advapi32.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
32e9691840290579cb855d20602cc027_JaffaCakes118.dll
Resource
win7-20240704-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
32e9691840290579cb855d20602cc027_JaffaCakes118.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
32e9691840290579cb855d20602cc027_JaffaCakes118
-
Size
780KB
-
MD5
32e9691840290579cb855d20602cc027
-
SHA1
816fd8a0217a66958f69e2dc57fc52c40031ab2a
-
SHA256
98fe25e3f93dae624a54086c7c6d93c45efa1f48df2dacfba2ef94f6baf9e283
-
SHA512
78c3aec8a248cd0fc353a4f319848e7be78a63d8bbb52f53a19e09a8dcb55c572839fcae74dd369845c3a621dbecf24e02a1c2f1b204aa1f49bf7d4a1788a3e4
-
SSDEEP
24576:wuzWCGyoy3mCRRVcPkfbCttOXzSnwaxioFCo1UtdsVf:vIy3VtSB
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 32e9691840290579cb855d20602cc027_JaffaCakes118
Files
-
32e9691840290579cb855d20602cc027_JaffaCakes118.dll windows:6 windows x86 arch:x86
46a79e608a5bdfbf673b7a1f1611ff73
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
ntdll
EtwNotificationUnregister
EtwLogTraceEvent
EtwReplyNotification
NtTraceControl
EtwDeliverDataBlock
EtwEnumerateProcessRegGuids
EtwpGetCpuSpeed
NtQueryPerformanceCounter
NtTraceEvent
NtFreeVirtualMemory
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
NtAllocateVirtualMemory
NtPowerInformation
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
EtwSendNotification
EtwProcessPrivateLoggerRequest
RtlInitAnsiStringEx
RtlCompareUnicodeString
RtlUnicodeToMultiByteN
NtLoadKeyEx
RtlAppendStringToString
NtNotifyChangeKey
RtlMultiByteToUnicodeN
RtlSetCurrentTransaction
NtResetEvent
NtQueryEvent
RtlCreateServiceSid
DbgPrintEx
LdrQueryModuleServiceTags
NtQueueApcThread
NtOpenKeyTransacted
NtRenameKey
NtSetInformationKey
RtlTryEnterCriticalSection
NtDeleteValueKey
NtEnumerateValueKey
NtCreateKeyTransacted
NtQueryObject
RtlCopyString
EtwNotificationRegister
memcpy
_vsnwprintf
memmove
strncpy
memset
wcschr
atol
_chkstk
wcsrchr
wcsncmp
wcsstr
_wcsnicmp
_wcsicmp
wcstombs
mbstowcs
_vsnprintf
strstr
strrchr
strchr
_stricmp
_itow
qsort
_wcsupr
towlower
iswctype
_wcstoui64
wcstoul
tolower
_ultow
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlEqualUnicodeString
RtlInitializeSRWLock
NtQueryMutant
NtAlpcQueryInformation
_aulldvrm
RtlAnsiCharToUnicodeChar
RtlUnwind
RtlSetLastWin32Error
NtCreateFile
NtDuplicateObject
NtWaitForMultipleObjects
NtCancelIoFile
RtlRegisterThreadWithCsrss
RtlExitUserThread
NtDelayExecution
NtClearEvent
NtSetEvent
NtTerminateThread
NtCreateEvent
RtlDllShutdownInProgress
RtlGetFullPathName_U
NtQueryInformationFile
RtlDetermineDosPathNameType_U
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlPrefixUnicodeString
NtQueryVolumeInformationFile
RtlUpcaseUnicodeChar
RtlGUIDFromString
RtlNumberGenericTableElements
RtlQueryRegistryValues
RtlLookupElementGenericTable
RtlInitializeGenericTable
RtlFormatCurrentUserKeyPath
RtlStringFromGUID
RtlIntegerToUnicodeString
NtEnumerateKey
RtlDestroyHandleTable
EtwEventUnregister
RtlInitializeHandleTable
RtlInsertElementGenericTable
RtlAppendUnicodeToString
NtDeleteKey
RtlDeleteElementGenericTable
NtSetValueKey
NtCreateKey
EtwEventRegister
EtwEventWrite
RtlCreateUnicodeString
RtlDuplicateUnicodeString
RtlExpandEnvironmentStrings_U
RtlGetLastNtStatus
NtQueryKey
NtQueryInformationProcess
RtlIsGenericTableEmpty
RtlEnumerateGenericTableWithoutSplaying
NtCompareTokens
RtlFreeHandle
RtlIsValidIndexHandle
RtlAllocateHandle
RtlConvertSidToUnicodeString
RtlUnicodeStringToInteger
RtlGetThreadPreferredUILanguages
RtlGetNtProductType
NtQuerySystemTime
RtlRandom
RtlxAnsiStringToUnicodeSize
RtlInitUnicodeStringEx
RtlMakeSelfRelativeSD
NlsMbCodePageTag
RtlxUnicodeStringToAnsiSize
RtlAppendUnicodeStringToString
NtWaitForSingleObject
RtlCompareMemory
NtDeviceIoControlFile
NtOpenKey
NtQueryValueKey
RtlImageNtHeader
RtlGetCurrentTransaction
DbgPrint
RtlOpenCurrentUser
RtlFreeAnsiString
RtlCreateUnicodeStringFromAsciiz
NtQuerySystemInformation
NtQueryInformationThread
NtTerminateProcess
RtlAdjustPrivilege
NtSetInformationProcess
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitString
RtlIsTextUnicode
RtlSetSecurityDescriptorRMControl
RtlGetSecurityDescriptorRMControl
RtlSelfRelativeToAbsoluteSD2
NtFilterToken
NtImpersonateAnonymousToken
RtlUnicodeStringToAnsiString
RtlUnicodeToMultiByteSize
RtlCopyUnicodeString
NtSetInformationThread
RtlImpersonateSelf
NtFsControlFile
NtQuerySecurityObject
RtlOemStringToUnicodeString
RtlDosPathNameToRelativeNtPathName_U
NtOpenFile
RtlReleaseRelativeName
NtSetSecurityObject
NtClose
RtlSelfRelativeToAbsoluteSD
RtlAbsoluteToSelfRelativeSD
RtlDeleteSecurityObject
RtlQuerySecurityObject
RtlSetSecurityObjectEx
RtlSetSecurityObject
RtlNewSecurityObjectWithMultipleInheritance
RtlNewSecurityObjectEx
RtlConvertToAutoInheritSecurityObject
RtlNewSecurityObject
RtlGetGroupSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetControlSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlLengthSecurityDescriptor
RtlValidRelativeSecurityDescriptor
RtlValidSecurityDescriptor
RtlCreateSecurityDescriptor
RtlFirstFreeAce
RtlAddAuditAccessObjectAce
RtlAddAccessDeniedObjectAce
RtlAddAccessAllowedObjectAce
RtlAddAuditAccessAceEx
RtlAddAuditAccessAce
RtlAddAccessDeniedAceEx
RtlAddAccessDeniedAce
RtlAddMandatoryAce
RtlAddAccessAllowedAceEx
RtlAddAccessAllowedAce
RtlGetAce
RtlDeleteAce
RtlAddAce
RtlSetInformationAcl
RtlQueryInformationAcl
RtlCreateAcl
RtlValidAcl
RtlMapGenericMask
RtlAreAnyAccessesGranted
RtlAreAllAccessesGranted
RtlCopySid
RtlLengthSid
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlIdentifierAuthoritySid
RtlAllocateAndInitializeSid
RtlFreeSid
RtlInitializeSid
RtlLengthRequiredSid
RtlEqualPrefixSid
RtlEqualSid
RtlValidSid
NtPrivilegedServiceAuditAlarm
NtDeleteObjectAuditAlarm
NtCloseObjectAuditAlarm
NtPrivilegeObjectAuditAlarm
NtOpenObjectAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckAndAuditAlarm
NtPrivilegeCheck
NtAdjustGroupsToken
NtAdjustPrivilegesToken
NtSetInformationToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenProcessToken
NtAccessCheckByTypeResultList
NtAccessCheckByType
NtAccessCheck
NtAllocateLocallyUniqueId
NtDuplicateToken
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
RtlDeleteCriticalSection
RtlTimeToSecondsSince1970
RtlInitializeCriticalSection
RtlNtStatusToDosErrorNoTeb
NtFlushKey
NtLoadKey
NtUnloadKey
NtReplaceKey
NtNotifyChangeMultipleKeys
NtQueryMultipleValueKey
NtRestoreKey
NtSaveKey
NtSaveMergedKeys
NtSaveKeyEx
RtlGetVersion
NtReadFile
NtWriteFile
_alloca_probe
kernel32
VirtualFreeEx
LocalFree
LocalAlloc
LocalReAlloc
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
AreFileApisANSI
CloseHandle
GetLastError
GetCurrentProcess
GetProcAddress
LoadLibraryA
OpenProcess
HeapFree
ResumeThread
HeapAlloc
GetProcessHeap
CreateProcessInternalW
CreateProcessInternalA
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
SizeofResource
LoadResource
FindResourceA
ReadFile
FreeLibrary
LoadLibraryExW
GetFileAttributesExW
SearchPathW
_lclose
GetFileSize
OpenFile
lstrcmpiA
CopyFileW
FindFirstFileExW
FindNextFileW
GetFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
Wow64DisableWow64FsRedirection
LockResource
Wow64RevertWow64FsRedirection
CreateMutexA
HeapReAlloc
GetPrivateProfileIntW
GetSystemWindowsDirectoryW
IsBadWritePtr
RaiseException
GetProfileIntA
GetProfileStringA
FreeLibraryAndExitThread
CreateMutexW
EncodePointer
DecodePointer
ReadProcessMemory
GetProcessId
DuplicateHandle
SetEvent
GetComputerNameA
LocalLock
LocalUnlock
GetComputerNameExW
TlsAlloc
OpenThread
GetProcessTimes
ResetEvent
TerminateThread
GetThreadPriority
IsDebuggerPresent
SetThreadPriority
WaitNamedPipeW
IsWow64Process
TlsGetValue
TlsSetValue
OpenEventW
GetModuleFileNameW
SetErrorMode
GetComputerNameW
ReleaseMutex
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
GetSystemInfo
GlobalMemoryStatusEx
VirtualFree
SetNamedPipeHandleState
VirtualAllocEx
GetOverlappedResult
GetFullPathNameA
GetSystemDirectoryW
GetDiskFreeSpaceExW
CancelIo
SetLastError
GetSystemTime
CompareStringW
HeapSize
CreateThread
EnumUILanguagesW
GetFileMUIPath
GetWindowsDirectoryW
FindClose
WaitForSingleObject
GetVolumePathNameW
FindResourceExW
GetLongPathNameW
CompareFileTime
MapViewOfFile
UnmapViewOfFile
GetFileSizeEx
CreateFileMappingW
GetModuleHandleW
FormatMessageW
GetLocalTime
OutputDebugStringW
SetFilePointer
DeleteFileW
MoveFileW
ExpandEnvironmentStringsW
WriteFile
GetModuleHandleExW
GetCurrentThread
Sleep
lstrcmpW
GetCommandLineW
lstrcmpiW
GetThreadUILanguage
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
DeleteCriticalSection
DeviceIoControl
InterlockedExchange
CreateEventW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedCompareExchange
DelayLoadFailureHook
GetPriorityClass
GetFileAttributesW
GetFullPathNameW
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
SleepEx
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
ExpandEnvironmentStringsA
rpcrt4
RpcRaiseException
RpcBindingSetAuthInfoExA
RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
NdrClientCall2
RpcStringBindingParseW
I_RpcMapWin32Status
RpcBindingToStringBindingW
NDRCContextBinding
RpcRevertToSelf
RpcImpersonateClient
I_RpcBindingIsClientLocal
I_RpcExceptionFilter
RpcSsDestroyClientContext
RpcBindingSetAuthInfoW
UuidCreate
RpcBindingSetAuthInfoA
RpcEpResolveBinding
I_RpcSNCHOption
RpcBindingSetOption
RpcAsyncCompleteCall
RpcAsyncCancelCall
RpcAsyncInitializeHandle
RpcSmDestroyClientContext
UuidIsNil
UuidEqual
NdrAsyncClientCall
UuidFromStringW
UuidToStringW
RpcBindingServerFromClient
RpcServerInqCallAttributesA
RpcSsGetContextBinding
Exports
Exports
A_SHAFinal
A_SHAInit
A_SHAUpdate
AbortSystemShutdownA
AbortSystemShutdownW
AccessCheck
AccessCheckAndAuditAlarmA
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmA
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmA
AccessCheckByTypeResultListAndAuditAlarmByHandleA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddMandatoryAce
AddUsersToEncryptedFile
AddUsersToEncryptedFileEx
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
AuditComputeEffectivePolicyBySid
AuditComputeEffectivePolicyByToken
AuditEnumerateCategories
AuditEnumeratePerUserPolicy
AuditEnumerateSubCategories
AuditFree
AuditLookupCategoryGuidFromCategoryId
AuditLookupCategoryIdFromCategoryGuid
AuditLookupCategoryNameA
AuditLookupCategoryNameW
AuditLookupSubCategoryNameA
AuditLookupSubCategoryNameW
AuditQueryPerUserPolicy
AuditQuerySecurity
AuditQuerySystemPolicy
AuditSetPerUserPolicy
AuditSetSecurity
AuditSetSystemPolicy
BackupEventLogA
BackupEventLogW
BuildExplicitAccessWithNameA
BuildExplicitAccessWithNameW
BuildImpersonateExplicitAccessWithNameA
BuildImpersonateExplicitAccessWithNameW
BuildImpersonateTrusteeA
BuildImpersonateTrusteeW
BuildSecurityDescriptorA
BuildSecurityDescriptorW
BuildTrusteeWithNameA
BuildTrusteeWithNameW
BuildTrusteeWithObjectsAndNameA
BuildTrusteeWithObjectsAndNameW
BuildTrusteeWithObjectsAndSidA
BuildTrusteeWithObjectsAndSidW
BuildTrusteeWithSidA
BuildTrusteeWithSidW
CancelOverlappedAccess
ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CheckAppInitBlockedServiceIdentity
CheckTokenMembership
ClearEventLogA
ClearEventLogW
CloseCodeAuthzLevel
CloseEncryptedFileRaw
CloseEventLog
CloseServiceHandle
CloseThreadWaitChainSession
CloseTrace
CommandLineFromMsiDescriptor
ComputeAccessTokenFromCodeAuthzLevel
ControlService
ControlServiceExA
ControlServiceExW
ControlTraceA
ControlTraceW
ConvertAccessToSecurityDescriptorA
ConvertAccessToSecurityDescriptorW
ConvertSDToStringSDRootDomainA
ConvertSDToStringSDRootDomainW
ConvertSecurityDescriptorToAccessA
ConvertSecurityDescriptorToAccessNamedA
ConvertSecurityDescriptorToAccessNamedW
ConvertSecurityDescriptorToAccessW
ConvertSecurityDescriptorToStringSecurityDescriptorA
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidA
ConvertSidToStringSidW
ConvertStringSDToSDDomainA
ConvertStringSDToSDDomainW
ConvertStringSDToSDRootDomainA
ConvertStringSDToSDRootDomainW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidA
ConvertStringSidToSidW
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreateCodeAuthzLevel
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessWithLogonW
CreateProcessWithTokenW
CreateRestrictedToken
CreateServiceA
CreateServiceW
CreateTraceInstanceId
CreateWellKnownSid
CredBackupCredentials
CredDeleteA
CredDeleteW
CredEncryptAndMarshalBinaryBlob
CredEnumerateA
CredEnumerateW
CredFindBestCredentialA
CredFindBestCredentialW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialA
CredIsMarshaledCredentialW
CredIsProtectedA
CredIsProtectedW
CredMarshalCredentialA
CredMarshalCredentialW
CredProfileLoaded
CredProfileUnloaded
CredProtectA
CredProtectW
CredReadA
CredReadByTokenHandle
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredRenameA
CredRenameW
CredRestoreCredentials
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredUnprotectA
CredUnprotectW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
CredpConvertCredential
CredpConvertOneCredentialSize
CredpConvertTargetInfo
CredpDecodeCredential
CredpEncodeCredential
CredpEncodeSecret
CryptAcquireContextA
CryptAcquireContextW
CryptContextAddRef
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptDuplicateHash
CryptDuplicateKey
CryptEncrypt
CryptEnumProviderTypesA
CryptEnumProviderTypesW
CryptEnumProvidersA
CryptEnumProvidersW
CryptExportKey
CryptGenKey
CryptGenRandom
CryptGetDefaultProviderA
CryptGetDefaultProviderW
CryptGetHashParam
CryptGetKeyParam
CryptGetProvParam
CryptGetUserKey
CryptHashData
CryptHashSessionKey
CryptImportKey
CryptReleaseContext
CryptSetHashParam
CryptSetKeyParam
CryptSetProvParam
CryptSetProviderA
CryptSetProviderExA
CryptSetProviderExW
CryptSetProviderW
CryptSignHashA
CryptSignHashW
CryptVerifySignatureA
CryptVerifySignatureW
DecryptFileA
DecryptFileW
DeleteAce
DeleteService
DeregisterEventSource
DestroyPrivateObjectSecurity
DuplicateEncryptionInfoFile
DuplicateToken
DuplicateTokenEx
ElfBackupEventLogFileA
ElfBackupEventLogFileW
ElfChangeNotify
ElfClearEventLogFileA
ElfClearEventLogFileW
ElfCloseEventLog
ElfDeregisterEventSource
ElfFlushEventLog
ElfNumberOfRecords
ElfOldestRecord
ElfOpenBackupEventLogA
ElfOpenBackupEventLogW
ElfOpenEventLogA
ElfOpenEventLogW
ElfReadEventLogA
ElfReadEventLogW
ElfRegisterEventSourceA
ElfRegisterEventSourceW
ElfReportEventA
ElfReportEventAndSourceW
ElfReportEventW
EnableTrace
EnableTraceEx
EncryptFileA
EncryptFileW
EncryptedFileKeyInfo
EncryptionDisable
EnumDependentServicesA
EnumDependentServicesW
EnumServiceGroupW
EnumServicesStatusA
EnumServicesStatusExA
EnumServicesStatusExW
EnumServicesStatusW
EnumerateTraceGuids
EnumerateTraceGuidsEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventAccessControl
EventAccessQuery
EventAccessRemove
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventUnregister
EventWrite
EventWriteEndScenario
EventWriteStartScenario
EventWriteString
EventWriteTransfer
FileEncryptionStatusA
FileEncryptionStatusW
FindFirstFreeAce
FlushEfsCache
FlushTraceA
FlushTraceW
FreeEncryptedFileKeyInfo
FreeEncryptedFileMetadata
FreeEncryptionCertificateHashList
FreeInheritedFromArray
FreeSid
GetAccessPermissionsForObjectA
GetAccessPermissionsForObjectW
GetAce
GetAclInformation
GetAuditedPermissionsFromAclA
GetAuditedPermissionsFromAclW
GetCurrentHwProfileA
GetCurrentHwProfileW
GetEffectiveRightsFromAclA
GetEffectiveRightsFromAclW
GetEncryptedFileMetadata
GetEventLogInformation
GetExplicitEntriesFromAclA
GetExplicitEntriesFromAclW
GetFileSecurityA
GetFileSecurityW
GetInformationCodeAuthzLevelW
GetInformationCodeAuthzPolicyW
GetInheritanceSourceA
GetInheritanceSourceW
GetKernelObjectSecurity
GetLengthSid
GetLocalManagedApplicationData
GetLocalManagedApplications
GetManagedApplicationCategories
GetManagedApplications
GetMultipleTrusteeA
GetMultipleTrusteeOperationA
GetMultipleTrusteeOperationW
GetMultipleTrusteeW
GetNamedSecurityInfoA
GetNamedSecurityInfoExA
GetNamedSecurityInfoExW
GetNamedSecurityInfoW
GetNumberOfEventLogRecords
GetOldestEventLogRecord
GetOverlappedAccessResults
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSecurityInfo
GetSecurityInfoExA
GetSecurityInfoExW
GetServiceDisplayNameA
GetServiceDisplayNameW
GetServiceKeyNameA
GetServiceKeyNameW
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetThreadWaitChain
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetTrusteeFormA
GetTrusteeFormW
GetTrusteeNameA
GetTrusteeNameW
GetTrusteeTypeA
GetTrusteeTypeW
GetUserNameA
GetUserNameW
GetWindowsAccountDomainSid
I_QueryTagInformation
I_ScGetCurrentGroupStateW
I_ScIsSecurityProcess
I_ScPnPGetServiceName
I_ScQueryServiceConfig
I_ScSendPnPMessage
I_ScSendTSMessage
I_ScSetServiceBitsA
I_ScSetServiceBitsW
I_ScValidatePnPService
IdentifyCodeAuthzLevelW
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
InitiateShutdownA
InitiateShutdownW
InitiateSystemShutdownA
InitiateSystemShutdownExA
InitiateSystemShutdownExW
InitiateSystemShutdownW
InstallApplication
IsTextUnicode
IsTokenRestricted
IsTokenUntrusted
IsValidAcl
IsValidRelativeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
LockServiceDatabase
LogonUserA
LogonUserExA
LogonUserExExW
LogonUserExW
LogonUserW
LookupAccountNameA
LookupAccountNameW
LookupAccountSidA
LookupAccountSidW
LookupPrivilegeDisplayNameA
LookupPrivilegeDisplayNameW
LookupPrivilegeNameA
LookupPrivilegeNameW
LookupPrivilegeValueA
LookupPrivilegeValueW
LookupSecurityDescriptorPartsA
LookupSecurityDescriptorPartsW
LsaAddAccountRights
LsaAddPrivilegesToAccount
LsaClearAuditLog
LsaClose
LsaCreateAccount
LsaCreateSecret
LsaCreateTrustedDomain
LsaCreateTrustedDomainEx
LsaDelete
LsaDeleteTrustedDomain
LsaEnumerateAccountRights
LsaEnumerateAccounts
LsaEnumerateAccountsWithUserRight
LsaEnumeratePrivileges
LsaEnumeratePrivilegesOfAccount
LsaEnumerateTrustedDomains
LsaEnumerateTrustedDomainsEx
LsaFreeMemory
LsaGetQuotasForAccount
LsaGetRemoteUserName
LsaGetSystemAccessAccount
LsaGetUserName
LsaICLookupNames
LsaICLookupNamesWithCreds
LsaICLookupSids
LsaICLookupSidsWithCreds
LsaLookupNames
LsaLookupNames2
LsaLookupPrivilegeDisplayName
LsaLookupPrivilegeName
LsaLookupPrivilegeValue
LsaLookupSids
LsaManageSidNameMapping
LsaNtStatusToWinError
LsaOpenAccount
LsaOpenPolicy
LsaOpenPolicySce
LsaOpenSecret
LsaOpenTrustedDomain
LsaOpenTrustedDomainByName
LsaQueryDomainInformationPolicy
LsaQueryForestTrustInformation
LsaQueryInfoTrustedDomain
LsaQueryInformationPolicy
LsaQuerySecret
LsaQuerySecurityObject
LsaQueryTrustedDomainInfo
LsaQueryTrustedDomainInfoByName
LsaRemoveAccountRights
LsaRemovePrivilegesFromAccount
LsaRetrievePrivateData
LsaSetDomainInformationPolicy
LsaSetForestTrustInformation
LsaSetInformationPolicy
LsaSetInformationTrustedDomain
LsaSetQuotasForAccount
LsaSetSecret
LsaSetSecurityObject
LsaSetSystemAccessAccount
LsaSetTrustedDomainInfoByName
LsaSetTrustedDomainInformation
LsaStorePrivateData
MD4Final
MD4Init
MD4Update
MD5Final
MD5Init
MD5Update
MSChapSrvChangePassword
MSChapSrvChangePassword2
MakeAbsoluteSD
MakeAbsoluteSD2
MakeSelfRelativeSD
MapGenericMask
NotifyBootConfigStatus
NotifyChangeEventLog
NotifyServiceStatusChange
NotifyServiceStatusChangeA
NotifyServiceStatusChangeW
ObjectCloseAuditAlarmA
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmA
ObjectDeleteAuditAlarmW
ObjectOpenAuditAlarmA
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmA
ObjectPrivilegeAuditAlarmW
OpenBackupEventLogA
OpenBackupEventLogW
OpenEncryptedFileRawA
OpenEncryptedFileRawW
OpenEventLogA
OpenEventLogW
OpenProcessToken
OpenSCManagerA
OpenSCManagerW
Sections
.text Size: 610KB - Virtual size: 609KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 57KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 90KB - Virtual size: 90KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ