x64_x32_installer__v3[.]4[.]7[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

x64_x32_installer__v3.4.7.zip
Size

33.3MB
MD5

95b737b0515fde84d127fde171332cee
SHA1

b0e86f6364e9679cfacbedef3136af7d6c96f5d1
SHA256

c0327b3010e413627af4625dad5eb8b86cf2de16170a116cab1d5f3854552f34
SHA512

1c926ddfcaea7fe271c6698e1cfb61ff48db2c6e6f184f276f9f25d9390493b249a53e1c7018d81ff5dee5eb9f4d842fa0d4f9faeb089b4c23baaf4ef6467bed
SSDEEP

786432:xUFbxOwDtV+97tuSHP7Csyg9C+eiubhF72BtkwrfaDEbd0SJ/:++V7zNezRWtkgyMSSl

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bisrv/bisrv.dll
unpack001/bisrv/sbe.dll
unpack001/logoncli/credprovslegacy.dll
unpack001/logoncli/cryptcatsvc.dll
unpack001/logoncli/dialclient.dll
unpack001/msdtcprx/PushToInstall.dll
unpack001/msdtcprx/msdtcprx.dll
unpack001/msdtcprx/msfeeds.dll
unpack001/msdtcprx/radardt.dll
unpack001/wmvdspa/WiFiConfigSP.dll
unpack001/wmvdspa/WorkfoldersControl.dll
unpack001/wmvdspa/wiadss.dll
unpack001/wmvdspa/wmvdspa.dll

Files

x64_x32_installer__v3.4.7.zip
.zip
bisrv/bisrv.dll
.dll windows:10 windows x64 arch:x64

70c0d8563d26b207db00e647bcd1cbb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bisrv.pdb

Imports

msvcrt

memcmp
wcstok_s
_set_errno
_wcsdup
memmove_s
qsort
_wcsicmp
_errno
wcscpy_s
wcsnlen
_vsnwprintf
memcpy
_callnewh
memmove
_onexit
__dllonexit
_unlock
_lock
toupper
strtoul
__CxxFrameHandler3
__C_specific_handler
swscanf_s
_initterm
malloc
_wcsnicmp
_amsg_exit
_XcptFilter
free
_ui64tow_s
_purecall
memcpy_s
wcstoul
_get_errno
memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

ntdll

RtlRbRemoveNode
ZwUpdateWnfStateData
NtQueryAttributesFile
RtlNtStatusToDosError
RtlQueryWnfStateData
NtSetValueKey
NtCreateFile
NtSaveKeyEx
NtCreateKey
NtLoadKeyEx
NtDeleteValueKey
RtlAcquirePrivilege
NtDeleteFile
TpReleaseWait
NtOpenKey
RtlReleasePrivilege
RtlAppendUnicodeToString
NtEnumerateKey
RtlRunOnceComplete
RtlAppendUnicodeStringToString
NtDeleteKey
RtlCompareUnicodeString
TpWaitForWait
TpAllocWait
RtlRunOnceBeginInitialize
RtlRbInsertNodeEx
TpSetWait
TpReleasePool
TpAllocPool
RtlUnsubscribeWnfNotificationWaitForCompletion
NtClearEvent
TpSetPoolMaxThreads
NtWriteVirtualMemory
RtlStringFromGUIDEx
TpSetWaitEx
NtSetEvent
RtlRegisterForWnfMetaNotification
NtReadVirtualMemory
RtlAcquireSRWLockExclusive
RtlCopyUnicodeString
RtlReleaseSRWLockExclusive
RtlInitializeSRWLock
RtlUnsubscribeWnfStateChangeNotification
RtlNtStatusToDosErrorNoTeb
RtlWaitForWnfMetaNotification
RtlPublishWnfStateData
NtQuerySystemInformation
NtQueryInformationProcess
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlGetNextEntryHashTable
RtlLookupEntryHashTable
RtlCreateHashTable
NtDuplicateObject
RtlWakeAddressAll
RtlInsertEntryHashTable
NtOpenProcess
NtCreateEvent
RtlLengthSid
RtlCompareUnicodeStrings
RtlFreeUnicodeString
RtlStringFromGUID
RtlQueryUnbiasedInterruptTime
NtQueryValueKey
RtlDeleteHashTable
RtlDuplicateUnicodeString
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlFreeHeap
RtlIsMultiSessionSku
RtlFreeSid
RtlInitEnumerationHashTable
RtlRemoveEntryHashTable
RtlQueryWnfMetaNotification
RtlReAllocateHeap
RtlAddAccessAllowedAceEx
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum
RtlUpcaseUnicodeChar
RtlSetDaclSecurityDescriptor
RtlEndEnumerationHashTable
NtCreateWnfStateName
NtDeleteWnfStateName
RtlAllocateHeap
RtlGUIDFromString
RtlEnumerateEntryHashTable
RtlSetOwnerSecurityDescriptor
RtlEqualSid
RtlQueryPackageIdentityEx
NtOpenThreadToken
TpSetTimerEx
RtlCopySid
RtlWaitOnAddress
RtlQueryPackageClaims
NtQueryInformationToken
TpReleaseTimer
NtOpenProcessToken
RtlValidSid
RtlTestBit
RtlInitializeBitMap
TpReleaseWork
TpWaitForWork
TpPostWork
RtlClearBit
RtlRunOnceExecuteOnce
NtPowerInformation
NtQueryWnfStateData
RtlSetBit
TpAllocWork
TpWaitForTimer
TpAllocTimer
RtlSubscribeWnfStateChangeNotification
TpSetTimer
RtlConvertSidToUnicodeString
NtCreateIRTimer
NtClose
NtSetIRTimer

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateMutexExW
DeleteCriticalSection
WaitForSingleObjectEx
InitializeSRWLock
OpenEventW
ReleaseSRWLockShared
SetEvent
ReleaseSemaphore
InitializeCriticalSectionEx
AcquireSRWLockShared
CreateEventExW
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
EnterCriticalSection
TryAcquireSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-security-base-l1-1-0

InitializeAcl
IsWellKnownSid
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
IsValidSid
CreateWellKnownSid
GetTokenInformation
RevertToSelf
SetSecurityDescriptorOwner
AddAccessAllowedAce
SetSecurityDescriptorGroup
GetLengthSid
CopySid

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
OpenProcessToken
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventRegister
EventProviderEnabled
EventSetInformation
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlCompareMemory

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-lsalookup-l1-1-0

LsaLookupOpenLocalPolicy
LsaLookupFreeMemory
LsaLookupClose
LookupAccountSidLocalW
LsaLookupGetDomainInfo

api-ms-win-core-psm-key-l1-1-0

PsmCreateKey
PsmIsValidKey
PsmGetApplicationNameFromKey
PsmIsDynamicKey
PsmGetPackageFullNameFromKey

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

rpcrt4

RpcRaiseException
NdrServerCallAll
NdrClientCall3
NdrServerCall2
I_RpcBindingInqLocalClientPID
UuidCreate
RpcBindingCreateW
RpcAsyncCompleteCall
NdrAsyncServerCall
RpcBindingBind
I_RpcMapWin32Status
Ndr64AsyncServerCallAll
RpcBindingFree
I_RpcExceptionFilter
RpcEpUnregister
RpcBindingVectorFree
RpcEpRegisterW
RpcServerUnregisterIf
RpcImpersonateClient
RpcRevertToSelf
RpcServerInqBindings
RpcServerRegisterIf3
RpcServerUseProtseqW
RpcServerInqCallAttributesW

api-ms-win-appmodel-runtime-internal-l1-1-4

GetPackageStatusForUserSid

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegEnumKeyW

api-ms-win-core-registry-l1-1-0

RegDeleteValueA
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegEnumValueA

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoUnmarshalInterface
CoIncrementMTAUsage
CoDecrementMTAUsage
CoRegisterClassObject
CoCreateInstance
CLSIDFromString
CoTaskMemAlloc
CoMarshalInterface
CoInitializeEx
CoGetClassObject
CoUninitialize
CreateStreamOnHGlobal
CoDisconnectObject
CoTaskMemFree
CoGetCallContext
CoReleaseMarshalData

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
CreateThreadpoolWork
SubmitThreadpoolWork
CreateThreadpool
SetThreadpoolThreadMinimum
CloseThreadpoolWork
CloseThreadpoolCleanupGroup
IsThreadpoolTimerSet
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
SetThreadpoolThreadMaximum
CloseThreadpool
CloseThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolTimer
SetThreadpoolTimer

resourcepolicyclient

QueryApplicationInterruptiveUIStateByPsmKey
InterruptiveUIStateChanged_Subscribe
CreateResourcePolicyEngineClient
InterruptiveUIStateChanged_Unsubscribe
CreateResourcePolicyStoreClient

umpdc

Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientSetBrokeredProcessId
Pdcv2ActivationClientRegister
Pdcv2ActivationClientActivate
Pdcv2ActivationClientDeactivate

eventaggregation

EaDeleteAggregation
BriUnregisterFromBrokerAvailability
BriCreateBrokeredEventEx
EaSignalAggregatedEvent
BriGetBrokerAvailabilityChangeStamp
BriRegisterToBrokerAvailability
EaCreateAggregation
BriDeleteBrokeredEvent
BriIsBrokerRegistered

rmclient

HamResetExternalResourcePriority
HamCloseActivity
HamTerminateActivityHost
HamPopulateActivityProperties
HamSetExternalResourcePriority
HamStartActivityAsync
HamIsHostBeingDebugged
CrmRegister
CrmActivityFree
HamCreateActivityEx
HamDisconnectFromServer
CrmActivityAllocate
CrmActivityStart
HamConnectToServer
CrmActivityStop
CrmActivityRequest

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-quirks-l1-1-1

QuirkIsEnabledForPackage3

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-processthreads-l1-1-1

OpenProcess

Exports

Exports

PsmBiExtInitialize
PsmBiExtNotifyAppState
PsmBiExtNotifySessionStateChange
PsmBiExtNotifySessionUserStateChange
PsmBiExtNotifyWerReportProgress
PsmBiExtPrepareToSuspendPackage
PsmBiExtResumePackage

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bisrv/biwinrt.dll
.dll windows:10 windows x64 arch:x64

731507425e0162f171397c3bbf3f205c

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:c5:20:80:e1:af:5c:4f:fe:45:40:28:33:3d:0f:75:de:42:4e:a2:2d:e3:30:24:cc:d0:47:be:a0:db:97:eb
Signer

Actual PE Digest

60:c5:20:80:e1:af:5c:4f:fe:45:40:28:33:3d:0f:75:de:42:4e:a2:2d:e3:30:24:cc:d0:47:be:a0:db:97:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

biwinrt.pdb

Imports

msvcrt

?terminate@@YAXXZ
_initterm
memcpy
_amsg_exit
_XcptFilter
__C_specific_handler
memcmp
_unlock
malloc
free
memmove
memmove_s
_vsnprintf_s
realloc
_lock
wcschr
toupper
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
_onexit
__dllonexit
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
memset

ntdll

RtlCompareUnicodeString
RtlInitUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
WinSqmAddToStreamEx
RtlFreeHeap
RtlQueryPackageClaims
RtlAllocateHeap
RtlCompareMemory
RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError
RtlRunOnceBeginInitialize
RtlRunOnceInitialize
RtlReportException
RtlRunOnceComplete
RtlCaptureContext
NtQueryInformationToken

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
OpenSemaphoreW
InitializeCriticalSectionEx
WaitForSingleObjectEx
AcquireSRWLockExclusive
DeleteCriticalSection
CreateEventW
CreateMutexExW
AcquireSRWLockShared
ReleaseSemaphore
WaitForSingleObject
ReleaseSRWLockExclusive
ReleaseMutex
SetEvent
InitializeSRWLock
CreateSemaphoreExW
EnterCriticalSection
TryAcquireSRWLockExclusive
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateStringReference

api-ms-win-core-com-l1-1-0

CoGetClassObject
CoTaskMemFree
CoIncrementMTAUsage
CoDecrementMTAUsage
CreateStreamOnHGlobal
CoUnmarshalInterface
CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoInitialize
RoUninitialize

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalAlloc

oleaut32

SysFreeString

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

rpcrt4

RpcBindingFree
RpcBindingBind
RpcBindingCreateW
NdrClientCall3
RpcExceptionFilter
RpcAsyncCompleteCall
Ndr64AsyncClientCall
RpcAsyncInitializeHandle

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-service-private-l1-1-0

WaitServiceState

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BiRtCreateEventForApp
BiRtDeleteEventForApp
BiRtEnumerateBrokeredEvents
BiRtIsValidActivationTypeForEventType
BiRtQueryBrokerEventId
BiRtRegisterWorkItem
BiRtRegisterWorkItemClsid
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bisrv/rtmpal.dll
.dll windows:6 windows x64 arch:x64

2ba269fcdffb149ed080e02de3798690

Code Sign

33:00:00:01:45:10:eb:f8:9a:d7:99:40:e7:00:00:00:00:01:45
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2019, 19:27

Not After

27/03/2020, 19:27

Subject

CN=Skype Software Sarl,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:d5:d9:23:3e:01:32:37:e5:e3:8e:79:86:82:c9:15:ca:52:46:75:28:03:16:aa:7b:d4:ff:bd:74:75:5e:81
Signer

Actual PE Digest

b3:d5:d9:23:3e:01:32:37:e5:e3:8e:79:86:82:c9:15:ca:52:46:75:28:03:16:aa:7b:d4:ff:bd:74:75:5e:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\MSRTC\msrtc\build.d\output\release\RtmPal.pdb

Imports

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
LoadLibraryExA
DisableThreadLibraryCalls
GetModuleFileNameA
FreeLibrary

ntdll

RtlNtStatusToDosError
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
GetThreadPriority
SetThreadPriority
GetExitCodeThread
GetCurrentThread
TlsSetValue
GetCurrentThreadId
GetCurrentProcessId
TlsFree
OpenProcessToken
SetThreadPriorityBoost
TerminateProcess
GetCurrentProcess
TlsGetValue

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsGetValue
FlsSetValue
FlsAlloc

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ReleaseSRWLockShared
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
WaitForMultipleObjectsEx
ReleaseSemaphore
EnterCriticalSection
AcquireSRWLockShared
TryAcquireSRWLockShared
InitializeSRWLock
CreateEventW
CreateMutexExW
ReleaseSRWLockExclusive
ReleaseMutex
AcquireSRWLockExclusive
SetEvent
CreateEventExW
TryAcquireSRWLockExclusive
TryEnterCriticalSection
WaitForSingleObject
ResetEvent
CreateSemaphoreExW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetSystemTimePreciseAsFileTime

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWrite
EventUnregister

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
ReadFile
GetFileAttributesExW
SetFilePointerEx
WriteFile
CreateDirectoryW
FlushFileBuffers

api-ms-win-core-file-l1-2-0

GetTempPathW
CreateFile2

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
MoveFileExW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoWaitForMultipleHandles
CoGetApartmentType
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoInitializeEx
CoTaskMemFree
PropVariantClear

api-ms-win-eventing-controller-l1-1-0

StopTraceW
StartTraceW
ControlTraceW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

api-ms-win-crt-heap-l1-1-0

malloc
_calloc_base
calloc
_malloc_base
_callnewh
_free_base
realloc
free

api-ms-win-crt-runtime-l1-1-0

_set_abort_behavior
_register_onexit_function
_initialize_onexit_table
_beginthreadex
_execute_onexit_table
_set_invalid_parameter_handler
_initialize_narrow_environment
_crt_atexit
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
abort
_initterm_e
_initterm
_invalid_parameter_noinfo
_invoke_watson
_errno
_cexit
terminate

api-ms-win-crt-string-l1-1-0

isxdigit
wcscat_s
wcscpy_s
wcsncpy_s
wcslen
strcmp
iswdigit
strspn
_wcslwr_s
iswascii
_strdup
strlen
__strncnt
tolower
iswlower
iswxdigit
isspace
toupper
_wcsicmp
isdigit
islower
isprint
strncmp
strcpy_s
strncpy_s
_wcsdup
isupper
strcat_s
_stricmp
strnlen
_wcsnicmp
strcspn
wcscmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__acrt_iob_func
fputs
__stdio_common_vsprintf
__stdio_common_vswscanf
__stdio_common_vswprintf_s
fclose
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
fflush

api-ms-win-crt-convert-l1-1-0

wcstol
strtoul
_wtof
_wtoi64
_wtoi
atoi
wcstoull
strtol
strtof
_itow_s
strtod

api-ms-win-crt-locale-l1-1-0

__pctype_func
localeconv
_lock_locales
___lc_locale_name_func
___lc_codepage_func
___mb_cur_max_func
_unlock_locales
setlocale

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetEnvironmentVariableW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegQueryValueExW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SetThreadpoolThreadMinimum
WaitForThreadpoolWorkCallbacks
CreateThreadpool
SetThreadpoolThreadMaximum
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpool

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

crypt32

CertCreateSelfSignCertificate
CertFreeCertificateContext
CertStrToNameW
CryptHashCertificate
CryptUnprotectData
CryptProtectData

api-ms-win-security-base-l1-1-0

GetFileSecurityW
DuplicateToken
MapGenericMask
AccessCheck

bcrypt

BCryptGenRandom
BCryptDuplicateHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGetFipsAlgorithmMode
BCryptGetProperty
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptEncrypt
BCryptImportKey
BCryptDestroyHash

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapSize

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_localtime64_s
_mkgmtime64

api-ms-win-crt-math-l1-1-0

ldexp
frexp
pow
powf

api-ms-win-core-io-l1-1-0

PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort

api-ms-win-crt-multibyte-l1-1-0

_ismbblead

powrprof

PowerDeterminePlatformRole

mmdevapi

ord17

oleaut32

SysAllocString
SysFreeString

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-wow64-l1-1-0

IsWow64Process

windows.networking

SetSocketMediaStreamingMode

api-ms-win-core-heap-l2-1-0

LocalFree

ncrypt

NCryptFinalizeKey
NCryptSetProperty
NCryptCreatePersistedKey
NCryptOpenKey
NCryptOpenStorageProvider
NCryptFreeObject

sspicli

InitializeSecurityContextW
AcceptSecurityContext
AcquireCredentialsHandleW
DeleteSecurityContext
FreeCredentialsHandle
QueryContextAttributesW
SetContextAttributesW
FreeContextBuffer

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-utility-l1-1-0

_byteswap_ulong
abs
rand_s
labs
_byteswap_ushort

Exports

Exports

??0CheckedMutex@auf@@QEAA@PEBD_N@Z
??0Event@auf@@QEAA@XZ
??0Flag@auf@@QEAA@XZ
??0IPv4@rtnet@@QEAA@XZ
??0IPv6@rtnet@@QEAA@XZ
??0LockfreeQueue@auf@@QEAA@AEAVLockfreeStackPool@1@@Z
??0LockfreeStackPool@auf@@QEAA@I@Z
??0Path@spl@@QEAA@XZ
??0PortSpecification@rtnet@@QEAA@AEBU?$pair@HH@std@@@Z
??0RefCounter@auf@@QEAA@XZ
??0SocketConnectOptions@rtnet@@QEAA@XZ
??0SocketOptions@rtnet@@IEAA@XZ
??0ThreadRef@auf@@QEAA@PEBDI_K@Z
??0UncheckedMutex@auf@@QEAA@PEBD_N@Z
??0XorshiftRNG@auf@@QEAA@I@Z
??1CheckedMutex@auf@@QEAA@XZ
??1Event@auf@@QEAA@XZ
??1Flag@auf@@QEAA@XZ
??1IPv4@rtnet@@QEAA@XZ
??1IPv6@rtnet@@QEAA@XZ
??1LockfreeQueue@auf@@QEAA@XZ
??1LockfreeStackPool@auf@@QEAA@XZ
??1Path@spl@@QEAA@XZ
??1PortSpecification@rtnet@@QEAA@XZ
??1RefCounter@auf@@QEAA@XZ
??1ThreadRef@auf@@QEAA@XZ
??1UncheckedMutex@auf@@QEAA@XZ
??1XorshiftRNG@auf@@QEAA@XZ
??AIPv4@rtnet@@QEAAAEAE_K@Z
??AIPv6@rtnet@@QEAAAEAE_K@Z
?address@InterfaceAddress@rtnet@@QEBA?AV?$IntrusivePtr@VAddress@rtnet@@@auf@@XZ
?advance@SimpleBuffer@rtnet@@QEAAX_K@Z
?allocMem@LockfreePacker@auf@@SAPEAX_K@Z
?allocate@LockfreeStackPool@auf@@QEAAPEAX_K@Z
?asIPv4@Address@rtnet@@QEBA_NAEAVIPv4@2@@Z
?asIPv6@Address@rtnet@@QEBA_NAEAVIPv6@2@@Z
?atomicAddI@spl@@YAHPECHH@Z
?atomicAddL@spl@@YAJPECJJ@Z
?callOperatorDelete@spl@@YAXPEAX@Z
?callOperatorNew@spl@@YAPEAX_K@Z
?clearDelegate@StreamSocket@rtnet@@QEAAXXZ
?compareExchangeI@spl@@YA_NPECHHH@Z
?compareExchangeL@spl@@YA_NPECJJJ@Z
?compareExchangePI@spl@@YA_NPEC_J_J1@Z
?compareExchangeValI@spl@@YAHPECHHH@Z
?complete@SimpleBuffer@rtnet@@QEAAXXZ
?connectTCPHostAsync@rtnet@@YA?AV?$IntrusivePtr@VAsyncOperation@auf@@@auf@@PEBDHAEBV?$IntrusivePtr@VThreadPoolTransport@auf@@@3@AEBV?$IntrusivePtr@VIStreamSocketDelegate@rtnet@@@3@PEAUAsyncTag@3@AEBV?$IntrusivePtr@VStreamSocketOptions@rtnet@@@3@AEBV?$IntrusivePtr@VStreamSocketConnectOptions@rtnet@@@3@I@Z
?connectedCore@IStreamSocketDelegate@rtnet@@AEAAXAEBV?$IntrusivePtr@VStreamSocket@rtnet@@@auf@@PEAUAsyncTag@4@@Z
?create@PortSpecificationImpl@internal@rtnet@@SAPEAV123@AEBU?$pair@HH@std@@@Z
?create@PortSpecificationImpl@internal@rtnet@@SAPEAV123@AEBV123@@Z
?create@PortSpecificationImpl@internal@rtnet@@SAPEAV123@H@Z
?create@PortSpecificationImpl@internal@rtnet@@SAPEAV123@HH@Z
?create@SocketConnectOptionsImpl@internal@rtnet@@SAPEAV123@AEBV123@@Z
?create@SocketConnectOptionsImpl@internal@rtnet@@SAPEAV123@XZ
?create@SocketOptionsImpl@internal@rtnet@@SAPEAV123@AEBV123@@Z
?create@SocketOptionsImpl@internal@rtnet@@SAPEAV123@XZ
?createStrand@auf@@YA?AV?$IntrusivePtr@VThreadPoolTransport@auf@@@1@W4ThreadPoolPriority@spl@@@Z
?createStrandWithTransport@auf@@YA?AV?$IntrusivePtr@VThreadPoolTransport@auf@@@1@AEBV21@@Z
?createTimerWithTransport@auf@@YA?AV?$IntrusivePtr@VTimer@auf@@@1@AEBV?$IntrusivePtr@VThreadPoolTransport@auf@@@1@V?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@1PEAUCall@1@@Z
?createWithSize@SimpleBuffer@rtnet@@SA?AV?$IntrusivePtr@VSimpleBuffer@rtnet@@@auf@@_K@Z
?data@SimpleBuffer@rtnet@@QEAAPEAXXZ
?dataBarrier@spl@@YAXXZ
?dec@RefCounter@auf@@QEAAKXZ
?decodeToUtf16@spl@@YA?AV?$basic_string@_SU?$char_traits@_S@std@@V?$allocator@_S@2@@std@@PEBD_K@Z
?decodeUtf8@spl@@YA_KPEAX_KPEBD11@Z
?decryptWithTempKey@spl@@YA?AV?$vector@DU?$secure_allocator@D@internal@spl@@@std@@PEBD_K@Z
?dequeue@LockfreeQueue@auf@@QEAAPEAXPEA_N@Z
?destroyCert@rtnet@@YAXPEAUX509Cert@1@@Z
?directoryCreateRecursive@spl@@YA?AW4FileError@1@AEBVPath@1@H@Z
?disconnect@StreamSocket@rtnet@@QEAAXXZ
?done@ThreadRef@auf@@QEBA_NXZ
?dtlsAccept@rtnet@@YAHPEAUTlsSession@1@PEAUTlsBuf@1@1PEAX@Z
?dtlsConnect@rtnet@@YAHPEAUTlsSession@1@PEAUTlsBuf@1@1@Z
?dtlsCreate@rtnet@@YAPEAUTlsSession@1@_NPEBUX509Cert@1@@Z
?dtlsDestroy@rtnet@@YAXPEAUTlsSession@1@@Z
?dtlsSrtpParametersFreeMkiBuffer@rtnet@@YAXPEAUDtlsSrtpParameters@1@@Z
?dtorCore@SocketConnectOptions@rtnet@@AEAAXXZ
?dtorCore@SocketOptions@rtnet@@AEAAXXZ
?embedIPv4@IPv6@rtnet@@QEAA_NAEBVIPv4@2@_K@Z
?empty@LockfreeQueue@auf@@QEAA_NXZ
?encode@BASE64@spl@@SAXPEADPEBX_K@Z
?encodeUtf8@spl@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBX_K1@Z
?encodeUtf8@spl@@YA_KPEAD_KPEBX11@Z
?encodedLength@BASE64@spl@@SA_K_K@Z
?encryptWithTempKey@spl@@YA?AV?$vector@DU?$secure_allocator@D@internal@spl@@@std@@PEBX_K@Z
?enqueue@LockfreeQueue@auf@@QEAA_NPEAX@Z
?exchangeI@spl@@YAHPECHH@Z
?exchangeL@spl@@YAJPECJJ@Z
?exchangePI@spl@@YA_JPEC_J_J@Z
?fileClose@spl@@YAXPEAX@Z
?fileFlush@spl@@YA_NPEAX@Z
?fileOpen@spl@@YAPEAXAEBVPath@1@W4FileSemantics@1@HAEAW4FileError@1@@Z
?fileRead@spl@@YA_JPEAX0_K@Z
?fileSeekNewReturned@spl@@YA_JPEAX_JW4SeekType@1@@Z
?fileSize@spl@@YA_JPEAX@Z
?fileTell@spl@@YA_JPEAX@Z
?fileWrite@spl@@YA_JPEAXPEBX_K@Z
?freeMem@LockfreePacker@auf@@SAXPEAX@Z
?fromBytes@IPv4@rtnet@@QEAA_NPEBE@Z
?g_CPUTopology@spl@@3UCPUTopology@1@A
?g_aufUp@auf@@3HA
?g_configGlobalLockfreeStackPoolSizeL2@auf@@3IA
?g_configMaxObjectWaitUs@auf@@3_KA
?g_configTraceFifoSizeL2@auf@@3IA
?g_logObjectCountChanges@auf@@3DA
?g_logObjectIds@auf@@3DA
?g_logObjectIds@internal@auf@@3DA
?g_logObjectLeaks@auf@@3DA
?g_logObjectLeaks@internal@auf@@3DA
?g_nextCallId@auf@@3IC
?g_nextObjectId@auf@@3IC
?g_objectCheckDisabled@auf@@3DA
?g_sysInfo@spl@@3USysinfo@1@A
?getCertHash@rtnet@@YA_NPEAUX509Cert@1@W4HashAlgorithm@spl@@PEAUCertHash@1@@Z
?getDtlsSrtpParameters@rtnet@@YA_NPEAUTlsSession@1@PEAUDtlsSrtpParameters@1@@Z
?getImp@ThreadRef@auf@@AEBAPEAUSplOpaqueUpperLayerThread@@XZ
?getNat64Prefixes@rtnet@@YA_NV?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@AEAV?$vector@V?$IntrusivePtr@VInterfaceAddress@rtnet@@@auf@@V?$allocator@V?$IntrusivePtr@VInterfaceAddress@rtnet@@@auf@@@std@@@4@@Z
?getSelfSignedCert@rtnet@@YAPEAUX509Cert@1@PEBUX509CertName@1@_J1W4HashAlgorithm@spl@@PEAX@Z
?globalThreadPoolTransport2@auf@@YA?AV?$IntrusivePtr@VThreadPoolTransport@auf@@@1@W4ThreadPoolPriority@spl@@@Z
?highPrecisionTimestamp@spl@@YA_KXZ
?inc@RefCounter@auf@@QEAAKXZ
?initInternal@auf@@YA_NPEAUAufInitTag@1@PEBDI_K@Z
?instantiateLogComponent@internal@auf@@YAPEAVLogComponent@2@PEBD@Z
?intrusive_ptr_add_ref@auf@@YAXPEBVIReferenceCountable@1@@Z
?intrusive_ptr_release@auf@@YAXPEBVIReferenceCountable@1@@Z
?io@StreamSocket@rtnet@@QEAA?AV?$IntrusivePtr@VISocketIO@rtnet@@@auf@@XZ
?isGood@Event@auf@@QEBA_NXZ
?isGood@LockfreeQueue@auf@@QEBA_NXZ
?isGood@LockfreeStackPool@auf@@QEBA_NXZ
?isGood@MutexCore@internal@auf@@QEBA_NXZ
?isGood@ThreadRef@auf@@QEBA_NXZ
?localAddress@StreamSocket@rtnet@@QEAA?AV?$IntrusivePtr@VAddress@rtnet@@@auf@@XZ
?localTime@spl@@YAHAEBUHidingSystemTime@1@PEAUtm@@@Z
?localTimestamp@spl@@YA?AUHidingSystemTime@1@XZ
?lock@MutexCore@internal@auf@@QEAAXXZ
?lockedByCurrentThread@MutexCore@internal@auf@@QEBA_NXZ
?lockfreeStackPoolDeallocate@auf@@YAXPEAX@Z
?log@LogComponent@auf@@QEAAXPEBXIIAEBVLogArgs@2@@Z
?log@LogComponent@auf@@QEAAXPEBXIIPEBDAEBVLogArgs@2@@Z
?logBackTraceInfo@spl@@YAXXZ
?logFlush@auf@@YAXXZ
?logvln@auf@@YAX_NPEBDPEAD@Z
?make@ProxyInfo@rtnet@@SA?AV?$IntrusivePtr@VProxyInfo@rtnet@@@auf@@W4ProxyProtocol@2@PEBDI11@Z
?memFree@spl@@YAXPEAX@Z
?memMalloc@spl@@YAPEAX_K@Z
?memcpy_s@spl@@YAHPEAX_KPEBX1@Z
?memmove_s@spl@@YAHPEAX_KPEBX1@Z
?memset_s@spl@@YAHPECX_KH1@Z
?msFromHp@spl@@YA_K_J@Z
?options@StreamSocket@rtnet@@QEBA?AV?$IntrusivePtr@VStreamSocketOptions@rtnet@@@auf@@XZ
?pathAppendComponent@spl@@YA_NAEAVPath@1@PEBD1@Z
?pathFromFilename@spl@@YA_NAEAVPath@1@PEBD@Z
?pathInitFromLocation@spl@@YA?AW4FileError@1@AEAVPath@1@AEBUPathLocation@1@@Z
?pathStringValue@spl@@YAPEBDAEBVPath@1@@Z
?peerAddress@StreamSocket@rtnet@@QEAA?AV?$IntrusivePtr@VAddress@rtnet@@@auf@@XZ
?port@Address@rtnet@@QEBAHXZ
?post@Event@auf@@QEAAXXZ
?prefixLength@InterfaceAddress@rtnet@@QEBA_KXZ
?raise@Flag@auf@@QEAA_NXZ
?randomBytes@auf@@YA_NPEAX_K@Z
?randomUInt@XorshiftRNG@auf@@QEAAIXZ
?release@Flag@auf@@QEAAXXZ
?setDone@ThreadRef@auf@@QEAAX_N@Z
?setLogComponentDescription@internal@auf@@YAPEBDPEBD0@Z
?setLogComponentSafe@internal@auf@@YA_NPEBD_N@Z
?setNoDelayEnabled@StreamSocketOptions@rtnet@@QEAAX_N@Z
?setOptions@StreamSocket@rtnet@@QEAA_NAEBV?$IntrusivePtr@VStreamSocketOptions@rtnet@@@auf@@@Z
?setPortSpecification@SocketConnectOptions@rtnet@@QEAAXAEBV?$shared_ptr@VPortSpecification@rtnet@@@std@@@Z
?setProxy@SocketConnectOptions@rtnet@@QEAAXW4ProxyPolicy@2@AEBV?$IntrusivePtr@VProxyInfo@rtnet@@@auf@@@Z
?setQualityOfServiceDSCP@SocketOptions@rtnet@@QEAAXI@Z
?setTlsCertificateVerification@SocketOptions@rtnet@@QEAAX_N@Z
?size@SimpleBuffer@rtnet@@QEBA_KXZ
?sleep@spl@@YAX_K@Z
?snprintf_s@spl@@YAHPEAD_KPEBDZZ
?startImp@auf@@YAXPEAUSplOpaqueUpperLayerThread@@PEAUVarBase@spl@@@Z
?startTlsAsync@StreamSocket@rtnet@@QEAAXPEBDPEAUAsyncTag@auf@@@Z
?stop@ThreadRef@auf@@QEAA_NV?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@PEA_J@Z
?stopInternal@auf@@YAXPEAUAufInitTag@1@PEBD@Z
?strandId@ThreadPoolTransport@auf@@QEBA_KXZ
?strcat_s@spl@@YAHPEAD_KPEBD@Z
?strcpy_s@spl@@YAHPEAD_KPEBD@Z
?strlcpy@spl@@YA_KPEADPEBD_K@Z
?strnlen_s@spl@@YA_KPEBD_K@Z
?symbolFromAddress@priv@spl@@YA_NPEBXPEAD_K@Z
?sysInfoCPUInfo@spl@@YAXIAEAUCPUInfo@1@@Z
?thread@pal@msrtc@@YA?AV0std@@$$QEAV?$function@$$A6AXXZ@3@@Z
?tlsBufAlloc@rtnet@@YA_NPEAUTlsBuf@1@K@Z
?tlsBufFree@rtnet@@YAXPEAUTlsBuf@1@@Z
?tlsBufInit@rtnet@@YAXPEAUTlsBuf@1@@Z
?tlsGetPeerCert@rtnet@@YAPEAUX509Cert@1@PEAUTlsSession@1@@Z
?unlock@MutexCore@internal@auf@@QEAAXXZ
?utcHpTimestamp@spl@@YA_KXZ
?utcTimestamp@spl@@YA_JXZ
?vsnprintf_s@spl@@YAHPEAD_KPEBD0@Z
?wait@Event@auf@@QEAA_NV?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@@Z
?wait@Event@auf@@QEAA_N_K@Z
?wait@Flag@auf@@QEAA_NV?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@@Z
?weak_intrusive_ptr_add_ref@auf@@YAXPEAVWeakAuxiliary@1@@Z
?weak_intrusive_ptr_create@auf@@YAPEAVWeakAuxiliary@1@PEBVIReferenceCountable@1@@Z
?weak_intrusive_ptr_release@auf@@YAXPEAVWeakAuxiliary@1@@Z
?x509NameDestroy@rtnet@@YAXPEAUX509CertName@1@@Z
?x509NameEncode@rtnet@@YAPEAUX509CertName@1@PEBD@Z
AcquireCredentialsHandleW
AcquireSRWLockExclusive
CreateFileA
CreateFileW
DecodePointer
DeleteSecurityContext
DisableThreadLibraryCalls
EnableTrace
EncodePointer
EnumerateSecurityPackagesW
EventRegister
EventUnregister
EventWrite
FreeAddrInfoW
FreeContextBuffer
FreeCredentialsHandle
GetAddrInfoW
GetLastError
GetSystemInfo
GetTempPathW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetVersionExW
InitializeSListHead
InitializeSecurityContextW
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegisterTraceGuidsW
ReleaseSRWLockExclusive
RtcPalAccept
RtcPalAcquireSlimLock
RtcPalAesEncrypt
RtcPalAllocAlignedMemoryWithTag
RtcPalAllocMemoryWithTag
RtcPalAllocateWorkItem
RtcPalBaseCleanup
RtcPalBaseStartup
RtcPalBind
RtcPalCleanup
RtcPalClearAssertRecords
RtcPalCloseSocket
RtcPalCloseSocketIOCP
RtcPalCloseWaitableHandle
RtcPalCoWaitForAnyObject
RtcPalConnect
RtcPalConnectToHostname
RtcPalCreateCallContext
RtcPalCreateEvent
RtcPalCreateSemaphore
RtcPalCreateSocket
RtcPalCreateSocketIOCP
RtcPalCreateThread
RtcPalCryptCleanup
RtcPalCryptGenRandom
RtcPalCryptHMACSHA1Create
RtcPalCryptHMACSHA1CreateKey
RtcPalCryptHMACSHA1Destroy
RtcPalCryptHMACSHA1DestroyKey
RtcPalCryptHMACSHA1DupeContext
RtcPalCryptHMACSHA1Final
RtcPalCryptHMACSHA1Update
RtcPalCryptHMACSHA256Create
RtcPalCryptHMACSHA256CreateKey
RtcPalCryptHMACSHA256Destroy
RtcPalCryptHMACSHA256DestroyKey
RtcPalCryptHMACSHA256DupeContext
RtcPalCryptHMACSHA256Final
RtcPalCryptHMACSHA256Update
RtcPalCryptMD5Create
RtcPalCryptMD5Destroy
RtcPalCryptMD5Final
RtcPalCryptMD5Update
RtcPalCryptStartup
RtcPalDeinitTracing
RtcPalDeleteSlimLock
RtcPalDestroyAesKey
RtcPalDeviceAudioGetGlitchInfo
RtcPalDeviceAudioGetMetrics
RtcPalDeviceAudioGetProcessingFeatures
RtcPalDeviceAudioGetQueuedBytes
RtcPalDeviceAudioGetSupportedProcessingCapacity
RtcPalDeviceAudioLockBuffer
RtcPalDeviceAudioReset
RtcPalDeviceAudioSetActiveEndpoint
RtcPalDeviceAudioSetProcessingFeatures
RtcPalDeviceAudioStart
RtcPalDeviceAudioStop
RtcPalDeviceAudioUnlockBuffer
RtcPalDeviceErrorCodeFromHResult
RtcPalDeviceIsErrorCodeRecoverable
RtcPalDevicePlatformClose
RtcPalDevicePlatformCloseDevice
RtcPalDevicePlatformCloseHIDContext
RtcPalDevicePlatformCompareDeviceId
RtcPalDevicePlatformCreateDeviceId
RtcPalDevicePlatformDeviceRegisterNotification
RtcPalDevicePlatformDisposeDeviceId
RtcPalDevicePlatformDuplicateDeviceId
RtcPalDevicePlatformEnableAudio
RtcPalDevicePlatformEnumDevices
RtcPalDevicePlatformGetAudioCertifiedListId
RtcPalDevicePlatformGetAutoBoostControlEnabled
RtcPalDevicePlatformGetDeviceList
RtcPalDevicePlatformGetHIDInformation
RtcPalDevicePlatformGetMediaExtension
RtcPalDevicePlatformGetVolumeInfo
RtcPalDevicePlatformGetVolumeInfoByDeviceHandle
RtcPalDevicePlatformIsSamePhysicalDevice
RtcPalDevicePlatformOpen
RtcPalDevicePlatformOpenAudioDevice
RtcPalDevicePlatformOpenAudioLoopbackDevice
RtcPalDevicePlatformOpenHIDContext
RtcPalDevicePlatformRegisterNotification
RtcPalDevicePlatformSetAutoBoostControlEnabled
RtcPalDevicePlatformSetHIDInformation
RtcPalDevicePlatformSetState
RtcPalDevicePlatformSetVolumeInfo
RtcPalDevicePlatformUnregisterNotification
RtcPalEnableCallContextTracingControl
RtcPalEnableEtwTracing
RtcPalEnableRDTSCTime
RtcPalEnableTracing
RtcPalFlushTracing
RtcPalFreeIfAddrs
RtcPalFreeMemoryWithTag
RtcPalFreeWorkItem
RtcPalGetADSPConfig
RtcPalGetADSPLogFolder
RtcPalGetAllEcsSettings
RtcPalGetAssertRecords
RtcPalGetBestSourceAddress
RtcPalGetComputerNameW
RtcPalGetDataConvSignature
RtcPalGetEcsSetting
RtcPalGetExitCodeThread
RtcPalGetFipsComplianceMode
RtcPalGetHostCName
RtcPalGetIfAddrs
RtcPalGetLastError
RtcPalGetLocalStateFolderW
RtcPalGetMachineInfo
RtcPalGetOSName
RtcPalGetPeerName
RtcPalGetPlatformProfile
RtcPalGetPrivateMemoryUsageInMB
RtcPalGetSockName
RtcPalGetSocketIOCPQueuedCompletionStatus
RtcPalGetSystemConfigurationInfo
RtcPalGetSystemMetricsTemplate
RtcPalGetTimeDouble
RtcPalGetTimeLongIn100ns
RtcPalGetTimeLongIn100nsFast
RtcPalGetTracingPath
RtcPalGetUserName
RtcPalGetWinSATVideoEncodeScore
RtcPalInitCollectSystemMetrics
RtcPalInitThreadAttr
RtcPalInitTracing
RtcPalInitializeCriticalSection
RtcPalInitializeCriticalSectionAndSpinCount
RtcPalInitializeSlimLock
RtcPalIsAssertTraceEnabled
RtcPalIsAutomaticProxyTraversalSupported
RtcPalIsCallContextTracingControlEnabled
RtcPalIsEtwTracingEnabled
RtcPalIsLaptop
RtcPalIsTracingEnabled
RtcPalListen
RtcPalLoadLibrary
RtcPalLoadSystem32Library
RtcPalMFHasDXGI
RtcPalMFHasSourceReader
RtcPalNetAddressToStringA
RtcPalNetAddressToStringW
RtcPalNetCleanup
RtcPalNetStartup
RtcPalNetStringToIPAddressA
RtcPalNetStringToIPAddressW
RtcPalNetStringToIPv4AddressA
RtcPalNetStringToIPv4AddressW
RtcPalNetStringToIPv6AddressA
RtcPalNetStringToIPv6AddressW
RtcPalPerfCounterToNanoseconds
RtcPalPerfCounterToSeconds
RtcPalPopulateNetworkInterfaceIdForTraceLoggingEvent
RtcPalPostSocketIOCPQueuedCompletionStatus
RtcPalQueryPerformanceCounter
RtcPalQueueWorkItem
RtcPalRecv
RtcPalRecvFrom
RtcPalRefreshMemoryTrackerCallStack
RtcPalRegCloseKey
RtcPalRegCreateKeyExA
RtcPalRegCreateKeyExW
RtcPalRegDeleteKeyW
RtcPalRegOpenKeyExA
RtcPalRegOpenKeyExW
RtcPalRegQueryValueExA
RtcPalRegQueryValueExW
RtcPalRegSetValueExA
RtcPalRegSetValueExW
RtcPalRegisterSocket
RtcPalRegisterTraceGuids
RtcPalReleaseSemaphore
RtcPalReleaseSlimLock
RtcPalReportAssert
RtcPalResetAllEcsSettings
RtcPalResetEvent
RtcPalSecureZeroMemory
RtcPalSend
RtcPalSendTo
RtcPalSetAesKey
RtcPalSetEcsSetting
RtcPalSetEcsSettingById
RtcPalSetEvent
RtcPalSetLastError
RtcPalSetLogPath
RtcPalSetPlatformProfile
RtcPalSetSchedulerPolicy
RtcPalSocketEnableLowLatency
RtcPalSocketSetBroadcast
RtcPalSocketSetLinger
RtcPalSocketSetNonBlockingMode
RtcPalSocketSetQoSDSCP
RtcPalSocketSetRecvBufSize
RtcPalSocketSetSendBufSize
RtcPalSocketSetTcpNoDelay
RtcPalStartCollectSystemMetrics
RtcPalStartup
RtcPalStopCollectSystemMetrics
RtcPalTaskQueueCreate
RtcPalTaskQueueDequeue
RtcPalTaskQueueDestroy
RtcPalTaskQueueEnqueue
RtcPalTraceCondIfTrue
RtcPalTraceLoggingWrite
RtcPalTraceRt
RtcPalTryAcquireSlimLock
RtcPalUninitCollectSystemMetrics
RtcPalWaitAndCancelPendingCallback
RtcPalWaitForAllThreads
RtcPalWaitForAnyObject
RtcPalWaitForSingleObject
RtcPalWlanEnterMediaStreamingMode
RtcPalWlanLeaveMediaStreamingMode
SetLastError
TraceMessage
UnregisterTraceGuids
WideCharToMultiByte
__imp_?PL_TEMP_DIR@spl@@3UPathLocation@1@A
aufLogHookInstall
aufLogHookRemove
auf_internal_log
auf_internal_log_obfuscated
auf_logcomponent_isenabled
g_aufLogChannel
g_aufLogNumHooks
lstrcmpW
lstrcmpiW
lstrlenA
lstrlenW
rtcpal_freeaddrinfo
rtcpal_getaddrinfo
rtcpal_inet_addr
rtcpal_inet_ntoa
rtcpal_recv
rtcpal_recvfrom
rtcpal_send
rtcpal_sendto
spl_pii_OmitS
spl_pii_OmitW
spl_pii_UserIdW
threadCurrentId
threadYield

Sections

.text
Size: 939KB - Virtual size: 938KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bisrv/sbe.dll
.dll regsvr32 windows:10 windows x64 arch:x64

d83b24c08477d6d5715f9d95e9c2a700

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sbe.pdb

Imports

msvcrt

memmove
memcmp
wcsstr
_vsnwprintf_s
_purecall
free
_callnewh
malloc
memset
sqrt
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
log
ceil
_XcptFilter
memcpy
_vsnwprintf
wcscpy_s
qsort
_wcsicmp
_snwprintf_s
memcpy_s
wcsncpy_s
swprintf_s
wcsrchr
wcschr
wcscmp

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

kernel32

InitializeCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventW
ResetEvent
GetCurrentThreadId
DuplicateHandle
SetEvent
WaitForSingleObject
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
CreateThread
GetModuleHandleW
GetProcAddress
GetTickCount
GetCurrentThread
SetThreadPriority
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetFileAttributesW
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
lstrcmpiW
WriteFile
CreateFileW
GetFullPathNameW
DeleteFileW
FileTimeToSystemTime
GlobalAlloc
GlobalFree
GlobalLock
SystemTimeToFileTime
GlobalUnlock
LeaveCriticalSection
GetUserDefaultLangID
QueueUserWorkItem
GetTickCount64
QueryPerformanceFrequency
ExpandEnvironmentStringsW
LocalAlloc
LoadLibraryW
LocalFree
FreeLibrary
CreateDirectoryW
lstrlenW
SetFileAttributesW
ReadFile
CompareStringW
SetEndOfFile
SetFilePointerEx
UnmapViewOfFile
CompareStringA
CreateFileMappingW
MapViewOfFile
CreateMutexW
ReleaseMutex
OpenMutexW
TryEnterCriticalSection
FindFirstFileW
CreateHardLinkW
FindClose
RegisterWaitForSingleObject
RemoveDirectoryW
OpenEventW
OpenFileMappingW
GetFileInformationByHandle
FlushViewOfFile
UnregisterWaitEx
GetTempFileNameW
SetLastError
SetFileBandwidthReservation
GetQueuedCompletionStatus
CreateIoCompletionPort
GetFinalPathNameByHandleW
WaitForMultipleObjects
GetFileInformationByHandleEx
GetFileSizeEx
GetModuleHandleExW
ReOpenFile
FreeLibraryAndExitThread
PostQueuedCompletionStatus
GetOverlappedResult
WriteFileGather
InterlockedPushEntrySList
ReadFileScatter
InitializeSListHead
InterlockedPopEntrySList
QueryDepthSList
FlushFileBuffers
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
DeviceIoControl
EnterCriticalSection
CreateEventExW
GetFileSize
GetVersionExW
MultiByteToWideChar
GetLastError
GetModuleFileNameA
QueryFullProcessImageNameW
DisableThreadLibraryCalls
GetTempPathW
OutputDebugStringA
GetCurrentProcess
lstrcmpW
VirtualQuery
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
CreateSemaphoreW
MulDiv
SetFileValidData

advapi32

AllocateAndInitializeSid
IsValidSid
FreeSid
GetLengthSid
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
CreateWellKnownSid
OpenProcessToken
AddAccessAllowedAce
GetTokenInformation
GetAclInformation
GetAce
EqualSid
RegQueryValueExW
BuildTrusteeWithSidW
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
AddAccessAllowedAceEx
InitializeAcl
AddAce
CopySid

ole32

CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeEx
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear
CoGetMalloc
CreateStreamOnHGlobal
CoFreeUnusedLibraries

rpcrt4

NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
UuidCreate
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
NdrDllRegisterProxy

winmm

timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeGetTime

shell32

SHGetKnownFolderPath

shlwapi

PathFileExistsW

gdiplus

GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipGetImageDimension
GdipCloneImage
GdipCreateBitmapFromStream
GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipFree
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 774KB - Virtual size: 774KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logoncli/credprovslegacy.dll
.dll windows:10 windows x64 arch:x64

7be28bee289d900532188c8f3ad89400

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

credprovslegacy.pdb

Imports

msvcrt

_purecall
_vsnwprintf
sqrt
_CxxThrowException
atan2
memcmp
_set_errno
memcpy_s
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
memmove_s
_callnewh
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memcpy
wcschr
memmove
_wtoi
toupper
__CxxFrameHandler3
memset
_get_errno
pow
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free

propsys

InitPropVariantFromCLSID
PropVariantToUInt32
PropVariantToGUID
PSCreateMemoryPropertyStore
PropVariantToStringAlloc
PropVariantToBoolean

shlwapi

SHStrDupW
ord618

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister
EventProviderEnabled

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls
LockResource
LoadResource
FindResourceExW
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
CreateMutexExW
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
EnterCriticalSection
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreExW
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
InitOnceBeginInitialize

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegLoadKeyW
RegCreateKeyExW
RegGetValueW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegUnLoadKeyW
RegQueryInfoKeyW

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
PropVariantClear
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

netutils

NetApiBufferFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

CompareFileTime
ReadFile
GetFileSize
CreateFileW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLCID

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

sspicli

LsaDeregisterLogonProcess
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
LsaCallAuthenticationPackage
LsaConnectUntrusted

api-ms-win-security-base-l1-1-0

GetLengthSid
GetTokenInformation
CopySid
GetSidSubAuthorityCount
GetSidSubAuthority
IsValidSid

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-security-lsapolicy-l1-1-0

LsaLookupSids2
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

ntdll

RtlInitString
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceExclusive
RtlInitializeResource
RtlNtStatusToDosError

credprovs

CreatePasswordProviderWrapperInstance

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

crypt32

CertDuplicateCertificateContext
CertFindExtension
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CryptDecodeObjectEx
CryptBinaryToStringW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

cryptsp

CryptGenRandom
CryptAcquireContextW
CryptReleaseContext

samcli

NetUserGetInfo

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logoncli/cryptcatsvc.dll
.dll windows:10 windows x64 arch:x64

90fb2e052c8cba1e46b58114856a890b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cryptcatsvc.pdb

Imports

msvcrt

_wcslwr
_wcsnicmp
wcsncmp
_XcptFilter
_amsg_exit
wcsrchr
free
malloc
_initterm
__C_specific_handler
_vsnprintf
_resetstkoflw
_wcsicmp
_vsnwprintf
wcscat_s
wcschr
memcpy
memcmp
_purecall
memset
wcsstr
strcmp

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolWork

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateMutexW
WaitForSingleObjectEx
ReleaseSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObject
WaitForMultipleObjectsEx
InitializeSRWLock
EnterCriticalSection
SetEvent
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
AcquireSRWLockShared
CreateEventW
ReleaseSRWLockExclusive

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileSize
FindClose
GetFileAttributesW
CreateFileW
WriteFile
SetFilePointer
GetTempFileNameW
GetFileAttributesExW
DeleteFileW
CompareFileTime
FindFirstFileW
FindNextFileW
SetEndOfFile
GetFullPathNameW
SetFileAttributesW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetVersionExW
GetLocalTime
GetTickCount
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-file-l2-1-0

CreateHardLinkW
ReadDirectoryChangesW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter
SetErrorMode

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW

rpcrt4

RpcRevertToSelf
NdrServerCall2
NdrServerCallAll
I_RpcBindingIsClientLocal
RpcServerRegisterIf3
RpcServerUnregisterIf
RpcImpersonateClient

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls
FreeLibraryAndExitThread
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

crypt32

CryptHashCertificate2
CryptDecodeObject
CertFreeCTLContext
CertCreateContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThread
OpenThreadToken
CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
ExitThread
ResumeThread
SetThreadPriority

api-ms-win-security-base-l1-1-0

AccessCheck
MapGenericMask
GetSecurityDescriptorDacl
GetAce
EqualSid
GetFileSecurityW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-localization-l1-2-0

GetThreadLocale
LCMapStringEx
FormatMessageW
LCMapStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-datetime-l1-1-0

GetDateFormatA
GetTimeFormatA

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalSize
LocalFree
LocalReAlloc

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
LoadLibraryW
CopyFileW

ntdll

NtQueryValueKey
NtOpenKey
RtlFreeUnicodeString
RtlReAllocateHeap
RtlFreeHeap
RtlAllocateHeap
RtlFormatCurrentUserKeyPath
EvtIntReportEventAndSourceAsync
RtlRunOnceExecuteOnce
ShipAssert
NtOpenFile
NtClose
RtlInitUnicodeString
RtlNtStatusToDosErrorNoTeb
EtwEventRegister
EtwEventWrite
EtwEventUnregister
EtwEventEnabled
RtlNtStatusToDosError

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CatDbOfflineRebuildDatabasesRundll32W
CatDbOfflineRebuildDatabasesW
CryptCATAdminCatalogDatabase
CryptsvcDllCtrl

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logoncli/dialclient.dll
.dll windows:10 windows x64 arch:x64

ae7ca4d4d390935ec44dca4da11f715f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dialclient.pdb

Imports

msvcrt

memcmp
memmove_s
realloc
_vsnwprintf
memcpy_s
_set_errno
_get_errno
wcschr
_callnewh
memcpy
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
_purecall
memset

rpcrt4

I_RpcBindingInqLocalClientPID
IUnknown_AddRef_Proxy
NdrOleFree
IUnknown_Release_Proxy
NdrOleAllocate
IUnknown_QueryInterface_Proxy
NdrStubCall3
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
NdrStubForwardingFunction

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
DeleteCriticalSection
InitializeCriticalSectionEx
CreateSemaphoreExW
LeaveCriticalSection
EnterCriticalSection
SetEvent
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockShared
OpenSemaphoreW
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateMutexExW
ReleaseSemaphore
WaitForSingleObject
CreateEventW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThread

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

combase

CStdStubBuffer_CountRefs
CStdStubBuffer_AddRef
ord33
ord18
CStdStubBuffer2_QueryInterface
ord34
ord5
ord16
ord12
ord9
ord6
CStdStubBuffer2_Disconnect
ord7
CStdStubBuffer_QueryInterface
ord17
ord2
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer2_CountRefs
ord10
ord13
CStdStubBuffer_DebugServerRelease
ord11
CStdStubBuffer_Invoke
ord15
CStdStubBuffer_Disconnect
ord32
CStdStubBuffer_IsIIDSupported
CStdStubBuffer2_Connect
CStdStubBuffer_Connect
ord14
ord8

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
FreeLibraryWhenCallbackReturns

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalReAlloc
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegEnumValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathParseIconLocationW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-appmodel-runtime-l1-1-1

GetPackageFamilyNameFromToken

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logoncli/logoncli.dll
.dll windows:10 windows x64 arch:x64

5d0db85893a29647e8977f5ab3d29dff

Code Sign

33:00:00:03:8c:38:5d:5c:2e:74:83:cc:fb:00:00:00:00:03:8c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:91:a7:20:d0:f8:f7:1a:80:7a:39:03:8b:94:fe:7f:ba:74:18:70:fe:5d:e5:5e:29:1c:53:f3:e6:d6:3d:23
Signer

Actual PE Digest

90:91:a7:20:d0:f8:f7:1a:80:7a:39:03:8b:94:fe:7f:ba:74:18:70:fe:5d:e5:5e:29:1c:53:f3:e6:d6:3d:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

logoncli.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
_o__stricmp
_o__strnicmp
_o__cexit
memmove
_o__ultow_s
_o__wcsicmp
_o_qsort
_o_strcpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
_o___std_type_info_destroy_list
wcsrchr
__C_specific_handler
memcmp
wcsstr
_o___stdio_common_vswprintf
wcschr
_o___stdio_common_vsprintf
memcpy

api-ms-win-crt-string-l1-1-0

memset

rpcrt4

RpcExceptionFilter
RpcEpResolveBinding
UuidCreate
UuidEqual
UuidToStringA
RpcStringFreeA
I_RpcBindingCreateNP
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrClientCall3
RpcBindingFree
RpcBindingSetAuthInfoW
RpcStringFreeW
I_RpcExceptionFilter
UuidToStringW
I_RpcMapWin32Status
RpcBindingSetAuthInfoExW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockShared
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
ReadFile

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-kernel32-legacy-l1-1-0

CreateMailslotA
SetMailslotInfo

ntdll

RtlxUnicodeStringToOemSize
RtlUpcaseUnicodeStringToOemString
RtlOemStringToUnicodeString
RtlInitString
RtlInsertElementGenericTableAvl
RtlxUnicodeStringToAnsiSize
NtOpenEvent
RtlInitUnicodeString
RtlLookupElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlNtStatusToDosError
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlUnicodeStringToAnsiString
RtlCopySid
RtlSubAuthorityCountSid
RtlValidSid
RtlGetNtProductType
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlLengthSid
RtlEqualUnicodeString
NtWaitForSingleObject
EtwTraceMessage
NtQuerySystemTime
RtlUniform
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlInitUnicodeStringEx
RtlInitAnsiString
RtlCompareMemoryUlong
RtlCompareUnicodeString
RtlFreeHeap
RtlAllocateHeap
RtlEqualSid
RtlSubAuthoritySid
RtlLengthRequiredSid
NtCreateEvent
NtClose

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AuthzrExtAccessCheck
AuthzrExtFreeContext
AuthzrExtFreeResourceManager
AuthzrExtGetInformationFromContext
AuthzrExtInitializeCompoundContext
AuthzrExtInitializeContextFromSid
AuthzrExtInitializeRemoteResourceManager
AuthzrExtModifyClaims
DsAddressToSiteNamesA
DsAddressToSiteNamesExA
DsAddressToSiteNamesExW
DsAddressToSiteNamesW
DsDeregisterDnsHostRecordsA
DsDeregisterDnsHostRecordsW
DsEnumerateDomainTrustsA
DsEnumerateDomainTrustsW
DsGetDcCloseW
DsGetDcNameA
DsGetDcNameW
DsGetDcNameWithAccountA
DsGetDcNameWithAccountW
DsGetDcNextA
DsGetDcNextW
DsGetDcOpenA
DsGetDcOpenW
DsGetDcSiteCoverageA
DsGetDcSiteCoverageW
DsGetForestTrustInformationW
DsGetSiteNameA
DsGetSiteNameW
DsMergeForestTrustInformationW
DsValidateSubnetNameA
DsValidateSubnetNameW
I_DsUpdateReadOnlyServerDnsRecords
I_NetAccountDeltas
I_NetAccountSync
I_NetChainSetClientAttributes
I_NetChainSetClientAttributes2
I_NetDatabaseDeltas
I_NetDatabaseRedo
I_NetDatabaseSync
I_NetDatabaseSync2
I_NetExtendMachinePasswordExpirationTimeout
I_NetGetDCList
I_NetGetForestTrustInformation
I_NetLogonControl
I_NetLogonControl2
I_NetLogonGetCapabilities
I_NetLogonGetDomainInfo
I_NetLogonSamLogoff
I_NetLogonSamLogon
I_NetLogonSamLogonEx
I_NetLogonSamLogonWithFlags
I_NetLogonSendToSam
I_NetLogonUasLogoff
I_NetLogonUasLogon
I_NetQuerySecureChannelDCInfo
I_NetServerAuthenticate
I_NetServerAuthenticate2
I_NetServerAuthenticate3
I_NetServerGetTrustInfo
I_NetServerPasswordGet
I_NetServerPasswordSet
I_NetServerPasswordSet2
I_NetServerReqChallenge
I_NetServerTrustPasswordsGet
I_NetlogonComputeClientDigest
I_NetlogonComputeClientSignature
I_NetlogonComputeServerDigest
I_NetlogonComputeServerSignature
I_NetlogonGetTrustRid
I_RpcExtInitializeExtensionPoint
NetAddServiceAccount
NetEnumerateServiceAccounts
NetEnumerateTrustedDomains
NetGetAnyDCName
NetGetDCName
NetIsServiceAccount
NetLogonGetTimeServiceParentDomain
NetLogonSetServiceBits
NetQueryServiceAccount
NetRemoveServiceAccount
NlBindingAddServerToCache
NlBindingRemoveServerFromCache
NlBindingSetAuthInfo
NlSetDsIsCloningPDC

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msdtcprx/PushToInstall.dll
.dll windows:10 windows x64 arch:x64

0846701b203a3971c66d95e875541f64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PushToInstall.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__i64toa_s
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__ui64toa_s
_o__ui64tow_s
_o__wcsicmp
memmove
_o_free
_o_iswspace
_o_isxdigit
_o_malloc
_o_mbstowcs_s
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_wcstod
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3
strchr

api-ms-win-crt-string-l1-1-0

memset
memmove_s
wcscmp
strnlen
wcsnlen

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleA
GetProcAddress

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
ReleaseSRWLockShared
InitializeCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateEventExW
ReleaseSemaphore
SetEvent
InitializeCriticalSectionEx
WaitForSingleObject
InitializeSRWLock
CreateMutexExW
ReleaseMutex
AcquireSRWLockShared
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObjectEx
ResetEvent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
SetThreadToken
GetCurrentThreadId
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
IsThreadpoolTimerSet

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetTickCount
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
EtwEventWriteTransfer
EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
RtlGetDeviceFamilyInfoEnum
RtlIsMultiUsersInSessionSku
RtlQueryWnfStateData

api-ms-win-shcore-thread-l1-1-0

SetProcessReference
GetProcessReference

combase

ord154

msvcp_win

?_Winerror_message@std@@YAKKPEADK@Z
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?_Syserror_map@std@@YAPEBDH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalFree

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

rpcrt4

UuidCreate

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

winhttp

WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpCreateUrl
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpReadData
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpQueryHeaders

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ServiceMain

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msdtcprx/msdtcprx.dll
.dll regsvr32 windows:10 windows x64 arch:x64

efef745ebb173063c954f12678bfe1f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msdtcprx.pdb

Imports

ntdll

RtlAllocateHeap
RtlNtStatusToDosError
RtlImageNtHeader
RtlReportException
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
NtSetInformationTransaction

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoCreateGuid

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
ReleaseSemaphore
SetEvent
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
ResetEvent
CreateEventA
WaitForSingleObject
DeleteCriticalSection
CreateEventW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

rpcrt4

RpcStringFreeW
UuidEqual
RpcBindingInqAuthClientExW
RpcServerUnregisterIf
RpcServerRegisterIfEx
UuidFromStringW
RpcBindingVectorFree
UuidToStringW
UuidCreate
RpcEpRegisterA
RpcImpersonateClient
RpcRevertToSelf
RpcServerListen
RpcServerInqDefaultPrincNameW
RpcBindingInqAuthClientExA
I_RpcBindingInqLocalClientPID
I_RpcBindingInqTransportType
RpcServerRegisterAuthInfoW
RpcServerUseProtseqA
RpcServerInqBindings
UuidFromStringA
NdrServerCallAll
NdrServerCall2
RpcStringFreeA
UuidToStringA
RpcErrorEndEnumeration
RpcErrorStartEnumeration
RpcServerUseProtseqEpA
NdrClientCall3
RpcBindingFree
RpcMgmtInqServerPrincNameW
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcExceptionFilter
RpcSsDestroyClientContext
RpcCancelThread
RpcMgmtSetCancelTimeout
RpcErrorGetNextRecord

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadStringW
FindResourceExW
LoadLibraryExA
GetModuleFileNameW
FreeLibraryAndExitThread
LoadResource
DisableThreadLibraryCalls
GetModuleHandleW
FreeLibrary
LockResource
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetErrorMode
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError

ws2_32

WSAGetLastError
GetAddrInfoW
WSACleanup
WSAStartup
FreeAddrInfoW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
TlsFree
SetThreadToken
CreateProcessA
OpenThreadToken
GetExitCodeProcess
TlsGetValue
GetCurrentProcessId
TerminateThread
GetThreadPriority
CreateThread
SetThreadStackGuarantee
TerminateProcess
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
OpenProcessToken
CreateProcessW
GetCurrentProcess

api-ms-win-core-file-l1-1-0

DeleteFileW
FindClose
FindNextFileW
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetDriveTypeW
CreateFileW
SetFileAttributesW
FindFirstFileW
CreateDirectoryW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW
GetCommandLineA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-security-base-l1-1-0

CopySid
IsWellKnownSid
GetSidLengthRequired
GetSecurityDescriptorDacl
GetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RevertToSelf
FreeSid
ImpersonateLoggedOnUser
DuplicateTokenEx
AllocateAndInitializeSid
GetSecurityDescriptorSacl
GetWindowsAccountDomainSid
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
CreateWellKnownSid
CheckTokenMembership
AdjustTokenPrivileges
GetLengthSid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetComputerNameExW
GetSystemInfo
GetSystemWindowsDirectoryA
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemDirectoryA
GetLocalTime
GetTickCount

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-registry-l1-1-0

RegFlushKey
RegQueryValueExA
RegCreateKeyExA
RegQueryValueExW
RegGetValueW
RegEnumValueW
RegDeleteValueA
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-service-management-l1-1-0

DeleteService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
QueryServiceConfigA
StartServiceA
OpenSCManagerA
ControlService

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W
QueryServiceConfigW
ChangeServiceConfigW
QueryServiceStatusEx

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-service-core-l1-1-1

EnumDependentServicesW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW
LookupAccountSidW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpiA
lstrcmpW

advapi32

SetEntriesInAclA
EnableTrace
FlushTraceW
QueryTraceW
RegEnumKeyA
LookupPrivilegeValueA
SetNamedSecurityInfoW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegQueryValueA
QueryServiceLockStatusA
RegEnumKeyW
RegDeleteKeyA
RegCreateKeyW
RegDeleteKeyW
RegConnectRegistryW

kernel32

DeleteTimerQueueTimer
UnregisterWaitEx
CreateTimerQueueTimer
MoveFileW
QueueUserWorkItem

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCW

msvcrt

_wcsdup
wcstombs
_errno
_wtoi
_waccess
_wcsnicmp
_callnewh
malloc
free
_vsnwprintf
_strnicmp
_mbscmp
_XcptFilter
atoi
strtok
fputs
memcpy_s
_vsnprintf
_stricmp
strchr
_wcsicmp
fclose
_purecall
_resetstkoflw
__C_specific_handler
__CxxFrameHandler3
_initterm
?terminate@@YAXXZ
_lock
_local_unwind
mbstowcs
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBD@Z
_ultow
strnlen
wcscpy_s
isdigit
atol
memcmp
_wtol
wcscmp
_amsg_exit
memset
fopen
wcsrchr
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
_wfopen
fwprintf
fflush
fprintf
wcschr
_ltoa
_ltow

mtxclu

MtxCluGetDefaultClusterResourceNonAdmin
MtxCluCreateClusterProxyTmInstance
MtxCluGetNameFromResourceIdString
MtxCluGetDTCVirtualServerNameW
MtxCluEnumerateClusterTmMappings
MtxCluSetClusterTmMapping
MtxCluClearClusterTmMappings
MtxCluGetResourceIdStringFromName
MtxCluCreateClusterTmInstance
MtxCluGetDefaultClusterResource
MtxCluSetDefaultClusterResource
MtxCluEnumerateDtcResourcesEx
MtxCluVerifyLogPathIsValidCSV
MtxCluVerifyLogPathInDependantDiskResource
MtxCluEnumerateDtcResources
MtxCluCreateTmInstanceForVirtualServer
MtxCluGetVirtualServerToken
FailedClusterAPIToEventLog
MtxCluRemoveClusterTmMappingByName

ktmw32

RollbackTransactionAsync
PrivCreateTransaction
CommitTransaction
OpenTransactionManagerById
OpenTransaction

clusapi

ClusterOpenEnum
ClusterResourceTypeGetEnumCount
CloseClusterResource
GetNodeClusterState
ClusterResourceControl
OpenClusterResourceEx
ClusterGetEnumCount
CloseCluster
ClusterCloseEnum
ClusterResourceTypeCloseEnum
OpenClusterEx
GetClusterResourceState
ClusterEnum
ClusterResourceTypeEnum
ClusterResourceTypeOpenEnum

resutils

ResUtilFindSzProperty

shlwapi

PathIsNetworkPathW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

bcrypt

BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptExportKey
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptDestroyKey
BCryptGenerateSymmetricKey

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids

api-ms-win-eventing-controller-l1-1-0

StartTraceW
StopTraceW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualProtect

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-lsapolicy-l1-1-0

LsaClose

Exports

Exports

ContactToNameObject
Create
CreateInstance
CreateLegacyTmInstance
CreateLocalTmInstance
CreateRemoteProxyTmInstance
CreateTmInstanceForRemoteAdmin
DTC_XaClose
DTC_XaCommit
DTC_XaComplete
DTC_XaEnd
DTC_XaForget
DTC_XaOpen
DTC_XaPrepare
DTC_XaRecover
DTC_XaRollback
DTC_XaStart
DeployDtc
DllGetClassObject
DllGetDTCConnectionManager
DllGetDTCProxy
DllGetDTCUtilObject
DllGetDtcConfigManager
DllGetTransactionManagerCore
DllRegisterServer
DllUnregisterServer
GetDtcLogPath
GetTmInstance
InstallContacts
InstallDtc
InstallDtcClient
RemoveDtc
ShutDownCM
SysPrepDtcCleanup
SysPrepDtcGeneralize
SysPrepDtcSpecialize
UpgradeApplySuccess

Sections

.text
Size: 509KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msdtcprx/msfeeds.dll
.dll windows:10 windows x64 arch:x64

84f3ccddd61f29542a0e95502e8805d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msfeeds.pdb

Imports

msvcrt

_vsnwprintf
_wcsicmp
_vsnprintf
wcstok_s
_wtoi
_wcsnicmp
_vsnwprintf_s
memcmp
memcpy
wcsncpy_s
wcsnlen
strnlen
isalnum
memmove
memset
rand_s
sprintf_s
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcsncmp
wcschr
iswalpha
_ultow_s
_itow_s
time
rand
srand
__C_specific_handler
memcpy_s
wcscmp

ntdll

NtQueryLicenseValue
NtClose
VerSetConditionMask
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

kernel32

GetFileAttributesW
SetFileAttributesW
DeleteFileW
MoveFileExW
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FileTimeToSystemTime
LocalAlloc
LocalFree
HeapFree
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap
OpenFileMappingW
ResetEvent
GetModuleFileNameW
GlobalAlloc
GlobalFree
GlobalLock
LocalReAlloc
GlobalUnlock
GetVersionExW
WriteFile
WaitForMultipleObjects
CreateMutexW
Sleep
CreateThread
FileTimeToLocalFileTime
QueryPerformanceFrequency
GetFileSize
WideCharToMultiByte
QueryPerformanceCounter
GetModuleFileNameA
CreateSemaphoreExW
SetLastError
ReleaseSemaphore
GetModuleHandleExW
GetCurrentThreadId
FormatMessageW
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
GetProcAddress
GetModuleHandleW
DebugBreak
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetTickCount
RaiseFailFastException
RaiseException
GetStringTypeExA
IsDBCSLeadByteEx
QueueUserWorkItem
InitializeCriticalSection
GetDiskFreeSpaceExW
GetTimeZoneInformation
FlushViewOfFile
FindClose
FlushFileBuffers
SetEndOfFile
LCMapStringW
GetFullPathNameW
GetFileSizeEx
SetFileTime
CompareStringW
GetTempPathW
GetLocalTime
GetProductInfo
GetUserPreferredUILanguages
GetSystemInfo
LoadLibraryW
FindFirstFileW
FreeLibrary
LocaleNameToLCID
CompareFileTime
CreateDirectoryW
SystemTimeToTzSpecificLocalTime
MultiByteToWideChar
OpenProcess
OpenMutexW
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
DeleteCriticalSection
GetSystemDefaultLCID
GetUserDefaultLCID
LoadLibraryExW
ResolveDelayLoadedAPI
DelayLoadFailureHook
RemoveDirectoryW
GetCurrentDirectoryW
InitOnceExecuteOnce
IsDBCSLeadByte
GetVersionExA
VerifyVersionInfoW
UnregisterWaitEx
CreateMutexExW
CloseHandle
SetEvent
GetLastError
CreateEventW
DuplicateHandle
UnmapViewOfFile
ReleaseMutex
OpenEventW
CreateFileW
WaitForSingleObject
SetFilePointer
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RegisterWaitForSingleObject
GetCurrentProcess
EnterCriticalSection
CreateEventExW
ReadFile
GetFileTime
FindNextFileW
LockResource
LoadResource
FindResourceExW
SizeofResource

shlwapi

PathIsNetworkPathW
StrStrW
ord219
ord176
ord156
ord2
SHGetValueW
ord433
UrlEscapeW
StrStrNIW
ord157
StrCmpNIA
StrToIntExW
SHCreateStreamOnFileEx
ord154
PathIsURLW
UrlCanonicalizeW
UrlCreateFromPathW
UrlApplySchemeW
ord487
StrCmpNA
HashData
StrTrimW
ord215
SHCreateStreamOnFileW
ord12
ord217
StrRChrW
StrToInt64ExW
SHRegGetValueW
ord158
StrChrW
StrCmpNIW
ord213
StrStrIW
ord15
ChrCmpIW
PathFileExistsW
SHStrDupW
PathFindFileNameW
StrCmpW
ord184
StrCmpIW
UrlUnescapeW
StrCmpNW

rpcrt4

RpcServerInqCallAttributesW
UuidCreateSequential
UuidEqual

iertutil

ord466
ord80
ord66
ord76
ord89
ord68
ord63
ord64
ord151
ord150
CreateIUriBuilder
ord54
ord65
CreateUriWithFragment
ord61
ord74
ord85
ord70
CreateUri
ord91
ord166
ord81
ord78
ord90
ord58
ord32
ord48
ord820
ord44
ord62
ord67
ord796
ord50
ord791
ord701
ord690
ord654
ord652
ord662
ord658
ord672
ord660
ord653
ord670
ord650
ord657
ord655
ord651
ord665
ord675
ord775
ord765
ord781
ord779
ord774
ord110
ord111
ord682
ord57
ord163
ord793
ord594
ord398
ord597
ord79
ord134

advapi32

CryptGetHashParam
RegQueryValueExA
RegOpenKeyExA
CryptSetKeyParam
CryptSetHashParam
CryptDestroyKey
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptGetKeyParam
CryptEncrypt
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
EventWriteEx
EventWriteTransfer
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
EventRegister
EventSetInformation
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
CredWriteW
CredReadW
CredEnumerateW
CredFree
CredDeleteW
TraceMessage
TraceEvent
CryptVerifySignatureW
RegQueryInfoKeyW
RegEnumKeyExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceConfigW

mlang

ord123

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathIsPrefixW
PathRemoveExtensionW

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
PropVariantCopy
CoWaitForMultipleHandles

kernelbase

OpenGlobalizationUserSettingsKey
GetSystemDefaultLocaleName
GetUserDefaultLocaleName
lstrcmpiA
StrToIntA
lstrlenA
lstrlenW

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
MsfeedsCreateInstance

Sections

.text
Size: 479KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msdtcprx/radardt.dll
.dll windows:10 windows x64 arch:x64

a7ab6456b76ea9f56223aa283087a8bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

radardt.pdb

Imports

msvcrt

_wcsicmp
_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
wcsrchr
_vsnwprintf
qsort
memset

kernelbase

LocalAlloc
Sleep
WTSGetServiceSessionId

ntdll

NtOpenEvent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString
RtlEqualUnicodeString
EtwEventRegister
EtwEventEnabled
RtlFreeSid
NtQueryEvent
EtwEventUnregister
RtlNtStatusToDosError
NtQuerySystemInformation
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
EtwEventWrite
EtwTraceMessage
RtlAllocateAndInitializeSid

advapi32

CloseServiceHandle
OpenSCManagerW
EnumServicesStatusExW
QueryServiceConfigW
OpenServiceW
RegDeleteValueW
RegCreateKeyExW
EqualSid
CopySid
IsValidSid
OpenProcessToken
GetLengthSid
GetTokenInformation
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW

kernel32

GetCurrentProcessId
HeapDestroy
GetProcessTimes
IsWow64Process
LocalFree
GetProcessId
GetModuleFileNameW
SetLastError
GetTickCount
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetDriveTypeW
FindNextVolumeW
FindVolumeClose
GetSystemDirectoryW
ResolveDelayLoadedAPI
DelayLoadFailureHook
CreateThread
CloseHandle
ProcessIdToSessionId
ExpandEnvironmentStringsW
GetFileAttributesW
FindFirstVolumeW
GetSystemTimeAsFileTime
ResetEvent
TryEnterCriticalSection
CreateWaitableTimerExW
CreateEventW
FreeLibraryAndExitThread
WaitForMultipleObjectsEx
SetWaitableTimer
OpenProcess
GetModuleHandleExW
K32GetModuleFileNameExW
CreateProcessW
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetLastError
SetEvent
DisableThreadLibraryCalls
DeleteCriticalSection
GetProcessHeap
HeapCreate
FreeLibrary

powrprof

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

Exports

Exports

RdrSysprepSpecialize
RdrSysprepSpecializeOffline
WdiDiagnosticModuleMain
WdiGetDiagnosticModuleInterfaceVersion
WdiHandleInstance

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wmvdspa/WiFiConfigSP.dll
.dll windows:10 windows x64 arch:x64

5f18af98bc11809e50a7d0409b5419b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WiFiConfigSP.pdb

Imports

msvcrt

wcschr
_wcsicmp
_wtoi
wcsstr
memcpy
memcpy_s
wcscpy_s
__CxxFrameHandler3
wcsncmp
wcsnlen
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
_vsnwprintf
malloc
memset

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString
SysStringLen

winhttp

WinHttpConnectionFreeProxyInfo
WinHttpConnectionDeleteProxyInfo
WinHttpConnectionSetProxyInfo
WinHttpConnectionGetProxyInfo

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

wlanapi

WlanFreeMemory
WlanSetProfileMetadata
WlanGetProfileMetadata
WlanCloseHandle
WlanEnumInterfaces
WlanDeleteProfile
WlanOpenHandle
WlanGetProfile
WlanPrivateSetProfile
WlanGetProfileList
WlanSetProfileEapXmlUserData

mobilenetworking

GetPersistentRegPath

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wmvdspa/WorkfoldersControl.dll
.dll windows:10 windows x64 arch:x64

dc98a6c982a0361be8f4988ca140ef61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WorkfoldersControl.pdb

Imports

msvcrt

_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
memcpy
memmove
setlocale
___lc_collate_cp_func
_errno
_lock
_unlock
??3@YAXPEAX@Z
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__pctype_func
memcmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
abort
memset
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
free
realloc
strchr
iswspace
__C_specific_handler
??_V@YAXPEAX@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_wsetlocale
__crtLCMapStringW
__crtCompareStringW
_vsnwprintf
_purecall
wcstod
wcstoul
_wcstoi64
_strnicmp
_vsnprintf
_wcsnicmp
_wcsicmp
__CxxFrameHandler3
?what@exception@@UEBAPEBDXZ
calloc
memmove_s
malloc
??0bad_cast@@QEAA@AEBV0@@Z
swprintf_s
_wcsdup

ntdll

EtwEventUnregister
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwEventRegister
EtwEventSetInformation
EtwEventWriteTransfer
EtwLogTraceEvent
LdrAddRefDll
RtlPcToFileHeader
RtlNtStatusToDosError
RtlLoadString

kernel32

IsDebuggerPresent
GetLastError
GetProcAddress
OutputDebugStringW
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
InitOnceBeginInitialize
ReleaseSRWLockShared
CreateThreadpoolTimer
AcquireSRWLockShared
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
GetProcessHeap
CompareStringOrdinal
LoadLibraryExW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetCurrentThreadId
InitOnceComplete
GetExitCodeProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
CloseHandle
ReleaseSemaphore
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
RegGetValueW
GetLocaleInfoEx
GetVersionExW
GetProductInfo
ExpandEnvironmentStringsW
ReleaseMutex
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
InitializeCriticalSectionEx
GetStringTypeW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
LoadLibraryExA
VirtualAlloc
GetCurrentProcess
VirtualFree
WideCharToMultiByte
lstrcmpW
CreateEventExW
InitializeSRWLock
RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
RegDeleteValueW
WaitForSingleObjectEx
FormatMessageW
MulDiv
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
GetModuleFileNameW
FindResourceExW
GlobalHandle
FindResourceW
LoadResource
LockResource
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CompareStringW
DeleteAtom
AddAtomW
GetTimeFormatEx
GetDateFormatEx
GetDiskFreeSpaceExW
GetComputerNameExW
LocalFree
CreateThread
CreateEventW
RaiseException
ResetEvent
SetEvent
InitOnceExecuteOnce
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
FreeLibrary
LeaveCriticalSection
InitializeCriticalSection
OpenSemaphoreW
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
HeapAlloc

ole32

CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
OleInitialize
CoTaskMemAlloc
OleUninitialize
CoTaskMemFree
CoUninitialize
CoInitializeEx
StringFromGUID2
CoQueryProxyBlanket
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
DispCallFunc
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarBstrCmp
VariantClear
VariantInit
SysAllocStringLen
SysStringLen

gdi32

BitBlt
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps

user32

UnregisterClassA
GetSystemMetrics
MapDialogRect
SetWindowContextHelpId
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
GetClassInfoExW
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
LoadCursorW
RegisterClassExW
DialogBoxIndirectParamW
SetWindowPos
SetWindowsHookExW
SetWindowLongPtrW
EndDialog
GetClientRect
GetWindowRect
IsWindow
DispatchMessageW
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
CallNextHookEx
UnhookWindowsHookEx
CloseClipboard
DestroyWindow
PostThreadMessageW
LoadStringW
SendMessageW
GetWindowLongPtrW
SystemParametersInfoW
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetMessagePos
GetSubMenu
LoadMenuW
DefWindowProcW
GetKeyState
PostMessageW
MsgWaitForMultipleObjects
PeekMessageW
SetForegroundWindow
ShowWindow
GetAncestor
CreateWindowExW
DestroyIcon
CopyIcon
LoadImageW

propsys

PSPropertyBag_ReadInt
PSPropertyBag_ReadDWORD
PSPropertyBag_WriteDWORD
PSPropertyBag_Delete
PSPropertyBag_ReadGUID
PSPropertyBag_ReadStr
PSPropertyBag_ReadBOOL
PSPropertyBag_WriteGUID
PSPropertyBag_WriteStr
PSPropertyBag_WriteBOOL
PSPropertyBag_WriteUnknown
PSPropertyBag_ReadUnknown

advapi32

GetTraceEnableFlags
EventUnregister
EventRegister
EventSetInformation
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
RegEnumKeyW

dui70

?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1XProvider@DirectUI@@UEAA@XZ
??0XProvider@DirectUI@@QEAA@XZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
UnInitThread
UnInitProcessPriv
InitThread
InitProcessPriv
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?Register@Element@DirectUI@@SAJXZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?EndDefer@Element@DirectUI@@QEAAXK@Z
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?AddRef@XProvider@DirectUI@@UEAAKXZ
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
??1CritSecLock@DirectUI@@QEAA@XZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
??0ClassInfoBase@DirectUI@@QEAA@XZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
??0Element@DirectUI@@QEAA@XZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
??1Element@DirectUI@@UEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?Release@Value@DirectUI@@QEAAXXZ
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
StrToID
?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?OnNotify@CCBase@DirectUI@@UEAA_NI_K_JPEA_J@Z
?Register@CCListView@DirectUI@@SAJXZ
?Initialize@CCListView@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?GetClassInfoPtr@CCListView@DirectUI@@SAPEAUIClassInfo@2@XZ
?PostCreate@CCBase@DirectUI@@MEAAXPEAUHWND__@@@Z
?OnReceivedDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnLostDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnCustomDraw@CCBase@DirectUI@@UEAA_NPEAUtagNMCUSTOMDRAWINFO@@PEA_J@Z
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?CreateHWND@CCBase@DirectUI@@UEAAPEAUHWND__@@PEAU3@@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UEAAHHHI@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?DefaultAction@CCBase@DirectUI@@UEAAJXZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?GetContentSize@CCListView@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?OnInput@CCBase@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnPropertyChanged@CCBase@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
??1CCListView@DirectUI@@UEAA@XZ
??0CCListView@DirectUI@@QEAA@XZ
?SetAccDesc@Element@DirectUI@@QEAAJPEBG@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetClass@Element@DirectUI@@QEAAJPEBG@Z
?SetExpanded@Expandable@DirectUI@@QEAAJ_N@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z

shlwapi

ord24
ord514
ord256
ord174
ord204
ord618
ord156
SHStrDupW
ord158
ord165
ord278
ord172
ord176
ord199
ord219

shell32

SHGetDesktopFolder
ord526
SHGetKnownFolderPath
SHChangeNotify
ShellExecuteExW
SHGetKnownFolderIDList
SHCreateItemFromIDList
ord155
ShellExecuteW
ord25
SHBindToObject
SHParseDisplayName
ord18

credui

CredUIPromptForWindowsCredentialsW
CredUnPackAuthenticationBufferW

uxtheme

SetWindowTheme

wininet

InternetSetOptionW

crypt32

CertOpenSystemStoreW
CertFindChainInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertFreeCertificateChain
CertCloseStore

policymanager

PolicyManager_GetPolicyInt

winhttp

WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpen
WinHttpReadData
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSetCredentials
WinHttpQueryOption
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpCrackUrl

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wmvdspa/wiadss.dll
.dll windows:10 windows x64 arch:x64

d86673345bd1e2ecb5430d55be9f4acc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wiadss.pdb

Imports

msvcrt

_vsnwprintf
memcpy
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_strcmpi
_vsnprintf
memcpy_s
memcmp
memset

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

kernel32

EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
MultiByteToWideChar
FormatMessageW
GetLastError
OutputDebugStringW
DisableThreadLibraryCalls
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
DebugBreak
IsDebuggerPresent
LocalAlloc
GlobalAlloc
GlobalFree
GlobalLock
LocalFree
GlobalUnlock
WriteFile
CreateFileA
LoadLibraryW
FreeLibrary
InitOnceBeginInitialize
lstrlenW
InitOnceComplete
GetFullPathNameW
lstrcmpiW
GlobalReAlloc
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
WaitForSingleObjectEx
GlobalSize

user32

LoadStringW

oleaut32

SysAllocString
SysFreeString

ole32

FreePropVariantArray
CoTaskMemAlloc
CoRegisterMessageFilter
CoCreateInstance
CoUninitialize
CoInitialize
PropVariantClear
CoTaskMemFree

comctl32

ord17

Exports

Exports

CloseFindContext
FindFirstImportDS
FindImportDSByDeviceName
FindNextImportDS
GetLoaderStatus
LoadImportDS
UnloadImportDS

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wmvdspa/wmvdspa.dll
.dll regsvr32 windows:10 windows x64 arch:x64

c9c05e9a741ec8e9b2bd7a4ec9dbb39b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wmvdspa.pdb

Imports

msvcrt

__C_specific_handler
sqrtf
_callnewh
_amsg_exit
wcsncpy_s
malloc
free
_lock
_onexit
__dllonexit
_initterm
_errno
_wcsicmp
_unlock
realloc
_vsnwprintf
_wgetcwd
_wchdir
fclose
_wfopen
fwprintf
_purecall
wcscat_s
wcscpy_s
memcpy_s
_XcptFilter
cos
log
memcpy
memmove
memset
sin
sqrt
wcscmp

oleaut32

LoadTypeLi
SysFreeString
UnRegisterTypeLi
SysAllocString
VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
LoadResource
SizeofResource
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameW
FindResourceExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection

api-ms-win-core-com-l1-1-0

PropVariantClear
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
PropVariantCopy

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-file-l1-1-0

ReadFile
SetEndOfFile
CreateFileW
GetFileSize
SetFilePointer
WriteFile
GetFileAttributesW

api-ms-win-core-handle-l1-1-0

CloseHandle

msdmo

MoInitMediaType
DMORegister
DMOUnregister
MoFreeMediaType
MoCopyMediaType

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64_x32_installer__v3.4.7.msi
.msi

Sharing

General

Malware Config

Signatures

Files

70c0d8563d26b207db00e647bcd1cbb1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-power-setting-l1-1-0

ntdll

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-lsalookup-l1-1-0

api-ms-win-core-psm-key-l1-1-0

oleaut32

rpcrt4

api-ms-win-appmodel-runtime-internal-l1-1-4

api-ms-win-core-registry-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-threadpool-l1-2-0

resourcepolicyclient

umpdc

eventaggregation

rmclient

api-ms-win-core-apiquery-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-quirks-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-quirks-l1-1-0

api-ms-win-core-processthreads-l1-1-1

Exports

Exports

Sections

.text Size: 568KB - Virtual size: 567KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 1024B - Virtual size: 6KB

.pdata Size: 32KB - Virtual size: 31KB

.didat Size: 512B - Virtual size: 360B

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 5KB - Virtual size: 5KB

731507425e0162f171397c3bbf3f205c

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

60:c5:20:80:e1:af:5c:4f:fe:45:40:28:33:3d:0f:75:de:42:4e:a2:2d:e3:30:24:cc:d0:47:be:a0:db:97:ebSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

.text
Size: 568KB - Virtual size: 567KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 1024B - Virtual size: 6KB

.pdata
Size: 32KB - Virtual size: 31KB

.didat
Size: 512B - Virtual size: 360B

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 5KB - Virtual size: 5KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

60:c5:20:80:e1:af:5c:4f:fe:45:40:28:33:3d:0f:75:de:42:4e:a2:2d:e3:30:24:cc:d0:47:be:a0:db:97:eb
Signer

.text
Size: 210KB - Virtual size: 210KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 15KB - Virtual size: 15KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

33:00:00:01:45:10:eb:f8:9a:d7:99:40:e7:00:00:00:00:01:45
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

b3:d5:d9:23:3e:01:32:37:e5:e3:8e:79:86:82:c9:15:ca:52:46:75:28:03:16:aa:7b:d4:ff:bd:74:75:5e:81
Signer