x64_installer_[.]x32[.][.]zip

Sharing

Copy URL Twitter E-mail

General

Target

x64_installer_.x32..zip
Size

25.7MB
MD5

1c4cf5adf350c01605a2ab7d766fec9e
SHA1

2c9d40d611ddee9b81230cfa5aa821cea73da3d7
SHA256

09fdf7344d057c53f167da8ddf450423aee41a0f5152b75f0db0c33c6c028dde
SHA512

45cc93bcafa668618553cc9cc9a9b40402a93cdfec9a3b328461463ed28bcfa4775652fc9d096d47d074e943811e19e595439da8228e4ab85cc2e388211c8513
SSDEEP

786432:FIk8qV4fkH1jRrK5jzLFU5hImB0OrcEnhxa1:iZE4fSjRrK9z+Imfcshxo

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack003/advpack/BFE.DLL
unpack003/advpack/advpack.dll
unpack003/advpack/msaatext.dll
unpack003/advpack/nlasvc.dll
unpack003/lpasvc/colorui.dll
unpack003/lpasvc/lpasvc.dll
unpack003/msihnd/msihnd.dll
unpack003/msihnd/nlasvc.dll
unpack003/msihnd/profsvcext.dll
unpack003/msihnd/shdocvw.dll
unpack003/taskcomp/ppcsnap.dll
unpack003/taskcomp/scecli.dll
unpack003/taskcomp/taskcomp.dll
unpack003/vcomp110/Windows.Globalization.dll
unpack003/vcomp110/dnshc.dll
unpack003/vcomp110/sbe.dll

Files

x64_installer_.x32..zip
.zip

Password: 2024
password.jpg
.jpg

Password: 2024
x64._setup_.x32.zip
.zip

Password: 2024
advpack/BFE.DLL
.dll windows:10 windows x64 arch:x64

Password: 2024

db38a12849354850012d502906a251b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bfe.pdb

Imports

msvcrt

_wcslwr
bsearch
_ultoa_s
strpbrk
strstr
sprintf_s
isprint
_ltoa_s
_i64toa_s
_ui64toa_s
wprintf
memcmp
log
wcscspn
_vsnprintf
_vsnwprintf
_wcsicmp
wcstol
qsort
wcschr
tolower
wcsnlen
_ultow
_wcsnicmp
iswctype
wcstoul
_XcptFilter
__C_specific_handler
_initterm
malloc
free
_amsg_exit
memcpy
memset

ntdll

NtQueryObject
RtlGetSaclSecurityDescriptor
RtlValidRelativeSecurityDescriptor
EtwEventSetInformation
RtlNumberOfSetBits
RtlInitializeBitMap
RtlValidSid
RtlLengthSid
NtDeviceIoControlFile
RtlAllocateHeap
RtlInitializeSRWLock
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtQueryLicenseValue
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlCreateHashTable
RtlDeleteHashTable
RtlInsertEntryHashTable
RtlRemoveEntryHashTable
RtlLookupEntryHashTable
RtlGetNextEntryHashTable
RtlInitEnumerationHashTable
RtlEnumerateEntryHashTable
RtlEndEnumerationHashTable
RtlExpandHashTable
RtlContractHashTable
RtlAdjustPrivilege
RtlGetOwnerSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlSetOwnerSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlIntegerToUnicodeString
RtlCreateServiceSid
RtlSubAuthorityCountSid
RtlInitUnicodeString
TpReleaseTimer
RtlFreeHeap
RtlIpv4AddressToStringA
RtlIpv6AddressToStringA
RtlEthernetAddressToStringA
TpWaitForTimer
TpSetTimer
TpIsTimerSet
TpAllocTimer
RtlEqualSid
RtlLengthSecurityDescriptor
RtlApplicationVerifierStop
EtwEventEnabled
EtwEventWriteTransfer
EtwEventWrite
EtwEventActivityIdControl
EtwEventUnregister
EtwEventRegister
RtlNtStatusToDosError
EtwTraceMessage
RtlGetCurrentServiceSessionId
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlSetThreadPreferredUILanguages

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetProcessId
TlsSetValue
GetCurrentProcess
GetCurrentThread
OpenThreadToken
GetCurrentThreadId
GetCurrentProcessId
TlsFree
CreateThread
TlsGetValue
TlsAlloc

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTime
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

SetEvent
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore
ReleaseSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateEventW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
UnregisterWaitEx
CreateTimerQueue
DeleteTimerQueueEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapDestroy
HeapFree
HeapCreate
HeapSize
HeapAlloc

rpcrt4

RpcServerRegisterIf3
RpcBindingVectorFree
RpcServerUseProtseqW
RpcServerInqBindings
MesDecodeBufferHandleCreate
RpcServerUnregisterIfEx
MesHandleFree
RpcEpUnregister
MesEncodeDynBufferHandleCreate
UuidFromStringW
RpcEpRegisterW
RpcRaiseException
RpcImpersonateClient
RpcServerInqCallAttributesW
RpcRevertToSelf
UuidCreate
NdrMesTypeEncode3
RpcGetAuthorizationContextForClient
RpcFreeAuthorizationContext
NdrServerCallAll
NdrServerCall2
I_RpcBindingInqLocalClientPID
NdrMesTypeDecode3
I_RpcExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

authz

AuthzFreeAuditEvent
AuthziLogAuditEvent
AuthzFreeResourceManager
AuthzFreeContext
AuthzInitializeContextFromSid
AuthziFreeAuditEventType
AuthzGetInformationFromContext
AuthzAccessCheck
AuthziInitializeAuditEventType
AuthzInitializeResourceManager
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditEvent

api-ms-win-security-base-l1-1-0

PrivilegeCheck
EqualSid
CopySid
MapGenericMask
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
GetSecurityDescriptorControl
InitializeAcl
GetPrivateObjectSecurity
GetLengthSid
DestroyPrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreateWellKnownSid
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSecurityDescriptorLength
AllocateAndInitializeSid
FreeSid
SetPrivateObjectSecurityEx

ws2_32

htonl

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

iphlpapi

GetCurrentThreadCompartmentId

api-ms-win-core-file-l1-1-0

DeleteFileW
WriteFile
CreateFileW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-perfcounters-l1-1-0

PerfStartProvider
PerfSetULongLongCounterValue
PerfStopProvider
PerfSetCounterSetInfo
PerfSetULongCounterValue
PerfCreateInstance

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
SubmitThreadpoolWork
CloseThreadpoolWork

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW
EnableTraceEx2

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
CloseTrace
OpenTraceW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BfeGetDirectDispatchTable
BfeOnServiceStartTypeChange
BfeServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
advpack/advpack.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

f4527a6ef5afe648805e2a19f417a141

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

advpack.pdb

Imports

msvcrt

__C_specific_handler
_lock
_unlock
_setjmp
__dllonexit
_onexit
iswalpha
wcschr
wcsncmp
memmove
_initterm
malloc
free
_amsg_exit
_XcptFilter
_ultow_s
longjmp
_wtoi
memcpy_s
_wtol
_vsnwprintf
_vsnprintf
memset

user32

ExitWindowsEx
IsWindow
SendDlgItemMessageW
PeekMessageW
LoadStringW
CharNextW
SystemParametersInfoW
CharPrevW
MessageBeep
MessageBoxW
DialogBoxParamW
GetDesktopWindow
SetWindowTextW
CharNextA
DestroyWindow
UpdateWindow
SetDlgItemTextW
EndDialog
EnableWindow
GetDlgItem
GetDlgItemTextW
SendMessageW
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
OemToCharA
CharUpperW
MsgWaitForMultipleObjects
DispatchMessageW
GetSystemMetrics
CreateDialogParamW
ShowWindow

gdi32

GetStockObject
DeleteObject
GetDeviceCaps
CreateFontIndirectW

kernel32

IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetModuleFileNameA
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
ReleaseMutex
OutputDebugStringW
MulDiv
GetDiskFreeSpaceW
EnumResourceLanguagesW
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
WaitForSingleObjectEx
OpenSemaphoreW
HeapFree
GetLastError
LocalFree
GetDriveTypeW
GetEnvironmentVariableW
GetTempPathW
GetWindowsDirectoryW
GetTempFileNameW
FindResourceW
SizeofResource
LockResource
LoadResource
WritePrivateProfileStringW
CreateFileW
WriteFile
CloseHandle
LocalAlloc
SetFilePointer
GetModuleFileNameW
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
LocalReAlloc
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetFullPathNameW
GetFileAttributesW
CompareStringW
FormatMessageW
GetPrivateProfileIntW
GetCurrentProcess
SearchPathW
GetPrivateProfileStringW
lstrcmpW
FreeLibrary
GetVersionExW
lstrcmpiW
LoadLibraryExW
GetProcAddress
GetShortPathNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetFileSize
GetVolumeInformationW
CreateDirectoryW
SetFileAttributesW
CreateProcessW
CopyFileW
GetPrivateProfileSectionW
LoadLibraryW
CreateFileMappingW
MapViewOfFileEx
SetLastError
UnmapViewOfFile
MoveFileExW
MoveFileW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetSystemInfo
GetCurrentProcessId
GetProcessHeap
GetLocalTime
HeapAlloc
lstrcmpiA
GetProfileStringW
WritePrivateProfileSectionW
GetFileTime
ReadFile
SetFileTime
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
CreateMutexExW

advapi32

AllocateAndInitializeSid
RegUnLoadKeyW
RegLoadKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
OpenProcessToken
RegSaveKeyW
RegFlushKey
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueW
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyW
GetTokenInformation
RegDeleteKeyW
EqualSid
FreeSid
RegQueryInfoKeyW

ole32

OleInitialize
OleUninitialize
CoTaskMemFree

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupOpenInfFileW
SetupOpenAppendInfFileW
SetupInstallFromInfSectionW
SetupCloseFileQueue
SetupCommitFileQueueW
SetupQueueCopyW
SetupDefaultQueueCallbackW
SetupTermDefaultQueueCallback
SetupOpenFileQueue
SetupGetStringFieldW
SetupFindNextLine
SetupFindFirstLineW
SetupGetLineTextW
SetupSetDirectoryIdW
SetupCloseInfFile
SetupInitDefaultQueueCallbackEx

shlwapi

StrChrW
ord217
StrStrIW
PathAddBackslashW
StrRChrW
PathRemoveFileSpecW
PathFileExistsW
PathBuildRootW
PathCombineW
ord215

Exports

Exports

AddDelBackupEntry
AddDelBackupEntryA
AddDelBackupEntryW
AdvInstallFile
AdvInstallFileA
AdvInstallFileW
CloseINFEngine
DelNode
DelNodeA
DelNodeRunDLL32
DelNodeRunDLL32A
DelNodeRunDLL32W
DelNodeW
DoInfInstall
DoInfInstallA
DoInfInstallW
ExecuteCab
ExecuteCabA
ExecuteCabW
ExtractFiles
ExtractFilesA
ExtractFilesW
FileSaveMarkNotExist
FileSaveMarkNotExistA
FileSaveMarkNotExistW
FileSaveRestore
FileSaveRestoreA
FileSaveRestoreOnINF
FileSaveRestoreOnINFA
FileSaveRestoreOnINFW
FileSaveRestoreW
GetVersionFromFile
GetVersionFromFileA
GetVersionFromFileEx
GetVersionFromFileExA
GetVersionFromFileExW
GetVersionFromFileW
IsNTAdmin
LaunchINFSection
LaunchINFSectionA
LaunchINFSectionEx
LaunchINFSectionExA
LaunchINFSectionExW
LaunchINFSectionW
NeedReboot
NeedRebootInit
OpenINFEngine
OpenINFEngineA
OpenINFEngineW
RebootCheckOnInstall
RebootCheckOnInstallA
RebootCheckOnInstallW
RegInstall
RegInstallA
RegInstallW
RegRestoreAll
RegRestoreAllA
RegRestoreAllW
RegSaveRestore
RegSaveRestoreA
RegSaveRestoreOnINF
RegSaveRestoreOnINFA
RegSaveRestoreOnINFW
RegSaveRestoreW
RegisterOCX
RegisterOCXW
RunSetupCommand
RunSetupCommandA
RunSetupCommandW
SetPerUserSecValues
SetPerUserSecValuesA
SetPerUserSecValuesW
TranslateInfString
TranslateInfStringA
TranslateInfStringEx
TranslateInfStringExA
TranslateInfStringExW
TranslateInfStringW
UserInstStubWrapper
UserInstStubWrapperA
UserInstStubWrapperW
UserUnInstStubWrapper
UserUnInstStubWrapperA
UserUnInstStubWrapperW

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
advpack/msaatext.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

9ddf7d8ffc4dd644eb79aa3e771dd787

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msaatext.pdb

Imports

msvcrt

__C_specific_handler
memcpy_s
_ultow
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
_vsnwprintf_s
wcstombs
memmove_s
sprintf_s
wcscat_s
??0exception@@QEAA@XZ
swprintf_s
_purecall
realloc
wcscpy_s
free
malloc
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memset
__CxxFrameHandler3
?what@exception@@UEBAPEBDXZ
memcmp
memcpy
sqrt

user32

CloseDesktop
CharPrevW
CharNextW
OpenInputDesktop
WindowFromPoint

oleaut32

LoadTypeLi
BSTR_UserSize
SysStringLen
VarUI4FromStr
SysStringByteLen
VariantCopy
VariantClear
SysAllocString
SysAllocStringLen
SysFreeString
BSTR_UserMarshal64
BSTR_UserSize64
BSTR_UserFree64
VARIANT_UserUnmarshal64
VARIANT_UserFree64
BSTR_UserMarshal
VARIANT_UserMarshal
BSTR_UserUnmarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserUnmarshal64
BSTR_UserFree
VARIANT_UserMarshal64
VARIANT_UserSize64
RegisterTypeLi

kernel32

Sleep
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
OutputDebugStringA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExW
VirtualQuery
lstrcmpiW
lstrcpyW
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
HeapDestroy
GetSystemInfo
DisableThreadLibraryCalls
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
VirtualAlloc
lstrcpynW
EnterCriticalSection
VirtualProtect
SizeofResource
CreateEventW
lstrcmpW
FreeLibrary
FindResourceW
LoadResource
FindResourceExW
EnumResourceLanguagesW
LockResource
GetLocaleInfoW
GetThreadLocale
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
CloseHandle
SetEvent
GetLastError
FormatMessageW
OpenEventW
GetCurrentThreadId
WaitForSingleObject

advapi32

RegDeleteValueW
RegQueryValueExW
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
GetUserNameW
RegEnumValueW
RegCloseKey
RegOpenKeyExW

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
NdrStubForwardingFunction
NdrCStdStubBuffer2_Release
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
NdrDllGetClassObject
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemAlloc
CoQueryClientBlanket
CoTaskMemFree
CoTaskMemRealloc

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient4
ObjectStublessClient11
CStdStubBuffer2_CountRefs
NdrProxyForwardingFunction8
ObjectStublessClient3
NdrProxyForwardingFunction6
CStdStubBuffer2_Disconnect
ObjectStublessClient7
ObjectStublessClient5
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
NdrProxyForwardingFunction10
ObjectStublessClient9
NdrProxyForwardingFunction3
NdrProxyForwardingFunction7
CStdStubBuffer2_Connect
NdrProxyForwardingFunction9

api-ms-win-core-marshal-l1-1-0

HWND_UserUnmarshal
HWND_UserFree
HWND_UserFree64
HWND_UserSize64
HWND_UserSize
HWND_UserMarshal
HWND_UserMarshal64
HWND_UserUnmarshal64

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
advpack/nlasvc.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

8374cfb8bd514ce09c524fca92452081

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

nlasvc.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsncmp
wcscmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
_o_free
_o_malloc
_o_mbstowcs
_o_qsort
_o_wcscat_s
_o_wcscpy_s
__C_specific_handler
_o___std_type_info_destroy_list
_o__execute_onexit_table
_o__errno
wcsrchr
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o__cexit
_o__callnewh
_o___stdio_common_vsprintf
__CxxFrameHandler3
memcmp
memcpy

rpcrt4

RpcRevertToSelf
RpcServerUseProtseqW
RpcServerInqBindings
RpcEpRegisterW
RpcBindingVectorFree
I_RpcBindingInqTransportType
RpcAsyncCompleteCall
RpcSsContextLockExclusive
RpcServerInqCallAttributesW
RpcServerRegisterAuthInfoW
RpcServerListen
RpcServerRegisterIfEx
RpcStringFreeW
RpcServerRegisterIf3
RpcServerInqDefaultPrincNameW
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
NdrServerCall2
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall
RpcImpersonateClient

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-heap-l1-1-0

HeapCreate
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
AddAccessAllowedAce
FreeSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
SetEvent
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
ReleaseSRWLockShared
ResetEvent
CreateEventW
AcquireSRWLockShared
WaitForSingleObject
EnterCriticalSection
TryAcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

iphlpapi

NotifyIpInterfaceChange
GetIpInterfaceTable
GetIfTable2Ex
GetAdaptersInfo
ConvertInterfaceIndexToLuid
GetUnicastIpAddressEntry
NotifyUnicastIpAddressChange
NotifyRouteChange2
CancelMibChangeNotify2
ConvertInterfaceLuidToIndex
ResolveIpNetEntry2
ConvertInterfaceLuidToGuid
ConvertInterfaceLuidToNameW
GetAdaptersAddresses
ConvertInterfaceLuidToAlias
ConvertInterfaceGuidToLuid
FreeMibTable

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCompareMemory

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThread
GetCurrentProcess
TerminateProcess
OpenThreadToken
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

api-ms-win-security-lsalookup-l1-1-0

LookupAccountNameLocalW

dhcpcsvc

DhcpIsEnabled
DhcpFreeLeaseInfo
DhcpQueryLeaseInfoEx

winnsi

NsiRpcRegisterChangeNotification
NsiRpcDeregisterChangeNotification
NsiDisconnectFromServer
NsiConnectToServer

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

ntdll

RtlEqualUnicodeString
RtlGUIDFromString
EtwEventEnabled
RtlUpcaseUnicodeChar
EtwEventRegister
RtlFreeUnicodeString
EtwEventUnregister
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
RtlInitUnicodeString
EtwRegisterTraceGuidsW
RtlStringFromGUID
EtwEventWriteTransfer
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlNtStatusToDosError
EtwEventActivityIdControl
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlCopyUnicodeString
RtlCopySid
RtlLengthSid
RtlCreateAcl
RtlAddAce
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetSaclSecurityDescriptor
NtOpenProcessToken
RtlNewSecurityObject
NtClose
RtlDeleteSecurityObject
RtlAdjustPrivilege
NtAccessCheckAndAuditAlarm
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
EtwEventWrite
NtOpenFile

ncsi

NcsiPerformRefresh
NcsiPerformReprobe
NcsiNotifySessionChange
NcsiFreeConnectivityStatusSet
NcsiDeregisterConnectivityStatusChange
NcsiUpdateClientPresence
NcsiAllocateAndGetConnectivityStatusSet
NcsiRegisterConnectivityStatusChange
NcsiGetCaptivePortalHosts

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenSCManagerW
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
CreateFileW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-service-private-l1-1-0

UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lpasvc/bcd.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

4561307f8d53e046a9f112710810f6d8

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:c7:db:ef:14:e5:03:84:07:55:e2:1f:78:d7:71:f9:20:69:9a:9e:04:50:9e:69:04:60:d1:0c:90:e1:78:3f
Signer

Actual PE Digest

65:c7:db:ef:14:e5:03:84:07:55:e2:1f:78:d7:71:f9:20:69:9a:9e:04:50:9e:69:04:60:d1:0c:90:e1:78:3f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bcd.pdb

Imports

ntdll

wcscpy_s
wcscat_s
wcsrchr
wcsncpy_s
ZwAllocateUuids
__C_specific_handler
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
ZwQueryKey
RtlSetDaclSecurityDescriptor
ZwCreateFile
ZwCreateKey
ZwLoadKey
RtlAddAccessAllowedAceEx
RtlAllocateAndInitializeSid
RtlLengthSid
ZwFlushKey
ZwDeleteValueKey
ZwSaveKey
RtlFreeSid
ZwDeleteKey
wcschr
ZwEnumerateKey
ZwQueryValueKey
RtlCreateAcl
ZwSetSecurityObject
ZwUnloadKey
RtlCreateSecurityDescriptor
ZwSetValueKey
ZwQuerySystemInformation
ZwOpenKey
RtlAppendUnicodeToString
_ultow_s
wcstoul
_vsnwprintf
ZwQuerySymbolicLinkObject
ZwDeviceIoControlFile
_wcsicmp
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
strcpy_s
ZwOpenDirectoryObject
_wcsnicmp
_vsnwprintf_s
ZwWaitForSingleObject
ZwReleaseMutant
ZwOpenMutant
LdrGetProcedureAddress
ZwQueryVolumeInformationFile
LdrGetDllHandle
ZwQueryInformationProcess
RtlInitAnsiString
ZwDeleteFile
ZwQueryInformationFile
ZwOpenProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
memmove
RtlCompareMemory
wcsstr
swprintf_s
strncmp
_wcsupr
RtlGUIDFromString
wcsnlen
ZwClose
ZwOpenFile
RtlFreeHeap
RtlStringFromGUID
RtlInitUnicodeString
RtlFreeUnicodeString
ZwQueryAttributesFile
RtlAllocateHeap
NtQuerySystemInformation
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
NtClose
NtPrivilegeCheck
RtlImpersonateSelf
NtOpenSymbolicLinkObject
NtOpenKey
NtQuerySymbolicLinkObject
_snwscanf_s
_wcslwr
NtDeviceIoControlFile
NtSetValueKey
NtOpenFile
NtQueryValueKey
NtDeleteKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtSetSecurityObject
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
NtCreateKey
memcmp
memcpy
memset

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Exports

Exports

BcdCloseObject
BcdCloseStore
BcdCopyObject
BcdCopyObjectEx
BcdCopyObjects
BcdCreateObject
BcdCreateStore
BcdDeleteElement
BcdDeleteObject
BcdDeleteObjectReferences
BcdDeleteSystemStore
BcdEnumerateAndUnpackElements
BcdEnumerateElementTypes
BcdEnumerateElements
BcdEnumerateElementsWithFlags
BcdEnumerateObjects
BcdExportStore
BcdFlushStore
BcdForciblyUnloadStore
BcdGetElementData
BcdGetElementDataWithFlags
BcdGetSystemStorePath
BcdImportStore
BcdImportStoreWithFlags
BcdMarkAsSystemStore
BcdMigrateObjectElementValues
BcdOpenObject
BcdOpenStore
BcdOpenStoreFromFile
BcdOpenSystemStore
BcdQueryObject
BcdSetElementData
BcdSetElementDataWithFlags
BcdSetLogging
BcdSetSystemStoreDevice
GUID_BAD_MEMORY_GROUP
GUID_BOOT_LOADER_SETTINGS_GROUP
GUID_CURRENT_BOOT_ENTRY
GUID_DEBUGGER_SETTINGS_GROUP
GUID_DEFAULT_BOOT_ENTRY
GUID_EMS_SETTINGS_GROUP
GUID_FIRMWARE_BOOTMGR
GUID_GLOBAL_SETTINGS_GROUP
GUID_HYPERVISOR_SETTINGS_GROUP
GUID_KERNEL_DEBUGGER_SETTINGS_GROUP
GUID_RESUME_LOADER_SETTINGS_GROUP
GUID_WINDOWS_BOOTMGR
GUID_WINDOWS_LEGACY_NTLDR
GUID_WINDOWS_MEMORY_TESTER
GUID_WINDOWS_OS_TARGET_TEMPLATE_EFI
GUID_WINDOWS_OS_TARGET_TEMPLATE_PCAT
GUID_WINDOWS_RESUME_TARGET_TEMPLATE_EFI
GUID_WINDOWS_RESUME_TARGET_TEMPLATE_PCAT
GUID_WINDOWS_SETUP_EFI
GUID_WINDOWS_SETUP_PCAT
GUID_WINDOWS_SETUP_RAMDISK_OPTIONS
PARTITION_BASIC_DATA_GUID
PARTITION_CLUSTER_GUID
PARTITION_ENTRY_UNUSED_GUID
PARTITION_LDM_DATA_GUID
PARTITION_LDM_METADATA_GUID
PARTITION_MSFT_RECOVERY_GUID
PARTITION_MSFT_RESERVED_GUID
PARTITION_MSFT_SNAPSHOT_GUID
PARTITION_SPACES_GUID
PARTITION_SYSTEM_GUID
SyspartDirectGetSystemDisk
SyspartDirectGetSystemPartition
SyspartDirectSetSystemDevice
SyspartGetPhysicalPartitions
SyspartGetSystemDisk
SyspartGetSystemPartition
SyspartIsSpace

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lpasvc/colorui.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

7cc1201e2c023aafb71127f32da467a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

colorui.pdb

Imports

msvcrt

_onexit
__dllonexit
_unlock
_lock
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
_callnewh
_ltow_s
_vsnwprintf
_wcsicmp
wcsncpy_s
malloc
free
_purecall
memcpy_s
__C_specific_handler
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
WinSqmAddToStream

kernel32

SizeofResource
EnterCriticalSection
GetCommandLineW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
WaitForSingleObject
ReleaseMutex
MultiByteToWideChar
GetLastError
DisableThreadLibraryCalls
RaiseException
FindResourceExW
LoadResource
GetProcAddress
LocalFree
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
lstrlenW
GetFileAttributesW
SetFileAttributesW
lstrcmpW
GetCurrentProcessId
SetLastError
GetCurrentProcess
FormatMessageW
GetDateFormatW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
DeactivateActCtx
ActivateActCtx
CreateActCtxW
CloseHandle
ReleaseActCtx

shell32

SHGetDesktopFolder
ShellExecuteW
ord258
CommandLineToArgvW
ShellExecuteExW

winspool.drv

ClosePrinter
EnumPrintersW
OpenPrinterW

user32

TrackPopupMenuEx
RemoveMenu
GetClientRect
GetParent
UpdateWindow
ReleaseDC
BeginPaint
EndPaint
EnableWindow
OpenIcon
CallWindowProcW
SetWindowPos
SetWindowLongPtrW
GetWindowLongPtrW
ShowWindow
SetDlgItemTextW
SetWindowPlacement
ChangeWindowMessageFilterEx
GetDlgItem
SetForegroundWindow
GetWindowThreadProcessId
AllowSetForegroundWindow
SendMessageTimeoutW
LoadStringW
CharNextW
FindWindowW
RegisterWindowMessageW
UnregisterClassA
EndDialog
PostQuitMessage
RegisterClipboardFormatW
PostMessageW
GetSystemMetrics
SetFocus
EnumDisplayDevicesW
RedrawWindow
CharPrevW
DialogBoxParamW
SetWindowTextW
DefWindowProcW
LoadMenuW
GetWindowRect
DestroyWindow
GetDC
SetWindowRgn
EnumDisplayMonitors
SendMessageW
GetSubMenu
SetTimer
GetMonitorInfoW
RegisterClassW
LoadIconW
GetWindowPlacement
LoadCursorW
CreateWindowExW
GetWindowTextW

ole32

ObjectStublessClient14
ObjectStublessClient11
ObjectStublessClient3
HWND_UserUnmarshal
ReleaseStgMedium
CoGetObject
StringFromGUID2
CoInitializeEx
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
ObjectStublessClient4
HWND_UserUnmarshal64
ObjectStublessClient10
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
HWND_UserMarshal64
HWND_UserMarshal
ObjectStublessClient5
ObjectStublessClient13
HWND_UserSize
HWND_UserFree
HWND_UserSize64
ObjectStublessClient7
HWND_UserFree64
ObjectStublessClient12

gdi32

CreatePen
DeleteObject
CreateFontIndirectW
SetTextColor
SetBkMode
StrokePath
TextOutW
EndPath
PathToRegion
SelectObject
PatBlt
GetTextExtentPointW
BeginPath

advapi32

GetFileSecurityW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
GetTokenInformation
RegQueryValueExW
AccessCheck
OpenProcessToken
RegDeleteValueW
DuplicateToken

shlwapi

StrRetToStrW
PathFindFileNameW

mscms

ColorCplMergeAssociationLists
WcsGetDefaultColorProfile
WcsEnumColorProfiles
WcsEnumColorProfilesSize
WcsGetUsePerUserProfiles
ColorCplOverwritePerUserAssociationList
ColorCplSetUsePerUserProfiles
ColorCplGetProfileProperties
ColorCplGetDefaultProfileScope
ColorCplGetDefaultRenderingIntentScope
InternalGetDeviceConfig
WcsSetDefaultColorProfile
ColorCplResetSystemWideAssociationListChangedWarning
InternalSetDeviceConfig
InstallColorProfileW
WcsSetDefaultRenderingIntent
UninstallColorProfileW
ColorCplLoadAssociationList
InternalWcsDisassociateColorProfileWithDevice
InternalWcsAssociateColorProfileWithDevice
ColorCplReleaseProfileProperties
InternalRefreshCalibration
WcsGetDefaultRenderingIntent
WcsGpCanInstallOrUninstallProfiles
ColorCplInitialize
ColorCplUninitialize
ColorCplSaveAssociationList
ColorCplHasSystemWideAssociationListChanged
GetColorDirectoryW
WcsSetCalibrationManagementState
WcsGetCalibrationManagementState

oleaut32

SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr

rpcrt4

IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_Invoke

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDevicePropertyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
LaunchColorCpl

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lpasvc/devenum.dll
.dll regsvr32 windows:10 windows x64 arch:x64

4c9079c33bef679868c8dc14bf0fe71a

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:9e:99:aa:cf:23:07:0a:2d:84:76:5f:a8:29:7f:7f:a9:06:5a:9a:c4:e4:91:14:01:d7:c1:31:9f:48:ee:1c
Signer

Actual PE Digest

6f:9e:99:aa:cf:23:07:0a:2d:84:76:5f:a8:29:7f:7f:a9:06:5a:9a:c4:e4:91:14:01:d7:c1:31:9f:48:ee:1c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

devenum.pdb

Imports

msvcrt

__C_specific_handler
memcpy
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
_purecall
malloc
free
realloc
memcpy_s
_vsnwprintf
memset

kernel32

HeapDestroy
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
lstrcmpiW
HeapAlloc
IsDebuggerPresent
GetVersionExW
DisableThreadLibraryCalls
CompareStringW
lstrlenW
lstrcmpW
CreateMutexW
LocalAlloc
LocalFree
OpenMutexW
CompareStringOrdinal
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FindResourceW
LoadResource
LoadLibraryW
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
MultiByteToWideChar
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetModuleHandleExW
lstrcpynW
ReleaseSemaphore
GetCurrentProcess
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
SizeofResource
GetModuleFileNameA
LoadLibraryExW

user32

CharNextW
LoadStringW

advapi32

RegDeleteKeyW
RegGetValueW
RegEnumKeyW
SetEntriesInAclW
ConvertSidToStringSidW
SetSecurityDescriptorDacl
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
IsValidSid
RegSetValueExW
OpenProcessToken
InitializeSecurityDescriptor
RegOpenKeyExW
RegDeleteValueW
GetLengthSid
RegQueryValueExW
GetTokenInformation
RegCreateKeyExW
CopySid

ole32

PropVariantClear
CreateAntiMoniker
IIDFromString
StringFromGUID2
CreateBindCtx
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

SafeArrayAccessData
SafeArrayCreate
VariantClear
SysAllocString
VarI4FromStr
SysFreeString
VariantInit
SafeArrayUnaccessData

winmm

waveOutMessage
waveInGetNumDevs
waveOutGetDevCapsW
waveInMessage
waveInGetDevCapsW
midiOutGetNumDevs
midiOutGetDevCapsW

cfgmgr32

CM_Get_Device_Interface_AliasW
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
CM_MapCrToWin32Err
CM_Get_DevNode_PropertyW
CM_Locate_DevNodeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lpasvc/lpasvc.dll
.dll windows:10 windows x64 arch:x64

3d403dc6ac3f5f9097021deab0c5a183

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

lpasvc.pdb

Imports

msvcp_win

??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Xbad_alloc@std@@YAXXZ
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Incref@facet@locale@std@@UEAAXXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??Bid@locale@std@@QEAA_KXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPEADK@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?widen@?$ctype@G@std@@QEBAGD@Z
?classic@locale@std@@SAAEBV12@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Cnd_broadcast
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
_Cnd_wait
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_init_in_situ
_Mtx_init_in_situ
_Cnd_destroy_in_situ
_Mtx_destroy_in_situ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_XGetLastError@std@@YAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ

api-ms-win-crt-string-l1-1-0

wcsnlen
strncmp
strnlen
memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__create_locale
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__free_locale
_o__gmtime64
_o__i64toa_s
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64
_o__mktime64
_o__purecall
_o__putenv_s
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
memmove
_o__tzset
_o__ui64toa_s
_o__ui64tow_s
_o__wcsdup
_o__wcsicmp
_o__wcstod_l
_o__wtoi
_o_bsearch
_o_calloc
_o_free
_o_getenv
_o_isalpha
_o_isdigit
_o_isspace
_o_iswspace
_o_malloc
_o_qsort
_o_realloc
_o_strerror
_o_terminate
_o_tolower
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___timezone
_o___stdio_common_vswprintf_s
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
__std_terminate
__CxxFrameHandler4
__std_type_info_compare
memchr
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadStringW
GetModuleHandleA
GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenThreadToken
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
InitializeCriticalSectionAndSpinCount
CreateEventW
EnterCriticalSection
InitializeCriticalSection
SetEvent
DeleteCriticalSection
LeaveCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolWait
CreateThreadpoolWait
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait

ntdll

RtlQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoInitialize

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteTreeW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-com-l1-1-0

CoDecrementMTAUsage
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CoGetMalloc
CoCreateFreeThreadedMarshaler
CoIncrementMTAUsage
CLSIDFromString

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

crypt32

CryptHashCertificate
CertAddStoreToCollection
CertOpenStore
CertFindExtension
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptDecodeObjectEx
CertGetCertificateChain
CryptUnprotectMemory

api-ms-win-core-heap-l2-1-0

LocalFree

bcrypt

BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider

api-ms-win-security-base-l1-1-0

CheckTokenMembership
GetTokenInformation
CreateWellKnownSid
EqualSid

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-file-l1-1-0

CreateFileW
WriteFileEx

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

wwapi

WwanOpenHandle
WwanCloseHandle
WwanFreeMemory
WwanUiccOpenChannel
WwanRegisterNotification
WwanEnumerateInterfaces
WwanQueryInterface
WwanUiccSetTerminalCapability
WwanUiccSendApdu
WwanUiccCloseChannel

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

rpcrt4

RpcServerInqCallAttributesW
RpcServerInqBindingHandle
RpcImpersonateClient
RpcRevertToSelf
RpcBindingVectorFree
RpcEpUnregister
RpcServerUnregisterIfEx
RpcServerListen
RpcServerRegisterAuthInfoW
RpcServerRegisterIf3
RpcEpRegisterW
RpcServerInqBindings
RpcServerUseProtseqW
NdrServerCallAll
NdrServerCall2

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
DisconnectNamedPipe

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

LpaSvcMain
SvchostPushServiceGlobals

Sections

.text
Size: 907KB - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msihnd/msihnd.dll
.dll regsvr32 windows:10 windows x64 arch:x64

bbe5e86e22d3d7703a8c2c7692e32a6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MsiHnd.pdb

Imports

msvcrt

memcpy
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
__CxxFrameHandler3
wcsrchr
_ui64tow
_wtoi64
_vsnprintf
_i64tow
wcsstr
wcschr
_purecall
_vsnwprintf
__C_specific_handler
_XcptFilter
memset

kernel32

Sleep
GetLastError
SetEvent
DisableThreadLibraryCalls
TerminateThread
GetVersionExW
GlobalFree
CloseHandle
LoadLibraryW
CreateThread
ResetEvent
GetProcAddress
DeleteCriticalSection
FreeLibrary
GetTickCount
MulDiv
GlobalLock
lstrcmpiW
GlobalUnlock
RtlCaptureContext
RtlLookupFunctionEntry
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryActCtxW
WaitForSingleObject
GetLocaleInfoW
FindActCtxSectionStringW
GetEnvironmentVariableW
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetModuleFileNameW
GetUserDefaultLangID
OutputDebugStringA
GetModuleHandleExW
lstrlenW
GetCurrentProcess
EnterCriticalSection
SetLastError
ActivateActCtx
CreateActCtxW
IsValidCodePage
GetACP
RtlVirtualUnwind
DeactivateActCtx
GlobalAlloc

advapi32

RegSetValueExW
EventSetInformation
RegCreateKeyExW
RegDeleteKeyW
EventRegister
RegCloseKey
EventUnregister

user32

RegisterClassW
PeekMessageW
GetMonitorInfoW
DestroyIcon
IsDialogMessageW
DispatchMessageW
GetSysColor
ShowWindow
MessageBeep
UnregisterClassW
GetCursor
CopyIcon
MonitorFromRect
SetWindowPos
GetDC
DestroyWindow
PostMessageW
GetNextDlgTabItem
InvalidateRect
SetForegroundWindow
UpdateWindow
RegisterWindowMessageW
GetParent
EnableMenuItem
SetScrollPos
KillTimer
GetDlgItem
GetClientRect
SetWindowLongW
ScrollWindowEx
SetFocus
MoveWindow
GetDlgCtrlID
RedrawWindow
SetTimer
GetWindowLongPtrW
SetClassLongPtrW
SetWindowTextW
GetSystemMetrics
SendMessageW
CreateWindowExW
SetWindowLongPtrW
IsWindowVisible
GetWindowRect
GetKeyState
GetSystemMenu
DefWindowProcW
GetMessageW
SetScrollInfo
GetWindowLongW
SetRect
MapWindowPoints
CreateIconFromResourceEx
CallWindowProcW
GetWindowTextW
EndPaint
BeginPaint
DrawTextW
ActivateKeyboardLayout
UnloadKeyboardLayout
AppendMenuW
GetClassNameW
DestroyMenu
GetDialogBaseUnits
LoadKeyboardLayoutW
GetKeyboardLayout
FrameRect
GetKeyboardLayoutList
TrackPopupMenu
CreatePopupMenu
FillRect
GetFocus
GetWindow
GetWindowTextLengthW
GetWindowThreadProcessId
IsWindowEnabled
TranslateMessage
LoadIconW
LoadCursorW
SetCursor
SystemParametersInfoW
LoadImageW
ReleaseDC
EnableWindow
ShowCursor
IsWindow

gdi32

EndPage
CreateDIBSection
EnumFontFamiliesExW
GetTextFaceW
SetMapMode
GetDeviceCaps
SetBkColor
SetBkMode
UpdateColors
StartDocW
SetTextColor
GetTextExtentPoint32W
DeleteDC
EndDoc
StartPage
SelectPalette
SelectObject
GetTextMetricsW
DeleteObject
CreateSolidBrush
CreateFontIndirectW
CreateBrushIndirect
GetClipBox
RealizePalette
ExtTextOutW

imm32

ImmReleaseContext
ImmGetContext
ImmAssociateContext

shell32

SHGetFileInfoW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msihnd/nlasvc.dll
.dll windows:10 windows x64 arch:x64

8374cfb8bd514ce09c524fca92452081

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

nlasvc.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsncmp
wcscmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
_o_free
_o_malloc
_o_mbstowcs
_o_qsort
_o_wcscat_s
_o_wcscpy_s
__C_specific_handler
_o___std_type_info_destroy_list
_o__execute_onexit_table
_o__errno
wcsrchr
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o__cexit
_o__callnewh
_o___stdio_common_vsprintf
__CxxFrameHandler3
memcmp
memcpy

rpcrt4

RpcRevertToSelf
RpcServerUseProtseqW
RpcServerInqBindings
RpcEpRegisterW
RpcBindingVectorFree
I_RpcBindingInqTransportType
RpcAsyncCompleteCall
RpcSsContextLockExclusive
RpcServerInqCallAttributesW
RpcServerRegisterAuthInfoW
RpcServerListen
RpcServerRegisterIfEx
RpcStringFreeW
RpcServerRegisterIf3
RpcServerInqDefaultPrincNameW
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
NdrServerCall2
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall
RpcImpersonateClient

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-heap-l1-1-0

HeapCreate
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
AddAccessAllowedAce
FreeSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
SetEvent
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
ReleaseSRWLockShared
ResetEvent
CreateEventW
AcquireSRWLockShared
WaitForSingleObject
EnterCriticalSection
TryAcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

iphlpapi

NotifyIpInterfaceChange
GetIpInterfaceTable
GetIfTable2Ex
GetAdaptersInfo
ConvertInterfaceIndexToLuid
GetUnicastIpAddressEntry
NotifyUnicastIpAddressChange
NotifyRouteChange2
CancelMibChangeNotify2
ConvertInterfaceLuidToIndex
ResolveIpNetEntry2
ConvertInterfaceLuidToGuid
ConvertInterfaceLuidToNameW
GetAdaptersAddresses
ConvertInterfaceLuidToAlias
ConvertInterfaceGuidToLuid
FreeMibTable

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCompareMemory

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThread
GetCurrentProcess
TerminateProcess
OpenThreadToken
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

api-ms-win-security-lsalookup-l1-1-0

LookupAccountNameLocalW

dhcpcsvc

DhcpIsEnabled
DhcpFreeLeaseInfo
DhcpQueryLeaseInfoEx

winnsi

NsiRpcRegisterChangeNotification
NsiRpcDeregisterChangeNotification
NsiDisconnectFromServer
NsiConnectToServer

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

ntdll

RtlEqualUnicodeString
RtlGUIDFromString
EtwEventEnabled
RtlUpcaseUnicodeChar
EtwEventRegister
RtlFreeUnicodeString
EtwEventUnregister
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
RtlInitUnicodeString
EtwRegisterTraceGuidsW
RtlStringFromGUID
EtwEventWriteTransfer
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlNtStatusToDosError
EtwEventActivityIdControl
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlCopyUnicodeString
RtlCopySid
RtlLengthSid
RtlCreateAcl
RtlAddAce
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetSaclSecurityDescriptor
NtOpenProcessToken
RtlNewSecurityObject
NtClose
RtlDeleteSecurityObject
RtlAdjustPrivilege
NtAccessCheckAndAuditAlarm
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
EtwEventWrite
NtOpenFile

ncsi

NcsiPerformRefresh
NcsiPerformReprobe
NcsiNotifySessionChange
NcsiFreeConnectivityStatusSet
NcsiDeregisterConnectivityStatusChange
NcsiUpdateClientPresence
NcsiAllocateAndGetConnectivityStatusSet
NcsiRegisterConnectivityStatusChange
NcsiGetCaptivePortalHosts

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenSCManagerW
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
CreateFileW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-service-private-l1-1-0

UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msihnd/profsvcext.dll
.dll windows:10 windows x64 arch:x64

514e0ebbb07b04806015bc28b322511c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

profsvcext.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsnicmp
_o_free
_o_malloc
_o_rand
_o_terminate
__C_specific_handler
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
__CxxFrameHandler3
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateSemaphoreExW
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
EnterCriticalSection
WaitForSingleObjectEx
DeleteCriticalSection
AcquireSRWLockShared
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockExclusive
CreateEventExW
SetEvent
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapReAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
SetThreadToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoTaskMemAlloc
CoGetCallContext
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoRevertToSelf

api-ms-win-core-heap-l2-1-0

LocalFree
LocalReAlloc
GlobalFree
LocalAlloc
GlobalAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-security-base-l1-1-0

GetTokenInformation
PrivilegeCheck
ImpersonateLoggedOnUser
RevertToSelf
CopySid
ImpersonateSelf
DuplicateTokenEx
GetLengthSid

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegGetValueW
RegOpenCurrentUser
RegEnumValueW
RegCreateKeyExW
RegOpenKeyExW
RegSaveKeyExW

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

userenv

ord175
GetProfileType
ExpandEnvironmentStringsForUserW
ord203
ord209
ord214

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

oleaut32

SysFreeString
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayRedim
SafeArrayDestroy
SafeArrayGetUBound
SysAllocString
SafeArrayUnlock
SysStringLen
SafeArrayGetLBound
VariantClear
VariantCopyInd
SafeArrayCopy
SafeArrayGetVartype
SafeArrayCreate
VariantCopy
SafeArrayLock
VariantInit
VariantChangeType
SysAllocStringLen

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

rpcrt4

RpcRevertToSelf
UuidCreate

api-ms-win-core-file-l1-1-0

GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
CreateDirectoryW
SetFileTime
GetFileAttributesExW
DeleteFileW
GetFileTime
FlushFileBuffers

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-0

CharUpperBuffW

wldap32

ord167
ord18
ord97
ord145
ord41
ord140
ord14
ord147
ord16
ord36
ord27
ord13
ord26
ord88
ord127
ord208
ord301
ord73
ord224

logoncli

DsGetDcNameW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l2-1-2

CopyFileW

netutils

NetApiBufferFree

wkscli

NetGetJoinInformation

profapi

ord104
ord117

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

api-ms-win-security-activedirectoryclient-l1-1-0

DsFreeNameResultW
DsBindWithSpnExW
DsCrackNamesW
DsUnBindW

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
WritePrivateProfileStringW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathStripToRootW
PathRemoveFileSpecW
PathIsUNCServerW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

ntdll

RtlStringFromGUID
NtWriteFile
RtlFreeUnicodeString
EtwEventSetInformation
EtwTraceMessage
NtQueryInformationFile
NtCreateFile
RtlNtStatusToDosError
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryWnfStateData
NtFsControlFile
RtlAdjustPrivilege
NtClose
NtReadFile
RtlInitUnicodeString
RtlAppendUnicodeStringToString
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer

user32

TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

profsvc

GetUserChoiceForSlowLink
GetUserPreferenceValue

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-kernel32-private-l1-1-1

PrivCopyFileExW

Exports

Exports

ConnectToRoamingVhdProfile
CreateRoamingProviderInstance
InitializeSuspendFolderPolicyAndUploadTaskConfig
RefreshSuspendFolderPolicyAndUploadTaskConfig
StartRoamingClassFactories
StopRoamingClassFactories
WaitForNetworkForRoamingProfile

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msihnd/shdocvw.dll
.dll windows:10 windows x64 arch:x64

976a58162ec56583a031b05be5951cdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

shdocvw.pdb

Imports

shell32

SHGetFileInfoW
ShellExecuteW
ord714
ord944
ExtractIconExW
ShellExecuteExW
ord102
ord43
ord881
ord882
ord866
ord147
ord164

shlwapi

ord24
ord516
ord517
ord446
ord635
SHDeleteKeyW
ord2
PathIsUNCW
StrDupW
AssocQueryStringW
StrFormatByteSizeW
PathParseIconLocationW
AssocGetPerceivedType
ord221
ord220
PathIsNetworkPathW
AssocIsDangerous
PathUndecorateW
ord632
ord633
ord634
ord163
ord164
ord158
SHGetValueW
ord471
ord187
SHOpenRegStream2W
StrCmpW
ord216
StrPBrkW
ord561
StrChrW
ord231
PathFindFileNameW
PathFindExtensionW
ord176
ord219
ord618
PathIsUNCServerShareW
PathCreateFromUrlW
StrTrimW
ord154
PathRemoveFileSpecW
PathStripToRootW
PathAppendW

msvcrt

memcpy_s
_vsnwprintf
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy
??1exception@@UEAA@XZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_wcsicmp
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memset
??0exception@@QEAA@XZ

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW
LoadStringW
GetModuleFileNameW
GetModuleHandleW
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateMutexExW
SetEvent
ReleaseMutex
CreateEventExW
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExA
GetSystemDirectoryW
GetTickCount

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateInstance
CoGetApartmentType
CoWaitForMultipleObjects
CoCreateFreeThreadedMarshaler
StringFromGUID2

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
ReleaseActCtx
CreateActCtxW
DeactivateActCtx

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

ntdll

NtQueryInformationToken

gdi32

GetTextExtentPoint32W
SelectObject
CreateFontIndirectW
GetObjectW
GetDeviceCaps
DeleteObject

user32

GetWindowBand
EnableWindow
IsWindowVisible
GetWindowDC
GetWindowThreadProcessId
SetForegroundWindow
DrawTextW
GetAncestor
GetMonitorInfoW
MonitorFromWindow
SendMessageW
ShowWindow
IsWindow
EndDialog
SetDlgItemTextW
DialogBoxParamW
SetWindowLongPtrW
GetWindowLongPtrW
ord2574
GetDlgItem
GetWindowRect
MapWindowPoints
SetFocus
SetWindowTextW
CreateWindowInBandEx
SetWindowPos
SendDlgItemMessageW
LoadIconW
DestroyIcon
DestroyWindow
GetDoubleClickTime
CheckDlgButton
IsDlgButtonChecked
EnumWindows
CreateWindowExW
FindWindowW
PostMessageW
GetClientRect
SetRectEmpty
GetDC
ReleaseDC
CopyRect
BeginPaint
EndPaint
SetRect
GetParent
GetWindowTextW
GetDlgCtrlID
DefWindowProcW
LoadCursorW
RegisterClassW
RegisterWindowMessageW
GetDesktopWindow
KillTimer
ChangeWindowMessageFilter
SetTimer
MessageBeep

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AddUrlToFavorites
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllRegisterWindowClasses
DoAddToFavDlg
DoAddToFavDlgW
DoFileDownload
DoFileDownloadEx
DoOrganizeFavDlg
DoOrganizeFavDlgW
DoPrivacyDlg
HlinkFindFrame
HlinkFrameNavigate
HlinkFrameNavigateNHL
ImportPrivacySettings
OpenURL
SHAddSubscribeFavorite
SHGetIDispatchForFolder
SafeOpenPromptForShellExec
SetQueryNetSessionCount
SetShellOfflineState
SoftwareUpdateMessageBox
URLQualifyA
URLQualifyW

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi
taskcomp/ppcsnap.dll
.dll regsvr32 windows:10 windows x64 arch:x64

4c8643e25d8890880fa02c675c74a56f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ppcsnap.pdb

Imports

msvcrt

free
memmove
_amsg_exit
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_XcptFilter
__CxxFrameHandler3
_lock
_unlock
__dllonexit
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_onexit
??1type_info@@UEAA@XZ
memset
memcmp
??_V@YAXPEAX@Z
_callnewh
malloc
_purecall
__C_specific_handler
??3@YAXPEAX@Z
_vsnwprintf
wcschr
_wcsicmp
memcpy
_initterm
wcscmp

kernel32

DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
GetLastError
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
RaiseException
DeactivateActCtx
ActivateActCtx
LoadLibraryW
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
VirtualFree
GetCurrentProcess
VirtualAlloc
LoadLibraryExA
EncodePointer
HeapAlloc
DecodePointer
GetProcAddress
GetProcessHeap
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateEventW
SetThreadpoolTimer
WaitForSingleObject
CloseHandle
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
SetEvent
HeapFree

ole32

CoCreateInstance
CoTaskMemAlloc
GetHGlobalFromStream
StringFromIID
CoCreateGuid
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoInitialize

user32

PeekMessageW
PostQuitMessage
IsWindow
RegisterClassExW
GetClassInfoExW
GetWindowTextLengthW
GetDlgItemTextW
LoadIconW
SetWindowTextW
SetWindowLongPtrW
EnableWindow
GetDlgItem
MessageBoxW
PostMessageW
CallWindowProcW
GetActiveWindow
CreateWindowExW
GetWindowLongPtrW
DefWindowProcW
DestroyWindow
LoadCursorW
SetFocus
DialogBoxParamW
GetLastActivePopup
wsprintfW
GetWindow
GetParent
GetGUIThreadInfo
EndDialog
RegisterClipboardFormatW
SendMessageW

oleaut32

VariantInit
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString

shlwapi

ord219
ord174
ord209
ord211
ord208
ord210
ord256

puiapi

STRAPI_LoadString
PUIAPI_CreateInstance
PUIAPI_ShowBrowseForPrinterDialog
STRAPI_TrimString
STRAPI_GUID2String
STRAPI_Format

advapi32

RegDeleteKeyExW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

ntdll

TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
TpReleaseWait
TpWaitForWait
TpReleaseWork
TpWaitForWork
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpReleasePool
TpCallbackMayRunLong
TpSetWait
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
RtlNtStatusToDosError
TpSimpleTryPost

activeds

ord3

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
taskcomp/scecli.dll
.dll regsvr32 windows:10 windows x64 arch:x64

4cf2cb1bb507221d91e434473bfb8b6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

scecli.pdb

Imports

msvcrt

_itow_s
wcstoul
memcpy_s
__CxxFrameHandler3
_findclose
_wfindnext64
memmove_s
_wtol
fclose
__C_specific_handler
malloc
_callnewh
_wfindfirst64
wcsncat_s
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
_vsnprintf_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
wcsncpy_s
wcscat_s
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_wfopen
_vsnwprintf
??3@YAXPEAX@Z
_CxxThrowException
_resetstkoflw
memcpy
memmove
_purecall
_XcptFilter
_amsg_exit
free
_initterm
??1type_info@@UEAA@XZ
wcsncmp
_wcsnicmp
wcsstr
wcschr
swprintf_s
_vsnwprintf_s
wcscpy_s
_wcsupr
_lock
_wcsicmp
towlower
memcmp
_onexit
__dllonexit
_unlock
memset

rpcrt4

NdrClientCall3
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
NdrServerCall2
RpcBindingToStringBindingW
RpcBindingSetAuthInfoW
RpcStringFreeW
RpcStringBindingParseW
NdrServerCallAll
I_RpcExceptionFilter

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetFileSize
FindFirstFileW
GetFileAttributesW
GetTempFileNameW
FindClose
DeleteFileW
CreateFileW
SetFilePointer
WriteFile
GetFullPathNameW
CreateDirectoryW
ReadFile
GetVolumeInformationW
SetFileAttributesW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegGetValueW
RegCreateKeyExW
RegDeleteKeyExW
RegOpenCurrentUser
RegCloseKey

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThread
GetCurrentThreadId
ExitThread
CreateThread
GetCurrentProcessId
SetThreadStackGuarantee
OpenThreadToken
OpenProcessToken

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
ExpandEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-security-base-l1-1-0

ImpersonateSelf
FreeSid
ImpersonateLoggedOnUser
EqualSid
AllocateAndInitializeSid
GetSecurityDescriptorDacl
RevertToSelf
DuplicateToken
GetSidSubAuthority
CheckTokenMembership

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetSystemInfo

api-ms-win-core-string-l1-1-0

GetStringTypeExW
CompareStringOrdinal
CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage
GetTraceLoggerHandle

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
LoadStringW
FreeLibraryAndExitThread
GetProcAddress
LoadResource

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FormatMessageW
LCMapStringW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
EnterCriticalSection
CreateMutexW
SleepEx
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
AcquireSRWLockShared
WaitForMultipleObjectsEx
OpenEventW
ReleaseMutex
CreateEventW
ReleaseSemaphore
ReleaseSRWLockExclusive
SetEvent
CreateMutexExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
InitializeCriticalSection

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
CreateFileMappingW
MapViewOfFile
VirtualProtect
UnmapViewOfFile

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-privateprofile-l1-1-0

WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileIntW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage

api-ms-win-core-privateprofile-l1-1-1

WritePrivateProfileSectionW

ntdll

RtlGetDaclSecurityDescriptor
RtlValidSid
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString
NtQueryWnfStateData
RtlGetNtProductType
RtlLengthRequiredSid
RtlEqualSid
RtlNtStatusToDosError
RtlIsTextUnicode
RtlRandomEx
RtlTimeToSecondsSince1980
DbgPrint
RtlLengthSecurityDescriptor
RtlMakeSelfRelativeSD
NtQueryObject
RtlAllocateHeap
RtlImageNtHeader
RtlFreeHeap
RtlGetGroupSecurityDescriptor
RtlFreeSid
RtlLengthSid
RtlSystemTimeToLocalTime
NtQueryInformationToken
RtlSubAuthorityCountSid
RtlAllocateAndInitializeSid
RtlGetOwnerSecurityDescriptor
RtlGetAce
RtlGetSaclSecurityDescriptor
RtlTimeToTimeFields
RtlIdentifierAuthoritySid
RtlSubAuthoritySid
RtlMapGenericMask
RtlGetControlSecurityDescriptor
NtQuerySystemTime
NtAdjustPrivilegesToken
RtlCopySid

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ConvertSecurityDescriptorToText
DeltaNotify
DllRegisterServer
DllUnregisterServer
InitializeChangeNotify
SceAddToNameList
SceAddToNameStatusList
SceAddToObjectList
SceAnalyzeSystem
SceAppendSecurityProfileInfo
SceBrowseDatabaseTable
SceCloseProfile
SceCommitTransaction
SceCompareNameList
SceCompareSecurityDescriptors
SceConfigureConvertedFileSecurity
SceConfigureSystem
SceCopyBaseProfile
SceCreateDirectory
SceDcPromoCreateGPOsInSysvol
SceDcPromoCreateGPOsInSysvolEx
SceDcPromoteSecurity
SceDcPromoteSecurityEx
SceEnforceSecurityPolicyPropagation
SceEnumerateServices
SceFreeMemory
SceFreeProfileMemory
SceGenerateGroupPolicy
SceGenerateRollback
SceGetAnalysisAreaSummary
SceGetAreas
SceGetDatabaseSetting
SceGetDbTime
SceGetObjectChildren
SceGetObjectSecurity
SceGetScpProfileDescription
SceGetSecurityProfileInfo
SceGetServerProductType
SceGetTimeStamp
SceIsSystemDatabase
SceLookupPrivRightName
SceNotifyPolicyDelta
SceOpenPolicy
SceOpenProfile
SceProcessSecurityPolicyGPO
SceProcessSecurityPolicyGPOEx
SceRegisterRegValues
SceRollbackTransaction
SceSetDatabaseSetting
SceSetupBackupSecurity
SceSetupConfigureServices
SceSetupGenerateTemplate
SceSetupMoveSecurityFile
SceSetupRootSecurity
SceSetupSystemByInfName
SceSetupUnwindSecurityFile
SceSetupUpdateSecurityFile
SceSetupUpdateSecurityKey
SceSetupUpdateSecurityService
SceStartTransaction
SceSvcConvertSDToText
SceSvcConvertTextToSD
SceSvcFree
SceSvcGetInformationTemplate
SceSvcQueryInfo
SceSvcSetInfo
SceSvcSetInformationTemplate
SceSvcUpdateInfo
SceSysPrep
SceSysPrepOffline
SceUpdateObjectInfo
SceUpdateSecurityProfile
SceWrapperExportSecurityProfile
SceWrapperImportSecurityProfile
SceWriteSecurityProfileInfo

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
taskcomp/taskcomp.dll
.dll windows:10 windows x64 arch:x64

89df54b176214273566f0e2cdd37ad01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

taskcomp.pdb

Imports

msvcrt

?terminate@@YAXXZ
__C_specific_handler
wcsncpy_s
??1type_info@@UEAA@XZ
_lock
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
wcsspn
wcspbrk
_itow_s
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
_unlock
__dllonexit
_onexit
wcstoul
_wtol
memset
memcmp
?what@exception@@UEBAPEBDXZ
_wcstoui64
wcsncmp
_wcsnicmp
wcsrchr
__CxxFrameHandler3
wcschr
_purecall
_wcsupr
fopen_s
fputws
iswdigit
iswspace
free
rand
_wcsicmp
fclose
fflush
_vsnwprintf
wcsstr
_wtoi
wcscmp

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateWaitableTimerExW
EnterCriticalSection
CreateEventW
CancelWaitableTimer
WaitForSingleObject
ReleaseMutex
CreateSemaphoreExW
SetWaitableTimer
CreateMutexW
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
LeaveCriticalSection
ReleaseSemaphore
DeleteCriticalSection
SetEvent
InitializeCriticalSection

oleaut32

SysAllocStringLen
VariantClear
SysStringLen
SysFreeString
SysStringByteLen
SysAllocString
SysAllocStringByteLen

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcessId
GetCurrentProcess
SetThreadToken
TerminateProcess
CreateThread
GetCurrentThreadId
OpenProcessToken
GetCurrentThread

api-ms-win-security-base-l1-1-0

CopySid
GetSidSubAuthority
GetSecurityDescriptorDacl
GetSidSubAuthorityCount
IsValidSid
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
FreeSid
DuplicateToken
GetLengthSid
ImpersonateSelf
RevertToSelf
AdjustTokenPrivileges
IsTokenRestricted
AccessCheck
GetSecurityDescriptorControl
AllocateAndInitializeSid
IsWellKnownSid
GetFileSecurityW
GetSecurityDescriptorOwner
EqualSid
CreateWellKnownSid
GetTokenInformation
CheckTokenMembership
GetSidIdentifierAuthority

ntdll

NtClose
EtwEventRegister
NtAccessCheck
NtOpenThreadToken
EtwEventUnregister
EtwEventEnabled
RtlInitString
RtlInitUnicodeString
NtOpenProcessToken
EtwEventWrite
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
NtQueryDirectoryFile
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthorityCountSid
RtlCopySid
RtlLengthSid
RtlCreateAcl
RtlAddAce
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlNewSecurityObject
RtlDeleteSecurityObject
RtlNtStatusToDosError
EtwTraceMessage
NtQueryInformationToken

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

rpcrt4

NdrServerCall2
RpcImpersonateClient
RpcRevertToSelf
RpcServerInqBindings
RpcEpRegisterW
RpcEpUnregister
RpcServerRegisterAuthInfoW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqW
RpcServerUseProtseqEpW
RpcBindingVectorFree
NdrServerCallAll
NdrClientCall3
I_RpcExceptionFilter
RpcStringBindingComposeW
UuidCreate
RpcBindingFromStringBindingW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegDeleteTreeW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyExW

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
FindClose
GetFileType
GetFileSize
GetFileAttributesExW
SetEndOfFile
ReadFile
GetFileInformationByHandle
GetDriveTypeW
FindNextFileW
SetFileAttributesW
FindFirstFileW
WriteFile
LocalFileTimeToFileTime
GetFullPathNameW
DeleteFileW
FileTimeToLocalFileTime
CreateFileW
CompareFileTime
GetFileAttributesW
GetVolumeInformationW
GetVolumePathNameW
CreateDirectoryW
SetFilePointer

api-ms-win-core-timezone-l1-1-0

TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetComputerNameExW
GetSystemTime
GetLocalTime
GetTickCount

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

ReadDirectoryChangesW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleHandleW
LoadStringW
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyKey
CryptReleaseContext
CryptHashData
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGenKey
CryptGetHashParam
CryptSignHashW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapSize
HeapAlloc
HeapDestroy
GetProcessHeap

api-ms-win-security-credentials-l1-1-0

CredDeleteW
CredFree
CredWriteW
CredEnumerateW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DeleteTaskNotification
InitializeAdapter
IsRegistering
RegisterTaskNotification
SetSdNotification
ShutdownAdapter
UpdateJobStatus

Sections

.text
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcomp110/Windows.Globalization.dll
.dll windows:10 windows x64 arch:x64

819122ec5350ef6ca97ced8da9aef194

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Globalization.pdb

Imports

msvcp_win

??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?id@?$collate@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xbad_function_call@std@@YAXXZ
_Wcscoll
?_Xlength_error@std@@YAXPEBD@Z
_Wcsxfrm
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?id@?$ctype@G@std@@2V0locale@2@A
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

api-ms-win-crt-math-l1-1-0

modff
copysign
floorf
ceilf
log10f

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_ceil
_o_cos
_o_floor
_o_fmod
_o_free
_o_log10
_o_malloc
_o_modf
_o_powf
_o_realloc
_o_sin
_o_tan
_o_terminate
_o_towlower
_o_wcscpy_s
_o_wcstod
_o_wcstol
__CxxFrameHandler3
__C_specific_handler
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_type_info_compare
wcsstr
strchr
__std_terminate
__CxxFrameHandler4
_o__execute_onexit_table
_o__errno
_o__ecvt_s
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW
GetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-winrt-error-l1-1-1

RoClearError
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserMarshal64
HSTRING_UserSize
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsDeleteStringBuffer
WindowsSubstringWithSpecifiedLength
HSTRING_UserUnmarshal
HSTRING_UserSize64
WindowsGetStringLen
WindowsDeleteString
HSTRING_UserMarshal
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
HSTRING_UserFree64
WindowsCompareStringOrdinal
HSTRING_UserFree
HSTRING_UserUnmarshal64
WindowsConcatString
WindowsDuplicateString

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceInitialize
InitOnceExecuteOnce

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
ResetEvent
CreateEventW
ReleaseSemaphore
WaitForSingleObject
CreateMutexExW
ReleaseMutex
ReleaseSRWLockShared
InitializeSRWLock
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
SetEvent

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
LoadStringW
DisableThreadLibraryCalls
FreeLibrary
FindStringOrdinal
GetModuleFileNameW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoImpersonateClient
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
CoReleaseMarshalData
CoRevertToSelf
CoMarshalInterface
CoCreateInstance
CoTaskMemFree

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegGetValueW

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringEx
CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
OpenThreadToken
OpenProcessToken

api-ms-win-core-localization-l1-2-0

EnumSystemGeoID
GetUserGeoID
GetGeoInfoW
LCMapStringEx
IsValidLocaleName
GetUserDefaultLocaleName
GetLocaleInfoEx
SetUserGeoID
ResolveLocaleName
GetCalendarInfoEx
LCMapStringW
LocaleNameToLCID
FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-security-base-l1-1-0

GetAce
RevertToSelf
EqualSid
GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-localization-l1-2-1

EnumSystemLocalesEx

api-ms-win-core-localization-l2-1-0

EnumTimeFormatsEx
EnumCalendarInfoExEx

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation
GetTimeZoneInformationForYear
EnumDynamicTimeZoneInformation
GetDynamicTimeZoneInformationEffectiveYears

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

oleaut32

SysStringLen
SysAllocString
SysFreeString

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

rpcrt4

IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
NdrCStdStubBuffer2_Release
CStdStubBuffer_QueryInterface
NdrStubForwardingFunction
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrOleFree
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
NdrStubCall3
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
IUnknown_AddRef_Proxy
CStdStubBuffer_Connect

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
ObjectStublessClient15
ObjectStublessClient8
ObjectStublessClient19
CStdStubBuffer2_QueryInterface
ObjectStublessClient16
ObjectStublessClient13
ObjectStublessClient7
ObjectStublessClient9
ObjectStublessClient23
ObjectStublessClient10
ObjectStublessClient20
ObjectStublessClient18
ObjectStublessClient3
ObjectStublessClient22
ObjectStublessClient21
NdrProxyForwardingFunction3
CStdStubBuffer2_CountRefs
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
CStdStubBuffer2_Connect
CStdStubBuffer2_Disconnect
ObjectStublessClient17

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-normalization-l1-1-0

NormalizeString
GetStringScripts

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-capability-l1-1-0

CapabilityCheck

ntdll

RtlQueryInformationAcl
RtlGetAce
NtSetSecurityObject
RtlAddAce
RtlLengthSid
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
NtQuerySecurityObject
RtlGetDaclSecurityDescriptor
NtSetDefaultUILanguage
RtlpSetPreferredUILanguages
NtClose
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlNtStatusToDosError
RtlSetDaclSecurityDescriptor

combase

ord148

bcp47langs

SetUserLanguagesInternal
GetApplicationManifestLanguages
GetApplicationLanguages
Bcp47FindClosestLanguage
ResolveLanguages
SetApplicationLanguageOverride
Bcp47GetDistance
ClearApplicationLanguageOverride
GetUserLanguages
Bcp47GetExtensionSubstring
Bcp47GetNeutralForm
Bcp47Normalize
Bcp47GetAbbreviation
LanguageListAsMuiForm
Bcp47GetIsoScriptCode
GetApplicationLanguageOverride
Bcp47IsWellFormed
Bcp47GetIsoLanguageCode
Bcp47GetMuiForm

bcp47mrm

GetApplicationLanguagesWithUserLanguagesFallback
Bcp47IsValid
GetLanguageDirectionality

kernelbase

OpenGlobalizationUserSettingsKey

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 651KB - Virtual size: 651KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcomp110/dnshc.dll
.dll regsvr32 windows:10 windows x64 arch:x64

01e70949ce456b6981c9a9bda86d2b06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dnsHC.pdb

Imports

msvcrt

_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_callnewh
realloc
memset
memmove_s
wcscat_s
wcscpy_s
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
calloc
wcsstr
_vsnwprintf
vswprintf_s
_vscwprintf
wcschr
wcsnlen
memcpy_s
free
memmove
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_errno
_lock
malloc
wcsncpy_s
wcsncmp
toupper
__C_specific_handler
_purecall
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
wcscmp

ntdll

RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

LocalFree
OutputDebugStringA
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LockResource
FormatMessageW
GetModuleFileNameA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryExW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
WaitForSingleObjectEx
CloseHandle
CreateThread
WaitForMultipleObjectsEx
ExpandEnvironmentStringsW
HeapAlloc
GetProcessHeap
HeapFree
ExitThread
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
HeapSize
HeapReAlloc
HeapDestroy
TerminateProcess
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
LocalAlloc

advapi32

RegQueryValueExW
EventProviderEnabled
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
IsValidSid
EventActivityIdControl
EventWriteTransfer
EventWrite
EventSetInformation
EventRegister
EventUnregister

user32

UnregisterClassA
LoadStringW
CharNextW

oleaut32

LoadTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
VarUI4FromStr
SysFreeString

iphlpapi

GetAdaptersAddresses
GetNetworkParams
ConvertInterfaceGuidToLuid
ConvertInterfaceLuidToIndex

ws2_32

WSAStartup
htons
GetNameInfoW
FreeAddrInfoW
WSACleanup
GetAddrInfoW

dnsapi

DnsFreePolicyConfig
DnsFree
DnsQuery_W
DnsValidateName_W
DnsQueryConfigAllocEx
DnsFreeConfigStructure
DnsGetPolicyTableInfo
DnsValidateServer_W

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CLSIDFromString
StringFromGUID2

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcomp110/sbe.dll
.dll regsvr32 windows:10 windows x64 arch:x64

d83b24c08477d6d5715f9d95e9c2a700

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sbe.pdb

Imports

msvcrt

memmove
memcmp
wcsstr
_vsnwprintf_s
_purecall
free
_callnewh
malloc
memset
sqrt
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
log
ceil
_XcptFilter
memcpy
_vsnwprintf
wcscpy_s
qsort
_wcsicmp
_snwprintf_s
memcpy_s
wcsncpy_s
swprintf_s
wcsrchr
wcschr
wcscmp

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

kernel32

InitializeCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventW
ResetEvent
GetCurrentThreadId
DuplicateHandle
SetEvent
WaitForSingleObject
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
CreateThread
GetModuleHandleW
GetProcAddress
GetTickCount
GetCurrentThread
SetThreadPriority
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetFileAttributesW
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
lstrcmpiW
WriteFile
CreateFileW
GetFullPathNameW
DeleteFileW
FileTimeToSystemTime
GlobalAlloc
GlobalFree
GlobalLock
SystemTimeToFileTime
GlobalUnlock
LeaveCriticalSection
GetUserDefaultLangID
QueueUserWorkItem
GetTickCount64
QueryPerformanceFrequency
ExpandEnvironmentStringsW
LocalAlloc
LoadLibraryW
LocalFree
FreeLibrary
CreateDirectoryW
lstrlenW
SetFileAttributesW
ReadFile
CompareStringW
SetEndOfFile
SetFilePointerEx
UnmapViewOfFile
CompareStringA
CreateFileMappingW
MapViewOfFile
CreateMutexW
ReleaseMutex
OpenMutexW
TryEnterCriticalSection
FindFirstFileW
CreateHardLinkW
FindClose
RegisterWaitForSingleObject
RemoveDirectoryW
OpenEventW
OpenFileMappingW
GetFileInformationByHandle
FlushViewOfFile
UnregisterWaitEx
GetTempFileNameW
SetLastError
SetFileBandwidthReservation
GetQueuedCompletionStatus
CreateIoCompletionPort
GetFinalPathNameByHandleW
WaitForMultipleObjects
GetFileInformationByHandleEx
GetFileSizeEx
GetModuleHandleExW
ReOpenFile
FreeLibraryAndExitThread
PostQueuedCompletionStatus
GetOverlappedResult
WriteFileGather
InterlockedPushEntrySList
ReadFileScatter
InitializeSListHead
InterlockedPopEntrySList
QueryDepthSList
FlushFileBuffers
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
DeviceIoControl
EnterCriticalSection
CreateEventExW
GetFileSize
GetVersionExW
MultiByteToWideChar
GetLastError
GetModuleFileNameA
QueryFullProcessImageNameW
DisableThreadLibraryCalls
GetTempPathW
OutputDebugStringA
GetCurrentProcess
lstrcmpW
VirtualQuery
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
CreateSemaphoreW
MulDiv
SetFileValidData

advapi32

AllocateAndInitializeSid
IsValidSid
FreeSid
GetLengthSid
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
CreateWellKnownSid
OpenProcessToken
AddAccessAllowedAce
GetTokenInformation
GetAclInformation
GetAce
EqualSid
RegQueryValueExW
BuildTrusteeWithSidW
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
AddAccessAllowedAceEx
InitializeAcl
AddAce
CopySid

ole32

CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeEx
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear
CoGetMalloc
CreateStreamOnHGlobal
CoFreeUnusedLibraries

rpcrt4

NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
UuidCreate
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
NdrDllRegisterProxy

winmm

timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeGetTime

shell32

SHGetKnownFolderPath

shlwapi

PathFileExistsW

gdiplus

GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipGetImageDimension
GdipCloneImage
GdipCreateBitmapFromStream
GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipFree
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 774KB - Virtual size: 774KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcomp110/vcomp110.dll
.dll windows:6 windows x64 arch:x64

28a10866a1268b2e8eddc8b656769c45

Code Sign

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9d
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:42

Not After

04/03/2013, 21:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2012, 00:14

Not After

07/10/2013, 00:14

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:d4:f6:7f:4c:25:e5:8b:9c:fe:6a:28:df:f0:57:a9:19:5a:ea:7a:3c:be:ae:f5:a0:d4:66:44:ad:77:3a:3a
Signer

Actual PE Digest

19:d4:f6:7f:4c:25:e5:8b:9c:fe:6a:28:df:f0:57:a9:19:5a:ea:7a:3c:be:ae:f5:a0:d4:66:44:ad:77:3a:3a

Digest Algorithm

sha256

PE Digest Matches

true

ef:43:1a:9a:ec:00:9e:fd:5e:98:5b:54:38:39:9a:92:17:f7:08:13
Signer

Actual PE Digest

ef:43:1a:9a:ec:00:9e:fd:5e:98:5b:54:38:39:9a:92:17:f7:08:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vcomp110.amd64.pdb

Imports

kernel32

TlsGetValue
FormatMessageW
OutputDebugStringW
LocalAlloc
LocalFree
GetConsoleWindow
GetConsoleScreenBufferInfo
WriteConsoleW
WideCharToMultiByte
WriteFile
GetLastError
GetStdHandle
ExitProcess
GetCurrentThreadId
HeapFree
GetProcessHeap
TlsSetValue
UnhandledExceptionFilter
CreateEventW
CloseHandle
GetTickCount
SwitchToThread
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
HeapAlloc
TryEnterCriticalSection
QueryPerformanceCounter
TlsAlloc
TlsFree
GetSystemInfo
QueryPerformanceFrequency
GetSystemTimeAdjustment
GetEnvironmentVariableW
lstrlenW
lstrcmpiW
GetStringTypeExW
ResetEvent
CreateThread
QueueUserWorkItem
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
GetUserDefaultUILanguage
FindFirstFileW
FindNextFileW
LoadLibraryExW
FindClose
GetModuleFileNameW
FindResourceExW
LoadResource
ReadConsoleW
ReadFile
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
GetModuleHandleExW
SetStdHandle
RtlUnwindEx
HeapReAlloc
FlushFileBuffers
CreateFileW
LCMapStringW
HeapSize
LoadLibraryW

user32

MessageBoxW

Exports

Exports

C2VectParallel
_vcomp_atomic_add_i1
_vcomp_atomic_add_i2
_vcomp_atomic_add_i4
_vcomp_atomic_add_i8
_vcomp_atomic_add_r4
_vcomp_atomic_add_r8
_vcomp_atomic_and_i1
_vcomp_atomic_and_i2
_vcomp_atomic_and_i4
_vcomp_atomic_and_i8
_vcomp_atomic_div_i1
_vcomp_atomic_div_i2
_vcomp_atomic_div_i4
_vcomp_atomic_div_i8
_vcomp_atomic_div_r4
_vcomp_atomic_div_r8
_vcomp_atomic_div_ui1
_vcomp_atomic_div_ui2
_vcomp_atomic_div_ui4
_vcomp_atomic_div_ui8
_vcomp_atomic_mul_i1
_vcomp_atomic_mul_i2
_vcomp_atomic_mul_i4
_vcomp_atomic_mul_i8
_vcomp_atomic_mul_r4
_vcomp_atomic_mul_r8
_vcomp_atomic_or_i1
_vcomp_atomic_or_i2
_vcomp_atomic_or_i4
_vcomp_atomic_or_i8
_vcomp_atomic_shl_i1
_vcomp_atomic_shl_i2
_vcomp_atomic_shl_i4
_vcomp_atomic_shl_i8
_vcomp_atomic_shr_i1
_vcomp_atomic_shr_i2
_vcomp_atomic_shr_i4
_vcomp_atomic_shr_i8
_vcomp_atomic_shr_ui1
_vcomp_atomic_shr_ui2
_vcomp_atomic_shr_ui4
_vcomp_atomic_shr_ui8
_vcomp_atomic_sub_i1
_vcomp_atomic_sub_i2
_vcomp_atomic_sub_i4
_vcomp_atomic_sub_i8
_vcomp_atomic_sub_r4
_vcomp_atomic_sub_r8
_vcomp_atomic_xor_i1
_vcomp_atomic_xor_i2
_vcomp_atomic_xor_i4
_vcomp_atomic_xor_i8
_vcomp_barrier
_vcomp_copyprivate_broadcast
_vcomp_copyprivate_receive
_vcomp_enter_critsect
_vcomp_flush
_vcomp_for_dynamic_init
_vcomp_for_dynamic_init_i8
_vcomp_for_dynamic_next
_vcomp_for_dynamic_next_i8
_vcomp_for_static_end
_vcomp_for_static_init
_vcomp_for_static_init_i8
_vcomp_for_static_simple_init
_vcomp_for_static_simple_init_i8
_vcomp_fork
_vcomp_get_thread_num
_vcomp_leave_critsect
_vcomp_master_barrier
_vcomp_master_begin
_vcomp_master_end
_vcomp_ordered_begin
_vcomp_ordered_end
_vcomp_ordered_loop_end
_vcomp_reduction_i1
_vcomp_reduction_i2
_vcomp_reduction_i4
_vcomp_reduction_i8
_vcomp_reduction_r4
_vcomp_reduction_r8
_vcomp_reduction_u1
_vcomp_reduction_u2
_vcomp_reduction_u4
_vcomp_reduction_u8
_vcomp_sections_init
_vcomp_sections_next
_vcomp_set_num_threads
_vcomp_single_begin
_vcomp_single_end
omp_destroy_lock
omp_destroy_nest_lock
omp_get_dynamic
omp_get_max_threads
omp_get_nested
omp_get_num_procs
omp_get_num_threads
omp_get_thread_num
omp_get_wtick
omp_get_wtime
omp_in_parallel
omp_init_lock
omp_init_nest_lock
omp_set_dynamic
omp_set_lock
omp_set_nest_lock
omp_set_nested
omp_set_num_threads
omp_test_lock
omp_test_nest_lock
omp_unset_lock
omp_unset_nest_lock

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

Password: 2024

Password: 2024

db38a12849354850012d502906a251b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

rpcrt4

api-ms-win-core-heap-l2-1-0

authz

api-ms-win-security-base-l1-1-0

ws2_32

api-ms-win-core-timezone-l1-1-0

iphlpapi

api-ms-win-core-file-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-perfcounters-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l2-1-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-eventing-consumer-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 453KB - Virtual size: 453KB

.rdata Size: 358KB - Virtual size: 358KB

.data Size: 9KB - Virtual size: 25KB

.pdata Size: 29KB - Virtual size: 28KB

.didat Size: 512B - Virtual size: 360B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 14KB - Virtual size: 13KB

Password: 2024

f4527a6ef5afe648805e2a19f417a141

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

user32

gdi32

kernel32

advapi32

ole32

version

setupapi

shlwapi

Exports

.text
Size: 453KB - Virtual size: 453KB

.rdata
Size: 358KB - Virtual size: 358KB

.data
Size: 9KB - Virtual size: 25KB

.pdata
Size: 29KB - Virtual size: 28KB

.didat
Size: 512B - Virtual size: 360B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 14KB - Virtual size: 13KB

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 55KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 92B

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 5KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 3KB - Virtual size: 3KB