x64__installer__x32_[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

x64__installer__x32_.zip
Size

32.7MB
MD5

3f188641b13799ef5ad3cf3b719269d8
SHA1

f54270a1544d4b05ec578d7a077b9332405b7764
SHA256

3283ef264ae1987a9bd6f98f3957c6558953bd90d3c1438ae5091969bde49817
SHA512

5410eef0eb65267e95821810d2402153763dccc4d92b43ac648915783db55e0b18088ff41283908cef7d2246995b527fe91b08288421bc4a4720a5c2e642761f
SSDEEP

786432:aThiVuw7rJmfRZYu9pHel0oXaowsC17TGrFgQ3pe3MEYd/UZNbp:Av/HmjwnKruQZecZM5

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/msfeeds/PerceptionDevice.dll
unpack001/msfeeds/msfeeds.dll
unpack001/msfeeds/ngcpopkeysrv.dll
unpack001/msimsg/moshost.dll
unpack001/msimsg/msimsg.dll
unpack001/msimsg/ndfapi.dll
unpack001/provthrd/provthrd.dll
unpack001/provthrd/sendmail.dll
unpack001/provthrd/setupcln.dll
unpack001/syssetup/ManageCI.dll
unpack001/syssetup/msdtctm.dll
unpack001/syssetup/sysntfy.dll
unpack001/syssetup/syssetup.dll

Files

x64__installer__x32_.zip
.zip
msfeeds/PerceptionDevice.dll
.dll windows:10 windows x64 arch:x64

b3347c947e0a334b92c8dfc1552e2b64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PerceptionDevice.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_iswspace
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__configure_narrow_argv
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
CreateMutexExW
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseMutex
ResetEvent
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSectionEx
DeleteCriticalSection
CreateEventW
SetEvent
OpenSemaphoreW
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Unregister_Notification
CM_Register_Notification
CM_Get_Device_Interface_ListW
CM_MapCrToWin32Err

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
SubmitThreadpoolWork

api-ms-win-core-io-l1-1-0

GetOverlappedResult
PostQueuedCompletionStatus
DeviceIoControl
CreateIoCompletionPort
GetQueuedCompletionStatus
CancelIoEx

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsPreallocateStringBuffer
WindowsDeleteStringBuffer
WindowsPromoteStringBuffer

oleaut32

SysFreeString
SysStringLen

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

CreateSpatialObjectDDIClientFactory
DllMain
PerceptionDeviceCreateFactory
PerceptionDeviceSetCreateFactoryOverride

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msfeeds/msfeeds.dll
.dll windows:10 windows x64 arch:x64

84f3ccddd61f29542a0e95502e8805d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msfeeds.pdb

Imports

msvcrt

_vsnwprintf
_wcsicmp
_vsnprintf
wcstok_s
_wtoi
_wcsnicmp
_vsnwprintf_s
memcmp
memcpy
wcsncpy_s
wcsnlen
strnlen
isalnum
memmove
memset
rand_s
sprintf_s
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcsncmp
wcschr
iswalpha
_ultow_s
_itow_s
time
rand
srand
__C_specific_handler
memcpy_s
wcscmp

ntdll

NtQueryLicenseValue
NtClose
VerSetConditionMask
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

kernel32

GetFileAttributesW
SetFileAttributesW
DeleteFileW
MoveFileExW
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FileTimeToSystemTime
LocalAlloc
LocalFree
HeapFree
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap
OpenFileMappingW
ResetEvent
GetModuleFileNameW
GlobalAlloc
GlobalFree
GlobalLock
LocalReAlloc
GlobalUnlock
GetVersionExW
WriteFile
WaitForMultipleObjects
CreateMutexW
Sleep
CreateThread
FileTimeToLocalFileTime
QueryPerformanceFrequency
GetFileSize
WideCharToMultiByte
QueryPerformanceCounter
GetModuleFileNameA
CreateSemaphoreExW
SetLastError
ReleaseSemaphore
GetModuleHandleExW
GetCurrentThreadId
FormatMessageW
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
GetProcAddress
GetModuleHandleW
DebugBreak
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetTickCount
RaiseFailFastException
RaiseException
GetStringTypeExA
IsDBCSLeadByteEx
QueueUserWorkItem
InitializeCriticalSection
GetDiskFreeSpaceExW
GetTimeZoneInformation
FlushViewOfFile
FindClose
FlushFileBuffers
SetEndOfFile
LCMapStringW
GetFullPathNameW
GetFileSizeEx
SetFileTime
CompareStringW
GetTempPathW
GetLocalTime
GetProductInfo
GetUserPreferredUILanguages
GetSystemInfo
LoadLibraryW
FindFirstFileW
FreeLibrary
LocaleNameToLCID
CompareFileTime
CreateDirectoryW
SystemTimeToTzSpecificLocalTime
MultiByteToWideChar
OpenProcess
OpenMutexW
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
DeleteCriticalSection
GetSystemDefaultLCID
GetUserDefaultLCID
LoadLibraryExW
ResolveDelayLoadedAPI
DelayLoadFailureHook
RemoveDirectoryW
GetCurrentDirectoryW
InitOnceExecuteOnce
IsDBCSLeadByte
GetVersionExA
VerifyVersionInfoW
UnregisterWaitEx
CreateMutexExW
CloseHandle
SetEvent
GetLastError
CreateEventW
DuplicateHandle
UnmapViewOfFile
ReleaseMutex
OpenEventW
CreateFileW
WaitForSingleObject
SetFilePointer
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RegisterWaitForSingleObject
GetCurrentProcess
EnterCriticalSection
CreateEventExW
ReadFile
GetFileTime
FindNextFileW
LockResource
LoadResource
FindResourceExW
SizeofResource

shlwapi

PathIsNetworkPathW
StrStrW
ord219
ord176
ord156
ord2
SHGetValueW
ord433
UrlEscapeW
StrStrNIW
ord157
StrCmpNIA
StrToIntExW
SHCreateStreamOnFileEx
ord154
PathIsURLW
UrlCanonicalizeW
UrlCreateFromPathW
UrlApplySchemeW
ord487
StrCmpNA
HashData
StrTrimW
ord215
SHCreateStreamOnFileW
ord12
ord217
StrRChrW
StrToInt64ExW
SHRegGetValueW
ord158
StrChrW
StrCmpNIW
ord213
StrStrIW
ord15
ChrCmpIW
PathFileExistsW
SHStrDupW
PathFindFileNameW
StrCmpW
ord184
StrCmpIW
UrlUnescapeW
StrCmpNW

rpcrt4

RpcServerInqCallAttributesW
UuidCreateSequential
UuidEqual

iertutil

ord466
ord80
ord66
ord76
ord89
ord68
ord63
ord64
ord151
ord150
CreateIUriBuilder
ord54
ord65
CreateUriWithFragment
ord61
ord74
ord85
ord70
CreateUri
ord91
ord166
ord81
ord78
ord90
ord58
ord32
ord48
ord820
ord44
ord62
ord67
ord796
ord50
ord791
ord701
ord690
ord654
ord652
ord662
ord658
ord672
ord660
ord653
ord670
ord650
ord657
ord655
ord651
ord665
ord675
ord775
ord765
ord781
ord779
ord774
ord110
ord111
ord682
ord57
ord163
ord793
ord594
ord398
ord597
ord79
ord134

advapi32

CryptGetHashParam
RegQueryValueExA
RegOpenKeyExA
CryptSetKeyParam
CryptSetHashParam
CryptDestroyKey
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptGetKeyParam
CryptEncrypt
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
EventWriteEx
EventWriteTransfer
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
EventRegister
EventSetInformation
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
CredWriteW
CredReadW
CredEnumerateW
CredFree
CredDeleteW
TraceMessage
TraceEvent
CryptVerifySignatureW
RegQueryInfoKeyW
RegEnumKeyExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceConfigW

mlang

ord123

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathIsPrefixW
PathRemoveExtensionW

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
PropVariantCopy
CoWaitForMultipleHandles

kernelbase

OpenGlobalizationUserSettingsKey
GetSystemDefaultLocaleName
GetUserDefaultLocaleName
lstrcmpiA
StrToIntA
lstrlenA
lstrlenW

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
MsfeedsCreateInstance

Sections

.text
Size: 479KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msfeeds/ngcpopkeysrv.dll
.dll windows:10 windows x64 arch:x64

ac7e98cedc64f1b0a84812a0c2f2fed9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ngcpopkeysrv.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_terminate
__std_terminate
__C_specific_handler
_CxxThrowException
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
__CxxFrameHandler3
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
DeleteCriticalSection
AcquireSRWLockShared
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
OpenEventW
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
InitializeSRWLock
CreateMutexExW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

bcrypt

BCryptKeyDerivation
BCryptHash
BCryptGenRandom
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDecrypt
BCryptDestroyKey

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ncrypt

NCryptGetProperty
NCryptImportKey
NCryptFreeObject
NCryptKeyDerivation
NCryptOpenKey
NCryptSetProperty
NCryptIsAlgSupported
NCryptCreateClaim
NCryptExportKey
NCryptDecrypt
NCryptDeleteKey
NCryptFinalizeKey
NCryptCreatePersistedKey
NCryptFreeBuffer
NCryptEnumKeys
NCryptOpenStorageProvider

crypt32

CryptBinaryToStringW
CryptUnprotectData
CryptProtectData

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

profapi

ord104

rpcrt4

RpcStringFreeW
UuidToStringW

ntdll

RtlIsMultiSessionSku
RtlMakeSelfRelativeSD
RtlPublishWnfStateData
NtQuerySystemInformation

api-ms-win-core-string-l1-1-0

CompareStringEx

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyExW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorLength

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

devobj

DevObjDestroyDeviceInfoList
DevObjCreateDeviceInfoList
DevObjGetClassDevs
DevObjEnumDeviceInterfaces
DevObjEnumDeviceInfo
DevObjOpenDevRegKey

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

NgcGetPregenKey
NgcPregenKey
NgcTriggerTask
s_NgcDecryptWithSymmetricPopKey
s_NgcDeleteSymmetricPopKeyTransportKey
s_NgcEncryptWithSymmetricPopKey
s_NgcGetKeyAttestationForContainerService
s_NgcGetPregenKeyState
s_NgcGetPregenUserKey
s_NgcGetSymmetricPopKeyTransportKey
s_NgcGetSymmetricPopKeyTransportKeyName
s_NgcImportSymmetricPopKey
s_NgcRenewKeyAttestation
s_NgcSignWithSymmetricPopKey
s_NgcVerifyWithSymmetricPopKey

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msfeeds/ortcengine.dll
.dll windows:6 windows x64 arch:x64

a6a6ea6adf660ed9ca3bef7aeb4b5e99

Code Sign

33:00:00:01:45:10:eb:f8:9a:d7:99:40:e7:00:00:00:00:01:45
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2019, 19:27

Not After

27/03/2020, 19:27

Subject

CN=Skype Software Sarl,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:a9:79:c0:cb:b6:d0:00:dc:94:e6:00:49:b7:7f:0d:66:db:76:9c:be:a2:49:08:6f:43:bf:a8:46:a0:61:ae
Signer

Actual PE Digest

57:a9:79:c0:cb:b6:d0:00:dc:94:e6:00:49:b7:7f:0d:66:db:76:9c:be:a2:49:08:6f:43:bf:a8:46:a0:61:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\MSRTC\msrtc\build.d\output\release\OrtcEngine.pdb

Imports

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
FreeLibrary

rtmpal

RtcPalWaitForSingleObject
?g_nextCallId@auf@@3IC
?g_nextObjectId@auf@@3IC
RtcPalCloseWaitableHandle
?g_objectCheckDisabled@auf@@3DA
RtcPalSetEvent
RtcPalCreateEvent
RtcPalCreateThread
?wait@Event@auf@@QEAA_N_K@Z
?post@Event@auf@@QEAAXXZ
?g_logObjectCountChanges@auf@@3DA
?g_configMaxObjectWaitUs@auf@@3_KA
?g_aufUp@auf@@3HA
?stopInternal@auf@@YAXPEAUAufInitTag@1@PEBD@Z
?initInternal@auf@@YA_NPEAUAufInitTag@1@PEBDI_K@Z
RaiseException
??0UncheckedMutex@auf@@QEAA@PEBD_N@Z
??1Event@auf@@QEAA@XZ
?wait@Event@auf@@QEAA_NV?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@@Z
??0Event@auf@@QEAA@XZ
?dataBarrier@spl@@YAXXZ
?instantiateLogComponent@internal@auf@@YAPEAVLogComponent@2@PEBD@Z
?setLogComponentSafe@internal@auf@@YA_NPEBD_N@Z
?logFlush@auf@@YAXXZ
?log@LogComponent@auf@@QEAAXPEBXIIPEBDAEBVLogArgs@2@@Z
?atomicAddI@spl@@YAHPECHH@Z
EncodePointer
?compareExchangePI@spl@@YA_NPEC_J_J1@Z
RtcPalNetAddressToStringW
DecodePointer
?compareExchangeI@spl@@YA_NPECHHH@Z
?randomBytes@auf@@YA_NPEAX_K@Z
SetLastError
GetLastError
?memFree@spl@@YAXPEAX@Z
?memMalloc@spl@@YAPEAX_K@Z
threadCurrentId
?decodeToUtf16@spl@@YA?AV?$basic_string@_SU?$char_traits@_S@std@@V?$allocator@_S@2@@std@@PEBD_K@Z
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
RtcPalNetStringToIPv4AddressW
??1UncheckedMutex@auf@@QEAA@XZ
?createTimerWithTransport@auf@@YA?AV?$IntrusivePtr@VTimer@auf@@@1@AEBV?$IntrusivePtr@VThreadPoolTransport@auf@@@1@V?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@1PEAUCall@1@@Z
?freeMem@LockfreePacker@auf@@SAXPEAX@Z
RtcPalSetLogPath
RtcPalStartup
RtcPalCleanup
?lock@MutexCore@internal@auf@@QEAAXXZ
?unlock@MutexCore@internal@auf@@QEAAXXZ
??0CheckedMutex@auf@@QEAA@PEBD_N@Z
??1CheckedMutex@auf@@QEAA@XZ
?g_configTraceFifoSizeL2@auf@@3IA
TraceMessage
RtcPalSetEcsSettingById
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RtcPalRegisterTraceGuids
RtcPalLoadLibrary
RtcPalInitTracing
RtcPalDeinitTracing
?intrusive_ptr_release@auf@@YAXPEBVIReferenceCountable@1@@Z
?intrusive_ptr_add_ref@auf@@YAXPEBVIReferenceCountable@1@@Z
?createStrand@auf@@YA?AV?$IntrusivePtr@VThreadPoolTransport@auf@@@1@W4ThreadPoolPriority@spl@@@Z
MultiByteToWideChar
WideCharToMultiByte
GetAddrInfoW
FreeAddrInfoW
??0IPv4@rtnet@@QEAA@XZ
??1IPv4@rtnet@@QEAA@XZ
?fromBytes@IPv4@rtnet@@QEAA_NPEBE@Z
??0IPv6@rtnet@@QEAA@XZ
??1IPv6@rtnet@@QEAA@XZ
??AIPv6@rtnet@@QEAAAEAE_K@Z
?embedIPv4@IPv6@rtnet@@QEAA_NAEBVIPv4@2@_K@Z
?asIPv6@Address@rtnet@@QEBA_NAEAVIPv6@2@@Z
?address@InterfaceAddress@rtnet@@QEBA?AV?$IntrusivePtr@VAddress@rtnet@@@auf@@XZ
?prefixLength@InterfaceAddress@rtnet@@QEBA_KXZ
?getNat64Prefixes@rtnet@@YA_NV?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@AEAV?$vector@V?$IntrusivePtr@VInterfaceAddress@rtnet@@@auf@@V?$allocator@V?$IntrusivePtr@VInterfaceAddress@rtnet@@@auf@@@std@@@4@@Z
RtcPalSetEcsSetting
?encodeUtf8@spl@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBX_K1@Z
RtcPalIsAutomaticProxyTraversalSupported
RtcPalNetStringToIPv6AddressW
RtcPalGetTimeLongIn100nsFast
?allocMem@LockfreePacker@auf@@SAPEAX_K@Z

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsFree
FlsAlloc
FlsGetValue

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
abort
terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_errno
_invoke_watson

api-ms-win-crt-heap-l1-1-0

_free_base
calloc
_calloc_base
_malloc_base
realloc
_callnewh
free
malloc

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcslen
wcsnlen
__strncnt
isalpha
isupper
strcspn
strtok
strlen
_stricmp
_wcsnicmp
tolower
isspace
wmemcpy_s
isdigit
_wcsdup
towlower
strcpy_s
wcscmp
islower
isxdigit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vswscanf
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s

api-ms-win-crt-convert-l1-1-0

strtof
wcstol
wcstoul
_wtoi
strtoul
strtol
strtod
wcstombs_s
strtoull

mf

MFCreateSimpleTypeHandler

oleaut32

SysAllocStringByteLen
SysAllocString
SysStringByteLen
SysFreeString
VariantClear
SysStringLen

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

GetTokenInformation

mfplat

MFCreateMediaTypeFromRepresentation

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-crt-utility-l1-1-0

_byteswap_ushort
abs

api-ms-win-crt-math-l1-1-0

sqrtf
powf
_fdtest
ldexp
fabs
pow
frexp

api-ms-win-crt-locale-l1-1-0

setlocale
___mb_cur_max_func
___lc_locale_name_func
_unlock_locales
_lock_locales
localeconv
___lc_codepage_func
___lc_collate_cp_func
__pctype_func

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
InitOnceExecuteOnce
Sleep

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringEx

api-ms-win-core-localization-l1-2-0

LCMapStringEx

api-ms-win-crt-multibyte-l1-1-0

_ismbblead

Exports

Exports

RtcOrtcAlloc
RtcOrtcFree
RtcOrtcGetBrokerFactory

Sections

.text
Size: 705KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msimsg/moshost.dll
.dll windows:10 windows x64 arch:x64

1346c9b05496c4f9d25bce40917b0d9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

moshost.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsdup
_o__wcsicmp
_o_free
_o_malloc
_CxxThrowException
_o__crt_atexit
_o__execute_onexit_table
_o__cexit
_o__errno
_o___stdio_common_vswprintf
_o__callnewh
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__configure_narrow_argv
_o___std_exception_copy
__C_specific_handler
__CxxFrameHandler3
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExW
FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateEventW
SetEvent
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-com-l1-1-0

CoCreateInstance
IIDFromString
CoCreateGuid
CoAllowUnmarshalerCLSID

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

rpcrt4

RpcServerSubscribeForNotification
RpcEpUnregister
RpcAsyncCompleteCall
RpcEpRegisterW
RpcServerUnsubscribeForNotification
NdrAsyncServerCall
NdrServerCallAll
Ndr64AsyncServerCallAll
RpcServerInqBindings
RpcServerUnregisterIfEx
NdrServerCall2
RpcServerInqCallAttributesW
RpcServerUseProtseqW
RpcBindingVectorFree
RpcServerRegisterIf3

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CreateThreadpoolWork
SetThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-security-accesshlpr-l1-1-0

FreeTransientObjectSecurityDescriptor
QueryTransientObjectSecurityDescriptor

api-ms-win-security-capability-l1-1-0

RpcClientCapabilityCheck

mapsbtsvc

MapsBackgroundTransferClassFactory_Register
MapsBackgroundTransferClassFactory_Revoke

mosstorage

MosStorageGetCurrentLocation
MosStorageGetDataDirectory
MosStorageGetResourceDirectory
MosStorageGetBrowseCacheSizeInMBytes
MosStorageIsStorageStateValid
MosStorageGetLocations
MosStorageGetMigrationState
MosStorageValidateLocation
MosStorageGetSystemDataDirectory

ztrace_maps

ZTraceReportPropagationNoThis
ZTraceHelper
ZTraceReportOriginationNoThis
ZTraceReportPropagation
ZTraceInit
ZTraceClose
ZTraceHelperNoThis
ZTraceReportIgnore
ZTraceReportOrigination
ZTraceReportIgnoreNoThis

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

MosHostCacheStateGetSizes
MosHostCacheStateGetSlotToCleanup
MosHostCacheStateSetMaxSize
MosHostCacheStateSetSlotSize
MosHostCacheStateSnapshot
MosHostCacheStateUnuseSlot
MosHostCacheStateUseSlot
MosHostRequestResourceLock
MosHostRequestResourceUnlock
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msimsg/msimsg.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msimsg/ndfapi.dll
.dll regsvr32 windows:10 windows x64 arch:x64

2148685ac3a0afc0ffc59e926e418151

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ndfapi.pdb

Imports

msvcrt

_wcstoui64
_wcsicmp
toupper
_wcstoi64
__C_specific_handler
wcsncpy_s
malloc
free
memcmp
??3@YAXPEAX@Z
memcpy_s
wcscpy_s
wcscat_s
_vsnwprintf
calloc
wcsstr
memmove_s
_vscwprintf
vswprintf_s
_purecall
wcsncmp
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_callnewh
??_V@YAXPEAX@Z
__CxxFrameHandler3
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
realloc
_lock
_unlock
__dllonexit
_onexit
wcschr
memset
wcscmp

advapi32

RegGetValueW
RegQueryValueExW
RegOpenKeyW
RegEnumKeyW
GetLengthSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

kernel32

HeapDestroy
RtlLookupFunctionEntry
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
ReleaseActCtx
DeactivateActCtx
Sleep
CreateActCtxW
GetTickCount
SetDllDirectoryW
CreateThread
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DelayLoadFailureHook
ResolveDelayLoadedAPI
ActivateActCtx
RtlCaptureContext
GetProcessHeap
OutputDebugStringA
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
GetCurrentProcess
CloseHandle
SetEvent
lstrcmpW
MulDiv
GetTempPathW
GetTempFileNameW
CreateFileW
WriteFile
WaitForSingleObject
GetWindowsDirectoryW
CreateProcessW
GetExitCodeProcess
DeleteFileW
LockResource
FormatMessageW
LocalFree

user32

CharNextW
LoadStringW
GetDesktopWindow
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
GetSystemMetrics
GetDialogBaseUnits
PostQuitMessage
SetCursor
LoadCursorW
GetAncestor
EnableWindow
SetWindowPos
UnregisterClassA
PeekMessageW

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize
StringFromCLSID
IIDFromString
CoInitializeEx
CoTaskMemRealloc

wdi

WdiGetResult
WdiCloseInstance
WdiGetParameterCount
WdiDiagnose
WdiCreateInstance
WdiAddParameter
WdiOpenInstance
WdiGetInstanceId
WdiGetParameterByName
WdiResolve
WdiGetParameterByIndex
WdiGetParameterName
WdiGetParameterDataLength
WdiGetProgress
WdiGetParameterData
WdiCancel

shell32

ShellExecuteExW
ord66
SHGetFolderPathW

oleaut32

SysFreeString
VarUI4FromStr
UnRegisterTypeLi
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
LoadRegTypeLi
VariantInit
VariantClear
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen

ws2_32

WSAStartup
WSAStringToAddressW
getpeername
WSACleanup
getsockopt
WSAGetLastError
getsockname

shlwapi

PathGetDriveNumberW
PathIsNetworkPathW
ord270
ord487

iphlpapi

GetAdaptersAddresses

rpcrt4

NdrMesTypeEncode3
NdrMesTypeDecode3
MesEncodeDynBufferHandleCreate
MesHandleFree
MesDecodeBufferHandleCreate

api-ms-win-core-file-l1-1-0

ReadFile

api-ms-win-core-handle-l1-1-0

SetHandleInformation

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NdfCancelIncident
NdfCloseIncident
NdfCreateConnectivityIncident
NdfCreateDNSIncident
NdfCreateGroupingIncident
NdfCreateInboundIncident
NdfCreateIncident
NdfCreateNetConnectionIncident
NdfCreatePnrpIncident
NdfCreateSharingIncident
NdfCreateWebIncident
NdfCreateWebIncidentEx
NdfCreateWinSockIncident
NdfDiagnoseIncident
NdfExecuteDiagnosis
NdfGetTraceFile
NdfRepairIncident
NdfRepairIncidentEx
NdfRunDllDiagnoseIncident
NdfRunDllDiagnoseNetConnectionIncident
NdfRunDllDiagnoseWithAnswerFile
NdfRunDllDuplicateIPDefendingSystem
NdfRunDllDuplicateIPOffendingSystem
NdfRunDllHelpTopic

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msimsg/pidgenx.dll
.dll windows:10 windows x64 arch:x64

72c4d81cbecf328a18637bc1b5e59d31

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:6b:a6:e0:5f:2d:0a:bf:21:40:f4:2f:88:01:05:d0:a5:83:0a:c4:83:5a:a7:01:c5:74:70:60:00:4b:5e:f8
Signer

Actual PE Digest

fe:6b:a6:e0:5f:2d:0a:bf:21:40:f4:2f:88:01:05:d0:a5:83:0a:c4:83:5a:a7:01:c5:74:70:60:00:4b:5e:f8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

pidgenx.pdb

Imports

msvcrt

_itow_s
wcsncmp
memset
_wtoi
_onexit
_wcsnicmp
_itow
_ui64tow_s
_wcsicmp
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_purecall
_vsnwprintf
wcschr
wcsstr
log10
memcmp
memcpy
memmove
wcscmp

kernel32

HeapAlloc
GetProcAddress
GetProcessHeap
SetLastError
GetVersionExA
GetLastError
LocalAlloc
LocalFree
CloseHandle
CreateFileW
GetFileSize
ReadFile
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
VirtualProtect
RtlCaptureContext
VirtualFree
GetCurrentProcess
VirtualAlloc
TerminateProcess
GetModuleFileNameW
RtlAddFunctionTable
GetCurrentThread
UnhandledExceptionFilter
GetModuleHandleW
RtlDeleteFunctionTable
LoadLibraryExW
SetUnhandledExceptionFilter
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlLookupFunctionEntry
RtlVirtualUnwind
InitializeCriticalSection
HeapFree
SleepConditionVariableSRW
WakeAllConditionVariable
GetModuleHandleExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SystemTimeToFileTime
GetLocalTime
GetVersionExW
GetSystemDefaultLangID
FileTimeToSystemTime
FreeLibrary
SetThreadPriority
FreeLibraryAndExitThread
VirtualQuery
CreateThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateEventW
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
RaiseException
WaitForSingleObject
ReleaseSemaphore
SetEvent
WaitForMultipleObjects
GetThreadPriority
GetProcessAffinityMask

advapi32

CryptReleaseContext
CryptGetHashParam
CryptExportKey
CryptVerifySignatureA
CryptSignHashA
CryptDecrypt
CryptEncrypt
CryptGenKey
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
TraceMessage
CryptGenRandom

rpcrt4

UuidFromStringW
I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW

bcrypt

BCryptGenRandom

Exports

Exports

GetPKeyData
PidGenX
PidGenX2

Sections

.text
Size: 779KB - Virtual size: 778KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
provthrd/provthrd.dll
.dll windows:10 windows x64 arch:x64

664f98a16e717d758a9217e003bc7587

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

provthrd.pdb

Imports

msvcrt

_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
__dllonexit
_onexit
_XcptFilter
realloc
memset
strnlen
_purecall
_itoa_s
malloc
_itow_s
_ui64tow_s
_ultow_s
_ltow_s
__RTtypeid
memcpy
??8type_info@@QEBAHAEBV0@@Z
iswalnum
iswalpha
iswspace
_CxxThrowException
iswxdigit
iswdigit
wcstombs
isdigit
mbstowcs
_wtol
_wcsicmp
towlower
free
__CxxFrameHandler3
_vsnwprintf
_vsnprintf
wcscmp

wbemcomn

GetLoggingLevelEnabled
DebugTrace

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapDestroy
GetProcessHeap
HeapReAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
EnterCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
VariantChangeTypeEx
VariantCopy
VariantClear
VariantInit

ws2_32

ntohs
htons

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

LCMapStringW

Exports

Exports

??$CompareElements@PEAGPEAG@@YAHPEBQEAG0@Z
??$HashKey@PEAG@@YAIPEAG@Z
??0CBString@@QEAA@H@Z
??0CBString@@QEAA@PEBG@Z
??0CBString@@QEAA@XZ
??0Conjunctions@@QEAA@K@Z
??0Disjunctions@@QEAA@KK@Z
??0PartitionSet@@QEAA@AEBV0@@Z
??0PartitionSet@@QEAA@XZ
??0ProvAnalyser@@QEAA@AEBV0@@Z
??0ProvAnalyser@@QEAA@PEBG@Z
??0ProvBitStringType@@QEAA@AEBV0@@Z
??0ProvBitStringType@@QEAA@PEBG@Z
??0ProvBitStringType@@QEAA@PEBGAEBVProvOctetString@@@Z
??0ProvBitStringType@@QEAA@PEBGPEAPEBGAEBK@Z
??0ProvCounter64@@QEAA@AEBV0@@Z
??0ProvCounter64@@QEAA@KK@Z
??0ProvCounter64Type@@QEAA@AEBV0@@Z
??0ProvCounter64Type@@QEAA@AEBVProvCounter64@@@Z
??0ProvCounter64Type@@QEAA@KK@Z
??0ProvCounter64Type@@QEAA@PEBG@Z
??0ProvCounter64Type@@QEAA@XZ
??0ProvCounter@@QEAA@AEBV0@@Z
??0ProvCounter@@QEAA@K@Z
??0ProvCounterType@@QEAA@AEBV0@@Z
??0ProvCounterType@@QEAA@AEBVProvCounter@@@Z
??0ProvCounterType@@QEAA@K@Z
??0ProvCounterType@@QEAA@PEBG@Z
??0ProvCounterType@@QEAA@XZ
??0ProvDateTimeType@@QEAA@AEBV0@@Z
??0ProvDateTimeType@@QEAA@AEBVProvOctetString@@@Z
??0ProvDateTimeType@@QEAA@PEBG@Z
??0ProvDateTimeType@@QEAA@XZ
??0ProvDebugLog@@QEAA@D@Z
??0ProvDisplayStringType@@QEAA@AEBV0@@Z
??0ProvDisplayStringType@@QEAA@AEBVProvOctetString@@PEBG@Z
??0ProvDisplayStringType@@QEAA@PEBG0@Z
??0ProvDisplayStringType@@QEAA@PEBG@Z
??0ProvEnumeratedType@@QEAA@AEBV0@@Z
??0ProvEnumeratedType@@QEAA@PEBG0@Z
??0ProvEnumeratedType@@QEAA@PEBG@Z
??0ProvEnumeratedType@@QEAA@PEBGAEBJ@Z
??0ProvEnumeratedType@@QEAA@PEBGAEBVProvInteger@@@Z
??0ProvEventObject@@QEAA@AEBV0@@Z
??0ProvEventObject@@QEAA@PEBG@Z
??0ProvFixedLengthDisplayStringType@@QEAA@AEBK@Z
??0ProvFixedLengthDisplayStringType@@QEAA@AEBKAEBVProvOctetString@@@Z
??0ProvFixedLengthDisplayStringType@@QEAA@AEBKPEBG@Z
??0ProvFixedLengthDisplayStringType@@QEAA@AEBV0@@Z
??0ProvFixedLengthOctetStringType@@QEAA@AEBK@Z
??0ProvFixedLengthOctetStringType@@QEAA@AEBKAEBVProvOctetString@@@Z
??0ProvFixedLengthOctetStringType@@QEAA@AEBKPEBE@Z
??0ProvFixedLengthOctetStringType@@QEAA@AEBKPEBG@Z
??0ProvFixedLengthOctetStringType@@QEAA@AEBV0@@Z
??0ProvFixedLengthOpaqueType@@QEAA@AEBK@Z
??0ProvFixedLengthOpaqueType@@QEAA@AEBKAEBVProvOpaque@@@Z
??0ProvFixedLengthOpaqueType@@QEAA@AEBKPEBEK@Z
??0ProvFixedLengthOpaqueType@@QEAA@AEBKPEBG@Z
??0ProvFixedLengthOpaqueType@@QEAA@AEBV0@@Z
??0ProvFixedLengthPhysAddressType@@QEAA@AEBK@Z
??0ProvFixedLengthPhysAddressType@@QEAA@AEBKAEBVProvOctetString@@@Z
??0ProvFixedLengthPhysAddressType@@QEAA@AEBKPEBG@Z
??0ProvFixedLengthPhysAddressType@@QEAA@AEBV0@@Z
??0ProvFixedType@@QEAA@AEBV0@@Z
??0ProvFixedType@@QEAA@K@Z
??0ProvGauge@@QEAA@AEBV0@@Z
??0ProvGauge@@QEAA@J@Z
??0ProvGaugeType@@QEAA@AEBV0@@Z
??0ProvGaugeType@@QEAA@AEBVProvGauge@@PEBG@Z
??0ProvGaugeType@@QEAA@KPEBG@Z
??0ProvGaugeType@@QEAA@PEBG0@Z
??0ProvGaugeType@@QEAA@PEBG@Z
??0ProvInstanceType@@IEAA@AEBV0@@Z
??0ProvInstanceType@@IEAA@HH@Z
??0ProvInteger@@QEAA@AEBV0@@Z
??0ProvInteger@@QEAA@J@Z
??0ProvIntegerType@@QEAA@AEBV0@@Z
??0ProvIntegerType@@QEAA@AEBVProvInteger@@PEBG@Z
??0ProvIntegerType@@QEAA@JPEBG@Z
??0ProvIntegerType@@QEAA@PEBG0@Z
??0ProvIntegerType@@QEAA@PEBG@Z
??0ProvIpAddress@@QEAA@AEBV0@@Z
??0ProvIpAddress@@QEAA@K@Z
??0ProvIpAddress@@QEAA@PEBD@Z
??0ProvIpAddressType@@QEAA@AEBV0@@Z
??0ProvIpAddressType@@QEAA@AEBVProvIpAddress@@@Z
??0ProvIpAddressType@@QEAA@K@Z
??0ProvIpAddressType@@QEAA@PEBG@Z
??0ProvIpAddressType@@QEAA@XZ
??0ProvLexicon@@QEAA@XZ
??0ProvMacAddressType@@QEAA@AEBV0@@Z
??0ProvMacAddressType@@QEAA@AEBVProvOctetString@@@Z
??0ProvMacAddressType@@QEAA@PEBE@Z
??0ProvMacAddressType@@QEAA@PEBG@Z
??0ProvMacAddressType@@QEAA@XZ
??0ProvNegativeRangeType@@QEAA@AEBV0@@Z
??0ProvNegativeRangeType@@QEAA@JJ@Z
??0ProvNegativeRangeType@@QEAA@XZ
??0ProvNetworkAddressType@@QEAA@AEBV0@@Z
??0ProvNetworkAddressType@@QEAA@AEBVProvIpAddress@@@Z
??0ProvNetworkAddressType@@QEAA@K@Z
??0ProvNetworkAddressType@@QEAA@PEBG@Z
??0ProvNetworkAddressType@@QEAA@XZ
??0ProvNull@@QEAA@XZ
??0ProvNullType@@QEAA@AEBV0@@Z
??0ProvNullType@@QEAA@AEBVProvNull@@@Z
??0ProvNullType@@QEAA@XZ
??0ProvOSIAddressType@@QEAA@AEBV0@@Z
??0ProvOSIAddressType@@QEAA@AEBVProvOctetString@@@Z
??0ProvOSIAddressType@@QEAA@PEBEK@Z
??0ProvOSIAddressType@@QEAA@PEBG@Z
??0ProvOSIAddressType@@QEAA@XZ
??0ProvObjectIdentifier@@QEAA@AEBV0@@Z
??0ProvObjectIdentifier@@QEAA@PEBD@Z
??0ProvObjectIdentifier@@QEAA@PEBKK@Z
??0ProvObjectIdentifierType@@QEAA@AEBV0@@Z
??0ProvObjectIdentifierType@@QEAA@AEBVProvObjectIdentifier@@@Z
??0ProvObjectIdentifierType@@QEAA@PEBG@Z
??0ProvObjectIdentifierType@@QEAA@PEBKK@Z
??0ProvObjectIdentifierType@@QEAA@XZ
??0ProvOctetString@@QEAA@AEBV0@@Z
??0ProvOctetString@@QEAA@PEBEK@Z
??0ProvOctetStringType@@QEAA@AEBV0@@Z
??0ProvOctetStringType@@QEAA@AEBVProvOctetString@@PEBG@Z
??0ProvOctetStringType@@QEAA@PEBEKPEBG@Z
??0ProvOctetStringType@@QEAA@PEBG0@Z
??0ProvOctetStringType@@QEAA@PEBG@Z
??0ProvOpaque@@QEAA@AEBV0@@Z
??0ProvOpaque@@QEAA@PEBEK@Z
??0ProvOpaqueType@@QEAA@AEBV0@@Z
??0ProvOpaqueType@@QEAA@AEBVProvOpaque@@PEBG@Z
??0ProvOpaqueType@@QEAA@PEBEKPEBG@Z
??0ProvOpaqueType@@QEAA@PEBG0@Z
??0ProvOpaqueType@@QEAA@PEBG@Z
??0ProvPhysAddressType@@QEAA@AEBV0@@Z
??0ProvPhysAddressType@@QEAA@AEBVProvOctetString@@PEBG@Z
??0ProvPhysAddressType@@QEAA@PEBEKPEBG@Z
??0ProvPhysAddressType@@QEAA@PEBG0@Z
??0ProvPhysAddressType@@QEAA@PEBG@Z
??0ProvPositiveRangeType@@QEAA@AEBV0@@Z
??0ProvPositiveRangeType@@QEAA@KJ@Z
??0ProvPositiveRangeType@@QEAA@XZ
??0ProvPositiveRangedType@@QEAA@AEBV0@@Z
??0ProvPositiveRangedType@@QEAA@PEBG@Z
??0ProvRowStatusType@@QEAA@AEBJ@Z
??0ProvRowStatusType@@QEAA@AEBV0@@Z
??0ProvRowStatusType@@QEAA@AEBVProvInteger@@@Z
??0ProvRowStatusType@@QEAA@AEBW4ProvRowStatusEnum@0@@Z
??0ProvRowStatusType@@QEAA@PEBG@Z
??0ProvRowStatusType@@QEAA@XZ
??0ProvTimeTicks@@QEAA@AEBV0@@Z
??0ProvTimeTicks@@QEAA@K@Z
??0ProvTimeTicksType@@QEAA@AEBV0@@Z
??0ProvTimeTicksType@@QEAA@AEBVProvTimeTicks@@@Z
??0ProvTimeTicksType@@QEAA@K@Z
??0ProvTimeTicksType@@QEAA@PEBG@Z
??0ProvTimeTicksType@@QEAA@XZ
??0ProvUDPAddressType@@QEAA@AEBV0@@Z
??0ProvUDPAddressType@@QEAA@AEBVProvOctetString@@@Z
??0ProvUDPAddressType@@QEAA@PEBE@Z
??0ProvUDPAddressType@@QEAA@PEBG@Z
??0ProvUDPAddressType@@QEAA@XZ
??0ProvUInteger32@@QEAA@AEBV0@@Z
??0ProvUInteger32@@QEAA@J@Z
??0ProvValue@@AEAA@AEBV0@@Z
??0ProvValue@@IEAA@XZ
??0QueryPreprocessor@@QEAA@AEBV0@@Z
??0QueryPreprocessor@@QEAA@XZ
??0WmiAndNode@@QEAA@AEBV0@@Z
??0WmiAndNode@@QEAA@PEAVWmiTreeNode@@00@Z
??0WmiNotNode@@QEAA@AEBV0@@Z
??0WmiNotNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiNullNode@@QEAA@$$QEAV0@@Z
??0WmiNullNode@@QEAA@AEBV0@@Z
??0WmiNullNode@@QEAA@PEAGKPEAVWmiTreeNode@@@Z
??0WmiNullRangeNode@@QEAA@AEBV0@@Z
??0WmiNullRangeNode@@QEAA@PEAGKPEAVWmiTreeNode@@1@Z
??0WmiOperatorEqualNode@@QEAA@AEBV0@@Z
??0WmiOperatorEqualNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorEqualOrGreaterNode@@QEAA@AEBV0@@Z
??0WmiOperatorEqualOrGreaterNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorEqualOrLessNode@@QEAA@AEBV0@@Z
??0WmiOperatorEqualOrLessNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorGreaterNode@@QEAA@AEBV0@@Z
??0WmiOperatorGreaterNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorIsANode@@QEAA@AEBV0@@Z
??0WmiOperatorIsANode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorLessNode@@QEAA@AEBV0@@Z
??0WmiOperatorLessNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorLikeNode@@QEAA@AEBV0@@Z
??0WmiOperatorLikeNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorNode@@QEAA@AEBV0@@Z
??0WmiOperatorNode@@QEAA@KPEAVWmiTreeNode@@0@Z
??0WmiOperatorNotEqualNode@@QEAA@AEBV0@@Z
??0WmiOperatorNotEqualNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorNotIsANode@@QEAA@AEBV0@@Z
??0WmiOperatorNotIsANode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOperatorNotLikeNode@@QEAA@AEBV0@@Z
??0WmiOperatorNotLikeNode@@QEAA@PEAVWmiTreeNode@@0@Z
??0WmiOrNode@@QEAA@AEBV0@@Z
??0WmiOrNode@@QEAA@PEAVWmiTreeNode@@00@Z
??0WmiRangeNode@@QEAA@AEBV0@@Z
??0WmiRangeNode@@QEAA@KPEAGKHHHHPEAVWmiTreeNode@@1@Z
??0WmiSignedIntegerNode@@QEAA@$$QEAV0@@Z
??0WmiSignedIntegerNode@@QEAA@AEBV0@@Z
??0WmiSignedIntegerNode@@QEAA@PEAGJKPEAVWmiTreeNode@@@Z
??0WmiSignedIntegerRangeNode@@QEAA@$$QEAV0@@Z
??0WmiSignedIntegerRangeNode@@QEAA@AEBV0@@Z
??0WmiSignedIntegerRangeNode@@QEAA@PEAGKHHHHJJPEAVWmiTreeNode@@1@Z
??0WmiStringNode@@QEAA@AEBV0@@Z
??0WmiStringNode@@QEAA@PEAG0W4WmiValueFunction@WmiValueNode@@1KPEAVWmiTreeNode@@@Z
??0WmiStringRangeNode@@QEAA@AEBV0@@Z
??0WmiStringRangeNode@@QEAA@PEAGKHHHH00PEAVWmiTreeNode@@1@Z
??0WmiTreeNode@@QEAA@AEBV0@@Z
??0WmiTreeNode@@QEAA@KPEAXPEAV0@11@Z
??0WmiTreeNode@@QEAA@PEAV0@@Z
??0WmiTreeNodeIterator@@QEAA@AEBV0@@Z
??0WmiTreeNodeIterator@@QEAA@PEAV0@@Z
??0WmiTreeNodeIterator@@QEAA@PEAVWmiTreeNode@@@Z
??0WmiUnsignedIntegerNode@@QEAA@$$QEAV0@@Z
??0WmiUnsignedIntegerNode@@QEAA@AEBV0@@Z
??0WmiUnsignedIntegerNode@@QEAA@PEAGKKPEAVWmiTreeNode@@@Z
??0WmiUnsignedIntegerRangeNode@@QEAA@$$QEAV0@@Z
??0WmiUnsignedIntegerRangeNode@@QEAA@AEBV0@@Z
??0WmiUnsignedIntegerRangeNode@@QEAA@PEAGKHHHHKKPEAVWmiTreeNode@@1@Z
??0WmiValueNode@@QEAA@AEBV0@@Z
??0WmiValueNode@@QEAA@KPEAGW4WmiValueFunction@0@1KPEAVWmiTreeNode@@@Z
??1CBString@@QEAA@XZ
??1Conjunctions@@QEAA@XZ
??1Disjunctions@@QEAA@XZ
??1PartitionSet@@UEAA@XZ
??1ProvAnalyser@@UEAA@XZ
??1ProvBitStringType@@UEAA@XZ
??1ProvCounter64@@UEAA@XZ
??1ProvCounter64Type@@UEAA@XZ
??1ProvCounter@@UEAA@XZ
??1ProvCounterType@@UEAA@XZ
??1ProvDateTimeType@@UEAA@XZ
??1ProvDisplayStringType@@UEAA@XZ
??1ProvEnumeratedType@@UEAA@XZ
??1ProvEventObject@@UEAA@XZ
??1ProvFixedLengthDisplayStringType@@UEAA@XZ
??1ProvFixedLengthOctetStringType@@UEAA@XZ
??1ProvFixedLengthOpaqueType@@UEAA@XZ
??1ProvFixedLengthPhysAddressType@@UEAA@XZ
??1ProvFixedType@@UEAA@XZ
??1ProvGauge@@UEAA@XZ
??1ProvGaugeType@@UEAA@XZ
??1ProvInstanceType@@UEAA@XZ
??1ProvInteger@@UEAA@XZ
??1ProvIntegerType@@UEAA@XZ
??1ProvIpAddress@@UEAA@XZ
??1ProvIpAddressType@@UEAA@XZ
??1ProvLexicon@@QEAA@XZ
??1ProvMacAddressType@@UEAA@XZ
??1ProvNegativeRangeType@@UEAA@XZ
??1ProvNetworkAddressType@@UEAA@XZ
??1ProvNull@@UEAA@XZ
??1ProvNullType@@UEAA@XZ
??1ProvOSIAddressType@@UEAA@XZ
??1ProvObjectIdentifier@@UEAA@XZ
??1ProvObjectIdentifierType@@UEAA@XZ
??1ProvOctetString@@UEAA@XZ
??1ProvOctetStringType@@UEAA@XZ
??1ProvOpaque@@UEAA@XZ
??1ProvOpaqueType@@UEAA@XZ
??1ProvPhysAddressType@@UEAA@XZ
??1ProvPositiveRangeType@@UEAA@XZ
??1ProvPositiveRangedType@@UEAA@XZ
??1ProvRowStatusType@@UEAA@XZ
??1ProvTimeTicks@@UEAA@XZ
??1ProvTimeTicksType@@UEAA@XZ
??1ProvUDPAddressType@@UEAA@XZ
??1ProvUInteger32@@UEAA@XZ
??1ProvValue@@UEAA@XZ
??1QueryPreprocessor@@UEAA@XZ
??1WmiAndNode@@UEAA@XZ
??1WmiNotNode@@UEAA@XZ
??1WmiNullNode@@UEAA@XZ
??1WmiNullRangeNode@@UEAA@XZ
??1WmiOperatorEqualNode@@UEAA@XZ
??1WmiOperatorEqualOrGreaterNode@@UEAA@XZ
??1WmiOperatorEqualOrLessNode@@UEAA@XZ
??1WmiOperatorGreaterNode@@UEAA@XZ
??1WmiOperatorIsANode@@UEAA@XZ
??1WmiOperatorLessNode@@UEAA@XZ
??1WmiOperatorLikeNode@@UEAA@XZ
??1WmiOperatorNode@@UEAA@XZ
??1WmiOperatorNotEqualNode@@UEAA@XZ
??1WmiOperatorNotIsANode@@UEAA@XZ
??1WmiOperatorNotLikeNode@@UEAA@XZ
??1WmiOrNode@@UEAA@XZ
??1WmiRangeNode@@UEAA@XZ
??1WmiSignedIntegerNode@@UEAA@XZ
??1WmiSignedIntegerRangeNode@@UEAA@XZ
??1WmiStringNode@@UEAA@XZ
??1WmiStringRangeNode@@UEAA@XZ
??1WmiTreeNode@@UEAA@XZ
??1WmiTreeNodeIterator@@UEAA@XZ
??1WmiUnsignedIntegerNode@@UEAA@XZ
??1WmiUnsignedIntegerRangeNode@@UEAA@XZ
??1WmiValueNode@@UEAA@XZ
??4CBString@@QEAAAEAV0@AEBV0@@Z
??4CBString@@QEAAAEBV0@PEBG@Z
??4Conjunctions@@QEAAAEAV0@AEBV0@@Z
??4Disjunctions@@QEAAAEAV0@AEBV0@@Z
??4PartitionSet@@QEAAAEAV0@AEBV0@@Z
??4ProvAnalyser@@QEAAAEAV0@AEBV0@@Z
??4ProvBitStringType@@QEAAAEAV0@AEBV0@@Z
??4ProvCounter64@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvCounter64Type@@QEAAAEAV0@AEBV0@@Z
??4ProvCounter@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvCounterType@@QEAAAEAV0@AEBV0@@Z
??4ProvDateTimeType@@QEAAAEAV0@AEBV0@@Z
??4ProvDebugLog@@QEAAAEAV0@$$QEAV0@@Z
??4ProvDebugLog@@QEAAAEAV0@AEBV0@@Z
??4ProvDisplayStringType@@QEAAAEAV0@AEBV0@@Z
??4ProvEnumeratedType@@QEAAAEAV0@AEBV0@@Z
??4ProvEventObject@@QEAAAEAV0@AEBV0@@Z
??4ProvFixedLengthDisplayStringType@@QEAAAEAV0@AEBV0@@Z
??4ProvFixedLengthOctetStringType@@QEAAAEAV0@AEBV0@@Z
??4ProvFixedLengthOpaqueType@@QEAAAEAV0@AEBV0@@Z
??4ProvFixedLengthPhysAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvFixedType@@QEAAAEAV0@AEBV0@@Z
??4ProvGauge@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvGaugeType@@QEAAAEAV0@AEBV0@@Z
??4ProvInstanceType@@QEAAAEAV0@AEBV0@@Z
??4ProvInteger@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvIntegerType@@QEAAAEAV0@AEBV0@@Z
??4ProvIpAddress@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvIpAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvLexicon@@QEAAAEAV0@AEBV0@@Z
??4ProvMacAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvNegativeRangeType@@QEAAAEAV0@AEBV0@@Z
??4ProvNetworkAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvNull@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvNullType@@QEAAAEAV0@AEBV0@@Z
??4ProvOSIAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvObjectIdentifier@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvObjectIdentifierType@@QEAAAEAV0@AEBV0@@Z
??4ProvOctetString@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvOctetStringType@@QEAAAEAV0@AEBV0@@Z
??4ProvOpaque@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvOpaqueType@@QEAAAEAV0@AEBV0@@Z
??4ProvPhysAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvPositiveRangeType@@QEAAAEAV0@AEBV0@@Z
??4ProvPositiveRangedType@@QEAAAEAV0@AEBV0@@Z
??4ProvRowStatusType@@QEAAAEAV0@AEBV0@@Z
??4ProvTimeTicks@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvTimeTicksType@@QEAAAEAV0@AEBV0@@Z
??4ProvUDPAddressType@@QEAAAEAV0@AEBV0@@Z
??4ProvUInteger32@@QEAAAEAVProvValue@@AEBV0@@Z
??4ProvValue@@AEAAAEAV0@AEBV0@@Z
??4QueryPreprocessor@@QEAAAEAV0@AEBV0@@Z
??4WmiAndNode@@QEAAAEAV0@AEBV0@@Z
??4WmiNotNode@@QEAAAEAV0@AEBV0@@Z
??4WmiNullNode@@QEAAAEAV0@$$QEAV0@@Z
??4WmiNullNode@@QEAAAEAV0@AEBV0@@Z
??4WmiNullRangeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorEqualNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorEqualOrGreaterNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorEqualOrLessNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorGreaterNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorIsANode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorLessNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorLikeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorNotEqualNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorNotIsANode@@QEAAAEAV0@AEBV0@@Z
??4WmiOperatorNotLikeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiOrNode@@QEAAAEAV0@AEBV0@@Z
??4WmiRangeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiSignedIntegerNode@@QEAAAEAV0@$$QEAV0@@Z
??4WmiSignedIntegerNode@@QEAAAEAV0@AEBV0@@Z
??4WmiSignedIntegerRangeNode@@QEAAAEAV0@$$QEAV0@@Z
??4WmiSignedIntegerRangeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiStringNode@@QEAAAEAV0@AEBV0@@Z
??4WmiStringRangeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiTreeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiTreeNodeIterator@@QEAAAEAV0@AEBV0@@Z
??4WmiUnsignedIntegerNode@@QEAAAEAV0@$$QEAV0@@Z
??4WmiUnsignedIntegerNode@@QEAAAEAV0@AEBV0@@Z
??4WmiUnsignedIntegerRangeNode@@QEAAAEAV0@$$QEAV0@@Z
??4WmiUnsignedIntegerRangeNode@@QEAAAEAV0@AEBV0@@Z
??4WmiValueNode@@QEAAAEAV0@AEBV0@@Z
??8ProvInstanceType@@QEBAHAEBV0@@Z
??8ProvObjectIdentifier@@QEBAHAEBV0@@Z
??8ProvValue@@QEBAHAEBV0@@Z
??9ProvInstanceType@@QEBAHAEBV0@@Z
??9ProvObjectIdentifier@@QEBAHAEBV0@@Z
??9ProvValue@@QEBAHAEBV0@@Z
??AProvObjectIdentifier@@QEBAAEAKK@Z
??BProvAnalyser@@UEAAPEAXXZ
??BProvInstanceType@@UEAAPEAXXZ
??BProvPositiveRangedType@@UEAAPEAXXZ
??HProvObjectIdentifier@@QEBA?AV0@AEBV0@@Z
??MProvObjectIdentifier@@QEBAHAEBV0@@Z
??NProvObjectIdentifier@@QEBAHAEBV0@@Z
??OProvObjectIdentifier@@QEBAHAEBV0@@Z
??PProvObjectIdentifier@@QEBAHAEBV0@@Z
??RProvIpAddress@@QEBAPEAXXZ
??RProvObjectIdentifier@@QEBAPEAXXZ
??RProvOctetString@@QEBAPEAXXZ
??RProvOpaque@@QEBAPEAXXZ
??_7PartitionSet@@6B@
??_7ProvAnalyser@@6B@
??_7ProvBitStringType@@6BProvInstanceType@@@
??_7ProvBitStringType@@6BProvPositiveRangedType@@@
??_7ProvCounter64@@6B@
??_7ProvCounter64Type@@6B@
??_7ProvCounter@@6B@
??_7ProvCounterType@@6B@
??_7ProvDateTimeType@@6BProvInstanceType@@@
??_7ProvDateTimeType@@6BProvPositiveRangedType@@@
??_7ProvDisplayStringType@@6BProvInstanceType@@@
??_7ProvDisplayStringType@@6BProvPositiveRangedType@@@
??_7ProvEnumeratedType@@6BProvInstanceType@@@
??_7ProvEnumeratedType@@6BProvNegativeRangedType@@@
??_7ProvEventObject@@6B@
??_7ProvFixedLengthDisplayStringType@@6B@
??_7ProvFixedLengthDisplayStringType@@6BProvInstanceType@@@
??_7ProvFixedLengthDisplayStringType@@6BProvPositiveRangedType@@@
??_7ProvFixedLengthOctetStringType@@6B@
??_7ProvFixedLengthOctetStringType@@6BProvInstanceType@@@
??_7ProvFixedLengthOctetStringType@@6BProvPositiveRangedType@@@
??_7ProvFixedLengthOpaqueType@@6B@
??_7ProvFixedLengthOpaqueType@@6BProvInstanceType@@@
??_7ProvFixedLengthOpaqueType@@6BProvPositiveRangedType@@@
??_7ProvFixedLengthPhysAddressType@@6B@
??_7ProvFixedLengthPhysAddressType@@6BProvInstanceType@@@
??_7ProvFixedLengthPhysAddressType@@6BProvPositiveRangedType@@@
??_7ProvFixedType@@6B@
??_7ProvGauge@@6B@
??_7ProvGaugeType@@6BProvInstanceType@@@
??_7ProvGaugeType@@6BProvPositiveRangedType@@@
??_7ProvInstanceType@@6B@
??_7ProvInteger@@6B@
??_7ProvIntegerType@@6BProvInstanceType@@@
??_7ProvIntegerType@@6BProvNegativeRangedType@@@
??_7ProvIpAddress@@6B@
??_7ProvIpAddressType@@6B@
??_7ProvMacAddressType@@6B@
??_7ProvMacAddressType@@6BProvInstanceType@@@
??_7ProvMacAddressType@@6BProvPositiveRangedType@@@
??_7ProvNegativeRangeType@@6B@
??_7ProvNetworkAddressType@@6B@
??_7ProvNull@@6B@
??_7ProvNullType@@6B@
??_7ProvOSIAddressType@@6BProvInstanceType@@@
??_7ProvOSIAddressType@@6BProvPositiveRangedType@@@
??_7ProvObjectIdentifier@@6B@
??_7ProvObjectIdentifierType@@6B@
??_7ProvOctetString@@6B@
??_7ProvOctetStringType@@6BProvInstanceType@@@
??_7ProvOctetStringType@@6BProvPositiveRangedType@@@
??_7ProvOpaque@@6B@
??_7ProvOpaqueType@@6BProvInstanceType@@@
??_7ProvOpaqueType@@6BProvPositiveRangedType@@@
??_7ProvPhysAddressType@@6BProvInstanceType@@@
??_7ProvPhysAddressType@@6BProvPositiveRangedType@@@
??_7ProvPositiveRangeType@@6B@
??_7ProvPositiveRangedType@@6B@
??_7ProvRowStatusType@@6BProvInstanceType@@@
??_7ProvRowStatusType@@6BProvNegativeRangedType@@@
??_7ProvTimeTicks@@6B@
??_7ProvTimeTicksType@@6B@
??_7ProvUDPAddressType@@6B@
??_7ProvUDPAddressType@@6BProvInstanceType@@@
??_7ProvUDPAddressType@@6BProvPositiveRangedType@@@
??_7ProvUInteger32@@6B@
??_7ProvValue@@6B@
??_7QueryPreprocessor@@6B@
??_7WmiAndNode@@6B@
??_7WmiNotNode@@6B@
??_7WmiNullNode@@6B@
??_7WmiNullRangeNode@@6B@
??_7WmiOperatorEqualNode@@6B@
??_7WmiOperatorEqualOrGreaterNode@@6B@
??_7WmiOperatorEqualOrLessNode@@6B@
??_7WmiOperatorGreaterNode@@6B@
??_7WmiOperatorIsANode@@6B@
??_7WmiOperatorLessNode@@6B@
??_7WmiOperatorLikeNode@@6B@
??_7WmiOperatorNode@@6B@
??_7WmiOperatorNotEqualNode@@6B@
??_7WmiOperatorNotIsANode@@6B@
??_7WmiOperatorNotLikeNode@@6B@
??_7WmiOrNode@@6B@
??_7WmiRangeNode@@6B@
??_7WmiSignedIntegerNode@@6B@
??_7WmiSignedIntegerRangeNode@@6B@
??_7WmiStringNode@@6B@
??_7WmiStringRangeNode@@6B@
??_7WmiTreeNode@@6B@
??_7WmiTreeNodeIterator@@6B@
??_7WmiUnsignedIntegerNode@@6B@
??_7WmiUnsignedIntegerRangeNode@@6B@
??_7WmiValueNode@@6B@
??_FProvAnalyser@@QEAAXXZ
??_FProvDisplayStringType@@QEAAXXZ

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
provthrd/rsaenh.dll
.dll regsvr32 windows:10 windows x64 arch:x64

a4c20b1a7b632846186ad47a0810709e

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:54:9d:60:75:c4:28:f0:7a:83:82:8d:08:f8:ea:6d:33:bb:b8:5b:11:88:0f:50:97:15:16:5d:91:8a:53:09
Signer

Actual PE Digest

26:54:9d:60:75:c4:28:f0:7a:83:82:8d:08:f8:ea:6d:33:bb:b8:5b:11:88:0f:50:97:15:16:5d:91:8a:53:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rsaenh.pdb

Imports

ntdll

_strlwr
swprintf_s
strcpy_s
RtlNtStatusToDosError
NtCreateFile
__C_specific_handler
NtClose
wcsncpy_s
NtQueryInformationToken
RtlReleaseRelativeName
strchr
wcscat_s
EtwRegisterTraceGuidsW
RtlFreeHeap
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlAllocateHeap
RtlImageNtHeader
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
wcscpy_s
EtwTraceMessage
RtlDosPathNameToRelativeNtPathName_U
_vsnwprintf
memset
__chkstk
memcmp
memcpy
wcscmp

api-ms-win-security-base-l1-1-0

EqualSid
PrivilegeCheck
IsValidSid
GetSidSubAuthority
FreeSid
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
GetAce
GetSecurityDescriptorControl
GetSidSubAuthorityCount
AddAccessAllowedAce
GetAclInformation
MakeSelfRelativeSD
GetSidIdentifierAuthority
GetTokenInformation
AllocateAndInitializeSid

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
FindClose
CreateFileW
FindFirstFileExW
GetTempFileNameW
WriteFile
FindNextFileW
GetFileSize
ReadFile
DeleteFileW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
AcquireSRWLockShared
EnterCriticalSection
ReleaseSRWLockShared
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSection
InitializeSRWLock

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenThreadToken
SetThreadStackGuarantee
OpenProcessToken
GetCurrentThread

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibrary
LoadLibraryExA
DisableThreadLibraryCalls
GetModuleFileNameW
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemInfo
GetTickCount

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualAlloc
CreateFileMappingW
VirtualProtect
MapViewOfFile
VirtualQuery

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

bcrypt

BCryptDuplicateHash
BCryptHashData
BCryptGetProperty
BCryptDuplicateKey
BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptExportKey
BCryptImportKeyPair
BCryptSetProperty
BCryptVerifySignature
BCryptDestroyHash
BCryptSignHash
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptEncrypt
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptCreateHash

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrlenW

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPDuplicateHash
CPDuplicateKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
provthrd/sendmail.dll
.dll windows:10 windows x64 arch:x64

9a2286798f785ee11497fa3d113d6cbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sendmail.pdb

Imports

msvcrt

__C_specific_handler
_lock
_unlock
malloc
free
_amsg_exit
_onexit
_XcptFilter
__CxxFrameHandler3
wcscat_s
wcscpy_s
_initterm
memset
memcmp
_vsnwprintf
_get_errno
wcstok
_set_errno
wcsncmp
memcpy_s
__dllonexit
wcscmp

shell32

ord740
SHGetFileInfoW
ord155
SHCreateItemFromParsingName
SHGetKnownFolderPath
SHBindToObject
ord682
DragQueryFileW
SHGetItemFromDataObject
SHEvaluateSystemCommandTemplate
SHFileOperationW
ord171
SHGetSpecialFolderPathW
SHGetDesktopFolder
ord850
ord28
ord75

shlwapi

ord346
PathIsUNCW
PathSkipRootW
PathIsURLW
StrStrIW
PathFindNextComponentW
ord16
SHQueryValueExW
StrCmpW
StrFormatByteSizeW
PathCompactPathW
PathRenameExtensionW
PathAppendW
PathFindFileNameW
ord215
ord219
PathIsDirectoryW
PathRemoveFileSpecW
SHCreateStreamOnFileW
PathFindExtensionW
StrDupW
ord217
ord199
ord176

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadLibraryExW
LoadStringW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
CreateSemaphoreExW
LeaveCriticalSection
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
InitializeCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
ReleaseSemaphore
CreateEventW
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SetThreadPriority
CreateThread
GetCurrentProcessId
GetCurrentThread
GetExitCodeThread
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
FindNLSStringEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoGetMalloc
CoCreateInstance
CoUninitialize
CoGetInterfaceAndReleaseStream
PropVariantClear
CoTaskMemAlloc
CoReleaseMarshalData
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoTaskMemRealloc

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryValueExW
RegCloseKey
RegGetValueW
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventUnregister
EventRegister

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-path-l1-1-0

PathCchRenameExtension
PathCchRemoveFileSpec
PathCchAppendEx

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileW
GetFileSize

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

advapi32

RegQueryValueW

gdi32

DeleteObject
SelectObject

gdiplus

GdipDisposeImage
GdipFree
GdipGetImageEncoders
GdipRemovePropertyItem
GdipGetPropertyIdList
GdipGetImageEncodersSize
GdiplusShutdown
GdiplusStartup
GdipGetPropertyCount
GdipAlloc
GdipLoadImageFromFile
GdipCloneImage
GdipSaveImageToFile
GdipImageRotateFlip

kernel32

DeactivateActCtx
GlobalSize
CreateActCtxW
ReleaseActCtx
GlobalUnlock
ActivateActCtx
lstrlenW
GlobalLock

ole32

ReleaseStgMedium
CoInitialize

propsys

PSPropertyBag_ReadGUID
PSCreateSimplePropertyChange
PSCreatePropertyChangeArray
PropVariantToUInt32

user32

CreateDialogParamW
PostThreadMessageW
SetWindowTextW
GetMessageW
IsDialogMessageW
TranslateMessage
RegisterClipboardFormatW
GetClientRect
GetDlgItem
GetWindowLongPtrW
SetWindowLongPtrW
SendMessageW
DispatchMessageW
DestroyIcon
DefWindowProcW
DestroyWindow
GetDC
MessageBoxW
EnableWindow
GetWindowRect
ShowWindow
IsWindow
SetDlgItemTextW
ReleaseDC

wininet

DeleteUrlCacheEntryW
CreateUrlCacheEntryW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
provthrd/setupcln.dll
.dll regsvr32 windows:10 windows x64 arch:x64

215b924634cd15660a8ce3b0864922d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

setupcln.pdb

Imports

msvcrt

_onexit
__CxxFrameHandler3
memset
wcsncmp
_errno
_unlock
__dllonexit
_lock
??1type_info@@UEAA@XZ
wprintf
_wtof
wcstoul
?terminate@@YAXXZ
_initterm
_wtoi
_amsg_exit
_wcsnicmp
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
memmove
memcpy
malloc
free
wcscpy_s
_vsnwprintf
_wcsicmp
_vsnprintf
__C_specific_handler
wcsrchr
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
wcschr
memcpy_s
sprintf_s
wcscmp

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetErrorMode
SetErrorMode
GetLastError
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegGetValueW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyExW
RegEnumValueW
RegCloseKey
RegDeleteTreeW
RegQueryInfoKeyW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
HeapSize

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleHandleW
FindResourceExW
SizeofResource
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
LoadResource
GetModuleFileNameA
GetModuleFileNameW

rpcrt4

UuidCreate

api-ms-win-core-synch-l1-1-0

OpenMutexW
WaitForSingleObject
ReleaseMutex
CreateMutexW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
CreateSemaphoreExW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
ExitProcess
TerminateProcess

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
GetLongPathNameW
SetFileInformationByHandle
CreateDirectoryW
FindNextFileW
SetFileAttributesW
FindFirstFileW
RemoveDirectoryW
DeleteFileW
GetFullPathNameW
GetDiskFreeSpaceW
GetFileAttributesW
FindClose
CreateFileW
GetFileInformationByHandle

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoGetMalloc
CoInitializeEx
CoUninitialize
StringFromGUID2
CoCreateGuid

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetSystemDirectoryW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-string-l2-1-0

IsCharAlphaNumericW
IsCharAlphaW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak
OutputDebugStringA

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

user32

MessageBoxW

wdscore

CurrentIP
WdsSetupLogMessageW
ConstructPartialMsgVW
WdsTerminate
WdsInitialize

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

crypt32

CertVerifyCertificateChainPolicy

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
AdjustTokenPrivileges
RevertToSelf

api-ms-win-core-heap-l2-1-0

GlobalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-file-l2-1-2

CopyFileW

winhttp

WinHttpSetCredentials
WinHttpGetDefaultProxyConfiguration
WinHttpReceiveResponse
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryAuthSchemes
WinHttpOpen
WinHttpSendRequest
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReadData

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-security-credentials-l1-1-0

CredReadW

ntdll

RtlInitUnicodeString
NtQueryLicenseValue
RtlNtStatusToDosError
NtSetInformationFile
NtOpenFile
RtlAllocateHeap
NtQueryInformationToken
RtlFreeHeap

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi
syssetup/ManageCI.dll
.dll windows:10 windows x64 arch:x64

07ca456fa695226080885dbb4450deb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ManageCI.pdb

Imports

msvcp_win

??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Wcsxfrm
?id@?$ctype@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Wcscoll
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?uncaught_exception@std@@YA_NXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o_bsearch
_o_free
_o_malloc
_o_realloc
__CxxFrameHandler3
__C_specific_handler
_CxxThrowException
strchr
__std_terminate
wcschr
__CxxFrameHandler4
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vsnprintf_s
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSemaphore
CreateEventW
ResetEvent
SetEvent
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
CreateMutexExW
OpenSemaphoreW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

crypt32

CryptMsgUpdate
CryptMsgGetParam
CertGetEnhancedKeyUsage
CertGetCertificateChain
CertCloseStore
CryptEncodeObjectEx
CertFreeCertificateChain
CertGetNameStringW
CertOpenStore
CertGetCertificateContextProperty
CryptMsgOpenToDecode
CertFreeCertificateContext
CryptVerifyMessageSignature
CryptMsgClose
CryptDecodeObjectEx

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

ntdll

ZwClose
ZwQueryInformationFile
ZwOpenFile
ZwQueryDirectoryFile
ZwWriteFile
NtDeleteFile
RtlIsStateSeparationEnabled
ZwCreateFile
ZwReadFile
ZwQuerySystemInformation
RtlFreeUnicodeString
RtlEqualUnicodeString
RtlAppendUnicodeStringToString
RtlGUIDFromString
RtlCompareUnicodeString
RtlCreateUnicodeString
RtlInitUnicodeString
NtQuerySystemInformation
NtSetSystemInformation
RtlStringFromGUID
RtlGetPersistedStateLocation

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

rpcrt4

UuidFromStringW
UuidToStringW

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteTreeW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

netapi32

NetGetAadJoinInformation
NetFreeAadJoinInformation

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BeginRemoveCIPolicy
BeginRemoveSBCPToken
BeginSetSBCPToken
BeginTransaction
BeginUpsertCIPolicy
Commit
End
GetAllCIPolicies
GetAllSBCPTokens
GetCIPolicyByID
GetPoliciesAuthorizedBySBCPToken
GetPolicyInformation
GetSBCPTokenByID
GetSBCPTokensForPolicyID
GetSModeUnlockID
GetTenantID
GetTokenInformation
IsInProgress
ManageCI
ManageCI_BeginRemoveCIPolicy
ManageCI_BeginRemoveSBCPToken
ManageCI_BeginSetSBCPToken
ManageCI_BeginTransaction
ManageCI_BeginUpsertCIPolicy
ManageCI_Commit
ManageCI_End
ManageCI_GetAllCIPolicies
ManageCI_GetAllSBCPTokens
ManageCI_GetCIPolicyByID
ManageCI_GetPoliciesAuthorizedBySBCPToken
ManageCI_GetPolicyInformation
ManageCI_GetSBCPTokenByID
ManageCI_GetSBCPTokensForPolicyID
ManageCI_GetSModeUnlockID
ManageCI_GetTenantID
ManageCI_GetTokenInformation
ManageCI_IsInProgress
ManageCI_ParsePolicy
ManageCI_Rollback
ManageCI_Start
ManageCI_ValidateState
ParsePolicy
Rollback
Start
ValidateState

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
syssetup/msdtctm.dll
.dll windows:10 windows x64 arch:x64

03898f67a5dabafb7b6a9dbc652c2f57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msdtctm.pdb

Imports

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemWindowsDirectoryA
GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDirectoryA
GetLocalTime

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetExitCodeProcess
OpenProcessToken
CreateProcessW
TlsAlloc
TerminateThread
TlsGetValue
GetCurrentProcessId
ResumeThread
GetCurrentProcess
CreateThread
SetThreadToken
TerminateProcess
GetCurrentThread
GetCurrentThreadId
SuspendThread
TlsFree
OpenThreadToken

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
EnterCriticalSection
ResetEvent
CreateEventW
CreateEventA
WaitForMultipleObjectsEx
LeaveCriticalSection
ReleaseMutex
DeleteCriticalSection
CreateMutexW
OpenMutexW
WaitForSingleObject
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetEvent
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapSetInformation

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoGetClassObject
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoUninitialize
CoGetObjectContext

rpcrt4

CStdStubBuffer_DebugServerRelease
UuidFromStringA
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
UuidToStringA
CStdStubBuffer_IsIIDSupported
NdrOleFree
RpcStringFreeA
UuidHash
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
UuidToStringW
CStdStubBuffer_CountRefs
CStdStubBuffer_Disconnect
RpcStringFreeW
CStdStubBuffer_QueryInterface
UuidCompare
NdrOleAllocate
CStdStubBuffer_DebugServerQueryInterface
UuidCreate

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
SetErrorMode
GetLastError
SetLastError

api-ms-win-core-libraryloader-l1-2-0

LoadResource
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleA
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
FindResourceExW
LoadStringW
GetProcAddress
LoadLibraryExA
LockResource

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
AllocConsole

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetCommandLineA

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
SleepConditionVariableSRW

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-console-l1-2-0

FreeConsole

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegQueryValueExA
RegDeleteValueW

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

ole32

CoGetInterceptor
ComPs_NdrDllGetClassObject

user32

TranslateMessage
DispatchMessageA
PostThreadMessageA
GetMessageA

msvcrt

_strdup
isxdigit
atoi
fopen
fwprintf
fflush
fclose
__CxxFrameHandler3
_purecall
_vsnprintf
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
wcsrchr
strchr
_open_osfhandle
getchar
__iob_func
_stricmp
mbstowcs
_local_unwind
wprintf
_wcsnicmp
atol
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
_wfopen
_waccess
_strnicmp
isdigit
_endthreadex
_mbscpy_s
rand_s
time
printf
localtime
wcscpy_s
_ultow
??0exception@@QEAA@AEBQEBD@Z
_CxxThrowException
memcpy
memmove
??1type_info@@UEAA@XZ
setvbuf
fgetwc
_fdopen
_wcsicmp
_vsnwprintf
_callnewh
malloc
memcmp
isalnum
fprintf
free
wcstombs
memset

msdtcprx

ord26
ord27
DeployDtc
CreateLocalTmInstance
CreateLegacyTmInstance
InstallDtc
RemoveDtc
ord25

msdtclog

DllGetDTCLOG

mtxclu

MtxCluGetClusterResourceIdFromName
MtxCluGetTmResource
MtxCluGetNameFromResourceIdStringNonAdmin
MtxCluGetResourceIdStringFromName
FailedClusterAPIToEventLog
MtxCluGetResourceId
MtxCluCreateClusterTmInstance

winmm

timeGetDevCaps
timeBeginPeriod

clusapi

CloseCluster
ClusterRegEnumKey
ClusterRegQueryInfoKey
GetClusterKey
ClusterRegSetValue
GetNodeClusterState
ClusterRegCreateKey
ClusterRegOpenKey
ClusterRegEnumValue
ClusterRegDeleteKey
ClusterRegCloseKey
OpenClusterEx

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlReportException
RtlFreeHeap
RtlImageNtHeader
RtlCaptureContext
RtlNtStatusToDosError
RtlAllocateHeap

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-file-l1-1-0

FindFirstFileW
ReadFile
CreateFileW
GetFullPathNameW
GetFileAttributesW
WriteFile
FindNextFileW
SetFileAttributesW
FindClose
CreateDirectoryW
DeleteFileW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

ws2_32

bind
getaddrinfo
freeaddrinfo
getsockopt
setsockopt
socket
listen
shutdown
getnameinfo
ioctlsocket
WSACleanup
WSAGetLastError
WSAStartup
closesocket
connect

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
DuplicateTokenEx
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
AdjustTokenPrivileges
GetSecurityDescriptorSacl
GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient20
ObjectStublessClient7
ObjectStublessClient15
ObjectStublessClient25
ObjectStublessClient4
ObjectStublessClient24
ObjectStublessClient23
ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient27
ObjectStublessClient18
ObjectStublessClient19
ObjectStublessClient13
ObjectStublessClient5
ObjectStublessClient21
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient16
ObjectStublessClient26
ObjectStublessClient10
ObjectStublessClient17
ObjectStublessClient11

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceEvent
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
StopTraceW

bcrypt

BCryptImportKey
BCryptGetProperty
BCryptSetProperty
BCryptEncrypt
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptCloseAlgorithmProvider

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
MapViewOfFile
CreateFileMappingW
FlushViewOfFile
UnmapViewOfFile

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

advapi32

ReportEventW
RegisterEventSourceW
RegConnectRegistryW
DeregisterEventSource
SetNamedSecurityInfoW
LookupPrivilegeValueA
EnableTrace
FlushTraceW
QueryTraceW

kernel32

UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
ChangeTimerQueueTimer
MoveFileW
QueueUserWorkItem

xolehlp

DtcGetTransactionManagerExA

mswsock

AcceptEx
GetAcceptExSockaddrs

dnsapi

DnsValidateName_A

Exports

Exports

ASCDefer
ASCDeliverDeferred
ASCGetSafeReference
ASCWrapClassFactory
ASCWrapObject
CreateInstance
DllGetClassObject
DtcMainExt
GetTipFunctionalityWorking
SetTipFunctionalityWorking

Sections

.text
Size: 775KB - Virtual size: 775KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 618KB - Virtual size: 617KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
syssetup/sysntfy.dll
.dll windows:10 windows x64 arch:x64

fdc3937f1e8e8a9ffeb8e7949870cfcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sysntfy.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
__isascii

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memcpy
_o__tolower
_o_isupper
__C_specific_handler

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapCreate
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

ntdll

NtOpenProcess
EtwGetTraceEnableFlags
NtQueryInformationToken
EtwGetTraceLoggerHandle
RtlEnterCriticalSection
EtwUnregisterTraceGuids
RtlInitializeCriticalSection
RtlLeaveCriticalSection
EtwRegisterTraceGuidsW
RtlDeleteCriticalSection
EtwTraceMessage
NtOpenProcessToken
EtwGetTraceEnableLevel
NtClose

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

SysNotifyStartServer
SysNotifyStopServer

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
syssetup/syssetup.dll
.dll windows:10 windows x64 arch:x64

fe9aff7b41a154ac9d71ab2967cc3eed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

syssetup.pdb

Imports

msvcrt

__C_specific_handler
_initterm
malloc
_wtoi
_vsnwprintf
free
_amsg_exit
_XcptFilter
memset

ntdll

RtlCaptureContext
RtlVirtualUnwind
NtCreateEvent
NtOpenEvent
RtlInitUnicodeString
NtClose
RtlLookupFunctionEntry

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyW

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetCurrentProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
GetSystemWindowsDirectoryW
GetProcessHeap
HeapAlloc
CloseHandle
GetLastError
CreateFileW
GetLocaleInfoW
HeapFree
GetSystemTimeAsFileTime
GetTickCount
lstrcmpW
SetLastError
GetPrivateProfileStringW
WaitForSingleObject
Sleep
UnhandledExceptionFilter
TerminateProcess

user32

EnumDisplaySettingsExW
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
EnumDisplaySettingsW

setupapi

SetupCloseInfFile
SetupInstallFromInfSectionW
SetupOpenInfFileW

Exports

Exports

AsrAddSifEntryA
AsrAddSifEntryW
AsrCreateStateFileA
AsrCreateStateFileW
AsrFreeContext
AsrRestorePlugPlayRegistryData
GetAnswerFileSetting
SetupChangeFontSize
SetupInfObjectInstallActionW
SetupSetDisplay
WaitForSamService

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3347c947e0a334b92c8dfc1552e2b64

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

oleaut32

api-ms-win-core-string-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 138KB - Virtual size: 137KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

84f3ccddd61f29542a0e95502e8805d7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

shlwapi

rpcrt4

iertutil

advapi32

mlang

api-ms-win-core-shlwapi-legacy-l1-1-0

wkscli

netutils

api-ms-win-core-com-l1-1-0

kernelbase

api-ms-win-downlevel-version-l1-1-0

Exports

Exports

Sections

.text Size: 479KB - Virtual size: 478KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 2KB - Virtual size: 7KB

.pdata Size: 27KB - Virtual size: 26KB

.didat Size: 1024B - Virtual size: 864B

.rsrc Size: 168KB - Virtual size: 167KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 138KB - Virtual size: 137KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 479KB - Virtual size: 478KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 2KB - Virtual size: 7KB

.pdata
Size: 27KB - Virtual size: 26KB

.didat
Size: 1024B - Virtual size: 864B

.rsrc
Size: 168KB - Virtual size: 167KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 173KB - Virtual size: 173KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 304B

33:00:00:01:45:10:eb:f8:9a:d7:99:40:e7:00:00:00:00:01:45
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

57:a9:79:c0:cb:b6:d0:00:dc:94:e6:00:49:b7:7f:0d:66:db:76:9c:be:a2:49:08:6f:43:bf:a8:46:a0:61:ae
Signer