archiveint.pdb
Static task
static1
1 signatures
General
-
Target
_x64~x32_installer__.zip
-
Size
32.3MB
-
MD5
ba0df4fa83e4f87722d093af7193c023
-
SHA1
9d2d89badc89a42826cb63c35419726f80f6b8c8
-
SHA256
23c26f0d3469acf036224a668c85e01ad108b282177a54fce90c537e571a5534
-
SHA512
012e4a65db43c045e682bd7459bcf95facc4ff0b927042b4557680858e2a81ed20063a4c55381f3499edd2eebed050e5174005e11cd328c83d7bcb82809521d8
-
SSDEEP
786432:L3kl0igs8P3tz7/N4EhnP25ugHOM4gi90roTTXqCwv0MVyrW:fPDPsj4kronXNkbP
Score
3/10
Malware Config
Signatures
-
Unsigned PE 11 IoCs
Checks for missing Authenticode signature.
resource unpack001/archiveint/archiveint.dll unpack001/archiveint/pku2u.dll unpack001/atmlib/archiveint.dll unpack001/atmlib/atmlib.dll unpack001/atmlib/auditcse.dll unpack001/mf/RpcNs4.dll unpack001/mf/efsadu.dll unpack001/mf/hotplug.dll unpack001/netid/miutils.dll unpack001/netid/msctfui.dll unpack001/netid/netid.dll
Files
-
_x64~x32_installer__.zip.zip
Password: pass
-
archiveint/archiveint.dll.dll windows:10 windows x64 arch:x64
Password: pass
2241467b78b76f01e83484b49ec9a25b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
api-ms-win-crt-string-l1-1-0
strcmp
strncpy
strspn
strcspn
strncmp
memset
wcsncmp
strnlen
wcsncpy
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__cexit
_o__close
_o__configure_narrow_argv
_o__ctime64_s
_o__errno
_o__execute_onexit_table
_o__fileno
_o__fseeki64
_o__get_osfhandle
_o__get_timezone
_o__gmtime64_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__localtime64_s
_o__lseeki64
_o__mkgmtime64
_o__mktime64
_o__open_osfhandle
_o__seh_filter_dll
_o__sopen_s
memmove
_o__umask
_o__wcsdup
_o__wrename
_o__wrmdir
_o__wsopen_s
_o__wunlink
_o_abort
_o_atoi
_o_bsearch
_o_calloc
_o_exit
_o_ferror
_o_fread
_o_free
_o_fwrite
_o_getenv
_o_isalnum
_o_isdigit
_o_isprint
_o_isspace
_o_isupper
_o_malloc
_o_mbstowcs
_o_qsort
_o_realloc
_o_setlocale
_o_strftime
_o_strtol
_o_tolower
_o_toupper
_o_wcrtomb
__C_specific_handler
_o___stdio_common_vsprintf
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___acrt_iob_func
_o____mb_cur_max_func
strstr
wcsrchr
wcschr
strchr
strrchr
memchr
memcmp
memcpy
_o__setmode
_o__strdup
bcrypt
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptDeriveKeyPBKDF2
BCryptCreateHash
BCryptFinishHash
BCryptHashData
BCryptEncrypt
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-security-cryptoapi-l1-1-0
CryptGenRandom
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
CryptReleaseContext
CryptHashData
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
api-ms-win-core-file-l1-1-0
GetDiskFreeSpaceW
FindNextFileW
FindClose
SetFileTime
ReadFile
CreateFileW
GetFileInformationByHandle
GetDriveTypeW
CreateDirectoryW
SetFilePointer
FindFirstFileA
SetEndOfFile
GetFileAttributesW
GetVolumePathNameW
GetFullPathNameW
WriteFile
GetFileAttributesA
CreateFileA
GetFileType
SetFileAttributesW
FindFirstFileW
api-ms-win-core-io-l1-1-1
CancelIo
api-ms-win-core-memory-l1-1-0
VirtualAlloc
VirtualFree
api-ms-win-core-io-l1-1-0
DeviceIoControl
GetOverlappedResult
api-ms-win-core-synch-l1-1-0
CreateEventW
ResetEvent
api-ms-win-core-handle-l1-1-0
DuplicateHandle
SetHandleInformation
CloseHandle
api-ms-win-core-namedpipe-l1-1-0
PeekNamedPipe
CreatePipe
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-localization-l1-2-0
GetOEMCP
IsValidCodePage
GetACP
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
WideCharToMultiByte
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
GetExitCodeProcess
GetCurrentThreadId
CreateProcessA
GetCurrentProcessId
TerminateProcess
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryA
api-ms-win-core-processenvironment-l1-1-0
GetStdHandle
GetCurrentDirectoryW
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
GetProcAddress
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
OpenProcess
api-ms-win-core-processenvironment-l1-2-0
SearchPathA
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
Exports
Exports
archive_bzlib_version
archive_clear_error
archive_compression
archive_compression_name
archive_copy_error
archive_entry_acl
archive_entry_acl_add_entry
archive_entry_acl_add_entry_w
archive_entry_acl_clear
archive_entry_acl_count
archive_entry_acl_from_text
archive_entry_acl_from_text_w
archive_entry_acl_next
archive_entry_acl_reset
archive_entry_acl_text
archive_entry_acl_text_w
archive_entry_acl_to_text
archive_entry_acl_to_text_w
archive_entry_acl_types
archive_entry_atime
archive_entry_atime_is_set
archive_entry_atime_nsec
archive_entry_birthtime
archive_entry_birthtime_is_set
archive_entry_birthtime_nsec
archive_entry_clear
archive_entry_clone
archive_entry_copy_bhfi
archive_entry_copy_fflags_text
archive_entry_copy_fflags_text_w
archive_entry_copy_gname
archive_entry_copy_gname_w
archive_entry_copy_hardlink
archive_entry_copy_hardlink_w
archive_entry_copy_link
archive_entry_copy_link_w
archive_entry_copy_mac_metadata
archive_entry_copy_pathname
archive_entry_copy_pathname_w
archive_entry_copy_sourcepath
archive_entry_copy_sourcepath_w
archive_entry_copy_stat
archive_entry_copy_symlink
archive_entry_copy_symlink_w
archive_entry_copy_uname
archive_entry_copy_uname_w
archive_entry_ctime
archive_entry_ctime_is_set
archive_entry_ctime_nsec
archive_entry_dev
archive_entry_dev_is_set
archive_entry_devmajor
archive_entry_devminor
archive_entry_digest
archive_entry_fflags
archive_entry_fflags_text
archive_entry_filetype
archive_entry_free
archive_entry_gid
archive_entry_gname
archive_entry_gname_utf8
archive_entry_gname_w
archive_entry_hardlink
archive_entry_hardlink_utf8
archive_entry_hardlink_w
archive_entry_ino
archive_entry_ino64
archive_entry_ino_is_set
archive_entry_is_data_encrypted
archive_entry_is_encrypted
archive_entry_is_metadata_encrypted
archive_entry_linkify
archive_entry_linkresolver_free
archive_entry_linkresolver_new
archive_entry_linkresolver_set_strategy
archive_entry_mac_metadata
archive_entry_mode
archive_entry_mtime
archive_entry_mtime_is_set
archive_entry_mtime_nsec
archive_entry_new
archive_entry_new2
archive_entry_nlink
archive_entry_partial_links
archive_entry_pathname
archive_entry_pathname_utf8
archive_entry_pathname_w
archive_entry_perm
archive_entry_rdev
archive_entry_rdevmajor
archive_entry_rdevminor
archive_entry_set_atime
archive_entry_set_birthtime
archive_entry_set_ctime
archive_entry_set_dev
archive_entry_set_devmajor
archive_entry_set_devminor
archive_entry_set_fflags
archive_entry_set_filetype
archive_entry_set_gid
archive_entry_set_gname
archive_entry_set_gname_utf8
archive_entry_set_hardlink
archive_entry_set_hardlink_utf8
archive_entry_set_ino
archive_entry_set_ino64
archive_entry_set_is_data_encrypted
archive_entry_set_is_metadata_encrypted
archive_entry_set_link
archive_entry_set_link_utf8
archive_entry_set_mode
archive_entry_set_mtime
archive_entry_set_nlink
archive_entry_set_pathname
archive_entry_set_pathname_utf8
archive_entry_set_perm
archive_entry_set_rdev
archive_entry_set_rdevmajor
archive_entry_set_rdevminor
archive_entry_set_size
archive_entry_set_symlink
archive_entry_set_symlink_type
archive_entry_set_symlink_utf8
archive_entry_set_uid
archive_entry_set_uname
archive_entry_set_uname_utf8
archive_entry_size
archive_entry_size_is_set
archive_entry_sourcepath
archive_entry_sourcepath_w
archive_entry_sparse_add_entry
archive_entry_sparse_clear
archive_entry_sparse_count
archive_entry_sparse_next
archive_entry_sparse_reset
archive_entry_stat
archive_entry_strmode
archive_entry_symlink
archive_entry_symlink_type
archive_entry_symlink_utf8
archive_entry_symlink_w
archive_entry_uid
archive_entry_uname
archive_entry_uname_utf8
archive_entry_uname_w
archive_entry_unset_atime
archive_entry_unset_birthtime
archive_entry_unset_ctime
archive_entry_unset_mtime
archive_entry_unset_size
archive_entry_update_gname_utf8
archive_entry_update_hardlink_utf8
archive_entry_update_link_utf8
archive_entry_update_pathname_utf8
archive_entry_update_symlink_utf8
archive_entry_update_uname_utf8
archive_entry_xattr_add_entry
archive_entry_xattr_clear
archive_entry_xattr_count
archive_entry_xattr_next
archive_entry_xattr_reset
archive_errno
archive_error_string
archive_file_count
archive_filter_bytes
archive_filter_code
archive_filter_count
archive_filter_name
archive_format
archive_format_name
archive_free
archive_liblz4_version
archive_liblzma_version
archive_libzstd_version
archive_match_exclude_entry
archive_match_exclude_pattern
archive_match_exclude_pattern_from_file
archive_match_exclude_pattern_from_file_w
archive_match_exclude_pattern_w
archive_match_excluded
archive_match_free
archive_match_include_date
archive_match_include_date_w
archive_match_include_file_time
archive_match_include_file_time_w
archive_match_include_gid
archive_match_include_gname
archive_match_include_gname_w
archive_match_include_pattern
archive_match_include_pattern_from_file
archive_match_include_pattern_from_file_w
archive_match_include_pattern_w
archive_match_include_time
archive_match_include_uid
archive_match_include_uname
archive_match_include_uname_w
archive_match_new
archive_match_owner_excluded
archive_match_path_excluded
archive_match_path_unmatched_inclusions
archive_match_path_unmatched_inclusions_next
archive_match_path_unmatched_inclusions_next_w
archive_match_set_inclusion_recursion
archive_match_time_excluded
archive_position_compressed
archive_position_uncompressed
archive_read_add_callback_data
archive_read_add_passphrase
archive_read_append_callback_data
archive_read_append_filter
archive_read_append_filter_program
archive_read_append_filter_program_signature
archive_read_close
archive_read_data
archive_read_data_block
archive_read_data_into_fd
archive_read_data_skip
archive_read_disk_can_descend
archive_read_disk_current_filesystem
archive_read_disk_current_filesystem_is_remote
archive_read_disk_current_filesystem_is_synthetic
archive_read_disk_descend
archive_read_disk_entry_from_file
archive_read_disk_gname
archive_read_disk_new
archive_read_disk_open
archive_read_disk_open_w
archive_read_disk_set_atime_restored
archive_read_disk_set_behavior
archive_read_disk_set_gname_lookup
archive_read_disk_set_matching
archive_read_disk_set_metadata_filter_callback
archive_read_disk_set_standard_lookup
archive_read_disk_set_symlink_hybrid
archive_read_disk_set_symlink_logical
archive_read_disk_set_symlink_physical
archive_read_disk_set_uname_lookup
archive_read_disk_uname
archive_read_extract
archive_read_extract2
archive_read_extract_set_progress_callback
archive_read_extract_set_skip_file
archive_read_finish
archive_read_format_capabilities
archive_read_free
archive_read_has_encrypted_entries
archive_read_header_position
archive_read_new
archive_read_next_header
archive_read_next_header2
archive_read_open
archive_read_open1
archive_read_open2
archive_read_open_FILE
archive_read_open_fd
archive_read_open_file
archive_read_open_filename
archive_read_open_filename_w
archive_read_open_filenames
archive_read_open_memory
archive_read_open_memory2
archive_read_prepend_callback_data
archive_read_set_callback_data
archive_read_set_callback_data2
archive_read_set_close_callback
archive_read_set_filter_option
archive_read_set_format
archive_read_set_format_option
archive_read_set_open_callback
archive_read_set_option
archive_read_set_options
archive_read_set_passphrase_callback
archive_read_set_read_callback
archive_read_set_seek_callback
archive_read_set_skip_callback
archive_read_set_switch_callback
archive_read_support_compression_all
archive_read_support_compression_bzip2
archive_read_support_compression_compress
archive_read_support_compression_gzip
archive_read_support_compression_lzip
archive_read_support_compression_lzma
archive_read_support_compression_none
archive_read_support_compression_program
archive_read_support_compression_program_signature
archive_read_support_compression_rpm
archive_read_support_compression_uu
archive_read_support_compression_xz
archive_read_support_filter_all
archive_read_support_filter_by_code
archive_read_support_filter_bzip2
archive_read_support_filter_compress
archive_read_support_filter_grzip
archive_read_support_filter_gzip
archive_read_support_filter_lrzip
archive_read_support_filter_lz4
archive_read_support_filter_lzip
archive_read_support_filter_lzma
archive_read_support_filter_lzop
archive_read_support_filter_none
archive_read_support_filter_program
archive_read_support_filter_program_signature
archive_read_support_filter_rpm
archive_read_support_filter_uu
archive_read_support_filter_xz
archive_read_support_filter_zstd
archive_read_support_format_7zip
archive_read_support_format_all
archive_read_support_format_ar
archive_read_support_format_by_code
archive_read_support_format_cab
archive_read_support_format_cpio
archive_read_support_format_empty
archive_read_support_format_gnutar
archive_read_support_format_iso9660
archive_read_support_format_lha
archive_read_support_format_mtree
archive_read_support_format_rar
archive_read_support_format_rar5
archive_read_support_format_raw
archive_read_support_format_tar
archive_read_support_format_warc
archive_read_support_format_xar
archive_read_support_format_zip
archive_read_support_format_zip_seekable
archive_read_support_format_zip_streamable
archive_seek_data
archive_set_error
archive_utility_string_sort
archive_version_details
archive_version_number
archive_version_string
archive_write_add_filter
archive_write_add_filter_b64encode
archive_write_add_filter_by_name
archive_write_add_filter_bzip2
archive_write_add_filter_compress
archive_write_add_filter_grzip
archive_write_add_filter_gzip
archive_write_add_filter_lrzip
archive_write_add_filter_lz4
archive_write_add_filter_lzip
archive_write_add_filter_lzma
archive_write_add_filter_lzop
archive_write_add_filter_none
archive_write_add_filter_program
archive_write_add_filter_uuencode
archive_write_add_filter_xz
archive_write_add_filter_zstd
archive_write_close
archive_write_data
archive_write_data_block
archive_write_disk_gid
archive_write_disk_new
archive_write_disk_set_group_lookup
archive_write_disk_set_options
archive_write_disk_set_skip_file
archive_write_disk_set_standard_lookup
archive_write_disk_set_user_lookup
archive_write_disk_uid
archive_write_fail
archive_write_finish
archive_write_finish_entry
archive_write_free
archive_write_get_bytes_in_last_block
archive_write_get_bytes_per_block
archive_write_header
archive_write_new
archive_write_open
archive_write_open2
archive_write_open_FILE
archive_write_open_fd
archive_write_open_file
archive_write_open_filename
archive_write_open_filename_w
archive_write_open_memory
archive_write_set_bytes_in_last_block
archive_write_set_bytes_per_block
archive_write_set_compression_bzip2
archive_write_set_compression_compress
archive_write_set_compression_gzip
archive_write_set_compression_lzip
archive_write_set_compression_lzma
archive_write_set_compression_none
archive_write_set_compression_program
archive_write_set_compression_xz
archive_write_set_filter_option
archive_write_set_format
archive_write_set_format_7zip
archive_write_set_format_ar_bsd
archive_write_set_format_ar_svr4
archive_write_set_format_by_name
archive_write_set_format_cpio
archive_write_set_format_cpio_bin
archive_write_set_format_cpio_newc
archive_write_set_format_cpio_odc
archive_write_set_format_cpio_pwb
archive_write_set_format_filter_by_ext
archive_write_set_format_filter_by_ext_def
archive_write_set_format_gnutar
archive_write_set_format_iso9660
archive_write_set_format_mtree
archive_write_set_format_mtree_classic
archive_write_set_format_option
archive_write_set_format_pax
archive_write_set_format_pax_restricted
archive_write_set_format_raw
archive_write_set_format_shar
archive_write_set_format_shar_dump
archive_write_set_format_ustar
archive_write_set_format_v7tar
archive_write_set_format_warc
archive_write_set_format_xar
archive_write_set_format_zip
archive_write_set_option
archive_write_set_options
archive_write_set_passphrase
archive_write_set_passphrase_callback
archive_write_set_skip_file
archive_write_zip_set_compression_deflate
archive_write_zip_set_compression_store
archive_zlib_version
Sections
.text Size: 504KB - Virtual size: 504KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
RT_CODE Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 135KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
archiveint/computecore.dll.dll windows:10 windows x64 arch:x64
Password: pass
b0142740cb888552373f0d8249a48ecc
Code Sign
33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05/05/2022, 19:23Not After04/05/2023, 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
be:00:74:6e:24:67:25:be:9b:b2:14:c8:e8:0c:c2:87:14:a5:91:b4:b2:10:0b:5c:11:7b:75:f7:b4:cc:3d:6fSigner
Actual PE Digestbe:00:74:6e:24:67:25:be:9b:b2:14:c8:e8:0c:c2:87:14:a5:91:b4:b2:10:0b:5c:11:7b:75:f7:b4:cc:3d:6fDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
computecore.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__isctype
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
memmove
_o__wcsicmp
_o__wcstoi64
_o__wcstoui64
_o__wtof
_o__wtoi64
_o_abort
_o_free
_o_isalnum
_o_isdigit
_o_ispunct
_o_iswalpha
_o_iswascii
_o_iswspace
_o_malloc
_o_strcpy_s
_o_terminate
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstoul
_o_wcstoull
__CxxFrameHandler3
_CxxThrowException
_o__errno
wcsstr
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
__std_terminate
__C_specific_handler
_o__execute_onexit_table
__CxxFrameHandler4
memcmp
memcpy
api-ms-win-crt-string-l1-1-0
wcsncmp
memset
kernelbase
LocalReAlloc
Sleep
LocalAlloc
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
api-ms-win-core-synch-l1-1-0
InitializeCriticalSection
SetEvent
CreateSemaphoreExW
ReleaseSemaphore
ResetEvent
CreateEventW
CreateEventExW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
api-ms-win-core-synch-l1-2-0
WakeAllConditionVariable
SleepConditionVariableSRW
WakeByAddressAll
InitOnceBeginInitialize
WaitOnAddress
InitOnceComplete
InitializeConditionVariable
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlPcToFileHeader
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-eventing-provider-l1-1-0
EventWriteEx
EventUnregister
EventActivityIdControl
EventEnabled
EventSetInformation
EventRegister
EventWriteTransfer
EventWrite
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegCloseKey
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
DebugBreak
IsDebuggerPresent
OutputDebugStringW
api-ms-win-core-errorhandling-l1-1-2
RaiseFailFastException
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-psapi-l1-1-0
K32GetModuleInformation
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-realtime-l1-1-0
QueryUnbiasedInterruptTime
api-ms-win-core-com-l1-1-0
CoTaskMemFree
CoCancelCall
CoCreateInstance
CoTaskMemAlloc
CoEnableCallCancellation
CoDisableCallCancellation
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolWork
CreateThreadpoolWait
CreateThreadpoolWork
CallbackMayRunLong
CreateThreadpoolTimer
SetThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
rpcrt4
RpcBindingBind
RpcBindingCreateW
RpcBindingFree
RpcExceptionFilter
UuidFromStringW
UuidCreate
NdrClientCall3
api-ms-win-core-file-l1-1-0
LockFileEx
GetDiskFreeSpaceW
UnlockFileEx
CompareFileTime
ReadFile
WriteFile
CreateFileW
GetFileTime
FlushFileBuffers
GetFinalPathNameByHandleW
GetFileSizeEx
CreateDirectoryW
SetFilePointerEx
SetEndOfFile
GetFileAttributesW
DeleteFileW
SetFileTime
GetFileInformationByHandle
api-ms-win-core-shlwapi-legacy-l1-1-0
PathIsUNCServerShareW
PathIsRelativeW
PathIsUNCServerW
PathRemoveFileSpecW
PathSkipRootW
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
OpenProcess
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
QueryPerformanceFrequency
api-ms-win-core-interlocked-l1-1-0
InterlockedFlushSList
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
api-ms-win-security-base-l1-1-0
GetSecurityDescriptorDacl
GetSidSubAuthority
GetSidLengthRequired
InitializeSid
CheckTokenMembership
CopySid
GetLengthSid
CreateWellKnownSid
api-ms-win-security-provider-l1-1-0
SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo
ntdll
RtlFreeHeap
NtOpenJobObject
RtlInitUnicodeString
RtlAllocateHeap
RtlDosPathNameToNtPathName_U_WithStatus
NtCreateFile
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlInitUnicodeStringEx
RtlDosPathNameToRelativeNtPathName_U_WithStatus
api-ms-win-core-path-l1-1-0
PathCchAddBackslash
PathCchRemoveFileSpec
api-ms-win-core-winrt-string-l1-1-0
WindowsCreateStringReference
api-ms-win-core-heap-obsolete-l1-1-0
LocalSize
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
MultiByteToWideChar
api-ms-win-core-io-l1-1-0
CancelIoEx
DeviceIoControl
GetOverlappedResult
api-ms-win-core-io-l1-1-1
GetOverlappedResultEx
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
combase
ord139
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
HcsCancelOperation
HcsCloseComputeSystem
HcsCloseOperation
HcsCloseProcess
HcsCrashComputeSystem
HcsCreateComputeSystem
HcsCreateComputeSystemInNamespace
HcsCreateEmptyGuestStateFile
HcsCreateEmptyRuntimeStateFile
HcsCreateOperation
HcsCreateProcess
HcsEnumerateComputeSystems
HcsEnumerateComputeSystemsInNamespace
HcsEnumerateVmWorkerProcesses
HcsFindVmWorkerProcesses
HcsGetComputeSystemFromOperation
HcsGetComputeSystemProperties
HcsGetOperationContext
HcsGetOperationId
HcsGetOperationResult
HcsGetOperationResultAndProcessInfo
HcsGetOperationType
HcsGetProcessFromOperation
HcsGetProcessInfo
HcsGetProcessProperties
HcsGetServiceProperties
HcsGetWorkerProcessJob
HcsGrantVmAccess
HcsGrantVmGroupAccess
HcsModifyComputeSystem
HcsModifyProcess
HcsModifyServiceSettings
HcsOpenComputeSystem
HcsOpenComputeSystemInNamespace
HcsOpenProcess
HcsPauseComputeSystem
HcsResumeComputeSystem
HcsRevokeVmAccess
HcsRevokeVmGroupAccess
HcsSaveComputeSystem
HcsSetComputeSystemCallback
HcsSetOperationCallback
HcsSetOperationContext
HcsSetProcessCallback
HcsShutDownComputeSystem
HcsSignalProcess
HcsStartComputeSystem
HcsStartVmWorkerProcess
HcsSubmitWerReport
HcsTerminateComputeSystem
HcsTerminateProcess
HcsWaitForOperationResult
HcsWaitForOperationResultAndProcessInfo
Sections
.text Size: 454KB - Virtual size: 453KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 159KB - Virtual size: 159KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 344B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
archiveint/pku2u.dll.dll windows:10 windows x64 arch:x64
Password: pass
5ba7c50e3ffb606856c6f25c653c72bd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
pku2u.pdb
Imports
msvcrt
strstr
free
malloc
_callnewh
_XcptFilter
_amsg_exit
sprintf_s
_lock
_unlock
__dllonexit
_onexit
memmove
memcmp
tolower
strncpy_s
memcpy
_initterm
wcsncmp
wcschr
_wcsicmp
_purecall
memmove_s
__C_specific_handler
memcpy_s
_vsnwprintf
memset
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW
GetProcAddress
GetModuleFileNameA
api-ms-win-core-synch-l1-1-0
ReleaseSemaphore
ReleaseSRWLockExclusive
ReleaseMutex
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared
InitializeCriticalSectionEx
CreateSemaphoreExW
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
CreateMutexExW
WaitForSingleObjectEx
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapFree
HeapAlloc
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
api-ms-win-core-processthreads-l1-1-0
SetThreadToken
GetCurrentThreadId
SetThreadStackGuarantee
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
OutputDebugStringW
DebugBreak
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-eventing-classicprovider-l1-1-0
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage
bcrypt
BCryptFinishHash
BCryptDestroyHash
BCryptCreateHash
BCryptHashData
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemInfo
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-threadpool-l1-2-0
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
api-ms-win-core-synch-l1-2-0
InitOnceComplete
InitOnceBeginInitialize
Sleep
sspicli
CredUnmarshalTargetInfo
CredMarshalTargetInfo
FreeContextBuffer
SspiGetTargetHostName
SspiLocalFree
QuerySecurityPackageInfoW
SspiFreeAuthIdentity
api-ms-win-core-profile-l1-1-0
QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-security-base-l1-1-0
FreeSid
RevertToSelf
AllocateAndInitializeSid
CheckTokenMembership
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
MultiByteToWideChar
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
api-ms-win-core-rtlsupport-l1-1-0
RtlCompareMemory
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
rpcrt4
NdrMesTypeEncode3
NdrMesTypeDecode3
NdrMesTypeAlignSize3
MesDecodeIncrementalHandleCreate
MesEncodeIncrementalHandleCreate
MesHandleFree
MesIncrementalHandleReset
I_RpcMapWin32Status
UuidCreate
msasn1
ASN1BERDecNotEndOfContents
ASN1BERDecSXVal
ASN1octetstring_free
ASN1DecSetError
ASN1BERDecExplicitTag
ASN1DEREncGeneralizedTime
ASN1BERDecGeneralizedTime
ASN1BERDecPeekTag
ASN1BEREncU32
ASN1BERDecOctetString
ASN1_FreeDecoded
ASN1_Decode
ASN1_FreeEncoded
ASN1_Encode
ASN1_CloseDecoder
ASN1_CloseEncoder
ASN1_CreateDecoder
ASN1_CreateEncoder
ASN1intx_setuint32
ASN1ztcharstring_free
ASN1bitstring_free
ASN1BERDecCharString
ASN1_CreateModule
ASN1BERDecU32Val
ASN1DEREncBitString
ASN1intx_free
ASN1BERDecZeroCharString
ASN1BEREncObjectIdentifier
ASN1BERDecObjectIdentifier
ASN1BERDecBitString
ASN1charstring_free
ASN1DEREncOctetString
ASN1BERDecS32Val
ASN1BEREncOpenType
ASN1BEREncSX
ASN1DecAlloc
ASN1Free
ASN1BERDecSkip
ASN1BEREncBool
ASN1BEREncEndOfContents
ASN1DEREncCharString
ASN1BEREncS32
ASN1EncSetError
ASN1objectidentifier_free
ASN1BERDecBool
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecOpenType2
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiA
lstrlenA
ntdll
RtlTimeToTimeFields
RtlValidSid
RtlLengthSid
RtlSubAuthorityCountSid
RtlLengthRequiredSid
RtlCopySid
RtlSubAuthoritySid
RtlEqualSid
RtlIdentifierAuthoritySid
RtlSystemTimeToLocalTime
NtQueryInformationToken
RtlTimeFieldsToTime
RtlCreateAcl
RtlAddAccessAllowedAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
RtlFreeSid
RtlCompareUnicodeString
RtlImageNtHeader
NtOpenProcessToken
RtlEqualDomainName
NtAllocateLocallyUniqueId
NtQuerySystemTime
NtSetInformationThread
NtOpenThreadToken
NtDuplicateObject
RtlFreeHeap
NtQueryWnfStateData
RtlEqualUnicodeString
NtClose
RtlInitUnicodeString
RtlFreeUnicodeString
RtlInitializeResource
RtlInitializeGenericTableAvl
RtlDeleteResource
RtlEnumerateGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlDeleteElementGenericTableAvl
RtlAcquireResourceExclusive
RtlInsertElementGenericTableAvl
RtlConvertSharedToExclusive
RtlReleaseResource
RtlLookupElementGenericTableAvl
RtlAcquireResourceShared
RtlInsertElementGenericTable
RtlLeaveCriticalSection
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlInitializeGenericTable
RtlAllocateAndInitializeSid
cryptdll
CDBuildIntegrityVect
CDFindCommonCSystem
CDGenerateRandomBits
CDLocateCSystem
CDLocateCheckSum
api-ms-win-core-memory-l1-1-0
VirtualQuery
VirtualAlloc
VirtualProtect
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllMain
SpLsaModeInitialize
SpUserModeInitialize
Sections
.text Size: 232KB - Virtual size: 232KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 38KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 456B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 908B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
archiveint/sfc_os.dll.dll windows:10 windows x64 arch:x64
Password: pass
9baa3994eb281cb30c87de1285042424
Code Sign
33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05/05/2022, 19:23Not After04/05/2023, 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1e:00:37:ab:a3:bc:e1:da:b4:be:b5:80:de:73:32:f9:0d:40:c6:05:18:c8:bb:96:9f:60:c7:92:3f:a6:01:d2Signer
Actual PE Digest1e:00:37:ab:a3:bc:e1:da:b4:be:b5:80:de:73:32:f9:0d:40:c6:05:18:c8:bb:96:9f:60:c7:92:3f:a6:01:d2Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
sfc_os.pdb
Imports
ntdll
RtlInitUnicodeString
NtReadFile
RtlReAllocateHeap
NtClose
ZwMapViewOfSection
NtQueryInformationFile
RtlCopyMappedMemory
RtlFreeHeap
ZwQueryInformationFile
NtQueryDirectoryFile
ZwClose
NtOpenFile
RtlNotifyFeatureUsage
RtlCreateServiceSid
RtlEqualSid
RtlCreateUnicodeString
RtlDosPathNameToNtPathName_U
RtlCopyUnicodeString
ZwCreateSection
ZwQueryWnfStateData
RtlAllocateHeap
ZwUnmapViewOfSection
__C_specific_handler
RtlVirtualUnwind
memmove
RtlFreeUnicodeString
RtlLookupFunctionEntry
RtlCaptureContext
RtlSetLastWin32Error
RtlNtStatusToDosError
ShipAssertMsgW
RtlQueryFeatureConfiguration
memcpy
memset
api-ms-win-core-libraryloader-l1-1-0
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
api-ms-win-core-errorhandling-l1-1-0
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
GetProcessHeap
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegGetKeySecurity
RegOpenKeyExW
api-ms-win-core-heap-obsolete-l1-1-0
LocalFree
LocalAlloc
api-ms-win-security-base-l1-1-0
GetAce
GetAclInformation
GetSecurityDescriptorDacl
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
Exports
Exports
BeginFileMapEnumeration
CloseFileMapEnumeration
GetNextFileMapContent
SRSetRestorePointA
SRSetRestorePointW
SfcClose
SfcConnectToServer
SfcFileException
SfcGetNextProtectedFile
SfcInitProt
SfcInitiateScan
SfcInstallProtectedFiles
SfcIsFileProtected
SfcIsKeyProtected
SfcTerminateWatcherThread
SfpDeleteCatalog
SfpInstallCatalog
SfpVerifyFile
Sections
.text Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
atmlib/AppVSentinel.dll.dll windows:10 windows x64 arch:x64
Password: pass
c37372e2ab23407cd77ee3a555bfe06c
Code Sign
33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05/05/2022, 19:23Not After04/05/2023, 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
75:ce:6f:3a:d5:e6:5f:3a:d4:84:cd:04:31:a3:e7:37:1c:ca:89:e2:3a:55:e6:68:6f:c4:b3:8b:ba:77:9e:5cSigner
Actual PE Digest75:ce:6f:3a:d5:e6:5f:3a:d4:84:cd:04:31:a3:e7:37:1c:ca:89:e2:3a:55:e6:68:6f:c4:b3:8b:ba:77:9e:5cDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
AppVSentinel.pdb
Imports
kernel32
DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sections
.text Size: 1024B - Virtual size: 690B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 60B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
atmlib/archiveint.dll.dll windows:10 windows x64 arch:x64
Password: pass
2241467b78b76f01e83484b49ec9a25b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
archiveint.pdb
Imports
api-ms-win-crt-string-l1-1-0
strcmp
strncpy
strspn
strcspn
strncmp
memset
wcsncmp
strnlen
wcsncpy
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__cexit
_o__close
_o__configure_narrow_argv
_o__ctime64_s
_o__errno
_o__execute_onexit_table
_o__fileno
_o__fseeki64
_o__get_osfhandle
_o__get_timezone
_o__gmtime64_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__localtime64_s
_o__lseeki64
_o__mkgmtime64
_o__mktime64
_o__open_osfhandle
_o__seh_filter_dll
_o__sopen_s
memmove
_o__umask
_o__wcsdup
_o__wrename
_o__wrmdir
_o__wsopen_s
_o__wunlink
_o_abort
_o_atoi
_o_bsearch
_o_calloc
_o_exit
_o_ferror
_o_fread
_o_free
_o_fwrite
_o_getenv
_o_isalnum
_o_isdigit
_o_isprint
_o_isspace
_o_isupper
_o_malloc
_o_mbstowcs
_o_qsort
_o_realloc
_o_setlocale
_o_strftime
_o_strtol
_o_tolower
_o_toupper
_o_wcrtomb
__C_specific_handler
_o___stdio_common_vsprintf
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___acrt_iob_func
_o____mb_cur_max_func
strstr
wcsrchr
wcschr
strchr
strrchr
memchr
memcmp
memcpy
_o__setmode
_o__strdup
bcrypt
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptDeriveKeyPBKDF2
BCryptCreateHash
BCryptFinishHash
BCryptHashData
BCryptEncrypt
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-security-cryptoapi-l1-1-0
CryptGenRandom
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
CryptReleaseContext
CryptHashData
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
api-ms-win-core-file-l1-1-0
GetDiskFreeSpaceW
FindNextFileW
FindClose
SetFileTime
ReadFile
CreateFileW
GetFileInformationByHandle
GetDriveTypeW
CreateDirectoryW
SetFilePointer
FindFirstFileA
SetEndOfFile
GetFileAttributesW
GetVolumePathNameW
GetFullPathNameW
WriteFile
GetFileAttributesA
CreateFileA
GetFileType
SetFileAttributesW
FindFirstFileW
api-ms-win-core-io-l1-1-1
CancelIo
api-ms-win-core-memory-l1-1-0
VirtualAlloc
VirtualFree
api-ms-win-core-io-l1-1-0
DeviceIoControl
GetOverlappedResult
api-ms-win-core-synch-l1-1-0
CreateEventW
ResetEvent
api-ms-win-core-handle-l1-1-0
DuplicateHandle
SetHandleInformation
CloseHandle
api-ms-win-core-namedpipe-l1-1-0
PeekNamedPipe
CreatePipe
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-localization-l1-2-0
GetOEMCP
IsValidCodePage
GetACP
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
WideCharToMultiByte
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
GetExitCodeProcess
GetCurrentThreadId
CreateProcessA
GetCurrentProcessId
TerminateProcess
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryA
api-ms-win-core-processenvironment-l1-1-0
GetStdHandle
GetCurrentDirectoryW
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
GetProcAddress
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
OpenProcess
api-ms-win-core-processenvironment-l1-2-0
SearchPathA
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
Exports
Exports
archive_bzlib_version
archive_clear_error
archive_compression
archive_compression_name
archive_copy_error
archive_entry_acl
archive_entry_acl_add_entry
archive_entry_acl_add_entry_w
archive_entry_acl_clear
archive_entry_acl_count
archive_entry_acl_from_text
archive_entry_acl_from_text_w
archive_entry_acl_next
archive_entry_acl_reset
archive_entry_acl_text
archive_entry_acl_text_w
archive_entry_acl_to_text
archive_entry_acl_to_text_w
archive_entry_acl_types
archive_entry_atime
archive_entry_atime_is_set
archive_entry_atime_nsec
archive_entry_birthtime
archive_entry_birthtime_is_set
archive_entry_birthtime_nsec
archive_entry_clear
archive_entry_clone
archive_entry_copy_bhfi
archive_entry_copy_fflags_text
archive_entry_copy_fflags_text_w
archive_entry_copy_gname
archive_entry_copy_gname_w
archive_entry_copy_hardlink
archive_entry_copy_hardlink_w
archive_entry_copy_link
archive_entry_copy_link_w
archive_entry_copy_mac_metadata
archive_entry_copy_pathname
archive_entry_copy_pathname_w
archive_entry_copy_sourcepath
archive_entry_copy_sourcepath_w
archive_entry_copy_stat
archive_entry_copy_symlink
archive_entry_copy_symlink_w
archive_entry_copy_uname
archive_entry_copy_uname_w
archive_entry_ctime
archive_entry_ctime_is_set
archive_entry_ctime_nsec
archive_entry_dev
archive_entry_dev_is_set
archive_entry_devmajor
archive_entry_devminor
archive_entry_digest
archive_entry_fflags
archive_entry_fflags_text
archive_entry_filetype
archive_entry_free
archive_entry_gid
archive_entry_gname
archive_entry_gname_utf8
archive_entry_gname_w
archive_entry_hardlink
archive_entry_hardlink_utf8
archive_entry_hardlink_w
archive_entry_ino
archive_entry_ino64
archive_entry_ino_is_set
archive_entry_is_data_encrypted
archive_entry_is_encrypted
archive_entry_is_metadata_encrypted
archive_entry_linkify
archive_entry_linkresolver_free
archive_entry_linkresolver_new
archive_entry_linkresolver_set_strategy
archive_entry_mac_metadata
archive_entry_mode
archive_entry_mtime
archive_entry_mtime_is_set
archive_entry_mtime_nsec
archive_entry_new
archive_entry_new2
archive_entry_nlink
archive_entry_partial_links
archive_entry_pathname
archive_entry_pathname_utf8
archive_entry_pathname_w
archive_entry_perm
archive_entry_rdev
archive_entry_rdevmajor
archive_entry_rdevminor
archive_entry_set_atime
archive_entry_set_birthtime
archive_entry_set_ctime
archive_entry_set_dev
archive_entry_set_devmajor
archive_entry_set_devminor
archive_entry_set_fflags
archive_entry_set_filetype
archive_entry_set_gid
archive_entry_set_gname
archive_entry_set_gname_utf8
archive_entry_set_hardlink
archive_entry_set_hardlink_utf8
archive_entry_set_ino
archive_entry_set_ino64
archive_entry_set_is_data_encrypted
archive_entry_set_is_metadata_encrypted
archive_entry_set_link
archive_entry_set_link_utf8
archive_entry_set_mode
archive_entry_set_mtime
archive_entry_set_nlink
archive_entry_set_pathname
archive_entry_set_pathname_utf8
archive_entry_set_perm
archive_entry_set_rdev
archive_entry_set_rdevmajor
archive_entry_set_rdevminor
archive_entry_set_size
archive_entry_set_symlink
archive_entry_set_symlink_type
archive_entry_set_symlink_utf8
archive_entry_set_uid
archive_entry_set_uname
archive_entry_set_uname_utf8
archive_entry_size
archive_entry_size_is_set
archive_entry_sourcepath
archive_entry_sourcepath_w
archive_entry_sparse_add_entry
archive_entry_sparse_clear
archive_entry_sparse_count
archive_entry_sparse_next
archive_entry_sparse_reset
archive_entry_stat
archive_entry_strmode
archive_entry_symlink
archive_entry_symlink_type
archive_entry_symlink_utf8
archive_entry_symlink_w
archive_entry_uid
archive_entry_uname
archive_entry_uname_utf8
archive_entry_uname_w
archive_entry_unset_atime
archive_entry_unset_birthtime
archive_entry_unset_ctime
archive_entry_unset_mtime
archive_entry_unset_size
archive_entry_update_gname_utf8
archive_entry_update_hardlink_utf8
archive_entry_update_link_utf8
archive_entry_update_pathname_utf8
archive_entry_update_symlink_utf8
archive_entry_update_uname_utf8
archive_entry_xattr_add_entry
archive_entry_xattr_clear
archive_entry_xattr_count
archive_entry_xattr_next
archive_entry_xattr_reset
archive_errno
archive_error_string
archive_file_count
archive_filter_bytes
archive_filter_code
archive_filter_count
archive_filter_name
archive_format
archive_format_name
archive_free
archive_liblz4_version
archive_liblzma_version
archive_libzstd_version
archive_match_exclude_entry
archive_match_exclude_pattern
archive_match_exclude_pattern_from_file
archive_match_exclude_pattern_from_file_w
archive_match_exclude_pattern_w
archive_match_excluded
archive_match_free
archive_match_include_date
archive_match_include_date_w
archive_match_include_file_time
archive_match_include_file_time_w
archive_match_include_gid
archive_match_include_gname
archive_match_include_gname_w
archive_match_include_pattern
archive_match_include_pattern_from_file
archive_match_include_pattern_from_file_w
archive_match_include_pattern_w
archive_match_include_time
archive_match_include_uid
archive_match_include_uname
archive_match_include_uname_w
archive_match_new
archive_match_owner_excluded
archive_match_path_excluded
archive_match_path_unmatched_inclusions
archive_match_path_unmatched_inclusions_next
archive_match_path_unmatched_inclusions_next_w
archive_match_set_inclusion_recursion
archive_match_time_excluded
archive_position_compressed
archive_position_uncompressed
archive_read_add_callback_data
archive_read_add_passphrase
archive_read_append_callback_data
archive_read_append_filter
archive_read_append_filter_program
archive_read_append_filter_program_signature
archive_read_close
archive_read_data
archive_read_data_block
archive_read_data_into_fd
archive_read_data_skip
archive_read_disk_can_descend
archive_read_disk_current_filesystem
archive_read_disk_current_filesystem_is_remote
archive_read_disk_current_filesystem_is_synthetic
archive_read_disk_descend
archive_read_disk_entry_from_file
archive_read_disk_gname
archive_read_disk_new
archive_read_disk_open
archive_read_disk_open_w
archive_read_disk_set_atime_restored
archive_read_disk_set_behavior
archive_read_disk_set_gname_lookup
archive_read_disk_set_matching
archive_read_disk_set_metadata_filter_callback
archive_read_disk_set_standard_lookup
archive_read_disk_set_symlink_hybrid
archive_read_disk_set_symlink_logical
archive_read_disk_set_symlink_physical
archive_read_disk_set_uname_lookup
archive_read_disk_uname
archive_read_extract
archive_read_extract2
archive_read_extract_set_progress_callback
archive_read_extract_set_skip_file
archive_read_finish
archive_read_format_capabilities
archive_read_free
archive_read_has_encrypted_entries
archive_read_header_position
archive_read_new
archive_read_next_header
archive_read_next_header2
archive_read_open
archive_read_open1
archive_read_open2
archive_read_open_FILE
archive_read_open_fd
archive_read_open_file
archive_read_open_filename
archive_read_open_filename_w
archive_read_open_filenames
archive_read_open_memory
archive_read_open_memory2
archive_read_prepend_callback_data
archive_read_set_callback_data
archive_read_set_callback_data2
archive_read_set_close_callback
archive_read_set_filter_option
archive_read_set_format
archive_read_set_format_option
archive_read_set_open_callback
archive_read_set_option
archive_read_set_options
archive_read_set_passphrase_callback
archive_read_set_read_callback
archive_read_set_seek_callback
archive_read_set_skip_callback
archive_read_set_switch_callback
archive_read_support_compression_all
archive_read_support_compression_bzip2
archive_read_support_compression_compress
archive_read_support_compression_gzip
archive_read_support_compression_lzip
archive_read_support_compression_lzma
archive_read_support_compression_none
archive_read_support_compression_program
archive_read_support_compression_program_signature
archive_read_support_compression_rpm
archive_read_support_compression_uu
archive_read_support_compression_xz
archive_read_support_filter_all
archive_read_support_filter_by_code
archive_read_support_filter_bzip2
archive_read_support_filter_compress
archive_read_support_filter_grzip
archive_read_support_filter_gzip
archive_read_support_filter_lrzip
archive_read_support_filter_lz4
archive_read_support_filter_lzip
archive_read_support_filter_lzma
archive_read_support_filter_lzop
archive_read_support_filter_none
archive_read_support_filter_program
archive_read_support_filter_program_signature
archive_read_support_filter_rpm
archive_read_support_filter_uu
archive_read_support_filter_xz
archive_read_support_filter_zstd
archive_read_support_format_7zip
archive_read_support_format_all
archive_read_support_format_ar
archive_read_support_format_by_code
archive_read_support_format_cab
archive_read_support_format_cpio
archive_read_support_format_empty
archive_read_support_format_gnutar
archive_read_support_format_iso9660
archive_read_support_format_lha
archive_read_support_format_mtree
archive_read_support_format_rar
archive_read_support_format_rar5
archive_read_support_format_raw
archive_read_support_format_tar
archive_read_support_format_warc
archive_read_support_format_xar
archive_read_support_format_zip
archive_read_support_format_zip_seekable
archive_read_support_format_zip_streamable
archive_seek_data
archive_set_error
archive_utility_string_sort
archive_version_details
archive_version_number
archive_version_string
archive_write_add_filter
archive_write_add_filter_b64encode
archive_write_add_filter_by_name
archive_write_add_filter_bzip2
archive_write_add_filter_compress
archive_write_add_filter_grzip
archive_write_add_filter_gzip
archive_write_add_filter_lrzip
archive_write_add_filter_lz4
archive_write_add_filter_lzip
archive_write_add_filter_lzma
archive_write_add_filter_lzop
archive_write_add_filter_none
archive_write_add_filter_program
archive_write_add_filter_uuencode
archive_write_add_filter_xz
archive_write_add_filter_zstd
archive_write_close
archive_write_data
archive_write_data_block
archive_write_disk_gid
archive_write_disk_new
archive_write_disk_set_group_lookup
archive_write_disk_set_options
archive_write_disk_set_skip_file
archive_write_disk_set_standard_lookup
archive_write_disk_set_user_lookup
archive_write_disk_uid
archive_write_fail
archive_write_finish
archive_write_finish_entry
archive_write_free
archive_write_get_bytes_in_last_block
archive_write_get_bytes_per_block
archive_write_header
archive_write_new
archive_write_open
archive_write_open2
archive_write_open_FILE
archive_write_open_fd
archive_write_open_file
archive_write_open_filename
archive_write_open_filename_w
archive_write_open_memory
archive_write_set_bytes_in_last_block
archive_write_set_bytes_per_block
archive_write_set_compression_bzip2
archive_write_set_compression_compress
archive_write_set_compression_gzip
archive_write_set_compression_lzip
archive_write_set_compression_lzma
archive_write_set_compression_none
archive_write_set_compression_program
archive_write_set_compression_xz
archive_write_set_filter_option
archive_write_set_format
archive_write_set_format_7zip
archive_write_set_format_ar_bsd
archive_write_set_format_ar_svr4
archive_write_set_format_by_name
archive_write_set_format_cpio
archive_write_set_format_cpio_bin
archive_write_set_format_cpio_newc
archive_write_set_format_cpio_odc
archive_write_set_format_cpio_pwb
archive_write_set_format_filter_by_ext
archive_write_set_format_filter_by_ext_def
archive_write_set_format_gnutar
archive_write_set_format_iso9660
archive_write_set_format_mtree
archive_write_set_format_mtree_classic
archive_write_set_format_option
archive_write_set_format_pax
archive_write_set_format_pax_restricted
archive_write_set_format_raw
archive_write_set_format_shar
archive_write_set_format_shar_dump
archive_write_set_format_ustar
archive_write_set_format_v7tar
archive_write_set_format_warc
archive_write_set_format_xar
archive_write_set_format_zip
archive_write_set_option
archive_write_set_options
archive_write_set_passphrase
archive_write_set_passphrase_callback
archive_write_set_skip_file
archive_write_zip_set_compression_deflate
archive_write_zip_set_compression_store
archive_zlib_version
Sections
.text Size: 504KB - Virtual size: 504KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
RT_CODE Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 135KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
atmlib/atmlib.dll.dll windows:10 windows x64 arch:x64
Password: pass
dca81598264d4776320e44d27adaa723
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
atmlib.pdb
Imports
api-ms-win-crt-string-l1-1-0
wcsncmp
memset
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memmove
_o__stricmp
_o__wcsicmp
_o_atoi
_o_calloc
_o_free
_o_iswdigit
_o_malloc
_o_realloc
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
wcsrchr
wcschr
__C_specific_handler
kernel32
ReadFile
ReleaseSemaphore
WriteFile
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
MapViewOfFile
CreateFileMappingW
GetFileInformationByHandle
UnmapViewOfFile
_lwrite
WideCharToMultiByte
CreateSemaphoreW
GetFileSize
GetWindowsDirectoryW
ResetEvent
CloseHandle
DisableThreadLibraryCalls
SetEvent
GetLastError
MultiByteToWideChar
CreateEventW
GetSystemDefaultLangID
ReleaseMutex
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
SetFilePointer
WaitForMultipleObjects
gdi32
GetGlyphOutlineW
GetFontResourceInfoW
RemoveFontResourceExW
AddFontResourceExW
NamedEscape
EnumFontFamiliesExW
GetFontData
user32
GetDC
ReleaseDC
PostMessageW
advapi32
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
Exports
Exports
ATMAddFont
ATMAddFontA
ATMAddFontEx
ATMAddFontExA
ATMAddFontExW
ATMAddFontW
ATMBBoxBaseXYShowText
ATMBBoxBaseXYShowTextA
ATMBBoxBaseXYShowTextW
ATMBeginFontChange
ATMClient
ATMEndFontChange
ATMEnumFonts
ATMEnumFontsA
ATMEnumFontsW
ATMEnumMMFonts
ATMEnumMMFontsA
ATMEnumMMFontsW
ATMFinish
ATMFontAvailable
ATMFontAvailableA
ATMFontAvailableW
ATMFontSelected
ATMFontStatus
ATMFontStatusA
ATMFontStatusW
ATMForceFontChange
ATMGetBuildStr
ATMGetBuildStrA
ATMGetBuildStrW
ATMGetFontBBox
ATMGetFontInfo
ATMGetFontInfoA
ATMGetFontInfoW
ATMGetFontPaths
ATMGetFontPathsA
ATMGetFontPathsW
ATMGetGlyphList
ATMGetGlyphListA
ATMGetGlyphListW
ATMGetMenuName
ATMGetMenuNameA
ATMGetMenuNameW
ATMGetNtmFields
ATMGetNtmFieldsA
ATMGetNtmFieldsW
ATMGetOutline
ATMGetOutlineA
ATMGetOutlineW
ATMGetPostScriptName
ATMGetPostScriptNameA
ATMGetPostScriptNameW
ATMGetVersion
ATMGetVersionEx
ATMGetVersionExA
ATMGetVersionExW
ATMInstallSubstFontA
ATMInstallSubstFontW
ATMMakePFM
ATMMakePFMA
ATMMakePFMW
ATMMakePSS
ATMMakePSSA
ATMMakePSSW
ATMProperlyLoaded
ATMRemoveFont
ATMRemoveFontA
ATMRemoveFontW
ATMRemoveSubstFontA
ATMRemoveSubstFontW
ATMSelectEncoding
ATMSelectObject
ATMSetFlags
ATMXYShowText
ATMXYShowTextA
ATMXYShowTextW
Sections
.text Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
atmlib/auditcse.dll.dll windows:10 windows x64 arch:x64
Password: pass
c5f926b8cbae0a5a83ebbf22a4a1c921
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
auditcse.pdb
Imports
msvcp110_win
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
msvcrt
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
tolower
memcpy
memcmp
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
memmove
fclose
_wfopen_s
feof
fgetws
_wtoi
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
__CxxFrameHandler3
??3@YAXPEAX@Z
_CxxThrowException
__RTDynamicCast
api-ms-win-core-errorhandling-l1-1-0
SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
DisableThreadLibraryCalls
FreeLibraryAndExitThread
LoadLibraryExW
api-ms-win-eventing-classicprovider-l1-1-0
RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetCurrentThread
TerminateProcess
OpenThreadToken
GetCurrentProcess
api-ms-win-core-handle-l1-1-0
CloseHandle
userenv
ProcessGroupPolicyCompletedEx
api-ms-win-security-sddl-l1-1-0
ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-security-base-l1-1-0
GetLengthSid
CopySid
AdjustTokenPrivileges
PrivilegeCheck
RevertToSelf
ImpersonateSelf
GetSecurityDescriptorSacl
api-ms-win-security-lsalookup-l2-1-0
LookupPrivilegeValueW
api-ms-win-core-registry-l1-1-0
RegSetValueExW
RegOpenKeyExW
RegCloseKey
rpcrt4
UuidToStringW
RpcStringFreeW
UuidFromStringW
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-file-l2-1-2
CopyFileW
oleaut32
SafeArrayPutElement
SysAllocString
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantInit
SysFreeString
SafeArrayDestroy
api-ms-win-core-com-l1-1-0
CoCreateGuid
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventEnabled
EventWrite
EventRegister
api-ms-win-core-synch-l1-1-0
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
advapi32
AuditFree
AuditEnumerateSubCategories
LsaSetCAPs
AuditSetGlobalSaclW
AuditSetPerUserPolicy
AuditSetSystemPolicy
AuditLookupSubCategoryNameW
shell32
SHCreateDirectoryExW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
GenerateGroupPolicy
GenerateGroupPolicyCap
ProcessGroupPolicyEx
ProcessGroupPolicyExCap
Sections
.text Size: 124KB - Virtual size: 123KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 324B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
mf/RpcNs4.dll.dll windows:10 windows x64 arch:x64
e06944c518403f775c9c3d3b5156ca77
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
RpcNs4.pdb
Imports
ntdll
RtlIntegerToUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DbgPrint
WinSqmIncrementDWORD
WinSqmIsOptedIn
DbgPrintEx
advapi32
DeregisterEventSource
ReportEventW
RegisterEventSourceW
kernel32
TerminateProcess
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCommandLineW
GetLastError
GetCurrentProcessId
QueryPerformanceCounter
Exports
Exports
I_RpcNsGetBuffer
I_RpcNsNegotiateTransferSyntax
I_RpcNsRaiseException
I_RpcNsSendReceive
I_RpcReBindBuffer
RpcIfIdVectorFree
RpcNsBindingExportA
RpcNsBindingExportPnPA
RpcNsBindingExportPnPW
RpcNsBindingExportW
RpcNsBindingImportBeginA
RpcNsBindingImportBeginW
RpcNsBindingImportDone
RpcNsBindingImportNext
RpcNsBindingLookupBeginA
RpcNsBindingLookupBeginW
RpcNsBindingLookupDone
RpcNsBindingLookupNext
RpcNsBindingSelect
RpcNsBindingUnexportA
RpcNsBindingUnexportPnPA
RpcNsBindingUnexportPnPW
RpcNsBindingUnexportW
RpcNsEntryExpandNameA
RpcNsEntryExpandNameW
RpcNsEntryObjectInqBeginA
RpcNsEntryObjectInqBeginW
RpcNsEntryObjectInqDone
RpcNsEntryObjectInqNext
RpcNsGroupDeleteA
RpcNsGroupDeleteW
RpcNsGroupMbrAddA
RpcNsGroupMbrAddW
RpcNsGroupMbrInqBeginA
RpcNsGroupMbrInqBeginW
RpcNsGroupMbrInqDone
RpcNsGroupMbrInqNextA
RpcNsGroupMbrInqNextW
RpcNsGroupMbrRemoveA
RpcNsGroupMbrRemoveW
RpcNsMgmtBindingUnexportA
RpcNsMgmtBindingUnexportW
RpcNsMgmtEntryCreateA
RpcNsMgmtEntryCreateW
RpcNsMgmtEntryDeleteA
RpcNsMgmtEntryDeleteW
RpcNsMgmtEntryInqIfIdsA
RpcNsMgmtEntryInqIfIdsW
RpcNsMgmtHandleSetExpAge
RpcNsMgmtInqExpAge
RpcNsMgmtSetExpAge
RpcNsProfileDeleteA
RpcNsProfileDeleteW
RpcNsProfileEltAddA
RpcNsProfileEltAddW
RpcNsProfileEltInqBeginA
RpcNsProfileEltInqBeginW
RpcNsProfileEltInqDone
RpcNsProfileEltInqNextA
RpcNsProfileEltInqNextW
RpcNsProfileEltRemoveA
RpcNsProfileEltRemoveW
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
mf/efsadu.dll.dll windows:10 windows x64 arch:x64
22108691ed39e78a38deaea0fac66aa4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
efsadu.pdb
Imports
mfc42u
ord6351
ord4721
ord5245
ord287
ord2906
ord2517
ord5077
ord1442
ord6614
ord6328
ord4609
ord4473
ord4257
ord2975
ord5887
ord2661
ord6632
ord4548
ord6385
ord3761
ord4771
ord5702
ord4365
ord1777
ord6437
ord5406
ord5687
ord6886
ord2629
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord4557
ord1577
ord1463
ord2329
ord1126
ord1040
ord626
ord912
ord3806
ord3501
ord4747
ord2593
ord822
ord665
ord6440
ord1067
ord3743
ord4988
ord3535
ord5699
ord2586
ord852
ord337
ord6813
ord4836
ord2140
ord2457
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord5683
ord1736
ord5484
ord3933
ord2412
ord3468
ord3417
ord5722
ord5724
ord6814
ord4368
ord2060
ord2670
ord4789
ord5065
ord5730
ord5711
ord5229
ord4017
ord6053
ord3049
ord3243
ord5712
ord4694
ord3362
ord4815
ord3231
ord3366
ord3052
ord6812
ord3166
ord5586
ord3046
ord4082
ord2399
ord4083
ord5663
ord4077
ord3164
ord4371
ord4983
ord4741
ord4770
ord3916
ord2752
ord1491
ord1778
ord1063
ord659
ord4598
ord4752
ord6887
msvcrt
memmove
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
??1exception@@UEAA@XZ
??1type_info@@UEAA@XZ
strcmp
memset
_onexit
__dllonexit
_unlock
_CxxThrowException
_initterm
_amsg_exit
_XcptFilter
_wcsicmp
_ltow_s
free
malloc
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memcmp
_lock
_wcsnicmp
wcsncmp
toupper
??0exception@@QEAA@XZ
memcpy
__CxxFrameHandler3
shell32
SHChangeNotifySuspendResume
ord190
Shell_NotifyIconW
ord155
SHCreateItemFromParsingName
SHGetFolderPathW
shlwapi
ord278
StrDupW
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameW
LoadStringW
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
api-ms-win-core-synch-l1-1-0
ReleaseMutex
CreateMutexExW
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockExclusive
WaitForSingleObject
OpenSemaphoreW
OpenEventW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
CreateThread
GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
api-ms-win-core-localization-l1-2-0
GetLocaleInfoEx
IdnToAscii
FormatMessageW
GetUserPreferredUILanguages
api-ms-win-core-debug-l1-1-0
DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA
api-ms-win-core-handle-l1-1-0
CloseHandle
dsrole
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
crypt32
CertGetNameStringW
CertFindExtension
CertAddCertificateLinkToStore
CryptEncodeObjectEx
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptStringToBinaryW
CertGetEnhancedKeyUsage
CertVerifyTimeValidity
CertSetCertificateContextProperty
CertFreeCertificateContext
CryptBinaryToStringW
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CryptDecodeObject
CertCreateCertificateContext
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
api-ms-win-security-credentials-l1-1-0
CredMarshalCredentialW
CredFree
api-ms-win-core-com-l1-1-0
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
oleaut32
SysAllocString
SysStringByteLen
SysFreeString
api-ms-win-core-registry-l1-1-0
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
rpcrt4
RpcStringFreeW
UuidCreateNil
UuidToStringW
UuidCreate
UuidFromStringW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-file-l1-1-0
FindClose
FindNextFileW
GetFullPathNameW
FindFirstFileExW
GetFileAttributesW
api-ms-win-core-processenvironment-l1-1-0
SetCurrentDirectoryW
GetCurrentDirectoryW
api-ms-win-service-management-l1-1-0
OpenSCManagerW
CloseServiceHandle
OpenServiceW
api-ms-win-service-management-l2-1-0
ChangeServiceConfigW
api-ms-win-eventing-provider-l1-1-0
EventSetInformation
EventProviderEnabled
EventRegister
EventUnregister
EventWrite
EventEnabled
api-ms-win-security-base-l1-1-0
GetTokenInformation
CheckTokenMembership
GetLengthSid
CopySid
EqualSid
wldap32
ord18
ord26
ord140
ord41
ord13
ord224
ord170
ord73
ord16
ord208
logoncli
DsGetDcNameW
netutils
NetApiBufferFree
userenv
RefreshPolicy
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
efsutil
EfsUtilGetUserKey
EfsUtilGetCertContextFromCertHash
EfsUtilSetSmartcardPin
EfsUtilApplyGroupPolicy
EfsUtilCreateSelfSignedCertificate
EfsUtilGetCurrentUserInformation
EfsUtilCheckCurrentKeyCapabilities
EfsUtilSmartcardCredsNeededError
EfsUtilGetSmartcardProviderName
EfsUtilReleaseUserKey
EfsUtilGetCurrentKey
vaultcli
VaultFree
VaultOpenVault
VaultGetItem
VaultCloseVault
advapi32
SetUserFileEncryptionKeyEx
CryptSetProvParam
QueryUsersOnEncryptedFile
UsePinForEncryptedFilesW
RegGetValueW
LsaClose
LsaFreeMemory
LsaLookupSids
EventWriteTransfer
ConvertStringSidToSidW
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
AddUsersToEncryptedFile
RemoveUsersFromEncryptedFile
LsaOpenPolicy
EncryptFileW
credui
CredUIPromptForWindowsCredentialsW
CredUnPackAuthenticationBufferW
CredPackAuthenticationBufferW
cryptui
CryptUIDlgSelectCertificateW
CryptUIWizExport
feclient
EfsClientGetKeyInfo
EfsClientFreeKeyInfo
EfsClientFreeProtectorList
EfsClientQueryProtectors
kernel32
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
LoadLibraryExW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetComputerNameW
QueryActCtxW
CreateActCtxW
ntdll
RtlNtStatusToDosError
RtlAllocateAndInitializeSid
RtlFreeSid
NtQueryInformationToken
ole32
CoInitialize
urlmon
CreateUri
user32
EnableWindow
DispatchMessageW
SetTimer
LoadIconW
DefWindowProcW
PostQuitMessage
MessageBoxW
GetClientRect
SendMessageW
PostMessageW
DestroyWindow
TranslateMessage
GetMessageW
KillTimer
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
AddUserToObjectW
BackCurrentEfsCert
EfsDetail
EfsUIUtilCheckScardStatus
EfsUIUtilCreateSelfSignedCertificate
EfsUIUtilEncryptMyDocuments
EfsUIUtilEnrollEfsCertificate
EfsUIUtilEnrollEfsCertificateEx
EfsUIUtilInstallDra
EfsUIUtilKeyBackup
EfsUIUtilPromptForPin
EfsUIUtilPromptForPinDialog
EfsUIUtilSelectCard
EfsUIUtilShowBalloonAndWait
Sections
.text Size: 64KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 552B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
mf/hotplug.dll.dll windows:10 windows x64 arch:x64
3341bc2ede2baeeaf8f8cfa9cad95970
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
HOTPLUG.pdb
Imports
msvcrt
??1type_info@@UEAA@XZ
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
__C_specific_handler
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
wcschr
_callnewh
_vsnwprintf
?what@exception@@UEBAPEBDXZ
memset
ntdll
NtClose
NtOpenThreadToken
NtOpenProcessToken
NtQueryInformationToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
kernel32
GetLastError
GetModuleHandleW
lstrcmpiW
WaitNamedPipeW
GetModuleHandleExW
FreeLibraryAndExitThread
GetExitCodeThread
Sleep
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FormatMessageW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetVolumeNameForVolumeMountPointW
LoadLibraryW
lstrcmpW
LocalFree
LocalAlloc
ReadFile
GetProcAddress
CreateFileW
GetCurrentProcess
CloseHandle
DisableThreadLibraryCalls
ResolveDelayLoadedAPI
SetEvent
CreateEventW
WaitForSingleObject
TerminateProcess
FreeLibrary
DelayLoadFailureHook
OpenEventW
advapi32
RegQueryValueExW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
RegCloseKey
GetTokenInformation
GetServiceDisplayNameW
RegCreateKeyW
LookupPrivilegeValueW
OpenProcessToken
user32
GetClassInfoW
ShowWindow
GetWindowLongPtrW
EndDialog
ScreenToClient
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
PostMessageW
GetMessagePos
DefWindowProcW
SetProcessDPIAware
FindWindowW
TranslateMessage
PeekMessageW
IsWindow
MsgWaitForMultipleObjects
GetMessageW
ReleaseDC
InvalidateRect
LoadImageW
GetProcessDefaultLayout
GetDC
GetWindow
PostQuitMessage
IsDialogMessageW
MessageBoxW
GetParent
DialogBoxParamW
EnableWindow
LoadStringW
SendMessageW
GetSystemMetrics
CheckDlgButton
SetDlgItemTextW
RegisterClassW
GetSysColor
IsDlgButtonChecked
LoadIconW
LoadCursorW
SetCursor
GetDlgItem
DispatchMessageW
KillTimer
DestroyIcon
SetTimer
gdi32
GetDeviceCaps
comctl32
ImageList_Destroy
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Remove
ImageList_GetImageCount
ImageList_SetOverlayImage
ImageList_Create
cfgmgr32
CM_Locate_DevNodeW
CM_Request_Device_Eject_ExW
CM_Is_Dock_Station_Present
CM_Get_Parent_Ex
CM_Get_Device_Interface_List_SizeW
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_Property_ExW
CM_Get_DevNode_Status_Ex
CM_Get_Device_ID_List_ExW
CM_Get_Device_ID_List_Size_ExW
CM_Get_Device_ID_ExW
CM_Locate_DevNode_ExW
CM_Get_Child_Ex
CM_Open_DevNode_Key_Ex
CM_Get_Sibling_Ex
CM_Get_Device_Interface_ListW
setupapi
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiLoadDeviceIcon
SetupDiOpenDeviceInfoW
pSetupGuidFromString
shell32
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
shlwapi
StrChrW
ord219
api-ms-win-core-com-l1-1-0
CoCreateInstance
CoUninitialize
CoInitializeEx
Exports
Exports
CPlApplet
DllGetClassObject
HotPlugChildWithInvalidIdW
HotPlugDriverBlockedW
HotPlugEjectDevice
HotPlugEjectDeviceEx
HotPlugEjectVetoedW
HotPlugHibernateVetoedW
HotPlugRemovalVetoedW
HotPlugSafeRemovalDriveNotificationW
HotPlugSafeRemovalNotificationW
HotPlugStandbyVetoedW
HotPlugWarmEjectVetoedW
Sections
.text Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 72B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
mf/mf.dll.dll windows:10 windows x64 arch:x64
6ed0763eb41092a066b0c582532cc19f
Code Sign
33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8bCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05/05/2022, 19:23Not After04/05/2023, 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
10:74:a7:f5:36:cc:33:ee:c7:fe:4d:94:12:e2:be:4f:13:b4:f2:86:8c:76:95:d6:2e:20:e9:3d:eb:90:6d:66Signer
Actual PE Digest10:74:a7:f5:36:cc:33:ee:c7:fe:4d:94:12:e2:be:4f:13:b4:f2:86:8c:76:95:d6:2e:20:e9:3d:eb:90:6d:66Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
mf.pdb
Imports
msvcrt
wcsnlen
_wcsnicmp
wcscat_s
_initterm
strncpy_s
_lock
qsort
wcsncmp
__C_specific_handler
__CxxFrameHandler3
memmove
memcpy
_XcptFilter
memchr
_amsg_exit
_onexit
_wcsicmp
_vsnwprintf
wcsncpy_s
malloc
__dllonexit
free
_errno
wcscpy_s
wcsrchr
memmove_s
realloc
_callnewh
_unlock
_purecall
memcpy_s
memcmp
strnlen
memset
ntdll
RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDeleteFunctionTable
RtlAddFunctionTable
NtQuerySystemInformation
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExW
LoadStringW
GetModuleFileNameA
SizeofResource
LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadResource
FindResourceExW
GetModuleFileNameW
DisableThreadLibraryCalls
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
api-ms-win-core-synch-l1-1-0
EnterCriticalSection
OpenSemaphoreW
SetEvent
ReleaseSemaphore
WaitForSingleObjectEx
CreateMutexExW
LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeSRWLock
CreateEventW
CreateSemaphoreExW
ReleaseMutex
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventWriteTransfer
EventUnregister
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
CompareStringOrdinal
api-ms-win-core-processthreads-l1-1-0
CreateThread
TerminateProcess
TlsGetValue
GetCurrentProcessId
ProcessIdToSessionId
GetCurrentThread
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceExecuteOnce
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-memory-l1-1-0
VirtualFree
VirtualAlloc
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
api-ms-win-core-errorhandling-l1-1-2
RaiseFailFastException
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-debug-l1-1-0
DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapFree
HeapAlloc
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-localization-l1-2-0
GetUserDefaultLCID
FormatMessageW
api-ms-win-core-file-l1-1-0
WriteFile
CreateFileW
GetFileSize
GetFinalPathNameByHandleW
GetDiskFreeSpaceW
GetFullPathNameW
ReadFile
api-ms-win-core-shlwapi-legacy-l1-1-0
PathSkipRootW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-processenvironment-l1-1-0
GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime
GlobalMemoryStatusEx
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-kernel32-legacy-l1-1-0
GetComputerNameW
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
rpcrt4
UuidFromStringW
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
AppendPropVariant
ConvertPropVariant
CopyPropertyStore
CreateNamedPropertyStore
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ExtractPropVariant
MFCreate3GPMediaSink
MFCreateAC3MediaSink
MFCreateADTSMediaSink
MFCreateASFByteStreamPlugin
MFCreateASFContentInfo
MFCreateASFIndexer
MFCreateASFIndexerByteStream
MFCreateASFMediaSink
MFCreateASFMediaSinkActivate
MFCreateASFMultiplexer
MFCreateASFProfile
MFCreateASFProfileFromPresentationDescriptor
MFCreateASFSplitter
MFCreateASFStreamSelector
MFCreateASFStreamingMediaSink
MFCreateASFStreamingMediaSinkActivate
MFCreateAggregateSource
MFCreateAppSourceProxy
MFCreateAudioRenderer
MFCreateAudioRendererActivate
MFCreateByteCacheFile
MFCreateCacheManager
MFCreateCredentialCache
MFCreateDeviceSource
MFCreateDeviceSourceActivate
MFCreateDrmNetNDSchemePlugin
MFCreateEncryptedMediaExtensionsStoreActivate
MFCreateFMPEG4MediaSink
MFCreateFileBlockMap
MFCreateFileSchemePlugin
MFCreateHttpSchemePlugin
MFCreateLPCMByteStreamPlugin
MFCreateMP3ByteStreamPlugin
MFCreateMP3MediaSink
MFCreateMPEG4MediaSink
MFCreateMediaProcessor
MFCreateMediaSession
MFCreateMuxSink
MFCreateNSCByteStreamPlugin
MFCreateNetSchemePlugin
MFCreatePMPHost
MFCreatePMPMediaSession
MFCreatePMPServer
MFCreatePresentationClock
MFCreatePresentationDescriptorFromASFProfile
MFCreateProtectedEnvironmentAccess
MFCreateProxyLocator
MFCreateRemoteDesktopPlugin
MFCreateSAMIByteStreamPlugin
MFCreateSampleCopierMFT
MFCreateSampleGrabberSinkActivate
MFCreateSecureHttpSchemePlugin
MFCreateSequencerSegmentOffset
MFCreateSequencerSource
MFCreateSequencerSourceRemoteStream
MFCreateSimpleTypeHandler
MFCreateSoundEventSchemePlugin
MFCreateSourceResolver
MFCreateStandardQualityManager
MFCreateTopoLoader
MFCreateTopology
MFCreateTopologyNode
MFCreateTranscodeProfile
MFCreateTranscodeSinkActivate
MFCreateTranscodeTopology
MFCreateTranscodeTopologyFromByteStream
MFCreateUrlmonSchemePlugin
MFCreateVideoRenderer
MFCreateVideoRendererActivate
MFCreateWMAEncoderActivate
MFCreateWMVEncoderActivate
MFEnumDeviceSources
MFGetLocalId
MFGetMultipleServiceProviders
MFGetService
MFGetSupportedMimeTypes
MFGetSupportedSchemes
MFGetSystemId
MFGetTopoNodeCurrentType
MFLoadSignedLibrary
MFRR_CreateActivate
MFReadSequencerSegmentOffset
MFRequireProtectedEnvironment
MFShutdownObject
MFTranscodeGetAudioOutputAvailableTypes
MergePropertyStore
Sections
.text Size: 332KB - Virtual size: 331KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
?g_Encry Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
?g_Encry Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 86KB - Virtual size: 85KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
netid/mf.dll.dll windows:10 windows x64 arch:x64
6ed0763eb41092a066b0c582532cc19f
Code Sign
33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8bCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05/05/2022, 19:23Not After04/05/2023, 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
10:74:a7:f5:36:cc:33:ee:c7:fe:4d:94:12:e2:be:4f:13:b4:f2:86:8c:76:95:d6:2e:20:e9:3d:eb:90:6d:66Signer
Actual PE Digest10:74:a7:f5:36:cc:33:ee:c7:fe:4d:94:12:e2:be:4f:13:b4:f2:86:8c:76:95:d6:2e:20:e9:3d:eb:90:6d:66Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
mf.pdb
Imports
msvcrt
wcsnlen
_wcsnicmp
wcscat_s
_initterm
strncpy_s
_lock
qsort
wcsncmp
__C_specific_handler
__CxxFrameHandler3
memmove
memcpy
_XcptFilter
memchr
_amsg_exit
_onexit
_wcsicmp
_vsnwprintf
wcsncpy_s
malloc
__dllonexit
free
_errno
wcscpy_s
wcsrchr
memmove_s
realloc
_callnewh
_unlock
_purecall
memcpy_s
memcmp
strnlen
memset
ntdll
RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDeleteFunctionTable
RtlAddFunctionTable
NtQuerySystemInformation
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExW
LoadStringW
GetModuleFileNameA
SizeofResource
LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadResource
FindResourceExW
GetModuleFileNameW
DisableThreadLibraryCalls
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
api-ms-win-core-synch-l1-1-0
EnterCriticalSection
OpenSemaphoreW
SetEvent
ReleaseSemaphore
WaitForSingleObjectEx
CreateMutexExW
LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeSRWLock
CreateEventW
CreateSemaphoreExW
ReleaseMutex
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventWriteTransfer
EventUnregister
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
CompareStringOrdinal
api-ms-win-core-processthreads-l1-1-0
CreateThread
TerminateProcess
TlsGetValue
GetCurrentProcessId
ProcessIdToSessionId
GetCurrentThread
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceExecuteOnce
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-memory-l1-1-0
VirtualFree
VirtualAlloc
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
api-ms-win-core-errorhandling-l1-1-2
RaiseFailFastException
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-debug-l1-1-0
DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapFree
HeapAlloc
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-localization-l1-2-0
GetUserDefaultLCID
FormatMessageW
api-ms-win-core-file-l1-1-0
WriteFile
CreateFileW
GetFileSize
GetFinalPathNameByHandleW
GetDiskFreeSpaceW
GetFullPathNameW
ReadFile
api-ms-win-core-shlwapi-legacy-l1-1-0
PathSkipRootW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-processenvironment-l1-1-0
GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime
GlobalMemoryStatusEx
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-kernel32-legacy-l1-1-0
GetComputerNameW
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
rpcrt4
UuidFromStringW
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
AppendPropVariant
ConvertPropVariant
CopyPropertyStore
CreateNamedPropertyStore
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ExtractPropVariant
MFCreate3GPMediaSink
MFCreateAC3MediaSink
MFCreateADTSMediaSink
MFCreateASFByteStreamPlugin
MFCreateASFContentInfo
MFCreateASFIndexer
MFCreateASFIndexerByteStream
MFCreateASFMediaSink
MFCreateASFMediaSinkActivate
MFCreateASFMultiplexer
MFCreateASFProfile
MFCreateASFProfileFromPresentationDescriptor
MFCreateASFSplitter
MFCreateASFStreamSelector
MFCreateASFStreamingMediaSink
MFCreateASFStreamingMediaSinkActivate
MFCreateAggregateSource
MFCreateAppSourceProxy
MFCreateAudioRenderer
MFCreateAudioRendererActivate
MFCreateByteCacheFile
MFCreateCacheManager
MFCreateCredentialCache
MFCreateDeviceSource
MFCreateDeviceSourceActivate
MFCreateDrmNetNDSchemePlugin
MFCreateEncryptedMediaExtensionsStoreActivate
MFCreateFMPEG4MediaSink
MFCreateFileBlockMap
MFCreateFileSchemePlugin
MFCreateHttpSchemePlugin
MFCreateLPCMByteStreamPlugin
MFCreateMP3ByteStreamPlugin
MFCreateMP3MediaSink
MFCreateMPEG4MediaSink
MFCreateMediaProcessor
MFCreateMediaSession
MFCreateMuxSink
MFCreateNSCByteStreamPlugin
MFCreateNetSchemePlugin
MFCreatePMPHost
MFCreatePMPMediaSession
MFCreatePMPServer
MFCreatePresentationClock
MFCreatePresentationDescriptorFromASFProfile
MFCreateProtectedEnvironmentAccess
MFCreateProxyLocator
MFCreateRemoteDesktopPlugin
MFCreateSAMIByteStreamPlugin
MFCreateSampleCopierMFT
MFCreateSampleGrabberSinkActivate
MFCreateSecureHttpSchemePlugin
MFCreateSequencerSegmentOffset
MFCreateSequencerSource
MFCreateSequencerSourceRemoteStream
MFCreateSimpleTypeHandler
MFCreateSoundEventSchemePlugin
MFCreateSourceResolver
MFCreateStandardQualityManager
MFCreateTopoLoader
MFCreateTopology
MFCreateTopologyNode
MFCreateTranscodeProfile
MFCreateTranscodeSinkActivate
MFCreateTranscodeTopology
MFCreateTranscodeTopologyFromByteStream
MFCreateUrlmonSchemePlugin
MFCreateVideoRenderer
MFCreateVideoRendererActivate
MFCreateWMAEncoderActivate
MFCreateWMVEncoderActivate
MFEnumDeviceSources
MFGetLocalId
MFGetMultipleServiceProviders
MFGetService
MFGetSupportedMimeTypes
MFGetSupportedSchemes
MFGetSystemId
MFGetTopoNodeCurrentType
MFLoadSignedLibrary
MFRR_CreateActivate
MFReadSequencerSegmentOffset
MFRequireProtectedEnvironment
MFShutdownObject
MFTranscodeGetAudioOutputAvailableTypes
MergePropertyStore
Sections
.text Size: 332KB - Virtual size: 331KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
?g_Encry Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
?g_Encry Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 86KB - Virtual size: 85KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
netid/miutils.dll.dll windows:10 windows x64 arch:x64
2d69f4011bf27ecd72bd6c380d4aff86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
miutils.pdb
Imports
msvcrt
_XcptFilter
memmove
memcpy
_amsg_exit
_CxxThrowException
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
malloc
_wtoi
wcscpy_s
_lock
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
_initterm
?what@exception@@UEBAPEBDXZ
__dllonexit
_i64tow_s
free
_ui64tow_s
wcsstr
wcschr
_wcsdup
swscanf_s
_vsnwprintf
__CxxFrameHandler3
_onexit
__C_specific_handler
fwprintf
_swprintf_c
_wcsnicmp
getenv
_unlock
_wcstoui64
?terminate@@YAXXZ
memset
wcstod
memcmp
wcstoul
__iob_func
_wcsicmp
_wcstoi64
wcstol
_purecall
wcscmp
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree
api-ms-win-core-registry-l1-1-0
RegEnumKeyExW
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
api-ms-win-core-synch-l1-1-0
WaitForSingleObject
SetEvent
LeaveCriticalSection
ResetEvent
DeleteCriticalSection
EnterCriticalSection
CreateEventW
InitializeCriticalSection
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
GetSystemInfo
GetSystemDirectoryW
GetComputerNameExW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
SwitchToThread
GetCurrentProcess
GetProcessId
GetCurrentThreadId
TerminateProcess
api-ms-win-core-libraryloader-l1-2-0
LoadStringW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary
api-ms-win-core-localization-l1-2-0
GetThreadPreferredUILanguages
FormatMessageW
api-ms-win-core-com-l1-1-0
CoCreateInstance
CoCreateGuid
StringFromGUID2
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
FileTimeToSystemTime
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventWriteTransfer
EventUnregister
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
ntdll
RtlGetCurrentProcessorNumber
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
??0CAutoSetActivityId@@QEAA@XZ
??0CCritSec@@QEAA@XZ
??0DynamicSchema@@QEAA@XZ
??0IndicationSchema@@QEAA@XZ
??0StaticSchema@@QEAA@XZ
??0WMISchema@@QEAA@XZ
??0WMISchema@@QEAA@_N@Z
??1CAutoSetActivityId@@QEAA@XZ
??1CCritSec@@QEAA@XZ
??1WMISchema@@UEAA@XZ
??4CAutoSetActivityId@@QEAAAEAV0@AEBV0@@Z
??4CCritSec@@QEAAAEAV0@AEBV0@@Z
?CreateInstance@DynamicSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?CreateInstance@IndicationSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?CreateInstance@StaticSchema@@UEAAJPEBGPEAUIWbemClassObject@@KPEBU_MI_PropertySet@@_NAEAPEAU_MI_Instance@@PEAUIConversionContext@@@Z
?DeInitialize@WMISchema@@QEAAJXZ
?GetFlags@MiSchema@@UEBAJXZ
?GetMiClass@DynamicSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetMiClass@IndicationSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetMiClass@StaticSchema@@UEAAJPEBG00PEAPEBU_MI_Class@@@Z
?GetNoneCachedWmiClass@WMISchema@@UEAAJPEBGPEAUIWbemServices@@AEAV?$CComPtr@UIWbemClassObject@@@ATL@@PEAUIConversionContext@@@Z
?GetWmiClass@WMISchema@@UEAAJPEBG0AEAV?$CComPtr@UIWbemClassObject@@@ATL@@PEAUIConversionContext@@@Z
?GetWmiIWbemServices@WMISchema@@UEAAJPEBGAEAV?$CComPtr@UIWbemServices@@@ATL@@@Z
?Initialize@StaticSchema@@QEAAJPEBU_MI_Module@@@Z
?Initialize@WMISchema@@QEAAX_N@Z
?SetFlags@MiSchema@@MEAAJJ@Z
CimErrorFromErrorCode
CimError_Construct
CimStatusCodeFromWindowsError
CimTypeToType
ClassCache_AddClass
ClassCache_Delete
ClassCache_GetClass
ClassCache_New
Class_New
CompareInstance
CompareValue
Config_GetProtocolHandlerDetails
Config_GetRegString
CreateConversionContext
DestinationOptions_Create
DestinationOptions_Duplicate
DestinationOptions_MigrateOptions
FindClassDecl
FindMethodDecl
FindQualifierInWMIObject
GetCorrelationId
GetMethodParameters
GetReferenceFromWMIObjectPath
InstanceToWMIEvent
InstanceToWMIExtendedStatus
InstanceToWMIObject
Instance_Clone
Instance_Construct
Instance_GetResourceURI
Instance_InitDynamic
Instance_IsDynamic
Instance_MatchKeys
Instance_New
Instance_SetElementArray
Instance_SetElementArrayItem
Instance_SetResourceURI
Instance_SetServerName
IsLifeCycleIndicationQuery
MI_Hash
MiErrorCategoryFromWindowsError
OSC_Batch_Destroy
OSC_Batch_Get
OSC_Batch_Strdup
OSC_StringToMiValue
OSC_Type_GetSize
OperationOptions_CopyOptions
OperationOptions_Create
OperationOptions_MigrateOptions
OptionsValueToContextValue
Options_FindValue
ParametersToWMIObject
PropertySet_New
PropertyToVariant
PublishClientOperationInfo
PublishDebugInfo
PublishDebugMessage
PublishProviderResult
PublishProviderWriteError
PublishProviderWriteMessage
QualifierFlavorToWMI
RCClass_AddClassQualifier
RCClass_AddClassQualifierArray
RCClass_AddClassQualifierArrayItem
RCClass_AddElement
RCClass_AddElementArray
RCClass_AddElementArrayItem
RCClass_AddElementQualifier
RCClass_AddElementQualifierArray
RCClass_AddElementQualifierArrayItem
RCClass_AddMethod
RCClass_AddMethodParameter
RCClass_AddMethodParameterQualifier
RCClass_AddMethodParameterQualifierArray
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifier
RCClass_AddMethodQualifierArray
RCClass_AddMethodQualifierArrayItem
RCClass_New
ResultFromHRESULT
ResultToHRESULT
RtlDeleteCachedFastLock
RtlInitializeCachedFastLock
RtlInterlockedCompareWait
RtlInterlockedWakeAll
RtlQueueAcquireCachedFastLockExclusive
RtlQueueAcquireCachedFastLockShared
RtlQueueAcquireFastLockExclusive
RtlQueueAcquireFastLockShared
RtlReleaseCachedFastLockExclusive
RtlReleaseCachedFastLockShared
RtlReleaseFastLockExclusive
RtlReleaseFastLockShared
RtlTryAcquireCachedFastLockShared
RtlTryAcquireFastLockExclusive
RtlTryAcquireFastLockShared
RtlpInitFastLock
RtlpReleaseIdleSlots
SetCorrelationIdToWbemContext
SetModifiedPropertyNamesToContext
SetProperties
SubscriptionDeliveryOptions_Create
SubscriptionDeliveryOptions_MigrateOptions
TypeToCimType
ValueClear
ValueToVariant
VariantArrayToSafeArray
VariantToValue
WMIEventToCIMIndication
WMIExtendedObjectToInstance
WMIObjectToClass
WMIObjectToInstance
WMIQualifierFlavorToMI
WriteWBEM_MC_CLIENT_REQUEST_FAILURE
XMLDOM_Free
XMLDOM_Parse
XML_FormatError
XML_Init
XML_Next
XML_PutError
XML_RegisterNameSpace
XML_SetText
XML_StripWhitespace
Sections
.text Size: 156KB - Virtual size: 155KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 66KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 133KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 168B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
netid/msctfui.dll.dll regsvr32 windows:10 windows x64 arch:x64
97b68cf9504d7a392d2323477ab997f8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
msctfui.pdb
Imports
msvcrt
memset
__C_specific_handler
_vsnwprintf
_initterm
malloc
_XcptFilter
free
_amsg_exit
memmove
memcpy
sqrt
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
kernel32
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalReAlloc
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
LoadLibraryExW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
Sleep
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateProcess
LocalFree
LocalAlloc
lstrlenW
GetSystemDirectoryW
GetACP
OutputDebugStringW
IsDebuggerPresent
FormatMessageW
lstrcmpW
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
user32
IsWindow
ReleaseDC
GetDC
DefWindowProcW
PtInRect
InvalidateRect
GetWindowLongPtrW
ShowWindow
ScreenToClient
GetWindowRect
GetSystemMetrics
DestroyIcon
KillTimer
GetCaretBlinkTime
SetTimer
GetClientRect
CreateWindowExW
RegisterClassExW
GetClassInfoExW
LoadCursorW
EndPaint
BeginPaint
GetSysColor
DrawTextExW
SystemParametersInfoW
GetDoubleClickTime
IntersectRect
DrawEdge
FillRect
InflateRect
DrawIconEx
GetIconInfo
GetCursorPos
SetCursor
SendMessageW
AnimateWindow
GetMessagePos
SetCapture
ReleaseCapture
GetWindowLongW
AdjustWindowRectEx
WindowFromPoint
FrameRect
UpdateLayeredWindow
GetMonitorInfoW
MonitorFromRect
MonitorFromPoint
DrawStateW
SetLayeredWindowAttributes
SetWindowRgn
GetKeyState
GetCursor
SetWindowLongW
SetWindowLongPtrW
IsWindowVisible
LoadStringW
OffsetRect
DestroyWindow
MoveWindow
SetWindowPos
GetParent
LoadImageW
SetRect
ClientToScreen
gdi32
GetDeviceCaps
BitBlt
Polyline
LineTo
MoveToEx
SetBkColor
SetTextColor
PatBlt
ExtCreatePen
CreateFontIndirectW
GetObjectW
DeleteObject
GetStockObject
SelectObject
ExtTextOutA
ExtTextOutW
GetCurrentObject
GetTextAlign
SetLayout
CreateBrushIndirect
CreateBitmap
CreateSolidBrush
CreateFontW
CreatePen
SetViewportOrgEx
CreateDIBSection
GetDIBits
GetTextColor
SetBkMode
CreateCompatibleBitmap
DeleteDC
CreateCompatibleDC
GetTextExtentPointA
GetTextExtentPoint32W
SetTextAlign
advapi32
RegEnumKeyExW
RegDeleteKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
msctf
TF_CreateDisplayAttributeMgr
TF_CreateCategoryMgr
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 89KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
netid/netid.dll.dll windows:10 windows x64 arch:x64
681e2f72200012f00fdb1fae134c6530
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
netid.pdb
Imports
msvcrt
?terminate@@YAXXZ
memcmp
_onexit
__dllonexit
_unlock
_lock
memmove_s
_wtoi
malloc
?what@exception@@UEBAPEBDXZ
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
_initterm
free
_amsg_exit
_XcptFilter
__RTDynamicCast
memmove
memcpy
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_CxxThrowException
??1type_info@@UEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
iswascii
iswupper
towlower
wcschr
_wsplitpath_s
_beginthreadex
wprintf
__C_specific_handler
_purecall
??3@YAXPEAX@Z
__CxxFrameHandler3
memset
advapi32
RegSetKeyValueW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
QueryServiceStatus
OpenServiceW
OpenSCManagerW
GetTokenInformation
FreeSid
CheckTokenMembership
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
OpenThreadToken
OpenProcessToken
LsaOpenPolicy
LsaQueryInformationPolicy
IsValidSid
EqualDomainSid
LsaFreeMemory
LsaClose
RegGetValueW
AllocateAndInitializeSid
CloseServiceHandle
kernel32
DnsHostnameToComputerNameExW
OpenMutexW
SetErrorMode
MultiByteToWideChar
ExpandEnvironmentStringsA
DelayLoadFailureHook
ResolveDelayLoadedAPI
GlobalFree
WideCharToMultiByte
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
GetLastError
IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
WaitForSingleObject
OpenSemaphoreW
DeactivateActCtx
LoadLibraryExW
ActivateActCtx
LoadLibraryW
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
QueryActCtxW
OutputDebugStringA
FreeLibrary
InitOnceBeginInitialize
InitOnceComplete
GetCurrentProcessId
CreateMutexExW
ReleaseSRWLockExclusive
CreateSemaphoreExW
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
AcquireSRWLockShared
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CreateThreadpoolTimer
ReleaseSRWLockShared
LeaveCriticalSection
GetCurrentThread
GetCurrentProcess
DnsHostnameToComputerNameW
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LocalFree
CreateDirectoryW
CreateFileW
GetComputerNameExW
GetFileAttributesW
GetFileType
GetSystemWindowsDirectoryW
GetVersionExW
SetComputerNameExW
SetComputerNameEx2W
WriteFile
LoadLibraryExA
netapi32
DsRoleGetPrimaryDomainInformation
DsGetDcNameW
NetpwNameValidate
NetpwPathType
NetRenameMachineInDomain
NetSetPrimaryComputerName
NetAddAlternateComputerName
NetJoinDomain
NetValidateName
NetUnjoinDomain
NetServerGetInfo
NetApiBufferFree
NetServerSetInfo
DsRoleFreeMemory
NetWkstaGetInfo
ntdll
RtlCanonicalizeDomainName
RtlFreeUnicodeString
RtlGetNtProductType
RtlNtStatusToDosError
RtlInitUnicodeString
RtlEqualUnicodeString
shell32
ShellExecuteW
user32
WinHelpW
LoadStringW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
IsWindowEnabled
SetCursor
LoadCursorW
EnableWindow
CheckDlgButton
DestroyIcon
DestroyWindow
DialogBoxParamW
EndDialog
GetDesktopWindow
GetDlgItem
GetWindowTextLengthW
GetWindowTextW
GetParent
GetWindowRect
GetWindowLongW
GetWindowLongPtrW
IsDlgButtonChecked
MessageBoxW
MoveWindow
PostMessageW
SendMessageW
SetDlgItemTextW
SetFocus
GetFocus
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetWindowLongW
SetWindowLongPtrW
SetWindowTextW
ShowWindow
dnsapi
DnsQuery_W
DnsFree
DnsNameCompareEx_W
DnsValidateName_W
DnsQueryConfig
DnsStatusString
credui
CredUnPackAuthenticationBufferW
CredPackAuthenticationBufferW
CredUIParseUserNameW
CredUIPromptForWindowsCredentialsW
wldap32
ord140
ord203
ord13
ord118
ord16
ord41
ord26
ord170
winbrand
BrandingFormatString
api-ms-win-core-com-l1-1-0
CoTaskMemFree
CoCreateInstance
dpapi
CryptProtectMemory
CryptUnprotectMemory
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
CreateNetIDPropertyPage
ShowDcNotFoundErrorDialog
Sections
.text Size: 138KB - Virtual size: 137KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 952B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
setup.msi.msi