_x64~x32_installer__[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

_x64~x32_installer__.zip
Size

32.8MB
MD5

ada9c9d995b5662860a106890dc1887d
SHA1

8e96aa10da9ccbd911ee7f0ea6f81d935efde6ab
SHA256

d150bb34c7d907bf6327cbc5980949bbf8313a01a0e94b508ff0bbc636d55e61
SHA512

02beb36f9bd914ad100cbf0c5e50dd9454fe524e99d9124d7b659e011f7896f3d0cc32c2d8a466c2fab60b65f7827fecf668631c15465978dae2bb30cb904a14
SSDEEP

786432:GQRiMI4pfPQlxFk6XZrcfcsrmL6qivoCrbAIPiFrjzJVy8nXDT:rRgJrsA6nXAIP8fFhXDT

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SSShim/CfgSPPolicy.dll
unpack001/SSShim/ChatApis.dll
unpack001/cmdial32/PrintRenderAPIHost.DLL
unpack001/cmdial32/cloudidsvc.dll
unpack001/cmdial32/cmdial32.dll
unpack001/cmdial32/puiapi.dll
unpack001/dcntel/DafDnsSd.dll
unpack001/dcntel/DuCsps.dll
unpack001/dcntel/kbdnecat.dll
unpack001/syssetup/SensorsApi.dll
unpack001/syssetup/sendmail.dll
unpack001/syssetup/syssetup.dll
unpack001/werconcpl/Websocket.dll
unpack001/werconcpl/imagesp1.dll
unpack001/werconcpl/ndishc.dll
unpack001/werconcpl/werconcpl.dll

Files

_x64~x32_installer__.zip
.zip
SSShim/CfgSPPolicy.dll
.dll windows:10 windows x64 arch:x64

80eaf2c2d135edb4fc663dba01ec8614

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CfgSPPolicy.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcsncmp
memset
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wtoi
_o__wtol
_o_free
_o_malloc
_o_memcpy_s
_o_toupper
_o_wcsncpy_s
_CxxThrowException
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
__C_specific_handler
__CxxFrameHandler4
__CxxFrameHandler3
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetProcAddress
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameA
LoadLibraryExA
FindResourceExW
LoadResource
SizeofResource
GetModuleFileNameW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

oleaut32

SysFreeString
VariantClear
VariantChangeType
VariantInit
VarUI4FromStr
SysAllocString

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceMessage
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableLevel

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
DeleteCriticalSection
OpenSemaphoreW
ReleaseMutex
WaitForSingleObject
ReleaseSRWLockExclusive
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW
InitializeCriticalSection
CreateMutexExW
LeaveCriticalSection

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CoTaskMemRealloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

rpcrt4

RpcStringFreeW
UuidFromStringW
UuidCreate
UuidToStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister
EventProviderEnabled

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-synch-l1-2-0

Sleep

ntdll

RtlReportException
RtlPublishWnfStateData

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

mobilenetworking

GetPersistentRegPath

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSShim/ChatApis.dll
.dll windows:10 windows x64 arch:x64

23dabdfa04c9eae397e6f604bfb219da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ChatApis.pdb

Imports

msvcrt

__CxxFrameHandler3
memmove
memcpy
memcmp
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
_vsnwprintf
tolower
_wtol
wcstok_s
_errno
_vsnwprintf_s
_wtoi
realloc
wcstoul
memmove_s
_purecall
wcsncpy_s
malloc
free
memcpy_s
__C_specific_handler
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleExW
FindResourceExW
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleFileNameA
GetModuleFileNameW
SizeofResource
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

CreateEventW
AcquireSRWLockExclusive
InitializeSRWLock
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
LeaveCriticalSection
DeleteCriticalSection
CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
ReleaseSRWLockShared
EnterCriticalSection
SetEvent
WaitForSingleObject
AcquireSRWLockShared
CreateEventExW
InitializeCriticalSection

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWait
FreeLibraryWhenCallbackReturns

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
SetThreadToken
GetCurrentProcessId
OpenProcessToken
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW

ntdll

RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

userdataplatformhelperutil

GetUserTokenFromContext
IsCommsSystemService
GenerateUserModeServiceName
GetUserContextFromHandle
RunServicesInProc
StartAndWaitForServiceForUser

systemeventsbrokerclient

SebCreateRcsEndUserMessageNotificationEvent
SebDeleteEvent
SebCreateChatNotificationEvent
SebCreateMessageInterceptNotificationEvent

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 539KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSShim/SSShim.dll
.dll windows:10 windows x64 arch:x64

103d099f6a96a899072e7dd0a93a9c5a

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:20:e0:b6:3d:7c:59:f4:bb:70:5d:56:96:8d:56:13:5d:3e:c0:c4:e5:3e:cc:ee:f2:80:fb:36:67:ed:4e:04
Signer

Actual PE Digest

73:20:e0:b6:3d:7c:59:f4:bb:70:5d:56:96:8d:56:13:5d:3e:c0:c4:e5:3e:cc:ee:f2:80:fb:36:67:ed:4e:04

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ssshim.pdb

Imports

ntdll

__C_specific_handler
LdrLockLoaderLock
LdrUnlockLoaderLock
NtQueryAttributesFile
RtlPcToFileHeader
NtOpenKey
NtQueryValueKey
LdrLoadDll
LdrUnloadDll
NtQueryPerformanceCounter
NtClose
RtlAllocateHeap
RtlFreeHeap
RtlRaiseStatus
NtOpenFile
NtQueryDirectoryFile
NtCreateFile
NtQueryInformationFile
NtReadFile
NtWriteFile
NtSetInformationFile
RtlRaiseException
NtQueryObject
NtQueryInformationProcess
NtOpenProcess
NtDelayExecution
RtlInitString
LdrGetProcedureAddress
RtlQueryEnvironmentVariable_U
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlDowncaseUnicodeChar
RtlUpcaseUnicodeChar
DbgPrintEx
RtlReAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlTimeToTimeFields
RtlDeleteCriticalSection
RtlEnterCriticalSection
strncmp
RtlInitializeCriticalSection
RtlLeaveCriticalSection
_snprintf_s
LdrGetDllHandle
RtlDosPathNameToNtPathName_U
wcstoul
DbgPrint
RtlCreateUnicodeStringFromAsciiz
NtQuerySystemTime
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
memmove
memcmp
memcpy
memset

Exports

Exports

SssBindServicingStack
SssGetServicingStackFilePath
SssGetServicingStackFilePathLength
SssPreloadDownlevelDependencies
SssReleaseServicingStack

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SSShim/computecore.dll
.dll windows:10 windows x64 arch:x64

b0142740cb888552373f0d8249a48ecc

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:00:74:6e:24:67:25:be:9b:b2:14:c8:e8:0c:c2:87:14:a5:91:b4:b2:10:0b:5c:11:7b:75:f7:b4:cc:3d:6f
Signer

Actual PE Digest

be:00:74:6e:24:67:25:be:9b:b2:14:c8:e8:0c:c2:87:14:a5:91:b4:b2:10:0b:5c:11:7b:75:f7:b4:cc:3d:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

computecore.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__isctype
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
memmove
_o__wcsicmp
_o__wcstoi64
_o__wcstoui64
_o__wtof
_o__wtoi64
_o_abort
_o_free
_o_isalnum
_o_isdigit
_o_ispunct
_o_iswalpha
_o_iswascii
_o_iswspace
_o_malloc
_o_strcpy_s
_o_terminate
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstoul
_o_wcstoull
__CxxFrameHandler3
_CxxThrowException
_o__errno
wcsstr
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
__std_terminate
__C_specific_handler
_o__execute_onexit_table
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

kernelbase

LocalReAlloc
Sleep
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
SetEvent
CreateSemaphoreExW
ReleaseSemaphore
ResetEvent
CreateEventW
CreateEventExW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
WakeByAddressAll
InitOnceBeginInitialize
WaitOnAddress
InitOnceComplete
InitializeConditionVariable

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlPcToFileHeader
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-eventing-provider-l1-1-0

EventWriteEx
EventUnregister
EventActivityIdControl
EventEnabled
EventSetInformation
EventRegister
EventWriteTransfer
EventWrite

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegCloseKey

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCancelCall
CoCreateInstance
CoTaskMemAlloc
CoEnableCallCancellation
CoDisableCallCancellation

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CreateThreadpoolWait
CreateThreadpoolWork
CallbackMayRunLong
CreateThreadpoolTimer
SetThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork

rpcrt4

RpcBindingBind
RpcBindingCreateW
RpcBindingFree
RpcExceptionFilter
UuidFromStringW
UuidCreate
NdrClientCall3

api-ms-win-core-file-l1-1-0

LockFileEx
GetDiskFreeSpaceW
UnlockFileEx
CompareFileTime
ReadFile
WriteFile
CreateFileW
GetFileTime
FlushFileBuffers
GetFinalPathNameByHandleW
GetFileSizeEx
CreateDirectoryW
SetFilePointerEx
SetEndOfFile
GetFileAttributesW
DeleteFileW
SetFileTime
GetFileInformationByHandle

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCServerShareW
PathIsRelativeW
PathIsUNCServerW
PathRemoveFileSpecW
PathSkipRootW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
GetSidSubAuthority
GetSidLengthRequired
InitializeSid
CheckTokenMembership
CopySid
GetLengthSid
CreateWellKnownSid

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo

ntdll

RtlFreeHeap
NtOpenJobObject
RtlInitUnicodeString
RtlAllocateHeap
RtlDosPathNameToNtPathName_U_WithStatus
NtCreateFile
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlInitUnicodeStringEx
RtlDosPathNameToRelativeNtPathName_U_WithStatus

api-ms-win-core-path-l1-1-0

PathCchAddBackslash
PathCchRemoveFileSpec

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-io-l1-1-0

CancelIoEx
DeviceIoControl
GetOverlappedResult

api-ms-win-core-io-l1-1-1

GetOverlappedResultEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

combase

ord139

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

HcsCancelOperation
HcsCloseComputeSystem
HcsCloseOperation
HcsCloseProcess
HcsCrashComputeSystem
HcsCreateComputeSystem
HcsCreateComputeSystemInNamespace
HcsCreateEmptyGuestStateFile
HcsCreateEmptyRuntimeStateFile
HcsCreateOperation
HcsCreateProcess
HcsEnumerateComputeSystems
HcsEnumerateComputeSystemsInNamespace
HcsEnumerateVmWorkerProcesses
HcsFindVmWorkerProcesses
HcsGetComputeSystemFromOperation
HcsGetComputeSystemProperties
HcsGetOperationContext
HcsGetOperationId
HcsGetOperationResult
HcsGetOperationResultAndProcessInfo
HcsGetOperationType
HcsGetProcessFromOperation
HcsGetProcessInfo
HcsGetProcessProperties
HcsGetServiceProperties
HcsGetWorkerProcessJob
HcsGrantVmAccess
HcsGrantVmGroupAccess
HcsModifyComputeSystem
HcsModifyProcess
HcsModifyServiceSettings
HcsOpenComputeSystem
HcsOpenComputeSystemInNamespace
HcsOpenProcess
HcsPauseComputeSystem
HcsResumeComputeSystem
HcsRevokeVmAccess
HcsRevokeVmGroupAccess
HcsSaveComputeSystem
HcsSetComputeSystemCallback
HcsSetOperationCallback
HcsSetOperationContext
HcsSetProcessCallback
HcsShutDownComputeSystem
HcsSignalProcess
HcsStartComputeSystem
HcsStartVmWorkerProcess
HcsSubmitWerReport
HcsTerminateComputeSystem
HcsTerminateProcess
HcsWaitForOperationResult
HcsWaitForOperationResultAndProcessInfo

Sections

.text
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmdial32/PrintRenderAPIHost.DLL
.dll windows:10 windows x64 arch:x64

00202e18c25d204fecd335b14acd0768

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PrintRenderAPIHost.pdb

Imports

msvcrt

??_V@YAXPEAX@Z
??8type_info@@QEBAHAEBV0@@Z
_vsnprintf_s
_itoa_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
strnlen
_vsnprintf
rand_s
??1exception@@UEAA@XZ
sprintf_s
_lock
malloc
_purecall
_unlock
__dllonexit
__CxxFrameHandler3
?terminate@@YAXXZ
_onexit
??1type_info@@UEAA@XZ
sqrt
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??3@YAXPEAX@Z
memcpy_s
??0exception@@QEAA@AEBQEBDH@Z
sinf
?what@exception@@UEBAPEBDXZ
_CxxThrowException
sin
__C_specific_handler
_initterm
free
powf
memset
_XcptFilter
memcpy
memmove
_vsnwprintf
_amsg_exit
__RTDynamicCast
atan
atanf
ceilf
cos
cosf
floorf
fmodf
memchr
memcmp
sqrtf

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreExW
CreateMutexExW
WaitForSingleObject
InitializeCriticalSectionEx
EnterCriticalSection
OpenSemaphoreW
LeaveCriticalSection
ReleaseMutex
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize
SleepConditionVariableSRW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetTickCount

d3d11

D3D11CreateDevice

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeExW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-normalization-l1-1-0

NormalizeString
IsNormalizedString

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

d2d1

ord5
ord1

dwrite

DWriteCreateFactory

Exports

Exports

CreatePDFFactory
CreateXPSToPDFConverter
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmdial32/cloudidsvc.dll
.dll windows:10 windows x64 arch:x64

8f4ffed426eca6d1999540006e058423

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CloudIdSvc.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__crt_atexit
memmove
_o_free
_o_malloc
_o_rand
_o_srand
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

combase

ord69
ord66
ord68
ord67

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoDisconnectContext
CoResumeClassObjects
CoDecrementMTAUsage
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoRevokeClassObject
CoInitializeSecurity
StringFromGUID2
CoCreateGuid
CLSIDFromString

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseSRWLockExclusive
CreateEventW
ReleaseSRWLockShared
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseSemaphore
SetEvent
CreateMutexExW
AcquireSRWLockExclusive
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoInitialize
RoRegisterActivationFactories
RoGetActivationFactory
RoUninitialize

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-legacy-l1-1-0

ChangeTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueTimer
CreateTimerQueueTimer

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlPublishWnfStateData
NtCreateRegistryTransaction
NtCommitRegistryTransaction
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumValueW
RegGetValueW
RegSetValueExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpSendRequest

api-ms-win-service-core-l1-1-3

GetServiceRegistryStateKey

api-ms-win-core-registry-l2-1-0

RegOpenKeyTransactedW
RegCreateKeyTransactedW

kernel32

DeleteTimerQueue

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

oleaut32

SysFreeString

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

ServiceMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmdial32/cmdial32.dll
.dll windows:10 windows x64 arch:x64

5a76f530b05c544b812d185c49b7300d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cmdial32.pdb

Imports

msvcrt

_XcptFilter
_amsg_exit
malloc
memcpy
memset
memmove
wcsrchr
free
iswalpha
wcspbrk
_vsnprintf
__C_specific_handler
_vsnwprintf
_initterm
wcsstr

cmpbk32

PhoneBookUnload
PhoneBookGetPhoneDispA
PhoneBookGetPhoneNonCanonicalA
PhoneBookFreeFilter
PhoneBookGetCurrentCountryId
PhoneBookLoad
PhoneBookGetCountryId
PhoneBookGetPhoneType
PhoneBookGetCountryNameW
PhoneBookHasPhoneType
PhoneBookEnumCountries
PhoneBookGetPhoneCanonicalA
PhoneBookGetPhoneDUNA
PhoneBookEnumNumbers
PhoneBookParseInfoA
PhoneBookEnumNumbersWithRegionsZero
PhoneBookGetCountryNameA
PhoneBookEnumRegions
PhoneBookMatchFilter
PhoneBookGetPhoneDescA
PhoneBookCopyFilter
PhoneBookGetRegionNameA

cmutil

?SetHInst@CIniW@@QEAAXPEAUHINSTANCE__@@@Z
?Clear@CIniW@@QEAAXXZ
CmStripFileNameW
CmEndOfStrW
SzToWzWithAlloc
CmIsSpaceW
CmStrCpyAllocA
?SetEntry@CIniW@@QEAAXPEBG@Z
CmStrtokW
?SetFile@CIniW@@QEAAXPEBG@Z
CmMalloc
CmConvertStrToIPv6AddrW
CmStrStrW
GetOSVersion
?Log@CmLogFile@@QEAAXW4_CMLOG_ITEM@@ZZ
CmCompareStringW
CmStrchrW
?GPPI@CIniW@@QEBAKPEBG0K@Z
?GPPS@CIniW@@QEBAPEAGPEBG00@Z
?GetFile@CIniW@@QEBAPEBGXZ
IsLogonAsSystem
WzToSzWithAlloc
CmStrrchrW
CmFree
CmStrCatAllocA
CmStrCpyAllocW
CmStrCatAllocW
CmStrTrimW
GetOSMajorVersion
CmConvertRelativePathW
CmFmtMsgW
CmLoadStringW
GetOSBuildNumber
CmLoadIconW
CmParsePathW
?DeInit@CmLogFile@@QEAAJXZ
?GetSection@CIniW@@QEBAPEBGXZ
?LoadSection@CIniW@@QEBAPEAGPEBG@Z
?WPPB@CIniW@@QEAAXPEBG0H@Z
?WPPI@CIniW@@QEAAXPEBG0K@Z
?WPPS@CIniW@@QEAAXPEBG00@Z
?GPPB@CIniW@@QEBAHPEBG0H@Z
?GetRegPath@CIniW@@QEBAPEBGXZ
?GetHInst@CIniW@@QEBAPEAUHINSTANCE__@@XZ
?SetWriteICSData@CIniW@@QEAAXH@Z
?SetReadICSData@CIniW@@QEAAXH@Z
?SetICSDataPath@CIniW@@QEAAXPEBG@Z
?SetPrimaryRegPath@CIniW@@QEAAXPEBG@Z
?SetRegPath@CIniW@@QEAAXPEBG@Z
?SetSection@CIniW@@QEAAXPEBG@Z
?SetEntryFromIdx@CIniW@@QEAAXK@Z
??1CIniW@@QEAA@XZ
??0CIniW@@QEAA@PEAUHINSTANCE__@@PEBG111@Z
CmLoadSmallIconW
CmBuildFullPathFromRelativeW
CmRealloc
CmAtolW
CmIsDigitW
?Clear@CmLogFile@@QEAAXH@Z
?Stop@CmLogFile@@QEAAJXZ
?Start@CmLogFile@@QEAAJH@Z
?SetParams@CmLogFile@@QEAAJHKPEBG@Z
CmStrCharStuffingW
CmLoadImageW
?Init@CmLogFile@@QEAAJPEAUHINSTANCE__@@HPEBG@Z
CmStripPathAndExtW
WzToSz
?SetPrimaryFile@CIniW@@QEAAXPEBG@Z

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
OpenProcessToken
RegCreateKeyExW
AdjustTokenPrivileges
InitiateSystemShutdownW
LookupPrivilegeValueW
FreeSid
RegEnumKeyExW
AllocateAndInitializeSid
RegDeleteKeyW
OpenThreadToken
CreateProcessAsUserW
RegDeleteValueW
GetTokenInformation
DuplicateTokenEx
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AddAccessAllowedAce
GetLengthSid
InitializeAcl
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
OpenServiceA
StartServiceA
OpenSCManagerA
CloseServiceHandle
QueryServiceStatus
RegOpenKeyW
TraceMessage

gdi32

UnrealizeObject
DeleteObject
GetDeviceCaps
GetObjectA
SetStretchBltMode
CreatePalette
SelectPalette
DeleteDC
GetDIBits
CreateDIBitmap
StretchBlt
CreateCompatibleDC
SelectObject
RealizePalette

kernel32

lstrcmpW
Beep
CreateFileW
WideCharToMultiByte
GetTickCount
lstrcmpiW
GetCurrentProcessId
WritePrivateProfileStringA
Sleep
GetPrivateProfileStringW
CreateEventW
OpenProcess
GetModuleHandleA
DuplicateHandle
CreateDirectoryW
GetModuleFileNameW
LoadLibraryExA
GetPrivateProfileIntW
SetLastError
GetCurrentProcess
LoadLibraryExW
FreeLibrary
CreateProcessW
GetProcAddress
CloseHandle
GetLastError
GetSystemDirectoryW
GetCurrentThreadId
ExpandEnvironmentStringsW
MulDiv
CompareFileTime
FindFirstFileW
WritePrivateProfileStringW
FindNextFileW
lstrlenW
SetFileTime
FindClose
SetFileAttributesW
FormatMessageW
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
SystemTimeToFileTime
CopyFileW
GetSystemTime
GetFileTime
DisableThreadLibraryCalls
GetCurrentThread
CreateMutexW
ReleaseMutex
lstrcmpA
MultiByteToWideChar
lstrlenA
LocalAlloc
GetPrivateProfileStringA
GetWindowsDirectoryW
GetFileType
GlobalHandle
GlobalSize
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GlobalReAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
OpenEventW
OpenFileMappingW
UnmapViewOfFile
SetEvent
CreateFileMappingW
MapViewOfFile
HeapFree
GetVolumeInformationA
HeapAlloc
GetProcessHeap
FormatMessageA
CompareStringW
WaitForSingleObject

user32

MoveWindow
TranslateMessage
LoadCursorW
SetCursor
KillTimer
CheckDlgButton
EnableMenuItem
SystemParametersInfoW
DialogBoxParamW
UpdateWindow
SetForegroundWindow
ShowCursor
GetWindowTextW
GetFocus
MessageBoxExW
SetFocus
EnableWindow
GetWindowRect
SetWindowPos
SetWindowLongPtrW
EndDialog
SetWindowTextW
GetWindowLongPtrW
GetThreadDesktop
OffsetRect
CopyRect
CharPrevW
SetDlgItemTextW
IsDlgButtonChecked
CharNextW
GetUserObjectInformationW
GetDlgItem
GetDesktopWindow
GetParent
SendMessageW
DeleteMenu
SendDlgItemMessageW
IsWindowVisible
PostMessageW
GetSystemMenu
GetWindowTextLengthW
GetWindowThreadProcessId
EndPaint
BeginPaint
GetClientRect
SetDlgItemInt
GetDlgItemInt
MessageBoxW
CallWindowProcW
GetWindowLongW
ReleaseDC
GetDC
InvalidateRect
DefWindowProcW
RegisterClassExW
UnregisterClassW
SendMessageA
SendDlgItemMessageA
DestroyWindow
GetClassInfoExW
FindWindowExW
CharLowerW
CharUpperW
FindWindowA
SetWindowLongPtrA
GetWindowLongPtrA
SetDlgItemTextA
DialogBoxParamA
GetSystemMetrics
PostMessageA
GetDlgItemTextW
MapWindowPoints
PeekMessageW
SetTimer
DispatchMessageW
IsWindow
MessageBoxA
LoadStringA
IsWindowEnabled
ShowWindow
CreateWindowExW
GetCursor
MsgWaitForMultipleObjects

ole32

StringFromGUID2
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
StringFromIID

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

shell32

ShellExecuteW
SHFileOperationW
ord258

eappcfg

EapHostPeerGetMethods
EapHostPeerFreeMemory
EapHostPeerQueryCredentialInputFields
EapHostPeerFreeErrorMemory

userenv

ExpandEnvironmentStringsForUserW

rasapi32

RasGetEntryHrasconnW
RasSetCredentialsW
RasSetEapUserDataW
RasGetConnectStatusW
RasGetCredentialsW

setnetworklocation

ord3
ord4
ord1

Exports

Exports

AutoDialFunc
CmCustomDialDlg
CmCustomHangUp
CmReConnect
GetCustomProperty
InetDialHandler
RasCustomDeleteEntryNotify
RasCustomDial
RasCustomDialDlg
RasCustomEntryDlg
RasCustomHangUp

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmdial32/puiapi.dll
.dll regsvr32 windows:10 windows x64 arch:x64

61535f30220583fa41a3ab7afd61619f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

puiapi.pdb

Imports

msvcrt

_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
__dllonexit
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcsrchr
__C_specific_handler
_wcsicmp
wcsstr
malloc
_vsnwprintf
wcstod
wcstol
_errno
??_V@YAXPEAX@Z
wcschr
free
_onexit
??1type_info@@UEAA@XZ
??3@YAXPEAX@Z
_purecall
__CxxFrameHandler3
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW
GetModuleFileNameW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalAlloc
GlobalFree
LocalFree
GlobalUnlock

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

user32

DefWindowProcW
SetWindowLongPtrW
GetDlgItem
DialogBoxParamW
EndDialog
SetWindowTextW
EnableWindow
SetWindowPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetDesktopWindow
GetWindowRect
LoadIconW
CallWindowProcW
PostMessageW
SendMessageW
DestroyWindow
PeekMessageW
CreateWindowExW
RegisterClassW
CharLowerW
CharUpperW
GetWindowLongPtrW

winspool.drv

ClosePrinter
DeletePrinterDriverPackageW
GetPrinterDataW
GetPrinterDataExW
EnumPrintersW
EnumPrinterDriversW
GetPrinterW
DeletePrinterDriverExW
DeletePrinterDriverW
OpenPrinterW

shlwapi

ord211
ord209
ord210
ord165
ord208

kernel32

CreateActCtxW
DelayLoadFailureHook
GetLocaleInfoEx
GetUserPreferredUILanguages
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
QueueUserWorkItem
OutputDebugStringA
QueryActCtxW
FindActCtxSectionStringW
ActivateActCtx
DeactivateActCtx
CreateTimerQueue
DeleteTimerQueueTimer
UnregisterWait
CreateTimerQueueTimer
RegisterWaitForSingleObject
DeleteTimerQueueEx
UnregisterWaitEx
ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
PUIAPI_CreateInstance
PUIAPI_GetErrorString
PUIAPI_GetPrinter
PUIAPI_IWaitNotify_CreateInstance
PUIAPI_IWaitNotify_RegisterTimer
PUIAPI_IWaitNotify_RegisterWaitObject
PUIAPI_IWaitNotify_UnregisterCookie
PUIAPI_ShowBrowseForPrinterDialog
PUIAPI_ShowDetailsMessageBox
PUIAPI_ShowDriverPackageRemovalUI
STRAPI_ConvertCase
STRAPI_CrackPrintUNCName
STRAPI_FindAndReplace
STRAPI_Format
STRAPI_FormatMsg
STRAPI_FormatMsgV
STRAPI_FormatV
STRAPI_GUID2String
STRAPI_GetJobStatusString
STRAPI_GetPrinterStatusString
STRAPI_LoadString
STRAPI_MultiCat
STRAPI_String2GUID
STRAPI_TrimString
STRAPI_XMLSafeText
STRBUF_AppendString
STRBUF_Create
STRBUF_CreateBSTR
STRBUF_DeleteSubstring
STRBUF_Destroy
STRBUF_FindAndReplace
STRBUF_Format
STRBUF_InsertString
STRBUF_MultiCat
STRBUF_ToLower
STRBUF_ToUpper
STRBUF_TrimLeft
STRBUF_TrimRight
STRBUF_Truncate
STRBUF_Update
XMLAPI_GetAttributeDouble
XMLAPI_GetAttributeLong
XMLAPI_GetAttributeString
XMLAPI_GetAttributeULongLong
XMLAPI_SetAttributeDouble
XMLAPI_SetAttributeLong
XMLAPI_SetAttributeString
XMLAPI_SetAttributeULongLong

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dcntel/DafDnsSd.dll
.dll windows:10 windows x64 arch:x64

510b1b11e376cbc87f799ffe714b3900

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DafDnsSd.pdb

Imports

api-ms-win-core-crt-l1-1-0

_wcsicmp
wcsnlen
wcscpy_s
memcpy
__C_specific_handler
wcstok_s
swprintf_s
memset
_vsnwprintf_s
memcpy_s

api-ms-win-core-crt-l2-1-0

_purecall
_initterm_e
_initterm

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExA
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
AcquireSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockExclusive
SetEvent
InitializeCriticalSection
LeaveCriticalSection
CreateEventW
DeleteCriticalSection

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetComputerNameExW
GetSystemTimeAsFileTime

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

ntdll

RtlIpv6AddressToStringW
RtlIpv4AddressToStringExW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dcntel/DuCsps.dll
.dll windows:10 windows x64 arch:x64

b3248883d60fe6db862583c03b46bad9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DuCsps.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_realloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
strchr
memcpy
memmove
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObject
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ReleaseMutex

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

msvcp_win

??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Wcsxfrm
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcscoll
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoTaskMemAlloc

oleaut32

SysAllocString
SysStringLen
VariantChangeType
VariantCopy
VariantInit
VariantClear
SysFreeString

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegDeleteTreeW
RegEnumValueW
RegCreateKeyExW
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-registry-l2-1-0

RegEnumKeyW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

dmoleaututils

ByteArrayToSafeArray
SafeArrayToByteArray

updateapi

GetInstalledPackageInfo
FreeInstalledPackageInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dcntel/dcntel.dll
.dll windows:10 windows x64 arch:x64

297a2ad90ecd0a9d6f27b16387dae5ef

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:ba:2b:ba:3b:18:07:1d:93:91:91:64:be:09:eb:23:9c:c3:b2:1b:8c:70:be:45:03:52:85:88:56:17:23:37
Signer

Actual PE Digest

a2:ba:2b:ba:3b:18:07:1d:93:91:91:64:be:09:eb:23:9c:c3:b2:1b:8c:70:be:45:03:52:85:88:56:17:23:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dcntel.pdb

Imports

msvcrt

localeconv
strcspn
setlocale
__pctype_func
___lc_handle_func
___lc_codepage_func
wcscpy_s
__uncaught_exception
___mb_cur_max_func
_ismbblead
abort
memset
_wcsdup
__crtLCMapStringW
_wsetlocale
memcmp
wcsncmp
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
iswascii
_wtoi
wcstoul
wcscmp
strcmp
wcsstr
_wcslwr
wcscat_s
wcschr
_wcsnicmp
_wtof
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
rand_s
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
strcpy_s
__C_specific_handler
wcstol
?what@exception@@UEBAPEBDXZ
wcsrchr
_wcsupr
_wcslwr_s
wcstok_s
strchr
_errno
strstr
free
malloc
strnlen
swprintf_s
sprintf_s
_wcsicmp
_vsnprintf
_wcstoui64
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
calloc
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateEventW
OpenWaitableTimerW
CreateEventExW
InitializeCriticalSection
ReleaseSemaphore
CreateMutexExW
LeaveCriticalSection
ReleaseMutex
OpenSemaphoreW
SetEvent
WaitForSingleObject
ResetEvent
DeleteCriticalSection
AcquireSRWLockExclusive
EnterCriticalSection
SetWaitableTimer
CreateMutexW
WaitForSingleObjectEx
InitializeCriticalSectionEx
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
ExitProcess
GetCurrentProcess
OpenThreadToken
CreateThread
OpenProcessToken
SetThreadToken
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
TerminateThread

api-ms-win-core-localization-l1-2-0

GetUserGeoID
GetUserPreferredUILanguages
GetSystemPreferredUILanguages
GetLocaleInfoEx
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
StringFromCLSID
CoTaskMemAlloc
CoUninitialize
CoCreateFreeThreadedMarshaler
PropVariantClear
CoSetProxyBlanket
CoWaitForMultipleHandles
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
VariantInit
SysAllocString
SafeArrayGetElement
VariantClear
SysStringLen
SysFreeString

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

api-ms-win-core-file-l1-1-0

DeleteFileW
GetTempFileNameW
GetVolumePathNameW
FindFirstFileW
GetFileAttributesW
WriteFile
ReadFile
GetLogicalDrives
GetDriveTypeW
FindClose
CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
DuplicateTokenEx
FreeSid
AdjustTokenPrivileges
SetSecurityDescriptorDacl
GetTokenInformation
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
RevertToSelf
SetSecurityDescriptorOwner

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable
VerSetConditionMask
GetProductInfo

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
RegFlushKey
RegDeleteTreeW
RegSetKeySecurity
RegSaveKeyExW
RegLoadAppKeyW
RegCloseKey
RegGetValueW
RegDeleteKeyExW
RegUnLoadKeyW

rpcrt4

UuidCreate

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetComputerNameExW
GetSystemWindowsDirectoryW
GetVersionExW
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GetSystemTime
GetLogicalProcessorInformationEx
GetSystemInfo

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
LocalAlloc

logoncli

DsGetDcNameW

bcrypt

BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider

crypt32

CryptBinaryToStringW

netutils

NetApiBufferFree

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize
RoActivateInstance

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

iphlpapi

GetAdaptersInfo

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
EnumUILanguagesW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx

ntdll

ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
RtlRandomEx
RtlStringFromGUID
RtlDosPathNameToRelativeNtPathName_U
NtLoadKeyEx
RtlReleaseRelativeName
RtlAllocateAndInitializeSid
RtlFreeSid
RtlAdjustPrivilege
NtQueryKey
NtQueryLicenseValue
RtlCompareMemory
NtQuerySecurityPolicy
NtQuerySystemInformation
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
WinSqmIsOptedInEx
NtPowerInformation
RtlFreeUnicodeString
RtlInitUnicodeString

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
CreateWaitableTimerW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpReadData
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSetCredentials

api-ms-win-security-credentials-l1-1-0

CredFree
CredReadW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

Exports

Exports

GetCensusPropertyAlloc
GetCensusRegistryLocation
RunSystemContextCensus
RunUserContextCensus
SetCustomTrigger
SetCustomTriggerEx
SysprepCleanupEnableCustomTrigger

Sections

.text
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dcntel/kbdnecat.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

kbdnecat.pdb

Exports

Exports

KbdLayerDescriptor
KbdNlsLayerDescriptor

Sections

.text
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi
syssetup/SensorsApi.dll
.dll regsvr32 windows:10 windows x64 arch:x64

93f00183f6b2824f35a5ab3c1bf4de20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SensorsApi.pdb

Imports

api-ms-win-crt-string-l1-1-0

memmove_s
wcsncmp
memset
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o_calloc
_o_free
_o_malloc
_o_strncat_s
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
__CxxFrameHandler3
_CxxThrowException
wcsrchr
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler4
memcmp
memcpy

rpcrt4

CStdStubBuffer_AddRef
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
NdrClientCall3
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer_Release
I_RpcExceptionFilter
RpcBindingFree
RpcBindingBind
RpcBindingCreateW
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrDllGetClassObject
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
NdrOleFree

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient4
ObjectStublessClient11
ObjectStublessClient12
ObjectStublessClient8
ObjectStublessClient16
ObjectStublessClient14
ObjectStublessClient3
ObjectStublessClient7
ObjectStublessClient9
ObjectStublessClient6
ObjectStublessClient10
ObjectStublessClient15
ObjectStublessClient17
ObjectStublessClient13
ObjectStublessClient5

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleHandleExW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadLocale
SetThreadLocale

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegSetKeySecurity
RegGetKeySecurity
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
CreateSemaphoreExW
InitializeCriticalSection
WaitForSingleObject
LeaveCriticalSection
CreateMutexExW
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
CreateEventW
WaitForSingleObjectEx
ReleaseSemaphore
ResetEvent
InitializeCriticalSectionEx
AcquireSRWLockShared
WaitForMultipleObjectsEx
CreateEventExW
ReleaseMutex
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockShared
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
ExitProcess
GetCurrentThreadId
TerminateProcess
CreateThread
OpenProcessToken
GetCurrentProcess

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

user32

DispatchMessageW
LoadStringW
LoadCursorW
SetCursor
TranslateMessage
PostQuitMessage
PeekMessageW
DialogBoxParamW
EndDialog
IsWindow
UnregisterClassA
MsgWaitForMultipleObjectsEx

sensorsutilsv2

PropVariantGetInformation
PropKeyFindKeySetPropVariant
PropKeyFindKeyGetFloat
PropKeyFindKeyGetDouble
CollectionsListGetSerializedSize
InitPropVariantFromFloat
PropKeyFindKeyGetPropVariant
CollectionsListCopyAndMarshall
PropKeyFindKeyGetFileTime
PropKeyFindKeyGetUlong
IsKeyPresentInCollectionList
CollectionsListGetMarshalledSize
IsCollectionListSame
PropKeyFindKeyGetGuid
CollectionsListDeserializeFromBuffer

sensorsnativeapi.v2

SensorGetCapabilitiesCollectionV2
SensorOpenByInterfaceV2
SensorCloseV2
SensorStartCollectionV2
SensorStartStateChangeNotificationV2
SensorGetSupportedDataFieldsV2
SensorGetDataCollectionV2
SensorEnableIdleOperationV2
SensorSetDataIntervalV2
SensorSetDataThresholdsV2
SensorGetDataIntervalV2
SensorGetDataThresholdsV2
SensorGetPropertiesV2
SensorGetDataFieldPropertiesV2
SensorStopV2
SensorStopStateChangeNotificationV2

api-ms-win-core-marshal-l1-1-0

HWND_UserSize
HWND_UserSize64
HWND_UserUnmarshal
HWND_UserMarshal64
HWND_UserUnmarshal64
HWND_UserMarshal
HWND_UserFree
HWND_UserFree64

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpool
CloseThreadpool
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CloseThreadpoolTimer
SetThreadpoolThreadMinimum
WaitForThreadpoolTimerCallbacks
SetThreadpoolThreadMaximum

api-ms-win-security-base-l1-1-0

IsWellKnownSid
GetTokenInformation
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
InitializeSecurityDescriptor
CheckTokenMembership
FreeSid
GetAce
AllocateAndInitializeSid
IsValidSid
AddAce
CopySid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

WinSqmIsOptedIn
WinSqmAddToStreamEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SensorCloseCOM
SensorEnableIdleOperationCOM
SensorGetAccDataCOM
SensorGetAlsDataCOM
SensorGetAlsDataWithColorCOM
SensorGetBarDataCOM
SensorGetCapabilitiesCollectionCOM
SensorGetDataCollectionCOM
SensorGetDeviceIdCOM
SensorGetFusDataCOM
SensorGetGyrDataCOM
SensorGetMagDataCOM
SensorGetPropertiesCOM
SensorGetPrxDataCOM
SensorGetThresholdsCOM
SensorOpenByInterfaceCOM
SensorPermissionsHandler
SensorPermissionsHandlerA
SensorPermissionsHandlerW
SensorRegisterEventCOM
SensorSetAccThresholdsCOM
SensorSetAlsThresholdsCOM
SensorSetAlsWithColorThresholdsCOM
SensorSetBarThresholdsCOM
SensorSetFusThresholdsCOM
SensorSetGyrThresholdsCOM
SensorSetIntervalCOM
SensorSetMagThresholdsCOM
SensorSetOrientationSensorThresholdsCOM
SensorSetThresholdsCOM
SensorStartCollectionCOM
SensorStopCOM
SensorUnregisterEventCOM

Sections

.text
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
syssetup/sendmail.dll
.dll windows:10 windows x64 arch:x64

9a2286798f785ee11497fa3d113d6cbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sendmail.pdb

Imports

msvcrt

__C_specific_handler
_lock
_unlock
malloc
free
_amsg_exit
_onexit
_XcptFilter
__CxxFrameHandler3
wcscat_s
wcscpy_s
_initterm
memset
memcmp
_vsnwprintf
_get_errno
wcstok
_set_errno
wcsncmp
memcpy_s
__dllonexit
wcscmp

shell32

ord740
SHGetFileInfoW
ord155
SHCreateItemFromParsingName
SHGetKnownFolderPath
SHBindToObject
ord682
DragQueryFileW
SHGetItemFromDataObject
SHEvaluateSystemCommandTemplate
SHFileOperationW
ord171
SHGetSpecialFolderPathW
SHGetDesktopFolder
ord850
ord28
ord75

shlwapi

ord346
PathIsUNCW
PathSkipRootW
PathIsURLW
StrStrIW
PathFindNextComponentW
ord16
SHQueryValueExW
StrCmpW
StrFormatByteSizeW
PathCompactPathW
PathRenameExtensionW
PathAppendW
PathFindFileNameW
ord215
ord219
PathIsDirectoryW
PathRemoveFileSpecW
SHCreateStreamOnFileW
PathFindExtensionW
StrDupW
ord217
ord199
ord176

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadLibraryExW
LoadStringW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
CreateSemaphoreExW
LeaveCriticalSection
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
InitializeCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
ReleaseSemaphore
CreateEventW
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SetThreadPriority
CreateThread
GetCurrentProcessId
GetCurrentThread
GetExitCodeThread
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
FindNLSStringEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoGetMalloc
CoCreateInstance
CoUninitialize
CoGetInterfaceAndReleaseStream
PropVariantClear
CoTaskMemAlloc
CoReleaseMarshalData
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoTaskMemRealloc

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryValueExW
RegCloseKey
RegGetValueW
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventUnregister
EventRegister

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-path-l1-1-0

PathCchRenameExtension
PathCchRemoveFileSpec
PathCchAppendEx

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileW
GetFileSize

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

advapi32

RegQueryValueW

gdi32

DeleteObject
SelectObject

gdiplus

GdipDisposeImage
GdipFree
GdipGetImageEncoders
GdipRemovePropertyItem
GdipGetPropertyIdList
GdipGetImageEncodersSize
GdiplusShutdown
GdiplusStartup
GdipGetPropertyCount
GdipAlloc
GdipLoadImageFromFile
GdipCloneImage
GdipSaveImageToFile
GdipImageRotateFlip

kernel32

DeactivateActCtx
GlobalSize
CreateActCtxW
ReleaseActCtx
GlobalUnlock
ActivateActCtx
lstrlenW
GlobalLock

ole32

ReleaseStgMedium
CoInitialize

propsys

PSPropertyBag_ReadGUID
PSCreateSimplePropertyChange
PSCreatePropertyChangeArray
PropVariantToUInt32

user32

CreateDialogParamW
PostThreadMessageW
SetWindowTextW
GetMessageW
IsDialogMessageW
TranslateMessage
RegisterClipboardFormatW
GetClientRect
GetDlgItem
GetWindowLongPtrW
SetWindowLongPtrW
SendMessageW
DispatchMessageW
DestroyIcon
DefWindowProcW
DestroyWindow
GetDC
MessageBoxW
EnableWindow
GetWindowRect
ShowWindow
IsWindow
SetDlgItemTextW
ReleaseDC

wininet

DeleteUrlCacheEntryW
CreateUrlCacheEntryW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
syssetup/syssetup.dll
.dll windows:10 windows x64 arch:x64

fe9aff7b41a154ac9d71ab2967cc3eed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

syssetup.pdb

Imports

msvcrt

__C_specific_handler
_initterm
malloc
_wtoi
_vsnwprintf
free
_amsg_exit
_XcptFilter
memset

ntdll

RtlCaptureContext
RtlVirtualUnwind
NtCreateEvent
NtOpenEvent
RtlInitUnicodeString
NtClose
RtlLookupFunctionEntry

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyW

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetCurrentProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
GetSystemWindowsDirectoryW
GetProcessHeap
HeapAlloc
CloseHandle
GetLastError
CreateFileW
GetLocaleInfoW
HeapFree
GetSystemTimeAsFileTime
GetTickCount
lstrcmpW
SetLastError
GetPrivateProfileStringW
WaitForSingleObject
Sleep
UnhandledExceptionFilter
TerminateProcess

user32

EnumDisplaySettingsExW
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
EnumDisplaySettingsW

setupapi

SetupCloseInfFile
SetupInstallFromInfSectionW
SetupOpenInfFileW

Exports

Exports

AsrAddSifEntryA
AsrAddSifEntryW
AsrCreateStateFileA
AsrCreateStateFileW
AsrFreeContext
AsrRestorePlugPlayRegistryData
GetAnswerFileSetting
SetupChangeFontSize
SetupInfObjectInstallActionW
SetupSetDisplay
WaitForSamService

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
syssetup/vcamp140.dll
.dll windows:6 windows x64 arch:x64

5fed7e887732a04bedbcd50466a6c339

Code Sign

33:00:00:01:e2:f1:7d:92:02:0e:49:f8:7f:00:00:00:00:01:e2
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:31

Not After

02/12/2021, 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:3a:3c:4a:af:8e:56:81:4c:0b:1f:f2:ba:41:9d:d7:98:f4:bc:eb:99:4d:3d:7e:c1:1e:eb:e1:fd:5e:0c:9f
Signer

Actual PE Digest

65:3a:3c:4a:af:8e:56:81:4c:0b:1f:f2:ba:41:9d:d7:98:f4:bc:eb:99:4d:3d:7e:c1:1e:eb:e1:fd:5e:0c:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdb

Imports

advapi32

EventUnregister
EventWrite
EventRegister

kernel32

CreateEventExW
CloseHandle
ResetEvent
WaitForSingleObjectEx
VerSetConditionMask
VerifyVersionInfoW
SetEvent
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedFlushSList
InitializeCriticalSectionEx
InitOnceBeginInitialize
InitOnceComplete
GetLastError
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
GetProcAddress
GetSystemTimeAsFileTime
LoadLibraryW
InitOnceExecuteOnce
InitOnceInitialize
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
memset
__C_specific_handler
__current_exception_context
memmove
memcpy
__std_type_info_destroy_list
memcmp
wcsstr
__std_exception_copy
__std_exception_destroy
_purecall
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_invalid_parameter_noinfo
_errno
_register_onexit_function
terminate
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_initialize_narrow_environment
_initterm_e
abort
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

strcpy_s
wcscat_s
wcscpy_s
_wcsicmp
towlower
wcstok_s

api-ms-win-crt-convert-l1-1-0

_wtoi64
_itow_s

api-ms-win-crt-heap-l1-1-0

free
malloc
_aligned_malloc
_aligned_free
_callnewh

msvcp140

_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_yield
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Xbad_function_call@std@@YAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Throw_C_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Cnd_wait
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ

concrt140

??0critical_section@Concurrency@@QEAA@XZ
??0scoped_lock@critical_section@Concurrency@@QEAA@AEAV12@@Z
??1scoped_lock@critical_section@Concurrency@@QEAA@XZ
?try_lock@critical_section@Concurrency@@QEAA_NXZ
?lock@critical_section@Concurrency@@QEAAXXZ
?unlock@critical_section@Concurrency@@QEAAXXZ
??1critical_section@Concurrency@@QEAA@XZ

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DCreateLinker
D3DLoadModule

dxgi

CreateDXGIFactory1

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

api-ms-win-crt-math-l1-1-0

pow
ceilf
ceil

Exports

Exports

??0_Event@details@Concurrency@@QEAA@AEBV012@@Z
??0_Event@details@Concurrency@@QEAA@XZ
??0accelerator@Concurrency@@AEAA@V?$_Reference_counted_obj_ptr@V_Accelerator_impl@details@Concurrency@@@details@1@@Z
??0accelerator@Concurrency@@QEAA@AEBV01@@Z
??0accelerator@Concurrency@@QEAA@XZ
??0accelerator_view@Concurrency@@AEAA@V?$_Reference_counted_obj_ptr@V_Accelerator_view_impl@details@Concurrency@@@details@1@_N@Z
??0accelerator_view@Concurrency@@QEAA@AEBV01@@Z
??0accelerator_view_removed@Concurrency@@QEAA@J@Z
??0accelerator_view_removed@Concurrency@@QEAA@PEBDJ@Z
??0invalid_compute_domain@Concurrency@@QEAA@PEBD@Z
??0invalid_compute_domain@Concurrency@@QEAA@XZ
??0out_of_memory@Concurrency@@QEAA@PEBD@Z
??0out_of_memory@Concurrency@@QEAA@XZ
??0runtime_exception@Concurrency@@QEAA@AEBV01@@Z
??0runtime_exception@Concurrency@@QEAA@J@Z
??0runtime_exception@Concurrency@@QEAA@PEBDJ@Z
??0scoped_d3d_access_lock@direct3d@Concurrency@@QEAA@$$QEAV012@@Z
??0scoped_d3d_access_lock@direct3d@Concurrency@@QEAA@AEAVaccelerator_view@2@@Z
??0scoped_d3d_access_lock@direct3d@Concurrency@@QEAA@AEAVaccelerator_view@2@Uadopt_d3d_access_lock_t@12@@Z
??0unsupported_feature@Concurrency@@QEAA@PEBD@Z
??0unsupported_feature@Concurrency@@QEAA@XZ
??1_Amp_runtime_trace@details@Concurrency@@QEAA@XZ
??1_Event@details@Concurrency@@QEAA@XZ
??1accelerator@Concurrency@@QEAA@XZ
??1accelerator_view@Concurrency@@QEAA@XZ
??1runtime_exception@Concurrency@@UEAA@XZ
??1scoped_d3d_access_lock@direct3d@Concurrency@@QEAA@XZ
??4_Event@details@Concurrency@@QEAAAEAV012@AEBV012@@Z
??4accelerator@Concurrency@@QEAAAEAV01@AEBV01@@Z
??4accelerator_view@Concurrency@@QEAAAEAV01@AEBV01@@Z
??4runtime_exception@Concurrency@@QEAAAEAV01@AEBV01@@Z
??4scoped_d3d_access_lock@direct3d@Concurrency@@QEAAAEAV012@$$QEAV012@@Z
??8_Event@details@Concurrency@@QEBA_NAEBV012@@Z
??8accelerator@Concurrency@@QEBA_NAEBV01@@Z
??8accelerator_view@Concurrency@@QEBA_NAEBV01@@Z
??9_Event@details@Concurrency@@QEBA_NAEBV012@@Z
??9accelerator@Concurrency@@QEBA_NAEBV01@@Z
??9accelerator_view@Concurrency@@QEBA_NAEBV01@@Z
?_Add_continuation@_Event@details@Concurrency@@QEAA?AV123@AEBV?$function@$$A6A?AV_Event@details@Concurrency@@XZ@std@@@Z
?_Add_event@_Event@details@Concurrency@@QEAA?AV123@V123@@Z
?_Adopt_texture@_Texture@details@Concurrency@@SAPEAV123@IW4_Short_vector_base_type_id@23@PEAUIUnknown@@Vaccelerator_view@3@I@Z
?_Clone_texture@_Texture@details@Concurrency@@SAPEAV123@PEBV123@AEBVaccelerator_view@3@1@Z
?_Copy_async_impl@details@Concurrency@@YA?AV_Event@12@PEAV_Texture@12@PEB_KI01I11@Z
?_Copy_impl@details@Concurrency@@YA?AV_Event@12@PEAV_Buffer@12@V?$_Reference_counted_obj_ptr@V_View_shape@details@Concurrency@@@12@01@Z
?_Copy_impl@details@Concurrency@@YA?AV_Event@12@PEAV_Buffer@12@_K0111@Z
?_Copy_to_async@_Buffer@details@Concurrency@@QEAA?AV_Event@23@PEAV123@V?$_Reference_counted_obj_ptr@V_View_shape@details@Concurrency@@@23@1@Z
?_Copy_to_async@_Buffer@details@Concurrency@@QEAA?AV_Event@23@PEAV123@_K11@Z
?_Copy_to_async@_Texture@details@Concurrency@@QEAA?AV_Event@23@PEAV123@PEB_K11II@Z
?_Create@_Sampler@details@Concurrency@@SAPEAV123@IIMMMM@Z
?_Create@_Sampler@details@Concurrency@@SAPEAV123@PEAX@Z
?_Create_buffer@_Buffer@details@Concurrency@@SAPEAV123@PEAXVaccelerator_view@3@_K2@Z
?_Create_buffer@_Buffer@details@Concurrency@@SAPEAV123@Vaccelerator_view@3@0_K1_NW4access_type@3@@Z
?_Create_stage_buffer@_Buffer@details@Concurrency@@SAPEAV123@Vaccelerator_view@3@0_K1_N@Z
?_Create_stage_texture@_Texture@details@Concurrency@@SAPEAV123@Vaccelerator_view@3@0I_K11II_N@Z
?_Create_stage_texture@_Texture@details@Concurrency@@SAPEAV123@Vaccelerator_view@3@0I_K11IW4_Short_vector_base_type_id@23@II@Z
?_Create_texture@_Texture@details@Concurrency@@SAPEAV123@Vaccelerator_view@3@I_K11IW4_Short_vector_base_type_id@23@II_N@Z
?_Create_ubiquitous_buffer@_Ubiquitous_buffer@details@Concurrency@@SAPEAV123@V?$_Reference_counted_obj_ptr@V_Buffer@details@Concurrency@@@23@@Z
?_Create_ubiquitous_buffer@_Ubiquitous_buffer@details@Concurrency@@SAPEAV123@_K0@Z
?_Create_view_shape@_View_shape@details@Concurrency@@SAPEAV123@IIPEBI00PEB_N@Z
?_Discard@_Ubiquitous_buffer@details@Concurrency@@QEAAXPEAU_Buffer_descriptor@23@@Z
?_Exclusively_owns_data@_Buffer@details@Concurrency@@QEAA_NXZ
?_Get@_Event@details@Concurrency@@QEAAXXZ
?_Get_CPU_access@_Buffer_descriptor@details@Concurrency@@QEBAXW4_Access_mode@@@Z
?_Get_D3D_buffer@_D3D_interop@details@Concurrency@@SAPEAUIUnknown@@PEAV_Buffer@23@@Z
?_Get_D3D_sampler@_D3D_interop@details@Concurrency@@SAPEAUIUnknown@@AEBVaccelerator_view@3@PEAV_Sampler@23@@Z
?_Get_D3D_sampler_data_ptr@_D3D_interop@details@Concurrency@@SAPEAXPEAUIUnknown@@@Z
?_Get_D3D_texture@_D3D_interop@details@Concurrency@@SAPEAUIUnknown@@PEAV_Texture@23@@Z
?_Get_accelerator_view@_Buffer@details@Concurrency@@QEBA?AVaccelerator_view@3@XZ
?_Get_access_async@_Ubiquitous_buffer@details@Concurrency@@AEAA?AV_Event@23@PEAU_Buffer_descriptor@23@Vaccelerator_view@3@W4_Access_mode@@AEAV?$_Reference_counted_obj_ptr@V_Buffer@details@Concurrency@@@23@PEA_K@Z
?_Get_access_async@_Ubiquitous_buffer@details@Concurrency@@QEAA?AV_Event@23@PEAU_Buffer_descriptor@23@V?$_Reference_counted_obj_ptr@V_Accelerator_view_impl@details@Concurrency@@@23@W4_Access_mode@@AEAV?$_Reference_counted_obj_ptr@V_Buffer@details@Concurrency@@@23@PEA_K@Z
?_Get_access_on_accelerator_view@_Buffer@details@Concurrency@@QEBA?AVaccelerator_view@3@XZ
?_Get_amp_trace@details@Concurrency@@YAPEAV_Amp_runtime_trace@12@XZ
?_Get_description@accelerator@Concurrency@@AEBAPEB_WXZ
?_Get_device_path@accelerator@Concurrency@@AEBAPEB_WXZ
?_Get_devices@details@Concurrency@@YAPEAV?$_Reference_counted_obj_ptr@V_Accelerator_impl@details@Concurrency@@@12@XZ
?_Get_master_accelerator_view@_Ubiquitous_buffer@details@Concurrency@@QEBA?AVaccelerator_view@3@XZ
?_Get_master_buffer@_Ubiquitous_buffer@details@Concurrency@@QEBA?AV?$_Reference_counted_obj_ptr@V_Buffer@details@Concurrency@@@23@XZ
?_Get_num_devices@details@Concurrency@@YA_KXZ
?_Get_preferred_copy_chunk_size@details@Concurrency@@YA_K_K@Z
?_Get_recommended_buffer_host_access_mode@details@Concurrency@@YA?AW4_Access_mode@@AEBVaccelerator_view@2@@Z
?_Get_reduced_shape_for_copy@_View_shape@details@Concurrency@@QEAAPEAV123@XZ
?_Get_src_dest_accelerator_view@details@Concurrency@@YA?AU?$pair@Vaccelerator_view@Concurrency@@V12@@std@@PEBU_Buffer_descriptor@12@0@Z
?_Get_temp_staging_buffer@_Buffer@details@Concurrency@@SAPEAV123@Vaccelerator_view@3@_K1@Z
?_Get_temp_staging_texture@_Texture@details@Concurrency@@SAPEAV123@Vaccelerator_view@3@I_K11II@Z
?_Get_view_shape@_Ubiquitous_buffer@details@Concurrency@@QEAA?AV?$_Reference_counted_obj_ptr@V_View_shape@details@Concurrency@@@23@PEAU_Buffer_descriptor@23@@Z
?_Init@accelerator@Concurrency@@AEAAXPEB_W@Z
?_Is_D3D_accelerator_view@details@Concurrency@@YA_NAEBVaccelerator_view@2@@Z
?_Is_empty@_Event@details@Concurrency@@QEBA_NXZ
?_Is_finished@_Event@details@Concurrency@@QEAA_NXZ
?_Is_finished_nothrow@_Event@details@Concurrency@@QEAA_NXZ
?_Is_mappable@_Buffer@details@Concurrency@@QEBA_NXZ
?_Launch_array_view_synchronize_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAKAEBU_Buffer_descriptor@23@@Z
?_Launch_async_copy_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAK$$TAEBU_Buffer_descriptor@23@_K@Z
?_Launch_async_copy_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAK$$TAEBU_Texture_descriptor@23@_K@Z
?_Launch_async_copy_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAKAEBU_Buffer_descriptor@23@$$T_K@Z
?_Launch_async_copy_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAKAEBU_Buffer_descriptor@23@0_K@Z
?_Launch_async_copy_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAKAEBU_Texture_descriptor@23@$$T_K@Z
?_Launch_async_copy_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAKAEBU_Texture_descriptor@23@0_K@Z
?_Map_buffer@_Buffer@details@Concurrency@@QEAAXW4_Access_mode@@_N@Z
?_Map_buffer_async@_Buffer@details@Concurrency@@QEAA?AV_Event@23@W4_Access_mode@@@Z
?_Recursive_array_copy@details@Concurrency@@YAJAEBU_Array_copy_desc@12@IV?$function@$$A6AJAEBU_Array_copy_desc@details@Concurrency@@@Z@std@@@Z
?_Register_async_event@details@Concurrency@@YAXAEBV_Event@12@AEBV?$shared_future@X@std@@@Z
?_Register_view@_Buffer@details@Concurrency@@QEAAXPEAU_Buffer_descriptor@23@@Z
?_Register_view@_Ubiquitous_buffer@details@Concurrency@@QEAAXPEAU_Buffer_descriptor@23@Vaccelerator_view@3@V?$_Reference_counted_obj_ptr@V_View_shape@details@Concurrency@@@23@QEAU423@@Z
?_Register_view_copy@_Ubiquitous_buffer@details@Concurrency@@QEAAXPEAU_Buffer_descriptor@23@0@Z
?_Release@_Reference_counter@details@Concurrency@@QEAAXXZ
?_Release_D3D_sampler_data_ptr@_D3D_interop@details@Concurrency@@SAXPEAX@Z
?_Select_copy_src_accelerator_view@details@Concurrency@@YA?AVaccelerator_view@2@PEAU_Buffer_descriptor@12@AEBV32@@Z
?_Select_default_accelerator@details@Concurrency@@YA?AVaccelerator@2@XZ
?_Set_default_accelerator@details@Concurrency@@YA_NV?$_Reference_counted_obj_ptr@V_Accelerator_impl@details@Concurrency@@@12@@Z
?_Start_array_view_synchronize_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAKAEBU_Buffer_descriptor@23@@Z
?_Start_async_op_wait_event@_Amp_runtime_trace@details@Concurrency@@AEAAKK@Z
?_Start_copy_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAK$$TAEBU_Buffer_descriptor@23@_K@Z
?_Start_copy_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAK$$TAEBU_Texture_descriptor@23@_K@Z
?_Start_copy_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAKAEBU_Buffer_descriptor@23@$$T_K@Z
?_Start_copy_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAKAEBU_Buffer_descriptor@23@0_K@Z
?_Start_copy_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAKAEBU_Texture_descriptor@23@$$T_K@Z
?_Start_copy_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAKAEBU_Texture_descriptor@23@0_K@Z
?_Start_parallel_for_each_event_helper@_Amp_runtime_trace@details@Concurrency@@QEAAKPEAU_DPC_call_handle@23@@Z
?_Unmap_buffer@_Buffer@details@Concurrency@@QEAAXXZ
?_Unregister_view@_Buffer@details@Concurrency@@QEAAXPEAU_Buffer_descriptor@23@@Z
?_Unregister_view@_Ubiquitous_buffer@details@Concurrency@@QEAAXPEAU_Buffer_descriptor@23@@Z
?_Write_end_event@_Amp_runtime_trace@details@Concurrency@@QEAAXK@Z
?amp_uninitialize@Concurrency@@YAXXZ
?cpu_accelerator@accelerator@Concurrency@@2QB_WB
?create_accelerator_view@direct3d@Concurrency@@YA?AVaccelerator_view@2@AEAVaccelerator@2@_NW4queuing_mode@2@@Z
?create_accelerator_view@direct3d@Concurrency@@YA?AVaccelerator_view@2@PEAUIUnknown@@W4queuing_mode@2@@Z
?create_marker@accelerator_view@Concurrency@@QEAA?AVcompletion_future@2@XZ
?create_view@accelerator@Concurrency@@QEAA?AVaccelerator_view@2@W4queuing_mode@2@@Z
?d3d_access_lock@direct3d@Concurrency@@YAXAEAVaccelerator_view@2@@Z
?d3d_access_try_lock@direct3d@Concurrency@@YA_NAEAVaccelerator_view@2@@Z
?d3d_access_unlock@direct3d@Concurrency@@YAXAEAVaccelerator_view@2@@Z
?default_accelerator@accelerator@Concurrency@@2QB_WB
?direct3d_ref@accelerator@Concurrency@@2QB_WB
?direct3d_warp@accelerator@Concurrency@@2QB_WB
?flush@accelerator_view@Concurrency@@QEAAXXZ
?get_accelerator@accelerator_view@Concurrency@@QEBA?AVaccelerator@2@XZ
?get_auto_selection_view@accelerator@Concurrency@@SA?AVaccelerator_view@2@XZ
?get_dedicated_memory@accelerator@Concurrency@@QEBA_KXZ
?get_default_cpu_access_type@accelerator@Concurrency@@QEBA?AW4access_type@2@XZ
?get_default_view@accelerator@Concurrency@@QEBA?AVaccelerator_view@2@XZ
?get_device@direct3d@Concurrency@@YAPEAUIUnknown@@AEBVaccelerator_view@2@@Z
?get_error_code@runtime_exception@Concurrency@@QEBAJXZ
?get_has_display@accelerator@Concurrency@@QEBA_NXZ
?get_is_auto_selection@accelerator_view@Concurrency@@QEBA_NXZ
?get_is_debug@accelerator@Concurrency@@QEBA_NXZ
?get_is_debug@accelerator_view@Concurrency@@QEBA_NXZ
?get_is_emulated@accelerator@Concurrency@@QEBA_NXZ
?get_queuing_mode@accelerator_view@Concurrency@@QEBA?AW4queuing_mode@2@XZ
?get_supports_cpu_shared_memory@accelerator@Concurrency@@QEBA_NXZ
?get_supports_double_precision@accelerator@Concurrency@@QEBA_NXZ
?get_supports_limited_double_precision@accelerator@Concurrency@@QEBA_NXZ
?get_version@accelerator@Concurrency@@QEBAIXZ
?get_version@accelerator_view@Concurrency@@QEBAIXZ
?get_view_removed_reason@accelerator_view_removed@Concurrency@@QEBAJXZ
?is_timeout_disabled@direct3d@Concurrency@@YA_NAEBVaccelerator_view@2@@Z
?set_default_cpu_access_type@accelerator@Concurrency@@QEAA_NW4access_type@2@@Z
?wait@accelerator_view@Concurrency@@QEAAXXZ
__dpc_create_call_handle
__dpc_dispatch_kernel
__dpc_release_call_handle
__dpc_set_const_buffer_info
__dpc_set_device_resource_info
__dpc_set_kernel_dispatch_info
__dpc_set_kernel_shader_info

Sections

.text
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
werconcpl/Websocket.dll
.dll windows:10 windows x64 arch:x64

abee3dc7646506aab5747163205d4a8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

websocket.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__purecall
memmove
_o_free
_o_malloc
__C_specific_handler
_o___std_type_info_destroy_list
memcpy
_o__seh_filter_dll

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
DisableThreadLibraryCalls

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

bcrypt

BCryptHashData
BCryptGenRandom
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptCreateHash

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

ntdll

WinSqmIncrementDWORD
WinSqmIsOptedIn
RtlReportException
NtQuerySystemInformation

Exports

Exports

WebSocketAbortHandle
WebSocketBeginClientHandshake
WebSocketBeginServerHandshake
WebSocketCompleteAction
WebSocketCreateClientHandle
WebSocketCreateServerHandle
WebSocketDeleteHandle
WebSocketEndClientHandshake
WebSocketEndServerHandshake
WebSocketGetAction
WebSocketGetGlobalProperty
WebSocketReceive
WebSocketSend

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
werconcpl/imagesp1.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
werconcpl/ndishc.dll
.dll regsvr32 windows:10 windows x64 arch:x64

bc7683088aaca509bcc0f400f2bcfdfa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ndisHC.pdb

Imports

msvcrt

?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
??1exception@@UEAA@XZ
_XcptFilter
_amsg_exit
??3@YAXPEAX@Z
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
memmove
wcsnlen
_wcsicmp
wcscat_s
wcsstr
toupper
vswprintf_s
_vscwprintf
memmove_s
memcpy_s
free
malloc
wcsncpy_s
_vsnwprintf
wcsncmp
__C_specific_handler
_purecall
??_V@YAXPEAX@Z
__CxxFrameHandler3
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_errno
realloc
memset
wcscpy_s
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetModuleFileNameA
AcquireSRWLockExclusive
LocalAlloc
ReleaseSRWLockExclusive
GetCurrentProcess
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
HeapDestroy
GetProcessHeap
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
LockResource
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
FormatMessageW
LocalFree
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
HeapSize
HeapReAlloc
HeapFree

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
EventWriteTransfer
EventRegister
EventProviderEnabled
EventSetInformation
EventUnregister
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExW

user32

CharNextW
LoadStringW
UnregisterClassA

oleaut32

SysStringLen
SysAllocString
RegisterTypeLi
VarUI4FromStr
SysFreeString
LoadTypeLi
UnRegisterTypeLi

nsi

NsiGetAllParameters

setupapi

SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString

iphlpapi

GetIpInterfaceEntry
FreeMibTable
GetIfTable2

ws2_32

WSACleanup
socket
closesocket
WSAStartup

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
werconcpl/werconcpl.dll
.dll windows:10 windows x64 arch:x64

18bbf3fd6feb4ec996322031c22fff3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

werconcpl.pdb

Imports

msvcrt

_errno
??1type_info@@UEAA@XZ
_onexit
__dllonexit
memmove
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
memcmp
floorf
_XcptFilter
memmove_s
_callnewh
_itow_s
_wtoi
_vscwprintf
bsearch
_wcsicmp
toupper
ceilf
wcsncmp
wcsrchr
_purecall
tolower
free
_CxxThrowException
malloc
wcsncpy_s
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memset
realloc
??0exception@@QEAA@XZ
_unlock
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler3

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
LoadStringW
SizeofResource
LoadResource
GetModuleHandleExW
FreeLibraryAndExitThread
FindResourceExW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
CreateMutexExW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateEventW
ResetEvent
SetEvent
OpenEventW
ReleaseMutex
CreateMutexW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
GetCurrentThreadId
TlsGetValue
SetThreadPriority
GetCurrentProcessId
GetCurrentThread
TlsFree
GetCurrentProcess
OpenProcessToken
CreateThread
TerminateProcess
TlsSetValue

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysAllocString
VarUI4FromStr
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantClear
SysAllocStringLen
VariantInit
SysFreeString

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
PropVariantClear
CoDisconnectObject
CoCreateInstance
CoInitializeEx

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
CompareStringOrdinal

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventProviderEnabled
EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-heap-l2-1-0

GlobalFree

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetFileAttributesW
FlushFileBuffers
GetLongPathNameW
CreateFileW
WriteFile
CompareFileTime
FileTimeToLocalFileTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
InitializeConditionVariable
InitOnceBeginInitialize
InitOnceComplete
WakeAllConditionVariable
Sleep

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SetThreadpoolWait
SubmitThreadpoolWork

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx

api-ms-win-core-file-l2-1-0

ReadDirectoryChangesW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpICW
QISearch
StrCmpCW

ntdll

EtwEventWriteTransfer
NtQueryLicenseValue
WinSqmAddToStream
EtwLogTraceEvent
EtwTraceMessage
DbgPrint
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
WinSqmIsOptedInEx
RtlSecondsSince1970ToTime
wcspbrk
_wcsnicmp

api-ms-win-downlevel-shlwapi-l2-1-0

IUnknown_Set
IUnknown_QueryService
IUnknown_SetSite
IUnknown_GetSite

gdi32

DeleteObject
SelectObject
TextOutW
GetDeviceCaps
CreateFontIndirectW
GetObjectA
GetTextExtentPoint32W
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SetTextColor
SetBkMode
CreateSolidBrush
SetBkColor

kernel32

AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
InitializeCriticalSectionEx
CreateThreadpoolTimer
FindFirstFileW
FindNextFileW
FindClose
LocalAlloc
CreateDirectoryW
LocalFree
GetFinalPathNameByHandleW
SetFileInformationByHandle

advapi32

RegGetValueW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegEnumValueW

shlwapi

ord24
ord514
ord538
ord618
ord204
ord172

shell32

ShellExecuteExW
SHCreateItemInKnownFolder
ExtractIconExW
SHParseDisplayName
ord155
ord18
SHBindToObject
ord25
SHGetStockIconInfo

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleCreateStaticFromData
OleDuplicateData
CoGetObject

gdiplus

GdipFillRectangle
GdipDrawLine
GdipDrawLineI
GdipGetDC
GdipReleaseDC
GdipDrawLines
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipMeasureString
GdipDeleteBrush
GdipCreateFromHWND
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipDeleteGraphics
GdipGraphicsClear
GdipCreatePen1
GdipDeletePen
GdipCloneBrush
GdipCreateSolidFill
GdipDeleteFont
GdipDrawImageI
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromGraphics
GdipCreateFromHDC
GdipFree

user32

GetSysColor
AppendMenuW
CreateMenu
DestroyMenu
GetDC
DrawFocusRect
ReleaseDC
InvalidateRect
LoadCursorW
SetMenuItemInfoW
TrackPopupMenuEx
EndPaint
GetSystemMetrics
RemoveMenu
LoadMenuW
DrawTextW
GetFocus
SetCursor
BeginPaint
GetSubMenu

uxtheme

GetThemeColor

framedynos

?GetSYSTEMTIME@WBEMTime@@QEBAHPEAU_SYSTEMTIME@@@Z
??4WBEMTime@@QEAAAEBV0@QEAG@Z

wer

WerpGetStorePath
WerpIsDisabled
WerpOpenMachineQueue
WerpOpenMachineArchive
WerpEnumerateStoreStart
WerpEnumerateStoreNext
WerpGetWerStringData
WerpCloseStore
WerpIsTransportAvailable
WerpDestroyWerString

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
LaunchErcAppW
ShowCEIPDialogW

Sections

.text
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80eaf2c2d135edb4fc663dba01ec8614

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

oleaut32

api-ms-win-core-debug-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

rpcrt4

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

ntdll

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

mobilenetworking

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

23dabdfa04c9eae397e6f604bfb219da

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

ntdll

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 539KB - Virtual size: 538KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 24KB - Virtual size: 23KB

.didat
Size: 1024B - Virtual size: 520B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 20KB - Virtual size: 20KB

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

73:20:e0:b6:3d:7c:59:f4:bb:70:5d:56:96:8d:56:13:5d:3e:c0:c4:e5:3e:cc:ee:f2:80:fb:36:67:ed:4e:04
Signer

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 340B

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

be:00:74:6e:24:67:25:be:9b:b2:14:c8:e8:0c:c2:87:14:a5:91:b4:b2:10:0b:5c:11:7b:75:f7:b4:cc:3d:6f
Signer