_x64__x32__installer__[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

_x64__x32__installer__.zip
Size

37.2MB
MD5

ad61a96cfc9c5e0ccd3d805f035c23f3
SHA1

f3b673dd1dba42f6343a5daab2a5862da62cd1e6
SHA256

f76f082a2a313edc8a3f6a9e3c1a0a99f6867751c2cfe75d5c5a3df08dc1d398
SHA512

ae9bcd1aeda79ed8a48c60e8354fd4ac2ff99b6c02f65acd4701af88b43eae92d2739468b4611708bbe656a325b617b12bf7f113607924079f93440dcd550703
SSDEEP

786432:d+yYLsCtji2s8P3tz7/N4EhnP25ugHOM4gi90roTTXqCwv0MVy/:dWLJjDDPsj4kronXNkbi

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fh/fh.dll
unpack001/fh/gpsvc.dll
unpack001/fh/msftedit.dll
unpack001/rmclient/SEMgrSvc.dll
unpack001/rmclient/SRH.dll
unpack001/rmclient/rilproxy.dll
unpack001/vdsbas/TokenBroker.dll
unpack001/vdsbas/Vault.dll
unpack001/vdsbas/tquery.dll
unpack001/vdsbas/vdsbas.dll
unpack001/winspool/wdmaud.drv
unpack001/winspool/winspool.drv
unpack001/winspool/wvc.dll

Files

_x64__x32__installer__.zip
.zip

Password: 1234
fh/HalExtIntcLpioDMA.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

Code Sign

33:00:00:02:c6:2f:0e:d5:e7:da:67:c4:e2:00:00:00:00:02:c6
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:25

Not After

02/05/2020, 21:25

Subject

CN=Microsoft Windows Hardware Abstraction Layer Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:3a:1b:12:1d:85:dc:1e:2a:1f:d8:9b:21:9e:8f:26:35:60:97:d3:38:eb:98:74:71:16:ca:94:8a:a4:14:a1
Signer

Actual PE Digest

ac:3a:1b:12:1d:85:dc:1e:2a:1f:d8:9b:21:9e:8f:26:35:60:97:d3:38:eb:98:74:71:16:ca:94:8a:a4:14:a1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

HalExtIntcLpioDma.pdb

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 62B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fh/fh.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

73ace4548338a30f949c79e3b8e65377

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

JSPROXY.pdb

Imports

msvcrt

_initterm
__C_specific_handler
_lock
_unlock
free
_amsg_exit
_onexit
memset
__dllonexit
_XcptFilter
_callnewh
malloc
wcstok_s
_wtoi
_vsnwprintf
_wcsnicmp
iswspace
_wcsicmp
wcsstr
wcsrchr
wcscmp

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSizeEx
ReadFile

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessageVa

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

ntdll

RtlIpv6StringToAddressExW
RtlIpv6AddressToStringExW
RtlIpv4StringToAddressExW
RtlIpv4AddressToStringExW
RtlIpv4AddressToStringW
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlGetVersion
RtlNtStatusToDosError

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

InternetDeInitializeAutoProxyDll
InternetDeInitializeAutoProxyDllEx
InternetGetProxyInfo
InternetGetProxyInfoEx
InternetInitializeAutoProxyDll
InternetInitializeAutoProxyDllEx

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fh/gpsvc.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

7a4e440963c17523a1ce8885fb1bfd39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

gpsvc.pdb

Imports

msvcrt

_onexit
__dllonexit
_unlock
memcmp
wcsncmp
?terminate@@YAXXZ
iswdigit
_lock
_initterm
memset
__CxxFrameHandler3
_wtol
??1type_info@@UEAA@XZ
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
wcsstr
??_V@YAXPEAX@Z
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
free
_wcsnicmp
toupper
wcscpy_s
swscanf_s
_wtoi
wcsrchr
wcsnlen
_wcsicmp
_itow_s
wcstoul
strchr
_errno
strtoul
wcschr
_tzset
_time64
_gmtime64
wcsftime
_itow
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA
LoadStringW
FreeLibraryAndExitThread
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

ResetEvent
AcquireSRWLockShared
LeaveCriticalSection
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
SetWaitableTimer
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionEx
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
WaitForMultipleObjectsEx
CreateMutexExW
OpenEventW
DeleteCriticalSection
CreateWaitableTimerExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
SetThreadPriority
GetCurrentProcess
CreateThread
OpenProcessToken
TerminateProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThread
ResumeThread
SetThreadToken
GetCurrentThreadId
SetPriorityClass

api-ms-win-core-localization-l1-2-0

FormatMessageW
FindNLSString

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalReAlloc
GlobalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegGetValueW
RegOpenKeyExW
RegSetKeySecurity
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExA
RegDeleteValueW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegCreateKeyExW
RegGetKeySecurity

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringEx
CompareStringW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
SetProcessMitigationPolicy

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetVersionExW
GetLocalTime
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount
GetSystemTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

rpcrt4

NdrAsyncServerCall
RpcBindingToStringBindingW
RpcStringFreeW
UuidFromStringW
UuidCreate
RpcStringBindingParseW
RpcServerInterfaceGroupClose
UuidToStringW
RpcServerInterfaceGroupCreateW
RpcImpersonateClient
RpcServerInterfaceGroupActivate
RpcServerUnsubscribeForNotification
RpcAsyncCompleteCall
RpcServerSubscribeForNotification
RpcAsyncAbortCall
Ndr64AsyncServerCallAll
RpcServerInterfaceGroupDeactivate
NdrServerCallAll
NdrServerCall2
RpcRevertToSelf
RpcRaiseException

api-ms-win-core-path-l1-1-0

PathCchCombineEx

api-ms-win-core-file-l1-1-0

GetFileSizeEx
FindNextFileW
GetFileAttributesExW
DeleteFileW
SetFileAttributesW
FindFirstFileW
CreateDirectoryW
CreateFileW
ReadFile
SetFilePointer
WriteFile
RemoveDirectoryW
GetFileAttributesW
FindClose

api-ms-win-security-base-l1-1-0

EqualSid
GetTokenInformation
AccessCheckByType
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSidSubAuthority
AddAccessAllowedAceEx
AccessCheck
SetTokenInformation
ImpersonateLoggedOnUser
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetAce
IsValidSid
AddAccessAllowedAce
SetSecurityDescriptorOwner
InitializeAcl
GetLengthSid
FreeSid
CheckTokenMembership
RevertToSelf
SetFileSecurityW
CopySid
DuplicateTokenEx
AllocateAndInitializeSid
SetSecurityDescriptorControl
MapGenericMask
GetSecurityDescriptorDacl
GetSidSubAuthorityCount
IsWellKnownSid
IsValidSecurityDescriptor
CreateWellKnownSid
SetSecurityDescriptorGroup

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode
GetProductInfo

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventProviderEnabled
EventRegister
EventWriteTransfer

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-job-l2-1-0

SetInformationJobObject
TerminateJobObject
CreateJobObjectW
AssignProcessToJobObject

api-ms-win-security-grouppolicy-l1-1-0

RsopLoggingEnabledInternal
LeaveCriticalPolicySectionInternal

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

api-ms-win-security-activedirectoryclient-l1-1-0

DsFreeNameResultW
DsCrackNamesW
DsUnBindW
DsBindWithSpnExW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
UnregisterWaitEx

api-ms-win-core-kernel32-legacy-l1-1-5

SetThreadExecutionState

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
GetComputerNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-heap-obsolete-l1-1-0

LocalFlags

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
GetPrivateProfileIntW
GetProfileIntW

sysntfy

SysNotifyStartServer
SysNotifyStopServer

umpdc

Pdcv2ActivationClientRegister
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientActivate

ntdll

NtDuplicateToken
RtlIpv4AddressToStringW
RtlEqualSid
RtlCrc32
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtOpenFile
NtSetInformationProcess
RtlPublishWnfStateData
RtlAdjustPrivilege
WinSqmSetDWORD
EtwEventUnregister
EtwEventRegister
EtwEventWrite
EtwEventActivityIdControl
NtQueryInformationToken
RtlFreeUnicodeString
RtlInitUnicodeString
RtlConvertSidToUnicodeString
RtlCopySid
RtlLengthSid
RtlNtStatusToDosError
NtClose
NtQueryLicenseValue
EtwEventEnabled
RtlDeriveCapabilitySidsFromName
NtFsControlFile

nlaapi

NlaQueryNetDataEx
NlaGetInternetCapability
NlaRefreshQuery
NlaDeletePluginRequests
NlaAddToPluginRequests
NlaCreatePluginRequests
NlaCloseQuery
NlaRegisterQuery
NlaGetIntranetCapability
NlaDeleteDataSet
NlaQueryNetData
NlaQueryNetSignatures
NlaOpenQuery
NlaAddToTypeSet
NlaCreateTypeSet
NlaDeleteTypeSet

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GenerateRsopPolicy
GroupPolicyClientServiceMain
IsSecureCachingDisabled
ProcessGroupPolicyCompletedExInternal
ProcessGroupPolicyCompletedInternal
RsopAccessCheckByTypeInternal
RsopFileAccessCheckInternal
RsopResetPolicySettingStatusInternal
RsopSetPolicySettingStatusInternal
SvchostPushServiceGlobals

Sections

.text
Size: 783KB - Virtual size: 783KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fh/msftedit.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

3ad9b43610cf02f830e2e8bacdc12b48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msftedit.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsnlen
wcsncmp
strnlen
memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o_free
_o_iswdigit
_o_iswpunct
_o_iswspace
_o_malloc
_o_memcpy_s
_o_pow
_o_qsort
_o_realloc
_o_sqrt
_o_strncpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wmemcpy_s
__CxxFrameHandler3
__std_terminate
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler4
wcschr
wcsstr
__C_specific_handler
memcmp
memcpy

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeExW
CompareStringOrdinal
MultiByteToWideChar
CompareStringEx

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
FreeLibrary
LoadResource
GetModuleFileNameA
GetModuleHandleA
LoadStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW
IsValidCodePage
LocaleNameToLCID
LCMapStringEx
GetSystemDefaultLangID
ResolveLocaleName
GetLocaleInfoEx
GetSystemDefaultLCID
GetThreadLocale
GetUserDefaultLCID

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue
TlsFree
TerminateProcess
TlsAlloc
GetCurrentProcess

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo

oleaut32

SysAllocStringByteLen
SafeArrayGetElement
VariantClear
SysFreeString
VariantInit

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
GetFileType
ReadFile
SetFilePointer

api-ms-win-core-atoms-l1-1-0

FindAtomA

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
CreateSemaphoreExW
InitializeSRWLock
CreateEventW
ResetEvent
DeleteCriticalSection
WaitForSingleObjectEx
SetEvent
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
AcquireSRWLockExclusive
CreateMutexExW
LeaveCriticalSection
CreateEventExW
ReleaseSRWLockShared
EnterCriticalSection
ReleaseSRWLockExclusive
WaitForMultipleObjectsEx

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

ntdll

SbSelectProcedure
WinSqmIncrementDWORD
WinSqmIsOptedIn

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalAlloc
GlobalFree

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalFlags
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalSize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

CreateTextServices
DisableOleinitCheck
DllGetActivationFactory
DllGetVersion
GetMathAlphanumeric
GetMathAlphanumericCode
IID_IRichEditOle
IID_IRichEditOleCallback
IID_IRicheditUiaNotificationOverrides
IID_IRicheditUiaOverrides
IID_IRicheditWindowlessAccessibility
IID_ITextDocument2
IID_ITextHost
IID_ITextHost2
IID_ITextServices
IID_ITextServices2
MathBuildDown
MathBuildUp
MathTranslate
RichEdit10ANSIWndProc
RichEditANSIWndProc
RichEditWndProc
SetCustomTextOutHandlerEx
SetTextServicesDpiCalculationOverride
ShutdownTextServices

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 421KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rmclient/SEMgrSvc.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

23c805044199acd9bb77a74ac08b9b40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SEMgrSvc.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcstoi64
memmove
_o__wtof
_o_free
_o_isalpha
_o_isdigit
_o_islower
_o_isxdigit
_o_malloc
_o_rand
_o_realloc
_o_srand
_o_strtol
_o_terminate
_o_toupper
_o_wcscpy_s
__CxxFrameHandler3
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_type_info_compare
wcschr
strchr
wcsrchr
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
memmove_s
memset
wcscmp
wcsncmp

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
StringFromGUID2
CoRevertToSelf
CoInitializeEx
CoRevokeClassObject
CLSIDFromString
CoCreateInstance
CoDisconnectContext
CoTaskMemFree
CoUninitialize
CoFreeUnusedLibrariesEx
CoTaskMemAlloc
CoGetMalloc
CoImpersonateClient
CoCreateGuid
CoMarshalInterface
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CreateStreamOnHGlobal
CoResumeClassObjects

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameW
FindStringOrdinal
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
SleepConditionVariableSRW
WakeByAddressAll
WaitOnAddress
InitOnceExecuteOnce
WakeAllConditionVariable
InitOnceBeginInitialize
Sleep

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
InitializeCriticalSectionEx
ResetEvent
ReleaseMutex
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseSRWLockShared
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockShared
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateEventExW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsGetStringLen
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsCompareStringOrdinal
WindowsStringHasEmbeddedNull
WindowsCreateString

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
OpenThreadToken
GetCurrentThread
GetCurrentThreadId

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories
RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
RoTransformError
SetRestrictedErrorInfo

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysAllocString

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventUnregister
EventActivityIdControl
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_PropertyW
CM_Unregister_Notification
CM_MapCrToWin32Err
CM_Locate_DevNodeW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Register_Notification
CM_Get_Device_Interface_PropertyW

api-ms-win-security-capability-l1-1-0

CapabilityCheck
RpcClientCapabilityCheck

api-ms-win-service-core-l1-1-4

GetServiceDirectory

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

ntdll

RtlGetDeviceFamilyInfoEnum
RtlGetPersistedStateLocation
NtPowerInformation
RtlNtStatusToDosError
RtlDeriveCapabilitySidsFromName
RtlAllocateHeap
RtlInitializeSRWLock
RtlAllocateWnfSerializationGroup
RtlQueryPackageIdentity
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlFreeHeap
RtlConvertSidToUnicodeString
RtlUnsubscribeWnfStateChangeNotification
RtlPublishWnfStateData
RtlIsMultiUsersInSessionSku
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-kernel32-legacy-l1-1-5

SetThreadExecutionState

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

combase

ord68
ord69
ord67
ord154
ord66

brokerlib

BrSignalBrokerEvent2
BrDeleteBrokerInstance
BrInitializeBrokerInstance2
BrCreateBrokerInstance2

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName

api-ms-win-appmodel-runtime-l1-1-1

GetPackageFullNameFromToken

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

rmclient

RmAcquireResources
RmReleaseResources
RmRegisterResource
RmAccessCheck
RmGetNotification

api-ms-win-security-accesshlpr-l1-1-0

BuildSecurityDescriptorForSharingAccess
FreeTransientObjectSecurityDescriptor

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteTreeW

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
WaitForThreadpoolWaitCallbacks
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolWork
CancelThreadpoolIo
StartThreadpoolIo
WaitForThreadpoolIoCallbacks
CreateThreadpoolWait
SetEventWhenCallbackReturns
SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolIo
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CloseThreadpoolIo

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx
DeviceIoControl

api-ms-win-core-file-l1-1-0

FindNextFileW
ReadFile
DeleteFileW
GetFullPathNameW
FindClose
RemoveDirectoryW
CreateFileW
GetFileSizeEx
CreateDirectoryW
FindFirstFileW
GetFileAttributesW
GetFileTime
CompareFileTime
WriteFile

api-ms-win-security-base-l1-1-0

MapGenericMask
EqualSid
CopySid
GetLengthSid
DestroyPrivateObjectSecurity
IsValidSid
AccessCheck
GetTokenInformation

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathAllocCombine

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

crypt32

CryptStringToBinaryW
CryptBinaryToStringW
CryptProtectData
CryptUnprotectData

rpcrt4

RpcBindingFromStringBindingW
NdrClientCall3
RpcImpersonateClient2
RpcStringFreeW
RpcStringBindingComposeW
RpcRevertToSelfEx
RpcRevertToSelf
RpcImpersonateClient
I_RpcBindingInqLocalClientPID
UuidToStringW
RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
RpcServerInqBindingHandle

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

bcrypt

BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptImportKeyPair
BCryptSignHash
BCryptSetProperty
BCryptExportKey
BCryptGenRandom
BCryptDestroyKey
BCryptCreateHash
BCryptGetProperty
BCryptHashData
BCryptFinishHash
BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptDecrypt
BCryptImportKey

ncrypt

NCryptFreeObject
NCryptCreatePersistedKey
NCryptSetProperty
NCryptExportKey
NCryptFinalizeKey
NCryptDeleteKey
NCryptDecrypt
NCryptOpenKey
NCryptGetProperty
NCryptOpenStorageProvider

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpCW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte

api-ms-win-devices-swdevice-l1-1-1

SwDeviceSetLifetime

api-ms-win-devices-swdevice-l1-1-0

SwDeviceClose
SwDeviceCreate
SwDeviceInterfaceRegister

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

cryptngc

NgcGetKeyAttestationForUserIdKey

api-ms-win-core-bicltapi-l1-1-5

BiQuerySystemStateBroadcastChannels

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DllCanUnloadNow
DllGetClassObject
LaunchModernNfcEventSession
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 601KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rmclient/SRH.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

b0154256ad4fba632240b90e58acf6fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SRH.pdb

Imports

msvcp_win

?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
_Cnd_do_broadcast_at_thread_exit
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?widen@?$ctype@G@std@@QEBAGD@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Random_device@std@@YAIXZ
?_Xruntime_error@std@@YAXPEBD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?uncaught_exception@std@@YA_NXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@HPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
_Mtx_lock
_Mtx_init_in_situ
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
_Mtx_destroy_in_situ
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
_Thrd_detach
_Thrd_id
_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcscspn
wcsspn
wcsncmp
wcscmp
memset
wcspbrk

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
memmove
_o__wtoi
_o_atan2
_o_ceil
_o_floor
_o_fmod
_o_free
_o_iswalpha
_o_iswcntrl
_o_iswlower
_o_iswspace
_o_iswupper
_o_log
_o_malloc
_o_pow
_o_powf
_o_realloc
_o_sqrt
_o_terminate
_o_towlower
_o_towupper
_o_wcstol
_o_wmemcpy_s
__std_type_info_compare
wcschr
__CxxFrameHandler3
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
wcsstr
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

ntdll

RtlFreeHeap
RtlCaptureContext
NtQueryInformationToken
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitUnicodeString
RtlAllocateHeap
WinSqmAddToStream
WinSqmIncrementDWORD
WinSqmSetString
WinSqmSetDWORD
RtlGetDeviceFamilyInfoEnum
NtQueryWnfStateData
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion

oleaut32

VarBstrCmp
SafeArrayUnaccessData
SysFreeString
VariantClear
VarBstrCat
VariantCopy
VariantChangeType
SafeArrayDestroy
SafeArrayAccessData
SysAllocString
SafeArrayUnlock
VariantInit
SafeArrayLock
SysStringLen
SysAllocStringLen
SafeArrayGetVartype
SafeArrayGetUBound
SysStringByteLen
SafeArrayRedim
SafeArrayGetDim
VarCmp
VariantCopyInd
SysAllocStringByteLen
SafeArrayGetLBound
SafeArrayCopy
SafeArrayCreate

bcp47langs

Bcp47GetLanguageName
Bcp47GetNlsForm
Bcp47FromLcid

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
LoadResource
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA
LoadStringW
SizeofResource
GetProcAddress
LockResource
FindResourceExW

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DeleteCriticalSection
InitializeCriticalSectionEx
CreateEventExW
ResetEvent
ReleaseSRWLockShared
OpenMutexW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetEvent
InitializeCriticalSectionAndSpinCount
CancelWaitableTimer
SetWaitableTimer

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapSize
HeapDestroy
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetThreadId
GetExitCodeProcess
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetCurrentProcess
SetProcessShutdownParameters
TerminateProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetUserPreferredUILanguages
GetThreadLocale
LocaleNameToLCID
GetSystemDefaultLCID
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateErrorW

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
StringFromGUID2
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CLSIDFromString
CoWaitForMultipleHandles
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
StringFromCLSID
CoAllowUnmarshalerCLSID
CoIncrementMTAUsage

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

GetStringTypeExW
WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetVersionExW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegCloseKey
RegCreateKeyExW
RegNotifyChangeKeyValue
RegDeleteValueW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegEnumKeyExW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsDuplicateString
WindowsPromoteStringBuffer
WindowsDeleteStringBuffer
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString
WindowsPreallocateStringBuffer

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-console-l1-2-0

AttachConsole
FreeConsole

api-ms-win-core-console-l2-1-0

ReadConsoleOutputW
GetConsoleScreenBufferInfo

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
GlobalAlloc

rpcrt4

UuidCreate

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoOriginateLanguageException

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateWaitableTimerW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
DestroyPrivateObjectSecurity
GetTokenInformation
FreeSid
CheckTokenMembership

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-file-l1-1-0

FindFirstFileW
FindClose

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathRemoveFileSpecW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-kernel32-legacy-l1-1-5

SetThreadExecutionState

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
GetCurrentActCtx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-ntuser-rectangle-l1-1-0

CopyRect
EqualRect
UnionRect
IsRectEmpty
PtInRect
InflateRect

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-crt-math-l1-1-0

_isnan
_finite
acosf
atan2f
ceilf
cosf
floorf
log10f
sqrtf
sinf

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CreateAndEnqueueNarratorCommandEvent
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
ExecuteNarratorFind
GetControlAndState
GetInputLearningHelper
IgnoreLeaksInCurrentlyTrackedMemory
Initialize
IsIgnoringLeaks
PostTestCheckForLeaks
RunNarrator
SetBrailleBlinkingCursor
SetBrailleCursorRepresentation
SetBrailleDeviceChangeFromReg
SetBrailleIsEnabledFromReg
SetBrailleTablesFromReg
SetDictationRunning
SetFastKeyEntryEnabled
SetFollowInsertion
SetReadHints
SetScriptingEnabledFromReg
SetVoicePropertiesFromReg
StartIgnoringLeaks
StopIgnoringLeaks
UpdateErrorLoggingCallback
UpdateNarratorSettingsFromReg

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 602KB - Virtual size: 601KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 497KB - Virtual size: 497KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rmclient/rilproxy.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

bddb3c0fdc4e1abaf87814053b2c07f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rilProxy.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
_o_strcpy_s
__C_specific_handler
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventWrite
EventUnregister
EventRegister

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
CreateEventW
WaitForSingleObject
ResetEvent
EnterCriticalSection
InitializeCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetEvent
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Register_Notification

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile
CreateFileW

api-ms-win-core-io-l1-1-0

CancelIoEx
GetOverlappedResult

cfgmgr32

CM_Get_Device_Interface_List_Size_ExW
CM_Get_Device_Interface_List_ExW

api-ms-win-core-kernel32-legacy-l1-1-0

SetFileCompletionNotificationModes

Exports

Exports

RIL_AddCallForwarding
RIL_AvoidCDMASystem
RIL_CancelGetOperatorList
RIL_CancelSupServiceDataSession
RIL_ChangeCallBarringPassword
RIL_ChangeUiccLockPassword
RIL_CloseUiccLogicalChannel
RIL_CloseUiccLogicalChannelGroup
RIL_DeactivatePerso
RIL_Deinitialize
RIL_DeleteAdditionalNumberString
RIL_DeleteMsg
RIL_DeletePhonebookEntry
RIL_DevSpecific
RIL_Dial
RIL_Dial_V1
RIL_DisableModemFilters
RIL_DisableNotifications
RIL_DrainModemLogs
RIL_EmergencyModeControl
RIL_EnableModemFilters
RIL_EnableNotifications
RIL_EnumerateSlots
RIL_ExchangeUiccAPDU
RIL_GetAllAdditionalNumberStrings
RIL_GetAllEmergencyNumbers
RIL_GetCallBarringStatus
RIL_GetCallForwardingSettings
RIL_GetCallWaitingSettings
RIL_GetCallerIdSettings
RIL_GetCardInfo
RIL_GetCellBroadcastMsgConfig
RIL_GetCurrentRegStatus
RIL_GetDMProfileConfigInfo
RIL_GetDevCaps
RIL_GetDeviceInfo
RIL_GetDialedIdSettings
RIL_GetDriverVersion
RIL_GetEmergencyMode
RIL_GetEquipmentState
RIL_GetExecutorConfig
RIL_GetExecutorFocus
RIL_GetExecutorRFState
RIL_GetHideConnectedIdSettings
RIL_GetHideIdSettings
RIL_GetIMSI
RIL_GetIMSStatus
RIL_GetMsgInUiccStatus
RIL_GetMsgServiceOptions
RIL_GetNotificationFilterState
RIL_GetNumberOfModems
RIL_GetOperatorList
RIL_GetPSMediaConfiguration
RIL_GetPersoDeactivationState
RIL_GetPhonebookOptions
RIL_GetPositionInfo
RIL_GetPreferredOperatorList
RIL_GetRFState
RIL_GetRadioConfiguration
RIL_GetRadioStateDetails
RIL_GetRadioStateGroups
RIL_GetSMSC
RIL_GetSignalQuality
RIL_GetSubscriberNumbers
RIL_GetSystemSelectionPrefs
RIL_GetTerminalCapability
RIL_GetUiccATR
RIL_GetUiccAppPersoCheckState
RIL_GetUiccLockState
RIL_GetUiccPRLID
RIL_GetUiccRecordStatus
RIL_GetUiccServiceLock
RIL_GetUiccServiceState
RIL_GetUiccToolkitProfile
RIL_Initialize
RIL_ManageCalls
RIL_ManageCalls_V1
RIL_ManageCalls_V2
RIL_ManageCalls_V3
RIL_OpenUiccLogicalChannel
RIL_RadioStateGetPasswordRetryCount
RIL_RadioStatePasswordCompare
RIL_ReadMsg
RIL_ReadPhonebookEntries
RIL_RegisterUiccToolkitService
RIL_RemoveCallForwarding
RIL_ResetModem
RIL_SendDTMF
RIL_SendFlash
RIL_SendMsg
RIL_SendMsgAck
RIL_SendMsgAck_V1
RIL_SendRTT
RIL_SendRestrictedUiccCmd
RIL_SendSupServiceData
RIL_SendSupServiceDataResponse
RIL_SendUiccToolkitCmdResponse
RIL_SendUiccToolkitEnvelope
RIL_SetCallBarringStatus
RIL_SetCallForwardingStatus
RIL_SetCallWaitingStatus
RIL_SetCellBroadcastMsgConfig
RIL_SetDMProfileConfigInfo
RIL_SetEquipmentState
RIL_SetExecutorConfig
RIL_SetExecutorFocus
RIL_SetExecutorRFState
RIL_SetGeolocationData
RIL_SetMsgInUiccStatus
RIL_SetMsgMemoryStatus
RIL_SetNotificationFilterState
RIL_SetPSMediaConfiguration
RIL_SetPreferredOperatorList
RIL_SetRFState
RIL_SetRFState_V1
RIL_SetRadioConfiguration
RIL_SetRadioStateDetails
RIL_SetSMSC
RIL_SetSlotPower
RIL_SetSystemSelectionPrefs
RIL_SetSystemSelectionPrefs_V1
RIL_SetTerminalCapability
RIL_SetUiccLockEnabled
RIL_SetUiccServiceState
RIL_SetUiccToolkitProfile
RIL_StartDTMF
RIL_StartModemLogs
RIL_StopDTMF
RIL_StopModemLogs
RIL_UnblockUiccLock
RIL_VerifyUiccLock
RIL_WatchUiccFileChange
RIL_WriteAdditionalNumberString
RIL_WriteMsg
RIL_WritePhonebookEntry

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rmclient/rmclient.dll
.dll windows:10 windows x64 arch:x64

Password: 1234

a3d4661525d47c934f5b10e197a23fc4

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:a5:76:47:b8:3c:63:93:08:0f:43:78:2f:e1:3e:be:24:8e:54:62:3a:51:cb:01:f4:51:a1:40:9b:fb:c7:8f
Signer

Actual PE Digest

71:a5:76:47:b8:3c:63:93:08:0f:43:78:2f:e1:3e:be:24:8e:54:62:3a:51:cb:01:f4:51:a1:40:9b:fb:c7:8f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

RmClient.pdb

Imports

msvcrt

__dllonexit
memcpy
_lock
_XcptFilter
_callnewh
_initterm
free
malloc
__CxxFrameHandler3
_purecall
_amsg_exit
_onexit
_unlock
__C_specific_handler
memcpy_s
memset

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo
RoTransformError
RoOriginateError

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
ReleaseSRWLockExclusive
EnterCriticalSection
SetEvent
CreateEventW
InitializeSRWLock
WaitForSingleObject
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSectionEx
LeaveCriticalSection
AcquireSRWLockExclusive

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

rpcrt4

RpcSsDestroyClientContext
NdrClientCall3
RpcBindingBind
RpcBindingCreateW
I_RpcExceptionFilter
RpcExceptionFilter
RpcBindingFree
I_RpcMapWin32Status

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-appmodel-runtime-l1-1-1

FormatApplicationUserModelId
ParseApplicationUserModelId

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromToken
PsmGetPackageFullNameFromKey
PsmIsDynamicKey
PsmGetApplicationNameFromKey
PsmIsValidKey

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-processthreads-l1-1-3

GetProcessInformation

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

RtlLengthSid
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlValidSid
NtOpenProcessToken
RtlQueryTokenHostIdAsUlong64
NtQueryInformationToken
NtClose
RtlRbRemoveNode
RtlCopySid
RtlNtStatusToDosError
RtlInitializeSRWLock
RtlRbInsertNodeEx
TpAllocWork
TpPostWork
TpWaitForWork
TpReleaseWork
RtlConvertSidToUnicodeString
RtlReleaseSRWLockExclusive
NtQueryInformationProcess
NtQuerySystemInformation
RtlFreeHeap
RtlAllocateHeap
RtlReportException
NtTerminateProcess
RtlAcquireSRWLockExclusive

Exports

Exports

CreateResourceManagerClientProxy
CrmActivityAllocate
CrmActivityFree
CrmActivityFreeWindowClosedReasons
CrmActivityQueryWindowClosedReasons
CrmActivityRenew
CrmActivityRequest
CrmActivityRequestAndWait
CrmActivityStart
CrmActivityStop
CrmActivityWindowClosedReasonSubscribe
CrmActivityWindowClosedReasonUnsubscribe
CrmRegister
CrmSubscribe
CrmUnregister
CrmUnsubscribe
CrmWorkStart
CrmWorkStop
DeleteResourceManagerClientProxy
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
HamAddDependency
HamAddHostDependency
HamCloseActivity
HamCompleteExtendedExecution
HamConnectForDebugging
HamConnectForExtendedExecution
HamConnectForFullTrust
HamConnectForServicing
HamConnectForSessionState
HamConnectForStateChangeNotifications
HamConnectToServer
HamConnectToServerEx
HamCreateActivity
HamCreateActivityEx
HamCreateActivityForProcess
HamCreateAutoRestartActivity
HamCreateExtendedExecution
HamDebugClosePackageHandle
HamDebugModeEnable
HamDebugOpenPackageHandle
HamDebugQueryPackageState
HamDebugSuspendPackage
HamDebugTerminatePackage
HamDisconnectForDebugging
HamDisconnectForExtendedExecution
HamDisconnectForFullTrust
HamDisconnectForServicing
HamDisconnectForSessionState
HamDisconnectForStateChangeNotifications
HamDisconnectFromServer
HamFullTrustClosePackageHandle
HamFullTrustOpenPackageHandle
HamFullTrustTerminatePackage
HamGetApplicationInterruptiveUIState
HamGetApplicationStateForPsmKey
HamGetInterruptiveUIStateForAumid
HamGetPackageInterruptiveUIState
HamHostIdCreateSingleUse
HamHostIdFindOrCreate
HamHostIdInitializeKey
HamHostIdRetrieveDynamicId
HamInitializeActivityAutoRestartProperties
HamInitializeActivityDynamicProperties
HamInitializeStateChangeFlags
HamIsHostBeingDebugged
HamPopulateActivityProperties
HamPopulateActivityPropertiesByClass
HamQueryApplicationUsageInfo
HamQueryCallerTerminateReason
HamQueryPackageUsageInfo
HamQueryTaskCompletionsForTerminateGraph
HamRemoveDependency
HamRemoveHostDependency
HamResetExternalResourcePriority
HamServicingClosePackageHandle
HamServicingEnableServicing
HamServicingOpenPackageHandle
HamServicingQueryActiveAppsInPackage
HamServicingTerminatePackage
HamSessionStateLogoffSession
HamSessionStateLogoffUser
HamSetCommitProperties
HamSetExternalResourcePriority
HamStartActivityAsync
HamStartExtendedExecutionAsync
HamStopActivity
HamTerminateActivityHost
HamTerminateActivityHostEx
HamTerminateHostOnProcessExit
HamTerminateIfSuspendedByProcess
HamTerminateSelf
HamTerminateSelfOnProcessExit
HamTryEstimateRemainingQuiesceTime
HamUpdateActivityProperties
RmAccessCheck
RmAccessCheckOnSelf
RmAcquireResourceSet
RmAcquireResourceSetEx
RmAcquireResources
RmActivityImportanceInitialize
RmActivityImportanceTakeMostImportant
RmApplyResourceSet
RmApplyResourceSetToHost
RmAvailabilityCheck
RmConnectToResourceManager
RmDisconnectFromResourceManager
RmGameModeDisableForRegisteredProcess
RmGameModeDisableForRegisteredProcessById
RmGameModeGetLargestValidResourceRequest
RmGameModeInitializeResourceRequest
RmGameModeReenableForRegisteredProcess
RmGameModeReenableForRegisteredProcessById
RmGameModeRegisterPairedAuxiliaryProcess
RmGameModeRegisterPairedAuxiliaryProcessById
RmGameModeRegisterProcess
RmGameModeRegisterProcessById
RmGameModeUnregisterProcess
RmGameModeUnregisterProcessById
RmGetNotification
RmQueryHostMemoryLimitValues
RmRegisterActivityHostCallbacks
RmRegisterForGameMode
RmRegisterResource
RmReleaseResourceSet
RmReleaseResourceSetEx
RmReleaseResources
RmResourceLimitFlagsInitialize
RmResourceLimitsInitialize
RmResourceSetPropertiesInitialize
RmSetHostLimit
RmUnregisterActivityHost
RmUnregisterActivityHostCallbacks
RmUnregisterForGameMode
RmUpdateResourceSetProperties

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vdsbas/TokenBroker.dll
.dll windows:10 windows x64 arch:x64

adab68b969f5804eb7e1d5618f23e58f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

TokenBroker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__unlock_file
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wsplitpath_s
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_iswspace
_o_malloc
_o_realloc
_o_setvbuf
_o_terminate
_o_tolower
_o_toupper
_o_towlower
_o_ungetc
_o_ungetwc
_o_wcscat_s
_o_wcscpy_s
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__fseeki64
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcscspn

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-security-base-l1-1-0

SetTokenInformation
RevertToSelf
GetSidSubAuthority
MakeAbsoluteSD
FreeSid
AccessCheck
IsWellKnownSid
AllocateAndInitializeSid
CreateWellKnownSid
ImpersonateLoggedOnUser
GetTokenInformation
GetLengthSid
DuplicateTokenEx
InitializeSid
GetSidLengthRequired

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
InitOnceExecuteOnce
Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
TlsSetValue
GetCurrentProcess
InitializeProcThreadAttributeList
OpenProcessToken
GetProcessId
SetThreadToken
CreateProcessAsUserW
TlsFree
TerminateProcess
TlsAlloc
UpdateProcThreadAttribute
GetCurrentThread
GetCurrentThreadId
DeleteProcThreadAttributeList
GetCurrentProcessId
TlsGetValue

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateMutexExW
WaitForMultipleObjectsEx
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared
AcquireSRWLockExclusive
InitializeSRWLock
CreateEventExW
ReleaseSRWLockExclusive
CreateEventW
ReleaseMutex
SetEvent
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsIsStringEmpty
WindowsConcatString
WindowsGetStringLen
WindowsDuplicateString
WindowsDeleteString
WindowsCreateStringReference
WindowsSubstringWithSpecifiedLength
WindowsCompareStringOrdinal

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpool
SubmitThreadpoolWork
CloseThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
CloseThreadpoolTimer
CloseThreadpool
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoRevokeActivationFactories
RoActivateInstance
RoGetActivationFactory
RoUninitialize
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl
EventProviderEnabled
EventWriteTransfer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegGetValueW
RegCreateKeyExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-file-l1-1-0

FindClose
SetFilePointer
WriteFile
CreateDirectoryW
ReadFile
GetFileSizeEx
SetFileInformationByHandle
CompareFileTime
CreateFileW
FindFirstFileW
GetFileTime
FindNextFileW
SetEndOfFile

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoOriginateLanguageException

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

ntdll

RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDeleteResource
RtlNtStatusToDosError
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
NtClose
NtCreateFile
NtQueryWnfStateData
RtlEqualSid
RtlFreeSid
RtlSetEnvironmentVar
RtlIsMultiSessionSku
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlQueryPackageClaims
RtlGetDeviceFamilyInfoEnum
RtlIsMultiUsersInSessionSku
RtlLoadString
DbgPrint
RtlFreeHeap
NtQueryInformationToken
RtlAllocateHeap
wcsnlen
ZwQueryWnfStateData

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

tokenbinding

TokenBindingGenerateIDForUri

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathFileExistsW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord157
ord68
ord66
ord67
ord69
ord90

api-ms-win-appmodel-runtime-l1-1-1

GetPackageFamilyNameFromToken
GetPackageFullNameFromToken

rmclient

RmAccessCheck

msvcp_win

?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Cnd_broadcast
_Query_perf_counter
_Query_perf_frequency
?widen@?$ctype@G@std@@QEBAGD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_current_owns
_Xtime_get_ticks
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Xlength_error@std@@YAXPEBD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Cnd_init_in_situ
_Cnd_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
??Bid@locale@std@@QEAA_KXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
_Cnd_timedwait
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?uncaught_exception@std@@YA_NXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?flags@ios_base@std@@QEBAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?good@ios_base@std@@QEBA_NXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream
CreateRandomAccessStreamOverStream

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

api-ms-win-security-base-private-l1-1-1

CreateAppContainerToken

api-ms-win-appmodel-state-l1-2-0

OpenStateExplicit
GetStateRootFolder
CloseState

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

ServiceMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vdsbas/Vault.dll
.dll windows:10 windows x64 arch:x64

c6e9ce023610e36df2bcf9f84fbc95bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vault.pdb

Imports

msvcrt

__RTDynamicCast
wcscpy_s
memset
memcmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
_vsnwprintf_s
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
tolower
_vsnwprintf
memcpy_s
_vsnprintf_s
memmove_s
?terminate@@YAXXZ
_purecall
__CxxFrameHandler3
??3@YAXPEAX@Z

shell32

ShellExecuteExW
SHParseDisplayName
ord155
ord18
SHBindToObject
ord25

shlwapi

ord158
ord618
ord172
ord176
ord199
ord219
ord156
ord256
ord24
SHStrDupW
ord204
ord174
ord514

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
LoadLibraryExW
GetProcAddress
LoadStringW
GetModuleFileNameW
GetModuleHandleExW

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertFindCertificateInStore
CertAddSerializedElementToStore
CertFreeCertificateChainList
CertSelectCertificateChains
CertOpenSystemStoreW
CertCloseStore

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance

api-ms-win-security-credentials-l1-1-0

CredMarshalCredentialW
CredWriteW
CredGetSessionTypes
CredUnmarshalCredentialW
CredEnumerateW
CredDeleteW
CredFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThread
CreateProcessW
OpenProcessToken
OpenThreadToken
GetCurrentThreadId

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysAllocString
SysFreeString
VariantClear

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetSidSubAuthorityCount
EqualSid
GetSidSubAuthority
InitializeSid
CopySid
GetLengthSid

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSectionEx
WaitForSingleObject
OpenSemaphoreW
InitializeCriticalSection
ReleaseMutex
DeleteCriticalSection
WaitForSingleObjectEx
EnterCriticalSection
ReleaseSemaphore
ReleaseSRWLockExclusive
LeaveCriticalSection
ReleaseSRWLockShared
CreateMutexExW
CreateSemaphoreExW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
CompareFileTime

rpcrt4

RpcStringFreeW
UuidToStringW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

sspicli

LsaLogonUser
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess

userenv

ord211

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

vaultcli

VaultGetItemType
VaultAddItem
VaultGetItem
VaultEnumerateVaults
VaultEnumerateItems
VaultOpenVault
VaultCloseVault
VaultFree
VaultGetInformation
VaultRemoveItem

credui

CredUnPackAuthenticationBufferW
CredUIPromptForWindowsCredentialsW

cryptui

CertSelectionGetSerializedBlob

kernel32

CreateActCtxW
ReleaseActCtx
DeactivateActCtx
ActivateActCtx
LocalSize

ntdll

EtwLogTraceEvent
EtwEventSetInformation
EtwEventRegister
EtwEventUnregister
WinSqmAddToStream
NtAllocateLocallyUniqueId
RtlInitString
EtwEventWriteTransfer
RtlNtStatusToDosError
RtlSubAuthoritySid
RtlInitializeSid
EtwTraceMessage

user32

LoadCursorW
GetFocus
LoadImageW
SetCursor
DestroyIcon

dui70

?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
?AddRef@XProvider@DirectUI@@UEAAKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?GetClassInfoPtr@Expando@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetExpanded@Expandable@DirectUI@@QEAA_NXZ
GetElementDataEntry
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetAccDesc@Element@DirectUI@@QEAAJPEBG@Z
?Release@Value@DirectUI@@QEAAXXZ
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
??1IDataEngine@DirectUI@@UEAA@XZ
??0IDataEngine@DirectUI@@QEAA@XZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
UnInitThread
UnInitProcessPriv
InitThread
InitProcessPriv
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?Register@Element@DirectUI@@SAJXZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?CreateHWND@Combobox@DirectUI@@UEAAPEAUHWND__@@PEAU3@@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?OnAdjustWindowSize@Combobox@DirectUI@@UEAAHHHI@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnHosted@Combobox@DirectUI@@UEAAXPEAVElement@2@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?GetContentSize@Combobox@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?OnInput@Combobox@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnPropertyChanged@Combobox@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
??1Combobox@DirectUI@@UEAA@XZ
??0Combobox@DirectUI@@QEAA@XZ
?GetClassInfoPtr@Combobox@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@Combobox@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?Register@Combobox@DirectUI@@SAJXZ
?OnNotify@Combobox@DirectUI@@UEAA_NI_K_JPEA_J@Z
?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z
?SetAbsorbsShortcut@Element@DirectUI@@QEAAJ_N@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?RemoveLocalValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZ@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHICON__@@_N11@Z
?SetDataEngine@Repeater@DirectUI@@QEAAXPEAUIDataEngine@2@@Z
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
?SetEncodedContentString@Element@DirectUI@@QEAAJPEBG@Z
?GetEncodedContentString@Element@DirectUI@@QEAAJPEAG_K@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetBorderStyle@Element@DirectUI@@QEAAJH@Z
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
??0XProvider@DirectUI@@QEAA@XZ
??1XProvider@DirectUI@@UEAA@XZ
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
??1IDataEntry@DirectUI@@UEAA@XZ
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
??0IDataEntry@DirectUI@@QEAA@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
??0Proxy@DirectUI@@QEAA@XZ
??0Element@DirectUI@@QEAA@XZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
??1Proxy@DirectUI@@UEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
??1Element@DirectUI@@UEAA@XZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vdsbas/tquery.dll
.dll regsvr32 windows:10 windows x64 arch:x64

d6529d4862689a5078952162a13ec6b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

tquery.pdb

Imports

msvcrt

memcpy
_errno
??1type_info@@UEAA@XZ
_onexit
log
realloc
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
wcstol
iswalpha
??0exception@@QEAA@AEBQEBD@Z
_wcsicmp
__dllonexit
wcstoul
wcschr
_unlock
_lock
_wcsnicmp
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
_wcsnset
wcsstr
strchr
towupper
?terminate@@YAXXZ
iswspace
wcsspn
__CxxFrameHandler3
_initterm
calloc
swscanf
iswdigit
wcscspn
_ultow
wcsncpy_s
malloc
swprintf
memmove_s
floor
iswxdigit
wcsncmp
swprintf_s
_itow_s
_amsg_exit
__iob_func
_aligned_free
_aligned_malloc
qsort
__uncaught_exception
free
wcscat_s
wcscpy_s
__C_specific_handler
_vsnprintf_s
_XcptFilter
_wcsupr
memmove
??0exception@@QEAA@AEBV0@@Z
memset
??0exception@@QEAA@XZ
localeconv
strcspn
??1exception@@UEAA@XZ
sprintf_s
abort
_wsetlocale
__crtLCMapStringW
memcpy_s
__crtCompareStringW
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
_ismbblead
___mb_cur_max_func
memcmp
___lc_codepage_func
___lc_handle_func
__pctype_func
setlocale
_vsnwprintf
___lc_collate_cp_func
toupper
_wtol
bsearch
wcsrchr
strncmp
fprintf
_vsnprintf
_ultow_s
strerror
wcscmp

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
FreeLibrary
GetModuleFileNameA
LockResource
GetModuleFileNameW
SizeofResource
GetModuleHandleW
LoadStringW
GetModuleHandleExW
LoadLibraryExW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-1-0

SetWaitableTimerEx
CreateSemaphoreExW
EnterCriticalSection
SetEvent
OpenEventW
CreateEventW
ReleaseSemaphore
InitializeCriticalSection
DeleteCriticalSection
CreateMutexExW
TryAcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex
CreateWaitableTimerExW
ReleaseSRWLockExclusive
LeaveCriticalSection
ResetEvent
AcquireSRWLockExclusive
AcquireSRWLockShared
SleepEx
WaitForMultipleObjectsEx
InitializeSRWLock
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapSetInformation
HeapDestroy
HeapSize
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetErrorMode
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsGetValue
QueueUserAPC
GetPriorityClass
GetProcessId
TerminateProcess
OpenProcessToken
GetCurrentProcessId
TlsSetValue
GetCurrentThreadId
CreateThread
GetCurrentThread
OpenThreadToken
ResumeThread

api-ms-win-core-localization-l1-2-0

LCMapStringEx
ResolveLocaleName
IsValidLocaleName
GetSystemDefaultLCID
GetCalendarInfoW
LocaleNameToLCID
GetLocaleInfoW
GetUserDefaultLangID
GetSystemDefaultLangID
GetLocaleInfoEx
GetNLSVersion
GetUserDefaultLCID
LCMapStringW
IsDBCSLeadByteEx
GetCPInfo
GetSystemPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SafeArrayDestroyDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCreate
SysFreeString
SafeArrayPutElement
SafeArrayDestroy
VariantInit
SysAllocStringLen
LoadTypeLi
SafeArrayAllocData
SafeArrayCopy
SysStringLen
VarR8FromCy
VariantChangeTypeEx
VariantTimeToSystemTime
VarR8FromDec
SysAllocString
VarDecFromR8
VariantCopy
SystemTimeToVariantTime
VariantClear
SysStringByteLen
LoadRegTypeLi
SafeArrayCreateVector
GetErrorInfo
VariantChangeType
SysAllocStringByteLen
SetErrorInfo
VarUI4FromStr

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
SleepConditionVariableSRW
Sleep
InitOnceComplete
WakeAllConditionVariable

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
StringFromGUID2
CoCreateFreeThreadedMarshaler
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemRealloc
CLSIDFromProgID
PropVariantClear
PropVariantCopy
CLSIDFromString
CoTaskMemFree
CoGetMalloc
CoCreateGuid
CreateStreamOnHGlobal
CoGetClassObject

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteKeyExW
RegOpenKeyExW
RegGetValueW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SubmitThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperW

api-ms-win-core-string-l1-1-0

GetStringTypeExW
WideCharToMultiByte
CompareStringW
GetStringTypeW
CompareStringOrdinal
CompareStringEx
MultiByteToWideChar
FoldStringW

ntdll

NtQuerySecurityAttributesToken
RtlFreeHeap
RtlAllocateHeap
RtlCompareUnicodeString
NtClose
EtwEventEnabled
RtlCompareMemory
RtlGetPersistedStateLocation
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlNtStatusToDosError
RtlInitUnicodeString
VerSetConditionMask
RtlIsStateSeparationEnabled
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
EtwEventSetInformation
RtlUpcaseUnicodeChar

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW
lstrlenA

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
FlushViewOfFile
MapViewOfFile
VirtualAlloc
CreateFileMappingW
UnmapViewOfFile
VirtualFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CompareStringA

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetLogicalProcessorInformationEx
GetSystemInfo
GetTickCount
GetVersionExW
GetSystemDirectoryW
GetLocalTime
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
FileTimeToLocalFileTime
GetFileInformationByHandle
GetLogicalDrives
ReadFile
GetFileTime
CreateFileA
DeleteFileW
GetFileAttributesW
DeleteFileA
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
CompareFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
CreateFileW
GetDiskFreeSpaceW
SetEndOfFile
GetFileSize
FlushFileBuffers
WriteFileEx
GetVolumePathNameW
ReadFileEx
GetFileSizeEx
WriteFile

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventWriteTransfer
EventEnabled
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
RevertToSelf
GetAclInformation
SetSecurityDescriptorOwner
GetAce
GetSidSubAuthority
GetSidLengthRequired
CopySid
InitializeSid
ImpersonateLoggedOnUser
IsValidSid
AddAce
GetLengthSid
AddAccessAllowedAce
AccessCheck
SetSecurityDescriptorGroup
EqualSid
GetSecurityDescriptorLength
InitializeAcl
SetFileSecurityW
InitializeSecurityDescriptor
FreeSid
GetTokenInformation

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree
GlobalAlloc

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIW
QISearch
StrStrW
StrStrIW
StrChrW
StrCmpIW

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName
GetSystemDefaultLocaleName

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-namedpipe-l1-1-0

SetNamedPipeHandleState
ImpersonateNamedPipeClient
PeekNamedPipe
TransactNamedPipe
DisconnectNamedPipe
ConnectNamedPipe
GetNamedPipeClientComputerNameW
WaitNamedPipeW
CreateNamedPipeW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
GetSystemPowerStatus
CopyFileA

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-path-l1-1-0

PathCchFindExtension

api-ms-win-core-shlwapi-legacy-l1-1-0

PathStripPathW
PathFileExistsW
PathFindExtensionW
PathIsRootW
PathIsSameRootW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

cryptdll

MD5Init
MD5Final
MD5Update

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-processthreads-l1-1-1

GetThreadTimes

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-job-l2-1-0

CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
SetInformationJobObject

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-shell-namespace-l1-1-0

SHCreateItemFromParsingName

Exports

Exports

??0CDriveInfo@@QEAA@PEBGK@Z
??0CFullPath@@QEAA@PEBG@Z
??0CFullPropSpec@@QEAA@AEBV0@@Z
??0CMemSerStream@@QEAA@PEAEK@Z
??0CPidLookupTable@@QEAA@XZ
??0CUnNormalizer@@QEAA@XZ
??0CiStorage@@QEAA@PEBGKPEAUICiCAdviseStatus@@KH@Z
??0XAct@@QEAA@XZ
??1CAllocStorageVariant@@IEAA@XZ
??1CMemSerStream@@UEAA@XZ
??1CPhysStorage@@UEAA@XZ
??1CPidLookupTable@@QEAA@XZ
??1CiStorage@@UEAA@XZ
?CoTaskAllocator@@3VCCoTaskAllocator@@A
?ContainsDrive@CDriveInfo@@SAHPEBG@Z
?GetBlob@CMemDeSerStream@@UEAAXPEAEK@Z
?GetByte@CMemDeSerStream@@UEAAEXZ
?GetChar@CMemDeSerStream@@UEAAXPEADK@Z
?GetDiskSpace@CDriveInfo@@QEAAXAEA_J0@Z
?GetDouble@CMemDeSerStream@@UEAANXZ
?GetDrive@CDriveInfo@@SAXPEBGPEAG@Z
?GetFloat@CMemDeSerStream@@UEAAMXZ
?GetGUID@CMemDeSerStream@@UEAAXAEAU_GUID@@@Z
?GetLong@CMemDeSerStream@@UEAAJXZ
?GetSectorSize@CDriveInfo@@QEAAKXZ
?GetString@CMemDeSerStream@@UEAAPEADXZ
?GetULong@CMemDeSerStream@@UEAAKXZ
?GetUShort@CMemDeSerStream@@UEAAGXZ
?GetWChar@CMemDeSerStream@@UEAAXPEAGK@Z
?GetWString@CMemDeSerStream@@UEAAPEAGXZ
?Init@CPidLookupTable@@QEAAHPEAVPRcovStorageObj@@@Z
?IsSameDrive@CDriveInfo@@QEAAHPEBG@Z
?IsWriteProtected@CDriveInfo@@QEAAHXZ
?MakePath@CFullPath@@QEAAXPEBG@Z
?PeekULong@CMemDeSerStream@@UEAAKXZ
?PutBlob@CMemSerStream@@UEAAXPEBEK@Z
?PutByte@CMemSerStream@@UEAAXE@Z
?PutChar@CMemSerStream@@UEAAXPEBDK@Z
?PutDouble@CMemSerStream@@UEAAXN@Z
?PutFloat@CMemSerStream@@UEAAXM@Z
?PutGUID@CMemSerStream@@UEAAXAEBU_GUID@@@Z
?PutLong@CMemSerStream@@UEAAXJ@Z
?PutString@CMemSerStream@@UEAAXPEBD@Z
?PutULong@CMemSerStream@@UEAAXK@Z
?PutUShort@CMemSerStream@@UEAAXG@Z
?PutWChar@CMemSerStream@@UEAAXPEBGK@Z
?PutWString@CMemSerStream@@UEAAXPEBG@Z
?QueryPidLookupTable@CiStorage@@QEAAPEAVPRcovStorageObj@@K@Z
?Read@CCiFile@@QEAAXXZ
?ResetType@CAllocStorageVariant@@IEAAXAEAVPMemoryAllocator@@@Z
?SetProperty@CFullPropSpec@@QEAAHPEBG@Z
?SetProperty@CFullPropSpec@@QEAAXK@Z
?SkipBlob@CMemDeSerStream@@UEAAXK@Z
?SkipByte@CMemDeSerStream@@UEAAXXZ
?SkipChar@CMemDeSerStream@@UEAAXK@Z
?SkipDouble@CMemDeSerStream@@UEAAXXZ
?SkipFloat@CMemDeSerStream@@UEAAXXZ
?SkipGUID@CMemDeSerStream@@UEAAXXZ
?SkipLong@CMemDeSerStream@@UEAAXXZ
?SkipULong@CMemDeSerStream@@UEAAXXZ
?SkipUShort@CMemDeSerStream@@UEAAXXZ
?SkipWChar@CMemDeSerStream@@UEAAXK@Z
?UnNormalizeKey@CUnNormalizer@@QEAAXAEBVCKeyBuf@@AEAUtagPROPVARIANT@@PEAGK@Z
AccessDebugTracer
AccessRetailTracer
CIState
CreatePropMapperStorage
CreatePropMapperStorage2
CreateSecurityStoreStorage
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ExceptInitialize
ExternPropagateEventToOpenQueries
ForceMasterMerge
PerfmonClose
PerfmonCollect
PerfmonIDXClose
PerfmonIDXCollect
PerfmonIDXOpen
PerfmonOpen
RetailTracerDisable
RetailTracerEnable
RetailTracerReleaseAll
UseLowFragmentationHeap
ciDelete
ciNew
ciNewNoThrow

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 715KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vdsbas/vdsbas.dll
.dll regsvr32 windows:10 windows x64 arch:x64

29b2409308bba1b82591d9778c77ba9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vdsbas.pdb

Imports

msvcrt

_initterm
_callnewh
memset
memcpy
memcmp
malloc
_XcptFilter
_amsg_exit
wcscmp
free
_ltow
wcsstr
towupper
wcschr
_vsnwprintf
_wcsicmp
__C_specific_handler
_purecall
__CxxFrameHandler3

atl

ord30
ord18
ord57
ord15
ord21
ord16
ord23
ord32

kernel32

GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
SetFilePointerEx
SetFilePointer
WaitForSingleObject
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetSystemTimeAsFileTime
FindFirstVolumeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetModuleHandleW
GetLastError
CloseHandle
GetProcessHeap
GetSystemDirectoryW
QueryDosDeviceW
CreateThread
HeapFree
HeapAlloc
SetLastError
DeviceIoControl
lstrlenW
WriteFile
FindNextVolumeW
FindVolumeClose
CreateFileW
UnhandledExceptionFilter

user32

GetMessageW
PeekMessageW
DefWindowProcW
UnregisterDeviceNotification
PostThreadMessageW
RegisterDeviceNotificationW

ntdll

NtQueryVolumeInformationFile
NtQuerySystemInformation
NtPowerInformation
NtDeviceIoControlFile
RtlAcquireResourceShared
RtlReleaseResource
RtlInitializeResource
RtlAcquireResourceExclusive
RtlConvertExclusiveToShared
RtlDeleteResource
RtlConvertSharedToExclusive

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_Parent

advapi32

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

vdsutil

?Begin@CRtlList@@QEAA?AVCRtlListIter@@XZ
??1CRtlList@@QEAA@XZ
??0CRtlList@@QEAA@P6AXPEAVCRtlEntry@@@Z@Z
RegisterProvider
VdsTraceEx
AddEventSource
UnregisterProvider
RemoveEventSource
VdsHeapFree
??1CRtlMap@@UEAA@XZ
?Uninitialize@CVdsPnPNotificationBase@@QEAAXXZ
?Begin@CRtlMap@@QEAA?AVCRtlMapIter@@XZ
?RemoveAll@CRtlMap@@QEAAXH@Z
?Uninitialize@CVdsAsyncObjectBase@@SAXXZ
?GetEntryPointer@CRtlListIter@@QEAAPEAXXZ
?Next@CRtlMapIter@@QEAAAEAV1@XZ
GetInterfaceDetailData
OpenDevice
GetDeviceName
VdsHeapAlloc
?Insert@CRtlMap@@QEAAHAEAVCRtlEntry@@0@Z
?Remove@CRtlMap@@QEAAHAEAVCRtlEntry@@@Z
VdsTraceExW
?InsertUnique@CRtlMap@@QEAAHAEAVCRtlEntry@@0@Z
VdsTraceW
GetDiskLayout
BacksBootVolume
BootBackedByWim
GetRegistryValue
?Find@CRtlMap@@QEAAHAEAVCRtlEntry@@PEAV2@@Z
?Append@CPrvEnumObject@@QEAAJPEAUIUnknown@@@Z
?Reset@CPrvEnumObject@@UEAAJXZ
IsWinPE
GetFMIFSQueryDeviceInfo
GetFMIFSQueryDeviceInfoByHandle
?Initialize@CVdsPnPNotificationBase@@QEAAKXZ
?Initialize@CVdsAsyncObjectBase@@SAKXZ
GetDeviceAndMediaType
?RegisterHandle@CVdsPnPNotificationBase@@QEAAKPEAXPEAPEAX@Z
?UnregisterHandle@CVdsPnPNotificationBase@@QEAAXPEAX@Z
IsVdsLoggingEnabled
?InsertTailPointer@CRtlList@@QEAAHPEAX@Z
?Remove@CRtlList@@QEAAXAEAVCRtlListIter@@@Z
?Next@CPrvEnumObject@@UEAAJKPEAPEAUIUnknown@@PEAK@Z
?Skip@CPrvEnumObject@@UEAAJK@Z
?End@CRtlList@@QEAA?AVCRtlListIter@@XZ
??0CVdsAsyncObjectBase@@QEAA@XZ
??1CVdsAsyncObjectBase@@QEAA@XZ
QueryObjects
?SetCompletionStatus@CVdsAsyncObjectBase@@QEAAXJK@Z
?Signal@CVdsAsyncObjectBase@@QEAAXXZ
SetDiskLayout
GuidToString
?QueryStatus@CVdsAsyncObjectBase@@UEAAJPEAJPEAK@Z
GetVolumeDiskExtentInfo
GetDeviceManufacturerInfo
IsMediaPresent
GetMediaGeometryEx
GetStorageAccessAlignmentProperty
CreateDeviceInfoSet
GetDeviceId
GetDeviceRegistryPropertyByInfo
VdsAllocateEmptyString
GetDeviceRegistryPropertyByInst
GetDeviceLocationEx
GetDeviceNumber
VdsDoesDiskHaveArcPath
IsDiskClustered
GetDiskFlags
GetDiskOfflineReason
IsDiskReadOnly
IsDiskCurrentStateReadOnly
GetBootFromDiskNumber
GetBootDiskNumber
?InsertPointer@CRtlList@@QEAAHAEAVCRtlListIter@@PEAX@Z
??4CRtlList@@QEAAAEAV0@AEAV0@@Z
IsRamDrive
?Register@CVdsPnPNotificationBase@@QEAAKPEAU_NotificationListeningRequest@@K@Z
GetDefaultAlignment
LockDismountVolume
WriteBootCode
GetPartitionInformation
IsClientSKU
GetDiskRedundancyCount
GetMediaGeometry
VdsAllocateString
GetDiskIdentifiers
?WaitImpl@CVdsAsyncObjectBase@@QEAAJPEAJ@Z
InitializeRundownProtection
WaitForRundownProtectionRelease
?Unregister@CVdsPnPNotificationBase@@QEAAXPEAU_NotificationListeningRequest@@@Z
AcquireRundownProtection
ReleaseRundownProtection
LogError
LogWarning
?GetEntry@CRtlListIter@@QEAAPEAVCRtlEntry@@XZ
?Next@CRtlListIter@@QEAAAEAV1@XZ
?Prev@CRtlListIter@@QEAAAEAV1@XZ
??0CVdsCallTracer@@QEAA@KPEBD@Z
??1CVdsCallTracer@@QEAA@XZ
??0CRtlMap@@QEAA@KP6AXPEAVCRtlEntry@@@Z1@Z
?Clone@CPrvEnumObject@@UEAAJPEAPEAUIEnumVdsObject@@@Z
?RemoveAll@CRtlList@@QEAAXXZ

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc

Exports

Exports

??0?$CVdsHandleImpl@$0?0@@QEAA@XZ
??0?$CVdsHandleImpl@$0A@@@QEAA@XZ
??0?$CVdsHeapPtr@E@@QEAA@XZ
??0?$CVdsHeapPtr@G@@QEAA@XZ
??0?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??0?$CVdsPtr@E@@QEAA@XZ
??0?$CVdsPtr@G@@QEAA@XZ
??0?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??0?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??0CPrvEnumObject@@QEAA@XZ
??0CRtlSharedLock@@QEAA@XZ
??0CVdsCriticalSection@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??0CVdsPnPNotificationBase@@QEAA@XZ
??0CVdsUnlockIt@@QEAA@AEAJ@Z
??1?$CVdsHandleImpl@$0?0@@QEAA@XZ
??1?$CVdsHandleImpl@$0A@@@QEAA@XZ
??1?$CVdsHeapPtr@E@@QEAA@XZ
??1?$CVdsHeapPtr@G@@QEAA@XZ
??1?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??1?$CVdsPtr@E@@QEAA@XZ
??1?$CVdsPtr@G@@QEAA@XZ
??1?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??1?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??1CPrvEnumObject@@QEAA@XZ
??1CRtlSharedLock@@QEAA@XZ
??1CVdsCriticalSection@@QEAA@XZ
??1CVdsPnPNotificationBase@@QEAA@XZ
??1CVdsUnlockIt@@QEAA@XZ
??4?$CVdsHandleImpl@$0A@@@QEAAPEAXPEAX@Z
??4?$CVdsHeapPtr@E@@QEAAPEAEPEAE@Z
??4?$CVdsHeapPtr@G@@QEAAPEAGPEAG@Z
??4?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAAPEAU_AUCTION_THREAD_PARAMETER@@PEAU1@@Z
??4?$CVdsHeapPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAPEAU_VDS_DRIVE_LAYOUT_INFORMATION_EX@@PEAU1@@Z
??8?$CVdsHandleImpl@$0A@@@QEBA_NPEAX@Z
??8?$CVdsPtr@E@@QEBA_NPEAE@Z
??8?$CVdsPtr@G@@QEBA_NPEAG@Z
??8?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBA_NPEAU_AUCTION_THREAD_PARAMETER@@@Z
??9?$CVdsPtr@E@@QEBA_NPEAE@Z
??B?$CVdsHandleImpl@$0?0@@QEAAPEAXXZ
??B?$CVdsPtr@E@@QEBAPEAEXZ
??B?$CVdsPtr@G@@QEBAPEAGXZ
??B?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBAPEAU_AUCTION_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEBAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??B?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QEBAPEAU_VDS_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??C?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBAPEAU_AUCTION_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEBAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??C?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QEBAPEAU_VDS_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??I?$CVdsHandleImpl@$0?0@@QEAAPEAPEAXXZ
??I?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAPEAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??I?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAPEAPEAU_VDS_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??_FCRtlList@@QEAAXXZ
??_FCRtlMap@@QEAAXXZ
?AcquireRead@CRtlSharedLock@@AEAAXXZ
?AcquireWrite@CRtlSharedLock@@AEAAXXZ
?AllowCancel@CVdsAsyncObjectBase@@QEAAXXZ
?Attach@?$CVdsPtr@G@@QEAAXPEAG@Z
?Attach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAXPEAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
?Attach@?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAXPEAU_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@Z
?Close@?$CVdsHandleImpl@$0?0@@QEAAXXZ
?CurrentThreadIsWriter@CRtlSharedLock@@QEAAHXZ
?Detach@?$CVdsHandleImpl@$0?0@@QEAAPEAXXZ
?Detach@?$CVdsPtr@G@@QEAAPEAGXZ
?Detach@?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAAPEAU_AUCTION_THREAD_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
?Detach@?$CVdsPtr@U_VDS_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAPEAU_VDS_DRIVE_LAYOUT_INFORMATION_EX@@XZ
?DisallowCancel@CVdsAsyncObjectBase@@QEAAXXZ
?Downgrade@CRtlSharedLock@@AEAAXXZ
?GetOutputType@CVdsAsyncObjectBase@@QEAA?AW4_VDS_ASYNC_OUTPUT_TYPE@@XZ
?IsCancelRequested@CVdsAsyncObjectBase@@QEAAHXZ
?Release@CRtlSharedLock@@AEAAXXZ
?SetOutput@CVdsAsyncObjectBase@@QEAAXU_VDS_ASYNC_OUTPUT@@@Z
?SetOutputType@CVdsAsyncObjectBase@@QEAAXW4_VDS_ASYNC_OUTPUT_TYPE@@@Z
?SetPositionToLast@CPrvEnumObject@@QEAAXXZ
?Upgrade@CRtlSharedLock@@AEAAXXZ
?ZeroAsyncOut@CVdsAsyncObjectBase@@QEAAXXZ
?m_ExtraLogging@CVdsTraceSettings@@QEAAHXZ
?m_NoDebuggerLogging@CVdsTraceSettings@@QEAAHXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winspool/wdmaud.drv
.dll windows:10 windows x64 arch:x64

c90b841c218cfa9cf738e573fb44076a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wdmaud.pdb

Imports

msvcrt

?terminate@@YAXXZ
_CxxThrowException
log10f
_initterm
sqrt
??1type_info@@UEAA@XZ
_amsg_exit
_XcptFilter
memcpy
log10
malloc
_unlock
log
__dllonexit
realloc
_resetstkoflw
memset
_onexit
pow
memcpy_s
memmove_s
free
sin
_wcsicmp
powf
_purecall
calloc
_lock
__C_specific_handler
__CxxFrameHandler3
wcsncmp
_vsnwprintf
_beginthreadex
_errno
wcscmp

mmdevapi

ord5
ord3
ord2
ord14

ksuser

KsCreatePin

ntdll

NtQueryInformationToken
RtlInitUnicodeString
RtlAllocateHeap
RtlFreeHeap
RtlCompareUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosErrorNoTeb

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
PropVariantClear

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-mm-misc-l1-1-0

DefDriverProc
DriverCallback

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
GetProcessHeap
HeapFree
HeapDestroy
HeapAlloc

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
WaitForMultipleObjectsEx
ReleaseMutex
OpenSemaphoreW
SetEvent
CreateMutexW
CreateMutexExW
WaitForSingleObject
CreateEventW
CreateSemaphoreExW
ResetEvent
CreateEventA
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
LoadStringW
FindResourceExW
LoadResource
LockResource
SizeofResource

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
CreateThread
SetThreadPriority
GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-handle-l1-1-0

SetHandleInformation
CloseHandle

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-mm-time-l1-1-0

timeGetTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-file-l1-1-0

CreateFileW
SetFilePointerEx
ReadFile

api-ms-win-core-wow64-l1-1-0

IsWow64Process
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageInfo

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-localization-l1-2-0

FormatMessageW

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority
AvQuerySystemResponsiveness
AvSetMmThreadCharacteristicsA

Exports

Exports

DriverProc
midMessage
modMessage
mxdMessage
widMessage
wodMessage

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winspool/winspool.drv
.dll windows:10 windows x64 arch:x64

09ef30731fdc97992b0f61e0f0555337

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

winspool.pdb

Imports

msvcrt

iswprint
wcsncpy_s
wcspbrk
_wcsdup
memmove_s
wcsrchr
free
_stricmp
wcstok_s
_wcsnicmp
malloc
_callnewh
memset
memmove
memcpy
memcmp
wcsstr
wcschr
_purecall
wcstoul
_wsplitpath_s
_wmakepath_s
__C_specific_handler
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
swprintf_s
__dllonexit
_onexit
__CxxFrameHandler3
sqrt
_wcslwr
_wcsicmp
memcpy_s
_vsnwprintf
wcsncmp
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetModuleFileNameA
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
LoadStringW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateEventW
WaitForSingleObjectEx
CreateMutexW
ResetEvent
ReleaseSRWLockShared
ReleaseSRWLockExclusive
WaitForSingleObject
ReleaseSemaphore
AcquireSRWLockExclusive
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
CreateMutexExW
DeleteCriticalSection
LeaveCriticalSection
SetEvent
InitializeCriticalSectionEx
OpenSemaphoreW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapCreate
HeapAlloc
HeapValidate
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetProcessTimes
OpenThreadToken
GetCurrentProcessId
CreateProcessAsUserW
CreateProcessW
CreateThread
TlsSetValue
SetThreadToken
ProcessIdToSessionId
TerminateProcess
GetCurrentThreadId
GetExitCodeProcess
TlsFree
TlsAlloc
TlsGetValue
OpenProcessToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegOpenCurrentUser
RegCloseKey
RegCreateKeyExW
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
ActivateActCtx
CreateActCtxW
ReleaseActCtx

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
Sleep

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
VirtualFree
VirtualAlloc

api-ms-win-core-file-l1-1-0

GetFileAttributesW
RemoveDirectoryW
CreateFileW
WriteFile
SetFileAttributesW
CreateDirectoryW
GetFileType
FindFirstFileW
GetFullPathNameW
DeleteFileW
GetFileSize
SetFilePointer
ReadFile
GetTempFileNameW
FindClose
FindNextFileW
SetEndOfFile

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount64
GetSystemDirectoryW
GetSystemInfo
GetTickCount
GetSystemWindowsDirectoryW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-security-base-l1-1-0

RevertToSelf
GetSidSubAuthorityCount
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSidSubAuthority
CopySid
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorSacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
GetSecurityDescriptorLength
MakeSelfRelativeSD
SetSecurityDescriptorGroup
GetLengthSid
GetTokenInformation
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetCurrentDirectoryW
SetCurrentDirectoryW

api-ms-win-core-kernel32-legacy-l1-1-0

DnsHostnameToComputerNameW
GetComputerNameW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

RtlValidRelativeSecurityDescriptor
RtlIsThreadWithinLoaderCallout
NtOpenThreadToken
NtClose
NtSetInformationThread
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
EtwEventRegister
EtwEventUnregister
RtlNtStatusToDosError
EtwEventWrite
WinSqmIsOptedIn
WinSqmAddToStreamEx
EtwEventWriteTransfer
NtFsControlFile
EtwEventSetInformation
RtlGetVersion
ZwQueryWnfStateData
EtwTraceMessage
EtwEventEnabled

api-ms-win-security-activedirectoryclient-l1-1-0

DsCrackNamesW
DsFreeNameResultW
DsBindWithSpnExW
DsUnBindW

kernel32

InitializeCriticalSection

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ADVANCEDSETUPDIALOG
AbortPrinter
AddFormA
AddFormW
AddJobA
AddJobW
AddMonitorA
AddMonitorW
AddPortA
AddPortExA
AddPortExW
AddPortW
AddPrintProcessorA
AddPrintProcessorW
AddPrintProvidorA
AddPrintProvidorW
AddPrinterA
AddPrinterConnection2A
AddPrinterConnection2W
AddPrinterConnectionA
AddPrinterConnectionW
AddPrinterDriverA
AddPrinterDriverExA
AddPrinterDriverExW
AddPrinterDriverW
AddPrinterW
AdvancedDocumentPropertiesA
AdvancedDocumentPropertiesW
AdvancedSetupDialog
ClosePrinter
CloseSpoolFileHandle
CommitSpoolData
ConfigurePortA
ConfigurePortW
ConnectToPrinterDlg
ConvertAnsiDevModeToUnicodeDevmode
ConvertUnicodeDevModeToAnsiDevmode
CorePrinterDriverInstalledA
CorePrinterDriverInstalledW
CreatePrintAsyncNotifyChannel
CreatePrinterIC
DEVICECAPABILITIES
DEVICEMODE
DeleteFormA
DeleteFormW
DeleteJobNamedProperty
DeleteMonitorA
DeleteMonitorW
DeletePortA
DeletePortW
DeletePrintProcessorA
DeletePrintProcessorW
DeletePrintProvidorA
DeletePrintProvidorW
DeletePrinter
DeletePrinterConnectionA
DeletePrinterConnectionW
DeletePrinterDataA
DeletePrinterDataExA
DeletePrinterDataExW
DeletePrinterDataW
DeletePrinterDriverA
DeletePrinterDriverExA
DeletePrinterDriverExW
DeletePrinterDriverPackageA
DeletePrinterDriverPackageW
DeletePrinterDriverW
DeletePrinterIC
DeletePrinterKeyA
DeletePrinterKeyW
DevQueryPrint
DevQueryPrintEx
DeviceCapabilities
DeviceCapabilitiesA
DeviceCapabilitiesW
DeviceMode
DevicePropertySheets
DocumentEvent
DocumentPropertiesA
DocumentPropertiesW
DocumentPropertySheets
EXTDEVICEMODE
EndDocPrinter
EndPagePrinter
EnumFormsA
EnumFormsW
EnumJobNamedProperties
EnumJobsA
EnumJobsW
EnumMonitorsA
EnumMonitorsW
EnumPortsA
EnumPortsW
EnumPrintProcessorDatatypesA
EnumPrintProcessorDatatypesW
EnumPrintProcessorsA
EnumPrintProcessorsW
EnumPrinterDataA
EnumPrinterDataExA
EnumPrinterDataExW
EnumPrinterDataW
EnumPrinterDriversA
EnumPrinterDriversW
EnumPrinterKeyA
EnumPrinterKeyW
EnumPrintersA
EnumPrintersW
ExtDeviceMode
FindClosePrinterChangeNotification
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FlushPrinter
FreePrintNamedPropertyArray
FreePrintPropertyValue
FreePrinterNotifyInfo
GetCorePrinterDriversA
GetCorePrinterDriversW
GetDefaultPrinterA
GetDefaultPrinterW
GetFormA
GetFormW
GetJobA
GetJobNamedPropertyValue
GetJobW
GetPrintExecutionData
GetPrintOutputInfo
GetPrintProcessorDirectoryA
GetPrintProcessorDirectoryW
GetPrinterA
GetPrinterDataA
GetPrinterDataExA
GetPrinterDataExW
GetPrinterDataW
GetPrinterDriver2A
GetPrinterDriver2W
GetPrinterDriverA
GetPrinterDriverDirectoryA
GetPrinterDriverDirectoryW
GetPrinterDriverPackagePathA
GetPrinterDriverPackagePathW
GetPrinterDriverW
GetPrinterW
GetSpoolFileHandle
InstallPrinterDriverFromPackageA
InstallPrinterDriverFromPackageW
IsValidDevmodeA
IsValidDevmodeW
OpenPrinter2A
OpenPrinter2W
OpenPrinterA
OpenPrinterW
PerfClose
PerfCollect
PerfOpen
PlayGdiScriptOnPrinterIC
PrinterMessageBoxA
PrinterMessageBoxW
PrinterProperties
QueryColorProfile
QueryRemoteFonts
QuerySpoolMode
ReadPrinter
RegisterForPrintAsyncNotifications
ReportJobProcessingProgress
ResetPrinterA
ResetPrinterW
ScheduleJob
SeekPrinter
SetDefaultPrinterA
SetDefaultPrinterW
SetFormA
SetFormW
SetJobA
SetJobNamedProperty
SetJobW
SetPortA
SetPortW
SetPrinterA
SetPrinterDataA
SetPrinterDataExA
SetPrinterDataExW
SetPrinterDataW
SetPrinterW
SetSplwow64AppCompat
SplDriverUnloadComplete
SpoolerDevQueryPrintW
SpoolerPrinterEvent
StartDocDlgA
StartDocDlgW
StartDocPrinterA
StartDocPrinterW
StartPagePrinter
UnRegisterForPrintAsyncNotifications
UploadPrinterDriverPackageA
UploadPrinterDriverPackageW
WaitForPrinterChange
WritePrinter
XcvDataW

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winspool/wvc.dll
.dll regsvr32 windows:10 windows x64 arch:x64

f4e975b694deecd2ac58af812988eb82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wvc.pdb

Imports

mfc42u

ord624
ord1284
ord1262
ord1126
ord1287
ord1286
ord4473
ord626
ord1040

msvcrt

wcsncmp
_wtol
sin
pow
memset
memmove
memcmp
log
floor
cos
ceil
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
wcsstr
_clearfp
wcstod
_vsnwprintf
_wtoi
wcsrchr
?name@type_info@@QEBAPEBDXZ
_wcsicmp
malloc
free
_purecall
realloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
atan2
sqrt

atl

ord45
ord44
ord43
ord27
ord30
ord21
ord22
ord16
ord15
ord32
ord23
ord18
ord26
ord58
ord31

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
CloseHandle
CreateFileW
WriteFile
GetNumberFormatW
GetCurrencyFormatW
GetLocaleInfoW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
Sleep
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
LoadLibraryExA
GetCurrentProcess
VirtualFree
LocalFree
FileTimeToSystemTime
GetModuleFileNameW
GetModuleHandleW
GetVersionExW
MulDiv
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
VirtualQuery
GlobalUnlock
DeleteCriticalSection
GlobalLock
GetProcAddress
GetSystemInfo
GlobalAlloc
InitializeCriticalSection
LeaveCriticalSection
VirtualAlloc
EnterCriticalSection
VirtualProtect
RtlVirtualUnwind
GetTimeFormatW
SetLastError
SystemTimeToFileTime
GetDateFormatW

ole32

CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
CoGetMalloc
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemFree

oleaut32

VarDateFromStr
SystemTimeToVariantTime
LHashValOfNameSys
VariantClear
SysStringLen
OleCreatePropertyFrame
SysFreeString
LoadRegTypeLi
SetErrorInfo
CreateErrorInfo
VariantInit
VariantChangeType
SysAllocString
VariantCopy
SafeArrayCreateVector
SafeArrayUnaccessData
VariantTimeToSystemTime
VariantChangeTypeEx
SafeArrayCopy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
VariantCopyInd
SysAllocStringLen
SafeArrayCreate
SafeArrayPutElement
SafeArrayAccessData

user32

SetWindowPos
EqualRect
SetWindowLongPtrW
SetWindowRgn
UnionRect
GetWindowLongPtrW
ShowWindow
IsWindow
GetFocus
DestroyAcceleratorTable
IsChild
IntersectRect
SetFocus
PtInRect
InvalidateRect
DestroyWindow
CallWindowProcW
GetKeyState
DefWindowProcW
GetDC
ReleaseDC
LoadStringW
SystemParametersInfoW
GetSysColor
InvalidateRgn
IsRectEmpty
SetRectEmpty
CopyRect
DestroyCaret
EnableWindow
EndPaint
GetClientRect
BeginPaint
GetUpdateRgn
SetTimer
ScreenToClient
GetWindowRect
KillTimer
TrackPopupMenuEx
DestroyMenu
GetSubMenu
LoadMenuW
FillRect
ClientToScreen
SetRect
OffsetRect
CreateWindowExW

advapi32

TraceEvent
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

gdi32

GdiFlush
CreateDIBSection
BitBlt
GetRgnBox
CreateCompatibleDC
CreateCompatibleBitmap
DPtoLP
PtVisible
CreateRectRgn
PatBlt
MoveToEx
LineTo
Polygon
SetBkColor
CreateSolidBrush
Polyline
Ellipse
Arc
ExtTextOutW
CombineRgn
LPtoDP
SetBkMode
RestoreDC
SetViewportOrgEx
DeleteDC
GetDeviceCaps
SetWindowExtEx
CreateRectRgnIndirect
SetWindowOrgEx
CloseMetaFile
SaveDC
GetObjectType
SelectPalette
RealizePalette
SelectObject
GetStockObject
SetTextColor
GetTextFaceW
GetTextMetricsW
GetOutlineTextMetricsW
GetTextExtentExPointW
GetCharWidthW
DeleteMetaFile
GetMapMode
SetMapMode
Escape
GetClipBox
IntersectClipRect
SelectClipRgn
SetViewportExtEx
SetTextAlign
GetWindowOrgEx
DeleteObject
CreateBrushIndirect
ExtCreatePen
CreatePenIndirect
CreateFontIndirectW
SetRectRgn
CreateMetaFileW

msimg32

AlphaBlend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__installer__v2.0.6.msi
.msi

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

Code Sign

33:00:00:02:c6:2f:0e:d5:e7:da:67:c4:e2:00:00:00:00:02:c6Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

ac:3a:1b:12:1d:85:dc:1e:2a:1f:d8:9b:21:9e:8f:26:35:60:97:d3:38:eb:98:74:71:16:ca:94:8a:a4:14:a1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 1024B - Virtual size: 1008B

.data Size: 512B - Virtual size: 248B

.pdata Size: 512B - Virtual size: 252B

.00cfg Size: 512B - Virtual size: 16B

.edata Size: 512B - Virtual size: 62B

INIT Size: 512B - Virtual size: 54B

GFIDS Size: 512B - Virtual size: 56B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 112B

Password: 1234

73ace4548338a30f949c79e3b8e65377

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-file-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-datetime-l1-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 34KB

.wpp_sf Size: 1KB - Virtual size: 1KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 192B

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 512B - Virtual size: 204B

Password: 1234

7a4e440963c17523a1ce8885fb1bfd39

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

33:00:00:02:c6:2f:0e:d5:e7:da:67:c4:e2:00:00:00:00:02:c6
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

ac:3a:1b:12:1d:85:dc:1e:2a:1f:d8:9b:21:9e:8f:26:35:60:97:d3:38:eb:98:74:71:16:ca:94:8a:a4:14:a1
Signer

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 1024B - Virtual size: 1008B

.data
Size: 512B - Virtual size: 248B

.pdata
Size: 512B - Virtual size: 252B

.00cfg
Size: 512B - Virtual size: 16B

.edata
Size: 512B - Virtual size: 62B

INIT
Size: 512B - Virtual size: 54B

GFIDS
Size: 512B - Virtual size: 56B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 112B

.text
Size: 34KB - Virtual size: 34KB

.wpp_sf
Size: 1KB - Virtual size: 1KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 192B

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 512B - Virtual size: 204B

.text
Size: 783KB - Virtual size: 783KB

.rdata
Size: 437KB - Virtual size: 437KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 21KB - Virtual size: 21KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 53KB - Virtual size: 52KB

.reloc
Size: 2KB - Virtual size: 1KB