
DllRegisterServer
DllUnregisterServer
DriverCleanupPolicy
DriverFinalPolicy
DriverInitializePolicy
FindCertsByIssuer
GenericChainCertificateTrust
GenericChainFinalProv
HTTPSCertificateTrust
HTTPSFinalProv
OfficeCleanupPolicy
OfficeInitializePolicy
OpenPersonalTrustDBDialog
SoftpubAuthenticode
SoftpubCheckCert
SoftpubCleanup
SoftpubDefCertInit
SoftpubDumpStructure
SoftpubFreeDefUsageCallData
SoftpubInitialize
SoftpubLoadDefUsageCallData
SoftpubLoadMessage
SoftpubLoadSignature

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpdateAgent/umrdp.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

bff07caf688b91e60cdaae6df2eb7470

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

umrdp.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
memcpy
_onexit
memmove
memset
_purecall
wcsstr
memcpy_s
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
malloc
wcsrchr
wcschr
rand
srand
time
_wcsicmp
_vsnwprintf
__C_specific_handler

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW
GetSystemWindowsDirectoryW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-1-0

SetEvent
ResetEvent
WaitForMultipleObjectsEx
CreateEventW
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSection
CancelWaitableTimer
LeaveCriticalSection
EnterCriticalSection
SetWaitableTimer

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExA
FreeLibrary
LoadStringW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
TerminateProcess
CreateThread

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

IsValidAcl
IsValidSid
GetSidIdentifierAuthority
FreeSid
AddAccessAllowedAceEx
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ImpersonateLoggedOnUser
GetTokenInformation
CreateWellKnownSid
CheckTokenMembership
RevertToSelf
GetSidSubAuthorityCount
GetSidSubAuthority
CopySid
EqualSid

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileW
ReadFile
QueryDosDeviceW
GetFileSize
WriteFile

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW

api-ms-win-core-registry-l1-1-0

RegOpenUserClassesRoot
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegGetValueW
RegNotifyChangeKeyValue
RegCloseKey
RegQueryValueExW
RegOpenCurrentUser
RegDeleteValueW
RegOpenKeyExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

EtwEventWriteFull
RtlMultiByteToUnicodeN
NtCreateFile
RtlOpenCurrentUser
RtlNtStatusToDosError
NtMakePermanentObject
NtMakeTemporaryObject
NtClose
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtCreateSymbolicLinkObject
RtlInitUnicodeString
NtQueryInformationProcess
EtwEventActivityIdControl
DbgPrint
RtlInitializeGenericTable
RtlEnumerateGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
EtwEventRegister
RtlGetSuiteMask
EtwEventUnregister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwEventWrite

advapi32

TraceMessage

user32

PeekMessageW
MsgWaitForMultipleObjectsEx
PostThreadMessageW
UnregisterClassW
DefWindowProcW
RegisterClassExW
PostMessageW
DestroyWindow
DispatchMessageW
CreateWindowExW
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetClassInfoExW

kernel32

CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
InitializeCriticalSectionEx
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CreateThreadpool
CloseThreadpool
CloseThreadpoolCleanupGroup
CancelIoEx
WaitForMultipleObjects
GetThreadId
ProcessIdToSessionId
ReadFileEx
GetModuleHandleW
QueueUserAPC
WaitForSingleObjectEx
lstrcmpiW
DeleteTimerQueueTimer
CreateTimerQueueTimer
FreeLibraryAndExitThread
GetProcessHeap
GetModuleHandleExW
GetTickCount64
ReleaseSemaphore
VerifyVersionInfoW
UnregisterWait
SleepEx
TlsSetValue
TlsAlloc
GetSystemInfo
SwitchToThread
CreateSemaphoreW
TlsGetValue
TlsFree
OpenThread
ResumeThread

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventActivityIdControl
EventRegister

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Status

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb/aadtb.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

70f4288e9e404bb3c7e552766ee39c43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aadtb.pdb

Imports

cryptngc

NgcDecryptWithSymmetricPopKey
NgcImportSymmetricPopKey
NgcSignWithSymmetricPopKey
NgcEnumContainers

certenroll

ord51
ord50

dsreg

DsrFreeJoinInfoEx
DsrGetJoinInfoEx

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

crypt32

CryptSignAndEncodeCertificate
CryptExportPublicKeyInfo
CryptProtectData
CryptUnprotectData
CertGetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CryptEncodeObject
CertSetCertificateContextProperty
CryptHashCertificate
CertFreeCertificateContext
CertCreateCertificateContext
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertFindCertificateInStore
CertCloseStore
CertOpenStore

ncrypt

NCryptOpenStorageProvider
NCryptOpenKey
NCryptFinalizeKey
NCryptSetProperty
NCryptCreatePersistedKey
NCryptDeleteKey
NCryptFreeObject
NCryptSignHash

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
RtlImageNtHeader

gdi32

DeleteObject
GetObjectW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
AcquireSRWLockExclusive
OpenSemaphoreW
CreateEventExW
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
LeaveCriticalSection
WaitForSingleObjectEx
SetEvent
ResetEvent
DeleteCriticalSection
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventActivityIdControl
EventUnregister

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapAlloc

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
HSTRING_UserMarshal64
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringLen
HSTRING_UserSize64
WindowsCompareStringOrdinal
HSTRING_UserUnmarshal
HSTRING_UserFree64
WindowsDuplicateString
WindowsDeleteString
HSTRING_UserMarshal
HSTRING_UserUnmarshal64
HSTRING_UserSize
WindowsCreateStringReference
WindowsConcatString
WindowsCreateString
HSTRING_UserFree

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-com-l1-1-0

CoMarshalInterThreadInterfaceInStream
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoGetObjectContext
CoCreateGuid
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoGetCallContext
CoGetInterfaceAndReleaseStream
CoGetApartmentType

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptGetProvParam
CryptAcquireContextW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
SetThreadStackGuarantee
CreateProcessW
TerminateProcess
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
Sleep

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
CopySid
GetTokenInformation
GetLengthSid

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

rpcrt4

NdrOleFree
CStdStubBuffer_IsIIDSupported
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_AddRef
NdrDllGetClassObject
NdrDllCanUnloadNow
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
NdrStubForwardingFunction

api-ms-win-core-com-midlproxystub-l1-1-0

NdrProxyForwardingFunction3
CStdStubBuffer2_Disconnect
ObjectStublessClient7
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient10
CStdStubBuffer2_Connect
CStdStubBuffer2_CountRefs

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueW
RegDeleteTreeW
RegCloseKey
RegGetValueW
RegSetValueExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

sspicli

LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaFreeReturnBuffer
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

wincorlib

?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
??0ClassNotRegisteredException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0COMException@Platform@@QE$AAA@HPE$AAVString@1@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
??0Delegate@Platform@@QE$AAA@XZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
??0Object@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z

msvcrt

_vscwprintf
_purecall
__ExceptionPtrDestroy
__ExceptionPtrCopy
__ExceptionPtrCurrentException
__ExceptionPtrCreate
?terminate@@YAXXZ
wcsstr
??_V@YAXPEAX@Z
_wcsicmp
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__ExceptionPtrRethrow
wcsnlen
wcschr
??2@YAPEAX_KHPEBDH@Z
wcsrchr
?name@type_info@@QEBAPEBDXZ
__RTtypeid
malloc
swprintf_s
_wcslwr_s
wcspbrk
iswspace
__C_specific_handler
time
wcscspn
wcsspn
_wcsicoll
wcsncmp
_wcsnicmp
_wcsupr_s
difftime
_vsnwprintf
_vsnprintf_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
__ExceptionPtrCopyException
_wtol
_wtoi
??0exception@@QEAA@AEBQEBDH@Z
memcpy_s
wcslen
_CxxThrowException
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
_initterm
realloc
__CxxFrameHandler3
??3@YAXPEAX@Z
_callnewh
memcpy
memmove
_vsnprintf
wcscat_s
wcsncpy_s
__RTDynamicCast
_gmtime64_s
wcsftime
memcmp
vswprintf_s
memmove_s
_wcsdup
memset
free

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-capability-l1-1-0

CapabilityCheck

Exports

Exports

AADTBAcquireToken
AADTBAcquireTokenEx
AADTBFreeString
AADTBFreeStruct
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 797KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb/kerberos.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

70eafd38c1a04874613054e13e80c0b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

KERBEROS.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__ultow
_o__wcsicmp
memmove
_o_free
_o_malloc
_o_qsort
_o_strcpy_s
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok
_o_wcstok_s
_o_wcstol
_o_wcstoul
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3
wcsrchr
wcschr

api-ms-win-crt-string-l1-1-0

memset
strcmp
wcscmp
wcsncmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExA

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
SetThreadStackGuarantee
SetThreadToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetACP

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCompareMemory
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetComputerNameExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW

api-ms-win-security-base-l1-1-0

RevertToSelf
CheckTokenMembership
GetTokenInformation
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
IsTokenRestricted
EqualSid

api-ms-win-core-synch-l1-1-0

ResetEvent
SetEvent
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSemaphore
OpenSemaphoreW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObjectEx
OpenEventW
CreateEventW
InitializeCriticalSection
InitializeSRWLock
TryAcquireSRWLockExclusive

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetEnvironmentVariableW
SetCurrentDirectoryW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

CreateDirectoryW
FileTimeToLocalFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventProviderEnabled
EventRegister
EventUnregister

msasn1

ASN1DEREncGeneralizedTime
ASN1_Encode
ASN1intxisuint32
ASN1_FreeDecoded
ASN1_FreeEncoded
ASN1intx2uint32
ASN1intx2int32
ASN1_CreateEncoder
ASN1_Decode
ASN1ztcharstring_free
ASN1bitstring_free
ASN1BERDecCharString
ASN1_CreateModule
ASN1BERDecU32Val
ASN1DEREncBitString
ASN1BERDecZeroCharString
ASN1BEREncObjectIdentifier
ASN1BERDecObjectIdentifier
ASN1BERDecBitString
ASN1charstring_free
ASN1DEREncOctetString
ASN1BERDecS32Val
ASN1BEREncOpenType
ASN1BEREncSX
ASN1DecAlloc
ASN1Free
ASN1BERDecSkip
ASN1BEREncBool
ASN1BEREncEndOfContents
ASN1DEREncCharString
ASN1BEREncS32
ASN1EncSetError
ASN1objectidentifier_free
ASN1BERDecBool
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecNotEndOfContents
ASN1BERDecOctetString
ASN1BEREncU32
ASN1BERDecPeekTag
ASN1BERDecGeneralizedTime
ASN1intx_setuint32
ASN1BERDecExplicitTag
ASN1DecSetError
ASN1octetstring_free
ASN1BERDecSXVal
ASN1BERDecOpenType2
ASN1_CloseDecoder
ASN1intx_free
ASN1_CreateDecoder
ASN1_CloseEncoder

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
QueueUserWorkItem
UnregisterWaitEx
ChangeTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpiA
lstrlenW
lstrcmpW

ntdll

RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlGetElementGenericTable
RtlDeleteTimerQueueEx
RtlImageNtHeader
RtlLeaveCriticalSection
RtlLengthRequiredSid
RtlSubAuthorityCountSid
RtlTimeToTimeFields
RtlTimeFieldsToTime
RtlValidSid
RtlNtStatusToDosError
NtSetEvent
EtwUnregisterTraceGuids
RtlFreeHeap
RtlAllocateHeap
RtlEqualComputerName
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
RtlDuplicateUnicodeString
RtlEraseUnicodeString
RtlAnsiStringToUnicodeString
EtwLogTraceEvent
RtlRunDecodeUnicodeString
RtlCopyUnicodeString
RtlCopyLuid
NtOpenProcess
RtlAvlInsertNodeEx
RtlAvlRemoveNode
RtlAppendUnicodeStringToString
RtlInitUnicodeStringEx
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlCompareUnicodeString
RtlInitializeGenericTable
RtlIntegerToUnicodeString
WinSqmSetDWORD
RtlValidateUnicodeString
RtlPrefixUnicodeString
NtSetInformationThread
RtlUpcaseUnicodeString
NtQuerySystemTime
RtlDowncaseUnicodeString
RtlSystemTimeToLocalTime
RtlEqualUnicodeString
RtlRegisterWait
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlIpv6StringToAddressExW
RtlDeregisterWait
RtlIpv4StringToAddressExW
NtClose
NtWaitForSingleObject
NtOpenEvent
NtCreateEvent
RtlInitUnicodeString
NtAllocateLocallyUniqueId
WinSqmIncrementDWORD
EtwTraceMessage
RtlInitializeGenericTableAvl
RtlInitializeResource
RtlDeleteResource
RtlEnumerateGenericTableAvl
RtlEqualDomainName
RtlFreeUnicodeString
RtlDeleteElementGenericTableAvl
RtlConvertSharedToExclusive
RtlLookupElementGenericTableAvl
RtlAcquireResourceShared
RtlReleaseResource
RtlInsertElementGenericTableAvl
RtlAcquireResourceExclusive
RtlDeleteTimerQueue
RtlCreateTimer
RtlCreateTimerQueue
NtSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
NtOpenProcessToken
RtlAllocateAndInitializeSid
NtOpenThreadToken
EtwEventWriteTransfer
EtwEventActivityIdControl
NtDuplicateToken
RtlCopySid
RtlEqualSid
RtlLengthSid
RtlSubAuthoritySid
RtlInitializeSid
NtQueryInformationToken
NtDuplicateObject
RtlFreeSid
RtlUniform
NtQuerySystemInformation
EtwEventUnregister
EtwEventRegister
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection

msvcp_win

??Bios_base@std@@QEBA_NXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
ControlTraceW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
UnmapViewOfFile
VirtualProtect
CreateFileMappingW
OpenFileMappingW
MapViewOfFileEx

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-security-activedirectoryclient-l1-1-0

DsUnBindW
DsFreeNameResultW
DsBindWithSpnExW
DsCrackNamesW

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DllMain
KerbCreateTokenFromTicketForKdc
KerbDomainChangeCallback
KerbIsInitialized
KerbKdcCallBack
KerbMakeKdcCall
Kerberos
SpInitialize
SpInstanceInit
SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 888KB - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb/mfcm120u.dll
.dll windows:6 windows x64 arch:x64

e40941c527acf51b3d91baf5a58943c2

Code Sign

33:00:00:00:cc:cb:b8:13:eb:5d:72:2d:45:00:00:00:00:00:cc
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:148C-C4B9-2066,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2016, 20:17

Not After

02/11/2017, 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/11/2016, 22:09

Not After

17/02/2018, 22:09

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b7:8b:f1:e8:ee:b0:e1:f6:09:59:f1:26:23:b0:36:d1:7e:6f:c5:55:c2:69:57:ec:52:87:9d:bc:e7:73:05:83
Signer

Actual PE Digest

b7:8b:f1:e8:ee:b0:e1:f6:09:59:f1:26:23:b0:36:d1:7e:6f:c5:55:c2:69:57:ec:52:87:9d:bc:e7:73:05:83

Digest Algorithm

sha256

PE Digest Matches

true

e3:a5:07:92:76:86:ff:ca:58:10:77:7b:cc:f4:d5:d2:2f:2d:aa:08
Signer

Actual PE Digest

e3:a5:07:92:76:86:ff:ca:58:10:77:7b:cc:f4:d5:d2:2f:2d:aa:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFCM120U.amd64.pdb

Imports

kernel32

DecodePointer
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
OutputDebugStringW
IsProcessorFeaturePresent
Sleep
EncodePointer

msvcr120

?terminate@@YAXXZ
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memset
__FrameUnwindFilter
_cexit
??_V@YAXPEAX@Z
free
__CxxFrameHandler3
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtCapturePreviousContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
_purecall
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
_onexit
__C_specific_handler
_lock
__dllonexit
_calloc_crt
_unlock

user32

SetWindowPos
GetWindow
SendMessageW
GetClientRect
PostMessageW
CopyRect

mfc120u

ord13057
ord4207
ord2477
ord2485
ord11895
ord3461
ord7277
ord2170
ord473
ord2192
ord2294
ord13056
ord4290
ord7924
ord13721
ord13619
ord8388
ord12990
ord5140
ord7432
ord13625
ord8352
ord5250
ord12481
ord13355
ord7718
ord7721
ord3752
ord3159
ord3160
ord4987
ord5267
ord5455
ord8922
ord5243
ord5471
ord4990
ord5133
ord4970
ord5651
ord7346
ord7347
ord7337
ord5131
ord7804
ord9822
ord8781
ord6158
ord2302
ord13358
ord8349
ord3804
ord2272
ord3963
ord3166
ord6030
ord6618
ord2455
ord820
ord1338
ord7065
ord11776
ord7312
ord5976
ord11725
ord11679
ord3670
ord371
ord8798
ord3163
ord10080
ord3130
ord11309
ord8495
ord2180
ord2179
ord269
ord1498
ord1028
ord1636
ord1030

mscoree

_CorDllMain

Exports

Exports

AfxmReleaseManagedReferences

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi
taskcomp/ppcsnap.dll
.dll regsvr32 windows:10 windows x64 arch:x64

4c8643e25d8890880fa02c675c74a56f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ppcsnap.pdb

Imports

msvcrt

free
memmove
_amsg_exit
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_XcptFilter
__CxxFrameHandler3
_lock
_unlock
__dllonexit
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_onexit
??1type_info@@UEAA@XZ
memset
memcmp
??_V@YAXPEAX@Z
_callnewh
malloc
_purecall
__C_specific_handler
??3@YAXPEAX@Z
_vsnwprintf
wcschr
_wcsicmp
memcpy
_initterm
wcscmp

kernel32

DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
GetLastError
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
RaiseException
DeactivateActCtx
ActivateActCtx
LoadLibraryW
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
VirtualFree
GetCurrentProcess
VirtualAlloc
LoadLibraryExA
EncodePointer
HeapAlloc
DecodePointer
GetProcAddress
GetProcessHeap
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateEventW
SetThreadpoolTimer
WaitForSingleObject
CloseHandle
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
SetEvent
HeapFree

ole32

CoCreateInstance
CoTaskMemAlloc
GetHGlobalFromStream
StringFromIID
CoCreateGuid
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoInitialize

user32

PeekMessageW
PostQuitMessage
IsWindow
RegisterClassExW
GetClassInfoExW
GetWindowTextLengthW
GetDlgItemTextW
LoadIconW
SetWindowTextW
SetWindowLongPtrW
EnableWindow
GetDlgItem
MessageBoxW
PostMessageW
CallWindowProcW
GetActiveWindow
CreateWindowExW
GetWindowLongPtrW
DefWindowProcW
DestroyWindow
LoadCursorW
SetFocus
DialogBoxParamW
GetLastActivePopup
wsprintfW
GetWindow
GetParent
GetGUIThreadInfo
EndDialog
RegisterClipboardFormatW
SendMessageW

oleaut32

VariantInit
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString

shlwapi

ord219
ord174
ord209
ord211
ord208
ord210
ord256

puiapi

STRAPI_LoadString
PUIAPI_CreateInstance
PUIAPI_ShowBrowseForPrinterDialog
STRAPI_TrimString
STRAPI_GUID2String
STRAPI_Format

advapi32

RegDeleteKeyExW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

ntdll

TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
TpReleaseWait
TpWaitForWait
TpReleaseWork
TpWaitForWork
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpReleasePool
TpCallbackMayRunLong
TpSetWait
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
RtlNtStatusToDosError
TpSimpleTryPost

activeds

ord3

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
taskcomp/scecli.dll
.dll regsvr32 windows:10 windows x64 arch:x64

4cf2cb1bb507221d91e434473bfb8b6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

scecli.pdb

Imports

msvcrt

_itow_s
wcstoul
memcpy_s
__CxxFrameHandler3
_findclose
_wfindnext64
memmove_s
_wtol
fclose
__C_specific_handler
malloc
_callnewh
_wfindfirst64
wcsncat_s
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
_vsnprintf_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
wcsncpy_s
wcscat_s
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_wfopen
_vsnwprintf
??3@YAXPEAX@Z
_CxxThrowException
_resetstkoflw
memcpy
memmove
_purecall
_XcptFilter
_amsg_exit
free
_initterm
??1type_info@@UEAA@XZ
wcsncmp
_wcsnicmp
wcsstr
wcschr
swprintf_s
_vsnwprintf_s
wcscpy_s
_wcsupr
_lock
_wcsicmp
towlower
memcmp
_onexit
__dllonexit
_unlock
memset

rpcrt4

NdrClientCall3
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
NdrServerCall2
RpcBindingToStringBindingW
RpcBindingSetAuthInfoW
RpcStringFreeW
RpcStringBindingParseW
NdrServerCallAll
I_RpcExceptionFilter

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetFileSize
FindFirstFileW
GetFileAttributesW
GetTempFileNameW
FindClose
DeleteFileW
CreateFileW
SetFilePointer
WriteFile
GetFullPathNameW
CreateDirectoryW
ReadFile
GetVolumeInformationW
SetFileAttributesW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegGetValueW
RegCreateKeyExW
RegDeleteKeyExW
RegOpenCurrentUser
RegCloseKey

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThread
GetCurrentThreadId
ExitThread
CreateThread
GetCurrentProcessId
SetThreadStackGuarantee
OpenThreadToken
OpenProcessToken

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
ExpandEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-security-base-l1-1-0

ImpersonateSelf
FreeSid
ImpersonateLoggedOnUser
EqualSid
AllocateAndInitializeSid
GetSecurityDescriptorDacl
RevertToSelf
DuplicateToken
GetSidSubAuthority
CheckTokenMembership

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetSystemInfo

api-ms-win-core-string-l1-1-0

GetStringTypeExW
CompareStringOrdinal
CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage
GetTraceLoggerHandle

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
LoadStringW
FreeLibraryAndExitThread
GetProcAddress
LoadResource

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FormatMessageW
LCMapStringW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
EnterCriticalSection
CreateMutexW
SleepEx
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
AcquireSRWLockShared
WaitForMultipleObjectsEx
OpenEventW
ReleaseMutex
CreateEventW
ReleaseSemaphore
ReleaseSRWLockExclusive
SetEvent
CreateMutexExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
InitializeCriticalSection

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
CreateFileMappingW
MapViewOfFile
VirtualProtect
UnmapViewOfFile

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-privateprofile-l1-1-0

WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileIntW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage

api-ms-win-core-privateprofile-l1-1-1

WritePrivateProfileSectionW

ntdll

RtlGetDaclSecurityDescriptor
RtlValidSid
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString
NtQueryWnfStateData
RtlGetNtProductType
RtlLengthRequiredSid
RtlEqualSid
RtlNtStatusToDosError
RtlIsTextUnicode
RtlRandomEx
RtlTimeToSecondsSince1980
DbgPrint
RtlLengthSecurityDescriptor
RtlMakeSelfRelativeSD
NtQueryObject
RtlAllocateHeap
RtlImageNtHeader
RtlFreeHeap
RtlGetGroupSecurityDescriptor
RtlFreeSid
RtlLengthSid
RtlSystemTimeToLocalTime
NtQueryInformationToken
RtlSubAuthorityCountSid
RtlAllocateAndInitializeSid
RtlGetOwnerSecurityDescriptor
RtlGetAce
RtlGetSaclSecurityDescriptor
RtlTimeToTimeFields
RtlIdentifierAuthoritySid
RtlSubAuthoritySid
RtlMapGenericMask
RtlGetControlSecurityDescriptor
NtQuerySystemTime
NtAdjustPrivilegesToken
RtlCopySid

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ConvertSecurityDescriptorToText
DeltaNotify
DllRegisterServer
DllUnregisterServer
InitializeChangeNotify
SceAddToNameList
SceAddToNameStatusList
SceAddToObjectList
SceAnalyzeSystem
SceAppendSecurityProfileInfo
SceBrowseDatabaseTable
SceCloseProfile
SceCommitTransaction
SceCompareNameList
SceCompareSecurityDescriptors
SceConfigureConvertedFileSecurity
SceConfigureSystem
SceCopyBaseProfile
SceCreateDirectory
SceDcPromoCreateGPOsInSysvol
SceDcPromoCreateGPOsInSysvolEx
SceDcPromoteSecurity
SceDcPromoteSecurityEx
SceEnforceSecurityPolicyPropagation
SceEnumerateServices
SceFreeMemory
SceFreeProfileMemory
SceGenerateGroupPolicy
SceGenerateRollback
SceGetAnalysisAreaSummary
SceGetAreas
SceGetDatabaseSetting
SceGetDbTime
SceGetObjectChildren
SceGetObjectSecurity
SceGetScpProfileDescription
SceGetSecurityProfileInfo
SceGetServerProductType
SceGetTimeStamp
SceIsSystemDatabase
SceLookupPrivRightName
SceNotifyPolicyDelta
SceOpenPolicy
SceOpenProfile
SceProcessSecurityPolicyGPO
SceProcessSecurityPolicyGPOEx
SceRegisterRegValues
SceRollbackTransaction
SceSetDatabaseSetting
SceSetupBackupSecurity
SceSetupConfigureServices
SceSetupGenerateTemplate
SceSetupMoveSecurityFile
SceSetupRootSecurity
SceSetupSystemByInfName
SceSetupUnwindSecurityFile
SceSetupUpdateSecurityFile
SceSetupUpdateSecurityKey
SceSetupUpdateSecurityService
SceStartTransaction
SceSvcConvertSDToText
SceSvcConvertTextToSD
SceSvcFree
SceSvcGetInformationTemplate
SceSvcQueryInfo
SceSvcSetInfo
SceSvcSetInformationTemplate
SceSvcUpdateInfo
SceSysPrep
SceSysPrepOffline
SceUpdateObjectInfo
SceUpdateSecurityProfile
SceWrapperExportSecurityProfile
SceWrapperImportSecurityProfile
SceWriteSecurityProfileInfo

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
taskcomp/taskcomp.dll
.dll windows:10 windows x64 arch:x64

89df54b176214273566f0e2cdd37ad01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

taskcomp.pdb

Imports

msvcrt

?terminate@@YAXXZ
__C_specific_handler
wcsncpy_s
??1type_info@@UEAA@XZ
_lock
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
wcsspn
wcspbrk
_itow_s
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
_unlock
__dllonexit
_onexit
wcstoul
_wtol
memset
memcmp
?what@exception@@UEBAPEBDXZ
_wcstoui64
wcsncmp
_wcsnicmp
wcsrchr
__CxxFrameHandler3
wcschr
_purecall
_wcsupr
fopen_s
fputws
iswdigit
iswspace
free
rand
_wcsicmp
fclose
fflush
_vsnwprintf
wcsstr
_wtoi
wcscmp

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateWaitableTimerExW
EnterCriticalSection
CreateEventW
CancelWaitableTimer
WaitForSingleObject
ReleaseMutex
CreateSemaphoreExW
SetWaitableTimer
CreateMutexW
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
LeaveCriticalSection
ReleaseSemaphore
DeleteCriticalSection
SetEvent
InitializeCriticalSection

oleaut32

SysAllocStringLen
VariantClear
SysStringLen
SysFreeString
SysStringByteLen
SysAllocString
SysAllocStringByteLen

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcessId
GetCurrentProcess
SetThreadToken
TerminateProcess
CreateThread
GetCurrentThreadId
OpenProcessToken
GetCurrentThread

api-ms-win-security-base-l1-1-0

CopySid
GetSidSubAuthority
GetSecurityDescriptorDacl
GetSidSubAuthorityCount
IsValidSid
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
FreeSid
DuplicateToken
GetLengthSid
ImpersonateSelf
RevertToSelf
AdjustTokenPrivileges
IsTokenRestricted
AccessCheck
GetSecurityDescriptorControl
AllocateAndInitializeSid
IsWellKnownSid
GetFileSecurityW
GetSecurityDescriptorOwner
EqualSid
CreateWellKnownSid
GetTokenInformation
CheckTokenMembership
GetSidIdentifierAuthority

ntdll

NtClose
EtwEventRegister
NtAccessCheck
NtOpenThreadToken
EtwEventUnregister
EtwEventEnabled
RtlInitString
RtlInitUnicodeString
NtOpenProcessToken
EtwEventWrite
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
NtQueryDirectoryFile
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthorityCountSid
RtlCopySid
RtlLengthSid
RtlCreateAcl
RtlAddAce
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlNewSecurityObject
RtlDeleteSecurityObject
RtlNtStatusToDosError
EtwTraceMessage
NtQueryInformationToken

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

rpcrt4

NdrServerCall2
RpcImpersonateClient
RpcRevertToSelf
RpcServerInqBindings
RpcEpRegisterW
RpcEpUnregister
RpcServerRegisterAuthInfoW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqW
RpcServerUseProtseqEpW
RpcBindingVectorFree
NdrServerCallAll
NdrClientCall3
I_RpcExceptionFilter
RpcStringBindingComposeW
UuidCreate
RpcBindingFromStringBindingW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegDeleteTreeW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyExW

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
FindClose
GetFileType
GetFileSize
GetFileAttributesExW
SetEndOfFile
ReadFile
GetFileInformationByHandle
GetDriveTypeW
FindNextFileW
SetFileAttributesW
FindFirstFileW
WriteFile
LocalFileTimeToFileTime
GetFullPathNameW
DeleteFileW
FileTimeToLocalFileTime
CreateFileW
CompareFileTime
GetFileAttributesW
GetVolumeInformationW
GetVolumePathNameW
CreateDirectoryW
SetFilePointer

api-ms-win-core-timezone-l1-1-0

TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetComputerNameExW
GetSystemTime
GetLocalTime
GetTickCount

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

ReadDirectoryChangesW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleHandleW
LoadStringW
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyKey
CryptReleaseContext
CryptHashData
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGenKey
CryptGetHashParam
CryptSignHashW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapSize
HeapAlloc
HeapDestroy
GetProcessHeap

api-ms-win-security-credentials-l1-1-0

CredDeleteW
CredFree
CredWriteW
CredEnumerateW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DeleteTaskNotification
InitializeAdapter
IsRegistering
RegisterTaskNotification
SetSdNotification
ShutdownAdapter
UpdateJobStatus

Sections

.text
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uireng/htui.dll
.dll windows:10 windows x64 arch:x64

21d1e5400522e04edf30278ff3ede414

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

htui.pdb

Imports

msvcrt

_vsnwprintf
_XcptFilter
_amsg_exit
free
malloc
_initterm
strncmp
memmove
memcpy
memcmp
__C_specific_handler
wcstol
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

ReadFile
WriteProfileStringW
lstrlenW
WriteFile
SetFilePointer
CreateFileW
GlobalAlloc
GlobalFree
CloseHandle
GlobalLock
GetProfileStringW
GlobalUnlock
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetLocaleInfoW
MultiByteToWideChar
LocalAlloc
LocalFree

gdi32

BitBlt
CreateCompatibleBitmap
SaveDC
SelectObject
CreateCompatibleDC
RealizePalette
StretchDIBits
GetStockObject
GetDIBits
DeleteDC
CreateHalftonePalette
SelectPalette
SetColorAdjustment
GetObjectW
ExcludeClipRect
SetStretchBltMode
RestoreDC
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

user32

DefWindowProcW
CallWindowProcW
PostMessageW
GetWindow
GetWindowRect
DestroyWindow
GetWindowLongW
IsWindowVisible
SetWindowPos
SetActiveWindow
EnumChildWindows
SetWindowLongPtrW
FillRect
CreateWindowExW
GetDC
ScreenToClient
SendMessageW
EndDialog
DialogBoxParamW
GetActiveWindow
LoadStringW
GetWindowTextW
EnableWindow
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
GetParent
SetScrollPos
CheckDlgButton
GetDlgItem
GetClientRect
SetWindowLongW
SetScrollRange
SetCursor
EndDeferWindowPos
GetWindowDC
LoadCursorW
SetWindowContextHelpId
SetFocus
WinHelpW
IsDlgButtonChecked
IsWindowEnabled
SendDlgItemMessageW
RegisterClassW
SetDlgItemTextW
ClientToScreen
GetDlgCtrlID
BeginDeferWindowPos
ShowWindow
GetWindowLongPtrW
ChildWindowFromPointEx
SetClassLongPtrW
SetWindowTextW
GetSystemMetrics
DeferWindowPos

Exports

Exports

DllMain
HTUI_ColorAdjustment
HTUI_ColorAdjustmentA
HTUI_ColorAdjustmentW
HTUI_DeviceColorAdjustment
HTUI_DeviceColorAdjustmentA
HTUI_DeviceColorAdjustmentW

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uireng/mfps.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b82cca7515779e1b40c12e0ae7d47f31

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:0f:31:5f:01:1e:33:dc:67:52:29:61:55:6f:b2:0d:97:b1:3b:45:08:51:06:f5:8c:4c:17:1b:c1:29:9e:88
Signer

Actual PE Digest

0e:0f:31:5f:01:1e:33:dc:67:52:29:61:55:6f:b2:0d:97:b1:3b:45:08:51:06:f5:8c:4c:17:1b:c1:29:9e:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFPS.pdb

Imports

msvcrt

_purecall
_callnewh
_amsg_exit
strnlen
_initterm
__C_specific_handler
strncpy_s
malloc
_lock
qsort
free
_XcptFilter
_unlock
__dllonexit
_onexit
memcpy
memcmp
memset

rpcrt4

CStdStubBuffer_Invoke
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrStubCall3
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrClientCall3
NdrStubForwardingFunction
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-com-midlproxystub-l1-1-0

CStdStubBuffer2_Disconnect
ObjectStublessClient13
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
ObjectStublessClient12
NdrProxyForwardingFunction5
ObjectStublessClient10
NdrProxyForwardingFunction9
ObjectStublessClient3
ObjectStublessClient15
ObjectStublessClient7
ObjectStublessClient5
NdrProxyForwardingFunction3
CStdStubBuffer2_Connect
NdrProxyForwardingFunction24
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient22
ObjectStublessClient17
ObjectStublessClient20
ObjectStublessClient23
ObjectStublessClient19
ObjectStublessClient16
NdrProxyForwardingFunction25
ObjectStublessClient21
NdrProxyForwardingFunction7
NdrProxyForwardingFunction8
NdrProxyForwardingFunction6
ObjectStublessClient4
ObjectStublessClient18
ObjectStublessClient14
ObjectStublessClient11
CStdStubBuffer2_CountRefs

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserSize64
HSTRING_UserFree
HSTRING_UserSize
HSTRING_UserMarshal64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserUnmarshal
HSTRING_UserUnmarshal64

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TlsSetValue
GetCurrentProcessId
TlsGetValue
TerminateProcess

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uireng/msvproc.dll
.dll windows:10 windows x64 arch:x64

389e5a0860b40569131881a60d566a2a

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:93:20:39:81:ca:2d:a5:4e:1a:91:ea:de:be:9e:96:6d:78:2f:06:c2:78:59:08:69:f8:e3:13:dc:75:0e:cb
Signer

Actual PE Digest

ca:93:20:39:81:ca:2d:a5:4e:1a:91:ea:de:be:9e:96:6d:78:2f:06:c2:78:59:08:69:f8:e3:13:dc:75:0e:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MSVPROC.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-string-l1-1-0

memset
memmove_s
strnlen

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__gcvt_s
_o__i64toa_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o___std_exception_destroy
memmove
_o__ultoa_s
_o_acos
_o_atan2
_o_atoi
_o_ceil
_o_cos
_o_free
_o_log
_o_malloc
_o_pow
_o_qsort
_o_realloc
_o_sin
_o_sqrt
_o_strncpy_s
_o_wcstombs_s
__CxxFrameHandler4
__std_terminate
__C_specific_handler
__CxxFrameHandler3
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o__cexit
_o___stdio_common_vswprintf
_CxxThrowException
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__callnewh
memcmp
memcpy
_o___std_type_info_destroy_list

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsConcatString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
InitializeCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
AcquireSRWLockExclusive
ResetEvent
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
SetEvent
CreateEventW
ReleaseSRWLockShared
AcquireSRWLockShared
DeleteCriticalSection
CreateSemaphoreExW
CreateMutexExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
InitializeSRWLock

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegCloseKey

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

rtworkq

RtwqCancelWorkItem
RtwqPutWaitingWorkItem
RtwqCreateAsyncResult

api-ms-win-crt-math-l1-1-0

sqrtf

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 930KB - Virtual size: 930KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uireng/uireng.dll
.dll windows:10 windows x64 arch:x64

c2ca58b2270719afbdbaea723f8d2d76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

uireng.pdb

Imports

msvcrt

wcsrchr
wcschr
memcpy
memmove
_wcsnicmp
_CxxThrowException
_wtoi
wcstol
_wcsupr
wcsstr
wcstoul
_wcstoui64
_itow_s
wcscpy_s
__CxxFrameHandler3
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
_vsnprintf
_wcsicmp
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
_snwscanf_s
_vscwprintf
wcscmp

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
EventUnregister
StartTraceW
UnregisterTraceGuids
RegOpenKeyW
RegisterTraceGuidsW
GetTraceEnableFlags
EnableTrace
FlushTraceW
EnableTraceEx
ControlTraceW
EventWriteString
OpenTraceW
ProcessTrace
CloseTrace
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

gdi32

CreateSolidBrush
StretchBlt
CreateCompatibleDC
CreateDCW
ExcludeClipRect
DeleteObject
CreatePen
SelectObject
GetStockObject
Rectangle
ExtCreatePen
MoveToEx
LineTo
PolyBezier
SetDCBrushColor
Ellipse
DeleteDC
GetCurrentObject
CreateCompatibleBitmap
BitBlt
GetObjectW

gdiplus

GdipAlloc
GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipCloneImage

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
ExitProcess
OpenProcess
K32GetModuleFileNameExW
LocalFree
GetSystemTimeAsFileTime
ReadProcessMemory
GetTimeFormatW
GetFileAttributesW
RemoveDirectoryW
ExpandEnvironmentStringsW
CreateDirectoryW
WaitForMultipleObjects
CreateThread
Sleep
UnregisterWait
RegisterWaitForSingleObject
FindFirstFileW
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
ReadFile
FreeLibrary
GetWindowsDirectoryW
LoadLibraryW
ResumeThread
GetSystemDirectoryW
FindNextFileW
GetDriveTypeW
GetLongPathNameW
SizeofResource
WriteFile
UnmapViewOfFile
MultiByteToWideChar
LockResource
DeleteFileW
LoadResource
FindResourceW
GetFileSize
WideCharToMultiByte
CreateFileMappingW
SearchPathW
DuplicateHandle
ResetEvent
GetThreadPriority
GetCurrentThread
MapViewOfFile
SetEvent
CreateEventW
InitializeConditionVariable
SetThreadPriority
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
HeapReAlloc
DeleteCriticalSection
LoadLibraryExW
FindClose
GetVersionExW
GetProductInfo
FileTimeToSystemTime
MoveFileExW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
QueryFullProcessImageNameW

msdrm

DRMIsWindowProtected

ntdll

RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlGetFullPathName_UEx
RtlInitUnicodeString
NtApphelpCacheControl
NtQueryValueKey
NtClose
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeStringEx
NtQueryInformationProcess
ZwClose
ZwOpenKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlFormatCurrentUserKeyPath
ZwCreateFile

ole32

CoCreateInstance
StringFromGUID2
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateGuid
CLSIDFromString

oleacc

GetRoleTextW

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString
SysStringLen

shell32

CommandLineToArgvW
ShellExecuteW
SHFileOperationW

shlwapi

PathRemoveBlanksW
PathRemoveExtensionW
SHCreateStreamOnFileEx
PathFindFileNameW
PathCombineW

user32

CallNextHookEx
SetWindowsHookExW
GetClientRect
SetLayeredWindowAttributes
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
ShowWindow
RegisterWindowMessageW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
WindowFromPoint
GetWindowThreadProcessId
GetGUIThreadInfo
GetCursorInfo
ReleaseDC
UnhookWindowsHookEx
GetDC
GetDesktopWindow
DrawIcon
GetIconInfo
LoadCursorW
GetWindowRect
GetClassNameW
InternalGetWindowText
GetParent
GetWindowLongPtrW
GetKeyState
GetKeyNameTextW
MapVirtualKeyW
GetWindowInfo
PtInRect
GetAsyncKeyState
LoadImageW
GetSystemMetrics
GetDoubleClickTime
IsHungAppWindow
GetRawInputDeviceInfoW
GetPointerDevices
DestroyWindow
RegisterRawInputDevices
RegisterClassExW
CreateWindowExW
UnregisterClassW
FillRect
SetWindowLongPtrW
CopyImage
SetWindowPos
GetWindowTextW
EnableWindow
ReleaseCapture
SystemParametersInfoW
GetDlgItem
SwitchDesktop
SetCapture
GetProcessDefaultLayout
FindWindowW
LoadIconW
IsRectEmpty
CreateDesktopW
ClientToScreen
IsDialogMessageW
CloseDesktop
GetThreadDesktop
SetThreadDesktop
SendMessageW
SetProcessDefaultLayout
CreateDialogParamW
GetWindowTextLengthW
GetCursorPos
InvalidateRect
UpdateWindow
FindWindowExW
WindowFromPhysicalPoint
DefWindowProcW
GetRawInputData
EndPaint
SetWinEventHook
GetWindowLongW
ShowWindowAsync
UnhookWinEvent
PhysicalToLogicalPointForPerMonitorDPI
EnumWindows
BeginPaint

aepic

PicFreeFileInfo
PicRetrieveFileInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

xmllite

CreateXmlWriter

hid

HidP_GetLinkCollectionNodes
HidP_GetValueCaps
HidP_GetUsageValue
HidP_GetUsages
HidP_GetCaps

msimg32

AlphaBlend

rpcrt4

RpcServerListen
RpcServerRegisterIf2
NdrServerCall2
RpcServerUseProtseqEpW
NdrServerCallAll

Exports

Exports

UirGetScreenComment
UirInitializeEngine
UirIsRecordingActive
UirOutCreateOutputFile
UirPauseRecordingSession
UirResumeRecordingSession
UirStartRecordingSession
UirStopRecordingSession
UirUninitializeEngine
UirUpdateRecordingSession

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

Password: 2024

Password: 2024

6889babfc88aeedab5cdd8d238e06967

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

4a:d3:6f:4a:f9:a3:35:61:17:a0:e6:49:3a:fd:69:c2:a1:dd:c9:92:fd:df:84:20:0d:3a:54:1e:8b:db:02:90Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-security-base-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-memory-l1-1-0

crypt32

rpcrt4

oleaut32

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-shutdown-l1-1-0

wintrust

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-provider-l1-1-0

wer

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-errorhandling-l1-1-2

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

4a:d3:6f:4a:f9:a3:35:61:17:a0:e6:49:3a:fd:69:c2:a1:dd:c9:92:fd:df:84:20:0d:3a:54:1e:8b:db:02:90
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

PAGE
Size: 10KB - Virtual size: 10KB

.rdata
Size: 597KB - Virtual size: 596KB

.data
Size: 26KB - Virtual size: 41KB

.pdata
Size: 46KB - Virtual size: 45KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 72B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB