advapi32.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
277d3ff0c540f284326e8ebe42ac180c_JaffaCakes118.dll
Resource
win7-20240705-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
277d3ff0c540f284326e8ebe42ac180c_JaffaCakes118.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
277d3ff0c540f284326e8ebe42ac180c_JaffaCakes118
-
Size
604KB
-
MD5
277d3ff0c540f284326e8ebe42ac180c
-
SHA1
289a3a3c29e1da68524a89bee9d31d049224aaaf
-
SHA256
cf622f28cb540908d3b5aa7551990d0d3821118fcdc9d7f6d13dcc7fba7baf03
-
SHA512
f67e0ba251f23e48cc4beff4bc9518bde88622a5baa0d0839648ebf62a565f4dd61d72f186f5c157c9e3dacee684392a5b6edbc6aa52ab7689eda0a6246f94cf
-
SSDEEP
12288:0TrXK96j5NoMtoiR3/uDWQjUWD8C1mhD/hOpZwYEtLKI:0TrXKEFNoMoiRWDVUWDHmhNOoYEtL5
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 277d3ff0c540f284326e8ebe42ac180c_JaffaCakes118
Files
-
277d3ff0c540f284326e8ebe42ac180c_JaffaCakes118.dll windows:5 windows x86 arch:x86
e19643483420e2509c6ccee6fc61d3dd
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
DeviceIoControl
LocalFree
LocalAlloc
LocalReAlloc
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
lstrcatW
lstrcpyW
lstrcpyA
AreFileApisANSI
IsBadWritePtr
CloseHandle
WritePrivateProfileStringW
GetPrivateProfileStringW
Sleep
GetTickCount
GetCurrentProcess
GetCurrentThread
GetWindowsDirectoryW
GetLastError
SetErrorMode
LoadLibraryExW
FindFirstFileExW
FindNextFileW
GetFileTime
GetSystemTime
GetModuleFileNameW
GetUserDefaultUILanguage
CreateMutexW
GetPrivateProfileIntW
GetSystemWindowsDirectoryW
RaiseException
ReadProcessMemory
GetProfileIntA
GetProfileStringA
GetComputerNameA
GetComputerNameExW
GetModuleHandleExW
SetNamedPipeHandleState
OpenEventW
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceW
GetVolumeInformationW
GlobalMemoryStatus
GetSystemInfo
SetThreadPriority
InterlockedExchangeAdd
DuplicateHandle
CreateThread
WaitForMultipleObjectsEx
CancelIo
ExitThread
GetTimeZoneInformation
EnumUILanguagesW
CreateEventA
GetFullPathNameA
GetDiskFreeSpaceExW
ResetEvent
SetEvent
CreateFileA
GetOverlappedResult
GetModuleHandleW
FindResourceExW
ReleaseMutex
CompareFileTime
OpenMutexW
WaitForSingleObject
GetLongPathNameW
GetFileSizeEx
CreateFileMappingW
FormatMessageW
GetLocalTime
OutputDebugStringW
ExpandEnvironmentStringsW
MoveFileW
lstrcmpW
GetCommandLineW
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
SetLastError
GetVersionExA
InterlockedExchange
CreateEventW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedCompareExchange
DelayLoadFailureHook
GetPriorityClass
HeapFree
GetFullPathNameW
lstrcpynW
GetCurrentThreadId
SleepEx
GetProcessHeap
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsA
OpenFile
GetFileSize
_lclose
SearchPathW
GetFileAttributesExW
SetFilePointer
FindResourceA
LoadResource
SizeofResource
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
CreateProcessInternalA
CreateProcessInternalW
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
WaitNamedPipeW
GetCurrentProcessId
WriteFile
ReadFile
ResumeThread
OpenProcess
GetComputerNameW
UnmapViewOfFile
CreateFileW
CreateFileMappingA
MapViewOfFile
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
CreateVirtualBuffer
VirtualBufferExceptionHandler
FreeVirtualBuffer
GetFileAttributesW
FindFirstFileW
FindClose
QueryWin31IniFilesMappedToRegistry
DeleteFileW
CopyFileW
ntdll
RtlExpandEnvironmentStrings_U
RtlDuplicateUnicodeString
RtlCreateUnicodeString
NtQueryInformationProcess
NtQueryKey
RtlStringFromGUID
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlInitializeHandleTable
RtlDestroyHandleTable
NtEnumerateKey
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
RtlFormatCurrentUserKeyPath
RtlInitializeGenericTable
RtlNumberGenericTableElements
RtlLookupElementGenericTable
RtlQueryRegistryValues
RtlGUIDFromString
RtlUpcaseUnicodeChar
NtQueryVolumeInformationFile
RtlPrefixUnicodeString
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlDetermineDosPathNameType_U
NtQueryInformationFile
RtlGetFullPathName_U
wcstombs
mbstowcs
_ftol
NtSetEvent
NtQueryPerformanceCounter
wcscmp
NtWaitForMultipleObjects
RtlIsGenericTableEmpty
NtCreateEvent
RtlCreateHeap
RtlDestroyHeap
NtAllocateVirtualMemory
RtlFlushSecureMemoryCache
NtFreeVirtualMemory
NtCreateFile
NtQueryInformationThread
NtWriteFile
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
NtOpenProcess
NtReadFile
NtFlushBuffersFile
NtSetInformationFile
CsrNewThread
NtClearEvent
NtReleaseSemaphore
NtCreateSemaphore
NtPowerInformation
RtlInitUnicodeStringEx
RtlUnicodeToMultiByteN
NtNotifyChangeKey
NtSetInformationObject
NtDuplicateObject
_itow
NtDeleteValueKey
NtEnumerateValueKey
RtlTimeToSecondsSince1970
RtlUnwind
NtQueryVirtualMemory
RtlEnumerateGenericTableWithoutSplaying
NtCompareTokens
RtlFreeHandle
RtlIsValidIndexHandle
RtlAllocateHandle
_vsnwprintf
RtlUnicodeStringToInteger
wcsncmp
RtlMakeSelfRelativeSD
RtlGetNtProductType
NtQuerySystemTime
RtlRandom
RtlCompareUnicodeString
RtlxUnicodeStringToAnsiSize
RtlAppendUnicodeStringToString
NtWaitForSingleObject
RtlCompareMemory
NtDeviceIoControlFile
wcsrchr
RtlCopyLuid
RtlImageNtHeader
_ultow
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
RtlMultiByteToUnicodeN
strstr
strchr
tolower
_wcsnicmp
wcsncpy
wcstol
wcstoul
iswctype
RtlConvertSidToUnicodeString
DbgPrint
_strnicmp
RtlFreeAnsiString
RtlCreateUnicodeStringFromAsciiz
atol
NtQuerySystemInformation
_chkstk
NtTerminateProcess
RtlAdjustPrivilege
NtSetInformationProcess
strncpy
RtlUpcaseUnicodeStringToOemString
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitString
RtlIsTextUnicode
_stricmp
NtDeleteKey
NtQueryValueKey
NtSetValueKey
_wcsicmp
_wcslwr
wcsstr
wcschr
swprintf
RtlOpenCurrentUser
NtOpenKey
NtCreateKey
RtlSetSecurityDescriptorRMControl
RtlGetSecurityDescriptorRMControl
RtlSelfRelativeToAbsoluteSD2
NtFilterToken
sprintf
NtImpersonateAnonymousToken
memmove
RtlUnicodeStringToAnsiString
RtlUnicodeToMultiByteSize
RtlCopyUnicodeString
NtSetInformationThread
RtlImpersonateSelf
NtFsControlFile
NtQuerySecurityObject
RtlOemStringToUnicodeString
NtOpenFile
NtSetSecurityObject
NtClose
RtlSelfRelativeToAbsoluteSD
RtlAbsoluteToSelfRelativeSD
RtlDeleteSecurityObject
RtlQuerySecurityObject
RtlSetSecurityObjectEx
RtlSetSecurityObject
RtlNewSecurityObjectWithMultipleInheritance
RtlNewSecurityObjectEx
RtlConvertToAutoInheritSecurityObject
RtlNewSecurityObject
RtlGetGroupSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetControlSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
RtlCreateSecurityDescriptor
RtlFirstFreeAce
RtlAddAuditAccessObjectAce
RtlAddAccessDeniedObjectAce
RtlAddAccessAllowedObjectAce
RtlAddAuditAccessAceEx
RtlAddAuditAccessAce
RtlAddAccessDeniedAceEx
RtlAddAccessDeniedAce
RtlAddAccessAllowedAceEx
RtlAddAccessAllowedAce
RtlGetAce
RtlDeleteAce
RtlAddAce
RtlSetInformationAcl
RtlQueryInformationAcl
RtlCreateAcl
RtlValidAcl
RtlMapGenericMask
RtlAreAnyAccessesGranted
RtlAreAllAccessesGranted
RtlCopySid
RtlLengthSid
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlIdentifierAuthoritySid
RtlAllocateAndInitializeSid
RtlFreeSid
RtlInitializeSid
RtlLengthRequiredSid
RtlEqualPrefixSid
RtlEqualSid
RtlValidSid
NtPrivilegedServiceAuditAlarm
NtDeleteObjectAuditAlarm
NtCloseObjectAuditAlarm
NtPrivilegeObjectAuditAlarm
NtOpenObjectAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckAndAuditAlarm
NtPrivilegeCheck
NtAdjustGroupsToken
NtAdjustPrivilegesToken
NtSetInformationToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenProcessToken
NtAccessCheckByTypeResultList
NtAccessCheckByType
NtAccessCheck
NtAllocateLocallyUniqueId
NtDuplicateToken
_snwprintf
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U
RtlFreeHeap
wcslen
RtlAllocateHeap
wcscpy
wcscat
RtlNtStatusToDosError
RtlInitializeCriticalSection
NtTraceEvent
RtlDeleteCriticalSection
RtlEqualUnicodeString
NtFlushKey
RtlValidRelativeSecurityDescriptor
NtLoadKey
NtUnloadKey
NtReplaceKey
NtNotifyChangeMultipleKeys
NtQueryMultipleValueKey
NtRestoreKey
NtSaveKey
NtSaveMergedKeys
NtSaveKeyEx
RtlGetVersion
RtlReAllocateHeap
_alloca_probe
rpcrt4
RpcStringFreeW
UuidToStringW
UuidFromStringW
RpcRaiseException
RpcBindingSetAuthInfoExA
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
NdrClientCall2
RpcStringBindingParseW
I_RpcMapWin32Status
RpcBindingToStringBindingW
NDRCContextBinding
RpcRevertToSelf
RpcImpersonateClient
I_RpcBindingIsClientLocal
I_RpcExceptionFilter
RpcSsDestroyClientContext
RpcBindingSetAuthInfoW
RpcEpResolveBinding
UuidCreate
RpcBindingSetAuthInfoA
Exports
Exports
A_SHAFinal
A_SHAInit
A_SHAUpdate
AbortSystemShutdownA
AbortSystemShutdownW
AccessCheck
AccessCheckAndAuditAlarmA
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmA
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmA
AccessCheckByTypeResultListAndAuditAlarmByHandleA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddUsersToEncryptedFile
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
BackupEventLogA
BackupEventLogW
BuildExplicitAccessWithNameA
BuildExplicitAccessWithNameW
BuildImpersonateExplicitAccessWithNameA
BuildImpersonateExplicitAccessWithNameW
BuildImpersonateTrusteeA
BuildImpersonateTrusteeW
BuildSecurityDescriptorA
BuildSecurityDescriptorW
BuildTrusteeWithNameA
BuildTrusteeWithNameW
BuildTrusteeWithObjectsAndNameA
BuildTrusteeWithObjectsAndNameW
BuildTrusteeWithObjectsAndSidA
BuildTrusteeWithObjectsAndSidW
BuildTrusteeWithSidA
BuildTrusteeWithSidW
CancelOverlappedAccess
ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CheckTokenMembership
ClearEventLogA
ClearEventLogW
CloseCodeAuthzLevel
CloseEncryptedFileRaw
CloseEventLog
CloseServiceHandle
CloseTrace
CommandLineFromMsiDescriptor
ComputeAccessTokenFromCodeAuthzLevel
ControlService
ControlTraceA
ControlTraceW
ConvertAccessToSecurityDescriptorA
ConvertAccessToSecurityDescriptorW
ConvertSDToStringSDRootDomainA
ConvertSDToStringSDRootDomainW
ConvertSecurityDescriptorToAccessA
ConvertSecurityDescriptorToAccessNamedA
ConvertSecurityDescriptorToAccessNamedW
ConvertSecurityDescriptorToAccessW
ConvertSecurityDescriptorToStringSecurityDescriptorA
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidA
ConvertSidToStringSidW
ConvertStringSDToSDDomainA
ConvertStringSDToSDDomainW
ConvertStringSDToSDRootDomainA
ConvertStringSDToSDRootDomainW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidA
ConvertStringSidToSidW
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreateCodeAuthzLevel
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserA
CreateProcessAsUserSecure
CreateProcessAsUserW
CreateProcessWithLogonW
CreateRestrictedToken
CreateServiceA
CreateServiceW
CreateTraceInstanceId
CreateWellKnownSid
CredDeleteA
CredDeleteW
CredEnumerateA
CredEnumerateW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialA
CredIsMarshaledCredentialW
CredMarshalCredentialA
CredMarshalCredentialW
CredProfileLoaded
CredReadA
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredRenameA
CredRenameW
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
CredpConvertCredential
CredpConvertTargetInfo
CredpDecodeCredential
CredpEncodeCredential
CryptAcquireContextA
CryptAcquireContextW
CryptContextAddRef
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptDuplicateHash
CryptDuplicateKey
CryptEncrypt
CryptEnumProviderTypesA
CryptEnumProviderTypesW
CryptEnumProvidersA
CryptEnumProvidersW
CryptExportKey
CryptGenKey
CryptGenRandom
CryptGetDefaultProviderA
CryptGetDefaultProviderW
CryptGetHashParam
CryptGetKeyParam
CryptGetProvParam
CryptGetUserKey
CryptHashData
CryptHashSessionKey
CryptImportKey
CryptReleaseContext
CryptSetHashParam
CryptSetKeyParam
CryptSetProvParam
CryptSetProviderA
CryptSetProviderExA
CryptSetProviderExW
CryptSetProviderW
CryptSignHashA
CryptSignHashW
CryptVerifySignatureA
CryptVerifySignatureW
DecryptFileA
DecryptFileW
DeleteAce
DeleteService
DeregisterEventSource
DestroyPrivateObjectSecurity
DuplicateEncryptionInfoFile
DuplicateToken
DuplicateTokenEx
ElfBackupEventLogFileA
ElfBackupEventLogFileW
ElfChangeNotify
ElfClearEventLogFileA
ElfClearEventLogFileW
ElfCloseEventLog
ElfDeregisterEventSource
ElfFlushEventLog
ElfNumberOfRecords
ElfOldestRecord
ElfOpenBackupEventLogA
ElfOpenBackupEventLogW
ElfOpenEventLogA
ElfOpenEventLogW
ElfReadEventLogA
ElfReadEventLogW
ElfRegisterEventSourceA
ElfRegisterEventSourceW
ElfReportEventA
ElfReportEventW
EnableTrace
EncryptFileA
EncryptFileW
EncryptedFileKeyInfo
EncryptionDisable
EnumDependentServicesA
EnumDependentServicesW
EnumServiceGroupW
EnumServicesStatusA
EnumServicesStatusExA
EnumServicesStatusExW
EnumServicesStatusW
EnumerateTraceGuids
EqualDomainSid
EqualPrefixSid
EqualSid
FileEncryptionStatusA
FileEncryptionStatusW
FindFirstFreeAce
FlushTraceA
FlushTraceW
FreeEncryptedFileKeyInfo
FreeEncryptionCertificateHashList
FreeInheritedFromArray
FreeSid
GetAccessPermissionsForObjectA
GetAccessPermissionsForObjectW
GetAce
GetAclInformation
GetAuditedPermissionsFromAclA
GetAuditedPermissionsFromAclW
GetCurrentHwProfileA
GetCurrentHwProfileW
GetEffectiveRightsFromAclA
GetEffectiveRightsFromAclW
GetEventLogInformation
GetExplicitEntriesFromAclA
GetExplicitEntriesFromAclW
GetFileSecurityA
GetFileSecurityW
GetInformationCodeAuthzLevelW
GetInformationCodeAuthzPolicyW
GetInheritanceSourceA
GetInheritanceSourceW
GetKernelObjectSecurity
GetLengthSid
GetLocalManagedApplicationData
GetLocalManagedApplications
GetManagedApplicationCategories
GetManagedApplications
GetMultipleTrusteeA
GetMultipleTrusteeOperationA
GetMultipleTrusteeOperationW
GetMultipleTrusteeW
GetNamedSecurityInfoA
GetNamedSecurityInfoExA
GetNamedSecurityInfoExW
GetNamedSecurityInfoW
GetNumberOfEventLogRecords
GetOldestEventLogRecord
GetOverlappedAccessResults
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSecurityInfo
GetSecurityInfoExA
GetSecurityInfoExW
GetServiceDisplayNameA
GetServiceDisplayNameW
GetServiceKeyNameA
GetServiceKeyNameW
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetTrusteeFormA
GetTrusteeFormW
GetTrusteeNameA
GetTrusteeNameW
GetTrusteeTypeA
GetTrusteeTypeW
GetUserNameA
GetUserNameW
GetWindowsAccountDomainSid
I_ScGetCurrentGroupStateW
I_ScIsSecurityProcess
I_ScPnPGetServiceName
I_ScSendTSMessage
I_ScSetServiceBitsA
I_ScSetServiceBitsW
IdentifyCodeAuthzLevelW
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
InitiateSystemShutdownA
InitiateSystemShutdownExA
InitiateSystemShutdownExW
InitiateSystemShutdownW
InstallApplication
IsTextUnicode
IsTokenRestricted
IsTokenUntrusted
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
LockServiceDatabase
LogonUserA
LogonUserExA
LogonUserExExW
LogonUserExW
LogonUserW
LookupAccountNameA
LookupAccountNameW
LookupAccountSidA
LookupAccountSidW
LookupPrivilegeDisplayNameA
LookupPrivilegeDisplayNameW
LookupPrivilegeNameA
LookupPrivilegeNameW
LookupPrivilegeValueA
LookupPrivilegeValueW
LookupSecurityDescriptorPartsA
LookupSecurityDescriptorPartsW
LsaAddAccountRights
LsaAddPrivilegesToAccount
LsaClearAuditLog
LsaClose
LsaCreateAccount
LsaCreateSecret
LsaCreateTrustedDomain
LsaCreateTrustedDomainEx
LsaDelete
LsaDeleteTrustedDomain
LsaEnumerateAccountRights
LsaEnumerateAccounts
LsaEnumerateAccountsWithUserRight
LsaEnumeratePrivileges
LsaEnumeratePrivilegesOfAccount
LsaEnumerateTrustedDomains
LsaEnumerateTrustedDomainsEx
LsaFreeMemory
LsaGetQuotasForAccount
LsaGetRemoteUserName
LsaGetSystemAccessAccount
LsaGetUserName
LsaICLookupNames
LsaICLookupNamesWithCreds
LsaICLookupSids
LsaICLookupSidsWithCreds
LsaLookupNames
LsaLookupNames2
LsaLookupPrivilegeDisplayName
LsaLookupPrivilegeName
LsaLookupPrivilegeValue
LsaLookupSids
LsaNtStatusToWinError
LsaOpenAccount
LsaOpenPolicy
LsaOpenPolicySce
LsaOpenSecret
LsaOpenTrustedDomain
LsaOpenTrustedDomainByName
LsaQueryDomainInformationPolicy
LsaQueryForestTrustInformation
LsaQueryInfoTrustedDomain
LsaQueryInformationPolicy
LsaQuerySecret
LsaQuerySecurityObject
LsaQueryTrustedDomainInfo
LsaQueryTrustedDomainInfoByName
LsaRemoveAccountRights
LsaRemovePrivilegesFromAccount
LsaRetrievePrivateData
LsaSetDomainInformationPolicy
LsaSetForestTrustInformation
LsaSetInformationPolicy
LsaSetInformationTrustedDomain
LsaSetQuotasForAccount
LsaSetSecret
LsaSetSecurityObject
LsaSetSystemAccessAccount
LsaSetTrustedDomainInfoByName
LsaSetTrustedDomainInformation
LsaStorePrivateData
MD4Final
MD4Init
MD4Update
MD5Final
MD5Init
MD5Update
MSChapSrvChangePassword
MSChapSrvChangePassword2
MakeAbsoluteSD
MakeAbsoluteSD2
MakeSelfRelativeSD
MapGenericMask
NotifyBootConfigStatus
NotifyChangeEventLog
ObjectCloseAuditAlarmA
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmA
ObjectDeleteAuditAlarmW
ObjectOpenAuditAlarmA
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmA
ObjectPrivilegeAuditAlarmW
OpenBackupEventLogA
OpenBackupEventLogW
OpenEncryptedFileRawA
OpenEncryptedFileRawW
OpenEventLogA
OpenEventLogW
OpenProcessToken
OpenSCManagerA
OpenSCManagerW
OpenServiceA
OpenServiceW
OpenThreadToken
OpenTraceA
OpenTraceW
PrivilegeCheck
PrivilegedServiceAuditAlarmA
PrivilegedServiceAuditAlarmW
ProcessIdleTasks
ProcessTrace
QueryAllTracesA
QueryAllTracesW
QueryRecoveryAgentsOnEncryptedFile
QueryServiceConfig2A
QueryServiceConfig2W
QueryServiceConfigA
QueryServiceConfigW
QueryServiceLockStatusA
QueryServiceLockStatusW
QueryServiceObjectSecurity
QueryServiceStatus
QueryServiceStatusEx
QueryTraceA
QueryTraceW
QueryUsersOnEncryptedFile
QueryWindows31FilesMigration
ReadEncryptedFileRaw
ReadEventLogA
ReadEventLogW
RegCloseKey
RegConnectRegistryA
RegConnectRegistryW
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCache
RegDisablePredefinedCacheEx
RegEnumKeyA
RegEnumKeyExA
RegEnumKeyExW
RegEnumKeyW
RegEnumValueA
RegEnumValueW
RegFlushKey
RegGetKeySecurity
RegLoadKeyA
RegLoadKeyW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyW
RegOpenUserClassesRoot
RegOverridePredefKey
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryMultipleValuesA
RegQueryMultipleValuesW
RegQueryValueA
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegReplaceKeyA
RegReplaceKeyW
Sections
.text Size: 465KB - Virtual size: 465KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ