archive[.]zip | Triage

Resubmissions

11/08/2024, 21:07

240811-zybkpayanj 10

11/08/2024, 20:57

240811-zrzzpssbkf 10

Sharing

Copy URL

Twitter E-mail

General

Target

archive.zip
Size

11.7MB
MD5

02f5017103996bf7d2a7d72672fe7bf1
SHA1

4082291da2f378816172a200401fbb8584651c77
SHA256

fa7e01731cd4d1e5d9077f59a030f718783e281de7d1a7794935ff6fc1dad8a5
SHA512

66824caaeeea47a1245e6c113ac6c165401c99b9e77cf4b43d93f02b057449fa44618af310e79f5552aea3437c95b8972d76015a87b50c8231aae1af990cecc1
SSDEEP

196608:qIWnE3Hfn8T2S90epTdmDb88a2Qdjh6dw8Dq/SyNsMQkcbUge1h9D:qIWnQS9ZpTdmDbo2mjwdwP/H3QkcbUgm

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/archive/appupdate/Cache_Data/InkObj.dll
unpack001/archive/appupdate/Cache_Data/InstallService.dll
unpack001/archive/appupdate/Cache_Data/Windows.UI.Input.Inking.dll
unpack001/archive/appupdate/Cache_Data/sapi.dll
unpack001/archive/appupdate/updates/SettingSync.dll
unpack001/archive/file.exe

Files

archive.zip
.zip
archive/appupdate/Cache_Data/InkObj.dll
.dll regsvr32 windows:10 windows x86 arch:x86

d4507c7f09be29de7cd221acbab1d940

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

InkObj.pdb

Imports

msvcrt

?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
??0exception@@QAE@ABQBD@Z
_vsnwprintf
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_beginthreadex
wcscpy_s
realloc
wcscat_s
malloc
free
_purecall
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler4_common
_lock
floor
ceil
_ftol2_sse
_ftol2
__RTDynamicCast
_CIsqrt
_CIsin
_wcsnicmp
_wcsicmp
fclose
fputws
_wfopen
_errno
_endthreadex
wcsncmp
_vsnprintf
memcmp
_CIatan2
_CIcos
__CxxFrameHandler3
_unlock
memset

ntdll

EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlReportException

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

CreateWaitableTimerExW
WaitForSingleObject
SetWaitableTimer
ReleaseMutex
CancelWaitableTimer
CreateMutexW
InitializeCriticalSectionEx
InitializeCriticalSection
SetEvent
DeleteCriticalSection
WaitForMultipleObjectsEx
EnterCriticalSection
AcquireSRWLockExclusive
ResetEvent
LeaveCriticalSection
ReleaseSRWLockExclusive
OpenEventW
OpenMutexW
TryEnterCriticalSection
CreateEventW
InitializeCriticalSectionAndSpinCount

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
OpenProcessToken
QueueUserAPC
TerminateProcess

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryExA
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
RegGetValueW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualProtect
OpenFileMappingW
UnmapViewOfFile
VirtualAlloc
VirtualQuery
MapViewOfFile

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetVersion
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapCreate
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-1

RemoveVectoredExceptionHandler
AddVectoredExceptionHandler

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-synch-l1-2-0

WakeConditionVariable
Sleep
SleepConditionVariableCS
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW
lstrcpynW
lstrcpyW
lstrcatW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock
GlobalSize

user32

SetFocus
GetSysColor
RegisterClipboardFormatW
GetWindow
SetPropW
CallNextHookEx
UnhookWindowsHookEx
GetPropW
MsgWaitForMultipleObjects
TrackMouseEvent
FillRect
LoadImageW
GetWindowRect
GetWindowThreadProcessId
GetAncestor
GetClientRect
PeekMessageW
DrawFocusRect
RegisterClassW
SetWindowsHookExW
CallWindowProcW
GetClassInfoW
CreateWindowExW
ScreenToClient
CreateIconIndirect
GetSystemMetrics
SetCursor
GetCursorPos
DestroyCursor
SetWindowLongW
DispatchMessageW
ShowWindow
TranslateMessage
GetMessageW
SystemParametersInfoW
LoadCursorW
KillTimer
wsprintfW
GetClassInfoExW
SetTimer
RedrawWindow
GetUpdateRgn
PostMessageW
MapWindowPoints
MsgWaitForMultipleObjectsEx
IsChild
CopyRect
SetRect
InflateRect
RegisterClassExW
SetRectEmpty
GetKeyboardLayout
InvalidateRect
IsRectEmpty
GetFocus
IntersectRect
DefWindowProcW
BeginPaint
GetWindowLongW
EndPaint
IsWindow
EqualRect
GetKeyState
PtInRect
RegisterWindowMessageW
ReleaseDC
UnionRect
GetDC
DestroyWindow
DestroyAcceleratorTable
OffsetRect
SetWindowRgn
SetWindowPos
SendMessageW

gdi32

GetTextMetricsW
GetRgnBox
GetObjectW
SetBkMode
GetClipBox
GdiFlush
BitBlt
CreateDIBSection
PatBlt
CreateBitmap
OffsetRgn
GetRandomRgn
IntersectClipRect
DPtoLP
CombineTransform
FillRgn
PathToRegion
ExtSelectClipRgn
CombineRgn
EndPath
Polygon
BeginPath
Ellipse
SetWorldTransform
SelectClipRgn
CreateSolidBrush
SetPolyFillMode
SetROP2
GetClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetMapMode
GetWindowOrgEx
GetViewportOrgEx
GetWorldTransform
GetGraphicsMode
SetLayout
SetMetaFileBitsEx
Rectangle
CreateCompatibleBitmap
GetStockObject
LineTo
MoveToEx
CreatePenIndirect
DeleteObject
PolyBezier
Polyline
SelectObject
ExtCreatePen
CreatePen
SetViewportExtEx
CreateCompatibleDC
GetTextColor
GetObjectType
DeleteEnhMetaFile
CopyEnhMetaFileW
CloseEnhMetaFile
CreateEnhMetaFileW
CreateRectRgnIndirect
CreateMetaFileW
SetWindowExtEx
CreateDCW
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
CloseMetaFile
DeleteMetaFile
GetDeviceCaps

ole32

OleSetClipboard
OleRegEnumVerbs
CreateDataCache
CreateOleAdviseHolder
OleRegGetMiscStatus
CreateDataAdviseHolder
CoLoadLibrary
CoRegisterMessageFilter
OleFlushClipboard
WriteClassStg
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleRegEnumFormatEtc
ReleaseStgMedium
OleRegGetUserType
OleGetClipboard

api-ms-win-core-localization-l1-2-0

IsValidLocale
GetSystemDefaultLCID

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-atoms-l1-1-0

GlobalAddAtomW
GlobalDeleteAtom

gdiplus

GdipAddPathLine2
GdipAddPathBezier
GdipSetPenStartCap
GdipSetPathFillMode
GdipResetPath
GdipDrawEllipse
GdipFillRegion
GdipDeletePath
GdipFillPath
GdipCreatePath
GdipGetPenColor
GdipWidenPath
GdipWindingModeOutline
GdipGetPenFillType
GdipSetPenMode
GdipSetPenLineJoin
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetClipRegion
GdipResetClip
GdipCreateRegion
GdipCreateRegionPath
GdipSetPenEndCap
GdipDeleteRegion
GdipCombineRegionPath
GdipCloneImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipAddPathPolygon
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipDrawLines
GdipAddPathEllipse
GdipGetPenWidth
GdipSetPenWidth
GdipDeletePen
GdipCreatePen1
GdipDisposeImage
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipAlloc
GdipFree
GdipEmfToWmfBits
GdipFillEllipse
GdipDrawPath

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InvokeIDispatch

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archive/appupdate/Cache_Data/InstallService.dll
.dll windows:10 windows x86 arch:x86

4ef9dd17b2dd2bd94216badd5e2ef3b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

InstallService.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__lock_file
_o__mktime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__unlock_file
_o__wcsicmp
_o__wcstoui64
memmove
_o__wtoi
_o__wtoi64
_o_ceil
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_isalnum
_o_iswspace
_o_malloc
_o_mbstowcs
_o_mbstowcs_s
_o_rand
_o_realloc
_o_setvbuf
_o_srand
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_ungetc
_o_ungetwc
_o_wcscat_s
_o_wcscpy_s
_o_wcsftime
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstombs
_o_wcstombs_s
_o_wcstoul
_except_handler4_common
_CxxThrowException
_o__fseeki64
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler3
memcmp
memcpy
_o__errno
__std_type_info_compare
wcsstr
strrchr
wcschr
strchr

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcsncpy

umpdc

Pdcv2ActivationClientActivate
Pdcv2ActivationClientDeactivate

ntdll

RtlWow64IsWowGuestMachineSupported
RtlSetBit
RtlClearAllBits
RtlInitializeBitMap
RtlConvertDeviceFamilyInfoToString
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
NtQueryWnfStateData
RtlIsMultiUsersInSessionSku

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageFullNameFromToken

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FindStringOrdinal
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeSRWLock
CreateEventW
AcquireSRWLockShared
ReleaseSRWLockShared
CreateEventExW
ReleaseSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexW
ResetEvent
LeaveCriticalSection
OpenSemaphoreW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
CreateMutexExW
AcquireSRWLockExclusive
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThread
SetThreadToken
TerminateProcess
GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
ProcessIdToSessionId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventActivityIdControl
EventSetInformation
EventWriteTransfer
EventProviderEnabled

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeByAddressAll
InitOnceBeginInitialize
Sleep
InitOnceComplete
WaitOnAddress

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalFree

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetVersionExA
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegGetValueW
RegCloseKey
RegEnumValueW
RegOpenKeyExW

rpcrt4

RpcAsyncCompleteCall
RpcAsyncCancelCall
UuidCreate
NdrAsyncClientCall
I_RpcExceptionFilter
I_RpcBindingInqLocalClientPID
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcAsyncInitializeHandle
RpcStringFreeW
RpcBindingFree

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-security-capability-l1-1-0

CapabilityCheck

oleaut32

SysAllocString
SysStringLen
VarBstrCmp
VariantClear
VariantTimeToSystemTime
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantInit

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

GetFileAttributesW
SetFileAttributesW
CreateDirectoryW
DeleteFileW
ReadFile
GetFileAttributesExW
CreateFileW
CompareFileTime
FindFirstFileExW
GetFinalPathNameByHandleW
SetFileInformationByHandle
FindFirstFileW
GetTempFileNameW
GetFileSizeEx
WriteFile
FindClose
FindNextFileW

winhttp

WinHttpCloseHandle
WinHttpCrackUrl
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpen
WinHttpConnect
WinHttpCreateUrl
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-shell-namespace-l1-1-0

SHGetIDListFromObject

api-ms-win-core-path-l1-1-0

PathCchRemoveExtension
PathCchAddExtension
PathCchRemoveFileSpec
PathCchStripToRoot
PathCchCombine
PathCchAppend

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathFileExistsW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
FlushViewOfFile

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetEnvironmentVariableW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetTempPathW

userenv

ExpandEnvironmentStringsForUserW

api-ms-win-core-kernel32-legacy-l1-1-1

PowerClearRequest
PowerSetRequest

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptGetHashParam

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord67
ord68
ord66
ord69

wldp

WldpIsAppApprovedByPolicy

msvcp_win

?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPADK@Z
?_Xinvalid_argument@std@@YAXPBD@Z
_Thrd_id
?uncaught_exceptions@std@@YAHXZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAG3AAPAG@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
?_Incref@facet@locale@std@@UAEXXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
_Cnd_wait
?get@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QBE?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBG4@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
_Cnd_register_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
_Cnd_broadcast
?_Xbad_alloc@std@@YAXXZ
?__ExceptionPtrDestroy@@YAXPAX@Z
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
_Cnd_unregister_at_thread_exit
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
_Xtime_get_ticks
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_init_in_situ
_Cnd_init_in_situ
?_XGetLastError@std@@YAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
??0task_continuation_context@Concurrency@@AAE@XZ
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Xbad_function_call@std@@YAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
_Mtx_lock
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
_Mtx_unlock

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

mpr

WNetGetConnectionW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
StartServiceW
OpenServiceW
CloseServiceHandle

api-ms-win-ntuser-sysparams-l1-1-0

GetMonitorInfoW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archive/appupdate/Cache_Data/Windows.UI.Input.Inking.dll
.dll windows:10 windows x86 arch:x86

3d2d4b06484284001957b24651a3da13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.UI.Input.Inking.pdb

Imports

msvcrt

floor
ceil
_ftol2_sse
_ftol2
__RTDynamicCast
_CItan
_CIsqrt
_CIsin
_CIpow
_CIlog
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
_onexit
_XcptFilter
??1type_info@@UAE@XZ
_except_handler4_common
__dllonexit
_callnewh
malloc
memcmp
_amsg_exit
memmove_s
_vsnprintf_s
??_V@YAXPAX@Z
realloc
_finite
modf
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
??3@YAXPAX@Z
free
_unlock
__CxxFrameHandler3
memcpy_s
_vsnwprintf
_lock
_initterm
memmove
??0exception@@QAE@ABQBD@Z
?terminate@@YAXXZ
_CIfmod
_CIacos
_CIatan
_CIatan2
_CIcos
_CIexp
memset

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LoadLibraryExW
GetModuleHandleExW
LockResource
GetModuleFileNameA
GetProcAddress
LoadResource
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitializeConditionVariable
InitOnceBeginInitialize
SleepConditionVariableCS
Sleep
InitOnceComplete
WakeConditionVariable

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
CreateEventW
SetEvent
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
WaitForSingleObject
CreateMutexExW
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeCriticalSection
CreateEventExW
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
SetThreadPriority
CreateThread
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
ResumeThread
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

LocaleNameToLCID
GetLocaleInfoEx
FormatMessageW
GetUserPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

oleaut32

SysAllocString
SafeArrayGetUBound
VariantClear
SafeArrayGetLBound
SysStringLen
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
SysFreeString

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetTokenInformation

shcore

CreateRandomAccessStreamOverStream

d3d11

D3D11CreateDevice

d2d1

ord5
ord2
ord1

ntdll

RtlSleepConditionVariableSRW
RtlWakeAllConditionVariable
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
NtQueryInformationProcess
_wcsicmp
toupper
wcstoul
iswalpha
RtlGetMultiTimePrecise

coremessaging

CoreUICreate
CoreUICallSend
CoreUICallCreateConversationHost
CoreUICallReceive

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

dcomp

ord1038
DCompositionCreateDevice3
ord1039

Exports

Exports

CreateDCompositionDirectInkFactoryPartner
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archive/appupdate/Cache_Data/sapi.dll
.dll regsvr32 windows:10 windows x86 arch:x86

f01df22d0a199849ba899bf29089a11e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sapi.pdb

Imports

kernel32

GetCurrentProcess
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
GetCurrentThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
OutputDebugStringA
WriteFile
HeapReAlloc
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExA
IsValidLocale
GetStringTypeW
LCMapStringW
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetCommandLineA
WideCharToMultiByte
CompareStringW
ResetEvent
Sleep
GetTickCount
LoadLibraryW
GetSystemDirectoryW
SetEvent
WaitForSingleObject
CreateEventW
GetVersionExW
SetLastError
ReleaseMutex
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
RaiseException
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetLastError
GetCurrentProcessId
FreeLibrary
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LocalFree
CreateFileW
DuplicateHandle
GetFileInformationByHandle
UnlockFileEx
LockFileEx
SetFilePointer
SetEndOfFile
ReadFile
GetUserDefaultUILanguage
CreateMutexW
OpenMutexW
ConnectNamedPipe
GetOverlappedResult
SetProcessShutdownParameters
CreateNamedPipeW
FlushFileBuffers
SearchPathW
WaitNamedPipeW
SetNamedPipeHandleState
WaitForMultipleObjects
CancelIo
OpenEventW
CreateDirectoryW
GetFileAttributesW
DeleteFileW
ExpandEnvironmentStringsW
UnmapViewOfFile
GetFileSize
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
GetTempPathW
GetTempFileNameW
MoveFileExW
GlobalMemoryStatus
FindResourceW
LockResource
GetFullPathNameW
LocalAlloc
GetTickCount64
TryEnterCriticalSection
GetUserDefaultLangID
GetSystemTime
SystemTimeToFileTime
CreateSemaphoreW
ReleaseSemaphore
GetThreadPriority
CreateIoCompletionPort
PostQueuedCompletionStatus
SetThreadPriority
GetQueuedCompletionStatus
GlobalLock
GlobalUnlock
GlobalSize
FormatMessageW
GetProcessHeap
GetModuleHandleExW
DebugBreak
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
CreateThreadpoolTimer
lstrlenA
CreateThread
ExitThread
LocaleNameToLCID

user32

DefWindowProcW
CharNextW
SendMessageW
MsgWaitForMultipleObjects
SetTimer
MsgWaitForMultipleObjectsEx
CharLowerW
UnregisterClassA
DispatchMessageW
PeekMessageW
KillTimer
LoadStringW
RegisterWindowMessageW
SetWindowTextW
PostMessageW
SendMessageTimeoutW
IsWindow
SendNotifyMessageW
CreateWindowExW
DestroyWindow
RegisterClassW
UnregisterClassW
SetWindowLongW
GetWindowLongW
ord2597

advapi32

TraceMessage
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
GetLengthSid
CopySid
ImpersonateNamedPipeClient
OpenThreadToken
RevertToSelf
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW
RegEnumValueW
EqualSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
IsValidSid
InitializeAcl
SetSecurityInfo
GetKernelObjectSecurity
GetSecurityDescriptorSacl
GetAce
ConvertStringSidToSidW
RegNotifyChangeKeyValue
ConvertStringSecurityDescriptorToSecurityDescriptorW

ole32

StringFromCLSID
PropVariantClear
StringFromGUID2
CreateStreamOnHGlobal
StringFromIID
CLSIDFromString
CoCreateGuid
CoInitializeEx
CoUninitialize
GetHGlobalFromStream
CLSIDFromProgID
IIDFromString
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoCreateFreeThreadedMarshaler

oleaut32

SafeArrayDestroy
SafeArrayRedim
SafeArrayUnaccessData
CreateErrorInfo
SetErrorInfo
VarBstrCmp
VarBstrCat
SysAllocStringLen
VariantCopy
SysAllocStringByteLen
SysStringByteLen
SafeArrayAccessData
SafeArrayCreateVector
UnRegisterTypeLi
SysAllocString
RegisterTypeLi
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString
VarDecRound
VariantChangeType

winmm

waveInMessage
waveOutMessage
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveOutGetNumDevs
waveInGetNumDevs
mixerOpen
mixerClose
waveInGetDevCapsW
waveOutGetDevCapsW
mixerGetID
waveInOpen
waveInStop
waveInReset
waveInStart
waveInClose
waveOutOpen
waveOutPause
waveOutReset
waveOutRestart
waveOutClose
waveOutGetPosition
mixerGetLineInfoW
mixerGetLineControlsW
mixerGetControlDetailsW
mixerSetControlDetails
mmioOpenW
mmioClose
mmioSeek
mmioRead
mmioWrite
mmioDescend
mmioAscend
mmioCreateChunk
waveInPrepareHeader
waveInAddBuffer
waveInUnprepareHeader

msacm32

acmStreamSize
acmFormatSuggest
acmStreamOpen
acmStreamPrepareHeader
acmStreamUnprepareHeader
acmStreamConvert
acmStreamClose

msdmo

MoInitMediaType
MoFreeMediaType

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
WinVerifyTrust

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 864KB - Virtual size: 863KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archive/appupdate/Cache_Data/shell32.dll
.dll regsvr32 windows:10 windows x86 arch:x86

344d3bf086927624151fc7dfc392bb96

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:d7:c6:aa:86:31:56:c4:60:49:52:32:79:f9:9c:a5:e0:7f:a3:d1:a9:01:93:62:e2:d5:63:2e:b5:74:9d:6e
Signer

Actual PE Digest

5a:d7:c6:aa:86:31:56:c4:60:49:52:32:79:f9:9c:a5:e0:7f:a3:d1:a9:01:93:62:e2:d5:63:2e:b5:74:9d:6e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

shell32.pdb

Imports

msvcp_win

?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?__ExceptionPtrCurrentException@@YAXPAX@Z
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
_Cnd_wait
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrRethrow@@YAXPBX@Z
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
_Cnd_broadcast
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrDestroy@@YAXPAX@Z
_Mtx_unlock
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
??0task_continuation_context@Concurrency@@AAE@XZ
_Cnd_destroy_in_situ
_Cnd_init_in_situ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?tellp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Xbad_function_call@std@@YAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?width@ios_base@std@@QAE_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?_Xlength_error@std@@YAXPBD@Z
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?__ExceptionPtrCreate@@YAXPAX@Z

api-ms-win-crt-string-l1-1-0

wcsncmp
wcsspn
wcspbrk
wcscspn
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o_free
_o_isalpha
_o_isdigit
_o_iswspace
_o_malloc
_o_qsort
_o_rand
_o_realloc
_o_srand
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
memmove
_o_wcstol
_o_wcstoul
strchr
wcsrchr
_except_handler4_common
_o_floor
_o__wcsupr
_o__wcstoui64
_o__wcsnicmp
_o__wcsicmp
_o__itow
_o__ui64tow_s
_o_ceil
_o_calloc
_o_bsearch
_o__strnicmp
_o__set_errno
_o__seh_filter_dll
_o__resetstkoflw
_o__register_onexit_function
_o__purecall
_o__wtoi
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__difftime32
_o__crt_atexit
_o__configure_narrow_argv
_o__CIsqrt
_o__CIpow
_o__CIlog
_o__CIexp
_o__cexit
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
wcschr
wcsstr
_CxxThrowException
memcmp
memcpy
_o_wcstok_s

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalReAlloc
LocalFree
GlobalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenCurrentUser
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyA
RegCloseKey
RegDeleteTreeW
RegDeleteValueW
RegGetValueW
RegGetKeySecurity
RegQueryValueExA
RegNotifyChangeKeyValue
RegOpenKeyExA
RegEnumKeyExW
RegDeleteKeyExW
RegOpenKeyExW

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleFileNameW
LoadLibraryExW
DisableThreadLibraryCalls
FindStringOrdinal
LoadStringA
LockResource
LoadStringW
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
EnumResourceNamesExW
SizeofResource
FindResourceExW
GetModuleFileNameA
FreeResource
LoadLibraryExA
GetProcAddress

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetLocalTime
GetVersionExW
GetWindowsDirectoryW
GetSystemInfo
GetComputerNameExW
GetTickCount
GetSystemTime
GlobalMemoryStatusEx

api-ms-win-core-memory-l1-1-0

VirtualFree
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
ReadProcessMemory
WriteProcessMemory
VirtualProtect
VirtualAlloc
VirtualQuery
UnmapViewOfFile

api-ms-win-core-file-l1-1-0

FindFirstFileExW
GetFileInformationByHandle
GetVolumePathNameW
GetDiskFreeSpaceExW
DefineDosDeviceW
GetFinalPathNameByHandleW
SetFileTime
CompareFileTime
FindFirstVolumeW
FindClose
FindNextFileW
FindFirstFileW
FindNextVolumeW
FileTimeToLocalFileTime
GetFileAttributesExW
FindVolumeClose
GetVolumeInformationW
GetLogicalDrives
SetFilePointerEx
FlushFileBuffers
SetFileInformationByHandle
GetFileSize
GetLongPathNameW
GetShortPathNameW
SetEndOfFile
ReadFile
GetDriveTypeW
GetFullPathNameW
SetFilePointer
CreateDirectoryW
WriteFile
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
GetTempFileNameW
GetFileAttributesW
GetDiskFreeSpaceW
QueryDosDeviceW
GetFileSizeEx
CreateFileW
LocalFileTimeToFileTime

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringEx
CompareStringW
WideCharToMultiByte
CompareStringOrdinal
GetStringTypeExW
GetStringTypeW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateMutexExW
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
OpenEventW
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSectionEx
InitializeSRWLock
OpenMutexW
TryAcquireSRWLockExclusive
TryEnterCriticalSection
CreateSemaphoreExW
CreateEventExW
CreateWaitableTimerExW
SetWaitableTimer
TryAcquireSRWLockShared
CreateMutexW
WaitForMultipleObjectsEx

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
SetErrorMode

api-ms-win-core-processthreads-l1-1-0

GetProcessId
ExitProcess
TlsSetValue
SetPriorityClass
TlsGetValue
GetCurrentThread
OpenThreadToken
GetCurrentProcessId
TlsAlloc
TlsFree
CreateThread
GetCurrentThreadId
CreateProcessW
ResumeThread
CreateProcessAsUserW
OpenProcessToken
GetExitCodeProcess
TerminateProcess
GetExitCodeThread
GetThreadId
SetThreadPriority
GetThreadPriority
GetCurrentProcess
SetThreadToken
ProcessIdToSessionId
OpenThread

api-ms-win-core-string-l2-1-0

CharUpperW
CharUpperBuffW
IsCharAlphaW
CharLowerBuffW
CharNextW
CharPrevW
CharLowerW

api-ms-win-core-file-l2-1-0

ReplaceFileW
MoveFileExW
CreateHardLinkW
CopyFile2
ReadDirectoryChangesW
GetFileInformationByHandleEx

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
GetCommandLineW
SearchPathW
GetEnvironmentVariableW
ExpandEnvironmentStringsA
SetEnvironmentVariableW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-localization-l1-2-0

IsValidLocaleName
LCMapStringW
FindNLSString
GetThreadUILanguage
GetUserPreferredUILanguages
GetCPInfo
IsDBCSLeadByte
GetACP
GetUserDefaultLangID
LCMapStringEx
ResolveLocaleName
GetSystemPreferredUILanguages
LocaleNameToLCID
FindNLSStringEx
GetLocaleInfoW
GetUserDefaultLCID
VerLanguageNameW
GetSystemDefaultLangID
FormatMessageW
GetSystemDefaultLCID
GetThreadLocale

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorOwner
ImpersonateSelf
DeleteAce
IsWellKnownSid
GetSidIdentifierAuthority
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSidSubAuthorityCount
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetSecurityDescriptorControl
DuplicateToken
SetFileSecurityW
FreeSid
AllocateAndInitializeSid
AddAccessDeniedAceEx
InitializeAcl
SetSecurityDescriptorOwner
AddAccessAllowedAceEx
AddAce
GetAce
GetAclInformation
CopySid
IsValidSid
AdjustTokenPrivileges
AccessCheck
DuplicateTokenEx
GetFileSecurityW
CheckTokenMembership
CreateWellKnownSid
EqualSid
GetTokenInformation
RevertToSelf
GetLengthSid
SetTokenInformation

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
HeapDestroy
HeapFree
GetProcessHeap

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformationForYear
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolWait
CloseThreadpoolWork
CreateThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetProcessImageFileNameW

api-ms-win-core-path-l1-1-0

PathCchRenameExtension
PathCchRemoveExtension
PathCchCombineEx
PathCchStripPrefix
PathAllocCanonicalize
PathAllocCombine
PathIsUNCEx
PathCchCanonicalize
PathCchAppendEx
PathCchAddBackslash
PathCchAppend
PathCchAddBackslashEx
PathCchStripToRoot
PathCchCombine
PathCchRemoveFileSpec
PathCchRemoveBackslash
PathCchSkipRoot
PathCchAddExtension

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
CancelIoEx
GetOverlappedResult
CreateIoCompletionPort
DeviceIoControl

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetNativeSystemInfo

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
IsWow64Process
Wow64DisableWow64FsRedirection

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-wow64-l1-1-1

IsWow64Process2
GetSystemWow64DirectoryW

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-sysinfo-l1-2-3

GetIntegratedDisplaySize

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventProviderEnabled
EventUnregister
EventRegister

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrTrimA
StrCmpNA
StrStrW
StrCmpNIA
StrChrW
StrStrIW
StrStrIA
StrDupW
StrStrA
StrCmpCW
StrToIntW
StrCmpNIW
StrCmpNW
StrRStrIW
StrRChrA
QISearch
StrToIntA
StrRChrIA
StrSpnW
StrPBrkW
StrCmpNCW
StrRChrIW
StrRStrIA
StrCpyNXW
StrCSpnW
StrCmpLogicalW
StrChrIW
StrChrIA
StrRChrW
StrChrA
StrCmpW
StrCmpNICW
StrCmpICA
StrDupA
StrCmpIW
StrCmpICW
StrToIntExW
StrTrimW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpA
lstrcmpiW
lstrlenA
lstrlenW
lstrcmpW

api-ms-win-core-stringansi-l1-1-0

CharNextA
CharPrevA

api-ms-win-core-privateprofile-l1-1-0

WritePrivateProfileStringW
GetProfileIntW
GetPrivateProfileSectionW
GetProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalUnlock
GlobalLock
LocalSize
GlobalFlags
GlobalReAlloc

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetNumberFormatW
GetUserDefaultUILanguage
EnumUILanguagesW

api-ms-win-core-atoms-l1-1-0

GetAtomNameW
FindAtomW
GlobalGetAtomNameW
GlobalDeleteAtom
GlobalAddAtomW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathCommonPrefixW
PathCombineW
PathIsRootW
PathStripPathW
PathIsSameRootW
PathGetArgsW
PathIsValidCharW
PathStripToRootW
PathIsRelativeW
PathIsFileSpecW
PathMatchSpecW
PathRemoveFileSpecW
PathFileExistsW
PathSkipRootW
PathGetDriveNumberW
PathGetCharTypeW
PathAppendW
PathAddBackslashW
PathFindNextComponentW
PathRemoveBackslashW
PathMatchSpecExW
PathRemoveFileSpecA
SHExpandEnvironmentStringsA
PathIsUNCW
PathRemoveBlanksW
SHExpandEnvironmentStringsW
PathIsRootA
PathQuoteSpacesA
PathIsPrefixW
PathAppendA
PathFindExtensionW
PathIsUNCServerW
PathQuoteSpacesW
PathIsUNCServerShareW
PathUnquoteSpacesW
PathUnExpandEnvStringsW
PathParseIconLocationW
IsCharSpaceW
PathFindFileNameW
PathRemoveExtensionW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
UnregisterWait
SetVolumeLabelW
RegisterWaitForSingleObject
MulDiv
WTSGetActiveConsoleSessionId
GetSystemPowerStatus
GetShortPathNameA

api-ms-win-core-kernel32-legacy-l1-1-1

PowerClearRequest
PowerCreateRequest
PowerSetRequest

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-kernel32-legacy-l1-1-2

GetBinaryTypeW

api-ms-win-core-url-l1-1-0

UrlEscapeW
UrlUnescapeA
UrlApplySchemeW
UrlGetPartW
UrlUnescapeW
HashData
UrlFixupW
UrlCanonicalizeW
UrlCreateFromPathW
PathCreateFromUrlAlloc
UrlCompareW
ParseURLW
PathIsURLW
PathCreateFromUrlW
UrlIsW

api-ms-win-core-registryuserspecific-l1-1-0

SHRegOpenUSKeyW
SHRegEnumUSKeyW
SHRegOpenUSKeyA
SHRegGetUSValueW
SHRegGetBoolUSValueW
SHRegQueryUSValueW
SHRegCloseUSKey

api-ms-win-core-kernel32-private-l1-1-0

CheckElevation
CheckElevationEnabled
Wow64EnableWow64FsRedirection

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
CreateActCtxW
QueryActCtxW
ActivateActCtx
ReleaseActCtx

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

kernelbase

GetCurrentPackageInfo
GetPackagesByPackageFamily
GetPackageFullName
OpenState
OpenStateExplicit
GetStateFolder
CloseState
ExtensionProgIdExists
GetExtensionProgIds
ParseApplicationUserModelId
PackageNameAndPublisherIdFromFamilyName
GetEffectivePackageStatusForUser
NotifyRedirectedStringChange
GetStagedPackagePathByFullName2
IsMrtResourceRedirectionEnabled
OpenPackageInfoByFullName
GetPackageInfo
ClosePackageInfo
GetSystemAppDataKey

user32

wsprintfW
UnpackDDElParam
DdeInitializeW
DdeUninitialize
DdeNameService
DdeDisconnect
DdeQueryStringW
DdeFreeStringHandle
DdeCreateStringHandleW
DdeCreateDataHandle
DdeGetLastError
DdeGetData
DdeQueryConvInfo
WaitMessage
LockWindowUpdate
EnumDisplaySettingsW
GetClassLongW
SetShellWindowEx
EnumDisplayMonitors
ord2707
CreateAcceleratorTableW
GetMessageTime
LoadBitmapW
CheckRadioButton
ClientToScreen
IsRectEmpty
SetParent
WindowFromPoint
GetSystemMenu
PostThreadMessageW
SetDialogDpiChangeBehavior
IsDialogMessageW
SetCapture
ReleaseCapture
GetCapture
TrackPopupMenuEx
MonitorFromRect
GetClassInfoExW
SetMenuInfo
SetCoalescableTimer
CallNextHookEx
CallWindowProcW
SetScrollPos
ord2705
ShowScrollBar
SetScrollInfo
SetWindowRgn
SetWindowsHookExW
UnhookWindowsHookEx
GetDialogBaseUnits
GetLastInputInfo
SystemParametersInfoA
WinHelpW
CreateWindowExW
FindWindowExW
RegisterWindowMessageA
DrawTextExW
ActivateKeyboardLayout
AdjustWindowRectExForDpi
SubtractRect
CreateWindowIndirect
SetLayeredWindowAttributes
GetWindowDC
GetPointerDevices
SetRectEmpty
DialogBoxParamW
GetDpiForWindow
BroadcastSystemMessageW
SetThreadDpiAwarenessContext
EnumChildWindows
CloseClipboard
SetClipboardData
GetClipboardData
OpenClipboard
EnumPropsExW
RedrawWindow
CloseDesktop
OpenInputDesktop
CreateWindowInBand
GetDpiForSystem
GetSystemMetricsForDpi
EndDeferWindowPos
BeginDeferWindowPos
AdjustWindowRect
GetDlgCtrlID
SetShellChangeNotifyWindow
GetShellChangeNotifyWindow
GetShellWindow
RegisterDeviceNotificationW
UnregisterDeviceNotification
SendMessageCallbackW
MessageBoxW
DeferWindowPos
CopyAcceleratorTableW
MoveWindow
AttachThreadInput
DefWindowProcA
IsWindowUnicode
RegisterShellHookWindow
DeregisterShellHookWindow
SetTaskmanWindow
GetTaskmanWindow
GetClassInfoW
GetWindowTextLengthW
CopyImage
MapDialogRect
SetActiveWindow
GetWindowBand
DrawIconEx
IsProcessDPIAware
GetProcessDefaultLayout
AllowSetForegroundWindow
IsSETEnabled
EqualRect
IntersectRect
MonitorFromWindow
GetAsyncKeyState
ord2521
UpdateLayeredWindow
IsChild
UnionRect
EnumDisplayDevicesW
SetWindowCompositionAttribute
RegisterClassExW
GetScrollInfo
SendMessageTimeoutW
IsIconic
CopyIcon
GetPropW
RemovePropW
SetPropW
IsMenu
ModifyMenuW
GetMenuState
CountClipboardFormats
IsHungAppWindow
GetClipboardOwner
GetWindowPlacement
MsgWaitForMultipleObjects
ExitWindowsEx
DisplayConfigGetDeviceInfo
SetRect
GetMonitorInfoW
MonitorFromPoint
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
ChangeWindowMessageFilterEx
RegisterWindowMessageW
GetMessagePos
GetKeyboardLayout
SetClipboardViewer
TranslateAcceleratorW
CreateMenu
InsertMenuW
EndMenu
DestroyAcceleratorTable
GetMessageExtraInfo
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
ChangeClipboardChain
MapWindowPoints
GetMenuItemID
EnableMenuItem
InsertMenuItemW
GetFocus
CheckMenuItem
CheckMenuRadioItem
AppendMenuW
GetDoubleClickTime
MessageBeep
TrackPopupMenu
SetMessageExtraInfo
SetMenuDefaultItem
SetMenuItemInfoW
LoadAcceleratorsW
PtInRect
GetMenuStringW
GetDesktopWindow
GetForegroundWindow
NotifyWinEvent
SendNotifyMessageW
SystemParametersInfoW
GetMenuItemInfoW
GetMenuItemCount
EnumWindows
IsWindow
WaitForInputIdle
GetWindowThreadProcessId
GetMenuDefaultItem
GetLastActivePopup
SwitchToThisWindow
GetCursorPos
RegisterClipboardFormatW
GetWindow
FindWindowW
GetClassNameW
GetAncestor
MsgWaitForMultipleObjectsEx
PeekMessageW
PostQuitMessage
SetForegroundWindow
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
LoadMenuW
GetSubMenu
RemoveMenu
DeleteMenu
DestroyMenu
CreatePopupMenu
SetProcessDPIAware
DispatchMessageW
TranslateMessage
GetMessageW
IsWindowVisible
GetUpdateRect
TrackMouseEvent
UpdateWindow
KillTimer
SetTimer
AdjustWindowRectEx
DestroyWindow
EnableWindow
SetFocus
GetDlgItemInt
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
GetDlgItemTextA
GetKeyState
MapVirtualKeyW
GrayStringW
IsWindowEnabled
TabbedTextOutW
DrawTextW
EndPaint
DrawFrameControl
FillRect
DrawEdge
InflateRect
OffsetRect
BeginPaint
GetSysColorBrush
CopyRect
DefWindowProcW
GetWindowRect
UnregisterClassW
RegisterClassW
ReleaseDC
GetDC
PostMessageW
CheckDlgButton
GetParent
CharToOemBuffA
OemToCharBuffA
DrawFocusRect
DrawIcon
GetSysColor
EndDialog
GetWindowLongW
SetWindowLongW
GetWindowTextW
SetWindowPos
GetClientRect
ShowWindow
SetWindowTextW
GetDlgItem
InvalidateRect
LoadCursorW
SetCursor
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
ScreenToClient
SendMessageW
LookupIconIdFromDirectory
CreateIconIndirect
GetIconInfo
DestroyIcon
PrivateExtractIconsW
LoadIconW
GetSystemMetrics
SetSysColors
SystemParametersInfoForDpi
SetShellWindow
SetWinEventHook
UnhookWinEvent
IsWinEventHookInstalled
GetMenuInfo
EmptyClipboard
GetDisplayConfigBufferSizes
QueryDisplayConfig
CreateDialogParamW
ChildWindowFromPoint
SetMenu
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetCurrentInputMessageSource
GetWindowDpiAwarenessContext
LoadImageW
AreDpiAwarenessContextsEqual
LockSetForegroundWindow
ShowCaret
AnimateWindow
GetCursor
HideCaret

ntdll

RtlQueryResourcePolicy
RtlAreLongPathsEnabled
RtlFlushHeaps
EtwEventWriteTransfer
RtlInitUnicodeString
RtlPrefixString
NtQueryInformationFile
RtlNtStatusToDosError
NtCreateFile
NtClose
NtFsControlFile
RtlUnicodeStringToOemString
NtSetInformationFile
NtOpenFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeHeap
NtQueryVolumeInformationFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlReleaseRelativeName
RtlFreeUnicodeString
RtlGetLastNtStatus
RtlQueryEnvironmentVariable_U
NtOpenThreadToken
EtwLogTraceEvent
RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDeleteResource
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
NtSetInformationToken
RtlQueryWnfStateData
RtlGetNtSystemRoot
RtlQueryRegistryValuesEx
RtlCheckRegistryKey
NtQuerySystemInformation
NtQueryObject
RtlIsPartialPlaceholder
NtQueryKey
NtSetSecurityObject
NtQuerySecurityObject
RtlDosPathNameToNtPathName_U
ShipAssert
RtlIsNonEmptyDirectoryReparsePointAllowed
ZwQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlRandomEx
RtlCreateUnicodeString
RtlPublishWnfStateData
NtQueryWnfStateData
RtlCreateServiceSid
RtlLengthRequiredSid
RtlGetNtProductType
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
NtPowerInformation
NtQueryInformationProcess
NtQueryAttributesFile
RtlDosPathNameToRelativeNtPathName_U
NtOpenProcessToken
NtQueryInformationToken
RtlDllShutdownInProgress
RtlGetDeviceFamilyInfoEnum
WinSqmAddToStreamEx
NtSetCachedSigningLevel
NtCompareSigningLevels
NtGetCachedSigningLevel
RtlMapGenericMask
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmAddToStream
EtwTraceMessage
EtwEventWrite
EtwEventEnabled
EtwEventActivityIdControl
EtwEventSetInformation
NtQueryInformationThread
EtwEventRegister
EtwEventUnregister
RtlDestroyEnvironment
RtlSetCurrentEnvironment
RtlCreateEnvironment
RtlExpandEnvironmentStrings_U
RtlSetEnvironmentVariable
RtlInitUnicodeStringEx

gdi32

DeleteObject
GetLayout
SetLayout
SelectObject
ExcludeClipRect
GetStockObject
GetTextMetricsW
AddFontResourceW
PatBlt
SetTextColor
GetTextExtentPoint32W
CreateCompatibleDC
BitBlt
DeleteDC
EnumFontFamiliesA
CreateFontA
SetBkMode
GetDeviceCaps
CreateSolidBrush
OffsetWindowOrgEx
SetWindowOrgEx
GetObjectW
GetTextExtentPointW
CreateDIBSection
CreateDCW
GdiAlphaBlend
CreateCompatibleBitmap
CreateBitmap
GetDIBits
StretchBlt
GdiTransparentBlt
GetTextColor
GetCurrentObject
CreateFontIndirectW
CreatePen
Rectangle
SetTextAlign
SetStretchBltMode
MoveToEx
LineTo
CreatePolygonRgn
GetTextAlign
SetMapMode
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
StretchDIBits
GetClipBox
CreateRectRgn
GetClipRgn
IntersectClipRect
SelectClipRgn
LPtoDP
SetMetaFileBitsEx
PlayMetaFile
DeleteMetaFile
GetViewportOrgEx
ExtSelectClipRgn
PlgBlt
SetDCBrushColor
CreateRectRgnIndirect
RestoreDC
SaveDC
CombineRgn
GetRgnBox
GetRegionData
GetWindowOrgEx
GetObjectType
SetBkColor
ExtTextOutW
SetDIBits
GetDIBColorTable
GetPixel
CreateFontW
GetTextExtentPoint32A
TextOutA

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-job-l2-1-0

AssignProcessToJobObject
CreateJobObjectW
SetInformationJobObject

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AppCompat_RunDLLW
AssocCreateForClasses
AssocElemCreateForKey
AssocGetDetailsOfPropKey
CDefFolderMenu_Create2
CIDLData_CreateFromIDArray
CStorageItem_GetValidatedStorageItemObject
CallFileCopyHook
CheckEscapesW
CommandLineToArgvW
Control_RunDLL
Control_RunDLLA
Control_RunDLLAsUserW
Control_RunDLLW
CreateStorageItemFromPath_FullTrustCaller
CreateStorageItemFromPath_FullTrustCaller_ForPackage
CreateStorageItemFromPath_PartialTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
DAD_AutoScroll
DAD_DragEnterEx
DAD_DragEnterEx2
DAD_DragLeave
DAD_DragMove
DAD_SetDragImage
DAD_ShowDragImage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DriveType
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
FreeIconList
GetCurrentProcessExplicitAppUserModelID
GetFileNameFromBrowse
GetSystemPersistedStorageItemList
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILCreateFromPath
ILCreateFromPathA
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetSize
ILIsEqual
ILIsParent
ILLoadFromStreamEx
ILRemoveLastID
ILSaveToStream
InitNetworkAddressControl
InternalExtractIconListA
InternalExtractIconListW
IsDesktopExplorerProcess
IsLFNDrive
IsLFNDriveA
IsLFNDriveW
IsNetDrive
IsProcessAnExplorer
IsUserAnAdmin
LaunchMSHelp_RunDLLW
OpenAs_RunDLL
OpenAs_RunDLLA
OpenAs_RunDLLW
OpenRegStream
Options_RunDLL
Options_RunDLLA
Options_RunDLLW
PathCleanupSpec
PathGetShortPath
PathIsExe
PathIsSlowA
PathIsSlowW
PathMakeUniqueName
PathQualify
PathResolve
PathYetAnotherMakeUniqueName
PickIconDlg
PifMgr_CloseProperties
PifMgr_GetProperties
PifMgr_OpenProperties
PifMgr_SetProperties
PrepareDiscForBurnRunDllW
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLA
PrintersGetCommand_RunDLLW
ReadCabinetState
RealDriveType
RealShellExecuteA
RealShellExecuteExA
RealShellExecuteExW
RealShellExecuteW
RegenerateUserEnvironment
RestartDialog
RestartDialogEx
RunAsNewUser_RunDLLW
SHAddDefaultPropertiesByExt
SHAddFromPropSheetExtArray
SHAddToRecentDocs
SHAlloc
SHAppBarMessage
SHAssocEnumHandlers
SHAssocEnumHandlersForProtocolByApplication
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
SHBindToObject
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHCLSIDFromString
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifyRegisterThread
SHChangeNotifySuspendResume
SHCloneSpecialIDList
SHCoCreateInstance
SHCoCreateInstanceWorker
SHCreateAssociationRegistration
SHCreateCategoryEnum
SHCreateDataObject
SHCreateDefaultContextMenu
SHCreateDefaultExtractIcon
SHCreateDefaultPropertiesOp
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateDrvExtIcon
SHCreateFileExtractIconW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHCreateItemFromRelativeName
SHCreateItemInKnownFolder
SHCreateItemWithParent
SHCreateLocalServerRunDll
SHCreateProcessAsUserW
SHCreatePropSheetExtArray
SHCreateQueryCancelAutoPlayMoniker
SHCreateShellFolderView
SHCreateShellFolderViewEx
SHCreateShellItem
SHCreateShellItemArray
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHCreateStdEnumFmtEtc
SHDefExtractIconA
SHDefExtractIconW
SHDestroyPropSheetExtArray
SHDoDragDrop
SHELL32_AddToBackIconTable
SHELL32_AddToFrontIconTable
SHELL32_AreAllItemsAvailable
SHELL32_CCommonPlacesFolder_CreateInstance
SHELL32_CDBurn_CloseSession
SHELL32_CDBurn_DriveSupportedForDataBurn
SHELL32_CDBurn_Erase
SHELL32_CDBurn_GetCDInfo
SHELL32_CDBurn_GetLiveFSDiscInfo
SHELL32_CDBurn_GetStagingPathOrNormalPath
SHELL32_CDBurn_GetTaskInfo
SHELL32_CDBurn_IsBlankDisc
SHELL32_CDBurn_IsBlankDisc2
SHELL32_CDBurn_IsLiveFS
SHELL32_CDBurn_OnDeviceChange
SHELL32_CDBurn_OnEject
SHELL32_CDBurn_OnMediaChange
SHELL32_CDefFolderMenu_Create2
SHELL32_CDefFolderMenu_Create2Ex
SHELL32_CDefFolderMenu_MergeMenu
SHELL32_CDrivesContextMenu_Create
SHELL32_CDrivesDropTarget_Create
SHELL32_CDrives_CreateSFVCB
SHELL32_CFSDropTarget_CreateInstance
SHELL32_CFSFolderCallback_Create
SHELL32_CFillPropertiesTask_CreateInstance
SHELL32_CLibraryDropTarget_CreateInstance
SHELL32_CLocationContextMenu_Create
SHELL32_CLocationFolderUI_CreateInstance
SHELL32_CMountPoint_DoAutorun
SHELL32_CMountPoint_DoAutorunPrompt
SHELL32_CMountPoint_IsAutoRunDriveAndEnabledByPolicy
SHELL32_CMountPoint_ProcessAutoRunFile
SHELL32_CMountPoint_WantAutorunUI
SHELL32_CMountPoint_WantAutorunUIGetReady
SHELL32_CNetFolderUI_CreateInstance
SHELL32_CPL_CategoryIdArrayFromVariant
SHELL32_CPL_IsLegacyCanonicalNameListedUnderKey
SHELL32_CPL_ModifyWowDisplayName
SHELL32_CRecentDocsContextMenu_CreateInstance
SHELL32_CTransferConfirmation_CreateInstance
SHELL32_CallFileCopyHooks
SHELL32_CanDisplayWin8CopyDialog
SHELL32_CloseAutoplayPrompt
SHELL32_CommandLineFromMsiDescriptor
SHELL32_CopySecondaryTiles
SHELL32_CreateConfirmationInterrupt
SHELL32_CreateConflictInterrupt
SHELL32_CreateDefaultOperationDataProvider
SHELL32_CreateFileFolderContextMenu
SHELL32_CreateLinkInfoW
SHELL32_CreateQosRecorder
SHELL32_CreateSharePointView
SHELL32_Create_IEnumUICommand
SHELL32_DestroyLinkInfo
SHELL32_EncryptDirectory
SHELL32_EncryptedFileKeyInfo
SHELL32_EnumCommonTasks
SHELL32_FreeEncryptedFileKeyInfo
SHELL32_GenerateAppID
SHELL32_GetAppIDRoot
SHELL32_GetCommandProviderForFolderType
SHELL32_GetDPIAdjustedLogicalSize
SHELL32_GetDiskCleanupPath
SHELL32_GetFileNameFromBrowse
SHELL32_GetIconOverlayManager
SHELL32_GetLinkInfoData
SHELL32_GetRatingBucket
SHELL32_GetSqmableFileName
SHELL32_GetThumbnailAdornerFromFactory
SHELL32_GetThumbnailAdornerFromFactory2
SHELL32_HandleUnrecognizedFileSystem
SHELL32_IconCacheCreate
SHELL32_IconCacheDestroy
SHELL32_IconCacheHandleAssociationChanged
SHELL32_IconCacheRestore
SHELL32_IconCache_AboutToExtractIcons
SHELL32_IconCache_DoneExtractingIcons
SHELL32_IconCache_ExpandEnvAndSearchPath
SHELL32_IconCache_RememberRecentlyExtractedIconsW
SHELL32_IconOverlayManagerInit
SHELL32_IsGetKeyboardLayoutPresent
SHELL32_IsSystemUpgradeInProgress
SHELL32_IsValidLinkInfo
SHELL32_LegacyEnumSpecialTasksByType
SHELL32_LegacyEnumTasks
SHELL32_LookupBackIconIndex
SHELL32_LookupFrontIconIndex
SHELL32_NormalizeRating
SHELL32_NotifyLinkTrackingServiceOfMove
SHELL32_PifMgr_CloseProperties
SHELL32_PifMgr_GetProperties
SHELL32_PifMgr_OpenProperties
SHELL32_PifMgr_SetProperties
SHELL32_Printers_CreateBindInfo
SHELL32_Printjob_GetPidl
SHELL32_PurgeSystemIcon
SHELL32_RefreshOverlayImages
SHELL32_ResolveLinkInfoW
SHELL32_SHAddSparseIcon
SHELL32_SHCreateByValueOperationInterrupt
SHELL32_SHCreateDefaultContextMenu
SHELL32_SHCreateLocalServer
SHELL32_SHCreateShellFolderView
SHELL32_SHDuplicateEncryptionInfoFile
SHELL32_SHEncryptFile
SHELL32_SHFormatDriveAsync
SHELL32_SHGetThreadUndoManager
SHELL32_SHGetUserNameW
SHELL32_SHIsVirtualDevice
SHELL32_SHLaunchPropSheet
SHELL32_SHLogILFromFSIL
SHELL32_SHOpenWithDialog
SHELL32_SHStartNetConnectionDialogW
SHELL32_SHUICommandFromGUID
SHELL32_SendToMenu_InvokeTargetedCommand
SHELL32_SendToMenu_VerifyTargetedCommand
SHELL32_ShowHideIconOnlyOnDesktop
SHELL32_SimpleRatingToFilterCondition
SHELL32_StampIconForFile
SHELL32_SuspendUndo
SHELL32_TryVirtualDiscImageDriveEject
SHELL32_VerifySaferTrust
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHEnableServiceObject
SHEnumerateUnreadMailAccountsW
SHEvaluateSystemCommandTemplate
SHExecuteErrorMessageBox
SHExtractIconsW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFindFiles
SHFind_InitMenuPopup
SHFlushSFCache
SHFormatDrive
SHFree
SHFreeNameMappings
SHGetAttributesFromDataObject
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetDriveMedia
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathEx
SHGetFolderPathW
SHGetIDListFromObject
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetImageList
SHGetInstanceExplorer
SHGetItemFromDataObject
SHGetItemFromObject
SHGetKnownFolderIDList
SHGetKnownFolderItem
SHGetKnownFolderPath
SHGetLocalizedName
SHGetMalloc
SHGetNameFromIDList
SHGetNewLinkInfo
SHGetNewLinkInfoA
SHGetNewLinkInfoW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListEx
SHGetPathFromIDListW
SHGetPropertyStoreForWindow
SHGetPropertyStoreFromIDList
SHGetPropertyStoreFromParsingName
SHGetRealIDL
SHGetSetFolderCustomSettings
SHGetSetSettings
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHGetTemporaryPropertyForItem
SHGetUnreadMailCountW
SHHandleUpdateImage
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SHHelpShortcuts_RunDLLW
SHILCreateFromPath
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLimitInputEdit
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHMapPIDLToSystemImageListIndex
SHMultiFileProperties
SHObjectProperties
SHOpenFolderAndSelectItems
SHOpenPropSheetW
SHOpenWithDialog
SHParseDisplayName
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHPropStgCreate
SHPropStgReadMultiple
SHPropStgWriteMultiple
SHQueryRecycleBinA
SHQueryRecycleBinW
SHQueryUserNotificationState
SHRemoveLocalizedName
SHReplaceFromPropSheetExtArray
SHResolveLibrary
SHRestricted
SHSetDefaultProperties
SHSetFolderPathA
SHSetFolderPathW
SHSetInstanceExplorer
SHSetKnownFolderPath
SHSetLocalizedName
SHSetTemporaryPropertyForItem
SHSetUnreadMailCountW
SHShellFolderView_Message
SHShowManageLibraryUI
SHSimpleIDListFromPath
SHStartNetConnectionDialogW
SHTestTokenMembership
SHUpdateImageA
SHUpdateImageW
SHUpdateRecycleBinIcon
SHValidateUNC
SetCurrentProcessExplicitAppUserModelID
SheChangeDirA
SheChangeDirExW
SheGetDirA
SheSetCurDrive
ShellAboutA
ShellAboutW
ShellExec_RunDLL
ShellExec_RunDLLA
ShellExec_RunDLLW
ShellExecuteA
ShellExecuteEx
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
ShellHookProc
ShellMessageBoxA
ShellMessageBoxW
Shell_GetCachedImageIndex
Shell_GetCachedImageIndexA
Shell_GetCachedImageIndexW
Shell_GetImageLists
Shell_MergeMenus
Shell_NotifyIcon
Shell_NotifyIconA
Shell_NotifyIconGetRect
Shell_NotifyIconW
SignalFileOpen
StateRepoNewMenuCache_EnsureCacheAsync
StateRepoNewMenuCache_RebuildCacheAsync
StgMakeUniqueName
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrNCmpA
StrNCmpIA
StrNCmpIW
StrNCmpW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrA
StrRStrIA
StrRStrIW
StrRStrW
StrStrA
StrStrIA
StrStrIW
StrStrW
UsersLibrariesFolderUI_CreateInstance
WOWShellExecute
WaitForExplorerRestartW
Win32DeleteFile
WriteCabinetState

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archive/appupdate/dll/SetupCleanupTask.dll
archive/appupdate/dll/setupcln.dll
archive/appupdate/dll/shdocvw.dll
archive/appupdate/dll/shell32.dll
archive/appupdate/dll/shsetup.dll
archive/appupdate/res_mods/WMVDECOD.DLL
.dll regsvr32 windows:10 windows x86 arch:x86

009d0d10fab20450e00e9bfb20333b46

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:fa:e3:9d:92:b2:0f:a3:ea:08:2b:a6:8e:15:f2:2c:48:83:99:ca:0a:d0:4e:8c:4c:ea:3e:b6:f3:22:f1:45
Signer

Actual PE Digest

33:fa:e3:9d:92:b2:0f:a3:ea:08:2b:a6:8e:15:f2:2c:48:83:99:ca:0a:d0:4e:8c:4c:ea:3e:b6:f3:22:f1:45

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wmvdecod.pdb

Imports

msvcrt

__dllonexit
_callnewh
calloc
_unlock
time
memmove
memcpy_s
_except_handler4_common
fopen
fclose
_initterm
floor
_onexit
perror
wcsnlen
strnlen
memcpy
fprintf
asctime
fflush
_wfopen
localtime
fwprintf
puts
printf
__CxxFrameHandler3
?terminate@@YAXXZ
memcmp
_vsnwprintf
srand
ceil
_ftol2_sse
_ftol2
_CItan
_amsg_exit
_lock
malloc
rand
free
_purecall
_XcptFilter
_CIasin
_CIcos
_CIsin
_CIsqrt
memset

mfperfhelper

ord96
ord102
ord105
ord103
ord1
ord104

ntdll

RtlNtStatusToDosError
RtlGetPersistedStateLocation

api-ms-win-core-registry-l1-1-0

RegSetValueExA
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteTreeW
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW
SetEvent
EnterCriticalSection
CreateEventW
InitializeCriticalSection
ResetEvent
WaitForSingleObject
LeaveCriticalSection
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
DeleteCriticalSection

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleW
LoadLibraryExA
GetModuleFileNameW
FreeLibrary

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount64
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetVersionExW
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventWrite
EventUnregister
EventSetInformation
EventRegister

oleaut32

VariantInit
SysAllocString
SysFreeString

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-security-cryptoapi-l1-1-0

CryptExportKey
CryptGenKey
CryptEncrypt
CryptAcquireContextA
CryptReleaseContext
CryptAcquireContextW
CryptDestroyKey
CryptImportKey
CryptGenRandom

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
SetThreadPriority
GetExitCodeThread
GetThreadPriority
GetCurrentProcess
GetCurrentThread
CreateThread
ResumeThread
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processtopology-obsolete-l1-1-0

GetProcessAffinityMask
SetThreadAffinityMask

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameA

api-ms-win-core-debug-l1-1-0

DebugBreak

msdmo

DMOUnregister
MoCreateMediaType
DMORegister
MoDuplicateMediaType
MoCopyMediaType
MoFreeMediaType
MoInitMediaType
MoDeleteMediaType

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

CreateInstance
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetVC1DecoderFunctionTable

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.no_bbt
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archive/appupdate/res_mods/wsp_fs.dll
.dll regsvr32 windows:10 windows x86 arch:x86

c0efa317fb2c349ca71a94dbf377a2de

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:48:94:0b:15:a9:b9:86:5a:dc:91:68:f9:69:1b:2f:00:dd:05:64:f2:b5:1f:51:b8:4a:3a:76:d7:05:c7:71
Signer

Actual PE Digest

69:48:94:0b:15:a9:b9:86:5a:dc:91:68:f9:69:1b:2f:00:dd:05:64:f2:b5:1f:51:b8:4a:3a:76:d7:05:c7:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wsp_fs.pdb

Imports

ntdll

RtlRemoveVectoredExceptionHandler
RtlUnwind
NtQuerySystemInformation
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
RtlNtStatusToDosError
RtlEnumerateGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount64
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress
LoadStringW
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
GetModuleFileNameW
FreeLibrary

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
GetStartupInfoW
TlsSetValue
TlsFree
ExitProcess
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
SetThreadToken
OpenProcessToken
OpenThreadToken
TlsAlloc
GetCurrentThreadId
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
HeapAlloc

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
ReleaseSRWLockShared
InitializeCriticalSection
CreateEventW
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
EnterCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
GetCommandLineW
GetEnvironmentVariableW
SetStdHandle
FreeEnvironmentStringsW
GetStdHandle
GetCommandLineA

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
GetFileAttributesW
GetVolumePathNameW
FindVolumeClose
GetFileType
SetFilePointerEx
CreateDirectoryW
FindFirstFileW
GetDiskFreeSpaceExW
FindNextVolumeW
FindFirstVolumeW
FindNextFileW
FindFirstFileExW
FindClose
WriteFile
GetDriveTypeW
GetVolumeInformationW
FlushFileBuffers
CreateFileW

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
CompareStringOrdinal
CompareStringEx
MultiByteToWideChar
CompareStringW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageA
LCMapStringEx
GetACP
GetOEMCP
LCMapStringW
GetCPInfo
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FormatMessageW
IsValidCodePage

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
GetConsoleMode
WriteConsoleW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsAlloc
FlsGetValue
FlsSetValue

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

DeleteAce
IsValidSid
ImpersonateLoggedOnUser
DuplicateTokenEx
AddAccessAllowedAceEx
EqualSid
CopySid
AddAccessDeniedAceEx
IsValidAcl
MakeAbsoluteSD
GetAclInformation
GetAce
GetTokenInformation
AddAce
GetLengthSid
InitializeAcl
FreeSid

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW
LookupAccountSidW

api-ms-win-security-provider-l1-1-0

GetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW

netapi32

NetApiBufferFree
DsGetDcNameW

clusapi

ClusterOpenEnumEx
CloseClusterNetInterface
MoveClusterGroup
CloseCluster
DestroyCluster
CloseClusterNetwork
CloseClusterResource
CloseClusterGroup
GetClusterFromResource
GetClusterNodeKey
OpenClusterNode
ClusterGetEnumCount
ClusterCloseEnum
OpenClusterResource
ClusterEnum
ClusterOpenEnum
OpenCluster
ClusterRegCloseKey
GetClusterResourceKey
GetClusterKey
ClusterRegSetValue
ClusterRegQueryValue
GetClusterNotifyV2
RegisterClusterResourceTypeNotifyV2
CreateClusterNotifyPortV2
CCHlpCreateClusterNameInAD
CCHlpConfigureNode
CreateCluster
CCHlpGetDNSHostLabel
GetNodeClusterState
DeleteClusterResourceType
ClusterResourceTypeControl
GetClusterNetInterfaceState
ClusterNetInterfaceControl
OpenClusterNetInterfaceEx
GetClusterNetworkState
ClusterNetworkControl
SetClusterNetworkName
OpenClusterNetworkEx
EvictClusterNodeEx
ResumeClusterNodeEx
PauseClusterNodeEx
GetClusterNodeState
ClusterNodeControl
OpenClusterNodeEx
CreateClusterResource
SetClusterGroupNodeList
SetClusterGroupName
CancelClusterGroupOperation
MoveClusterGroupEx
OnlineClusterGroupEx
OfflineClusterGroupEx
DeleteClusterGroup
DestroyClusterGroup
GetClusterGroupState
ClusterGroupControl
OpenClusterGroupEx
RemoveClusterResourceNode
AddClusterResourceNode
FailClusterResource
RestartClusterResource
SetClusterResourceDependencyExpression
GetClusterResourceDependencyExpression
RemoveClusterResourceDependency
AddClusterResourceDependency
ChangeClusterResourceGroup
OnlineClusterResourceEx
OfflineClusterResourceEx
DeleteClusterResource
GetClusterResourceState
SetClusterResourceName
ClusterResourceControl
OpenClusterResourceEx
ClusterUpgradeFunctionalLevel
CCHlpAddNodeUpdateCluster
CCHlpGetClusterServiceSecret
ClusterEnumEx
CreateClusterResourceType
CreateClusterGroupEx
SetClusterName
SetClusterQuorumResource
RemoveResourceFromClusterSharedVolumes
AddResourceToClusterSharedVolumes
ClusterControl
GetClusterQuorumResource
GetClusterInformation
AddClusterNode
OpenClusterEx
CloseClusterNotifyPort
ClusterNetworkCloseEnum
ClusterResourceTypeCloseEnum
ClusterResourceCloseEnum
ClusterGroupCloseEnum
ClusterCloseEnumEx
ClusterNodeCloseEnumEx
ClusterGroupCloseEnumEx
ClusterResourceCloseEnumEx
ClusterResourceGetEnumCountEx
ClusterResourceEnumEx
ClusterResourceOpenEnumEx
ClusterGroupGetEnumCountEx
ClusterGroupEnumEx
ClusterGroupOpenEnumEx
ClusterGroupGetEnumCount
ClusterGroupEnum
ClusterGroupOpenEnum
ClusterNetworkGetEnumCount
ClusterNetworkEnum
ClusterNetworkOpenEnum
ClusterResourceGetEnumCount
ClusterResourceEnum
ClusterResourceOpenEnum
ClusterResourceTypeGetEnumCount
ClusterResourceTypeEnum
ClusterResourceTypeOpenEnum
ClusterNodeGetEnumCountEx
ClusterNodeEnumEx
ClusterNodeOpenEnumEx
ClusterGetEnumCountEx
CloseClusterNode

mispace

WspProviderEnter
WspProviderExit
WspIsRemoteInstance
WspGetRemoteInstance
WspInvokeRemoteMethod
WspReferencesOfRemoteInstance
WspGetSubsystemFilter
WspFreeString
WspPackObjectId
WspUnpackObjectId
WspEnumerateRemoteInstances

ws2_32

GetAddrInfoW
htons
WSAGetLastError
WSAAddressToStringW
FreeAddrInfoW
WSAStringToAddressW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceInitialize
Sleep

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoCreateInstanceEx
CoInitializeEx

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork

crypt32

CryptProtectMemory
CryptUnprotectMemory

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

iphlpapi

IcmpCreateFile
IcmpSendEcho
Icmp6SendEcho2
IcmpCloseHandle
Icmp6CreateFile

oleaut32

SysFreeString
SysAllocString

dnsapi

DnsFlushResolverCacheEntry_W

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueEx

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

cryptsp

CryptReleaseContext
CryptAcquireContextW
CryptGenRandom

sscore

SsCoreUninitialize

ntdsapi

DsUnBindW
DsBindWithCredW

mi

mi_clientFT_V1
MI_Application_InitializeV1

wldap32

ord140
ord13
ord97
ord224
ord14
ord18
ord88
ord73
ord79
ord41
ord26
ord142
ord145
ord203

api-ms-win-security-activedirectoryclient-l1-1-0

DsCrackNamesW
DsFreeNameResultW
DsFreePasswordCredentials

resutils

ResUtilGetResourceName

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main
PreShutdown
SetShutdownCallback
SmpUnload

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archive/appupdate/updates/Cache_Data/SettingMonitor.dll
archive/appupdate/updates/SettingSync.dll
.dll windows:10 windows x86 arch:x86

8c0b06a6dc7134f150b4d35c6018a5b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SettingSync.pdb

Imports

msvcrt

_unlock
_XcptFilter
?what@exception@@UBEPBDXZ
??8type_info@@QBEHABV0@@Z
__CxxFrameHandler3
wcsncmp
_lock
_ftol2
_CIsqrt
_initterm
_amsg_exit
?terminate@@YAXXZ
__dllonexit
_callnewh
memcmp
_CxxThrowException
wcsstr
_get_errno
_set_errno
wcschr
sprintf
_vsnprintf
memmove_s
realloc
malloc
free
_purecall
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??3@YAXPAX@Z
memcpy_s
_onexit
iswalnum
swscanf_s
wcstok
wcstoul
wcscpy_s
_wcsicmp
swscanf
memcpy
memmove
??0exception@@QAE@ABQBD@Z
??1type_info@@UAE@XZ
??0exception@@QAE@ABQBDH@Z
_vsnwprintf
??_V@YAXPAX@Z
_except_handler4_common
memset

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleHandleA
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
OpenSemaphoreW
CreateSemaphoreExW
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionEx
ReleaseSemaphore
CreateEventExW
WaitForMultipleObjectsEx
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseMutex
EnterCriticalSection
OpenEventW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateMutexExW
SetEvent
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
OpenThreadToken
CreateProcessW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
OpenProcessToken

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetLocaleInfoEx
GetUserDefaultLocaleName
SetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenCurrentUser

api-ms-win-core-file-l1-1-0

GetFileAttributesExW
DeleteFileW
CompareFileTime

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable
Sleep

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchCombine

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventing-controller-l1-1-0

StopTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindNextComponentW
SHExpandEnvironmentStringsW
PathFileExistsW
PathRelativePathToW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpICW
QISearch

api-ms-win-shlwapi-winrt-storage-l1-1-1

IUnknown_GetWindow
ord187
ord635

api-ms-win-rtcore-ntuser-window-l1-1-0

FindWindowExW
PostQuitMessage
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
SendNotifyMessageW
FindWindowW
GetClassNameW

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetSystemMetrics

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

coremessaging

CoreUICreate

ntdll

RtlGetSuiteMask
NtQueryInformationToken
NtQueryInformationProcess
RtlGetDeviceFamilyInfoEnum

coreuicomponents

CoreUIFactoryCreate

slc

SLIsWindowsGenuineLocal

wevtapi

EvtOpenChannelConfig
EvtSetChannelConfigProperty
EvtSaveChannelConfig
EvtClose

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-localization-private-l1-1-0

LoadStringByReference

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archive/appupdate/updates/SettingSyncCore.dll
archive/file.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

d4507c7f09be29de7cd221acbab1d940

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

user32

gdi32

ole32

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-atoms-l1-1-0

gdiplus

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 42KB - Virtual size: 45KB

.idata Size: 12KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 208B

.rsrc Size: 184KB - Virtual size: 184KB

.reloc Size: 83KB - Virtual size: 83KB

4ef9dd17b2dd2bd94216badd5e2ef3b4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

umpdc

ntdll

api-ms-win-appmodel-runtime-internal-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-service-core-l1-1-0

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 42KB - Virtual size: 45KB

.idata
Size: 12KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 208B

.rsrc
Size: 184KB - Virtual size: 184KB

.reloc
Size: 83KB - Virtual size: 83KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 28KB - Virtual size: 133KB

.idata
Size: 18KB - Virtual size: 18KB

.didat
Size: 1024B - Virtual size: 548B

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 99KB - Virtual size: 98KB