x64~x32~installer___[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

x64~x32~installer___.zip
Size

32.2MB
MD5

92d98f1bcc795ed46b7a2df753423637
SHA1

6bdeb3040d00e8c52c20cc1bbd047e4349f712d4
SHA256

e59265f60d7a1fc4287a76b7796f7e13709a181cc730531a611b192c83b73ad9
SHA512

8a8d16f07eb8d0db3ba978f463a132f222e43d694b170b104a764d572f23d13770c97024fbd557232589c9fba1af0bc0dfc72fd165c8d3c8bed9931d55ffc9d4
SSDEEP

786432:G32iNI4pfPQlxFk6XZrcfcsrmL6qivoCrbAIPiFrjzJVySh:ldJrsA6nXAIP8fFvh

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AppVManifest/AdmTmpl.dll
unpack001/AppVManifest/gamemode.dll
unpack001/archiveint/archiveint.dll
unpack001/archiveint/pku2u.dll
unpack001/mf/RpcNs4.dll
unpack001/mf/efsadu.dll
unpack001/mf/hotplug.dll
unpack001/mtxclu/imapi.dll
unpack001/mtxclu/itircl.dll
unpack001/mtxclu/mtxclu.dll
unpack001/mtxclu/nlhtml.dll

Files

x64~x32~installer___.zip
.zip

Password: 689726
AppVManifest/AdmTmpl.dll
.dll windows:10 windows x64 arch:x64

Password: 689726

8e9ebc56a81add3ad5dd49789500f3a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AdmTmpl.pdb

Imports

msvcrt

wcstoul
__CxxFrameHandler3
__RTDynamicCast
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
??0exception@@QEAA@AEBQEBD@Z
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
_callnewh
wcsrchr
_itow
wcschr
__C_specific_handler
_vsnwprintf
_purecall
wcsnlen
_wtoi
_wtoi64
memset

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalReAlloc
GlobalFree
LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

FindClose
GetFileAttributesW
WriteFile
GetFileAttributesExW
FindFirstFileW
CreateDirectoryW
CompareFileTime
FileTimeToLocalFileTime
ReadFile
FindNextFileW
GetFileSize
SetFilePointer
CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

GetUserDefaultLangID
GetFileMUIPath
GetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibraryAndExitThread
FindResourceExW
LoadStringW
LoadResource
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
LockResource

api-ms-win-core-synch-l1-1-0

ResetEvent
EnterCriticalSection
SetEvent
InitializeCriticalSectionEx
CreateEventW
InitializeCriticalSection
WaitForSingleObject
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
DebugBreak

oleaut32

SysStringLen
SysFreeString
SysAllocString

api-ms-win-security-base-l1-1-0

GetLengthSid
AddAccessAllowedAce
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
AllocateAndInitializeSid
FreeSid

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegSetValueExW
RegEnumValueW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
SetThreadPriority
TerminateProcess
CreateThread

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CLSIDFromString
CoTaskMemAlloc

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

advapi32

RegCreateKeyW
IsTextUnicode
RegDeleteKeyW

gdi32

DeleteObject

kernel32

GlobalLock
LoadLibraryExA
ExpandEnvironmentStringsA
QueryActCtxW
GlobalUnlock
GlobalReAlloc
lstrcmpiW
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW

ole32

OleRun

shell32

SHFileOperationW

user32

GetWindowLongPtrW
PeekMessageW
SendMessageW
GetDlgItem
DispatchMessageW
IsDlgButtonChecked
SetWindowLongPtrW
DialogBoxParamW
MessageBoxW
EndDialog
EnableWindow
GetMessagePos
DefWindowProcW
DestroyWindow
ScreenToClient
CheckDlgButton
LoadImageW
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetKeyboardLayout
PostMessageW
MessageBeep
SetFocus
GetClientRect
DestroyIcon
RegisterClipboardFormatW
SetCursor
RegisterClassW
RegisterWindowMessageW
LoadCursorW
MsgWaitForMultipleObjects
TranslateMessage

xmllite

CreateXmlWriter

Exports

Exports

CreateCmtStoreObject
CreateParserObject
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppVManifest/AppVManifest.dll
.dll windows:10 windows x64 arch:x64

Password: 689726

1c7db189c5ec95de0a9fb2d861751869

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:ba:83:d4:06:73:b3:13:09:36:ea:8e:f4:3b:79:b9:2f:80:55:99:10:83:35:40:76:be:68:db:2f:0c:ec:08
Signer

Actual PE Digest

64:ba:83:d4:06:73:b3:13:09:36:ea:8e:f4:3b:79:b9:2f:80:55:99:10:83:35:40:76:be:68:db:2f:0c:ec:08

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVManifest.pdb

Imports

msvcp_win

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
?classic@locale@std@@SAAEBV12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__stricmp
_o__wcsicmp
_o__wcsupr_s
_o__wtoi
_o_calloc
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_terminate
_o_wcscpy_s
__CxxFrameHandler3
__C_specific_handler
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__RTDynamicCast
memcmp
memcpy
strrchr
__std_terminate
__CxxFrameHandler4
wcschr

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

kernel32

MoveFileExW
FindClose
GetTempPathW
DeleteFileW
LoadLibraryW
FreeLibrary
DebugBreak
WideCharToMultiByte
lstrcmpiW
QueryPerformanceCounter
GetCurrentProcessId
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
FindResourceW
LoadResource
LockResource
GetModuleHandleExW
SizeofResource
CopyFileExW
GetTempFileNameW
CloseHandle
GetLastError
SetFileAttributesW
GetCurrentThreadId
FindFirstFileW
SetLastError
FindNextFileW
GetSystemTimeAsFileTime
InitializeSListHead
RemoveDirectoryW
RtlCaptureContext
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry

advapi32

RegGetValueW
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

ole32

CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString

oleaut32

VariantClear
VariantCopy
SysAllocString
SysFreeString
VariantInit
GetErrorInfo
VariantChangeType

Exports

Exports

CreateManifestDocumentFromDocument
CreateManifestDocumentFromFile
CreateManifestDocumentFromXML
GetManifestSelectionNamespaces

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppVManifest/gamemode.dll
.dll windows:10 windows x64 arch:x64

Password: 689726

3594f0015a7f1df25922cb8d956a56e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

gamemode.pdb

Imports

msvcrt

_unlock
malloc
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_lock
_amsg_exit
_XcptFilter
__C_specific_handler
_CxxThrowException
_vsnprintf_s
_initterm
free
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__CxxFrameHandler3
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateMutexExW
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

NtQueryInformationToken
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum
NtQueryWnfStateData
RtlFreeHeap

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

api-ms-win-security-base-l1-1-0

DuplicateTokenEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetExpandedResourceExclusiveCpuCount
HasExpandedResources
MsixvcAddGameToGCS
MsixvcAddPackageAsync
MsixvcRemediateMutablePackagesForVolumeAsync
MsixvcUpdatePolicyString
MsixvcUpdatePolicyUInt64
ReleaseExclusiveCpuSets

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppVManifest/gdi32.dll
.dll windows:10 windows x64 arch:x64

Password: 689726

8aee58126035547b5e6ff8c7c20c5705

Code Sign

33:00:00:03:8c:38:5d:5c:2e:74:83:cc:fb:00:00:00:00:03:8c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:f3:c8:67:21:6f:ff:c0:00:7a:73:58:21:f9:ba:21:21:03:ea:bb:a9:7b:31:b7:ce:93:8e:a9:30:bc:83:29
Signer

Actual PE Digest

6e:f3:c8:67:21:6f:ff:c0:00:7a:73:58:21:f9:ba:21:21:03:ea:bb:a9:7b:31:b7:ce:93:8e:a9:30:bc:83:29

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

gdi32.pdb

Imports

ntdll

toupper
memcpy
memmove
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDecodePointer
RtlInitUnicodeString
_wcsicmp
_wcsnicmp
wcsncpy_s
RtlUnsubscribeWnfStateChangeNotification
RtlFreeHeap
RtlSubscribeWnfStateChangeNotification
RtlAllocateHeap
RtlLeaveCriticalSection
RtlEnterCriticalSection
memset

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleA

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

win32u

NtGdiEngPaint
NtGdiEngPlgBlt
NtGdiEngStretchBlt
NtGdiEngStretchBltROP
NtGdiEngStrokeAndFillPath
NtGdiEngStrokePath
NtGdiEngTextOut
NtGdiEngTransparentBlt
NtGdiEngUnlockSurface
NtGdiFONTOBJ_cGetAllGlyphHandles
NtGdiFONTOBJ_cGetGlyphs
NtGdiFONTOBJ_pQueryGlyphAttrs
NtGdiFONTOBJ_pfdg
NtGdiFONTOBJ_pifi
NtGdiFONTOBJ_pvTrueTypeFontFile
NtGdiFONTOBJ_pxoGetXform
NtGdiFONTOBJ_vGetInfo
NtGdiFullscreenControl
NtGdiGetSpoolMessage
NtGdiEngLockSurface
NtGdiQueryFonts
NtGdiGetBitmapDpiScaleValue
NtGdiGetCOPPCompatibleOPMInformation
NtGdiGetCertificate
NtGdiGetCertificateByHandle
NtGdiGetCertificateSize
NtGdiGetCertificateSizeByHandle
NtGdiGetCharWidthInfo
NtGdiGetFontUnicodeRanges
NtGdiGetNumberOfPhysicalMonitors
NtGdiGetOPMInformation
NtGdiGetOPMRandomNumber
NtGdiGetPhysicalMonitorDescription
NtGdiGetPhysicalMonitors
NtGdiGetStringBitmapW
NtGdiGetSuggestedOPMProtectedOutputArraySize
NtGdiGetTextCharsetInfo
NtGdiHT_Get8BPPFormatPalette
NtGdiHT_Get8BPPMaskPalette
NtGdiPATHOBJ_bEnum
NtGdiPATHOBJ_bEnumClipLines
NtGdiPATHOBJ_vEnumStart
NtGdiPATHOBJ_vEnumStartClipLines
NtGdiPATHOBJ_vGetBounds
NtGdiSTROBJ_bEnum
NtGdiSTROBJ_bEnumPositionsOnly
NtGdiSTROBJ_bGetAdvanceWidths
NtGdiSTROBJ_dwGetCodePage
NtGdiSTROBJ_vEnumStart
NtGdiScaleRgn
NtGdiScaleValues
NtGdiSetMagicColors
NtGdiSetOPMSigningKeyAndSequenceNumbers
NtGdiXFORMOBJ_bApplyXform
NtGdiXFORMOBJ_iGetXform
NtGdiXLATEOBJ_cGetPalette
NtGdiXLATEOBJ_hGetColorTransform
NtGdiXLATEOBJ_iXlate
NtGdiGetDeviceCapsAll
NtGdiGetDeviceCaps
NtGdiGetCurrentDpiInfo
NtGdiDdDDIOpenAdapterFromHdc
NtGdiDdDDICreateAllocation
NtGdiDdDDIOpenResource
NtGdiDdDDICreateSynchronizationObject
NtGdiDdDDIWaitForSynchronizationObject
NtGdiDdDDISignalSynchronizationObject
NtGdiDdDDINetDispStartMiracastDisplayDevice
NtGdiDdDDISetVidPnSourceOwner
NtDxgkPinResources
NtDxgkUnpinResources
NtGdiGetEntry
NtGdiDeleteObjectApp
NtGdiFlush
NtGdiEqualRgn
NtGdiExtCreateRegion
NtGdiCreateHalftonePalette
NtGdiPolyPolyDraw
NtGdiCreateRectRgn
NtGdiRectInRegion
NtGdiCombineRgn
NtGdiOffsetRgn
NtGdiGetRgnBox
NtGdiSetRectRgn
NtGdiGetRegionData
NtGdiEngMarkBandingSurface
NtGdiEngLineTo
NtGdiEngGradientFill
NtGdiEngFillPath
NtGdiEngEraseSurface
NtGdiEngDeleteSurface
NtGdiEngDeletePath
NtGdiEngDeletePalette
NtGdiEngDeleteClip
NtGdiEngCreatePalette
NtGdiEngCreateDeviceSurface
NtGdiEngCreateDeviceBitmap
NtGdiEngCreateClip
NtGdiEngCreateBitmap
NtGdiEngCopyBits
NtGdiEngCheckAbort
NtGdiEngBitBlt
NtGdiEngAssociateSurface
NtGdiEngAlphaBlend
NtGdiEndGdiRendering
NtGdiEnableEudc
NtGdiDestroyPhysicalMonitor
NtGdiDestroyOPMProtectedOutput
NtGdiDdQueryVisRgnUniqueness
NtGdiDdNotifyFullscreenSpriteUpdate
NtGdiDdDestroyFullscreenSprite
NtGdiDdCreateFullscreenSprite
NtGdiDDCCISetVCPFeature
NtGdiDDCCISaveCurrentSettings
NtGdiDDCCIGetVCPFeature
NtGdiDDCCIGetTimingReport
NtGdiDDCCIGetCapabilitiesStringLength
NtGdiDDCCIGetCapabilitiesString
NtGdiCreateOPMProtectedOutputs
NtGdiCreateOPMProtectedOutput
NtGdiCreateBitmapFromDxSurface2
NtGdiCreateBitmapFromDxSurface
NtGdiConfigureOPMProtectedOutput
NtGdiCLIPOBJ_ppoGetPath
NtGdiCLIPOBJ_cEnumStart
NtGdiCLIPOBJ_bEnum
NtGdiBeginGdiRendering
NtGdiBRUSHOBJ_ulGetBrushColor
NtGdiBRUSHOBJ_pvGetRbrush
NtGdiBRUSHOBJ_pvAllocRbrush
NtGdiBRUSHOBJ_hGetColorTransform
NtGdiInitSpool

api-ms-win-gdi-internal-uap-l1-1-0

SetMetaRgn
PtInRegion
ModerncoreGdiInit
MF16_DeleteObject
GetRandomRgn
GdiSupportsFontChangeEvent
GdiDllInitialize
UnloadUserModePrinterDriver
DeleteColorSpace
IcmDeleteLocalDC
plinkGet
MF_DeleteObject
vFreeUFIHashTable
DeleteEMFSpoolData
DocumentEventEx
hdcCreateDCW
vDeleteLOCALFONT
IcmReleaseCachedColorSpace
FillRgn
CreateRoundRectRgn
SetPolyFillModeImpl
SelectObjectImpl
SelectClipRgnImpl
IntersectClipRectImpl
AbortDocImpl

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventProviderEnabled
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AbortDoc
AbortPath
AddFontMemResourceEx
AddFontResourceA
AddFontResourceExA
AddFontResourceExW
AddFontResourceTracking
AddFontResourceW
AngleArc
AnimatePalette
AnyLinkedFonts
Arc
ArcTo
BRUSHOBJ_hGetColorTransform
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
BRUSHOBJ_ulGetBrushColor
BeginGdiRendering
BeginPath
BitBlt
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
CLIPOBJ_ppoGetPath
CancelDC
CheckColorsInGamut
ChoosePixelFormat
Chord
ClearBitmapAttributes
ClearBrushAttributes
CloseEnhMetaFile
CloseFigure
CloseMetaFile
ColorCorrectPalette
ColorMatchToTarget
CombineRgn
CombineTransform
ConfigureOPMProtectedOutput
CopyEnhMetaFileA
CopyEnhMetaFileW
CopyMetaFileA
CopyMetaFileW
CreateBitmap
CreateBitmapFromDxSurface
CreateBitmapFromDxSurface2
CreateBitmapIndirect
CreateBrushIndirect
CreateColorSpaceA
CreateColorSpaceW
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDCExW
CreateDCW
CreateDIBPatternBrush
CreateDIBPatternBrushPt
CreateDIBSection
CreateDIBitmap
CreateDPIScaledDIBSection
CreateDiscardableBitmap
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateEnhMetaFileA
CreateEnhMetaFileW
CreateFontA
CreateFontIndirectA
CreateFontIndirectExA
CreateFontIndirectExW
CreateFontIndirectW
CreateFontW
CreateHalftonePalette
CreateHatchBrush
CreateICA
CreateICW
CreateMetaFileA
CreateMetaFileW
CreateOPMProtectedOutput
CreateOPMProtectedOutputs
CreatePalette
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolyPolygonRgn
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateScalableFontResourceA
CreateScalableFontResourceW
CreateScaledCompatibleBitmap
CreateSessionMappedDIBSection
CreateSolidBrush
D3DKMTAbandonSwapChain
D3DKMTAcquireKeyedMutex
D3DKMTAcquireKeyedMutex2
D3DKMTAcquireSwapChain
D3DKMTAddSurfaceToSwapChain
D3DKMTAdjustFullscreenGamma
D3DKMTCacheHybridQueryValue
D3DKMTChangeVideoMemoryReservation
D3DKMTCheckExclusiveOwnership
D3DKMTCheckMonitorPowerState
D3DKMTCheckMultiPlaneOverlaySupport
D3DKMTCheckMultiPlaneOverlaySupport2
D3DKMTCheckMultiPlaneOverlaySupport3
D3DKMTCheckOcclusion
D3DKMTCheckSharedResourceAccess
D3DKMTCheckVidPnExclusiveOwnership
D3DKMTCloseAdapter
D3DKMTConfigureSharedResource
D3DKMTCreateAllocation
D3DKMTCreateAllocation2
D3DKMTCreateBundleObject
D3DKMTCreateContext
D3DKMTCreateContextVirtual
D3DKMTCreateDCFromMemory
D3DKMTCreateDevice
D3DKMTCreateHwContext
D3DKMTCreateHwQueue
D3DKMTCreateKeyedMutex
D3DKMTCreateKeyedMutex2
D3DKMTCreateOutputDupl
D3DKMTCreateOverlay
D3DKMTCreatePagingQueue
D3DKMTCreateProtectedSession
D3DKMTCreateSwapChain
D3DKMTCreateSynchronizationObject
D3DKMTCreateSynchronizationObject2
D3DKMTCreateTrackedWorkload
D3DKMTDDisplayEnum
D3DKMTDestroyAllocation
D3DKMTDestroyAllocation2
D3DKMTDestroyContext
D3DKMTDestroyDCFromMemory
D3DKMTDestroyDevice
D3DKMTDestroyHwContext
D3DKMTDestroyHwQueue
D3DKMTDestroyKeyedMutex
D3DKMTDestroyOutputDupl
D3DKMTDestroyOverlay
D3DKMTDestroyPagingQueue
D3DKMTDestroyProtectedSession
D3DKMTDestroySynchronizationObject
D3DKMTDestroyTrackedWorkload
D3DKMTDispMgrCreate
D3DKMTDispMgrOperation
D3DKMTDispMgrSourceOperation
D3DKMTDispMgrTargetOperation
D3DKMTDisplayPortOperation
D3DKMTDuplicateHandle
D3DKMTEnumAdapters
D3DKMTEnumAdapters2
D3DKMTEnumAdapters3
D3DKMTEscape
D3DKMTEvict
D3DKMTExtractBundleObject
D3DKMTFlipOverlay
D3DKMTFlushHeapTransitions
D3DKMTFreeGpuVirtualAddress
D3DKMTGetAllocationPriority
D3DKMTGetAvailableTrackedWorkloadIndex
D3DKMTGetCachedHybridQueryValue
D3DKMTGetContextInProcessSchedulingPriority
D3DKMTGetContextSchedulingPriority
D3DKMTGetDWMVerticalBlankEvent
D3DKMTGetDeviceState
D3DKMTGetDisplayModeList
D3DKMTGetMemoryBudgetTarget
D3DKMTGetMultiPlaneOverlayCaps
D3DKMTGetMultisampleMethodList
D3DKMTGetOverlayState
D3DKMTGetPostCompositionCaps
D3DKMTGetPresentHistory
D3DKMTGetPresentQueueEvent
D3DKMTGetProcessDeviceRemovalSupport
D3DKMTGetProcessList
D3DKMTGetProcessSchedulingPriorityBand
D3DKMTGetProcessSchedulingPriorityClass
D3DKMTGetResourcePresentPrivateDriverData
D3DKMTGetRuntimeData
D3DKMTGetScanLine
D3DKMTGetSetSwapChainMetadata
D3DKMTGetSharedPrimaryHandle
D3DKMTGetSharedResourceAdapterLuid
D3DKMTGetTrackedWorkloadStatistics
D3DKMTGetYieldPercentage
D3DKMTInvalidateActiveVidPn
D3DKMTInvalidateCache
D3DKMTLock
D3DKMTLock2
D3DKMTMakeResident
D3DKMTMapGpuVirtualAddress
D3DKMTMarkDeviceAsError
D3DKMTNetDispGetNextChunkInfo
D3DKMTNetDispQueryMiracastDisplayDeviceStatus
D3DKMTNetDispQueryMiracastDisplayDeviceSupport
D3DKMTNetDispStartMiracastDisplayDevice
D3DKMTNetDispStartMiracastDisplayDevice2
D3DKMTNetDispStartMiracastDisplayDeviceEx
D3DKMTNetDispStopMiracastDisplayDevice
D3DKMTOfferAllocations
D3DKMTOpenAdapterFromDeviceName
D3DKMTOpenAdapterFromGdiDisplayName
D3DKMTOpenAdapterFromHdc
D3DKMTOpenAdapterFromLuid
D3DKMTOpenBundleObjectNtHandleFromName
D3DKMTOpenKeyedMutex
D3DKMTOpenKeyedMutex2
D3DKMTOpenKeyedMutexFromNtHandle
D3DKMTOpenNtHandleFromName
D3DKMTOpenProtectedSessionFromNtHandle
D3DKMTOpenResource
D3DKMTOpenResource2
D3DKMTOpenResourceFromNtHandle
D3DKMTOpenSwapChain
D3DKMTOpenSyncObjectFromNtHandle
D3DKMTOpenSyncObjectFromNtHandle2
D3DKMTOpenSyncObjectNtHandleFromName
D3DKMTOpenSynchronizationObject
D3DKMTOutputDuplGetFrameInfo
D3DKMTOutputDuplGetMetaData
D3DKMTOutputDuplGetPointerShapeData
D3DKMTOutputDuplPresent
D3DKMTOutputDuplPresentToHwQueue
D3DKMTOutputDuplReleaseFrame
D3DKMTPinDirectFlipResources
D3DKMTPinResources
D3DKMTPollDisplayChildren
D3DKMTPresent
D3DKMTPresentMultiPlaneOverlay
D3DKMTPresentMultiPlaneOverlay2
D3DKMTPresentMultiPlaneOverlay3
D3DKMTPresentRedirected
D3DKMTQueryAdapterInfo
D3DKMTQueryAllocationResidency
D3DKMTQueryClockCalibration
D3DKMTQueryFSEBlock
D3DKMTQueryProcessOfferInfo
D3DKMTQueryProtectedSessionInfoFromNtHandle
D3DKMTQueryProtectedSessionStatus
D3DKMTQueryRemoteVidPnSourceFromGdiDisplayName
D3DKMTQueryResourceInfo
D3DKMTQueryResourceInfoFromNtHandle
D3DKMTQueryStatistics
D3DKMTQueryVidPnExclusiveOwnership
D3DKMTQueryVideoMemoryInfo
D3DKMTReclaimAllocations
D3DKMTReclaimAllocations2
D3DKMTRegisterTrimNotification
D3DKMTRegisterVailProcess
D3DKMTReleaseKeyedMutex
D3DKMTReleaseKeyedMutex2
D3DKMTReleaseProcessVidPnSourceOwners
D3DKMTReleaseSwapChain
D3DKMTRemoveSurfaceFromSwapChain
D3DKMTRender
D3DKMTReserveGpuVirtualAddress
D3DKMTResetTrackedWorkloadStatistics
D3DKMTSetAllocationPriority
D3DKMTSetContextInProcessSchedulingPriority
D3DKMTSetContextSchedulingPriority
D3DKMTSetDisplayMode
D3DKMTSetDisplayPrivateDriverFormat
D3DKMTSetDodIndirectSwapchain
D3DKMTSetFSEBlock
D3DKMTSetGammaRamp
D3DKMTSetHwProtectionTeardownRecovery
D3DKMTSetMemoryBudgetTarget
D3DKMTSetMonitorColorSpaceTransform
D3DKMTSetProcessDeviceRemovalSupport
D3DKMTSetProcessSchedulingPriorityBand
D3DKMTSetProcessSchedulingPriorityClass
D3DKMTSetQueuedLimit
D3DKMTSetStablePowerState
D3DKMTSetStereoEnabled
D3DKMTSetSyncRefreshCountWaitTarget
D3DKMTSetVidPnSourceHwProtection
D3DKMTSetVidPnSourceOwner
D3DKMTSetVidPnSourceOwner1
D3DKMTSetVidPnSourceOwner2
D3DKMTSetYieldPercentage
D3DKMTShareObjects
D3DKMTSharedPrimaryLockNotification
D3DKMTSharedPrimaryUnLockNotification
D3DKMTSignalSynchronizationObject
D3DKMTSignalSynchronizationObject2
D3DKMTSignalSynchronizationObjectFromCpu
D3DKMTSignalSynchronizationObjectFromGpu
D3DKMTSignalSynchronizationObjectFromGpu2
D3DKMTSubmitCommand
D3DKMTSubmitCommandToHwQueue
D3DKMTSubmitPresentBltToHwQueue
D3DKMTSubmitPresentToHwQueue
D3DKMTSubmitSignalSyncObjectsToHwQueue
D3DKMTSubmitWaitForSyncObjectsToHwQueue
D3DKMTTrimProcessCommitment
D3DKMTUnOrderedPresentSwapChain
D3DKMTUnlock
D3DKMTUnlock2
D3DKMTUnpinDirectFlipResources
D3DKMTUnpinResources
D3DKMTUnregisterTrimNotification
D3DKMTUpdateAllocationProperty
D3DKMTUpdateGpuVirtualAddress
D3DKMTUpdateOverlay
D3DKMTUpdateTrackedWorkload
D3DKMTVailConnect
D3DKMTVailDisconnect
D3DKMTVailPromoteCompositionSurface
D3DKMTWaitForIdle
D3DKMTWaitForSynchronizationObject
D3DKMTWaitForSynchronizationObject2
D3DKMTWaitForSynchronizationObjectFromCpu
D3DKMTWaitForSynchronizationObjectFromGpu
D3DKMTWaitForVerticalBlankEvent
D3DKMTWaitForVerticalBlankEvent2
DDCCIGetCapabilitiesString
DDCCIGetCapabilitiesStringLength
DDCCIGetTimingReport
DDCCIGetVCPFeature
DDCCISaveCurrentSettings
DDCCISetVCPFeature
DPtoLP
DdCreateFullscreenSprite
DdDestroyFullscreenSprite
DdEntry0
DdEntry1
DdEntry10
DdEntry11
DdEntry12
DdEntry13
DdEntry14
DdEntry15
DdEntry16
DdEntry17
DdEntry18
DdEntry19
DdEntry2
DdEntry20
DdEntry21
DdEntry22
DdEntry23
DdEntry24
DdEntry25
DdEntry26
DdEntry27
DdEntry28
DdEntry29
DdEntry3
DdEntry30
DdEntry31
DdEntry32
DdEntry33
DdEntry34
DdEntry35
DdEntry36
DdEntry37
DdEntry38
DdEntry39
DdEntry4
DdEntry40
DdEntry41
DdEntry42
DdEntry43
DdEntry44
DdEntry45
DdEntry46
DdEntry47
DdEntry48
DdEntry49
DdEntry5
DdEntry50
DdEntry51
DdEntry52
DdEntry53
DdEntry54
DdEntry55
DdEntry56
DdEntry6
DdEntry7
DdEntry8
DdEntry9
DdNotifyFullscreenSpriteUpdate
DdQueryVisRgnUniqueness
DeleteColorSpace
DeleteDC
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
DescribePixelFormat
DestroyOPMProtectedOutput
DestroyPhysicalMonitorInternal
DeviceCapabilitiesExA
DeviceCapabilitiesExW
DrawEscape
DwmCreatedBitmapRemotingOutput
DxTrimNotificationListHead
Ellipse
EnableEUDC
EndDoc
EndFormPage
EndGdiRendering
EndPage
EndPath
EngAcquireSemaphore
EngAlphaBlend
EngAssociateSurface
EngBitBlt
EngCheckAbort
EngComputeGlyphSet
EngCopyBits
EngCreateBitmap
EngCreateClip
EngCreateDeviceBitmap
EngCreateDeviceSurface
EngCreatePalette
EngCreateSemaphore
EngDeleteClip
EngDeletePalette
EngDeletePath
EngDeleteSemaphore
EngDeleteSurface
EngEraseSurface
EngFillPath
EngFindResource
EngFreeModule
EngGetCurrentCodePage
EngGetDriverName
EngGetPrinterDataFileName
EngGradientFill
EngLineTo
EngLoadModule
EngLockSurface
EngMarkBandingSurface
EngMultiByteToUnicodeN
EngMultiByteToWideChar
EngPaint
EngPlgBlt
EngQueryEMFInfo
EngQueryLocalTime
EngReleaseSemaphore
EngStretchBlt
EngStretchBltROP
EngStrokeAndFillPath
EngStrokePath
EngTextOut
EngTransparentBlt
EngUnicodeToMultiByteN
EngUnlockSurface
EngWideCharToMultiByte
EnumEnhMetaFile
EnumFontFamiliesA
EnumFontFamiliesExA
EnumFontFamiliesExW
EnumFontFamiliesW
EnumFontsA
EnumFontsW
EnumICMProfilesA
EnumICMProfilesW
EnumMetaFile
EnumObjects
EqualRgn
Escape
EudcLoadLinkW
EudcUnloadLinkW
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtEscape
ExtFloodFill
ExtSelectClipRgn
ExtTextOutA
ExtTextOutW
FONTOBJ_cGetAllGlyphHandles
FONTOBJ_cGetGlyphs
FONTOBJ_pQueryGlyphAttrs
FONTOBJ_pfdg
FONTOBJ_pifi
FONTOBJ_pvTrueTypeFontFile
FONTOBJ_pxoGetXform
FONTOBJ_vGetInfo
FillPath
FillRgn
FixBrushOrgEx
FlattenPath
FloodFill
FontIsLinked
FrameRgn
Gdi32DllInitialize
GdiAddFontResourceW
GdiAddGlsBounds
GdiAddGlsRecord
GdiAddInitialFonts
GdiAlphaBlend
GdiArtificialDecrementDriver
GdiBatchLimit
GdiCleanCacheDC
GdiComment
GdiConsoleTextOut
GdiConvertAndCheckDC
GdiConvertBitmap

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archiveint/archiveint.dll
.dll windows:10 windows x64 arch:x64

Password: 689726

2241467b78b76f01e83484b49ec9a25b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

archiveint.pdb

Imports

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
strspn
strcspn
strncmp
memset
wcsncmp
strnlen
wcsncpy

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__close
_o__configure_narrow_argv
_o__ctime64_s
_o__errno
_o__execute_onexit_table
_o__fileno
_o__fseeki64
_o__get_osfhandle
_o__get_timezone
_o__gmtime64_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__localtime64_s
_o__lseeki64
_o__mkgmtime64
_o__mktime64
_o__open_osfhandle
_o__seh_filter_dll
_o__sopen_s
memmove
_o__umask
_o__wcsdup
_o__wrename
_o__wrmdir
_o__wsopen_s
_o__wunlink
_o_abort
_o_atoi
_o_bsearch
_o_calloc
_o_exit
_o_ferror
_o_fread
_o_free
_o_fwrite
_o_getenv
_o_isalnum
_o_isdigit
_o_isprint
_o_isspace
_o_isupper
_o_malloc
_o_mbstowcs
_o_qsort
_o_realloc
_o_setlocale
_o_strftime
_o_strtol
_o_tolower
_o_toupper
_o_wcrtomb
__C_specific_handler
_o___stdio_common_vsprintf
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___acrt_iob_func
_o____mb_cur_max_func
strstr
wcsrchr
wcschr
strchr
strrchr
memchr
memcmp
memcpy
_o__setmode
_o__strdup

bcrypt

BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptDeriveKeyPBKDF2
BCryptCreateHash
BCryptFinishHash
BCryptHashData
BCryptEncrypt

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-security-cryptoapi-l1-1-0

CryptGenRandom
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
CryptReleaseContext
CryptHashData

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW
FindNextFileW
FindClose
SetFileTime
ReadFile
CreateFileW
GetFileInformationByHandle
GetDriveTypeW
CreateDirectoryW
SetFilePointer
FindFirstFileA
SetEndOfFile
GetFileAttributesW
GetVolumePathNameW
GetFullPathNameW
WriteFile
GetFileAttributesA
CreateFileA
GetFileType
SetFileAttributesW
FindFirstFileW

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-synch-l1-1-0

CreateEventW
ResetEvent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
SetHandleInformation
CloseHandle

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe
CreatePipe

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

GetOEMCP
IsValidCodePage
GetACP

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetExitCodeProcess
GetCurrentThreadId
CreateProcessA
GetCurrentProcessId
TerminateProcess

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCurrentDirectoryW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

archive_bzlib_version
archive_clear_error
archive_compression
archive_compression_name
archive_copy_error
archive_entry_acl
archive_entry_acl_add_entry
archive_entry_acl_add_entry_w
archive_entry_acl_clear
archive_entry_acl_count
archive_entry_acl_from_text
archive_entry_acl_from_text_w
archive_entry_acl_next
archive_entry_acl_reset
archive_entry_acl_text
archive_entry_acl_text_w
archive_entry_acl_to_text
archive_entry_acl_to_text_w
archive_entry_acl_types
archive_entry_atime
archive_entry_atime_is_set
archive_entry_atime_nsec
archive_entry_birthtime
archive_entry_birthtime_is_set
archive_entry_birthtime_nsec
archive_entry_clear
archive_entry_clone
archive_entry_copy_bhfi
archive_entry_copy_fflags_text
archive_entry_copy_fflags_text_w
archive_entry_copy_gname
archive_entry_copy_gname_w
archive_entry_copy_hardlink
archive_entry_copy_hardlink_w
archive_entry_copy_link
archive_entry_copy_link_w
archive_entry_copy_mac_metadata
archive_entry_copy_pathname
archive_entry_copy_pathname_w
archive_entry_copy_sourcepath
archive_entry_copy_sourcepath_w
archive_entry_copy_stat
archive_entry_copy_symlink
archive_entry_copy_symlink_w
archive_entry_copy_uname
archive_entry_copy_uname_w
archive_entry_ctime
archive_entry_ctime_is_set
archive_entry_ctime_nsec
archive_entry_dev
archive_entry_dev_is_set
archive_entry_devmajor
archive_entry_devminor
archive_entry_digest
archive_entry_fflags
archive_entry_fflags_text
archive_entry_filetype
archive_entry_free
archive_entry_gid
archive_entry_gname
archive_entry_gname_utf8
archive_entry_gname_w
archive_entry_hardlink
archive_entry_hardlink_utf8
archive_entry_hardlink_w
archive_entry_ino
archive_entry_ino64
archive_entry_ino_is_set
archive_entry_is_data_encrypted
archive_entry_is_encrypted
archive_entry_is_metadata_encrypted
archive_entry_linkify
archive_entry_linkresolver_free
archive_entry_linkresolver_new
archive_entry_linkresolver_set_strategy
archive_entry_mac_metadata
archive_entry_mode
archive_entry_mtime
archive_entry_mtime_is_set
archive_entry_mtime_nsec
archive_entry_new
archive_entry_new2
archive_entry_nlink
archive_entry_partial_links
archive_entry_pathname
archive_entry_pathname_utf8
archive_entry_pathname_w
archive_entry_perm
archive_entry_rdev
archive_entry_rdevmajor
archive_entry_rdevminor
archive_entry_set_atime
archive_entry_set_birthtime
archive_entry_set_ctime
archive_entry_set_dev
archive_entry_set_devmajor
archive_entry_set_devminor
archive_entry_set_fflags
archive_entry_set_filetype
archive_entry_set_gid
archive_entry_set_gname
archive_entry_set_gname_utf8
archive_entry_set_hardlink
archive_entry_set_hardlink_utf8
archive_entry_set_ino
archive_entry_set_ino64
archive_entry_set_is_data_encrypted
archive_entry_set_is_metadata_encrypted
archive_entry_set_link
archive_entry_set_link_utf8
archive_entry_set_mode
archive_entry_set_mtime
archive_entry_set_nlink
archive_entry_set_pathname
archive_entry_set_pathname_utf8
archive_entry_set_perm
archive_entry_set_rdev
archive_entry_set_rdevmajor
archive_entry_set_rdevminor
archive_entry_set_size
archive_entry_set_symlink
archive_entry_set_symlink_type
archive_entry_set_symlink_utf8
archive_entry_set_uid
archive_entry_set_uname
archive_entry_set_uname_utf8
archive_entry_size
archive_entry_size_is_set
archive_entry_sourcepath
archive_entry_sourcepath_w
archive_entry_sparse_add_entry
archive_entry_sparse_clear
archive_entry_sparse_count
archive_entry_sparse_next
archive_entry_sparse_reset
archive_entry_stat
archive_entry_strmode
archive_entry_symlink
archive_entry_symlink_type
archive_entry_symlink_utf8
archive_entry_symlink_w
archive_entry_uid
archive_entry_uname
archive_entry_uname_utf8
archive_entry_uname_w
archive_entry_unset_atime
archive_entry_unset_birthtime
archive_entry_unset_ctime
archive_entry_unset_mtime
archive_entry_unset_size
archive_entry_update_gname_utf8
archive_entry_update_hardlink_utf8
archive_entry_update_link_utf8
archive_entry_update_pathname_utf8
archive_entry_update_symlink_utf8
archive_entry_update_uname_utf8
archive_entry_xattr_add_entry
archive_entry_xattr_clear
archive_entry_xattr_count
archive_entry_xattr_next
archive_entry_xattr_reset
archive_errno
archive_error_string
archive_file_count
archive_filter_bytes
archive_filter_code
archive_filter_count
archive_filter_name
archive_format
archive_format_name
archive_free
archive_liblz4_version
archive_liblzma_version
archive_libzstd_version
archive_match_exclude_entry
archive_match_exclude_pattern
archive_match_exclude_pattern_from_file
archive_match_exclude_pattern_from_file_w
archive_match_exclude_pattern_w
archive_match_excluded
archive_match_free
archive_match_include_date
archive_match_include_date_w
archive_match_include_file_time
archive_match_include_file_time_w
archive_match_include_gid
archive_match_include_gname
archive_match_include_gname_w
archive_match_include_pattern
archive_match_include_pattern_from_file
archive_match_include_pattern_from_file_w
archive_match_include_pattern_w
archive_match_include_time
archive_match_include_uid
archive_match_include_uname
archive_match_include_uname_w
archive_match_new
archive_match_owner_excluded
archive_match_path_excluded
archive_match_path_unmatched_inclusions
archive_match_path_unmatched_inclusions_next
archive_match_path_unmatched_inclusions_next_w
archive_match_set_inclusion_recursion
archive_match_time_excluded
archive_position_compressed
archive_position_uncompressed
archive_read_add_callback_data
archive_read_add_passphrase
archive_read_append_callback_data
archive_read_append_filter
archive_read_append_filter_program
archive_read_append_filter_program_signature
archive_read_close
archive_read_data
archive_read_data_block
archive_read_data_into_fd
archive_read_data_skip
archive_read_disk_can_descend
archive_read_disk_current_filesystem
archive_read_disk_current_filesystem_is_remote
archive_read_disk_current_filesystem_is_synthetic
archive_read_disk_descend
archive_read_disk_entry_from_file
archive_read_disk_gname
archive_read_disk_new
archive_read_disk_open
archive_read_disk_open_w
archive_read_disk_set_atime_restored
archive_read_disk_set_behavior
archive_read_disk_set_gname_lookup
archive_read_disk_set_matching
archive_read_disk_set_metadata_filter_callback
archive_read_disk_set_standard_lookup
archive_read_disk_set_symlink_hybrid
archive_read_disk_set_symlink_logical
archive_read_disk_set_symlink_physical
archive_read_disk_set_uname_lookup
archive_read_disk_uname
archive_read_extract
archive_read_extract2
archive_read_extract_set_progress_callback
archive_read_extract_set_skip_file
archive_read_finish
archive_read_format_capabilities
archive_read_free
archive_read_has_encrypted_entries
archive_read_header_position
archive_read_new
archive_read_next_header
archive_read_next_header2
archive_read_open
archive_read_open1
archive_read_open2
archive_read_open_FILE
archive_read_open_fd
archive_read_open_file
archive_read_open_filename
archive_read_open_filename_w
archive_read_open_filenames
archive_read_open_memory
archive_read_open_memory2
archive_read_prepend_callback_data
archive_read_set_callback_data
archive_read_set_callback_data2
archive_read_set_close_callback
archive_read_set_filter_option
archive_read_set_format
archive_read_set_format_option
archive_read_set_open_callback
archive_read_set_option
archive_read_set_options
archive_read_set_passphrase_callback
archive_read_set_read_callback
archive_read_set_seek_callback
archive_read_set_skip_callback
archive_read_set_switch_callback
archive_read_support_compression_all
archive_read_support_compression_bzip2
archive_read_support_compression_compress
archive_read_support_compression_gzip
archive_read_support_compression_lzip
archive_read_support_compression_lzma
archive_read_support_compression_none
archive_read_support_compression_program
archive_read_support_compression_program_signature
archive_read_support_compression_rpm
archive_read_support_compression_uu
archive_read_support_compression_xz
archive_read_support_filter_all
archive_read_support_filter_by_code
archive_read_support_filter_bzip2
archive_read_support_filter_compress
archive_read_support_filter_grzip
archive_read_support_filter_gzip
archive_read_support_filter_lrzip
archive_read_support_filter_lz4
archive_read_support_filter_lzip
archive_read_support_filter_lzma
archive_read_support_filter_lzop
archive_read_support_filter_none
archive_read_support_filter_program
archive_read_support_filter_program_signature
archive_read_support_filter_rpm
archive_read_support_filter_uu
archive_read_support_filter_xz
archive_read_support_filter_zstd
archive_read_support_format_7zip
archive_read_support_format_all
archive_read_support_format_ar
archive_read_support_format_by_code
archive_read_support_format_cab
archive_read_support_format_cpio
archive_read_support_format_empty
archive_read_support_format_gnutar
archive_read_support_format_iso9660
archive_read_support_format_lha
archive_read_support_format_mtree
archive_read_support_format_rar
archive_read_support_format_rar5
archive_read_support_format_raw
archive_read_support_format_tar
archive_read_support_format_warc
archive_read_support_format_xar
archive_read_support_format_zip
archive_read_support_format_zip_seekable
archive_read_support_format_zip_streamable
archive_seek_data
archive_set_error
archive_utility_string_sort
archive_version_details
archive_version_number
archive_version_string
archive_write_add_filter
archive_write_add_filter_b64encode
archive_write_add_filter_by_name
archive_write_add_filter_bzip2
archive_write_add_filter_compress
archive_write_add_filter_grzip
archive_write_add_filter_gzip
archive_write_add_filter_lrzip
archive_write_add_filter_lz4
archive_write_add_filter_lzip
archive_write_add_filter_lzma
archive_write_add_filter_lzop
archive_write_add_filter_none
archive_write_add_filter_program
archive_write_add_filter_uuencode
archive_write_add_filter_xz
archive_write_add_filter_zstd
archive_write_close
archive_write_data
archive_write_data_block
archive_write_disk_gid
archive_write_disk_new
archive_write_disk_set_group_lookup
archive_write_disk_set_options
archive_write_disk_set_skip_file
archive_write_disk_set_standard_lookup
archive_write_disk_set_user_lookup
archive_write_disk_uid
archive_write_fail
archive_write_finish
archive_write_finish_entry
archive_write_free
archive_write_get_bytes_in_last_block
archive_write_get_bytes_per_block
archive_write_header
archive_write_new
archive_write_open
archive_write_open2
archive_write_open_FILE
archive_write_open_fd
archive_write_open_file
archive_write_open_filename
archive_write_open_filename_w
archive_write_open_memory
archive_write_set_bytes_in_last_block
archive_write_set_bytes_per_block
archive_write_set_compression_bzip2
archive_write_set_compression_compress
archive_write_set_compression_gzip
archive_write_set_compression_lzip
archive_write_set_compression_lzma
archive_write_set_compression_none
archive_write_set_compression_program
archive_write_set_compression_xz
archive_write_set_filter_option
archive_write_set_format
archive_write_set_format_7zip
archive_write_set_format_ar_bsd
archive_write_set_format_ar_svr4
archive_write_set_format_by_name
archive_write_set_format_cpio
archive_write_set_format_cpio_bin
archive_write_set_format_cpio_newc
archive_write_set_format_cpio_odc
archive_write_set_format_cpio_pwb
archive_write_set_format_filter_by_ext
archive_write_set_format_filter_by_ext_def
archive_write_set_format_gnutar
archive_write_set_format_iso9660
archive_write_set_format_mtree
archive_write_set_format_mtree_classic
archive_write_set_format_option
archive_write_set_format_pax
archive_write_set_format_pax_restricted
archive_write_set_format_raw
archive_write_set_format_shar
archive_write_set_format_shar_dump
archive_write_set_format_ustar
archive_write_set_format_v7tar
archive_write_set_format_warc
archive_write_set_format_xar
archive_write_set_format_zip
archive_write_set_option
archive_write_set_options
archive_write_set_passphrase
archive_write_set_passphrase_callback
archive_write_set_skip_file
archive_write_zip_set_compression_deflate
archive_write_zip_set_compression_store
archive_zlib_version

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archiveint/computecore.dll
.dll windows:10 windows x64 arch:x64

Password: 689726

b0142740cb888552373f0d8249a48ecc

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:00:74:6e:24:67:25:be:9b:b2:14:c8:e8:0c:c2:87:14:a5:91:b4:b2:10:0b:5c:11:7b:75:f7:b4:cc:3d:6f
Signer

Actual PE Digest

be:00:74:6e:24:67:25:be:9b:b2:14:c8:e8:0c:c2:87:14:a5:91:b4:b2:10:0b:5c:11:7b:75:f7:b4:cc:3d:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

computecore.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__isctype
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
memmove
_o__wcsicmp
_o__wcstoi64
_o__wcstoui64
_o__wtof
_o__wtoi64
_o_abort
_o_free
_o_isalnum
_o_isdigit
_o_ispunct
_o_iswalpha
_o_iswascii
_o_iswspace
_o_malloc
_o_strcpy_s
_o_terminate
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstoul
_o_wcstoull
__CxxFrameHandler3
_CxxThrowException
_o__errno
wcsstr
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
__std_terminate
__C_specific_handler
_o__execute_onexit_table
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

kernelbase

LocalReAlloc
Sleep
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
SetEvent
CreateSemaphoreExW
ReleaseSemaphore
ResetEvent
CreateEventW
CreateEventExW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
WakeByAddressAll
InitOnceBeginInitialize
WaitOnAddress
InitOnceComplete
InitializeConditionVariable

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlPcToFileHeader
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-eventing-provider-l1-1-0

EventWriteEx
EventUnregister
EventActivityIdControl
EventEnabled
EventSetInformation
EventRegister
EventWriteTransfer
EventWrite

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegCloseKey

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCancelCall
CoCreateInstance
CoTaskMemAlloc
CoEnableCallCancellation
CoDisableCallCancellation

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CreateThreadpoolWait
CreateThreadpoolWork
CallbackMayRunLong
CreateThreadpoolTimer
SetThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork

rpcrt4

RpcBindingBind
RpcBindingCreateW
RpcBindingFree
RpcExceptionFilter
UuidFromStringW
UuidCreate
NdrClientCall3

api-ms-win-core-file-l1-1-0

LockFileEx
GetDiskFreeSpaceW
UnlockFileEx
CompareFileTime
ReadFile
WriteFile
CreateFileW
GetFileTime
FlushFileBuffers
GetFinalPathNameByHandleW
GetFileSizeEx
CreateDirectoryW
SetFilePointerEx
SetEndOfFile
GetFileAttributesW
DeleteFileW
SetFileTime
GetFileInformationByHandle

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCServerShareW
PathIsRelativeW
PathIsUNCServerW
PathRemoveFileSpecW
PathSkipRootW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
GetSidSubAuthority
GetSidLengthRequired
InitializeSid
CheckTokenMembership
CopySid
GetLengthSid
CreateWellKnownSid

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo

ntdll

RtlFreeHeap
NtOpenJobObject
RtlInitUnicodeString
RtlAllocateHeap
RtlDosPathNameToNtPathName_U_WithStatus
NtCreateFile
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlInitUnicodeStringEx
RtlDosPathNameToRelativeNtPathName_U_WithStatus

api-ms-win-core-path-l1-1-0

PathCchAddBackslash
PathCchRemoveFileSpec

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-io-l1-1-0

CancelIoEx
DeviceIoControl
GetOverlappedResult

api-ms-win-core-io-l1-1-1

GetOverlappedResultEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

combase

ord139

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

HcsCancelOperation
HcsCloseComputeSystem
HcsCloseOperation
HcsCloseProcess
HcsCrashComputeSystem
HcsCreateComputeSystem
HcsCreateComputeSystemInNamespace
HcsCreateEmptyGuestStateFile
HcsCreateEmptyRuntimeStateFile
HcsCreateOperation
HcsCreateProcess
HcsEnumerateComputeSystems
HcsEnumerateComputeSystemsInNamespace
HcsEnumerateVmWorkerProcesses
HcsFindVmWorkerProcesses
HcsGetComputeSystemFromOperation
HcsGetComputeSystemProperties
HcsGetOperationContext
HcsGetOperationId
HcsGetOperationResult
HcsGetOperationResultAndProcessInfo
HcsGetOperationType
HcsGetProcessFromOperation
HcsGetProcessInfo
HcsGetProcessProperties
HcsGetServiceProperties
HcsGetWorkerProcessJob
HcsGrantVmAccess
HcsGrantVmGroupAccess
HcsModifyComputeSystem
HcsModifyProcess
HcsModifyServiceSettings
HcsOpenComputeSystem
HcsOpenComputeSystemInNamespace
HcsOpenProcess
HcsPauseComputeSystem
HcsResumeComputeSystem
HcsRevokeVmAccess
HcsRevokeVmGroupAccess
HcsSaveComputeSystem
HcsSetComputeSystemCallback
HcsSetOperationCallback
HcsSetOperationContext
HcsSetProcessCallback
HcsShutDownComputeSystem
HcsSignalProcess
HcsStartComputeSystem
HcsStartVmWorkerProcess
HcsSubmitWerReport
HcsTerminateComputeSystem
HcsTerminateProcess
HcsWaitForOperationResult
HcsWaitForOperationResultAndProcessInfo

Sections

.text
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archiveint/pku2u.dll
.dll windows:10 windows x64 arch:x64

Password: 689726

5ba7c50e3ffb606856c6f25c653c72bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

pku2u.pdb

Imports

msvcrt

strstr
free
malloc
_callnewh
_XcptFilter
_amsg_exit
sprintf_s
_lock
_unlock
__dllonexit
_onexit
memmove
memcmp
tolower
strncpy_s
memcpy
_initterm
wcsncmp
wcschr
_wcsicmp
_purecall
memmove_s
__C_specific_handler
memcpy_s
_vsnwprintf
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseSRWLockExclusive
ReleaseMutex
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared
InitializeCriticalSectionEx
CreateSemaphoreExW
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
CreateMutexExW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetCurrentThreadId
SetThreadStackGuarantee
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage

bcrypt

BCryptFinishHash
BCryptDestroyHash
BCryptCreateHash
BCryptHashData

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemInfo

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

sspicli

CredUnmarshalTargetInfo
CredMarshalTargetInfo
FreeContextBuffer
SspiGetTargetHostName
SspiLocalFree
QuerySecurityPackageInfoW
SspiFreeAuthIdentity

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-security-base-l1-1-0

FreeSid
RevertToSelf
AllocateAndInitializeSid
CheckTokenMembership

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

rpcrt4

NdrMesTypeEncode3
NdrMesTypeDecode3
NdrMesTypeAlignSize3
MesDecodeIncrementalHandleCreate
MesEncodeIncrementalHandleCreate
MesHandleFree
MesIncrementalHandleReset
I_RpcMapWin32Status
UuidCreate

msasn1

ASN1BERDecNotEndOfContents
ASN1BERDecSXVal
ASN1octetstring_free
ASN1DecSetError
ASN1BERDecExplicitTag
ASN1DEREncGeneralizedTime
ASN1BERDecGeneralizedTime
ASN1BERDecPeekTag
ASN1BEREncU32
ASN1BERDecOctetString
ASN1_FreeDecoded
ASN1_Decode
ASN1_FreeEncoded
ASN1_Encode
ASN1_CloseDecoder
ASN1_CloseEncoder
ASN1_CreateDecoder
ASN1_CreateEncoder
ASN1intx_setuint32
ASN1ztcharstring_free
ASN1bitstring_free
ASN1BERDecCharString
ASN1_CreateModule
ASN1BERDecU32Val
ASN1DEREncBitString
ASN1intx_free
ASN1BERDecZeroCharString
ASN1BEREncObjectIdentifier
ASN1BERDecObjectIdentifier
ASN1BERDecBitString
ASN1charstring_free
ASN1DEREncOctetString
ASN1BERDecS32Val
ASN1BEREncOpenType
ASN1BEREncSX
ASN1DecAlloc
ASN1Free
ASN1BERDecSkip
ASN1BEREncBool
ASN1BEREncEndOfContents
ASN1DEREncCharString
ASN1BEREncS32
ASN1EncSetError
ASN1objectidentifier_free
ASN1BERDecBool
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecOpenType2

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrlenA

ntdll

RtlTimeToTimeFields
RtlValidSid
RtlLengthSid
RtlSubAuthorityCountSid
RtlLengthRequiredSid
RtlCopySid
RtlSubAuthoritySid
RtlEqualSid
RtlIdentifierAuthoritySid
RtlSystemTimeToLocalTime
NtQueryInformationToken
RtlTimeFieldsToTime
RtlCreateAcl
RtlAddAccessAllowedAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
RtlFreeSid
RtlCompareUnicodeString
RtlImageNtHeader
NtOpenProcessToken
RtlEqualDomainName
NtAllocateLocallyUniqueId
NtQuerySystemTime
NtSetInformationThread
NtOpenThreadToken
NtDuplicateObject
RtlFreeHeap
NtQueryWnfStateData
RtlEqualUnicodeString
NtClose
RtlInitUnicodeString
RtlFreeUnicodeString
RtlInitializeResource
RtlInitializeGenericTableAvl
RtlDeleteResource
RtlEnumerateGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlDeleteElementGenericTableAvl
RtlAcquireResourceExclusive
RtlInsertElementGenericTableAvl
RtlConvertSharedToExclusive
RtlReleaseResource
RtlLookupElementGenericTableAvl
RtlAcquireResourceShared
RtlInsertElementGenericTable
RtlLeaveCriticalSection
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlInitializeGenericTable
RtlAllocateAndInitializeSid

cryptdll

CDBuildIntegrityVect
CDFindCommonCSystem
CDGenerateRandomBits
CDLocateCSystem
CDLocateCheckSum

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
VirtualProtect

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllMain
SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archiveint/sfc_os.dll
.dll windows:10 windows x64 arch:x64

Password: 689726

9baa3994eb281cb30c87de1285042424

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:00:37:ab:a3:bc:e1:da:b4:be:b5:80:de:73:32:f9:0d:40:c6:05:18:c8:bb:96:9f:60:c7:92:3f:a6:01:d2
Signer

Actual PE Digest

1e:00:37:ab:a3:bc:e1:da:b4:be:b5:80:de:73:32:f9:0d:40:c6:05:18:c8:bb:96:9f:60:c7:92:3f:a6:01:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sfc_os.pdb

Imports

ntdll

RtlInitUnicodeString
NtReadFile
RtlReAllocateHeap
NtClose
ZwMapViewOfSection
NtQueryInformationFile
RtlCopyMappedMemory
RtlFreeHeap
ZwQueryInformationFile
NtQueryDirectoryFile
ZwClose
NtOpenFile
RtlNotifyFeatureUsage
RtlCreateServiceSid
RtlEqualSid
RtlCreateUnicodeString
RtlDosPathNameToNtPathName_U
RtlCopyUnicodeString
ZwCreateSection
ZwQueryWnfStateData
RtlAllocateHeap
ZwUnmapViewOfSection
__C_specific_handler
RtlVirtualUnwind
memmove
RtlFreeUnicodeString
RtlLookupFunctionEntry
RtlCaptureContext
RtlSetLastWin32Error
RtlNtStatusToDosError
ShipAssertMsgW
RtlQueryFeatureConfiguration
memcpy
memset

api-ms-win-core-libraryloader-l1-1-0

GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetKeySecurity
RegOpenKeyExW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetAce
GetAclInformation
GetSecurityDescriptorDacl

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

Exports

Exports

BeginFileMapEnumeration
CloseFileMapEnumeration
GetNextFileMapContent
SRSetRestorePointA
SRSetRestorePointW
SfcClose
SfcConnectToServer
SfcFileException
SfcGetNextProtectedFile
SfcInitProt
SfcInitiateScan
SfcInstallProtectedFiles
SfcIsFileProtected
SfcIsKeyProtected
SfcTerminateWatcherThread
SfpDeleteCatalog
SfpInstallCatalog
SfpVerifyFile

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mf/RpcNs4.dll
.dll windows:10 windows x64 arch:x64

e06944c518403f775c9c3d3b5156ca77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

RpcNs4.pdb

Imports

ntdll

RtlIntegerToUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DbgPrint
WinSqmIncrementDWORD
WinSqmIsOptedIn
DbgPrintEx

advapi32

DeregisterEventSource
ReportEventW
RegisterEventSourceW

kernel32

TerminateProcess
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCommandLineW
GetLastError
GetCurrentProcessId
QueryPerformanceCounter

Exports

Exports

I_RpcNsGetBuffer
I_RpcNsNegotiateTransferSyntax
I_RpcNsRaiseException
I_RpcNsSendReceive
I_RpcReBindBuffer
RpcIfIdVectorFree
RpcNsBindingExportA
RpcNsBindingExportPnPA
RpcNsBindingExportPnPW
RpcNsBindingExportW
RpcNsBindingImportBeginA
RpcNsBindingImportBeginW
RpcNsBindingImportDone
RpcNsBindingImportNext
RpcNsBindingLookupBeginA
RpcNsBindingLookupBeginW
RpcNsBindingLookupDone
RpcNsBindingLookupNext
RpcNsBindingSelect
RpcNsBindingUnexportA
RpcNsBindingUnexportPnPA
RpcNsBindingUnexportPnPW
RpcNsBindingUnexportW
RpcNsEntryExpandNameA
RpcNsEntryExpandNameW
RpcNsEntryObjectInqBeginA
RpcNsEntryObjectInqBeginW
RpcNsEntryObjectInqDone
RpcNsEntryObjectInqNext
RpcNsGroupDeleteA
RpcNsGroupDeleteW
RpcNsGroupMbrAddA
RpcNsGroupMbrAddW
RpcNsGroupMbrInqBeginA
RpcNsGroupMbrInqBeginW
RpcNsGroupMbrInqDone
RpcNsGroupMbrInqNextA
RpcNsGroupMbrInqNextW
RpcNsGroupMbrRemoveA
RpcNsGroupMbrRemoveW
RpcNsMgmtBindingUnexportA
RpcNsMgmtBindingUnexportW
RpcNsMgmtEntryCreateA
RpcNsMgmtEntryCreateW
RpcNsMgmtEntryDeleteA
RpcNsMgmtEntryDeleteW
RpcNsMgmtEntryInqIfIdsA
RpcNsMgmtEntryInqIfIdsW
RpcNsMgmtHandleSetExpAge
RpcNsMgmtInqExpAge
RpcNsMgmtSetExpAge
RpcNsProfileDeleteA
RpcNsProfileDeleteW
RpcNsProfileEltAddA
RpcNsProfileEltAddW
RpcNsProfileEltInqBeginA
RpcNsProfileEltInqBeginW
RpcNsProfileEltInqDone
RpcNsProfileEltInqNextA
RpcNsProfileEltInqNextW
RpcNsProfileEltRemoveA
RpcNsProfileEltRemoveW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mf/efsadu.dll
.dll windows:10 windows x64 arch:x64

22108691ed39e78a38deaea0fac66aa4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

efsadu.pdb

Imports

mfc42u

ord6351
ord4721
ord5245
ord287
ord2906
ord2517
ord5077
ord1442
ord6614
ord6328
ord4609
ord4473
ord4257
ord2975
ord5887
ord2661
ord6632
ord4548
ord6385
ord3761
ord4771
ord5702
ord4365
ord1777
ord6437
ord5406
ord5687
ord6886
ord2629
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord4557
ord1577
ord1463
ord2329
ord1126
ord1040
ord626
ord912
ord3806
ord3501
ord4747
ord2593
ord822
ord665
ord6440
ord1067
ord3743
ord4988
ord3535
ord5699
ord2586
ord852
ord337
ord6813
ord4836
ord2140
ord2457
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord5683
ord1736
ord5484
ord3933
ord2412
ord3468
ord3417
ord5722
ord5724
ord6814
ord4368
ord2060
ord2670
ord4789
ord5065
ord5730
ord5711
ord5229
ord4017
ord6053
ord3049
ord3243
ord5712
ord4694
ord3362
ord4815
ord3231
ord3366
ord3052
ord6812
ord3166
ord5586
ord3046
ord4082
ord2399
ord4083
ord5663
ord4077
ord3164
ord4371
ord4983
ord4741
ord4770
ord3916
ord2752
ord1491
ord1778
ord1063
ord659
ord4598
ord4752
ord6887

msvcrt

memmove
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
??1exception@@UEAA@XZ
??1type_info@@UEAA@XZ
strcmp
memset
_onexit
__dllonexit
_unlock
_CxxThrowException
_initterm
_amsg_exit
_XcptFilter
_wcsicmp
_ltow_s
free
malloc
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memcmp
_lock
_wcsnicmp
wcsncmp
toupper
??0exception@@QEAA@XZ
memcpy
__CxxFrameHandler3

shell32

SHChangeNotifySuspendResume
ord190
Shell_NotifyIconW
ord155
SHCreateItemFromParsingName
SHGetFolderPathW

shlwapi

ord278
StrDupW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadStringW
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateMutexExW
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockExclusive
WaitForSingleObject
OpenSemaphoreW
OpenEventW
ReleaseSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateThread
GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
IdnToAscii
FormatMessageW
GetUserPreferredUILanguages

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

crypt32

CertGetNameStringW
CertFindExtension
CertAddCertificateLinkToStore
CryptEncodeObjectEx
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptStringToBinaryW
CertGetEnhancedKeyUsage
CertVerifyTimeValidity
CertSetCertificateContextProperty
CertFreeCertificateContext
CryptBinaryToStringW
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CryptDecodeObject
CertCreateCertificateContext
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore

api-ms-win-security-credentials-l1-1-0

CredMarshalCredentialW
CredFree

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

oleaut32

SysAllocString
SysStringByteLen
SysFreeString

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

rpcrt4

RpcStringFreeW
UuidCreateNil
UuidToStringW
UuidCreate
UuidFromStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l1-1-0

FindClose
FindNextFileW
GetFullPathNameW
FindFirstFileExW
GetFileAttributesW

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
GetCurrentDirectoryW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventProviderEnabled
EventRegister
EventUnregister
EventWrite
EventEnabled

api-ms-win-security-base-l1-1-0

GetTokenInformation
CheckTokenMembership
GetLengthSid
CopySid
EqualSid

wldap32

ord18
ord26
ord140
ord41
ord13
ord224
ord170
ord73
ord16
ord208

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

userenv

RefreshPolicy

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

efsutil

EfsUtilGetUserKey
EfsUtilGetCertContextFromCertHash
EfsUtilSetSmartcardPin
EfsUtilApplyGroupPolicy
EfsUtilCreateSelfSignedCertificate
EfsUtilGetCurrentUserInformation
EfsUtilCheckCurrentKeyCapabilities
EfsUtilSmartcardCredsNeededError
EfsUtilGetSmartcardProviderName
EfsUtilReleaseUserKey
EfsUtilGetCurrentKey

vaultcli

VaultFree
VaultOpenVault
VaultGetItem
VaultCloseVault

advapi32

SetUserFileEncryptionKeyEx
CryptSetProvParam
QueryUsersOnEncryptedFile
UsePinForEncryptedFilesW
RegGetValueW
LsaClose
LsaFreeMemory
LsaLookupSids
EventWriteTransfer
ConvertStringSidToSidW
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
AddUsersToEncryptedFile
RemoveUsersFromEncryptedFile
LsaOpenPolicy
EncryptFileW

credui

CredUIPromptForWindowsCredentialsW
CredUnPackAuthenticationBufferW
CredPackAuthenticationBufferW

cryptui

CryptUIDlgSelectCertificateW
CryptUIWizExport

feclient

EfsClientGetKeyInfo
EfsClientFreeKeyInfo
EfsClientFreeProtectorList
EfsClientQueryProtectors

kernel32

DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
LoadLibraryExW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetComputerNameW
QueryActCtxW
CreateActCtxW

ntdll

RtlNtStatusToDosError
RtlAllocateAndInitializeSid
RtlFreeSid
NtQueryInformationToken

ole32

CoInitialize

urlmon

CreateUri

user32

EnableWindow
DispatchMessageW
SetTimer
LoadIconW
DefWindowProcW
PostQuitMessage
MessageBoxW
GetClientRect
SendMessageW
PostMessageW
DestroyWindow
TranslateMessage
GetMessageW
KillTimer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AddUserToObjectW
BackCurrentEfsCert
EfsDetail
EfsUIUtilCheckScardStatus
EfsUIUtilCreateSelfSignedCertificate
EfsUIUtilEncryptMyDocuments
EfsUIUtilEnrollEfsCertificate
EfsUIUtilEnrollEfsCertificateEx
EfsUIUtilInstallDra
EfsUIUtilKeyBackup
EfsUIUtilPromptForPin
EfsUIUtilPromptForPinDialog
EfsUIUtilSelectCard
EfsUIUtilShowBalloonAndWait

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mf/hotplug.dll
.dll windows:10 windows x64 arch:x64

3341bc2ede2baeeaf8f8cfa9cad95970

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

HOTPLUG.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
__C_specific_handler
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
wcschr
_callnewh
_vsnwprintf
?what@exception@@UEBAPEBDXZ
memset

ntdll

NtClose
NtOpenThreadToken
NtOpenProcessToken
NtQueryInformationToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

GetLastError
GetModuleHandleW
lstrcmpiW
WaitNamedPipeW
GetModuleHandleExW
FreeLibraryAndExitThread
GetExitCodeThread
Sleep
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FormatMessageW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetVolumeNameForVolumeMountPointW
LoadLibraryW
lstrcmpW
LocalFree
LocalAlloc
ReadFile
GetProcAddress
CreateFileW
GetCurrentProcess
CloseHandle
DisableThreadLibraryCalls
ResolveDelayLoadedAPI
SetEvent
CreateEventW
WaitForSingleObject
TerminateProcess
FreeLibrary
DelayLoadFailureHook
OpenEventW

advapi32

RegQueryValueExW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
RegCloseKey
GetTokenInformation
GetServiceDisplayNameW
RegCreateKeyW
LookupPrivilegeValueW
OpenProcessToken

user32

GetClassInfoW
ShowWindow
GetWindowLongPtrW
EndDialog
ScreenToClient
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
PostMessageW
GetMessagePos
DefWindowProcW
SetProcessDPIAware
FindWindowW
TranslateMessage
PeekMessageW
IsWindow
MsgWaitForMultipleObjects
GetMessageW
ReleaseDC
InvalidateRect
LoadImageW
GetProcessDefaultLayout
GetDC
GetWindow
PostQuitMessage
IsDialogMessageW
MessageBoxW
GetParent
DialogBoxParamW
EnableWindow
LoadStringW
SendMessageW
GetSystemMetrics
CheckDlgButton
SetDlgItemTextW
RegisterClassW
GetSysColor
IsDlgButtonChecked
LoadIconW
LoadCursorW
SetCursor
GetDlgItem
DispatchMessageW
KillTimer
DestroyIcon
SetTimer

gdi32

GetDeviceCaps

comctl32

ImageList_Destroy
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Remove
ImageList_GetImageCount
ImageList_SetOverlayImage
ImageList_Create

cfgmgr32

CM_Locate_DevNodeW
CM_Request_Device_Eject_ExW
CM_Is_Dock_Station_Present
CM_Get_Parent_Ex
CM_Get_Device_Interface_List_SizeW
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_Property_ExW
CM_Get_DevNode_Status_Ex
CM_Get_Device_ID_List_ExW
CM_Get_Device_ID_List_Size_ExW
CM_Get_Device_ID_ExW
CM_Locate_DevNode_ExW
CM_Get_Child_Ex
CM_Open_DevNode_Key_Ex
CM_Get_Sibling_Ex
CM_Get_Device_Interface_ListW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiLoadDeviceIcon
SetupDiOpenDeviceInfoW
pSetupGuidFromString

shell32

ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

shlwapi

StrChrW
ord219

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx

Exports

Exports

CPlApplet
DllGetClassObject
HotPlugChildWithInvalidIdW
HotPlugDriverBlockedW
HotPlugEjectDevice
HotPlugEjectDeviceEx
HotPlugEjectVetoedW
HotPlugHibernateVetoedW
HotPlugRemovalVetoedW
HotPlugSafeRemovalDriveNotificationW
HotPlugSafeRemovalNotificationW
HotPlugStandbyVetoedW
HotPlugWarmEjectVetoedW

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mf/mf.dll
.dll windows:10 windows x64 arch:x64

6ed0763eb41092a066b0c582532cc19f

Code Sign

33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:74:a7:f5:36:cc:33:ee:c7:fe:4d:94:12:e2:be:4f:13:b4:f2:86:8c:76:95:d6:2e:20:e9:3d:eb:90:6d:66
Signer

Actual PE Digest

10:74:a7:f5:36:cc:33:ee:c7:fe:4d:94:12:e2:be:4f:13:b4:f2:86:8c:76:95:d6:2e:20:e9:3d:eb:90:6d:66

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mf.pdb

Imports

msvcrt

wcsnlen
_wcsnicmp
wcscat_s
_initterm
strncpy_s
_lock
qsort
wcsncmp
__C_specific_handler
__CxxFrameHandler3
memmove
memcpy
_XcptFilter
memchr
_amsg_exit
_onexit
_wcsicmp
_vsnwprintf
wcsncpy_s
malloc
__dllonexit
free
_errno
wcscpy_s
wcsrchr
memmove_s
realloc
_callnewh
_unlock
_purecall
memcpy_s
memcmp
strnlen
memset

ntdll

RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDeleteFunctionTable
RtlAddFunctionTable
NtQuerySystemInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
GetModuleFileNameA
SizeofResource
LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadResource
FindResourceExW
GetModuleFileNameW
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
OpenSemaphoreW
SetEvent
ReleaseSemaphore
WaitForSingleObjectEx
CreateMutexExW
LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeSRWLock
CreateEventW
CreateSemaphoreExW
ReleaseMutex

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateProcess
TlsGetValue
GetCurrentProcessId
ProcessIdToSessionId
GetCurrentThread
TlsSetValue
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
FormatMessageW

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
GetFileSize
GetFinalPathNameByHandleW
GetDiskFreeSpaceW
GetFullPathNameW
ReadFile

api-ms-win-core-shlwapi-legacy-l1-1-0

PathSkipRootW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime
GlobalMemoryStatusEx

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

rpcrt4

UuidFromStringW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AppendPropVariant
ConvertPropVariant
CopyPropertyStore
CreateNamedPropertyStore
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ExtractPropVariant
MFCreate3GPMediaSink
MFCreateAC3MediaSink
MFCreateADTSMediaSink
MFCreateASFByteStreamPlugin
MFCreateASFContentInfo
MFCreateASFIndexer
MFCreateASFIndexerByteStream
MFCreateASFMediaSink
MFCreateASFMediaSinkActivate
MFCreateASFMultiplexer
MFCreateASFProfile
MFCreateASFProfileFromPresentationDescriptor
MFCreateASFSplitter
MFCreateASFStreamSelector
MFCreateASFStreamingMediaSink
MFCreateASFStreamingMediaSinkActivate
MFCreateAggregateSource
MFCreateAppSourceProxy
MFCreateAudioRenderer
MFCreateAudioRendererActivate
MFCreateByteCacheFile
MFCreateCacheManager
MFCreateCredentialCache
MFCreateDeviceSource
MFCreateDeviceSourceActivate
MFCreateDrmNetNDSchemePlugin
MFCreateEncryptedMediaExtensionsStoreActivate
MFCreateFMPEG4MediaSink
MFCreateFileBlockMap
MFCreateFileSchemePlugin
MFCreateHttpSchemePlugin
MFCreateLPCMByteStreamPlugin
MFCreateMP3ByteStreamPlugin
MFCreateMP3MediaSink
MFCreateMPEG4MediaSink
MFCreateMediaProcessor
MFCreateMediaSession
MFCreateMuxSink
MFCreateNSCByteStreamPlugin
MFCreateNetSchemePlugin
MFCreatePMPHost
MFCreatePMPMediaSession
MFCreatePMPServer
MFCreatePresentationClock
MFCreatePresentationDescriptorFromASFProfile
MFCreateProtectedEnvironmentAccess
MFCreateProxyLocator
MFCreateRemoteDesktopPlugin
MFCreateSAMIByteStreamPlugin
MFCreateSampleCopierMFT
MFCreateSampleGrabberSinkActivate
MFCreateSecureHttpSchemePlugin
MFCreateSequencerSegmentOffset
MFCreateSequencerSource
MFCreateSequencerSourceRemoteStream
MFCreateSimpleTypeHandler
MFCreateSoundEventSchemePlugin
MFCreateSourceResolver
MFCreateStandardQualityManager
MFCreateTopoLoader
MFCreateTopology
MFCreateTopologyNode
MFCreateTranscodeProfile
MFCreateTranscodeSinkActivate
MFCreateTranscodeTopology
MFCreateTranscodeTopologyFromByteStream
MFCreateUrlmonSchemePlugin
MFCreateVideoRenderer
MFCreateVideoRendererActivate
MFCreateWMAEncoderActivate
MFCreateWMVEncoderActivate
MFEnumDeviceSources
MFGetLocalId
MFGetMultipleServiceProviders
MFGetService
MFGetSupportedMimeTypes
MFGetSupportedSchemes
MFGetSystemId
MFGetTopoNodeCurrentType
MFLoadSignedLibrary
MFRR_CreateActivate
MFReadSequencerSegmentOffset
MFRequireProtectedEnvironment
MFShutdownObject
MFTranscodeGetAudioOutputAvailableTypes
MergePropertyStore

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtxclu/imapi.dll
.dll regsvr32 windows:10 windows x64 arch:x64

9def3e189009b6ddc4ab75d0e8190ac6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

imapi.pdb

Imports

msvcrt

_CxxThrowException
__RTDynamicCast
memcmp
memcpy
memset
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
_callnewh
_wremove
_vsnwprintf
wcscat_s
wcscpy_s
wcsstr
wcsncpy_s
malloc
free
_purecall
memcpy_s
__CxxFrameHandler3
__C_specific_handler
wcscmp

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

user32

UnregisterClassA
CharNextW

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegQueryValueExW
TraceMessage
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW

ole32

CoTaskMemFree
CoTaskMemAlloc
PropVariantClear
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemRealloc
CoCreateInstance

oleaut32

LoadRegTypeLi
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
DispCallFunc
VariantClear
LoadTypeLi
SafeArrayDestroy
SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr
SystemTimeToVariantTime
VariantInit

shlwapi

SHCreateStreamOnFileEx

kernel32

GetTempFileNameW
GetVolumeInformationW
CreateMutexW
SetEvent
LocalFree
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
ResetEvent
ReleaseMutex
SizeofResource
FileTimeToSystemTime
GlobalFree
GlobalAlloc
GetDateFormatW
InitializeCriticalSectionAndSpinCount
CreateEventW
CloseHandle
DisableThreadLibraryCalls
WaitForSingleObject
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
LoadResource
FindResourceExW
RaiseException
GetLastError
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
GetTempPathW
LocalAlloc
WideCharToMultiByte

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtxclu/itircl.dll
.dll regsvr32 windows:10 windows x64 arch:x64

380ae0a373c6ac6b63d2802c179548cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

itircl.pdb

Imports

msvcrt

memmove
_initterm
_amsg_exit
__CxxFrameHandler3
memcpy
memcmp
_XcptFilter
_callnewh
malloc
_vsnprintf
strncmp
free
_purecall
__C_specific_handler
?terminate@@YAXXZ
memset

kernel32

DeleteFileA
UnmapViewOfFile
VirtualFree
GlobalSize
GetCurrentDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
VirtualProtect
VirtualAlloc
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
GetLastError
DisableThreadLibraryCalls
GetSystemInfo
HeapDestroy
WideCharToMultiByte
lstrcmpiA
VirtualQuery
GlobalReAlloc
CompareStringW
GetACP
CompareStringA
GetUserDefaultLCID
GetVersionExA
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
lstrlenA
GetFullPathNameA
LocalLock
LocalAlloc
LocalFree
LocalUnlock
GetProcAddress
GetTempFileNameA
GetTempPathA
OpenFile
SetFilePointer
OutputDebugStringA
WriteFile
ReadFile
MapViewOfFile
GlobalFlags
CreateFileA
CloseHandle
GlobalHandle
CreateFileMappingA
GetFileSize

user32

CharUpperA
CharNextA
LoadStringA

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA

ole32

ReadClassStm
WriteClassStm
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoGetClassObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtxclu/mtxclu.dll
.dll windows:10 windows x64 arch:x64

d21ac5e21e55f5b9ee93d732d6cbb672

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mtxclu.pdb

Imports

ntdll

RtlFreeHeap
RtlImageNtHeader
RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCreateServiceSid
RtlReportException
RtlCaptureContext
RtlNtStatusToDosError
RtlInitUnicodeString

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegFlushKey
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoGetObjectContext

api-ms-win-service-management-l1-1-0

DeleteService
CreateServiceW
OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

rpcrt4

UuidFromStringW
UuidToStringW
RpcStringFreeW
UuidCreate
UuidFromStringA
UuidToStringA
RpcStringFreeA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-service-winsvc-l1-1-0

StartServiceA
ControlService
QueryServiceStatus
OpenSCManagerA

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
FindFirstFileW
CreateFileW
FindClose
SetFileAttributesW
GetFullPathNameW
FindNextFileW
DeleteFileW
CreateDirectoryW
GetFileAttributesW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorControl
GetSecurityDescriptorSacl
MakeSelfRelativeSD
AdjustTokenPrivileges
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetTokenInformation
MakeAbsoluteSD
DuplicateTokenEx
GetSecurityDescriptorLength
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
InitializeSecurityDescriptor
FreeSid
AddAce
IsWellKnownSid
SetSecurityDescriptorDacl
CopySid
GetAclInformation
GetSidLengthRequired
AllocateAndInitializeSid
EqualSid
GetAce
GetSecurityDescriptorDacl

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
ChangeServiceConfig2W
QueryServiceStatusEx
QueryServiceConfigW

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineA

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetComputerNameExW
GetSystemWindowsDirectoryA
GetSystemInfo
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleFileNameW
DisableThreadLibraryCalls
LoadStringW
LockResource
GetModuleHandleW
LoadLibraryExA
GetProcAddress
GetModuleHandleExA
FindResourceExW
FreeLibrary
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

SetThreadStackGuarantee
CreateProcessW
TerminateProcess
TlsFree
GetCurrentProcess
SetThreadToken
GetExitCodeProcess
GetCurrentThreadId
TlsSetValue
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcessId
TlsAlloc
TlsGetValue

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateSemaphoreExW
CreateEventW
DeleteCriticalSection
WaitForSingleObject
CreateEventA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ResetEvent
InitializeCriticalSection
WaitForSingleObjectEx
EnterCriticalSection
SetEvent

ws2_32

WSAGetLastError
FreeAddrInfoW
GetAddrInfoW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

bcrypt

BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptExportKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptDestroyKey

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

cryptsp

CryptGenKey
CryptReleaseContext
CryptGetUserKey
CryptDecrypt
CryptImportKey
CryptExportKey
CryptDestroyKey
CryptEncrypt
CryptAcquireContextW
CryptSetProvParam

api-ms-win-security-lsapolicy-l1-1-0

LsaClose

advapi32

DeregisterEventSource
LookupPrivilegeValueA
RegEnumKeyA
RegEnumKeyW
RegDeleteKeyA
RegDeleteKeyW
RegisterEventSourceW
ReportEventW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
EnumServicesStatusExA
RegConnectRegistryW

kernel32

UnregisterWaitEx
QueueUserWorkItem

msvcrt

_initterm
_callnewh
malloc
_waccess
_wfopen
strchr
fopen
fflush
fclose
fprintf
fwprintf
_vsnprintf
wcsrchr
mbstowcs
_purecall
_stricmp
_wcsnicmp
wcstombs
_ltoa
_ltow
atol
_wtol
iswalpha
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_XcptFilter
_amsg_exit
wcscpy_s
??1type_info@@UEAA@XZ
_wcsicmp
_onexit
_ultow
_local_unwind
memcmp
memset
__dllonexit
__CxxFrameHandler3
_vsnwprintf
_unlock
_lock
_wcsdup
?terminate@@YAXXZ
wcschr
__C_specific_handler
free
wcscmp

clusapi

ClusterResourceTypeEnum
GetClusterResourceKey
CloseCluster
CloseClusterResource
ClusterRegOpenKey
GetClusterResourceNetworkName
ClusterRegCloseKey
GetClusterResourceState
ClusterRegDeleteValue
OpenClusterResourceEx
ClusterRegEnumKey
ClusterRegQueryValue
OfflineClusterResource
ClusterRegSetValue
ClusterRegCreateKey
ClusterRegDeleteKey
ClusterGroupEnum
ClusterControl
OpenClusterGroupEx
OnlineClusterResource
ClusterResourceControl
ClusterResourceTypeControl
ClusterRegQueryInfoKey
ClusterResourceTypeGetEnumCount
GetClusterKey
ClusterGroupOpenEnum
ClusterRegEnumValue
ClusterResourceTypeOpenEnum
CloseClusterGroup
ClusterResourceTypeCloseEnum
OpenClusterEx
CreateClusterNotifyPort
GetClusterNotify
GetClusterResourceTypeKey
ClusterGroupCloseEnum
ClusterGetEnumCount
GetNodeClusterState
ClusterOpenEnum
ClusterEnum
ClusterCloseEnum

resutils

ResUtilEnumResourcesEx
ResUtilGetResourceDependencyByName
ResUtilPropertyListFromParameterBlock
ResUtilSetPropertyTable
ResUtilGetProperties
ResUtilGetResourceDependencyByClass
ResUtilDupParameterBlock
ResUtilSetPropertyParameterBlock
ClusWorkerTerminate
ResUtilVerifyPropertyTable
ResUtilEnumProperties
ResUtilFindSzProperty
ResUtilTerminateServiceProcessFromResDll
ClusWorkerCheckTerminate
ResUtilFindBinaryProperty
ResUtilGetPropertiesToParameterBlock
ClusWorkerCreate

msdtcprx

CreateLegacyTmInstance
CreateTmInstanceForRemoteAdmin
CreateLocalTmInstance
CreateRemoteProxyTmInstance

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualProtect

Exports

Exports

FailedClusterAPIToEventLog
MtxCluBringOnlineDTCW
MtxCluClearClusterTmMappings
MtxCluCreateClusterProxyTmInstance
MtxCluCreateClusterTmInstance
MtxCluCreateTmInstanceForVirtualServer
MtxCluEnumerateClusterTmMappings
MtxCluEnumerateDtcResources
MtxCluEnumerateDtcResourcesEx
MtxCluGetActiveClusterNode
MtxCluGetClusterResourceIdFromName
MtxCluGetComputerNameW
MtxCluGetDTCResourceForResource
MtxCluGetDTCStatusW
MtxCluGetDTCVirtualServerNameW
MtxCluGetDefaultClusterResource
MtxCluGetDefaultClusterResourceNonAdmin
MtxCluGetDtcDiskResourceDrive
MtxCluGetNameFromResourceIdString
MtxCluGetNameFromResourceIdStringNonAdmin
MtxCluGetResourceId
MtxCluGetResourceIdStringFromName
MtxCluGetSecurityRegValue
MtxCluGetTmResource
MtxCluGetVirtualServerToken
MtxCluIsClusterPresent
MtxCluIsClusterPresentExW
MtxCluIsNetworkNameInLocalClusterW
MtxCluIsSameClusterW
MtxCluIsSameNodeW
MtxCluRemoveClusterTmMappingByName
MtxCluSetClusterTmMapping
MtxCluSetDefaultClusterResource
MtxCluSetSecurityRegValue
MtxCluTakeOfflineDTCW
MtxCluVerifyLogPathInDependantDiskResource
MtxCluVerifyLogPathIsValidCSV
Startup

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtxclu/nlhtml.dll
.dll regsvr32 windows:10 windows x64 arch:x64

c8e3f082cd2a7e37deae3dec52d0a7da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

nlhtml.pdb

Imports

msvcrt

wcsncmp
_wtoi
wcsrchr
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
malloc
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memset
iswalpha
_wcsupr
memmove
memcpy
_wtol
_CxxThrowException
iswdigit
wcschr
_wcsicmp
towupper
wcstoul
bsearch
_wcsnicmp
_purecall
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
_wcslwr_s
iswspace
??0exception@@QEAA@XZ
realloc
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler3
wcscmp

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FindResourceExW
LoadResource
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExW
FreeLibrary

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetSystemDefaultLCID
IsDBCSLeadByteEx
GetCPInfo
IsValidCodePage
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString
VarR8FromStr

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetSystemTime
GetSystemTimeAsFileTime
GetVersionExA

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
FlushViewOfFile
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-file-l1-1-0

SetEndOfFile
CreateFileW
GetFileSize
SetFilePointer

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.msi
.msi

Sharing

General

Malware Config

Signatures

Files

Password: 689726

Password: 689726

8e9ebc56a81add3ad5dd49789500f3a1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-debug-l1-1-0

oleaut32

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

advapi32

gdi32

kernel32

ole32

shell32

user32

xmllite

Exports

Exports

Sections

.text Size: 242KB - Virtual size: 241KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 9KB - Virtual size: 12KB

.pdata Size: 12KB - Virtual size: 12KB

.rsrc Size: 120KB - Virtual size: 120KB

.reloc Size: 4KB - Virtual size: 4KB

Password: 689726

1c7db189c5ec95de0a9fb2d861751869

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

64:ba:83:d4:06:73:b3:13:09:36:ea:8e:f4:3b:79:b9:2f:80:55:99:10:83:35:40:76:be:68:db:2f:0c:ec:08Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 315KB - Virtual size: 315KB

.rdata Size: 222KB - Virtual size: 222KB

.data Size: 93KB - Virtual size: 95KB

.text
Size: 242KB - Virtual size: 241KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 9KB - Virtual size: 12KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 4KB - Virtual size: 4KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

64:ba:83:d4:06:73:b3:13:09:36:ea:8e:f4:3b:79:b9:2f:80:55:99:10:83:35:40:76:be:68:db:2f:0c:ec:08
Signer

.text
Size: 315KB - Virtual size: 315KB

.rdata
Size: 222KB - Virtual size: 222KB

.data
Size: 93KB - Virtual size: 95KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 204KB - Virtual size: 204KB

.reloc
Size: 11KB - Virtual size: 10KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 104B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 512B - Virtual size: 92B

33:00:00:03:8c:38:5d:5c:2e:74:83:cc:fb:00:00:00:00:03:8c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

6e:f3:c8:67:21:6f:ff:c0:00:7a:73:58:21:f9:ba:21:21:03:ea:bb:a9:7b:31:b7:ce:93:8e:a9:30:bc:83:29
Signer