x64__installer__x32_[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

x64__installer__x32_.zip
Size

32.8MB
MD5

83e3c84bfcbf565f1f4ce415d9871b1d
SHA1

d3af0c1c8a926b2beea742e53947a218574bfcbb
SHA256

5312b4701eb9e8cfe830fa6a860f5a8d733f8767a75aeb447b31d8803eeece98
SHA512

f21ba0e759b65b8888b9e87fb4fca2e2df96e39684fe31f71808b28a1f040e6e26d55545b35aa257ac5f335139da593a03b6788930940a9747d0731df511e468
SSDEEP

786432:FWGKizuw7rJmfRZYu9pHel0oXaowsC17TGrFgQ3pe3MEYd/UZNU:F2B/HmjwnKruQZecZMA

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SettingSync/SettingSync.dll
unpack001/SettingSync/ntlanman.dll
unpack001/SettingSync/ntshrui.dll
unpack001/aadtb/DXP.dll
unpack001/aadtb/aadtb.dll
unpack001/aadtb/cabview.dll
unpack001/aadtb/kbd103.dll
unpack001/ppcsnap/filemgmt.dll
unpack001/ppcsnap/htui.dll
unpack001/ppcsnap/mssph.dll
unpack001/ppcsnap/ppcsnap.dll
unpack001/srcore/SettingsHandlers_Region.dll
unpack001/srcore/networkhelper.dll
unpack001/srcore/srcore.dll
unpack001/srcore/uireng.dll

Files

x64__installer__x32_.zip
.zip
SettingSync/SettingSync.dll
.dll windows:10 windows x64 arch:x64

7b47ecf8ca02907cd93bfb196ed60609

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingSync.pdb

Imports

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
_amsg_exit
_initterm
_XcptFilter
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memset
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
memcmp
??8type_info@@QEBAHAEBV0@@Z
_callnewh
_CxxThrowException
memcpy
_unlock
_lock
wcsncmp
wcsstr
_get_errno
_set_errno
wcschr
__C_specific_handler
sprintf
_vsnprintf
memmove_s
realloc
malloc
free
_purecall
_vsnprintf_s
__CxxFrameHandler3
??0exception@@QEAA@AEBV0@@Z
iswalnum
swscanf_s
wcstok
wcstoul
wcscpy_s
_wcsicmp
swscanf
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
memmove
sqrt

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
InitializeCriticalSection
CreateMutexExW
LeaveCriticalSection
OpenSemaphoreW
InitializeCriticalSectionEx
WaitForSingleObject
OpenEventW
InitializeSRWLock
SetEvent
DeleteCriticalSection
CreateEventExW
ReleaseSemaphore
WaitForSingleObjectEx
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
CreateProcessW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetUserDefaultLocaleName
SetLocaleInfoW
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenCurrentUser

api-ms-win-core-file-l1-1-0

CompareFileTime
GetFileAttributesExW
DeleteFileW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
Sleep

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StopTraceW
StartTraceW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
FindActCtxSectionStringW
QueryActCtxW
DeactivateActCtx
CreateActCtxW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

SHExpandEnvironmentStringsW
PathFileExistsW
PathFindNextComponentW
PathRelativePathToW

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrCmpICW

api-ms-win-shlwapi-winrt-storage-l1-1-1

IUnknown_GetWindow
ord635
ord187

api-ms-win-rtcore-ntuser-window-l1-1-0

FindWindowW
PostMessageW
PeekMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
FindWindowExW
SendNotifyMessageW
GetClassNameW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

coremessaging

CoreUICreate

ntdll

RtlGetSuiteMask
NtQueryInformationToken
NtQueryInformationProcess
RtlGetDeviceFamilyInfoEnum

coreuicomponents

CoreUIFactoryCreate

slc

SLIsWindowsGenuineLocal

wevtapi

EvtOpenChannelConfig
EvtSetChannelConfigProperty
EvtSaveChannelConfig
EvtClose

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-localization-private-l1-1-0

LoadStringByReference

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingSync/SettingsHandlers_StorageSense.dll
.dll windows:10 windows x64 arch:x64

b0bb27ce5cdd3d300283a7aff90636b8

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:65:d6:5f:57:5b:23:a0:60:8c:71:18:89:c7:1d:19:db:b6:73:a5:a3:3f:58:4a:a7:a4:17:76:06:5a:63:82
Signer

Actual PE Digest

fd:65:d6:5f:57:5b:23:a0:60:8c:71:18:89:c7:1d:19:db:b6:73:a5:a3:3f:58:4a:a7:a4:17:76:06:5a:63:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_StorageSense.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
memmove
_o_bsearch_s
_o_free
_o_malloc
_o_qsort
_o_realloc
_o_sqrt
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcstod
_o_wcstok_s
_o_wcstoul
__C_specific_handler
_o__i64toa_s
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__get_errno
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__invalid_parameter_noinfo_noreturn
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
wcsstr
wcschr
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsnlen

ntdll

NtCreateFile
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlInitializeCorrelationVector
EtwTraceMessage
RtlValidSid
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
NtQueryInformationToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCopySid
NtFsControlFile
RtlNtStatusToDosError
NtQueryInformationFile
RtlDosPathNameToNtPathName_U

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadLibraryExW
GetModuleHandleExW
FreeLibrary
GetProcAddress
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateEventW
CreateSemaphoreExW
CreateEventExW
SetEvent
InitializeCriticalSectionEx
OpenSemaphoreW
EnterCriticalSection
LeaveCriticalSection
InitializeSRWLock
TryEnterCriticalSection
ReleaseSemaphore
CreateMutexExW
DeleteCriticalSection
WaitForMultipleObjectsEx
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
GetProcessId
CreateProcessW
GetProcessTimes
CreateThread
GetExitCodeProcess
GetCurrentThread
TerminateProcess
OpenThreadToken
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

NdrCStdStubBuffer_Release
RpcAsyncCompleteCall
RpcImpersonateClient
NdrDllCanUnloadNow
RpcAsyncInitializeHandle
CStdStubBuffer_IsIIDSupported
NdrDllGetClassObject
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal64
HSTRING_UserUnmarshal
HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
WindowsGetStringLen
WindowsTrimStringEnd
WindowsTrimStringStart
WindowsConcatString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsCreateString
WindowsDuplicateString
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer

api-ms-win-core-string-l1-1-0

CompareStringEx
CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoTransformError
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetLocalTime
GetSystemDirectoryW
GetTickCount
GetWindowsDirectoryW
GetVersionExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoGetMalloc
CoTaskMemFree
CoCreateGuid
CoGetApartmentType
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoInitializeEx
CoDecrementMTAUsage
CLSIDFromString
CoUninitialize
CoGetClassObject
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemRealloc

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoUninitialize
RoInitialize

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathParseIconLocationW
PathGetDriveNumberW
PathGetArgsW
PathRemoveBlanksW
PathFileExistsW
PathIsRelativeW
PathRemoveExtensionW
PathIsRootW
PathStripPathW
PathQuoteSpacesW

api-ms-win-shlwapi-winrt-storage-l1-1-1

StrFormatByteSizeEx
PathRemoveArgsW
StrRetToBufW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrToIntExW
StrRStrIW
StrTrimW
StrToIntW
StrStrIW
StrCmpIW
StrCmpW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOnFile

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageStatusForUser

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
CreateThreadpool
CreateThreadpoolTimer
SetThreadpoolThreadMinimum
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolThreadMaximum
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpool
CloseThreadpoolCleanupGroup

api-ms-win-appmodel-runtime-l1-1-1

VerifyPackageFamilyName
VerifyApplicationUserModelId

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
GetLengthSid
RevertToSelf
ImpersonateLoggedOnUser
CheckTokenMembership
GetTokenInformation
CopySid
AdjustTokenPrivileges

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-file-l1-1-0

CreateFileW
FileTimeToLocalFileTime
GetFileAttributesExW
FindFirstFileW
CompareFileTime
GetDiskFreeSpaceExW
GetVolumePathNameW
FindNextFileW
GetFileAttributesW
FindClose

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegOpenCurrentUser
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegSetValueExW
RegGetValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetNativeSystemInfo

propsys

ord435

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-appmodel-runtime-l1-1-3

GetPackagePathByFullName2

api-ms-win-appmodel-runtime-internal-l1-1-2

GetEffectivePackageStatusForUser

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

oleaut32

SysAllocString
VariantClear
SysStringLen
SysFreeString
VariantInit

devobj

DevObjEnumDeviceInterfaces
DevObjCreateDeviceInfoList
DevObjDestroyDeviceInfoList
DevObjGetClassDevs

api-ms-win-appmodel-runtime-internal-l1-1-4

GetEffectivePackageStatusForUserSid

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient13
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient12
ObjectStublessClient11
ObjectStublessClient6
ObjectStublessClient3
ObjectStublessClient7
ObjectStublessClient4
ObjectStublessClient5
ObjectStublessClient10

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

appxalluserstore

IsNonInboxAllUserPackage

msvcp_win

?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

xmllite

CreateXmlReader

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-shell-namespace-l1-1-0

SHBindToParent
ILFree
SHParseDisplayName

api-ms-win-core-string-l2-1-0

CharUpperBuffW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

shcore

ord190

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetProxyDllInfo
GetSetting
GetSettingForUser

Sections

.text
Size: 506KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingSync/ntlanman.dll
.dll windows:10 windows x64 arch:x64

1d58f8b10fbfca72e0906cca3c8743c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ntlanman.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
memmove
memcpy
_initterm
_amsg_exit
_XcptFilter
free
memcmp
__RTDynamicCast
_callnewh
malloc
wcsrchr
_wcsicmp
??1type_info@@UEAA@XZ
strcpy_s
_ultow
towupper
_wcsnicmp
memmove_s
_itow_s
memcpy_s
_vsnwprintf
wcschr
_onexit
__C_specific_handler
_purecall
wcscat_s
_wcsupr
wcscpy_s
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlCopyLuid
NtQueryInformationToken
NtOpenProcessToken
NtCreateFile
NtQueryInformationFile
RtlDeleteResource
RtlReleaseResource
RtlGetLastNtStatus
RtlVirtualUnwind
RtlAcquireResourceExclusive
NtClose
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlInitUnicodeStringEx
RtlEqualUnicodeString
RtlCompareUnicodeString
NtOpenFile
RtlInitUnicodeString
NtFsControlFile
RtlNtStatusToDosError
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeResource

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
LoadStringW
FreeLibrary
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
WaitForSingleObject
ReleaseSemaphore
ReleaseMutex
EnterCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
CreateSemaphoreExW
DeleteCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
AcquireSRWLockShared
ReleaseSRWLockShared
CreateMutexExW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-console-l1-1-0

SetConsoleMode
GetConsoleMode
ReadConsoleW
WriteConsoleW

api-ms-win-core-file-l1-1-0

GetFileType
GetDriveTypeW
WriteFile
CreateFileW
GetLogicalDrives

api-ms-win-security-base-l1-1-0

EqualSid

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllMain
I_SystemFocusDialog
NPAddConnection
NPAddConnection3
NPAddConnection4
NPCancelConnection
NPCloseEnum
NPEnumResource
NPFormatNetworkName
NPGetCaps
NPGetConnection
NPGetConnection3
NPGetConnectionPerformance
NPGetPersistentUseOptionsForConnection
NPGetPersistentUseOptionsForConnection2
NPGetReconnectFlags
NPGetResourceInformation
NPGetResourceParent
NPGetUniversalName
NPGetUser
NPOpenEnum
QueryAppInstanceVersion
RegisterAppInstance
RegisterAppInstanceVersion
ResetAllAppInstanceVersions
SetAppInstanceCsvFlags

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingSync/ntshrui.dll
.dll windows:10 windows x64 arch:x64

b9582fa395ad002392fa26ca93f66c57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ntshrui.pdb

Imports

msvcrt

memcpy
_vsnwprintf
memmove
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
towlower
realloc
_get_errno
free
malloc
_set_errno
wcsncmp
memmove_s
_vsnprintf_s
_wcsnicmp
_wcsicmp
memcpy_s
memcmp
memset

shcore

ord182
ord186
IUnknown_QueryService
IUnknown_Set
SHStrDupW
SHAnsiToUnicode
SHCreateThread
SHStrDupA
SHUnicodeToAnsi
IUnknown_SetSite
SHGetValueW
ord162
ord170
IsOS
ord123
ord184
ord172
ord187
ord190

shell32

SHGetFolderPathW
ord860
ShellExecuteExW
SHCreateItemWithParent
ord754
SHCreateShellItemArrayFromDataObject
SHCreateItemFromParsingName
SHGetIDListFromObject
SHGetFileInfoW
ord921
ord931
SHGetKnownFolderPath
ord850
ord152
ord21
ord18
ord102
ord755
SHGetFolderPathEx
SHCreateShellItemArrayFromShellItem
SHCreateItemFromIDList
SHChangeNotify
SHCreateShellItemArrayFromIDLists
SHParseDisplayName
ord155
ord680
ord178
ShellExecuteW

shlwapi

PathCombineW
ord388
ord165
StrRChrW
PathFileExistsW
StrCmpIW
PathStripToRootW
StrStrW
PathIsDirectoryW
ord172
StrDupW
PathIsURLW
PathSkipRootW
StrStrIW
PathRemoveFileSpecW
PathIsRootW
ord219
PathRemoveBlanksW
PathFindFileNameW
StrCSpnW
PathRemoveBackslashW
ord158
PathIsUNCW
StrChrW
PathGetDriveNumberW
PathFindNextComponentW
PathAppendW

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetModuleHandleW
GetProcAddress
LoadStringW
LockResource
FreeLibrary
GetModuleFileNameW
LoadResource
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateMutexExW
InitializeSRWLock
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
EnterCriticalSection
ReleaseMutex
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObject
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
SetErrorMode

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentThread
OpenProcessToken
OpenThreadToken
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW
GetUserDefaultLCID
FindNLSStringEx

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-path-l1-1-0

PathCchCanonicalize
PathCchAppend
PathIsUNCEx
PathCchRemoveFileSpec
PathAllocCombine
PathCchCombine

api-ms-win-core-file-l1-1-0

FindFirstFileW
FindNextFileW
GetDriveTypeW
FindClose
GetVolumeInformationW
GetFileAttributesW
GetVolumePathNameW

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemDirectoryW
GetWindowsDirectoryW
GetTickCount
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-com-l1-1-0

CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
CoCreateFreeThreadedMarshaler
CoUninitialize
CoTaskMemRealloc
PropVariantClear
CoTaskMemAlloc
CoGetMalloc
CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance
CoGetCallContext
StringFromGUID2

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetAclInformation
GetAce
IsValidSid
CopySid
GetLengthSid
EqualSid
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
GetSecurityDescriptorControl
CreateWellKnownSid
InitializeSecurityDescriptor
DuplicateToken
GetSecurityDescriptorLength
MapGenericMask
GetSecurityDescriptorOwner
SetSecurityDescriptorControl
AddAccessAllowedAceEx
AddAce
GetSidSubAuthorityCount
IsWellKnownSid
SetSecurityDescriptorDacl
GetSidSubAuthority
EqualPrefixSid
SetFileSecurityW
MakeSelfRelativeSD
AddAccessDeniedAceEx
InitializeAcl

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegGetValueW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoTransformError

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

sspicli

LogonUserExExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-lsapolicy-l1-1-0

LsaLookupNames2
LsaClose
LsaLookupSids
LsaFreeMemory
LsaOpenPolicy

api-ms-win-security-activedirectoryclient-l1-1-0

DsUnBindW
DsFreeNameResultW
DsCrackNamesW

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW
LookupAccountNameLocalW

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
ReleaseActCtx
DeactivateActCtx
CreateActCtxW

api-ms-win-security-lsalookup-l1-1-1

GetIdentityProviderInfoByGUID
ReleaseIdentityProviderEnumContext
EnumerateIdentityProviders
GetDefaultIdentityProvider

ntdll

RtlCreateUnicodeString
WinSqmAddToStream
RtlNtStatusToDosError
RtlDosPathNameToNtPathName_U
NtOpenFile
RtlFreeUnicodeString
EtwEventActivityIdControl
EtwEventWriteTransfer
RtlInitUnicodeString
RtlMapGenericMask
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwEventSetInformation

gdi32

DeleteDC
GetOutlineTextMetricsW
GetGlyphOutlineW
CreateFontIndirectW
GetStockObject
GetDeviceCaps
GetTextMetricsW
CreateFontW
SelectObject
SetBkMode
GetTextExtentPoint32W
SetTextColor
GetLayout
DeleteObject
CreateDIBSection
CreateCompatibleDC

kernel32

GetComputerNameW
lstrlenW
GetUserDefaultUILanguage
lstrcmpiW
MulDiv
GlobalUnlock
GlobalLock

propsys

PropVariantToBoolean
PropVariantToGUID
PropVariantToStringAlloc
VariantToBuffer
PSPropertyBag_WriteBOOL
PSPropertyBag_ReadDWORD
PropVariantToUInt32
PSPropertyBag_ReadGUID
PSPropertyBag_ReadBOOL
PSPropertyBag_WriteDWORD

user32

LoadMenuW
SetWindowLongW
SetFocus
CheckRadioButton
EndDialog
TrackPopupMenu
DestroyMenu
SendDlgItemMessageW
GetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked
ShowWindow
EnableWindow
SetDlgItemTextW
SetWindowTextW
PostMessageW
GetDlgItem
GetParent
GetWindowLongW
SystemParametersInfoW
GetAncestor
DestroyWindow
GetLastActivePopup
SwitchToThisWindow
RegisterClassW
LoadCursorW
DefWindowProcW
DestroyIcon
SendMessageW
SetWindowLongPtrW
GetWindowLongPtrW
GetSubMenu
FindWindowW
GetClassNameW
RegisterClipboardFormatW
GetWindowRect
GetCursorPos
ReleaseDC
GetDC
UnregisterClassW
MapDialogRect
SetWindowPos
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MapWindowPoints
IsWindowVisible
GetClientRect
SetForegroundWindow
BeginDeferWindowPos
DialogBoxParamW
DeferWindowPos
EndDeferWindowPos
GetSystemMetrics
FlashWindowEx
SetCursor
GetWindowTextLengthW
GetWindowTextW
DrawTextW
GetSysColor
LoadIconW
GetKeyState
GetMenuItemCount
GetWindow
GetMenuItemInfoW
SetMenuItemInfoW
SetThreadDpiAwarenessContext
InsertMenuW
SetMenuItemBitmaps
CreatePopupMenu
DeleteMenu
InsertMenuItemW
CreateWindowExW
ClientToScreen

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CanShareFolder
DllCanUnloadNow
DllGetClassObject
GetLocalPathFromNetResource
GetLocalPathFromNetResourceA
GetLocalPathFromNetResourceW
GetNetResourceFromLocalPath
GetNetResourceFromLocalPathA
GetNetResourceFromLocalPathW
IsFolderPrivateForUser
IsPathShared
IsPathSharedA
IsPathSharedW
SetFolderPermissionsForSharing
ShowShareFolderUI

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb/DXP.dll
.dll regsvr32 windows:10 windows x64 arch:x64

e3713153bb210e0fb2e92eb8ba18ed10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DXP.pdb

Imports

msvcrt

iswspace
_unlock
memcpy_s
_vsnprintf_s
__dllonexit
_onexit
_wcsicmp
memcmp
_callnewh
floorf
memset
_wcsnicmp
malloc
_purecall
free
_vsnwprintf
__C_specific_handler
_XcptFilter
_amsg_exit
__CxxFrameHandler3
_initterm
?terminate@@YAXXZ
_errno
memcpy
realloc
memmove_s
_lock
wcscmp

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
LockResource
LoadResource
GetModuleFileNameW
GetProcAddress
DisableThreadLibraryCalls
LoadLibraryExA
SizeofResource
LoadStringW
GetModuleHandleExW
FreeLibrary

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateGuid
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
PropVariantClear
CoUninitialize
CoWaitForMultipleHandles
CoInitializeEx
CoTaskMemFree
CoCreateInstance
StringFromGUID2
PropVariantCopy

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
LeaveCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockExclusive

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString
SysAllocStringLen

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

rpcrt4

UuidFromStringW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathParseIconLocationW

gdi32

GetStockObject
GetDeviceCaps
DeleteObject
SelectObject
GetTextExtentPoint32W
ExcludeClipRect
CreateSolidBrush
Rectangle
CreatePen

kernel32

InitOnceBeginInitialize
ReleaseSRWLockShared
CreateThreadpoolTimer
OpenSemaphoreW
InitializeCriticalSectionEx
AcquireSRWLockShared
WaitForSingleObjectEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
InitOnceComplete
ReleaseMutex
ReleaseSemaphore
SetLastError
OutputDebugStringW
IsDebuggerPresent
DebugBreak
GetModuleFileNameA
FormatMessageW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetModuleHandleW
CreateMutexExW
CreateSemaphoreExW
SetThreadpoolTimer

ntdll

EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
EtwEventWriteTransfer
WinSqmAddToStream
WinSqmSetDWORD
WinSqmEndSession
WinSqmStartSession
WinSqmIsOptedIn
EtwLogTraceEvent

shell32

ord155
SHGetPropertyStoreForWindow
ord71
ord153
ord25
ord256
SHCreateShellItemArrayFromDataObject
SHCreateItemFromIDList
ord18
SHChangeNotify
ShellExecuteW
ord19
SHCreateDefaultContextMenu
SHCreateDefaultExtractIcon
AssocCreateForClasses
SHGetNameFromIDList
ord152
ord67
ord6
ord16
SHGetIDListFromObject
ord265
SHParseDisplayName
SHBindToObject
ShellExecuteExW
SHCreateDirectoryExW
SHGetKnownFolderPath
ord264
SHCreateDataObject

shlwapi

SHStrDupW
ord615
ord199
ord176
StrCmpNW
ord168
ord204
ord256
ord156
ord174
ord158
StrStrW
ord12
ord172
ord538
ord618
ord278
ord24
ord215
StrCmpIW
ord514
ord219

user32

DrawEdge
GetDlgItem
GetWindowTextW
SetWindowTextW
GetSysColorBrush
FillRect
GetWindowRect
WindowFromDC
MapWindowPoints
GetParent
GetComboBoxInfo
EnableWindow
SetWindowPos
CallWindowProcW
RemoveMenu
GetSubMenu
LoadMenuW
EndDialog
DestroyIcon
ReleaseDC
GetDC
DefWindowProcW
GetWindowLongPtrW
PeekMessageW
RegisterDeviceNotificationW
CreateWindowExW
RegisterClassExW
UnregisterClassW
UnregisterDeviceNotification
GetClientRect
IsWindow
GetSystemMetrics
DialogBoxParamW
SetMenuDefaultItem
DestroyMenu
SetMenuItemInfoW
DeleteMenu
AllowSetForegroundWindow
SetWindowLongPtrW
PostMessageW
GetFocus
DestroyWindow
UnregisterClassA
ShowWindow
SendMessageW
SystemParametersInfoW
GetSysColor
DrawTextW

uxtheme

BufferedPaintInit
CloseThemeData
BufferedPaintUnInit
SetWindowTheme
DrawThemeText
DrawThemeBackground
GetThemeBackgroundContentRect
EndBufferedPaint
BeginBufferedPaint
OpenThemeData

setupapi

SetupDiGetDevicePropertyW
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceAlias
SetupDiDestroyDeviceInfoList
SetupDiDeleteDeviceInterfaceData
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

shdocvw

DllRegisterWindowClasses

propsys

PropVariantToStringAlloc
PSGetPropertyDescriptionListFromString
PSPropertyBag_WriteBOOL
PSPropertyBag_WriteUnknown
PSPropertyBag_ReadUnknown
PSFormatForDisplay
PropVariantToBoolean
PropVariantCompareEx
VariantToInt32
VariantToBoolean
PSPropertyBag_WriteStr
PSPropertyBag_WriteDWORD
PSPropertyBag_ReadStrAlloc
PSCreateMemoryPropertyStore
InitPropVariantFromCLSID
PropVariantToGUID
PropVariantToString
PSGetPropertyFromPropertyStorage
PSGetPropertyDescription
PropVariantToVariant
PSPropertyBag_ReadStr
InitPropVariantFromBuffer

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevFreeObjectProperties
DevFindProperty

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb/aadtb.dll
.dll windows:10 windows x64 arch:x64

70f4288e9e404bb3c7e552766ee39c43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aadtb.pdb

Imports

cryptngc

NgcDecryptWithSymmetricPopKey
NgcImportSymmetricPopKey
NgcSignWithSymmetricPopKey
NgcEnumContainers

certenroll

ord51
ord50

dsreg

DsrFreeJoinInfoEx
DsrGetJoinInfoEx

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

crypt32

CryptSignAndEncodeCertificate
CryptExportPublicKeyInfo
CryptProtectData
CryptUnprotectData
CertGetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CryptEncodeObject
CertSetCertificateContextProperty
CryptHashCertificate
CertFreeCertificateContext
CertCreateCertificateContext
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertFindCertificateInStore
CertCloseStore
CertOpenStore

ncrypt

NCryptOpenStorageProvider
NCryptOpenKey
NCryptFinalizeKey
NCryptSetProperty
NCryptCreatePersistedKey
NCryptDeleteKey
NCryptFreeObject
NCryptSignHash

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
RtlImageNtHeader

gdi32

DeleteObject
GetObjectW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
AcquireSRWLockExclusive
OpenSemaphoreW
CreateEventExW
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
LeaveCriticalSection
WaitForSingleObjectEx
SetEvent
ResetEvent
DeleteCriticalSection
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventActivityIdControl
EventUnregister

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapAlloc

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
HSTRING_UserMarshal64
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringLen
HSTRING_UserSize64
WindowsCompareStringOrdinal
HSTRING_UserUnmarshal
HSTRING_UserFree64
WindowsDuplicateString
WindowsDeleteString
HSTRING_UserMarshal
HSTRING_UserUnmarshal64
HSTRING_UserSize
WindowsCreateStringReference
WindowsConcatString
WindowsCreateString
HSTRING_UserFree

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-com-l1-1-0

CoMarshalInterThreadInterfaceInStream
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoGetObjectContext
CoCreateGuid
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoGetCallContext
CoGetInterfaceAndReleaseStream
CoGetApartmentType

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptGetProvParam
CryptAcquireContextW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
SetThreadStackGuarantee
CreateProcessW
TerminateProcess
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
Sleep

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
CopySid
GetTokenInformation
GetLengthSid

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

rpcrt4

NdrOleFree
CStdStubBuffer_IsIIDSupported
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_AddRef
NdrDllGetClassObject
NdrDllCanUnloadNow
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
NdrStubForwardingFunction

api-ms-win-core-com-midlproxystub-l1-1-0

NdrProxyForwardingFunction3
CStdStubBuffer2_Disconnect
ObjectStublessClient7
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient10
CStdStubBuffer2_Connect
CStdStubBuffer2_CountRefs

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueW
RegDeleteTreeW
RegCloseKey
RegGetValueW
RegSetValueExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

sspicli

LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaFreeReturnBuffer
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

wincorlib

?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
??0ClassNotRegisteredException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0COMException@Platform@@QE$AAA@HPE$AAVString@1@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
??0Delegate@Platform@@QE$AAA@XZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
??0Object@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z

msvcrt

_vscwprintf
_purecall
__ExceptionPtrDestroy
__ExceptionPtrCopy
__ExceptionPtrCurrentException
__ExceptionPtrCreate
?terminate@@YAXXZ
wcsstr
??_V@YAXPEAX@Z
_wcsicmp
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__ExceptionPtrRethrow
wcsnlen
wcschr
??2@YAPEAX_KHPEBDH@Z
wcsrchr
?name@type_info@@QEBAPEBDXZ
__RTtypeid
malloc
swprintf_s
_wcslwr_s
wcspbrk
iswspace
__C_specific_handler
time
wcscspn
wcsspn
_wcsicoll
wcsncmp
_wcsnicmp
_wcsupr_s
difftime
_vsnwprintf
_vsnprintf_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
__ExceptionPtrCopyException
_wtol
_wtoi
??0exception@@QEAA@AEBQEBDH@Z
memcpy_s
wcslen
_CxxThrowException
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
_initterm
realloc
__CxxFrameHandler3
??3@YAXPEAX@Z
_callnewh
memcpy
memmove
_vsnprintf
wcscat_s
wcsncpy_s
__RTDynamicCast
_gmtime64_s
wcsftime
memcmp
vswprintf_s
memmove_s
_wcsdup
memset
free

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-capability-l1-1-0

CapabilityCheck

Exports

Exports

AADTBAcquireToken
AADTBAcquireTokenEx
AADTBFreeString
AADTBFreeStruct
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 797KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb/cabview.dll
.dll windows:10 windows x64 arch:x64

291c388b00a8637a91af07dc09b2b201

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cabview.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
malloc
free
memcpy_s
memmove
_vsnwprintf
memcpy
_onexit
memset

shell32

SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
AssocGetDetailsOfPropKey
ord743
ord701
ord256
ord744
ord27
ord846
ord152
SHBindToParent
ord19
SHBindToObject
SHGetPathFromIDListA
SHBrowseForFolderW
ord155
ord18

shlwapi

StrRetToBufW
PathSkipRootW
AssocCreate
PathFindExtensionW
ord500
PathAppendW
ord158
ord619
SHStrDupW
PathIsUNCW
ord199
ord172
ord186
PathFindFileNameW
PathCombineW
PathAddBackslashA
ord216
PathFindFileNameA
ord217
ord215
ord219

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
SetThreadPriority
GetCurrentThread
GetCurrentProcessId
TerminateProcess

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
LockResource
GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW
FindResourceExW
LoadResource
LoadStringW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenSemaphoreW
WaitForSingleObject
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CreateMutexExW

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize

api-ms-win-core-file-l1-1-0

SetFilePointer
ReadFile
GetShortPathNameW
CreateFileW
GetFileSizeEx
GetTempFileNameW
LocalFileTimeToFileTime

api-ms-win-core-file-l1-2-0

GetTempPathW

oleaut32

VariantInit
VariantClear
SysAllocString

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

DosDateTimeToFileTime
DeactivateActCtx
ActivateActCtx
_llseek
_lread
_lwrite
_lclose
ReleaseActCtx
CreateActCtxW
lstrlenA
lstrcmpiW
lstrlenW

ole32

OleSetClipboard

propsys

VariantToPropVariant
PSFormatForDisplay
InitVariantFromFileTime
InitVariantFromStrRet
VariantCompare

user32

LoadCursorW
SendMessageW
RegisterClipboardFormatW
MessageBoxW
DestroyMenu
SetCursor
GetMenuItemCount
GetMenuItemInfoW
DeleteMenu
LoadMenuW
GetSubMenu
RemoveMenu
InsertMenuW
InsertMenuItemW
SetMenuDefaultItem
CreatePopupMenu

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Uninstall

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb/kbd103.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

kbd103.pdb

Exports

Exports

KbdLayerDescriptor
KbdNlsLayerDescriptor

Sections

.text
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppcsnap/filemgmt.dll
.dll regsvr32 windows:10 windows x64 arch:x64

89122c235f124c1d01afc6dc2575d168

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

filemgmt.pdb

Imports

mfc42u

ord2586
ord4741
ord3743
ord822
ord3774
ord867
ord3892
ord1033
ord2329
ord6614
ord6418
ord2661
ord4131
ord1498
ord6351
ord2781
ord2393
ord4860
ord2593
ord4747
ord3501
ord3806
ord912
ord4795
ord4894
ord4846
ord852
ord1035
ord4257
ord4262
ord6395
ord6385
ord2906
ord3396
ord3894
ord337
ord2326
ord4557
ord5245
ord1286
ord3761
ord5702
ord665
ord4612
ord1043
ord3754
ord629
ord599
ord6734
ord3182
ord2801
ord1264
ord5694
ord2666
ord1787
ord3177
ord2377
ord6632
ord2324
ord4344
ord1781
ord2665
ord2379
ord2316
ord4521
ord4127
ord4601
ord3003
ord1657
ord2474
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord1067
ord3751
ord3535
ord5229
ord5712
ord4743
ord1778
ord6440
ord2589
ord4542
ord1566
ord832
ord2023
ord2422
ord1906
ord1499
ord1442
ord2975
ord625
ord6216
ord5585
ord5583
ord5304
ord5114
ord5352
ord4699
ord5687
ord4722
ord5246
ord5406
ord2517
ord6437
ord4365
ord1777
ord4752
ord5663
ord2399
ord5586
ord6812
ord4694
ord5709
ord4017
ord5227
ord4789
ord2670
ord2060
ord6814
ord3933
ord5484
ord1736
ord5683
ord2457
ord2140
ord5699
ord4988
ord4771
ord3868
ord4548
ord6328
ord6147
ord5584
ord6767
ord5077
ord2764
ord2328
ord2311
ord2384
ord5382
ord999
ord549
ord4582
ord2629
ord6708
ord6705
ord2371
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord2412
ord3468
ord5722
ord5724
ord4368
ord5065
ord5730
ord5711
ord6053
ord3049
ord3243
ord3362
ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord3534
ord4082
ord4083
ord4077
ord3164
ord4371
ord4983
ord4770
ord3916
ord1426
ord2752
ord4214
ord1063
ord659
ord1562
ord1647
ord1441
ord2856
ord6050
ord621
ord4436
ord4523
ord2676
ord1677
ord1463
ord3790
ord3830
ord286
ord1574
ord2427
ord3740
ord1284
ord5887
ord2979
ord1287
ord2846
ord4473
ord5719
ord2408
ord287
ord620
ord1122
ord3873
ord568
ord1355
ord5950
ord1483
ord6880
ord626
ord5935
ord6886
ord1126
ord1040
ord624
ord1006
ord4721
ord6887

msvcrt

__RTDynamicCast
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_vsnwprintf
_wtoi64
_wcsnicmp
wcschr
calloc
iswspace
wcsstr
wcsncmp
_wcsicmp
??_V@YAXPEAX@Z
malloc
free
__C_specific_handler
__CxxFrameHandler3
_purecall
memset

atl

ord32
ord16
ord21
ord15
ord18
ord22

ntdll

RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlLookupFunctionEntry
RtlVirtualUnwind

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetLengthSid
CopySid
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
EnumServicesStatusW
RegDeleteValueW
GetUserNameW
RegConnectRegistryW
IsWellKnownSid
RevertToSelf
MapGenericMask
AllocateAndInitializeSid
MakeSelfRelativeSD
FreeSid
GetSecurityDescriptorLength
GetSecurityDescriptorControl
LsaOpenPolicy
LsaFreeMemory
LsaClose
LsaSetSystemAccessAccount
LsaGetSystemAccessAccount
LsaCreateAccount
LsaOpenAccount
GetSidSubAuthority
GetSidSubAuthorityCount
LsaLookupNames

user32

SetWindowsHookExW
GetWindowThreadProcessId
FindWindowExW
GetDlgCtrlID
GetSystemMetrics
GetWindowRect
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
EnumThreadWindows
IsWindowVisible
GetDesktopWindow
GetFocus
GetWindowLongW
SetActiveWindow
SetWindowTextW
GetClientRect
ShowWindow
MessageBoxW
PostMessageW
GetParent
LoadImageW
UnhookWindowsHookEx
GetActiveWindow
LoadBitmapW
WinHelpW
EnableWindow
SetDlgItemTextW
EndDialog
GetWindowLongPtrW
GetDlgItemTextW
IsDlgButtonChecked
SetFocus
SetWindowLongPtrW
GetDlgItem
SendMessageW
RegisterClipboardFormatW
LoadStringW
DialogBoxParamW
LoadIconW
CallNextHookEx

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

gdi32

DeleteObject

cfgmgr32

CM_Set_HW_Prof_Flags_ExW
CM_Disconnect_Machine
CM_Connect_MachineW
CM_Get_HW_Prof_Flags_ExW

kernel32

GetLastError
GetModuleFileNameW
GetCurrentThreadId
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
GetProcAddress
SetLastError
DeactivateActCtx
LoadLibraryW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
QueryActCtxW
GetModuleHandleW
OutputDebugStringA
CreateThread
WaitForSingleObject
DuplicateHandle
GlobalLock
GlobalUnlock
GlobalFree
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetCurrentProcess
CloseHandle
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
FormatMessageW
LocalFree
GetSystemWindowsDirectoryW
ResumeThread
LocalAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
ReleaseActCtx
lstrlenW
CreateProcessW
GetExitCodeProcess
GetComputerNameExW
CreateEventW
Sleep
GlobalAlloc
LoadLibraryExW
GetCommandLineW
FreeLibrary
CompareStringW
GetComputerNameW
WideCharToMultiByte
SetEvent
lstrcmpW

Exports

Exports

CacheSettingsDlg
CacheSettingsDlg2
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppcsnap/htui.dll
.dll windows:10 windows x64 arch:x64

21d1e5400522e04edf30278ff3ede414

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

htui.pdb

Imports

msvcrt

_vsnwprintf
_XcptFilter
_amsg_exit
free
malloc
_initterm
strncmp
memmove
memcpy
memcmp
__C_specific_handler
wcstol
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

ReadFile
WriteProfileStringW
lstrlenW
WriteFile
SetFilePointer
CreateFileW
GlobalAlloc
GlobalFree
CloseHandle
GlobalLock
GetProfileStringW
GlobalUnlock
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetLocaleInfoW
MultiByteToWideChar
LocalAlloc
LocalFree

gdi32

BitBlt
CreateCompatibleBitmap
SaveDC
SelectObject
CreateCompatibleDC
RealizePalette
StretchDIBits
GetStockObject
GetDIBits
DeleteDC
CreateHalftonePalette
SelectPalette
SetColorAdjustment
GetObjectW
ExcludeClipRect
SetStretchBltMode
RestoreDC
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

user32

DefWindowProcW
CallWindowProcW
PostMessageW
GetWindow
GetWindowRect
DestroyWindow
GetWindowLongW
IsWindowVisible
SetWindowPos
SetActiveWindow
EnumChildWindows
SetWindowLongPtrW
FillRect
CreateWindowExW
GetDC
ScreenToClient
SendMessageW
EndDialog
DialogBoxParamW
GetActiveWindow
LoadStringW
GetWindowTextW
EnableWindow
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
GetParent
SetScrollPos
CheckDlgButton
GetDlgItem
GetClientRect
SetWindowLongW
SetScrollRange
SetCursor
EndDeferWindowPos
GetWindowDC
LoadCursorW
SetWindowContextHelpId
SetFocus
WinHelpW
IsDlgButtonChecked
IsWindowEnabled
SendDlgItemMessageW
RegisterClassW
SetDlgItemTextW
ClientToScreen
GetDlgCtrlID
BeginDeferWindowPos
ShowWindow
GetWindowLongPtrW
ChildWindowFromPointEx
SetClassLongPtrW
SetWindowTextW
GetSystemMetrics
DeferWindowPos

Exports

Exports

DllMain
HTUI_ColorAdjustment
HTUI_ColorAdjustmentA
HTUI_ColorAdjustmentW
HTUI_DeviceColorAdjustment
HTUI_DeviceColorAdjustmentA
HTUI_DeviceColorAdjustmentW

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppcsnap/mssph.dll
.dll regsvr32 windows:10 windows x64 arch:x64

5dfbf61ae94045240f766cbfaff03ede

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mssph.pdb

Imports

msvcrt

__CxxFrameHandler3
??1type_info@@UEAA@XZ
realloc
_errno
memset
_initterm
toupper
_wcsnicmp
wcsncmp
?terminate@@YAXXZ
_wcsicmp
towupper
iswspace
_onexit
_wtol
_lock
memmove_s
_amsg_exit
wcsncpy_s
__dllonexit
_unlock
wcschr
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
_XcptFilter
memcpy
malloc
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
wcscat_s
wcscpy_s
memcpy_s
_vsnwprintf
__C_specific_handler
memcmp
memmove
wcscmp

oleaut32

VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA
GetProcAddress
SizeofResource
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleExW
LoadResource
FindResourceExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete
WakeAllConditionVariable
InitOnceExecuteOnce
SleepConditionVariableSRW

api-ms-win-core-synch-l1-1-0

OpenMutexW
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
ReleaseMutex
CreateEventW
SetEvent
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
CreateMutexExW
WaitForSingleObject
ReleaseSRWLockExclusive
OpenSemaphoreW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-com-l1-1-0

CoCreateInstance
PropVariantCopy
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUnmarshalInterface
StringFromGUID2

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetSystemDefaultLCID
LCMapStringW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent

ntdll

RtlIsCloudFilesPlaceholder
RtlIsNonEmptyDirectoryReparsePointAllowed
RtlInitUnicodeString
EtwEventEnabled
ZwQueryInformationFile
NtCreateFile
RtlNtStatusToDosError
RtlIsStateSeparationEnabled
RtlGetPersistedStateLocation
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
EtwEventSetInformation
RtlIsPartialPlaceholder

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

GetDriveTypeW
SetFilePointer
LockFile
DeleteFileW
ReadFile
SetEndOfFile
WriteFile
SetFileTime
UnlockFile
GetFileAttributesW
CreateFileW
CompareFileTime
GetFileSize
GetFileTime
FlushFileBuffers

api-ms-win-security-base-l1-1-0

IsValidSid
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
SetSecurityDescriptorOwner
MakeSelfRelativeSD
MakeAbsoluteSD
SetSecurityDescriptorGroup
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorGroup
IsValidSecurityDescriptor

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-shcore-registry-l1-1-0

SHEnumKeyExW
SHEnumValueW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualFree
VirtualAlloc

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventProviderEnabled
EventRegister

shcore

ord190
SHCreateMemStream

api-ms-win-core-shlwapi-legacy-l1-1-0

PathStripToRootW
PathFindExtensionW
PathGetDriveNumberW
PathFileExistsW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppcsnap/ppcsnap.dll
.dll regsvr32 windows:10 windows x64 arch:x64

4c8643e25d8890880fa02c675c74a56f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ppcsnap.pdb

Imports

msvcrt

free
memmove
_amsg_exit
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_XcptFilter
__CxxFrameHandler3
_lock
_unlock
__dllonexit
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_onexit
??1type_info@@UEAA@XZ
memset
memcmp
??_V@YAXPEAX@Z
_callnewh
malloc
_purecall
__C_specific_handler
??3@YAXPEAX@Z
_vsnwprintf
wcschr
_wcsicmp
memcpy
_initterm
wcscmp

kernel32

DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
GetLastError
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
RaiseException
DeactivateActCtx
ActivateActCtx
LoadLibraryW
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
VirtualFree
GetCurrentProcess
VirtualAlloc
LoadLibraryExA
EncodePointer
HeapAlloc
DecodePointer
GetProcAddress
GetProcessHeap
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateEventW
SetThreadpoolTimer
WaitForSingleObject
CloseHandle
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
SetEvent
HeapFree

ole32

CoCreateInstance
CoTaskMemAlloc
GetHGlobalFromStream
StringFromIID
CoCreateGuid
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoInitialize

user32

PeekMessageW
PostQuitMessage
IsWindow
RegisterClassExW
GetClassInfoExW
GetWindowTextLengthW
GetDlgItemTextW
LoadIconW
SetWindowTextW
SetWindowLongPtrW
EnableWindow
GetDlgItem
MessageBoxW
PostMessageW
CallWindowProcW
GetActiveWindow
CreateWindowExW
GetWindowLongPtrW
DefWindowProcW
DestroyWindow
LoadCursorW
SetFocus
DialogBoxParamW
GetLastActivePopup
wsprintfW
GetWindow
GetParent
GetGUIThreadInfo
EndDialog
RegisterClipboardFormatW
SendMessageW

oleaut32

VariantInit
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString

shlwapi

ord219
ord174
ord209
ord211
ord208
ord210
ord256

puiapi

STRAPI_LoadString
PUIAPI_CreateInstance
PUIAPI_ShowBrowseForPrinterDialog
STRAPI_TrimString
STRAPI_GUID2String
STRAPI_Format

advapi32

RegDeleteKeyExW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

ntdll

TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
TpReleaseWait
TpWaitForWait
TpReleaseWork
TpWaitForWork
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpReleasePool
TpCallbackMayRunLong
TpSetWait
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
RtlNtStatusToDosError
TpSimpleTryPost

activeds

ord3

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi
srcore/SettingsHandlers_Region.dll
.dll windows:10 windows x64 arch:x64

95bd90ee02c4f844813fa104647a2ee4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_Region.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_bsearch_s
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_toupper
_o_wcstol
__C_specific_handler
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
__std_terminate
_o___std_type_info_destroy_list
_o___std_exception_destroy
__CxxFrameHandler4
memcmp
memcpy
_o___std_exception_copy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObjectEx
CreateEventW
InitializeSRWLock
CreateSemaphoreExW
OpenSemaphoreW
EnterCriticalSection
ResetEvent
InitializeCriticalSectionEx
SetEvent
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex
CreateMutexExW
CreateEventExW
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-string-l1-1-0

CompareStringEx
CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread
OpenThreadToken
GetCurrentThread
TerminateProcess

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
FormatMessageW
GetCalendarInfoEx
GetLocaleInfoEx
GetCalendarInfoW
SetLocaleInfoW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateString

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

winlangdb

SetUserLanguages
SetUserLanguagesCore
GetRegionalFormatList
EnsureLanguageProfileExists

bcp47langs

Bcp47GetMuiForm
AppendUserLanguageInputMethods
GetAppropriateUserLocaleForUserLanguages
GetUserLanguages
GetUserLocaleFromLanguageProfileOptOut
Bcp47Normalize
ClearUserLocaleFromLanguageProfileOptOut
SetUserLocaleFromLanguageProfileOptOut
GetPendingUserDisplayLanguage
Bcp47GetDistance
Bcp47GetIsoLanguageCode
Bcp47GetIsoScriptCode

shcore

SHStrDupW
ord162

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
EventProviderEnabled

api-ms-win-core-localization-l1-2-3

SetUserGeoName
GetGeoInfoEx
GetUserDefaultGeoName
EnumSystemGeoNames

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-com-l1-1-0

CoUninitialize
CoGetMalloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoDecrementMTAUsage
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoGetApartmentType
CoTaskMemRealloc

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-localization-l2-1-0

EnumCalendarInfoExEx
EnumTimeFormatsEx

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
EnumUILanguagesW

coremessaging

CoreUICreate

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-private-l1-1-0

NlsUpdateLocale
NlsCheckPolicy

ntdll

RtlIsMultiUsersInSessionSku

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSetting

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srcore/networkhelper.dll
.dll windows:10 windows x64 arch:x64

a27bcbd490e1101d8155e000cd94272f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NetworkHelper.pdb

Imports

msvcrt

memmove
realloc
_onexit
__dllonexit
_unlock
memcpy
_purecall
_wsplitpath_s
swprintf_s
wcsncpy_s
_vsnwprintf
memcpy_s
__CxxFrameHandler3
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
memcmp
_strnicmp
__C_specific_handler
memset

ntdll

NtQuerySystemInformation
RtlReportException
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlLengthSid
RtlAllocateHeap

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
ResetEvent
ReleaseSRWLockShared
DeleteCriticalSection
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSemaphore
SetEvent
CreateEventW
EnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
CreateSemaphoreExW
ReleaseSRWLockExclusive
CreateMutexExW
AcquireSRWLockExclusive
ReleaseMutex

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegNotifyChangeKeyValue
RegCreateKeyExW
RegQueryValueExW
RegGetValueW
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
GetModuleHandleW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

umpdc

Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientActivate
Pdcv2ActivationClientRegister
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientRenewActivation

syncutil

ord9

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

Exports

Exports

CHttpTransport_CreateInstance
CheckPdcRenewal
CreateControlChannelTriggerConnectionManager
GetOrCreateNullPowerDependencyCoordinatorManager
GetSerializedAppMetadata
InitializePowerDependencyCoordinatorManager
IsNetworkConnectionCostRestricted
ProgressStatus
ReleasePowerDependencyCoordinatorManager
ReportSyncProgress
SyncPdcReference_WatchdogReport
SyncPdcReference_WatchdogsEnabled
SyncWerReportComponentName
SyncWerReportGenerator

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srcore/srcore.dll
.dll regsvr32 windows:10 windows x64 arch:x64

4b0696026fb387c2fee04b5aa55758e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

srcore.pdb

Imports

msvcrt

memcmp
memcpy
memmove
wcsnlen
iswspace
wcsrchr
_vscwprintf
_wcslwr
wcsstr
strchr
wcspbrk
memset
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
_vsnwprintf
wcstoul
_wcsupr
wcsncmp
wcschr
_wcsicmp
realloc
wcscat_s
malloc
free
__C_specific_handler
_purecall
_wcsnicmp
wcscmp

kernel32

SetThreadExecutionState
DebugBreak
CloseHandle
ReadFile
WriteFile
GetFileSizeEx
SetLastError
DeleteFileW
CreateDirectoryW
SetFileAttributesW
SetFileShortNameW
QueryPerformanceCounter
MoveFileExW
RemoveDirectoryW
GetSystemTimeAsFileTime
BackupRead
QueryPerformanceFrequency
WerRegisterFile
FindFirstFileW
FindNextFileW
FindClose
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
WaitForMultipleObjects
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
UnmapViewOfFile
GetCurrentThread
DuplicateHandle
MapViewOfFile
CreateFileMappingW
CreateProcessW
SetThreadErrorMode
SetErrorMode
VirtualFree
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
LocalFree
HeapDestroy
DisableThreadLibraryCalls
InitializeProcThreadAttributeList
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
VirtualQuery
VirtualAlloc
VirtualProtect
lstrcpynW
lstrcmpiW
GetModuleHandleW
GetProcessId
GetSystemDirectoryW
IsWow64Process2
FindVolumeClose
FormatMessageW
HeapFree
DeviceIoControl
LoadLibraryExW
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetProcessHeap
HeapAlloc
VirtualUnlock
GetProcAddress
GetLastError
FreeLibrary
GetFileAttributesW
GetFileType
BackupWrite
GetVolumePathNameW
CreateDirectoryExW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
ExpandEnvironmentStringsW
GetDiskFreeSpaceExW
GetFullPathNameW
GetDriveTypeW
FindFirstVolumeW
FindNextVolumeW
TerminateProcess

user32

CharPrevW
CharNextW
GetSystemMetrics
LoadStringW

ktmw32

CommitTransaction
RollbackTransaction
CreateTransaction

ntdll

RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlSetCurrentTransaction
RtlGetCurrentTransaction
WinSqmAddToStream
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlComputeCrc32
RtlDosPathNameToNtPathName_U
DbgPrintEx
NtClose
RtlWerpReportException
NtSetSystemInformation
RtlTryAcquirePebLock
RtlReleasePebLock
NtClearEvent
RtlDecodeSystemPointer
RtlEnumerateGenericTableWithoutSplayingAvl
EtwTraceMessage
NtQuerySecurityObject
RtlValidRelativeSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlSetControlSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
NtSetSecurityObject
RtlNtStatusToDosError
RtlInitUnicodeString
RtlCreateSystemVolumeInformationFolder
RtlFreeHeap
RtlGetLastNtStatus
RtlLockBootStatusData
RtlGetSetBootStatusData
RtlFreeUnicodeString
RtlSetBits
RtlInitializeBitMap
NtSetInformationProcess
NtQueryInformationProcess
WinSqmAddToStreamEx
RtlUnlockBootStatusData
NtQueryInformationFile
NtOpenFile
NtSetInformationFile

rpcrt4

NdrMesTypeEncode3
NdrMesTypeDecode3
MesEncodeDynBufferHandleCreate
I_RpcExceptionFilter
MesDecodeBufferHandleCreate
MesHandleFree

ole32

CoGetMalloc
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromCLSID
StringFromGUID2
CLSIDFromString

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString

advapi32

RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyExW
RegOpenKeyTransactedW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegCloseKey
RegReplaceKeyW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegLoadKeyW
RegUnLoadKeyW
TraceMessage
RegQueryValueExW
LookupPrivilegeValueW
EventRegister
EventEnabled
EventWrite
EventUnregister
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenThreadToken
OpenProcessToken
ControlTraceW
StartTraceW
EnableTraceEx2
RegisterEventSourceW
ReportEventW
DeregisterEventSource
AdjustTokenPrivileges

vssapi

GetProviderMgmtInterfaceInternal

wer

WerReportAddFile
WerReportSetParameter
WerReportSubmit
WerReportCloseHandle
WerReportCreate

spp

SxTracerDebuggerBreak
SxTracerShouldTrackFailure
SxTracerGetThreadContextRetail
SppFreeGroupPropArray

bcd

BcdEnumerateObjects
BcdOpenSystemStore
BcdCloseObject
BcdGetElementData
BcdOpenObject
BcdCloseStore

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ShutdownContinuation
SrFreeRestoreStatus
SrFreeRpPropArray

Sections

.text
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srcore/uireng.dll
.dll windows:10 windows x64 arch:x64

c2ca58b2270719afbdbaea723f8d2d76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

uireng.pdb

Imports

msvcrt

wcsrchr
wcschr
memcpy
memmove
_wcsnicmp
_CxxThrowException
_wtoi
wcstol
_wcsupr
wcsstr
wcstoul
_wcstoui64
_itow_s
wcscpy_s
__CxxFrameHandler3
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
_vsnprintf
_wcsicmp
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
_snwscanf_s
_vscwprintf
wcscmp

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
EventUnregister
StartTraceW
UnregisterTraceGuids
RegOpenKeyW
RegisterTraceGuidsW
GetTraceEnableFlags
EnableTrace
FlushTraceW
EnableTraceEx
ControlTraceW
EventWriteString
OpenTraceW
ProcessTrace
CloseTrace
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

gdi32

CreateSolidBrush
StretchBlt
CreateCompatibleDC
CreateDCW
ExcludeClipRect
DeleteObject
CreatePen
SelectObject
GetStockObject
Rectangle
ExtCreatePen
MoveToEx
LineTo
PolyBezier
SetDCBrushColor
Ellipse
DeleteDC
GetCurrentObject
CreateCompatibleBitmap
BitBlt
GetObjectW

gdiplus

GdipAlloc
GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipCloneImage

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
ExitProcess
OpenProcess
K32GetModuleFileNameExW
LocalFree
GetSystemTimeAsFileTime
ReadProcessMemory
GetTimeFormatW
GetFileAttributesW
RemoveDirectoryW
ExpandEnvironmentStringsW
CreateDirectoryW
WaitForMultipleObjects
CreateThread
Sleep
UnregisterWait
RegisterWaitForSingleObject
FindFirstFileW
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
ReadFile
FreeLibrary
GetWindowsDirectoryW
LoadLibraryW
ResumeThread
GetSystemDirectoryW
FindNextFileW
GetDriveTypeW
GetLongPathNameW
SizeofResource
WriteFile
UnmapViewOfFile
MultiByteToWideChar
LockResource
DeleteFileW
LoadResource
FindResourceW
GetFileSize
WideCharToMultiByte
CreateFileMappingW
SearchPathW
DuplicateHandle
ResetEvent
GetThreadPriority
GetCurrentThread
MapViewOfFile
SetEvent
CreateEventW
InitializeConditionVariable
SetThreadPriority
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
HeapReAlloc
DeleteCriticalSection
LoadLibraryExW
FindClose
GetVersionExW
GetProductInfo
FileTimeToSystemTime
MoveFileExW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
QueryFullProcessImageNameW

msdrm

DRMIsWindowProtected

ntdll

RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlGetFullPathName_UEx
RtlInitUnicodeString
NtApphelpCacheControl
NtQueryValueKey
NtClose
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeStringEx
NtQueryInformationProcess
ZwClose
ZwOpenKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlFormatCurrentUserKeyPath
ZwCreateFile

ole32

CoCreateInstance
StringFromGUID2
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateGuid
CLSIDFromString

oleacc

GetRoleTextW

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString
SysStringLen

shell32

CommandLineToArgvW
ShellExecuteW
SHFileOperationW

shlwapi

PathRemoveBlanksW
PathRemoveExtensionW
SHCreateStreamOnFileEx
PathFindFileNameW
PathCombineW

user32

CallNextHookEx
SetWindowsHookExW
GetClientRect
SetLayeredWindowAttributes
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
ShowWindow
RegisterWindowMessageW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
WindowFromPoint
GetWindowThreadProcessId
GetGUIThreadInfo
GetCursorInfo
ReleaseDC
UnhookWindowsHookEx
GetDC
GetDesktopWindow
DrawIcon
GetIconInfo
LoadCursorW
GetWindowRect
GetClassNameW
InternalGetWindowText
GetParent
GetWindowLongPtrW
GetKeyState
GetKeyNameTextW
MapVirtualKeyW
GetWindowInfo
PtInRect
GetAsyncKeyState
LoadImageW
GetSystemMetrics
GetDoubleClickTime
IsHungAppWindow
GetRawInputDeviceInfoW
GetPointerDevices
DestroyWindow
RegisterRawInputDevices
RegisterClassExW
CreateWindowExW
UnregisterClassW
FillRect
SetWindowLongPtrW
CopyImage
SetWindowPos
GetWindowTextW
EnableWindow
ReleaseCapture
SystemParametersInfoW
GetDlgItem
SwitchDesktop
SetCapture
GetProcessDefaultLayout
FindWindowW
LoadIconW
IsRectEmpty
CreateDesktopW
ClientToScreen
IsDialogMessageW
CloseDesktop
GetThreadDesktop
SetThreadDesktop
SendMessageW
SetProcessDefaultLayout
CreateDialogParamW
GetWindowTextLengthW
GetCursorPos
InvalidateRect
UpdateWindow
FindWindowExW
WindowFromPhysicalPoint
DefWindowProcW
GetRawInputData
EndPaint
SetWinEventHook
GetWindowLongW
ShowWindowAsync
UnhookWinEvent
PhysicalToLogicalPointForPerMonitorDPI
EnumWindows
BeginPaint

aepic

PicFreeFileInfo
PicRetrieveFileInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

xmllite

CreateXmlWriter

hid

HidP_GetLinkCollectionNodes
HidP_GetValueCaps
HidP_GetUsageValue
HidP_GetUsages
HidP_GetCaps

msimg32

AlphaBlend

rpcrt4

RpcServerListen
RpcServerRegisterIf2
NdrServerCall2
RpcServerUseProtseqEpW
NdrServerCallAll

Exports

Exports

UirGetScreenComment
UirInitializeEngine
UirIsRecordingActive
UirOutCreateOutputFile
UirPauseRecordingSession
UirResumeRecordingSession
UirStartRecordingSession
UirStopRecordingSession
UirUninitializeEngine
UirUpdateRecordingSession

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b47ecf8ca02907cd93bfb196ed60609

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shlwapi-winrt-storage-l1-1-1

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-rtcore-ntuser-synch-l1-1-0

coremessaging

ntdll

coreuicomponents

slc

wevtapi

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-localization-private-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

Exports

Exports

Sections

.text Size: 461KB - Virtual size: 461KB

.rdata Size: 183KB - Virtual size: 183KB

.data Size: 6KB - Virtual size: 29KB

.pdata Size: 29KB - Virtual size: 29KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 5KB - Virtual size: 4KB

b0bb27ce5cdd3d300283a7aff90636b8

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

fd:65:d6:5f:57:5b:23:a0:60:8c:71:18:89:c7:1d:19:db:b6:73:a5:a3:3f:58:4a:a7:a4:17:76:06:5a:63:82Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

.text
Size: 461KB - Virtual size: 461KB

.rdata
Size: 183KB - Virtual size: 183KB

.data
Size: 6KB - Virtual size: 29KB

.pdata
Size: 29KB - Virtual size: 29KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 4KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

fd:65:d6:5f:57:5b:23:a0:60:8c:71:18:89:c7:1d:19:db:b6:73:a5:a3:3f:58:4a:a7:a4:17:76:06:5a:63:82
Signer