x64__x32__installer___[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

x64__x32__installer___.zip
Size

32.6MB
MD5

9d4f2c26e70b5e4ceaf46555174350e5
SHA1

a6d1cbbda6c62ec402d5db5b7663b007354049bb
SHA256

f6ac10dd4d74b78268027d9d6c40914a2c5d51dadda6d0c7c3d216f02361efda
SHA512

802931c132c0bf95c42469b592c4450b5e1b47eab1fa6ee632dc9e489ee4a606e446eeb40de7c2677d5827b52fb3bcd046c8cfb5306a9fe06139446705fb237e
SSDEEP

786432:LZni3uw7rJmfRZYu9pHel0oXaowsC17TGrFgQ3pe3MEYd/UZNaO:Ldp/HmjwnKruQZecZM7

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/container/Display.dll
unpack001/container/container.dll
unpack001/container/daxexec.dll
unpack001/container/dmocx.dll
unpack001/els/els.dll
unpack001/els/energy.dll
unpack001/els/es.dll
unpack001/els/psisdecd.dll
unpack001/neth/NetSetupShim.dll
unpack001/neth/PeerDistSh.dll
unpack001/neth/neth.dll
unpack001/neth/sdohlp.dll
unpack001/sud/StorSvc.dll
unpack001/sud/security.dll
unpack001/sud/sppnp.dll
unpack001/sud/sud.dll

Files

x64__x32__installer___.zip
.zip
container/Display.dll
.dll windows:10 windows x64 arch:x64

c864bd970b52b07ca184b7253e4fd3e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Display.pdb

Imports

msvcrt

memcpy
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_vsnwprintf
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
atoi
_wcsnicmp
memcmp
_wcsicmp
memcpy_s
_lock
memset

shell32

ord169
ord167
ord194
ord74
ord59

shlwapi

SHDeleteKeyW
ord388
SHGetValueW
SHStrDupW
ord219
StrStrIW
StrRChrW
StrCmpIW
SHSetValueW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadStringW
LoadLibraryExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalAlloc

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-devices-config-l1-1-1

CM_Get_Device_ID_Size
CM_Locate_DevNodeW
CM_Get_Child
CM_Get_Device_IDW
CM_Get_Sibling

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

EtwEventRegister
EtwEventSetInformation
EtwEventUnregister
EtwEventWriteTransfer

kernel32

lstrlenW
DeactivateActCtx
ReleaseActCtx
CreateActCtxW
lstrcmpiW
ActivateActCtx

user32

SetProcessDPIAware
SendMessageW
SetRectEmpty
RegisterClipboardFormatW
QueryDisplayConfig
DisplayConfigGetDeviceInfo
EnumDisplaySettingsExW
EqualRect
AlignRects
SetDisplayConfig
CopyRect
SetCursorPos
ChangeDisplaySettingsExW
GetDisplayConfigBufferSizes
ord2507
ChangeDisplaySettingsW
GetCursorPos
GetAutoRotationState
DisplayConfigSetDeviceInfo
EnumDisplaySettingsW
OffsetRect
GetSystemMetrics
SystemParametersInfoW
EnumDisplayDevicesW
SetRect

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DisplaySaveSettingsEx
DllCanUnloadNow
DllGetClassObject
ShowAdapterSettings

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
container/container.dll
.dll windows:10 windows x64 arch:x64

6a5352d96ca8f01a406da8b89b3d2ac2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

container.pdb

Imports

msvcp_win

?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
__std_terminate
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o___std_exception_destroy
memmove
_o__wcsicmp
_o_abort
_o_free
_o_malloc
_o_terminate
_o_towlower
_o_towupper
_o_wcscpy_s
_o_wcstol
_o_wcstoull
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
__CxxFrameHandler4
_o___std_exception_copy
_o___std_type_info_destroy_list
memcmp
memcpy

ntdll

NtQueryInformationJobObject
NtAssignProcessToJobObject
NtClose
RtlQueryRegistryValuesEx
RtlInitUnicodeString
NtFsControlFile
NtOpenSymbolicLinkObject
NtCreateDirectoryObjectEx
NtQuerySymbolicLinkObject
NtSetInformationSymbolicLink
NtOpenDirectoryObject
NtCreateSymbolicLinkObject
NtQueryKey
NtDeleteKey
NtEnumerateKey
NtOpenKey
NtCreateKey
RtlConnectToSm
NtSetInformationJobObject
RtlAllocateHeap
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlReleaseRelativeName
NtQueryEaFile
RtlFreeHeap
NtWaitForSingleObject
NtCreateFile
NtSetValueKey
TpReleaseJobNotification
TpAllocJobNotification
TpWaitForJobNotification
RtlStringFromGUIDEx
NtQuerySecurityObject
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlSendMsgToSm

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
EnterCriticalSection
AcquireSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSRWLockShared
AcquireSRWLockShared
DeleteCriticalSection
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventActivityIdControl
EventRegister
EventWriteTransfer

api-ms-win-core-file-l1-1-0

FindClose
GetFileSize
ReadFile
CreateFileW
FindFirstFileExW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
InitializeProcThreadAttributeList
GetCurrentProcessId
GetCurrentProcess
CreateProcessAsUserW
OpenProcessToken
UpdateProcThreadAttribute
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
SetTokenInformation

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetSystemTimeAsFileTime

iphlpapi

InitializeCompartmentEntry
DeleteCompartment
GetJobCompartmentId
CreateCompartment
SetJobCompartmentId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

?AddRuntimeVirtualKeysToContainer@container@@YAXPEAXKPEAU_WC_VKEY_INFO@@@Z
?CleanupContainer@container@@YAXPEAXPEBG@Z
?CreateContainer@container@@YAXPEAXAEBUContainer@DefinitionFile@1@_N0@Z
?GetComRegistryRoot@container@@YAPEAXPEAX@Z
?GetContainerIdentifierString@container@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PEAX@Z
?GetContainerObjectRootPath@container@@YAXPEAXAEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetRegistryRootPath@container@@YAXPEAXAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEAV23@@Z
?IsContainerQuiescent@container@@YAEPEAX@Z
?LaunchApplicationContainer@container@@YAPEAXPEAXPEBGK@Z
?LaunchContainer@container@@YAXPEAX@Z
?RegisterForContainerTerminationNotification@container@@YAPEAU_WC_CONTAINER_NOTIFICATION@@PEAXP6AX0W4_WC_CONTAINER_TERMINATION_REASON@@PEAU2@0@Z0@Z
?ReleaseContainerTerminationNotification@container@@YAXPEAU_WC_CONTAINER_NOTIFICATION@@@Z
?SetRegistryFlushState@container@@YAXPEAXE@Z
?ShutdownAppContainer@container@@YA_NPEAX@Z
?WaitForContainerTerminationNotification@container@@YAXPEAU_WC_CONTAINER_NOTIFICATION@@@Z
WcAddRuntimeVirtualKeysToContainer
WcCleanupContainer
WcCreateContainer
WcCreateDescriptionFromXml
WcDestroyDescription
WcGetComRegistryRoot
WcGetContainerIdentifier
WcGetContainerObjectRootPath
WcGetContainerRegistryRootPath
WcIsContainerQuiescent
WcLaunchApplicationContainer
WcLaunchContainer
WcRegisterForContainerTerminationNotification
WcReleaseContainerTerminationNotification
WcSetRegistryFlushState
WcShutdownAppContainer
WcWaitForContainerTerminationNotification

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
container/daxexec.dll
.dll windows:10 windows x64 arch:x64

5041e351eed7fd789520bd199556516e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

daxexec.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
_o_calloc
memmove
_o_free
_o_malloc
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcsncat_s
_o_wcsncpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__invalid_parameter_noinfo_noreturn
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__invalid_parameter_noinfo
_o__aligned_malloc
_o__initialize_onexit_table
_o__aligned_free
wcschr
__std_type_info_compare
_o___stdio_common_vswprintf
_o__initialize_narrow_environment
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcsncmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObject
InitializeCriticalSectionEx
ResetEvent
WaitForSingleObjectEx
OpenSemaphoreW
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseSRWLockShared
ReleaseMutex
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW
CreateSemaphoreExW
CreateEventExW
SetEvent
AcquireSRWLockExclusive
LeaveCriticalSection
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetProcessId
TlsFree
GetCurrentProcessId
OpenProcessToken
TerminateProcess
GetCurrentProcess
OpenThreadToken
TlsSetValue
CreateProcessAsUserW
TlsAlloc
OpenThread
TlsGetValue
SuspendThread
SetThreadToken
ProcessIdToSessionId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

rpcrt4

CStdStubBuffer_QueryInterface
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_Invoke
NdrOleAllocate
NdrCStdStubBuffer2_Release
NdrStubCall3
Ndr64AsyncClientCall
RpcBindingFree
RpcAsyncCancelCall
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcBindingFromStringBindingW
IUnknown_AddRef_Proxy
RpcAsyncInitializeHandle
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_Release_Proxy

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventProviderEnabled
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce

api-ms-win-core-com-midlproxystub-l1-1-0

NdrProxyForwardingFunction4
CStdStubBuffer2_Disconnect
NdrProxyForwardingFunction5
ObjectStublessClient3
NdrProxyForwardingFunction3
CStdStubBuffer2_Connect
CStdStubBuffer2_QueryInterface
ObjectStublessClient6
CStdStubBuffer2_CountRefs

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegGetValueW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegOpenCurrentUser
RegSetValueExW
RegOpenKeyExW

ntdll

RtlUpcaseUnicodeChar
RtlValidSid
NtOpenKeyTransactedEx
NtRenameKey
NtCreateKey
NtSetInformationKey
NtQueryInformationFile
NtDuplicateObject
NtQueryAttributesFile
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
NtDeleteValueKey
NtQueryDirectoryFileEx
NtSetSecurityObject
NtNotifyChangeKey
NtDeleteFile
NtFlushKey
NtCreateKeyTransacted
NtSetInformationFile
NtNotifyChangeMultipleKeys
NtOpenKeyEx
NtOpenKey
NtEnumerateValueKey
NtEnumerateKey
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtDeleteKey
NtQueryMultipleValueKey
NtQueryKey
NtSetInformationJobObject
NtTerminateJobObject
NtMakeTemporaryObject
NtQueryDirectoryFile
NtCreateJobObject
NtCreateMutant
NtOpenMutant
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlDosPathNameToNtPathName_U_WithStatus
RtlCopySid
EtwEventUnregister
EtwEventWrite
NtSetValueKey
EtwEventRegister
NtOpenJobObject
NtQuerySecurityAttributesToken
NtOpenFile
RtlFindAceByType
RtlEqualSid
RtlGetLastNtStatus
NtQueryInformationProcess
RtlLengthSid
RtlFreeHeap
RtlAllocateHeap
NtWaitForMultipleObjects
PssNtFreeSnapshot
PssNtCaptureSnapshot
NtOpenProcess
NtAlpcSendWaitReceivePort
NtAlpcConnectPort
RtlAllocateAndInitializeSid
NtQuerySystemInformation
NtClose
NtWaitForSingleObject
NtOpenEvent
EtwEventWriteNoRegistration
ZwUpdateWnfStateData
ZwQueryWnfStateNameInformation
NtOpenKeyTransacted
NtQueryValueKey
RtlDeriveCapabilitySidsFromName
wcsstr
NtCreateFile
RtlInitUnicodeString
NtQueryFullAttributesFile
RtlExpandEnvironmentStrings
NtQueryObject
RtlQueryEnvironmentVariable
RtlQueryResourcePolicy
RtlRunOnceComplete
RtlWow64IsWowGuestMachineSupported
RtlNtStatusToDosError
RtlFreeSid
RtlAdjustPrivilege
NtTerminateProcess
RtlCreateServiceSid
NtDuplicateToken
NtQueryInformationToken
RtlRunOnceExecuteOnce
RtlRunOnceBeginInitialize
NtQuerySecurityObject
RtlSleepConditionVariableSRW
RtlWakeAllConditionVariable
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive

api-ms-win-security-base-private-l1-1-1

CreateAppContainerToken

api-ms-win-core-file-l1-1-0

GetVolumePathNameW
CreateFileW
GetFileSizeEx
SetFileInformationByHandle
WriteFile
ReadFile
FlushFileBuffers
SetFileAttributesW
CreateDirectoryW
FindClose
GetVolumeInformationW
FindFirstFileW
GetFileInformationByHandle
GetFileAttributesW
DeleteFileW
RemoveDirectoryW
GetFinalPathNameByHandleW
GetLongPathNameW
FindNextFileW
FindFirstFileExW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

fltlib

FilterInstanceCreate
FilterInstanceClose
FilterConnectCommunicationPort
FilterAttach
FilterLoad
FilterSendMessage

profapi

ord102
ord101

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathAllocCombine
PathAllocCanonicalize
PathIsUNCEx
PathCchRemoveBackslash

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-console-l1-2-0

AttachConsole
FreeConsole

api-ms-win-core-console-l2-1-0

GenerateConsoleCtrlEvent

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW
PathUnExpandEnvStringsW

api-ms-win-core-wow64-l1-1-0

Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection

api-ms-win-core-job-l2-1-0

AssignProcessToJobObject

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrIsIntlEqualW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-windowserrorreporting-l1-1-0

GetApplicationRestartSettings

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-psm-key-l1-1-0

PsmGetApplicationNameFromKey
PsmGetPackageFullNameFromKey

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentDirectoryA

api-ms-win-core-io-l1-1-0

DeviceIoControl

container

?CreateContainer@container@@YAXPEAXAEBUContainer@DefinitionFile@1@_N0@Z
WcRegisterForContainerTerminationNotification
WcCleanupContainer
WcIsContainerQuiescent
WcGetContainerIdentifier
WcReleaseContainerTerminationNotification
?GetContainerIdentifierString@container@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PEAX@Z
WcGetComRegistryRoot

api-ms-win-appmodel-identity-l1-2-0

AppContainerDeriveSidFromMoniker

api-ms-win-appmodel-state-l1-2-0

GetStateFolder
GetSecureSystemAppDataFolder
GetSystemAppDataFolder
GetPublisherRootFolder
OpenStateExplicit
CloseState

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

msvcp_win

?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPEADK@Z
_Make_dir
_File_size
_Remove_dir
_Unlink
_Stat
_Lstat
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Open_dir
_Read_dir
_Close_dir
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?_Xout_of_range@std@@YAXPEBD@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Xtime_get_ticks
_Query_perf_frequency
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Query_perf_counter
_Thrd_yield
_Thrd_sleep
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

appxdeploymentclient

ord68

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

AddLookaside
AddProcessToHeliumContainer
CheckAppXPackageBreakaway
CheckApplicationInCurrentPackage
CloseAppExecutionAlias
CloseJitvSilo
CompleteAppExecutionAliasProcessCreation
CreateAppExecutionAlias
CreateDesktopAppXActivationInfo
CreateDesktopAppXLocalCacheStructure
CreateDesktopAppXTombstoneFile
CreateJitvSilo
CurrentThreadIsInVirtualizationContext
DetokenizeDesktopAppXOfflineRegistry
DisableDesktopAppXDebuggingForPackage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DoesPackageHaveElevationCapability
DoesPackageHaveUIAccessCapability
DoesPluginSupportCentennial
EnableDesktopAppXDebuggingForPackage
EnsureDesktopAppXPackageShutdown
EnterPackageVirtualizationContext
FreeAppExecutionAliasInfo
FreeAppExecutionAliasInfoWithLicenseRundown
FreeDesktopAppXActivationInfo
FreeDesktopAppXLaunchContext
GetAppExecutionAliasApplicationUserModelId
GetAppExecutionAliasExecutable
GetAppExecutionAliasPackageFamilyName
GetAppExecutionAliasPackageFullName
GetApplicationExecutableRelativePath
GetDesktopAppXComRootHandle
LeavePackageVirtualizationContext
LoadAppExecutionAliasInfo
MigrateWritablePackageRootData
OpenAppExecutionAlias
OpenAppExecutionAliasForUser
PerformAppxLicenseRundown
PersistAppExecutionAliasToFile
PostCreateProcessDesktopAppXActivation
PrepareDesktopAppXActivation
RegisterDesktopAppXPackageFamily
RegisterDesktopAppXPackageFamilyIfNecessary
RemoveDesktopAppXMetadataForFolder
RemoveLookaside
SetDesktopAppXMetadataForFolder
SetDesktopAppXMetadataForPackage
TryActivateDesktopAppXApplication
VerifyFileIsTrustedAndInPackage

Sections

.text
Size: 485KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
container/dmocx.dll
.dll regsvr32 windows:10 windows x64 arch:x64

6020c9f354c981442f997752d2d0a233

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dmocx.pdb

Imports

mfc42u

ord4082
ord3534
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord6053
ord5711
ord5730
ord5065
ord4368
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord6440
ord4365
ord1778
ord5663
ord5586
ord4694
ord5712
ord4017
ord5229
ord4789
ord2670
ord2060
ord6814
ord3933
ord5484
ord1736
ord5683
ord2457
ord2140
ord5699
ord493
ord971
ord6886
ord1875
ord4276
ord2754
ord2757
ord2756
ord4573
ord2488
ord2712
ord1473
ord1510
ord1527
ord455
ord949
ord4209
ord2550
ord2546
ord5353
ord4609
ord4853
ord4808
ord5106
ord5473
ord2393
ord4752
ord6175
ord4985
ord4372
ord3165
ord3053
ord4816
ord3363
ord3244
ord3050
ord6807
ord2398
ord3020
ord4895
ord3537
ord2491
ord4077
ord5399
ord4761
ord5416
ord4962
ord4754
ord5110
ord5113
ord5111
ord4697
ord4702
ord4713
ord4941
ord5475
ord4997
ord4998
ord5011
ord5157
ord4695
ord5004
ord5017
ord5434
ord5056
ord5010
ord5031
ord5032
ord5033
ord5307
ord5308
ord5024
ord5339
ord5334
ord5329
ord5395
ord4951
ord4874
ord4904
ord5302
ord5012
ord5143
ord5025
ord5026
ord5978
ord3069
ord2917
ord5074
ord5072
ord5572
ord4121
ord3019
ord5629
ord1964
ord2159
ord6380
ord5322
ord5248
ord2181
ord6011
ord5000
ord5054
ord4683
ord1345
ord5946
ord1701
ord2450
ord3692
ord3850
ord3484
ord3384
ord5868
ord4822
ord6800
ord3447
ord6799
ord1427
ord1426
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord4083
ord3164
ord4371
ord4983
ord4770
ord3837
ord1530
ord6787
ord2408
ord1463
ord1517
ord1574
ord286
ord287
ord2751
ord4213
ord1063
ord659
ord5385
ord6887

msvcrt

_XcptFilter
__dllonexit
_amsg_exit
free
malloc
_initterm
__C_specific_handler
_lock
__CxxFrameHandler3
_unlock
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ

kernel32

DeactivateActCtx
ReleaseActCtx
CreateActCtxW
LocalAlloc
LocalFree
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ActivateActCtx

user32

ClientToScreen
GetKeyState
GetMessagePos
InvalidateRect
ScreenToClient
SendMessageW
SetProcessDPIAware
EnableWindow

oleaut32

LoadRegTypeLi

oleacc

CreateStdAccessibleProxyW
LresultFromObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
els/els.dll
.dll regsvr32 windows:10 windows x64 arch:x64

a26a8976f1eb6d8517d153ff05635a24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

els.pdb

Imports

msvcrt

swprintf_s
wcschr
_wcsupr
wcsncpy_s
_wcsicmp
_vsnwprintf
__C_specific_handler
wcscpy_s
_wcsnicmp
free
malloc
__CxxFrameHandler3
_snwprintf_s
wcscat_s
qsort
_wcslwr
wcsspn
_vsnwprintf_s
towlower
wcsncmp
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memcmp
wcstoul
wcspbrk
wcsstr
_itow
??_V@YAXPEAX@Z
_purecall
??3@YAXPEAX@Z
_callnewh
wcsrchr
_ultow
memset

ntdll

RtlSecondsSince1970ToTime
RtlLengthSid
RtlTimeToSecondsSince1970
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

advapi32

RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegConnectRegistryW
RegCreateKeyExW
IsValidSid
ReadEventLogW
OpenEventLogW
OpenBackupEventLogW
RegSetValueExW
GetNumberOfEventLogRecords
CloseEventLog
ClearEventLogW
BackupEventLogW
ConvertStringSidToSidW
GetLengthSid
LookupAccountSidW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegQueryValueExW
GetOldestEventLogRecord
EqualSid

kernel32

GetCommandLineW
LocalFileTimeToFileTime
GetSystemDirectoryW
CloseHandle
CreateThread
GetLocalTime
GetWindowsDirectoryW
WideCharToMultiByte
HeapFree
GetProcessHeap
HeapAlloc
GetTimeZoneInformation
DisableThreadLibraryCalls
LeaveCriticalSection
DeleteFileW
DeleteCriticalSection
GetCurrentThreadId
GetComputerNameW
LoadLibraryExW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetFileAttributesExW
WriteFile
GetFileSize
GetDateFormatW
GetTimeFormatW
FileTimeToLocalFileTime
GetDriveTypeW
FileTimeToSystemTime
EnterCriticalSection
SystemTimeToFileTime
CreateFileW
QueryPerformanceCounter
GetLastError
lstrcmpiW
lstrlenW
LocalFree
lstrcmpW
ExpandEnvironmentStringsW
FormatMessageW
FreeLibrary
SetLastError
DeactivateActCtx
LoadLibraryW
GetProcAddress
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
GlobalFree
GetSystemWindowsDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoW
LocalAlloc
GetTickCount
InitializeCriticalSection

user32

GetDlgItemInt
EnumThreadWindows
GetClassNameW
IsWindowEnabled
WinHelpW
DefWindowProcW
CreateWindowExW
LoadIconW
LoadBitmapW
LoadImageW
SetForegroundWindow
RegisterClipboardFormatW
SendMessageW
GetDlgItem
SetWindowPos
GetParent
FindWindowExW
SetWindowLongPtrW
GetWindowTextW
SetWindowTextW
GetDlgItemTextW
LoadCursorW
SetCursor
DestroyIcon
GetSysColor
CheckRadioButton
GetWindowRect
GetDC
ReleaseDC
GetSystemMetrics
EnableWindow
PostMessageW
OpenClipboard
EmptyClipboard
IsDlgButtonChecked
SetClipboardData
CloseClipboard
ShowWindow
SetDlgItemTextW
GetFocus
SetFocus
RegisterClassW
DialogBoxParamW
CreateDialogParamW
GetWindowLongPtrW
DestroyWindow
GetClientRect
EndDialog
CharLowerBuffW
GetWindow
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
CheckDlgButton
PostQuitMessage
GetWindowTextLengthW
SetDlgItemInt
MessageBoxW
LoadStringW

gdi32

GetObjectW
GetTextMetricsW
SetMapMode
GetMapMode
DeleteObject
CreateFontIndirectW

ole32

ObjectStublessClient5
CoCreateInstance
ReleaseStgMedium
CoUninitialize
CoInitialize
IIDFromString
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
ObjectStublessClient7
ObjectStublessClient6
ObjectStublessClient4
ObjectStublessClient3

rpcrt4

CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy

netutils

NetpwNameValidate
NetpwNameCanonicalize
NetApiBufferFree

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

logoncli

DsGetDcNameW

srvcli

NetShareGetInfo

wkscli

NetWkstaGetInfo

shlwapi

wnsprintfW
PathCombineW
PathRemoveBlanksW

shell32

CommandLineToArgvW
ShellExecuteW

ntdsapi

DsFreeSchemaGuidMapW
DsMapSchemaGuidsW
DsFreeNameResultW
DsCrackNamesW
DsBindW
DsUnBindW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

activeds

ord9
ord20
ord15

mpr

WNetGetUniversalNameW

wintrust

WTGetSignatureInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
els/energy.dll
.dll windows:10 windows x64 arch:x64

5a6c1bb2d4cdfc861b6d3485be83e4ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

energy.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
__C_specific_handler
_errno
_initterm
_amsg_exit
wcsnlen
floor
??1type_info@@UEAA@XZ
setlocale
__crtLCMapStringW
memmove
_XcptFilter
__uncaught_exception
__pctype_func
memcmp
_CxxThrowException
__CxxFrameHandler3
wcstoul
_wcsicmp
___lc_handle_func
___lc_codepage_func
swprintf_s
iswprint
malloc
??0exception@@QEAA@AEBQEBDH@Z
_wcsnicmp
_vsnwprintf
calloc
memcpy
_onexit
___mb_cur_max_func
_wcsdup
_ismbblead
memset
abort
sprintf_s
free
?terminate@@YAXXZ
localeconv
__doserrno
_wfopen_s
fclose
fwprintf_s
toupper
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
strcspn
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
_wsetlocale
wcscmp

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-ole32-ie-l1-1-0

CoInitialize

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlCopySid
RtlVirtualUnwind
NtQueryWnfStateData
NtPowerInformation
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlGetPersistedStateLocation
RtlLengthSid

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventProviderEnabled
EventWriteTransfer
EventSetInformation
EventWrite
EventUnregister

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateEventW
WaitForSingleObject
DeleteCriticalSection

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
CreateFileW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetVersionExW
GetComputerNameExW
GetSystemTimeAsFileTime

rpcrt4

UuidCreate

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
LoadStringW
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapCreate
HeapFree
HeapDestroy
GetProcessHeap

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
CloseTrace
OpenTraceW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchAppend

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
TraceSetInformation
StartTraceW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-eventing-tdh-l1-1-0

TdhUnloadManifest
TdhGetProperty
TdhGetEventInformation
TdhGetPropertySize

powrprof

PowerReadACValueIndex
PowerReadDCValueIndex

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SysAllocString
VariantClear
GetErrorInfo
SysFreeString

Exports

Exports

EnergyWizard_Analyze
EnergyWizard_CancelTrace
EnergyWizard_CollectTrace
EnergyWizard_CreateEnergyWizard
EnergyWizard_DefaultTraceDuration
EnergyWizard_DestroyEnergyWizard
EnergyWizard_GetLogEntryCounts
EnergyWizard_SaveReport
EnergyWizard_SqmAnalysis
EnergyWizard_TransformReport
SaveBatteryReport
SaveSleepStudyReport
SaveSystemSleepDiagnosticsReport
SendScreenOnTelemetry
TransformBatteryReport
TransformSleepStudyReport
TransformSystemSleepDiagnosticsReport

Sections

.text
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
els/es.dll
.dll windows:10 windows x64 arch:x64

d90a7e6a66887fded147eb69c9d91983

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ES.pdb

Imports

msvcrt

_purecall
_itow_s
_wcsicmp
free
malloc
wcsstr
wcsrchr
towupper
wcsncmp
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_vsnwprintf
_onexit
sqrt
memset
memcpy
memcmp
exp
_local_unwind
__C_specific_handler
_resetstkoflw
iswdigit
iswalpha
iswalnum
_wcsnicmp
_beginthreadex
_vsnprintf
__CxxFrameHandler3
_waccess
wcscpy_s
_ultow
?terminate@@YAXXZ
wcscmp

ntdll

RtlAllocateHeap
RtlDelete
RtlSplay
RtlDllShutdownInProgress
RtlDeleteCriticalSection
RtlInitializeCriticalSectionAndSpinCount
RtlImageNtHeader
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryEvent
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenEvent
RtlApplicationVerifierStop
RtlCreateServiceSid

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
InitializeCriticalSection
CreateSemaphoreExW
CreateEventW
DeleteCriticalSection
SetEvent
ReleaseSemaphore
ResetEvent
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
OpenThreadToken
OpenProcessToken
GetCurrentThreadId
CreateProcessW
SetThreadStackGuarantee
GetCurrentThread
CreateThread
SetThreadPriority
GetExitCodeProcess
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64
GetLocalTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLCID

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibraryAndExitThread
GetModuleHandleExW
DisableThreadLibraryCalls
LockResource
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW
LoadStringW
LoadResource
FindResourceExW
FreeLibrary

api-ms-win-core-file-l1-1-0

DeleteFileW
GetFileAttributesW
SetFileAttributesW
FindNextFileW
FindFirstFileW
CreateDirectoryW
FindClose

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteTreeW
RegLoadKeyW
RegCreateKeyExW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegGetValueW
RegNotifyChangeKeyValue
RegDeleteValueW
RegUnLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
EqualSid

rpcrt4

I_RpcOpenClientProcess
I_RpcBindingInqTransportType
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
NdrStubForwardingFunction
CStdStubBuffer_Connect
IUnknown_AddRef_Proxy
CStdStubBuffer_IsIIDSupported
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_Disconnect
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
I_RpcBindingInqLocalClientPID

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
ObjectStublessClient10
ObjectStublessClient16
ObjectStublessClient19
CStdStubBuffer2_QueryInterface
ObjectStublessClient21
ObjectStublessClient5
ObjectStublessClient13
ObjectStublessClient7
CStdStubBuffer2_Disconnect
NdrProxyForwardingFunction6
ObjectStublessClient23
ObjectStublessClient15
ObjectStublessClient20
ObjectStublessClient17
ObjectStublessClient18
ObjectStublessClient27
ObjectStublessClient3
ObjectStublessClient22
NdrProxyForwardingFunction3
CStdStubBuffer2_Connect
CStdStubBuffer2_CountRefs
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient24
ObjectStublessClient4
ObjectStublessClient25
NdrProxyForwardingFunction8
NdrProxyForwardingFunction10
NdrProxyForwardingFunction9
NdrProxyForwardingFunction12
NdrProxyForwardingFunction7
ObjectStublessClient28
ObjectStublessClient26
NdrProxyForwardingFunction11

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
UnregisterWaitEx
ChangeTimerQueueTimer

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
LCEControlServer
NotifyLogoffUser
NotifyLogonUser
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
els/psisdecd.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b044249165197572d7896d48a9ea9a8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

psisdecd.pdb

Imports

msvcrt

??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
memcpy
memcmp
_vsnwprintf
_vsnprintf
ldiv
swprintf_s
wcscpy_s
wcscat_s
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
memset
wcsstr
wcschr
_stricmp
gmtime
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
tolower
isupper
mktime
memcpy_s
wcstol
malloc
free
_purecall
realloc
__C_specific_handler
memmove_s
__CxxFrameHandler3
wcscmp

winmm

timeGetTime

kernel32

GetSystemTime
HeapFree
HeapAlloc
GetProcessHeap
WriteFile
GetTempPathW
CreateFileW
GetLocalTime
ExpandEnvironmentStringsW
LoadLibraryW
MoveFileExW
GetLocaleInfoEx
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
VirtualProtect
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
InitializeCriticalSection
GetTickCount64
GetSystemInfo
DeleteCriticalSection
VirtualQuery
CreateMutexW
WaitForSingleObject
LocalAlloc
ReleaseMutex
GetLastError
LockResource
CloseHandle
LoadResource
FindResourceW
LocalFree
SystemTimeToFileTime
GetModuleHandleW
GetTickCount
WaitForMultipleObjects
CreateEventW
SetEvent
CreateThread
ResetEvent
SizeofResource
lstrcpynW
GetModuleFileNameW
MultiByteToWideChar
DisableThreadLibraryCalls
FindResourceExW
HeapDestroy
GetProcAddress
FreeLibrary
lstrcpyW
lstrcmpiW
LoadLibraryExW
lstrlenA
WideCharToMultiByte

advapi32

RegQueryValueExW
RegCloseKey
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW

user32

PostThreadMessageW
RegisterWindowMessageW
CharNextW
CharPrevW
PeekMessageW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc

oleaut32

SysAllocStringLen
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringLen
VariantChangeType
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantClear
SysFreeString
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
neth/NetSetupShim.dll
.dll windows:10 windows x64 arch:x64

6a5b336f3a912d656f244e1f5572188e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NetSetupShim.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o_free
_o_malloc
_o_toupper
_o_towupper
_o_wcscpy_s
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
wcsrchr
wcsstr
wcschr
__std_terminate
__C_specific_handler
__CxxFrameHandler4
memcpy
memcmp

ntdll

NtDeleteKey
RtlGetVersion
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtClose
NtOpenKey
NtCreateKey
NtQueryValueKey
NtSetValueKey
NtDeleteValueKey
RtlUnicodeToMultiByteSize
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb
NtQueryInformationFile
NtSetInformationFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString
RtlCaptureStackBackTrace
EtwTraceMessage
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlReportException
RtlNtStatusToDosError

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExA
LoadLibraryExW
GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
SetEvent
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
SleepEx
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoInitializeEx
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoFreeUnusedLibraries
CoCreateInstance
IIDFromString
CoUninitialize

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetSystemWindowsDirectoryW
GetTickCount64
GetTickCount

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteTreeW

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-core-file-l1-1-0

WriteFile
FindClose
CreateDirectoryW
FindNextFileW
SetFileAttributesW
CreateFileW
GetFileAttributesW
FlushFileBuffers
GetFullPathNameW
GetFileSize
FindFirstFileW
SetFilePointer
FileTimeToLocalFileTime
DeleteFileW
SetEndOfFile
GetFileInformationByHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-devices-config-l1-1-0

CM_Open_DevNode_Key
CM_Get_Device_ID_ListW
CM_Get_DevNode_PropertyW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Get_Device_ID_List_SizeW
CM_Set_DevNode_PropertyW

rpcrt4

UuidCreate
RpcExceptionFilter
MesHandleFree
NdrMesTypeEncode3
RpcServerInterfaceGroupClose
RpcServerInterfaceGroupActivate
RpcServerInterfaceGroupCreateW
RpcServerInterfaceGroupDeactivate
NdrServerCallAll
NdrServerCall2
MesEncodeDynBufferHandleCreate

oleaut32

SysFreeString
VariantInit

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchCanonicalize
PathCchCombine

ws2_32

WSCUnInstallNameSpace
WSCInstallNameSpace
WSCInstallNameSpace32
WSCUnInstallNameSpace32

netsetupapi

NetSetupFreeObjects
NetSetupGetObjects
NetSetupSynchronizeDevices
NetSetupSerializeFilter
NetSetupFreeSerializedFilter
NetSetupFreeObjectProperties
NetSetupGetObjectPropertyKeys
NetSetupCommit
NetSetupGetObjectProperties
NetSetupDeleteObject
NetSetupRollback
NetSetupSetObjectProperties
NetSetupClose
NetSetupInitialize
NetSetupCreateObject

setupapi

SetupDiEnumDriverInfoW
SetupScanFileQueueW
SetupInstallFilesFromInfSectionW
SetupInitDefaultQueueCallbackEx
SetupOpenFileQueue
SetupInstallFromInfSectionW
SetupDefaultQueueCallbackW
SetupOpenAppendInfFileW
SetupInstallServicesFromInfSectionW
SetupCloseInfFile
SetupCloseFileQueue
SetupCommitFileQueueW
SetupTermDefaultQueueCallback
SetupDiDestroyDeviceInfoList
SetupDiGetActualSectionToInstallW
SetupCopyOEMInfW
SetupGetLineTextW
SetupDiGetClassDevsW
SetupDiRemoveDevice
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupGetStringFieldW
SetupGetIntField
SetupDiGetDriverInstallParamsW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiSetDeviceInstallParamsW
SetupDiCallClassInstaller
SetupDiGetSelectedDriverW
SetupDiSetDriverInstallParamsW
SetupDiBuildDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiDeleteDeviceInfo
SetupDiSelectBestCompatDrv
SetupDiGetDeviceInstallParamsW
pSetupGetIndirectStringsFromDriverInfo
SetupDiCreateDeviceInfoW
SetupFindFirstLineW
SetupFindNextLine
SetupOpenInfFileW

devrtl

DevRtlGetThreadLogToken
DevRtlSetThreadLogToken

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
QueryActCtxW
CreateActCtxW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-file-l2-1-0

CreateHardLinkW
MoveFileExW

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
NetSetupCreateBindingMap
NetSetupExportDatabase
NetSetupResetBindings
NetSetupShimExecuteInfSection

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
neth/PeerDistSh.dll
.dll windows:10 windows x64 arch:x64

85089929320dd2893956453cd4e6493a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

peerdistsh.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memset
wcsncmp
wcschr
_onexit
__dllonexit
_wcsnicmp
_unlock
_lock
__C_specific_handler
_initterm
_vsnwprintf
_amsg_exit
_XcptFilter
memcpy
memcmp
__CxxFrameHandler3
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
_callnewh
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
iswspace
_wcstoui64
_purecall
memmove
wcscmp

ntdll

EtwGetTraceLoggerHandle
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwEventActivityIdControl
EtwGetTraceEnableLevel
EtwTraceMessage

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

DeleteFileW
CreateDirectoryW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
SetThreadToken
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

shlwapi

PathIsDirectoryEmptyW
PathIsDirectoryW
PathCanonicalizeW

advapi32

OpenProcessToken
OpenThreadToken
GetNamedSecurityInfoW
RegOpenKeyTransactedW
GetExplicitEntriesFromAclW
SetEntriesInAclW
SetNamedSecurityInfoW

netsh.exe

MatchEnumTag
PreprocessCommand
RegisterContext
MatchToken
PrintMessage
PrintError
RegisterHelper
PrintMessageFromModule

kernel32

WideCharToMultiByte
HeapFree
SetLastError
GetProcessMitigationPolicy
DeleteTimerQueueEx
SubmitThreadpoolWork
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CreateThreadpoolWork
CloseThreadpoolWork
GetFullPathNameW
GetFileSizeEx
CreateFileW
RaiseFailFastException
SleepEx
RegSetKeySecurity
RegGetKeySecurity
RegDeleteTreeW
LocalAlloc
FindClose
RemoveDirectoryW
FindNextFileW
lstrcmpW
FindFirstFileExW
GetDiskFreeSpaceExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
SetEventWhenCallbackReturns
RegSetValueExW
GetTickCount64
RegGetValueW
RegNotifyChangeKeyValue
RegOpenKeyExW
WaitForMultipleObjectsEx
CreateThread
RegCloseKey
GetExitCodeThread
SetEvent
GetModuleHandleExW
HeapAlloc
GetProcessHeap
GetWindowsDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetCurrentThread
WriteFile
ReadFile
GetVolumePathNameW
GetVolumeInformationW
CompareStringW
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared

rpcrt4

NdrClientCall3
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorOwner
GetTokenInformation
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
GetSecurityDescriptorDacl
EqualSid
CreateWellKnownSid
GetAce
GetAclInformation
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidAcl
GetSecurityDescriptorControl

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptGetProperty
BCryptDestroyHash
BCryptCreateHash
BCryptGenerateSymmetricKey
BCryptHashData
BCryptFinishHash
BCryptEncrypt
BCryptDecrypt
BCryptOpenAlgorithmProvider

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
StartServiceW
OpenServiceW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
ChangeServiceConfigW
ChangeServiceConfig2W
QueryServiceConfigW
QueryServiceStatusEx

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-service-core-l1-1-1

EnumDependentServicesW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

profapi

ord104

api-ms-win-core-localization-private-l1-1-0

LoadStringByReference

Exports

Exports

InitHelperDll

Sections

.text
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
neth/neth.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
neth/sdohlp.dll
.dll regsvr32 windows:10 windows x64 arch:x64

3f11fe32166bcd81c630499ad66af23b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sdohlp.pdb

Imports

msvcrt

strcspn
sprintf_s
realloc
_strtoui64
_strtoi64
_errno
__crtLCMapStringA
___lc_codepage_func
___lc_handle_func
isupper
__pctype_func
_CxxThrowException
setlocale
??0bad_cast@@QEAA@PEBD@Z
fclose
fwrite
fgetpos
fseek
fsetpos
abort
fflush
wcstol
ungetwc
ungetc
fputwc
fgetc
___mb_cur_max_func
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
fgetwc
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
_wcsnicmp
localeconv
swprintf_s
_wcsicmp
?what@exception@@UEBAPEBDXZ
_purecall
islower
wcscat_s
wcscpy_s
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
_Gettnames
_Getdays
_Getmonths
_Strftime
isspace
tolower
___lc_collate_cp_func
__crtCompareStringA
__crtCompareStringW
memcpy
isalnum
isdigit
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
memchr
memcmp
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
memset
__mb_cur_max
__crtGetStringTypeW
__crtLCMapStringW
_wfsopen
wcschr
__CxxFrameHandler3
setvbuf
_wcsupr_s
wcsrchr
_wtol
_strnicmp
vsprintf_s
__uncaught_exception
__RTDynamicCast

iassvcs

IASGetProductLimits

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap
RtlImageNtHeader

advapi32

OpenSCManagerA
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegConnectRegistryW
OpenServiceA
QueryServiceStatusEx
CloseServiceHandle
RegQueryValueExW
RegCloseKey

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
OutputDebugStringA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoA
Sleep
LocalFree
WideCharToMultiByte
GetSystemInfo
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
FormatMessageW
ExpandEnvironmentStringsW
LoadLibraryExW
GetComputerNameExW
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
lstrlenA
SwitchToThread
TryEnterCriticalSection
lstrcmpW
LockResource
FindResourceW
LocalAlloc
SleepConditionVariableSRW

ole32

CoTaskMemFree
CoTaskMemAlloc
OleRun
CoCreateInstanceEx
CoGetClassObject
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc

oleaut32

VariantCopy
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SysFreeString
VarUI4FromStr
GetErrorInfo
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SafeArrayPutElement
SafeArrayGetElement
SysReAllocString
LoadRegTypeLi
SafeArrayCreate
SafeArrayDestroy
VariantClear
VariantInit
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
SafeArrayCreateVector

rtutils

TraceVprintfExA
TraceDeregisterW
TraceRegisterExW

user32

LoadStringW
UnregisterClassA
CharNextW

rpcrt4

UuidCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi
sud/StorSvc.dll
.dll windows:10 windows x64 arch:x64

e6229e3089a2a7d1aaee68aaa419557d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

StorSvc.pdb

Imports

msvcrt

strcspn
localeconv
sprintf_s
fflush
fclose
fputwc
ungetwc
fgetc
__mb_cur_max
fgetwc
fwrite
fgetpos
setvbuf
ungetc
time
_wcstoui64
_fseeki64
strtod
strtoul
wcstod
realloc
wcsnlen
towlower
calloc
vswprintf_s
_vscwprintf
wcsncmp
setlocale
__pctype_func
isupper
___lc_handle_func
___lc_codepage_func
___mb_cur_max_func
_ismbblead
islower
__uncaught_exception
wcsstr
fseek
_wfsopen
abort
memset
??0bad_cast@@QEAA@PEBD@Z
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
_wcslwr_s
memchr
memcmp
sqrt
_errno
swprintf_s
log10
?terminate@@YAXXZ
_wcslwr
??0bad_cast@@QEAA@AEBV0@@Z
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
??1bad_cast@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_wcsdup
_wtoi
_wcsupr_s
_i64toa_s
malloc
wcsrchr
free
wcschr
wcscpy_s
_wsplitpath_s
_wcsicmp
??_V@YAXPEAX@Z
memmove_s
wcstoul
_wcsnicmp
_purecall
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
wcsncat_s
exp
wcstol
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__CxxFrameHandler3
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
fsetpos
wcscmp

rpcrt4

I_RpcBindingInqLocalClientPID
RpcServerInqBindings
RpcEpRegisterW
RpcEpUnregister
RpcAsyncCompleteCall
RpcServerRegisterIf3
RpcServerTestCancel
RpcServerUseProtseqW
RpcServerUnregisterIfEx
RpcBindingVectorFree
RpcRevertToSelf
RpcImpersonateClient
Ndr64AsyncServerCallAll
NdrServerCall2
NdrServerCallAll
RpcServerUnregisterIf
NdrAsyncServerCall

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
LoadStringW
GetModuleHandleW
LoadResource
LockResource
FreeLibrary
FindResourceExW
LoadLibraryExW
GetProcAddress

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-com-l1-1-0

IIDFromString
CoInitializeEx
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoGetMalloc
CoWaitForMultipleHandles
CoCreateGuid

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateProcess
SetThreadToken
GetCurrentProcessId
TlsAlloc
TlsFree
OpenProcessToken
TlsSetValue
GetCurrentThreadId
OpenThreadToken
GetExitCodeThread
TlsGetValue
GetCurrentThread
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateEventExW
ReleaseSRWLockExclusive
AcquireSRWLockShared
DeleteCriticalSection
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSection
InitializeSRWLock
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
ResetEvent
EnterCriticalSection
CreateSemaphoreExW
CreateEventW
WaitForSingleObject
ReleaseSRWLockShared
SetEvent
CreateMutexW
CreateMutexExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
GetErrorMode
SetUnhandledExceptionFilter
RaiseException
SetErrorMode
UnhandledExceptionFilter
SetLastError

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SetThreadpoolWait
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl
EventUnregister
EventWriteString

api-ms-win-core-file-l1-1-0

FindNextFileW
ReadFile
FindNextVolumeW
QueryDosDeviceW
GetLogicalDrives
FindVolumeClose
GetFileSize
RemoveDirectoryW
GetVolumeInformationW
SetFilePointerEx
FindClose
FindFirstFileW
GetVolumeInformationByHandleW
FindFirstVolumeW
WriteFile
CreateFileW
GetFileAttributesW
FindFirstChangeNotificationW
FindCloseChangeNotification
GetDiskFreeSpaceW
FindNextChangeNotification
GetFileSizeEx
GetDiskFreeSpaceExW
SetFileInformationByHandle
GetVolumePathNameW
SetFileAttributesW
GetDriveTypeW
GetFinalPathNameByHandleW
DeleteVolumeMountPointW
CompareFileTime
FindFirstFileExW
DeleteFileW
CreateDirectoryW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegOpenCurrentUser
RegFlushKey
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue
RegDeleteValueW
RegGetValueW
RegQueryInfoKeyW
RegCloseKey

devobj

DevObjGetDeviceInterfaceDetail
DevObjOpenDeviceInterface
DevObjGetClassDevs
DevObjEnumDeviceInterfaces
DevObjDestroyDeviceInfoList
DevObjCreateDeviceInfoList

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

bcrypt

BCryptGenRandom

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
DuplicateToken
ImpersonateLoggedOnUser
CreateWellKnownSid
CheckTokenMembership
GetTokenInformation
AdjustTokenPrivileges
RevertToSelf

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetDriveNumberW
PathFindFileNameW
PathStripPathW
PathFileExistsW
PathFindExtensionW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoOriginateErrorW

api-ms-win-shcore-path-l1-1-0

ord172

ntdll

NtCreateFile
RtlNtStatusToDosError
NtFsControlFile
WinSqmIncrementDWORD
RtlImpersonateSelf
NtClose
NtOpenThreadTokenEx
NtSetInformationThread
NtOpenProcessTokenEx
NtAdjustPrivilegesToken
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
NtQueryInformationToken
NtQuerySystemInformation
RtlIsNonEmptyDirectoryReparsePointAllowed
RtlQueryWnfStateData
RtlInitializeCorrelationVector
NtQueryVolumeInformationFile
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIsMultiSessionSku
RtlCreateSystemVolumeInformationFolder
RtlGetPersistedStateLocation
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlGetDeviceFamilyInfoEnum
RtlSubscribeWnfStateChangeNotification
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlFreeHeap
RtlFreeSid
RtlAddAccessAllowedAce
RtlLengthSid
RtlAllocateAndInitializeSid
NtQueryWnfStateData
RtlPublishWnfStateData
RtlSetDaclSecurityDescriptor
RtlAllocateHeap

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetTickCount
GetSystemDirectoryW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W
ChangeServiceConfigW

fltlib

FilterAttach

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW
GetNamedSecurityInfoW

api-ms-win-devices-config-l1-1-1

CM_Get_Device_IDW
CM_Get_Device_Interface_PropertyW
CM_Register_Notification
CM_Unregister_Notification
CM_Get_Parent
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend
PathCchRemoveBackslash
PathAllocCanonicalize
PathAllocCombine
PathCchStripPrefix
PathCchRemoveFileSpec

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-realtime-l1-1-1

QueryInterruptTime

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegCreateKeyW

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime

oleaut32

SysAllocString
SysFreeString

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-security-capability-l1-1-0

RpcClientCapabilityCheck

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

bcd

BcdCloseObject
BcdOpenStoreFromFile
BcdCloseStore
BcdSetElementData
BcdOpenSystemStore
BcdOpenObject
BcdGetElementData

wer

WerStorePurge

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

winhttp

WinHttpCloseHandle

cabinet

ord45
ord35
ord30
ord43
ord40
ord33

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 674KB - Virtual size: 674KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sud/security.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

security.pdb

Exports

Exports

AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
AddSecurityPackageA
AddSecurityPackageW
ApplyControlToken
CompleteAuthToken
DecryptMessage
DeleteSecurityContext
DeleteSecurityPackageA
DeleteSecurityPackageW
EncryptMessage
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
ExportSecurityContext
FreeContextBuffer
FreeCredentialsHandle
ImpersonateSecurityContext
ImportSecurityContextA
ImportSecurityContextW
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
MakeSignature
QueryContextAttributesA
QueryContextAttributesW
QueryCredentialsAttributesA
QueryCredentialsAttributesW
QuerySecurityContextToken
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
SealMessage
UnsealMessage
VerifySignature

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sud/sppnp.dll
.dll windows:10 windows x64 arch:x64

6701f021b3c20d373c51755a736bbc37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sppnp.pdb

Imports

msvcrt

_vsnwprintf_s
swprintf_s
__CxxFrameHandler3
_vsnwprintf
?terminate@@YAXXZ
wcscpy_s
wcschr
toupper
_vsnprintf
_resetstkoflw
memcmp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
malloc
swscanf
__C_specific_handler
wcsrchr
_wcsnicmp
iswalpha
qsort
swscanf_s
_wcsicmp
wcsncpy_s
memset

ntdll

RtlFreeHeap
RtlAllocateHeap
DbgPrint
RtlAdjustPrivilege
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
RtlRaiseStatus
NtOpenKey
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
NtSetInformationFile
NtQueryInformationFile
RtlGetVersion
NtDeleteKey
DbgPrintEx
NtCreateKey
NtOpenKeyEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
RtlInitUnicodeString
NtUnloadKeyEx
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb
RtlInitUnicodeStringEx
NtClose
NtQueryWnfStateData

user32

GetPropW
SetWindowPos
IsWindowVisible
GetDC
DestroyWindow
FindWindowExW
DefWindowProcW
GetMessageW
GetWindowLongW
FillRect
LoadBitmapW
SendMessageW
CreateWindowExW
LoadStringW
GetSystemMetrics
SetWindowTextW
SetClassLongPtrW
NotifyWinEvent
RegisterClassExW
SetThreadDesktop
ShowWindow
DispatchMessageW
SetTimer
MapWindowPoints
SetFocus
SetPropW
TranslateMessage
GetWindowTextW
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
DrawTextW
GetClientRect
SetCursor

cfgmgr32

CM_Get_DevNode_Status
CMP_GetServerSideDeviceInstallFlags
CMP_WaitNoPendingInstallEvents
CM_MapCrToWin32Err
CM_Reenumerate_DevNode

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupUninstallOEMInfW
SetupGetInfPublishedNameW
SetupGetInfDriverStoreLocationW
SetupDiOpenDeviceInfoW
SetupVerifyInfFileW
SetupDiRemoveDevice
SetupDiSetDeviceInstallParamsW
SetupDiGetDevicePropertyW
SetupDiCallClassInstaller
SetupDiGetDeviceInfoListDetailW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsExW
SetupDiGetDeviceInstallParamsW
PnpEnumDrpFile
PnpRepairWindowsProtectedDriver
pSetupInfGetDigitalSignatureInfo
pSetupInfSetDigitalSignatureInfo
pSetupInfIsInbox
pSetupFree
SetupWriteTextLogError
SetupWriteTextLog
SetupSetNonInteractiveMode
SetupSetThreadLogToken
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupGetThreadLogToken

newdev

DiInstallDevice
DiInstallDriverW

oleaut32

SysAllocString
SysFreeString

wevtapi

EvtClearLog

wdscore

WdsInitialize
WdsTerminate
WdsSetupLogMessageW
ConstructPartialMsgVW
CurrentIP

drvstore

DriverStoreReflectCriticalW
DriverPackageGetVersionInfoW
DriverStoreSetLogContext
DriverStoreFindW
DriverPackageClose
DriverPackageOpenW
DriverStoreEnumW
DriverStoreEnumDeviceDriversW
DriverStoreOpenW
DriverStoreSetObjectPropertyW
DriverStoreGetObjectPropertyW
DriverStoreClose

api-ms-win-devices-query-l1-1-0

DevFreeObjects
DevGetObjects
DevSetObjectProperties

api-ms-win-core-registry-l1-1-0

RegUnLoadKeyW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteTreeW
RegEnumKeyExW
RegQueryValueExW
RegDeleteKeyExW
RegSetValueExW
RegLoadKeyW
RegCloseKey
RegNotifyChangeKeyValue

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThread
GetCurrentProcess
OpenProcessToken
OpenThreadToken
SetThreadToken
GetExitCodeProcess
CreateProcessW
GetExitCodeThread
CreateThread
QueueUserAPC
ExitProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

EqualSid
AdjustTokenPrivileges
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
GetKernelObjectSecurity
DuplicateTokenEx
GetSecurityDescriptorSacl

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-service-core-l1-1-2

GetServiceKeyNameW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetErrorMode
SetLastError

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
ReleaseMutex
CreateMutexW
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
SetEvent
OpenEventW
CreateEventW
WaitForSingleObject
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepEx

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-file-l1-1-0

SetEndOfFile
CreateFileW
SetFileAttributesW
GetFileInformationByHandle
SetFilePointer
FlushFileBuffers
GetFileSize
WriteFile
FileTimeToLocalFileTime
GetFullPathNameW
DeleteFileW
GetFileAttributesW
FindNextFileW
FindFirstFileW
CompareFileTime
FindClose
CreateDirectoryW

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv
FindResourceW
LoadLibraryW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW
GetNamedSecurityInfoW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleHandleExW
GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryExW
SizeofResource
LockResource

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageW
LCMapStringW
GetLocaleInfoW
GetThreadLocale

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime
GetVersionExW
GetLocalTime

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

IsDebuggerPresent
QueryFullProcessImageNameW
LocalFree
K32EnumProcesses
GetSystemDefaultUILanguage
FileTimeToSystemTime

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
CoUninitialize

gdi32

SetWorldTransform
SetTextAlign
SetMapMode
TextOutW
SetBrushOrgEx
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
StretchBlt
GetStockObject
GetDeviceCaps
GetTextAlign
GetTextExtentPoint32W
SetTextColor
SetBkMode
GetObjectW
SetBkColor
SetStretchBltMode
DeleteObject
CreateSolidBrush
CreateFontIndirectW
GdiAlphaBlend
AddFontMemResourceEx
CreateDIBitmap
GetTextMetricsW
SetGraphicsMode
SetLayout
RemoveFontMemResourceEx
DeleteDC
SetTextCharacterExtra

Exports

Exports

Sysprep_Generalize_Pnp
Sysprep_Generalize_Pnp_Drivers
Sysprep_Respecialize_Pnp
Sysprep_RunDll_PnpW
Sysprep_Specialize_Offline_Pnp
Sysprep_Specialize_Pnp

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sud/sud.dll
.dll regsvr32 windows:10 windows x64 arch:x64

181d2c12215fad899c0c4a65e72344bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sud.pdb

Imports

msvcrt

_XcptFilter
_vsnwprintf
malloc
_amsg_exit
_vsnprintf_s
_onexit
calloc
free
_initterm
_lock
_unlock
__dllonexit
__C_specific_handler
_get_errno
_set_errno
_wcsupr
memcmp
memcpy
_wcslwr
memmove_s
__CxxFrameHandler3
memcpy_s
memset

shell32

ord102
ShellExecuteW
ord71
ord848
ord155
SHGetStockIconInfo
SHBindToObject
ord25
ord18
SHParseDisplayName
ord764
ord727
SHCreateItemInKnownFolder
ShellExecuteExW
SHGetFileInfoW
ord859
ord4
ord2
ord704
ord866
Shell_GetCachedImageIndexW

shlwapi

ord487
ord156
ord618
ord24
ord514
ord197
ord219
ord174
ord204
ord256
ord615
ord437
ord158
ord199
ord176
AssocCreate
ord538
ord388
ord172
SHStrDupW
ord629
StrCmpIW
ord16
ord278
PathFindFileNameW
SHRegGetValueW
SHRegGetUSValueW
ord165
PathParseIconLocationW

uxtheme

SetWindowTheme
ord120
ord121

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FindResourceExW
LoadResource
LockResource
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW
LoadStringW
GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockShared
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
WaitForMultipleObjectsEx
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapDestroy
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapSize

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventEnabled
EventSetInformation
EventWrite
EventWriteTransfer
EventRegister
EventActivityIdControl

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegGetValueW
RegOpenKeyExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
PropVariantClear
CoWaitForMultipleHandles
CoTaskMemRealloc
CoGetMalloc
CoGetApartmentType

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

oleaut32

VariantClear

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

advapi32

RegEnumKeyW

advpack

RegInstallW

kernel32

lstrlenW
DeactivateActCtx
CreateActCtxW
ReleaseActCtx
ActivateActCtx

ntdll

EtwEventWriteTransfer
EtwLogTraceEvent
WinSqmAddToStream

ole32

CoAllowSetForegroundWindow

propsys

PSPropertyBag_WriteUnknown
PSPropertyBag_ReadStr

dui70

?SetContentAlign@Element@DirectUI@@QEAAJH@Z
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
?AddRef@XProvider@DirectUI@@UEAAKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1XProvider@DirectUI@@UEAA@XZ
??0XProvider@DirectUI@@QEAA@XZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
?GetAtom@Value@DirectUI@@QEAAGXZ
?Register@Element@DirectUI@@SAJXZ
?GetString@Value@DirectUI@@QEAAPEBGXZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetID@Element@DirectUI@@QEAAJPEBG@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?SetAccRole@Element@DirectUI@@QEAAJH@Z
?SetConstrainLayout@RichText@DirectUI@@QEAAJH@Z
UnInitThread
StartMessagePump
UnInitProcessPriv
InitThread
InitProcessPriv
?Create@RichText@DirectUI@@SAJPEAVElement@2@PEAKPEAPEAV32@@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHICON__@@_N11@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHBITMAP__@@EI_N11@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?GetEnabled@Element@DirectUI@@QEAA_NXZ
?IsContentProtected@Edit@DirectUI@@UEAA_NXZ
?GetMultiline@Edit@DirectUI@@QEAA_NXZ
?GetThemedBorder@Edit@DirectUI@@QEAA_NXZ
?SetMultiline@Edit@DirectUI@@QEAAJ_N@Z
?Initialize@Edit@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?CreateHWND@Edit@DirectUI@@MEAAPEAUHWND__@@PEAU3@_N@Z
?OnNotify@Edit@DirectUI@@UEAA_NI_K_JPEA_J@Z
?MessageCallback@Edit@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetContentSize@Edit@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnInput@Edit@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnPropertyChanged@Edit@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?Register@Edit@DirectUI@@SAJXZ
?CreateAccNameLabel@HWNDHost@DirectUI@@IEAAPEAUHWND__@@PEAU3@@Z
??1Edit@DirectUI@@UEAA@XZ
??0Edit@DirectUI@@QEAA@XZ
?GetClassInfoPtr@Edit@DirectUI@@SAPEAUIClassInfo@2@XZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?DefaultAction@CCBase@DirectUI@@UEAAJXZ
?PostCreate@CCBase@DirectUI@@MEAAXPEAUHWND__@@@Z
?Initialize@CCListView@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
??1CCListView@DirectUI@@UEAA@XZ
?OnReceivedDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnLostDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnCustomDraw@CCBase@DirectUI@@UEAA_NPEAUtagNMCUSTOMDRAWINFO@@PEA_J@Z
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?CreateHWND@CCBase@DirectUI@@UEAAPEAUHWND__@@PEAU3@@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UEAAHHHI@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?GetContentSize@CCListView@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?OnInput@CCBase@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnPropertyChanged@CCBase@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?Register@CCListView@DirectUI@@SAJXZ
?OnNotify@CCBase@DirectUI@@UEAA_NI_K_JPEA_J@Z
?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z
??0CCListView@DirectUI@@QEAA@XZ
?GetClassInfoPtr@CCListView@DirectUI@@SAPEAUIClassInfo@2@XZ
?Release@Value@DirectUI@@QEAAXXZ
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?GetID@Element@DirectUI@@QEAAGXZ
?GetSelected@Element@DirectUI@@QEAA_NXZ
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
??1Element@DirectUI@@UEAA@XZ
??0Element@DirectUI@@QEAA@XZ
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?GetContentStringAsDisplayed@Edit@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z

gdi32

DeleteObject
CreateDIBSection
DeleteDC
CreateCompatibleDC
GetObjectW
SelectObject
GdiAlphaBlend
StretchDIBits

user32

SendMessageW
GetSystemMetrics
DestroyIcon
GetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
DefWindowProcW
CreateWindowExW
PostMessageW
SetWindowLongW
CopyImage
CopyRect
ReleaseDC
GetDC
PostQuitMessage
SetCursor
LoadCursorW
TranslateMessage
EnumWindows
GetWindowBand
MsgWaitForMultipleObjectsEx
PeekMessageW
GetMonitorInfoW
DispatchMessageW
MonitorFromWindow
IsWindowVisible
GetWindowThreadProcessId
GetFocus
DestroyWindow

combase

ord65

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c864bd970b52b07ca184b7253e4fd3e9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

shell32

shlwapi

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ntdll

kernel32

user32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 120B

.rsrc Size: 54KB - Virtual size: 53KB

.reloc Size: 512B - Virtual size: 416B

6a5352d96ca8f01a406da8b89b3d2ac2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

iphlpapi

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 120B

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 512B - Virtual size: 416B

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 80B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB