x64_x32_installer__v3[.]5[.]9[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

x64_x32_installer__v3.5.9.zip
Size

33.7MB
MD5

92ba228ae55d5875b3bbbd5fcca7f3db
SHA1

b59b7e8ff9687e0fcea06ca6f43b82a60fc84bdc
SHA256

0aad83b960fa37c557263829dd6734347b09118cdf6758b17c8a092650290d64
SHA512

c957846e8d2db426bb395cbfdbd35a13cca0dc798a5adaa840c153d3069ffb0651a53b58dc0c1768b60ace6dca57d83fd7ae691136d68660f5221ab518b42205
SSDEEP

786432:GUz1h6wbF6gzvPPxlteEdfxesyg9C+eiubhF72BtkwrfaDEbo:3Yw9px3NezRWtkgyMo

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bisrv/bisrv.dll
unpack001/bisrv/sbe.dll
unpack001/dialclient/credprovslegacy.dll
unpack001/dialclient/cryptcatsvc.dll
unpack001/dialclient/dialclient.dll
unpack001/mi/mi.dll
unpack001/mi/tzautoupdate.dll
unpack001/vssapi/Windows.Internal.Management.dll
unpack001/vssapi/vssapi.dll
unpack001/vssapi/wci.dll
unpack001/vssapi/winusb.dll

Files

x64_x32_installer__v3.5.9.zip
.zip
bisrv/bisrv.dll
.dll windows:10 windows x64 arch:x64

70c0d8563d26b207db00e647bcd1cbb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bisrv.pdb

Imports

msvcrt

memcmp
wcstok_s
_set_errno
_wcsdup
memmove_s
qsort
_wcsicmp
_errno
wcscpy_s
wcsnlen
_vsnwprintf
memcpy
_callnewh
memmove
_onexit
__dllonexit
_unlock
_lock
toupper
strtoul
__CxxFrameHandler3
__C_specific_handler
swscanf_s
_initterm
malloc
_wcsnicmp
_amsg_exit
_XcptFilter
free
_ui64tow_s
_purecall
memcpy_s
wcstoul
_get_errno
memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

ntdll

RtlRbRemoveNode
ZwUpdateWnfStateData
NtQueryAttributesFile
RtlNtStatusToDosError
RtlQueryWnfStateData
NtSetValueKey
NtCreateFile
NtSaveKeyEx
NtCreateKey
NtLoadKeyEx
NtDeleteValueKey
RtlAcquirePrivilege
NtDeleteFile
TpReleaseWait
NtOpenKey
RtlReleasePrivilege
RtlAppendUnicodeToString
NtEnumerateKey
RtlRunOnceComplete
RtlAppendUnicodeStringToString
NtDeleteKey
RtlCompareUnicodeString
TpWaitForWait
TpAllocWait
RtlRunOnceBeginInitialize
RtlRbInsertNodeEx
TpSetWait
TpReleasePool
TpAllocPool
RtlUnsubscribeWnfNotificationWaitForCompletion
NtClearEvent
TpSetPoolMaxThreads
NtWriteVirtualMemory
RtlStringFromGUIDEx
TpSetWaitEx
NtSetEvent
RtlRegisterForWnfMetaNotification
NtReadVirtualMemory
RtlAcquireSRWLockExclusive
RtlCopyUnicodeString
RtlReleaseSRWLockExclusive
RtlInitializeSRWLock
RtlUnsubscribeWnfStateChangeNotification
RtlNtStatusToDosErrorNoTeb
RtlWaitForWnfMetaNotification
RtlPublishWnfStateData
NtQuerySystemInformation
NtQueryInformationProcess
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlGetNextEntryHashTable
RtlLookupEntryHashTable
RtlCreateHashTable
NtDuplicateObject
RtlWakeAddressAll
RtlInsertEntryHashTable
NtOpenProcess
NtCreateEvent
RtlLengthSid
RtlCompareUnicodeStrings
RtlFreeUnicodeString
RtlStringFromGUID
RtlQueryUnbiasedInterruptTime
NtQueryValueKey
RtlDeleteHashTable
RtlDuplicateUnicodeString
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlFreeHeap
RtlIsMultiSessionSku
RtlFreeSid
RtlInitEnumerationHashTable
RtlRemoveEntryHashTable
RtlQueryWnfMetaNotification
RtlReAllocateHeap
RtlAddAccessAllowedAceEx
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum
RtlUpcaseUnicodeChar
RtlSetDaclSecurityDescriptor
RtlEndEnumerationHashTable
NtCreateWnfStateName
NtDeleteWnfStateName
RtlAllocateHeap
RtlGUIDFromString
RtlEnumerateEntryHashTable
RtlSetOwnerSecurityDescriptor
RtlEqualSid
RtlQueryPackageIdentityEx
NtOpenThreadToken
TpSetTimerEx
RtlCopySid
RtlWaitOnAddress
RtlQueryPackageClaims
NtQueryInformationToken
TpReleaseTimer
NtOpenProcessToken
RtlValidSid
RtlTestBit
RtlInitializeBitMap
TpReleaseWork
TpWaitForWork
TpPostWork
RtlClearBit
RtlRunOnceExecuteOnce
NtPowerInformation
NtQueryWnfStateData
RtlSetBit
TpAllocWork
TpWaitForTimer
TpAllocTimer
RtlSubscribeWnfStateChangeNotification
TpSetTimer
RtlConvertSidToUnicodeString
NtCreateIRTimer
NtClose
NtSetIRTimer

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateMutexExW
DeleteCriticalSection
WaitForSingleObjectEx
InitializeSRWLock
OpenEventW
ReleaseSRWLockShared
SetEvent
ReleaseSemaphore
InitializeCriticalSectionEx
AcquireSRWLockShared
CreateEventExW
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
EnterCriticalSection
TryAcquireSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-security-base-l1-1-0

InitializeAcl
IsWellKnownSid
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
IsValidSid
CreateWellKnownSid
GetTokenInformation
RevertToSelf
SetSecurityDescriptorOwner
AddAccessAllowedAce
SetSecurityDescriptorGroup
GetLengthSid
CopySid

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
OpenProcessToken
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventRegister
EventProviderEnabled
EventSetInformation
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlCompareMemory

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-lsalookup-l1-1-0

LsaLookupOpenLocalPolicy
LsaLookupFreeMemory
LsaLookupClose
LookupAccountSidLocalW
LsaLookupGetDomainInfo

api-ms-win-core-psm-key-l1-1-0

PsmCreateKey
PsmIsValidKey
PsmGetApplicationNameFromKey
PsmIsDynamicKey
PsmGetPackageFullNameFromKey

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

rpcrt4

RpcRaiseException
NdrServerCallAll
NdrClientCall3
NdrServerCall2
I_RpcBindingInqLocalClientPID
UuidCreate
RpcBindingCreateW
RpcAsyncCompleteCall
NdrAsyncServerCall
RpcBindingBind
I_RpcMapWin32Status
Ndr64AsyncServerCallAll
RpcBindingFree
I_RpcExceptionFilter
RpcEpUnregister
RpcBindingVectorFree
RpcEpRegisterW
RpcServerUnregisterIf
RpcImpersonateClient
RpcRevertToSelf
RpcServerInqBindings
RpcServerRegisterIf3
RpcServerUseProtseqW
RpcServerInqCallAttributesW

api-ms-win-appmodel-runtime-internal-l1-1-4

GetPackageStatusForUserSid

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegEnumKeyW

api-ms-win-core-registry-l1-1-0

RegDeleteValueA
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegEnumValueA

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoUnmarshalInterface
CoIncrementMTAUsage
CoDecrementMTAUsage
CoRegisterClassObject
CoCreateInstance
CLSIDFromString
CoTaskMemAlloc
CoMarshalInterface
CoInitializeEx
CoGetClassObject
CoUninitialize
CreateStreamOnHGlobal
CoDisconnectObject
CoTaskMemFree
CoGetCallContext
CoReleaseMarshalData

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
CreateThreadpoolWork
SubmitThreadpoolWork
CreateThreadpool
SetThreadpoolThreadMinimum
CloseThreadpoolWork
CloseThreadpoolCleanupGroup
IsThreadpoolTimerSet
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
SetThreadpoolThreadMaximum
CloseThreadpool
CloseThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolTimer
SetThreadpoolTimer

resourcepolicyclient

QueryApplicationInterruptiveUIStateByPsmKey
InterruptiveUIStateChanged_Subscribe
CreateResourcePolicyEngineClient
InterruptiveUIStateChanged_Unsubscribe
CreateResourcePolicyStoreClient

umpdc

Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientSetBrokeredProcessId
Pdcv2ActivationClientRegister
Pdcv2ActivationClientActivate
Pdcv2ActivationClientDeactivate

eventaggregation

EaDeleteAggregation
BriUnregisterFromBrokerAvailability
BriCreateBrokeredEventEx
EaSignalAggregatedEvent
BriGetBrokerAvailabilityChangeStamp
BriRegisterToBrokerAvailability
EaCreateAggregation
BriDeleteBrokeredEvent
BriIsBrokerRegistered

rmclient

HamResetExternalResourcePriority
HamCloseActivity
HamTerminateActivityHost
HamPopulateActivityProperties
HamSetExternalResourcePriority
HamStartActivityAsync
HamIsHostBeingDebugged
CrmRegister
CrmActivityFree
HamCreateActivityEx
HamDisconnectFromServer
CrmActivityAllocate
CrmActivityStart
HamConnectToServer
CrmActivityStop
CrmActivityRequest

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-quirks-l1-1-1

QuirkIsEnabledForPackage3

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-processthreads-l1-1-1

OpenProcess

Exports

Exports

PsmBiExtInitialize
PsmBiExtNotifyAppState
PsmBiExtNotifySessionStateChange
PsmBiExtNotifySessionUserStateChange
PsmBiExtNotifyWerReportProgress
PsmBiExtPrepareToSuspendPackage
PsmBiExtResumePackage

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bisrv/biwinrt.dll
.dll windows:10 windows x64 arch:x64

731507425e0162f171397c3bbf3f205c

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:c5:20:80:e1:af:5c:4f:fe:45:40:28:33:3d:0f:75:de:42:4e:a2:2d:e3:30:24:cc:d0:47:be:a0:db:97:eb
Signer

Actual PE Digest

60:c5:20:80:e1:af:5c:4f:fe:45:40:28:33:3d:0f:75:de:42:4e:a2:2d:e3:30:24:cc:d0:47:be:a0:db:97:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

biwinrt.pdb

Imports

msvcrt

?terminate@@YAXXZ
_initterm
memcpy
_amsg_exit
_XcptFilter
__C_specific_handler
memcmp
_unlock
malloc
free
memmove
memmove_s
_vsnprintf_s
realloc
_lock
wcschr
toupper
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
_onexit
__dllonexit
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
memset

ntdll

RtlCompareUnicodeString
RtlInitUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
WinSqmAddToStreamEx
RtlFreeHeap
RtlQueryPackageClaims
RtlAllocateHeap
RtlCompareMemory
RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError
RtlRunOnceBeginInitialize
RtlRunOnceInitialize
RtlReportException
RtlRunOnceComplete
RtlCaptureContext
NtQueryInformationToken

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
OpenSemaphoreW
InitializeCriticalSectionEx
WaitForSingleObjectEx
AcquireSRWLockExclusive
DeleteCriticalSection
CreateEventW
CreateMutexExW
AcquireSRWLockShared
ReleaseSemaphore
WaitForSingleObject
ReleaseSRWLockExclusive
ReleaseMutex
SetEvent
InitializeSRWLock
CreateSemaphoreExW
EnterCriticalSection
TryAcquireSRWLockExclusive
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateStringReference

api-ms-win-core-com-l1-1-0

CoGetClassObject
CoTaskMemFree
CoIncrementMTAUsage
CoDecrementMTAUsage
CreateStreamOnHGlobal
CoUnmarshalInterface
CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoInitialize
RoUninitialize

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalAlloc

oleaut32

SysFreeString

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

rpcrt4

RpcBindingFree
RpcBindingBind
RpcBindingCreateW
NdrClientCall3
RpcExceptionFilter
RpcAsyncCompleteCall
Ndr64AsyncClientCall
RpcAsyncInitializeHandle

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-service-private-l1-1-0

WaitServiceState

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BiRtCreateEventForApp
BiRtDeleteEventForApp
BiRtEnumerateBrokeredEvents
BiRtIsValidActivationTypeForEventType
BiRtQueryBrokerEventId
BiRtRegisterWorkItem
BiRtRegisterWorkItemClsid
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bisrv/rtmpal.dll
.dll windows:6 windows x64 arch:x64

2ba269fcdffb149ed080e02de3798690

Code Sign

33:00:00:01:45:10:eb:f8:9a:d7:99:40:e7:00:00:00:00:01:45
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2019, 19:27

Not After

27/03/2020, 19:27

Subject

CN=Skype Software Sarl,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:d5:d9:23:3e:01:32:37:e5:e3:8e:79:86:82:c9:15:ca:52:46:75:28:03:16:aa:7b:d4:ff:bd:74:75:5e:81
Signer

Actual PE Digest

b3:d5:d9:23:3e:01:32:37:e5:e3:8e:79:86:82:c9:15:ca:52:46:75:28:03:16:aa:7b:d4:ff:bd:74:75:5e:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\MSRTC\msrtc\build.d\output\release\RtmPal.pdb

Imports

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
LoadLibraryExA
DisableThreadLibraryCalls
GetModuleFileNameA
FreeLibrary

ntdll

RtlNtStatusToDosError
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
GetThreadPriority
SetThreadPriority
GetExitCodeThread
GetCurrentThread
TlsSetValue
GetCurrentThreadId
GetCurrentProcessId
TlsFree
OpenProcessToken
SetThreadPriorityBoost
TerminateProcess
GetCurrentProcess
TlsGetValue

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsGetValue
FlsSetValue
FlsAlloc

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ReleaseSRWLockShared
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
WaitForMultipleObjectsEx
ReleaseSemaphore
EnterCriticalSection
AcquireSRWLockShared
TryAcquireSRWLockShared
InitializeSRWLock
CreateEventW
CreateMutexExW
ReleaseSRWLockExclusive
ReleaseMutex
AcquireSRWLockExclusive
SetEvent
CreateEventExW
TryAcquireSRWLockExclusive
TryEnterCriticalSection
WaitForSingleObject
ResetEvent
CreateSemaphoreExW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetSystemTimePreciseAsFileTime

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWrite
EventUnregister

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
ReadFile
GetFileAttributesExW
SetFilePointerEx
WriteFile
CreateDirectoryW
FlushFileBuffers

api-ms-win-core-file-l1-2-0

GetTempPathW
CreateFile2

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
MoveFileExW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoWaitForMultipleHandles
CoGetApartmentType
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoInitializeEx
CoTaskMemFree
PropVariantClear

api-ms-win-eventing-controller-l1-1-0

StopTraceW
StartTraceW
ControlTraceW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

api-ms-win-crt-heap-l1-1-0

malloc
_calloc_base
calloc
_malloc_base
_callnewh
_free_base
realloc
free

api-ms-win-crt-runtime-l1-1-0

_set_abort_behavior
_register_onexit_function
_initialize_onexit_table
_beginthreadex
_execute_onexit_table
_set_invalid_parameter_handler
_initialize_narrow_environment
_crt_atexit
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
abort
_initterm_e
_initterm
_invalid_parameter_noinfo
_invoke_watson
_errno
_cexit
terminate

api-ms-win-crt-string-l1-1-0

isxdigit
wcscat_s
wcscpy_s
wcsncpy_s
wcslen
strcmp
iswdigit
strspn
_wcslwr_s
iswascii
_strdup
strlen
__strncnt
tolower
iswlower
iswxdigit
isspace
toupper
_wcsicmp
isdigit
islower
isprint
strncmp
strcpy_s
strncpy_s
_wcsdup
isupper
strcat_s
_stricmp
strnlen
_wcsnicmp
strcspn
wcscmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__acrt_iob_func
fputs
__stdio_common_vsprintf
__stdio_common_vswscanf
__stdio_common_vswprintf_s
fclose
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
fflush

api-ms-win-crt-convert-l1-1-0

wcstol
strtoul
_wtof
_wtoi64
_wtoi
atoi
wcstoull
strtol
strtof
_itow_s
strtod

api-ms-win-crt-locale-l1-1-0

__pctype_func
localeconv
_lock_locales
___lc_locale_name_func
___lc_codepage_func
___mb_cur_max_func
_unlock_locales
setlocale

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetEnvironmentVariableW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegQueryValueExW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SetThreadpoolThreadMinimum
WaitForThreadpoolWorkCallbacks
CreateThreadpool
SetThreadpoolThreadMaximum
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpool

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

crypt32

CertCreateSelfSignCertificate
CertFreeCertificateContext
CertStrToNameW
CryptHashCertificate
CryptUnprotectData
CryptProtectData

api-ms-win-security-base-l1-1-0

GetFileSecurityW
DuplicateToken
MapGenericMask
AccessCheck

bcrypt

BCryptGenRandom
BCryptDuplicateHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGetFipsAlgorithmMode
BCryptGetProperty
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptEncrypt
BCryptImportKey
BCryptDestroyHash

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapSize

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_localtime64_s
_mkgmtime64

api-ms-win-crt-math-l1-1-0

ldexp
frexp
pow
powf

api-ms-win-core-io-l1-1-0

PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort

api-ms-win-crt-multibyte-l1-1-0

_ismbblead

powrprof

PowerDeterminePlatformRole

mmdevapi

ord17

oleaut32

SysAllocString
SysFreeString

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-wow64-l1-1-0

IsWow64Process

windows.networking

SetSocketMediaStreamingMode

api-ms-win-core-heap-l2-1-0

LocalFree

ncrypt

NCryptFinalizeKey
NCryptSetProperty
NCryptCreatePersistedKey
NCryptOpenKey
NCryptOpenStorageProvider
NCryptFreeObject

sspicli

InitializeSecurityContextW
AcceptSecurityContext
AcquireCredentialsHandleW
DeleteSecurityContext
FreeCredentialsHandle
QueryContextAttributesW
SetContextAttributesW
FreeContextBuffer

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-utility-l1-1-0

_byteswap_ulong
abs
rand_s
labs
_byteswap_ushort

Exports

Exports

??0CheckedMutex@auf@@QEAA@PEBD_N@Z
??0Event@auf@@QEAA@XZ
??0Flag@auf@@QEAA@XZ
??0IPv4@rtnet@@QEAA@XZ
??0IPv6@rtnet@@QEAA@XZ
??0LockfreeQueue@auf@@QEAA@AEAVLockfreeStackPool@1@@Z
??0LockfreeStackPool@auf@@QEAA@I@Z
??0Path@spl@@QEAA@XZ
??0PortSpecification@rtnet@@QEAA@AEBU?$pair@HH@std@@@Z
??0RefCounter@auf@@QEAA@XZ
??0SocketConnectOptions@rtnet@@QEAA@XZ
??0SocketOptions@rtnet@@IEAA@XZ
??0ThreadRef@auf@@QEAA@PEBDI_K@Z
??0UncheckedMutex@auf@@QEAA@PEBD_N@Z
??0XorshiftRNG@auf@@QEAA@I@Z
??1CheckedMutex@auf@@QEAA@XZ
??1Event@auf@@QEAA@XZ
??1Flag@auf@@QEAA@XZ
??1IPv4@rtnet@@QEAA@XZ
??1IPv6@rtnet@@QEAA@XZ
??1LockfreeQueue@auf@@QEAA@XZ
??1LockfreeStackPool@auf@@QEAA@XZ
??1Path@spl@@QEAA@XZ
??1PortSpecification@rtnet@@QEAA@XZ
??1RefCounter@auf@@QEAA@XZ
??1ThreadRef@auf@@QEAA@XZ
??1UncheckedMutex@auf@@QEAA@XZ
??1XorshiftRNG@auf@@QEAA@XZ
??AIPv4@rtnet@@QEAAAEAE_K@Z
??AIPv6@rtnet@@QEAAAEAE_K@Z
?address@InterfaceAddress@rtnet@@QEBA?AV?$IntrusivePtr@VAddress@rtnet@@@auf@@XZ
?advance@SimpleBuffer@rtnet@@QEAAX_K@Z
?allocMem@LockfreePacker@auf@@SAPEAX_K@Z
?allocate@LockfreeStackPool@auf@@QEAAPEAX_K@Z
?asIPv4@Address@rtnet@@QEBA_NAEAVIPv4@2@@Z
?asIPv6@Address@rtnet@@QEBA_NAEAVIPv6@2@@Z
?atomicAddI@spl@@YAHPECHH@Z
?atomicAddL@spl@@YAJPECJJ@Z
?callOperatorDelete@spl@@YAXPEAX@Z
?callOperatorNew@spl@@YAPEAX_K@Z
?clearDelegate@StreamSocket@rtnet@@QEAAXXZ
?compareExchangeI@spl@@YA_NPECHHH@Z
?compareExchangeL@spl@@YA_NPECJJJ@Z
?compareExchangePI@spl@@YA_NPEC_J_J1@Z
?compareExchangeValI@spl@@YAHPECHHH@Z
?complete@SimpleBuffer@rtnet@@QEAAXXZ
?connectTCPHostAsync@rtnet@@YA?AV?$IntrusivePtr@VAsyncOperation@auf@@@auf@@PEBDHAEBV?$IntrusivePtr@VThreadPoolTransport@auf@@@3@AEBV?$IntrusivePtr@VIStreamSocketDelegate@rtnet@@@3@PEAUAsyncTag@3@AEBV?$IntrusivePtr@VStreamSocketOptions@rtnet@@@3@AEBV?$IntrusivePtr@VStreamSocketConnectOptions@rtnet@@@3@I@Z
?connectedCore@IStreamSocketDelegate@rtnet@@AEAAXAEBV?$IntrusivePtr@VStreamSocket@rtnet@@@auf@@PEAUAsyncTag@4@@Z
?create@PortSpecificationImpl@internal@rtnet@@SAPEAV123@AEBU?$pair@HH@std@@@Z
?create@PortSpecificationImpl@internal@rtnet@@SAPEAV123@AEBV123@@Z
?create@PortSpecificationImpl@internal@rtnet@@SAPEAV123@H@Z
?create@PortSpecificationImpl@internal@rtnet@@SAPEAV123@HH@Z
?create@SocketConnectOptionsImpl@internal@rtnet@@SAPEAV123@AEBV123@@Z
?create@SocketConnectOptionsImpl@internal@rtnet@@SAPEAV123@XZ
?create@SocketOptionsImpl@internal@rtnet@@SAPEAV123@AEBV123@@Z
?create@SocketOptionsImpl@internal@rtnet@@SAPEAV123@XZ
?createStrand@auf@@YA?AV?$IntrusivePtr@VThreadPoolTransport@auf@@@1@W4ThreadPoolPriority@spl@@@Z
?createStrandWithTransport@auf@@YA?AV?$IntrusivePtr@VThreadPoolTransport@auf@@@1@AEBV21@@Z
?createTimerWithTransport@auf@@YA?AV?$IntrusivePtr@VTimer@auf@@@1@AEBV?$IntrusivePtr@VThreadPoolTransport@auf@@@1@V?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@1PEAUCall@1@@Z
?createWithSize@SimpleBuffer@rtnet@@SA?AV?$IntrusivePtr@VSimpleBuffer@rtnet@@@auf@@_K@Z
?data@SimpleBuffer@rtnet@@QEAAPEAXXZ
?dataBarrier@spl@@YAXXZ
?dec@RefCounter@auf@@QEAAKXZ
?decodeToUtf16@spl@@YA?AV?$basic_string@_SU?$char_traits@_S@std@@V?$allocator@_S@2@@std@@PEBD_K@Z
?decodeUtf8@spl@@YA_KPEAX_KPEBD11@Z
?decryptWithTempKey@spl@@YA?AV?$vector@DU?$secure_allocator@D@internal@spl@@@std@@PEBD_K@Z
?dequeue@LockfreeQueue@auf@@QEAAPEAXPEA_N@Z
?destroyCert@rtnet@@YAXPEAUX509Cert@1@@Z
?directoryCreateRecursive@spl@@YA?AW4FileError@1@AEBVPath@1@H@Z
?disconnect@StreamSocket@rtnet@@QEAAXXZ
?done@ThreadRef@auf@@QEBA_NXZ
?dtlsAccept@rtnet@@YAHPEAUTlsSession@1@PEAUTlsBuf@1@1PEAX@Z
?dtlsConnect@rtnet@@YAHPEAUTlsSession@1@PEAUTlsBuf@1@1@Z
?dtlsCreate@rtnet@@YAPEAUTlsSession@1@_NPEBUX509Cert@1@@Z
?dtlsDestroy@rtnet@@YAXPEAUTlsSession@1@@Z
?dtlsSrtpParametersFreeMkiBuffer@rtnet@@YAXPEAUDtlsSrtpParameters@1@@Z
?dtorCore@SocketConnectOptions@rtnet@@AEAAXXZ
?dtorCore@SocketOptions@rtnet@@AEAAXXZ
?embedIPv4@IPv6@rtnet@@QEAA_NAEBVIPv4@2@_K@Z
?empty@LockfreeQueue@auf@@QEAA_NXZ
?encode@BASE64@spl@@SAXPEADPEBX_K@Z
?encodeUtf8@spl@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBX_K1@Z
?encodeUtf8@spl@@YA_KPEAD_KPEBX11@Z
?encodedLength@BASE64@spl@@SA_K_K@Z
?encryptWithTempKey@spl@@YA?AV?$vector@DU?$secure_allocator@D@internal@spl@@@std@@PEBX_K@Z
?enqueue@LockfreeQueue@auf@@QEAA_NPEAX@Z
?exchangeI@spl@@YAHPECHH@Z
?exchangeL@spl@@YAJPECJJ@Z
?exchangePI@spl@@YA_JPEC_J_J@Z
?fileClose@spl@@YAXPEAX@Z
?fileFlush@spl@@YA_NPEAX@Z
?fileOpen@spl@@YAPEAXAEBVPath@1@W4FileSemantics@1@HAEAW4FileError@1@@Z
?fileRead@spl@@YA_JPEAX0_K@Z
?fileSeekNewReturned@spl@@YA_JPEAX_JW4SeekType@1@@Z
?fileSize@spl@@YA_JPEAX@Z
?fileTell@spl@@YA_JPEAX@Z
?fileWrite@spl@@YA_JPEAXPEBX_K@Z
?freeMem@LockfreePacker@auf@@SAXPEAX@Z
?fromBytes@IPv4@rtnet@@QEAA_NPEBE@Z
?g_CPUTopology@spl@@3UCPUTopology@1@A
?g_aufUp@auf@@3HA
?g_configGlobalLockfreeStackPoolSizeL2@auf@@3IA
?g_configMaxObjectWaitUs@auf@@3_KA
?g_configTraceFifoSizeL2@auf@@3IA
?g_logObjectCountChanges@auf@@3DA
?g_logObjectIds@auf@@3DA
?g_logObjectIds@internal@auf@@3DA
?g_logObjectLeaks@auf@@3DA
?g_logObjectLeaks@internal@auf@@3DA
?g_nextCallId@auf@@3IC
?g_nextObjectId@auf@@3IC
?g_objectCheckDisabled@auf@@3DA
?g_sysInfo@spl@@3USysinfo@1@A
?getCertHash@rtnet@@YA_NPEAUX509Cert@1@W4HashAlgorithm@spl@@PEAUCertHash@1@@Z
?getDtlsSrtpParameters@rtnet@@YA_NPEAUTlsSession@1@PEAUDtlsSrtpParameters@1@@Z
?getImp@ThreadRef@auf@@AEBAPEAUSplOpaqueUpperLayerThread@@XZ
?getNat64Prefixes@rtnet@@YA_NV?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@AEAV?$vector@V?$IntrusivePtr@VInterfaceAddress@rtnet@@@auf@@V?$allocator@V?$IntrusivePtr@VInterfaceAddress@rtnet@@@auf@@@std@@@4@@Z
?getSelfSignedCert@rtnet@@YAPEAUX509Cert@1@PEBUX509CertName@1@_J1W4HashAlgorithm@spl@@PEAX@Z
?globalThreadPoolTransport2@auf@@YA?AV?$IntrusivePtr@VThreadPoolTransport@auf@@@1@W4ThreadPoolPriority@spl@@@Z
?highPrecisionTimestamp@spl@@YA_KXZ
?inc@RefCounter@auf@@QEAAKXZ
?initInternal@auf@@YA_NPEAUAufInitTag@1@PEBDI_K@Z
?instantiateLogComponent@internal@auf@@YAPEAVLogComponent@2@PEBD@Z
?intrusive_ptr_add_ref@auf@@YAXPEBVIReferenceCountable@1@@Z
?intrusive_ptr_release@auf@@YAXPEBVIReferenceCountable@1@@Z
?io@StreamSocket@rtnet@@QEAA?AV?$IntrusivePtr@VISocketIO@rtnet@@@auf@@XZ
?isGood@Event@auf@@QEBA_NXZ
?isGood@LockfreeQueue@auf@@QEBA_NXZ
?isGood@LockfreeStackPool@auf@@QEBA_NXZ
?isGood@MutexCore@internal@auf@@QEBA_NXZ
?isGood@ThreadRef@auf@@QEBA_NXZ
?localAddress@StreamSocket@rtnet@@QEAA?AV?$IntrusivePtr@VAddress@rtnet@@@auf@@XZ
?localTime@spl@@YAHAEBUHidingSystemTime@1@PEAUtm@@@Z
?localTimestamp@spl@@YA?AUHidingSystemTime@1@XZ
?lock@MutexCore@internal@auf@@QEAAXXZ
?lockedByCurrentThread@MutexCore@internal@auf@@QEBA_NXZ
?lockfreeStackPoolDeallocate@auf@@YAXPEAX@Z
?log@LogComponent@auf@@QEAAXPEBXIIAEBVLogArgs@2@@Z
?log@LogComponent@auf@@QEAAXPEBXIIPEBDAEBVLogArgs@2@@Z
?logBackTraceInfo@spl@@YAXXZ
?logFlush@auf@@YAXXZ
?logvln@auf@@YAX_NPEBDPEAD@Z
?make@ProxyInfo@rtnet@@SA?AV?$IntrusivePtr@VProxyInfo@rtnet@@@auf@@W4ProxyProtocol@2@PEBDI11@Z
?memFree@spl@@YAXPEAX@Z
?memMalloc@spl@@YAPEAX_K@Z
?memcpy_s@spl@@YAHPEAX_KPEBX1@Z
?memmove_s@spl@@YAHPEAX_KPEBX1@Z
?memset_s@spl@@YAHPECX_KH1@Z
?msFromHp@spl@@YA_K_J@Z
?options@StreamSocket@rtnet@@QEBA?AV?$IntrusivePtr@VStreamSocketOptions@rtnet@@@auf@@XZ
?pathAppendComponent@spl@@YA_NAEAVPath@1@PEBD1@Z
?pathFromFilename@spl@@YA_NAEAVPath@1@PEBD@Z
?pathInitFromLocation@spl@@YA?AW4FileError@1@AEAVPath@1@AEBUPathLocation@1@@Z
?pathStringValue@spl@@YAPEBDAEBVPath@1@@Z
?peerAddress@StreamSocket@rtnet@@QEAA?AV?$IntrusivePtr@VAddress@rtnet@@@auf@@XZ
?port@Address@rtnet@@QEBAHXZ
?post@Event@auf@@QEAAXXZ
?prefixLength@InterfaceAddress@rtnet@@QEBA_KXZ
?raise@Flag@auf@@QEAA_NXZ
?randomBytes@auf@@YA_NPEAX_K@Z
?randomUInt@XorshiftRNG@auf@@QEAAIXZ
?release@Flag@auf@@QEAAXXZ
?setDone@ThreadRef@auf@@QEAAX_N@Z
?setLogComponentDescription@internal@auf@@YAPEBDPEBD0@Z
?setLogComponentSafe@internal@auf@@YA_NPEBD_N@Z
?setNoDelayEnabled@StreamSocketOptions@rtnet@@QEAAX_N@Z
?setOptions@StreamSocket@rtnet@@QEAA_NAEBV?$IntrusivePtr@VStreamSocketOptions@rtnet@@@auf@@@Z
?setPortSpecification@SocketConnectOptions@rtnet@@QEAAXAEBV?$shared_ptr@VPortSpecification@rtnet@@@std@@@Z
?setProxy@SocketConnectOptions@rtnet@@QEAAXW4ProxyPolicy@2@AEBV?$IntrusivePtr@VProxyInfo@rtnet@@@auf@@@Z
?setQualityOfServiceDSCP@SocketOptions@rtnet@@QEAAXI@Z
?setTlsCertificateVerification@SocketOptions@rtnet@@QEAAX_N@Z
?size@SimpleBuffer@rtnet@@QEBA_KXZ
?sleep@spl@@YAX_K@Z
?snprintf_s@spl@@YAHPEAD_KPEBDZZ
?startImp@auf@@YAXPEAUSplOpaqueUpperLayerThread@@PEAUVarBase@spl@@@Z
?startTlsAsync@StreamSocket@rtnet@@QEAAXPEBDPEAUAsyncTag@auf@@@Z
?stop@ThreadRef@auf@@QEAA_NV?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@PEA_J@Z
?stopInternal@auf@@YAXPEAUAufInitTag@1@PEBD@Z
?strandId@ThreadPoolTransport@auf@@QEBA_KXZ
?strcat_s@spl@@YAHPEAD_KPEBD@Z
?strcpy_s@spl@@YAHPEAD_KPEBD@Z
?strlcpy@spl@@YA_KPEADPEBD_K@Z
?strnlen_s@spl@@YA_KPEBD_K@Z
?symbolFromAddress@priv@spl@@YA_NPEBXPEAD_K@Z
?sysInfoCPUInfo@spl@@YAXIAEAUCPUInfo@1@@Z
?thread@pal@msrtc@@YA?AV0std@@$$QEAV?$function@$$A6AXXZ@3@@Z
?tlsBufAlloc@rtnet@@YA_NPEAUTlsBuf@1@K@Z
?tlsBufFree@rtnet@@YAXPEAUTlsBuf@1@@Z
?tlsBufInit@rtnet@@YAXPEAUTlsBuf@1@@Z
?tlsGetPeerCert@rtnet@@YAPEAUX509Cert@1@PEAUTlsSession@1@@Z
?unlock@MutexCore@internal@auf@@QEAAXXZ
?utcHpTimestamp@spl@@YA_KXZ
?utcTimestamp@spl@@YA_JXZ
?vsnprintf_s@spl@@YAHPEAD_KPEBD0@Z
?wait@Event@auf@@QEAA_NV?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@@Z
?wait@Event@auf@@QEAA_N_K@Z
?wait@Flag@auf@@QEAA_NV?$duration@_JU?$ratio@$00$0PECEA@@std@@@chrono@std@@@Z
?weak_intrusive_ptr_add_ref@auf@@YAXPEAVWeakAuxiliary@1@@Z
?weak_intrusive_ptr_create@auf@@YAPEAVWeakAuxiliary@1@PEBVIReferenceCountable@1@@Z
?weak_intrusive_ptr_release@auf@@YAXPEAVWeakAuxiliary@1@@Z
?x509NameDestroy@rtnet@@YAXPEAUX509CertName@1@@Z
?x509NameEncode@rtnet@@YAPEAUX509CertName@1@PEBD@Z
AcquireCredentialsHandleW
AcquireSRWLockExclusive
CreateFileA
CreateFileW
DecodePointer
DeleteSecurityContext
DisableThreadLibraryCalls
EnableTrace
EncodePointer
EnumerateSecurityPackagesW
EventRegister
EventUnregister
EventWrite
FreeAddrInfoW
FreeContextBuffer
FreeCredentialsHandle
GetAddrInfoW
GetLastError
GetSystemInfo
GetTempPathW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetVersionExW
InitializeSListHead
InitializeSecurityContextW
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegisterTraceGuidsW
ReleaseSRWLockExclusive
RtcPalAccept
RtcPalAcquireSlimLock
RtcPalAesEncrypt
RtcPalAllocAlignedMemoryWithTag
RtcPalAllocMemoryWithTag
RtcPalAllocateWorkItem
RtcPalBaseCleanup
RtcPalBaseStartup
RtcPalBind
RtcPalCleanup
RtcPalClearAssertRecords
RtcPalCloseSocket
RtcPalCloseSocketIOCP
RtcPalCloseWaitableHandle
RtcPalCoWaitForAnyObject
RtcPalConnect
RtcPalConnectToHostname
RtcPalCreateCallContext
RtcPalCreateEvent
RtcPalCreateSemaphore
RtcPalCreateSocket
RtcPalCreateSocketIOCP
RtcPalCreateThread
RtcPalCryptCleanup
RtcPalCryptGenRandom
RtcPalCryptHMACSHA1Create
RtcPalCryptHMACSHA1CreateKey
RtcPalCryptHMACSHA1Destroy
RtcPalCryptHMACSHA1DestroyKey
RtcPalCryptHMACSHA1DupeContext
RtcPalCryptHMACSHA1Final
RtcPalCryptHMACSHA1Update
RtcPalCryptHMACSHA256Create
RtcPalCryptHMACSHA256CreateKey
RtcPalCryptHMACSHA256Destroy
RtcPalCryptHMACSHA256DestroyKey
RtcPalCryptHMACSHA256DupeContext
RtcPalCryptHMACSHA256Final
RtcPalCryptHMACSHA256Update
RtcPalCryptMD5Create
RtcPalCryptMD5Destroy
RtcPalCryptMD5Final
RtcPalCryptMD5Update
RtcPalCryptStartup
RtcPalDeinitTracing
RtcPalDeleteSlimLock
RtcPalDestroyAesKey
RtcPalDeviceAudioGetGlitchInfo
RtcPalDeviceAudioGetMetrics
RtcPalDeviceAudioGetProcessingFeatures
RtcPalDeviceAudioGetQueuedBytes
RtcPalDeviceAudioGetSupportedProcessingCapacity
RtcPalDeviceAudioLockBuffer
RtcPalDeviceAudioReset
RtcPalDeviceAudioSetActiveEndpoint
RtcPalDeviceAudioSetProcessingFeatures
RtcPalDeviceAudioStart
RtcPalDeviceAudioStop
RtcPalDeviceAudioUnlockBuffer
RtcPalDeviceErrorCodeFromHResult
RtcPalDeviceIsErrorCodeRecoverable
RtcPalDevicePlatformClose
RtcPalDevicePlatformCloseDevice
RtcPalDevicePlatformCloseHIDContext
RtcPalDevicePlatformCompareDeviceId
RtcPalDevicePlatformCreateDeviceId
RtcPalDevicePlatformDeviceRegisterNotification
RtcPalDevicePlatformDisposeDeviceId
RtcPalDevicePlatformDuplicateDeviceId
RtcPalDevicePlatformEnableAudio
RtcPalDevicePlatformEnumDevices
RtcPalDevicePlatformGetAudioCertifiedListId
RtcPalDevicePlatformGetAutoBoostControlEnabled
RtcPalDevicePlatformGetDeviceList
RtcPalDevicePlatformGetHIDInformation
RtcPalDevicePlatformGetMediaExtension
RtcPalDevicePlatformGetVolumeInfo
RtcPalDevicePlatformGetVolumeInfoByDeviceHandle
RtcPalDevicePlatformIsSamePhysicalDevice
RtcPalDevicePlatformOpen
RtcPalDevicePlatformOpenAudioDevice
RtcPalDevicePlatformOpenAudioLoopbackDevice
RtcPalDevicePlatformOpenHIDContext
RtcPalDevicePlatformRegisterNotification
RtcPalDevicePlatformSetAutoBoostControlEnabled
RtcPalDevicePlatformSetHIDInformation
RtcPalDevicePlatformSetState
RtcPalDevicePlatformSetVolumeInfo
RtcPalDevicePlatformUnregisterNotification
RtcPalEnableCallContextTracingControl
RtcPalEnableEtwTracing
RtcPalEnableRDTSCTime
RtcPalEnableTracing
RtcPalFlushTracing
RtcPalFreeIfAddrs
RtcPalFreeMemoryWithTag
RtcPalFreeWorkItem
RtcPalGetADSPConfig
RtcPalGetADSPLogFolder
RtcPalGetAllEcsSettings
RtcPalGetAssertRecords
RtcPalGetBestSourceAddress
RtcPalGetComputerNameW
RtcPalGetDataConvSignature
RtcPalGetEcsSetting
RtcPalGetExitCodeThread
RtcPalGetFipsComplianceMode
RtcPalGetHostCName
RtcPalGetIfAddrs
RtcPalGetLastError
RtcPalGetLocalStateFolderW
RtcPalGetMachineInfo
RtcPalGetOSName
RtcPalGetPeerName
RtcPalGetPlatformProfile
RtcPalGetPrivateMemoryUsageInMB
RtcPalGetSockName
RtcPalGetSocketIOCPQueuedCompletionStatus
RtcPalGetSystemConfigurationInfo
RtcPalGetSystemMetricsTemplate
RtcPalGetTimeDouble
RtcPalGetTimeLongIn100ns
RtcPalGetTimeLongIn100nsFast
RtcPalGetTracingPath
RtcPalGetUserName
RtcPalGetWinSATVideoEncodeScore
RtcPalInitCollectSystemMetrics
RtcPalInitThreadAttr
RtcPalInitTracing
RtcPalInitializeCriticalSection
RtcPalInitializeCriticalSectionAndSpinCount
RtcPalInitializeSlimLock
RtcPalIsAssertTraceEnabled
RtcPalIsAutomaticProxyTraversalSupported
RtcPalIsCallContextTracingControlEnabled
RtcPalIsEtwTracingEnabled
RtcPalIsLaptop
RtcPalIsTracingEnabled
RtcPalListen
RtcPalLoadLibrary
RtcPalLoadSystem32Library
RtcPalMFHasDXGI
RtcPalMFHasSourceReader
RtcPalNetAddressToStringA
RtcPalNetAddressToStringW
RtcPalNetCleanup
RtcPalNetStartup
RtcPalNetStringToIPAddressA
RtcPalNetStringToIPAddressW
RtcPalNetStringToIPv4AddressA
RtcPalNetStringToIPv4AddressW
RtcPalNetStringToIPv6AddressA
RtcPalNetStringToIPv6AddressW
RtcPalPerfCounterToNanoseconds
RtcPalPerfCounterToSeconds
RtcPalPopulateNetworkInterfaceIdForTraceLoggingEvent
RtcPalPostSocketIOCPQueuedCompletionStatus
RtcPalQueryPerformanceCounter
RtcPalQueueWorkItem
RtcPalRecv
RtcPalRecvFrom
RtcPalRefreshMemoryTrackerCallStack
RtcPalRegCloseKey
RtcPalRegCreateKeyExA
RtcPalRegCreateKeyExW
RtcPalRegDeleteKeyW
RtcPalRegOpenKeyExA
RtcPalRegOpenKeyExW
RtcPalRegQueryValueExA
RtcPalRegQueryValueExW
RtcPalRegSetValueExA
RtcPalRegSetValueExW
RtcPalRegisterSocket
RtcPalRegisterTraceGuids
RtcPalReleaseSemaphore
RtcPalReleaseSlimLock
RtcPalReportAssert
RtcPalResetAllEcsSettings
RtcPalResetEvent
RtcPalSecureZeroMemory
RtcPalSend
RtcPalSendTo
RtcPalSetAesKey
RtcPalSetEcsSetting
RtcPalSetEcsSettingById
RtcPalSetEvent
RtcPalSetLastError
RtcPalSetLogPath
RtcPalSetPlatformProfile
RtcPalSetSchedulerPolicy
RtcPalSocketEnableLowLatency
RtcPalSocketSetBroadcast
RtcPalSocketSetLinger
RtcPalSocketSetNonBlockingMode
RtcPalSocketSetQoSDSCP
RtcPalSocketSetRecvBufSize
RtcPalSocketSetSendBufSize
RtcPalSocketSetTcpNoDelay
RtcPalStartCollectSystemMetrics
RtcPalStartup
RtcPalStopCollectSystemMetrics
RtcPalTaskQueueCreate
RtcPalTaskQueueDequeue
RtcPalTaskQueueDestroy
RtcPalTaskQueueEnqueue
RtcPalTraceCondIfTrue
RtcPalTraceLoggingWrite
RtcPalTraceRt
RtcPalTryAcquireSlimLock
RtcPalUninitCollectSystemMetrics
RtcPalWaitAndCancelPendingCallback
RtcPalWaitForAllThreads
RtcPalWaitForAnyObject
RtcPalWaitForSingleObject
RtcPalWlanEnterMediaStreamingMode
RtcPalWlanLeaveMediaStreamingMode
SetLastError
TraceMessage
UnregisterTraceGuids
WideCharToMultiByte
__imp_?PL_TEMP_DIR@spl@@3UPathLocation@1@A
aufLogHookInstall
aufLogHookRemove
auf_internal_log
auf_internal_log_obfuscated
auf_logcomponent_isenabled
g_aufLogChannel
g_aufLogNumHooks
lstrcmpW
lstrcmpiW
lstrlenA
lstrlenW
rtcpal_freeaddrinfo
rtcpal_getaddrinfo
rtcpal_inet_addr
rtcpal_inet_ntoa
rtcpal_recv
rtcpal_recvfrom
rtcpal_send
rtcpal_sendto
spl_pii_OmitS
spl_pii_OmitW
spl_pii_UserIdW
threadCurrentId
threadYield

Sections

.text
Size: 939KB - Virtual size: 938KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bisrv/sbe.dll
.dll regsvr32 windows:10 windows x64 arch:x64

d83b24c08477d6d5715f9d95e9c2a700

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sbe.pdb

Imports

msvcrt

memmove
memcmp
wcsstr
_vsnwprintf_s
_purecall
free
_callnewh
malloc
memset
sqrt
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
log
ceil
_XcptFilter
memcpy
_vsnwprintf
wcscpy_s
qsort
_wcsicmp
_snwprintf_s
memcpy_s
wcsncpy_s
swprintf_s
wcsrchr
wcschr
wcscmp

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

kernel32

InitializeCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventW
ResetEvent
GetCurrentThreadId
DuplicateHandle
SetEvent
WaitForSingleObject
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
CreateThread
GetModuleHandleW
GetProcAddress
GetTickCount
GetCurrentThread
SetThreadPriority
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetFileAttributesW
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
lstrcmpiW
WriteFile
CreateFileW
GetFullPathNameW
DeleteFileW
FileTimeToSystemTime
GlobalAlloc
GlobalFree
GlobalLock
SystemTimeToFileTime
GlobalUnlock
LeaveCriticalSection
GetUserDefaultLangID
QueueUserWorkItem
GetTickCount64
QueryPerformanceFrequency
ExpandEnvironmentStringsW
LocalAlloc
LoadLibraryW
LocalFree
FreeLibrary
CreateDirectoryW
lstrlenW
SetFileAttributesW
ReadFile
CompareStringW
SetEndOfFile
SetFilePointerEx
UnmapViewOfFile
CompareStringA
CreateFileMappingW
MapViewOfFile
CreateMutexW
ReleaseMutex
OpenMutexW
TryEnterCriticalSection
FindFirstFileW
CreateHardLinkW
FindClose
RegisterWaitForSingleObject
RemoveDirectoryW
OpenEventW
OpenFileMappingW
GetFileInformationByHandle
FlushViewOfFile
UnregisterWaitEx
GetTempFileNameW
SetLastError
SetFileBandwidthReservation
GetQueuedCompletionStatus
CreateIoCompletionPort
GetFinalPathNameByHandleW
WaitForMultipleObjects
GetFileInformationByHandleEx
GetFileSizeEx
GetModuleHandleExW
ReOpenFile
FreeLibraryAndExitThread
PostQueuedCompletionStatus
GetOverlappedResult
WriteFileGather
InterlockedPushEntrySList
ReadFileScatter
InitializeSListHead
InterlockedPopEntrySList
QueryDepthSList
FlushFileBuffers
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
DeviceIoControl
EnterCriticalSection
CreateEventExW
GetFileSize
GetVersionExW
MultiByteToWideChar
GetLastError
GetModuleFileNameA
QueryFullProcessImageNameW
DisableThreadLibraryCalls
GetTempPathW
OutputDebugStringA
GetCurrentProcess
lstrcmpW
VirtualQuery
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
CreateSemaphoreW
MulDiv
SetFileValidData

advapi32

AllocateAndInitializeSid
IsValidSid
FreeSid
GetLengthSid
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
GetSidSubAuthorityCount
GetSidSubAuthority
CreateWellKnownSid
OpenProcessToken
AddAccessAllowedAce
GetTokenInformation
GetAclInformation
GetAce
EqualSid
RegQueryValueExW
BuildTrusteeWithSidW
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
AddAccessAllowedAceEx
InitializeAcl
AddAce
CopySid

ole32

CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeEx
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear
CoGetMalloc
CreateStreamOnHGlobal
CoFreeUnusedLibraries

rpcrt4

NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
UuidCreate
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
NdrDllRegisterProxy

winmm

timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeGetTime

shell32

SHGetKnownFolderPath

shlwapi

PathFileExistsW

gdiplus

GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipGetImageDimension
GdipCloneImage
GdipCreateBitmapFromStream
GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipFree
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 774KB - Virtual size: 774KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dialclient/credprovslegacy.dll
.dll windows:10 windows x64 arch:x64

7be28bee289d900532188c8f3ad89400

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

credprovslegacy.pdb

Imports

msvcrt

_purecall
_vsnwprintf
sqrt
_CxxThrowException
atan2
memcmp
_set_errno
memcpy_s
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
memmove_s
_callnewh
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memcpy
wcschr
memmove
_wtoi
toupper
__CxxFrameHandler3
memset
_get_errno
pow
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free

propsys

InitPropVariantFromCLSID
PropVariantToUInt32
PropVariantToGUID
PSCreateMemoryPropertyStore
PropVariantToStringAlloc
PropVariantToBoolean

shlwapi

SHStrDupW
ord618

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister
EventProviderEnabled

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls
LockResource
LoadResource
FindResourceExW
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
CreateMutexExW
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
EnterCriticalSection
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreExW
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
InitOnceBeginInitialize

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegLoadKeyW
RegCreateKeyExW
RegGetValueW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegUnLoadKeyW
RegQueryInfoKeyW

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
PropVariantClear
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

netutils

NetApiBufferFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

CompareFileTime
ReadFile
GetFileSize
CreateFileW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLCID

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

sspicli

LsaDeregisterLogonProcess
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
LsaCallAuthenticationPackage
LsaConnectUntrusted

api-ms-win-security-base-l1-1-0

GetLengthSid
GetTokenInformation
CopySid
GetSidSubAuthorityCount
GetSidSubAuthority
IsValidSid

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-security-lsapolicy-l1-1-0

LsaLookupSids2
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

ntdll

RtlInitString
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceExclusive
RtlInitializeResource
RtlNtStatusToDosError

credprovs

CreatePasswordProviderWrapperInstance

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

crypt32

CertDuplicateCertificateContext
CertFindExtension
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CryptDecodeObjectEx
CryptBinaryToStringW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

cryptsp

CryptGenRandom
CryptAcquireContextW
CryptReleaseContext

samcli

NetUserGetInfo

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dialclient/cryptcatsvc.dll
.dll windows:10 windows x64 arch:x64

90fb2e052c8cba1e46b58114856a890b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cryptcatsvc.pdb

Imports

msvcrt

_wcslwr
_wcsnicmp
wcsncmp
_XcptFilter
_amsg_exit
wcsrchr
free
malloc
_initterm
__C_specific_handler
_vsnprintf
_resetstkoflw
_wcsicmp
_vsnwprintf
wcscat_s
wcschr
memcpy
memcmp
_purecall
memset
wcsstr
strcmp

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolWork

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateMutexW
WaitForSingleObjectEx
ReleaseSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObject
WaitForMultipleObjectsEx
InitializeSRWLock
EnterCriticalSection
SetEvent
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
AcquireSRWLockShared
CreateEventW
ReleaseSRWLockExclusive

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileSize
FindClose
GetFileAttributesW
CreateFileW
WriteFile
SetFilePointer
GetTempFileNameW
GetFileAttributesExW
DeleteFileW
CompareFileTime
FindFirstFileW
FindNextFileW
SetEndOfFile
GetFullPathNameW
SetFileAttributesW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetVersionExW
GetLocalTime
GetTickCount
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-file-l2-1-0

CreateHardLinkW
ReadDirectoryChangesW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter
SetErrorMode

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW

rpcrt4

RpcRevertToSelf
NdrServerCall2
NdrServerCallAll
I_RpcBindingIsClientLocal
RpcServerRegisterIf3
RpcServerUnregisterIf
RpcImpersonateClient

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls
FreeLibraryAndExitThread
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

crypt32

CryptHashCertificate2
CryptDecodeObject
CertFreeCTLContext
CertCreateContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThread
OpenThreadToken
CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
ExitThread
ResumeThread
SetThreadPriority

api-ms-win-security-base-l1-1-0

AccessCheck
MapGenericMask
GetSecurityDescriptorDacl
GetAce
EqualSid
GetFileSecurityW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-localization-l1-2-0

GetThreadLocale
LCMapStringEx
FormatMessageW
LCMapStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-datetime-l1-1-0

GetDateFormatA
GetTimeFormatA

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalSize
LocalFree
LocalReAlloc

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
LoadLibraryW
CopyFileW

ntdll

NtQueryValueKey
NtOpenKey
RtlFreeUnicodeString
RtlReAllocateHeap
RtlFreeHeap
RtlAllocateHeap
RtlFormatCurrentUserKeyPath
EvtIntReportEventAndSourceAsync
RtlRunOnceExecuteOnce
ShipAssert
NtOpenFile
NtClose
RtlInitUnicodeString
RtlNtStatusToDosErrorNoTeb
EtwEventRegister
EtwEventWrite
EtwEventUnregister
EtwEventEnabled
RtlNtStatusToDosError

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CatDbOfflineRebuildDatabasesRundll32W
CatDbOfflineRebuildDatabasesW
CryptCATAdminCatalogDatabase
CryptsvcDllCtrl

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dialclient/dialclient.dll
.dll windows:10 windows x64 arch:x64

ae7ca4d4d390935ec44dca4da11f715f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dialclient.pdb

Imports

msvcrt

memcmp
memmove_s
realloc
_vsnwprintf
memcpy_s
_set_errno
_get_errno
wcschr
_callnewh
memcpy
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
_purecall
memset

rpcrt4

I_RpcBindingInqLocalClientPID
IUnknown_AddRef_Proxy
NdrOleFree
IUnknown_Release_Proxy
NdrOleAllocate
IUnknown_QueryInterface_Proxy
NdrStubCall3
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
NdrStubForwardingFunction

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
DeleteCriticalSection
InitializeCriticalSectionEx
CreateSemaphoreExW
LeaveCriticalSection
EnterCriticalSection
SetEvent
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockShared
OpenSemaphoreW
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateMutexExW
ReleaseSemaphore
WaitForSingleObject
CreateEventW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThread

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

combase

CStdStubBuffer_CountRefs
CStdStubBuffer_AddRef
ord33
ord18
CStdStubBuffer2_QueryInterface
ord34
ord5
ord16
ord12
ord9
ord6
CStdStubBuffer2_Disconnect
ord7
CStdStubBuffer_QueryInterface
ord17
ord2
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer2_CountRefs
ord10
ord13
CStdStubBuffer_DebugServerRelease
ord11
CStdStubBuffer_Invoke
ord15
CStdStubBuffer_Disconnect
ord32
CStdStubBuffer_IsIIDSupported
CStdStubBuffer2_Connect
CStdStubBuffer_Connect
ord14
ord8

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
FreeLibraryWhenCallbackReturns

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalReAlloc
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegEnumValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathParseIconLocationW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-appmodel-runtime-l1-1-1

GetPackageFamilyNameFromToken

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dialclient/logoncli.dll
.dll windows:10 windows x64 arch:x64

5d0db85893a29647e8977f5ab3d29dff

Code Sign

33:00:00:03:8c:38:5d:5c:2e:74:83:cc:fb:00:00:00:00:03:8c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:91:a7:20:d0:f8:f7:1a:80:7a:39:03:8b:94:fe:7f:ba:74:18:70:fe:5d:e5:5e:29:1c:53:f3:e6:d6:3d:23
Signer

Actual PE Digest

90:91:a7:20:d0:f8:f7:1a:80:7a:39:03:8b:94:fe:7f:ba:74:18:70:fe:5d:e5:5e:29:1c:53:f3:e6:d6:3d:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

logoncli.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
_o__stricmp
_o__strnicmp
_o__cexit
memmove
_o__ultow_s
_o__wcsicmp
_o_qsort
_o_strcpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
_o___std_type_info_destroy_list
wcsrchr
__C_specific_handler
memcmp
wcsstr
_o___stdio_common_vswprintf
wcschr
_o___stdio_common_vsprintf
memcpy

api-ms-win-crt-string-l1-1-0

memset

rpcrt4

RpcExceptionFilter
RpcEpResolveBinding
UuidCreate
UuidEqual
UuidToStringA
RpcStringFreeA
I_RpcBindingCreateNP
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrClientCall3
RpcBindingFree
RpcBindingSetAuthInfoW
RpcStringFreeW
I_RpcExceptionFilter
UuidToStringW
I_RpcMapWin32Status
RpcBindingSetAuthInfoExW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockShared
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
ReadFile

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-kernel32-legacy-l1-1-0

CreateMailslotA
SetMailslotInfo

ntdll

RtlxUnicodeStringToOemSize
RtlUpcaseUnicodeStringToOemString
RtlOemStringToUnicodeString
RtlInitString
RtlInsertElementGenericTableAvl
RtlxUnicodeStringToAnsiSize
NtOpenEvent
RtlInitUnicodeString
RtlLookupElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlNtStatusToDosError
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlUnicodeStringToAnsiString
RtlCopySid
RtlSubAuthorityCountSid
RtlValidSid
RtlGetNtProductType
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlLengthSid
RtlEqualUnicodeString
NtWaitForSingleObject
EtwTraceMessage
NtQuerySystemTime
RtlUniform
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlInitUnicodeStringEx
RtlInitAnsiString
RtlCompareMemoryUlong
RtlCompareUnicodeString
RtlFreeHeap
RtlAllocateHeap
RtlEqualSid
RtlSubAuthoritySid
RtlLengthRequiredSid
NtCreateEvent
NtClose

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AuthzrExtAccessCheck
AuthzrExtFreeContext
AuthzrExtFreeResourceManager
AuthzrExtGetInformationFromContext
AuthzrExtInitializeCompoundContext
AuthzrExtInitializeContextFromSid
AuthzrExtInitializeRemoteResourceManager
AuthzrExtModifyClaims
DsAddressToSiteNamesA
DsAddressToSiteNamesExA
DsAddressToSiteNamesExW
DsAddressToSiteNamesW
DsDeregisterDnsHostRecordsA
DsDeregisterDnsHostRecordsW
DsEnumerateDomainTrustsA
DsEnumerateDomainTrustsW
DsGetDcCloseW
DsGetDcNameA
DsGetDcNameW
DsGetDcNameWithAccountA
DsGetDcNameWithAccountW
DsGetDcNextA
DsGetDcNextW
DsGetDcOpenA
DsGetDcOpenW
DsGetDcSiteCoverageA
DsGetDcSiteCoverageW
DsGetForestTrustInformationW
DsGetSiteNameA
DsGetSiteNameW
DsMergeForestTrustInformationW
DsValidateSubnetNameA
DsValidateSubnetNameW
I_DsUpdateReadOnlyServerDnsRecords
I_NetAccountDeltas
I_NetAccountSync
I_NetChainSetClientAttributes
I_NetChainSetClientAttributes2
I_NetDatabaseDeltas
I_NetDatabaseRedo
I_NetDatabaseSync
I_NetDatabaseSync2
I_NetExtendMachinePasswordExpirationTimeout
I_NetGetDCList
I_NetGetForestTrustInformation
I_NetLogonControl
I_NetLogonControl2
I_NetLogonGetCapabilities
I_NetLogonGetDomainInfo
I_NetLogonSamLogoff
I_NetLogonSamLogon
I_NetLogonSamLogonEx
I_NetLogonSamLogonWithFlags
I_NetLogonSendToSam
I_NetLogonUasLogoff
I_NetLogonUasLogon
I_NetQuerySecureChannelDCInfo
I_NetServerAuthenticate
I_NetServerAuthenticate2
I_NetServerAuthenticate3
I_NetServerGetTrustInfo
I_NetServerPasswordGet
I_NetServerPasswordSet
I_NetServerPasswordSet2
I_NetServerReqChallenge
I_NetServerTrustPasswordsGet
I_NetlogonComputeClientDigest
I_NetlogonComputeClientSignature
I_NetlogonComputeServerDigest
I_NetlogonComputeServerSignature
I_NetlogonGetTrustRid
I_RpcExtInitializeExtensionPoint
NetAddServiceAccount
NetEnumerateServiceAccounts
NetEnumerateTrustedDomains
NetGetAnyDCName
NetGetDCName
NetIsServiceAccount
NetLogonGetTimeServiceParentDomain
NetLogonSetServiceBits
NetQueryServiceAccount
NetRemoveServiceAccount
NlBindingAddServerToCache
NlBindingRemoveServerFromCache
NlBindingSetAuthInfo
NlSetDsIsCloningPDC

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mi/mftranscode.dll
.dll windows:10 windows x64 arch:x64

2c2a68075472935e9b834ef3576ae050

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:0f:5b:cd:aa:f3:96:90:6c:35:e3:34:8c:0e:91:88:7c:23:b4:a7:31:8c:3d:4e:07:51:0c:10:a4:f6:92:30
Signer

Actual PE Digest

9c:0f:5b:cd:aa:f3:96:90:6c:35:e3:34:8c:0e:91:88:7c:23:b4:a7:31:8c:3d:4e:07:51:0c:10:a4:f6:92:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFTRANSCODE.pdb

Imports

msvcrt

__C_specific_handler
_wcsicmp
_lock
_amsg_exit
qsort
_purecall
_XcptFilter
_initterm
sqrt
_callnewh
strnlen
swscanf_s
malloc
free
strncpy_s
__dllonexit
_unlock
_onexit
_vsnwprintf
_wcsnicmp
_wtol
wcsncmp
memcmp
memcpy
memmove
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
GetCurrentProcessId

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

IsValidLocaleName

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetTranscodeComponentCreator
MFCreateSmartRemuxEngine
MFCreateTranscodeEngine
MFCreateTranscodeProfile
MFCreateTranscodeSinkActivate
MFCreateTranscodeTopology
MFCreateTranscodeTopologyFromByteStream
MFTranscodeGetAudioOutputAvailableTypes

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mi/mi.dll
.dll windows:10 windows x64 arch:x64

89d27046cb786351e771526caf261b26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mi.pdb

Imports

msvcrt

memcpy
wcstoul
swprintf_s
_wcsicmp
_set_output_format
_ui64tow_s
_i64tow_s
_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
memset
wcscpy_s
wcscmp

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetCurrentThread
TerminateProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-security-base-l1-1-0

ImpersonateSelf
RevertToSelf

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadStringW
DisableThreadLibraryCalls
LoadLibraryExW
GetProcAddress

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

ntdll

RtlEqualSid

miutils

Instance_SetElementArrayItem
RCClass_AddElementQualifier
XMLDOM_Parse
RCClass_AddMethodParameterQualifierArray
RCClass_AddElementArray
OSC_Type_GetSize
RCClass_New
RCClass_AddElementQualifierArrayItem
OSC_StringToMiValue
RCClass_AddMethodParameter
Instance_IsDynamic
RCClass_AddClassQualifier
RCClass_AddMethodQualifier
RCClass_AddElementQualifierArray
RCClass_AddMethodParameterQualifier
RCClass_AddClassQualifierArray
RCClass_AddMethodQualifierArrayItem
Instance_SetElementArray
RCClass_AddClassQualifierArrayItem
Config_GetRegString
Instance_InitDynamic
PublishDebugMessage
SubscriptionDeliveryOptions_Create
MiErrorCategoryFromWindowsError
RtlDeleteCachedFastLock
RtlQueueAcquireCachedFastLockExclusive
RtlReleaseCachedFastLockExclusive
Instance_New
RtlInitializeCachedFastLock
DestinationOptions_Create
Class_New
RtlInterlockedCompareWait
RtlInterlockedWakeAll
CimErrorFromErrorCode
OperationOptions_Create
DestinationOptions_Duplicate
DestinationOptions_MigrateOptions
OperationOptions_MigrateOptions
SubscriptionDeliveryOptions_MigrateOptions
Options_FindValue
RtlQueueAcquireCachedFastLockShared
Config_GetProtocolHandlerDetails
RtlReleaseCachedFastLockShared
RtlTryAcquireCachedFastLockShared
RCClass_AddMethod
MI_Hash
RCClass_AddElement
RCClass_AddElementArrayItem
RCClass_AddMethodParameterQualifierArrayItem
RCClass_AddMethodQualifierArray
XMLDOM_Free

Exports

Exports

MI_Application_InitializeV1
mi_clientFT_V1

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mi/tzautoupdate.dll
.dll windows:10 windows x64 arch:x64

79d8dcb505a614789dc36dfffec04c74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

tzautoupdate.pdb

Imports

msvcrt

memcpy
__dllonexit
_wtoi
_itow_s
wcschr
_wcsicmp
bsearch
cos
_vsnprintf_s
_callnewh
_CxxThrowException
_unlock
_onexit
memmove
malloc
sqrt
_XcptFilter
??0exception@@QEAA@AEBQEBD@Z
sin
memset
memcmp
_amsg_exit
?name@type_info@@QEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
pow
free
_initterm
__CxxFrameHandler3
??0exception@@QEAA@XZ
__C_specific_handler
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
?terminate@@YAXXZ
memcpy_s
_vsnwprintf
memmove_s
_lock
?what@exception@@UEBAPEBDXZ
swprintf_s
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
asin
atan2
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
FreeLibrary
LoadStringW
GetModuleHandleW
LoadLibraryExW
LockResource
LoadResource
FindResourceExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateMutexExW
SetEvent
AcquireSRWLockShared
InitializeSRWLock
DeleteCriticalSection
ReleaseSRWLockShared
EnterCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObject
LeaveCriticalSection
AcquireSRWLockExclusive
InitializeCriticalSectionEx
OpenSemaphoreW
ReleaseSemaphore
CreateEventW
WaitForSingleObjectEx
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError

ntdll

RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIsMultiUsersInSessionSku

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoDisconnectContext
CoCreateInstance

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
GetDynamicTimeZoneInformation
SetDynamicTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTimeEx
FileTimeToSystemTime
EnumDynamicTimeZoneInformation

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsIsStringEmpty

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

xmllite

CreateXmlReader

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetVersionExW
GetSystemTime
GetTickCount

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
GetTokenInformation
AdjustTokenPrivileges
CheckTokenMembership
FreeSid
DuplicateToken

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW
ControlService

api-ms-win-service-core-l1-1-0

SetServiceStatus

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-file-l1-1-0

GetFileSizeEx
CreateFileW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ext-ms-win-session-usermgr-l1-1-0

UMgrFreeSessionUsers
UMgrEnumerateSessionUsers
UMgrQueryUserToken

combase

ord154

api-ms-win-service-management-l1-1-0

OpenServiceW
StartServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-private-l1-1-0

WaitServiceState

Exports

Exports

AttemptToUpdateTimeZone
AttemptToUpdateTimeZoneAndEnableChangeDetection
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mi/ucrtbase.dll
.dll windows:10 windows x64 arch:x64

405cde0fc80c30dcc3d783173dbd4143

Code Sign

33:00:00:02:b0:2e:6a:e9:62:cc:9e:88:c2:00:00:00:00:02:b0
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2020, 19:16

Not After

23/09/2021, 19:16

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:25:37:d0:1e:eb:42:bb:b0:f3:57:f4:e9:d3:6e:e2:d7:eb:31:2d:99:eb:ba:3e:5d:3f:46:81:be:4e:91:e1
Signer

Actual PE Digest

3f:25:37:d0:1e:eb:42:bb:b0:f3:57:f4:e9:d3:6e:e2:d7:eb:31:2d:99:eb:ba:3e:5d:3f:46:81:be:4e:91:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ucrtbase.pdb

Imports

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
SetErrorMode
GetLastError

api-ms-win-core-heap-l1-1-0

HeapWalk
HeapValidate
HeapFree
HeapCompact
HeapReAlloc
HeapQueryInformation
GetProcessHeap
HeapAlloc
HeapSize

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
TlsAlloc
GetCurrentThread
TlsGetValue
GetCurrentThreadId
CreateProcessW
TlsSetValue
ExitProcess
ExitThread
CreateThread
TlsFree
GetExitCodeProcess
ResumeThread
TerminateProcess

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
LoadLibraryExW
GetModuleHandleExW
FreeLibraryAndExitThread
GetModuleHandleW
GetProcAddress
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SetStdHandle
GetCommandLineA
GetCurrentDirectoryW
GetStdHandle
SetEnvironmentVariableW
GetEnvironmentStringsW
SetCurrentDirectoryW
FreeEnvironmentStringsW

api-ms-win-core-file-l1-1-0

ReadFile
GetFileSizeEx
GetFileType
SetFilePointerEx
CreateFileW
FindClose
FindNextFileW
FindFirstFileExW
GetFileInformationByHandle
GetFullPathNameW
GetDriveTypeW
GetFileAttributesExW
GetDiskFreeSpaceW
GetLogicalDrives
SetFileAttributesW
SetFileTime
CreateDirectoryW
LockFileEx
UnlockFileEx
FlushFileBuffers
SetEndOfFile
DeleteFileW
WriteFile
RemoveDirectoryW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-localization-l1-2-0

GetOEMCP
EnumSystemLocalesW
IsValidCodePage
GetACP
GetCPInfo
IsValidLocale
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

SetLocalTime
GetSystemTimeAsFileTime
GetLocalTime
GetSystemInfo

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-console-l1-1-0

PeekConsoleInputA
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
WriteConsoleW
GetConsoleOutputCP
GetNumberOfConsoleInputEvents
ReadConsoleW
ReadConsoleInputW
SetConsoleMode

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe
CreatePipe

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
VirtualProtect

api-ms-win-core-util-l1-1-0

Beep
EncodePointer

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList

Exports

Exports

_Cbuild
_Cmulcc
_Cmulcr
_CreateFrameInfo
_CxxThrowException
_Exit
_FCbuild
_FCmulcc
_FCmulcr
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_Getdays
_Getmonths
_Gettnames
_IsExceptionObjectToBeDestroyed
_LCbuild
_LCmulcc
_LCmulcr
_SetImageBase
_SetThrowImageBase
_SetWinRTOutOfMemoryExceptionCallback
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxFrameHandler4
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__acrt_iob_func
__conio_common_vcprintf
__conio_common_vcprintf_p
__conio_common_vcprintf_s
__conio_common_vcscanf
__conio_common_vcwprintf
__conio_common_vcwprintf_p
__conio_common_vcwprintf_s
__conio_common_vcwscanf
__current_exception
__current_exception_context
__daylight
__dcrt_get_wide_environment_from_os
__dcrt_initial_narrow_environment
__doserrno
__dstbias
__fpe_flt_rounds
__fpecode
__initialize_lconv_for_unsigned_char
__intrinsic_setjmp
__intrinsic_setjmpex
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__p___argc
__p___argv
__p___wargv
__p__acmdln
__p__commode
__p__environ
__p__fmode
__p__mbcasemap
__p__mbctype
__p__pgmptr
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__processing_throw
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__setusermatherr
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__strncnt
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__wcserror
__wcserror_s
__wcsncnt
_abs64
_access
_access_s
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_base
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_configthreadlocale
_configure_narrow_argv
_configure_wide_argv
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cputs
_cputws
_creat
_create_locale
_crt_at_quick_exit
_crt_atexit
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_d_int
_dclass
_dexp
_difftime32
_difftime64
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_endthread
_endthreadex
_eof
_errno
_except1
_execl
_execle
_execlp
_execlpe
_execute_onexit_table
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_finitef
_flushall
_fpclass
_fpclassf
_fpieee_flt
_fpreset
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_base
_free_locale
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_fullpath
_futime32
_futime64
_fwrite_nolock
_gcvt
_gcvt_s
_get_FMA3_enable
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_initial_narrow_environment
_get_initial_wide_environment
_get_invalid_parameter_handler
_get_narrow_winmain_command_line
_get_osfhandle
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_stream_buffer_pointers
_get_terminate
_get_thread_local_invalid_parameter_handler
_get_timezone
_get_tzname
_get_unexpected
_get_wide_winmain_command_line
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwc_nolock
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapchk
_heapmin
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_is_exception_typeof
_isalnum_l
_isalpha_l
_isatty
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail
_ismbstrail_l
_isnan
_isnanf
_isprint_l
_ispunct_l
_isspace_l
_isupper_l
_iswalnum_l
_iswalpha_l
_iswblank_l
_iswcntrl_l
_iswcsym_l
_iswcsymf_l
_iswctype_l
_iswdigit_l
_iswgraph_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_isxdigit_l
_itoa
_itoa_s
_itow
_itow_s
_j0
_j1
_jn
_kbhit
_ld_int
_ldclass
_ldexp
_ldlog
_ldpcomp
_ldpoly
_ldscale
_ldsign
_ldsin
_ldtest
_ldunscale
_lfind
_lfind_s
_loaddll
_local_unwind

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vssapi/Windows.Internal.Management.dll
.dll windows:10 windows x64 arch:x64

e7c9844955135261b1cce0889bb66251

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Internal.Management.pdb

Imports

msvcp110_win

?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_BADOFF@std@@3_JB
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

msvcrt

fputc
fflush
fclose
fgetc
fwrite
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
towlower
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
wcschr
strrchr
strchr
strtol
_errno
_set_errno
strncpy_s
wcstoul
wcsstr
realloc
wcsrchr
_wcsicmp
sprintf_s
memset
memmove
memcpy
memcmp
_CxxThrowException
swprintf_s
_wcsnicmp
wcscmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
??_V@YAXPEAX@Z
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler3
??3@YAXPEAX@Z
??0bad_cast@@QEAA@AEBV0@@Z

dmcmnutils

DmDisableTask
DmIsSystemOrAdmin
InvStrCmpIW
HexStringToBinary
UnicodeToMB
DmRaiseToastNotificationAndWait
DmIsRunningInSystemContext
DmInvalidateAadUserToken
DmGetAadUserToken
DmRaiseToastNotification
DmRequestAadUserToken
OmaDmRegistryGetBinary
OmaDmRegistryGetString
DmGetUserSidFromToken
DmGetCurrentUserSid
DmIsSystemOrUserIsAdmin
CopyString
OmaDmRegistryGetDWORD
OmaDmRegistrySetDWORD
DmDeleteTask
DmGetCurrentUserToken
OmaDmRegistrySetBinary
DmRunTask
DmGetActiveUserSid
MBToUnicode
DmRevertToSelf
DmImpersonate
IsPhoneOS

combase

ord32
ord20
ord15
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_QueryInterface
ord9
ord16
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer2_Connect
CStdStubBuffer_Connect
ord8
ord7
ord5
ord34
ord33
CStdStubBuffer_AddRef
ord18
CStdStubBuffer2_QueryInterface
ord12
ord6
CStdStubBuffer2_Disconnect
ord22
ord14
ord19
ord17
ord2
ord21
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer2_CountRefs
CStdStubBuffer_Disconnect
ord13
NdrCStdStubBuffer2_Release
ord11
NdrCStdStubBuffer_Release
ord167
ord69
CStdStubBuffer_Invoke
ord10

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleHandleW
DisableThreadLibraryCalls
LoadStringW
GetModuleHandleExW
LoadLibraryExA
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSectionEx
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
InitializeSRWLock
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
CreateEventExW
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
OpenEventW
CreateEventA
TryAcquireSRWLockShared
SetEvent
CreateEventW
ResetEvent
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId
GetExitCodeProcess
OpenThreadToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal
HSTRING_UserMarshal64
HSTRING_UserFree
WindowsDeleteString
HSTRING_UserSize
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringLen
HSTRING_UserSize64
HSTRING_UserUnmarshal64
HSTRING_UserFree64
WindowsConcatString
WindowsCreateStringReference
WindowsCreateString
HSTRING_UserMarshal

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoOriginateError

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister
EventActivityIdControl

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CLSIDFromString
CoReleaseMarshalData
CoRegisterClassObject
CoRevokeClassObject
CoAddRefServerProcess
CoTaskMemFree
CreateStreamOnHGlobal
CoResumeClassObjects
CoReleaseServerProcess
CoMarshalInterface
CoCreateInstance
CoWaitForMultipleHandles
CoInitializeEx
CoUninitialize
StringFromCLSID
CoRevertToSelf
CoCreateGuid
CoImpersonateClient
CoGetApartmentType
StringFromGUID2
IIDFromString
CoTaskMemAlloc
CoGetInterfaceAndReleaseStream
CoInitializeSecurity

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoRegisterActivationFactories
RoRevokeActivationFactories
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
InitOnceComplete

api-ms-win-service-core-l1-1-0

SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerA

rpcrt4

NdrOleAllocate
UuidCreate
I_RpcBindingInqLocalClientPID
UuidToStringW
IUnknown_Release_Proxy
NdrOleFree
RpcStringFreeW
IUnknown_AddRef_Proxy
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrStubForwardingFunction
NdrStubCall3
UuidFromStringW
IUnknown_QueryInterface_Proxy

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount64
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime

api-ms-win-core-file-l1-1-0

FindClose
FindNextFileW
GetFileAttributesW
GetFileSizeEx
ReadFile
FindFirstFileW
DeleteFileW
CreateFileW

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegEnumValueW
RegQueryValueExW
RegGetValueW
RegOpenCurrentUser
RegDeleteTreeW
RegDeleteValueW

oleaut32

SafeArrayUnlock
SysAllocString
SafeArrayDestroy
SysFreeString
SafeArrayGetLBound
VariantChangeType
SafeArrayGetUBound
SysAllocStringLen
VariantClear
SafeArrayLock
SafeArrayCreate
VariantInit

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

ws2_32

WSAStartup
WSACleanup
closesocket
WSAIoctl
WSAGetLastError
socket

iphlpapi

Icmp6CreateFile
IcmpSendEcho
Icmp6SendEcho2
IcmpCreateFile
IcmpCloseHandle

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchFindExtension
PathAllocCombine
PathCchCombineEx
PathCchAppend
PathCchAppendEx
PathCchCanonicalizeEx

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegOpenKeyW

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

ntdll

RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlIsMultiSessionSku
RtlIsMultiUsersInSessionSku
RtlPublishWnfStateData
RtlIsStateSeparationEnabled

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx
SHCreateStreamOnFileW
SHCreateMemStream

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain

Sections

.text
Size: 727KB - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vssapi/vssapi.dll
.dll windows:10 windows x64 arch:x64

2d6ab4be0895e18f906975049d810b7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vssapi.pdb

Imports

msvcrt

wcsncmp
wcstok
_wcsdup
wcsrchr
wcspbrk
wcschr
_errno
_beginthreadex
towlower
_wtoi64
_wtoi
wcstoul
memmove_s
tolower
iswdigit
_vsnprintf
memcmp
swscanf
qsort
wcsstr
memcpy
memmove
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
__CxxFrameHandler3
??1exception@@UEAA@XZ
memcpy_s
malloc
towupper
_wcsnicmp
free
_resetstkoflw
_purecall
wcscat_s
realloc
_wcsicmp
_vsnwprintf
__C_specific_handler
??0exception@@QEAA@AEBQEBD@Z
wcscmp

ntdll

NtQueryDirectoryObject
NtOpenDirectoryObject
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlAdjustPrivilege
RtlUnlockBootStatusData
NtQuerySystemInformation
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtOpenKey
NtQueryValueKey
EtwRegisterTraceGuidsW
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
NtQueryVolumeInformationFile
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationFile
NtFsControlFile
NtClose
RtlInitUnicodeString
EtwTraceMessage
RtlGetSetBootStatusData

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
LoadResource
GetModuleHandleExW
GetProcAddress
FreeLibrary
LockResource
FreeResource
GetModuleFileNameA
LoadLibraryExW
SizeofResource
LoadStringW
FindResourceExW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
VirtualProtect

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegUnLoadKeyW
RegEnumValueW
RegLoadKeyW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
CreateEventW
CreateMutexW
DeleteCriticalSection
ReleaseSemaphore
EnterCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSection
ResetEvent
LeaveCriticalSection
ReleaseSRWLockExclusive
CreateSemaphoreExW
SetEvent
CreateMutexExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcpynW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

GetVolumeInformationW
ReadFile
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
GetVolumePathNameW
CreateFileW
SetFilePointerEx
DeleteFileW
WriteFile
GetFileAttributesW
CreateDirectoryW
GetLogicalDrives
GetFullPathNameW
GetDriveTypeW

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter
SetErrorMode
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
GetSystemInfo
GetTickCount64
GetVersionExW
GetWindowsDirectoryW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapDestroy
GetProcessHeap
HeapAlloc

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
GlobalFree
LocalFree

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
ResumeThread
SetThreadToken
GetCurrentThread
TerminateProcess
TlsGetValue
GetCurrentProcess
TlsSetValue
CreateThread
GetCurrentThreadId
OpenProcessToken
GetCurrentProcessId
OpenThreadToken

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

vsstrace

ord9
ord7
ord5
ord4
ord2
ord8
ord6
ord11
ord3
ord10
ord1

api-ms-win-security-base-l1-1-0

GetSidSubAuthorityCount
AddAccessAllowedAceEx
AddAccessDeniedAceEx
InitializeAcl
AddAce
GetAce
GetAclInformation
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
CopySid
GetLengthSid
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
CreateWellKnownSid
PrivilegeCheck
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
EqualDomainSid
DuplicateToken
RevertToSelf
IsValidSid
EqualSid
GetTokenInformation

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
RegisterEventSourceW
DeregisterEventSource

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

rpcrt4

UuidFromStringW
UuidToStringW
UuidCreate
RpcStringFreeW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW

ws2_32

GetNameInfoW
InetPtonW
WSAStartup

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

Exports

Exports

??0CVssJetWriter@@QEAA@XZ
??0CVssWriter@@QEAA@XZ
??1CVssJetWriter@@UEAA@XZ
??1CVssWriter@@UEAA@XZ
?AreComponentsSelected@CVssJetWriter@@IEBA_NXZ
?AreComponentsSelected@CVssWriter@@IEBA_NXZ
?CreateVssBackupComponents@@YAJPEAPEAVIVssBackupComponents@@@Z
?CreateVssExamineWriterMetadata@@YAJPEAGPEAPEAVIVssExamineWriterMetadata@@@Z
?GetBackupType@CVssJetWriter@@IEBA?AW4_VSS_BACKUP_TYPE@@XZ
?GetBackupType@CVssWriter@@IEBA?AW4_VSS_BACKUP_TYPE@@XZ
?GetContext@CVssJetWriter@@IEBAJXZ
?GetContext@CVssWriter@@IEBAJXZ
?GetCurrentLevel@CVssJetWriter@@IEBA?AW4_VSS_APPLICATION_LEVEL@@XZ
?GetCurrentLevel@CVssWriter@@IEBA?AW4_VSS_APPLICATION_LEVEL@@XZ
?GetCurrentSnapshotSetId@CVssJetWriter@@IEBA?AU_GUID@@XZ
?GetCurrentSnapshotSetId@CVssWriter@@IEBA?AU_GUID@@XZ
?GetCurrentVolumeArray@CVssJetWriter@@IEBAPEAPEBGXZ
?GetCurrentVolumeArray@CVssWriter@@IEBAPEAPEBGXZ
?GetCurrentVolumeCount@CVssJetWriter@@IEBAIXZ
?GetCurrentVolumeCount@CVssWriter@@IEBAIXZ
?GetRestoreType@CVssJetWriter@@IEBA?AW4_VSS_RESTORE_TYPE@@XZ
?GetRestoreType@CVssWriter@@IEBA?AW4_VSS_RESTORE_TYPE@@XZ
?GetSnapshotDeviceName@CVssJetWriter@@IEBAJPEBGPEAPEBG@Z
?GetSnapshotDeviceName@CVssWriter@@IEBAJPEBGPEAPEBG@Z
?Initialize@CVssJetWriter@@QEAAJU_GUID@@PEBG_N211K@Z
?Initialize@CVssWriter@@QEAAJU_GUID@@PEBGW4VSS_USAGE_TYPE@@W4VSS_SOURCE_TYPE@@W4_VSS_APPLICATION_LEVEL@@KW4VSS_ALTERNATE_WRITER_STATE@@_N1@Z
?InstallAlternateWriter@CVssWriter@@QEAAJU_GUID@@0@Z
?IsBootableSystemStateBackedUp@CVssJetWriter@@IEBA_NXZ
?IsBootableSystemStateBackedUp@CVssWriter@@IEBA_NXZ
?IsPartialFileSupportEnabled@CVssJetWriter@@IEBA_NXZ
?IsPartialFileSupportEnabled@CVssWriter@@IEBA_NXZ
?IsPathAffected@CVssJetWriter@@IEBA_NPEBG@Z
?IsPathAffected@CVssWriter@@IEBA_NPEBG@Z
?OnAbortBegin@CVssJetWriter@@UEAAXXZ
?OnAbortEnd@CVssJetWriter@@UEAAXXZ
?OnBackOffIOOnVolume@CVssWriter@@UEAA_NPEAGU_GUID@@1@Z
?OnBackupComplete@CVssWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnBackupCompleteBegin@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnBackupCompleteEnd@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@_N@Z
?OnBackupShutdown@CVssWriter@@UEAA_NU_GUID@@@Z
?OnContinueIOOnVolume@CVssWriter@@UEAA_NPEAGU_GUID@@1@Z
?OnFreezeBegin@CVssJetWriter@@UEAA_NXZ
?OnFreezeEnd@CVssJetWriter@@UEAA_N_N@Z
?OnIdentify@CVssJetWriter@@UEAA_NPEAVIVssCreateWriterMetadata@@@Z
?OnIdentify@CVssWriter@@UEAA_NPEAVIVssCreateWriterMetadata@@@Z
?OnPostRestore@CVssWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPostRestoreBegin@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPostRestoreEnd@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@_N@Z
?OnPostSnapshot@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPostSnapshot@CVssWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPreRestore@CVssWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPreRestoreBegin@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPreRestoreEnd@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@_N@Z
?OnPrepareBackup@CVssWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPrepareBackupBegin@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPrepareBackupEnd@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@_N@Z
?OnPrepareSnapshotBegin@CVssJetWriter@@UEAA_NXZ
?OnPrepareSnapshotEnd@CVssJetWriter@@UEAA_N_N@Z
?OnThawBegin@CVssJetWriter@@UEAA_NXZ
?OnThawEnd@CVssJetWriter@@UEAA_N_N@Z
?OnVSSApplicationStartup@CVssWriter@@UEAA_NXZ
?OnVSSShutdown@CVssWriter@@UEAA_NXZ
?SetWriterFailure@CVssJetWriter@@IEAAJJ@Z
?SetWriterFailure@CVssWriter@@IEAAJJ@Z
?Subscribe@CVssWriter@@QEAAJK@Z
?Uninitialize@CVssJetWriter@@QEAAXXZ
?Unsubscribe@CVssWriter@@QEAAJXZ
CreateVssBackupComponentsInternal
CreateVssExamineWriterMetadataInternal
CreateVssExpressWriterInternal
CreateVssSnapshotSetDescription
CreateWriter
CreateWriterEx
DllCanUnloadNow
DllGetClassObject
GetProviderMgmtInterface
GetProviderMgmtInterfaceInternal
IsVolumeSnapshotted
IsVolumeSnapshottedInternal
LoadVssSnapshotSetDescription
ShouldBlockRevert
ShouldBlockRevertInternal
VssFreeSnapshotProperties
VssFreeSnapshotPropertiesInternal

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vssapi/wci.dll
.dll windows:10 windows x64 arch:x64

c120cb76513f2fdded152cac4f72aec4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wci.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memcpy
_o_calloc
_o_free
_o_malloc
_o_wcsncat_s
_o_wcsncpy_s
__C_specific_handler
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___acrt_iob_func

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

fltlib

FilterSendMessage
FilterConnectCommunicationPort
FilterDetach
FilterInstanceCreate
FilterAttach
FilterInstanceClose
FilterLoad

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
GetFinalPathNameByHandleW
SetFileAttributesW
GetFileAttributesW
CreateFileW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

ntdll

RtlNtStatusToDosError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
OpenThreadToken
GetCurrentThreadId
TerminateProcess
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-security-base-l1-1-0

FreeSid
AdjustTokenPrivileges
ImpersonateSelf
RevertToSelf
AllocateAndInitializeSid

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

Exports

Exports

WcDetachFilter
WcRemoveReparseData
WcRemoveTombstoneReparseData
WciConfigureVolume
WciGetUnions
WciReadReparsePointData
WciRemoveRoot
WciSetReparsePointData
WciSetReparsePointDataEx
WciSetTombstone
WciSetupFilter

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vssapi/winusb.dll
.dll windows:10 windows x64 arch:x64

c5b956863d4784ec1ea3704cec6bde37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

winusb.pdb

Imports

msvcrt

malloc
memcpy
free
_amsg_exit
__C_specific_handler
_XcptFilter
_initterm
memset

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-io-l1-1-0

CancelIoEx
DeviceIoControl
GetOverlappedResult

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ResetEvent
CreateEventA

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

ntdll

NtQueryInformationFile

Exports

Exports

WinUsb_AbortPipe
WinUsb_AbortPipeAsync
WinUsb_ControlTransfer
WinUsb_FlushPipe
WinUsb_Free
WinUsb_GetAdjustedFrameNumber
WinUsb_GetAssociatedInterface
WinUsb_GetCurrentAlternateSetting
WinUsb_GetCurrentFrameNumber
WinUsb_GetCurrentFrameNumberAndQpc
WinUsb_GetDescriptor
WinUsb_GetOverlappedResult
WinUsb_GetPipePolicy
WinUsb_GetPowerPolicy
WinUsb_Initialize
WinUsb_ParseConfigurationDescriptor
WinUsb_ParseDescriptors
WinUsb_QueryDeviceInformation
WinUsb_QueryInterfaceSettings
WinUsb_QueryPipe
WinUsb_QueryPipeEx
WinUsb_ReadIsochPipe
WinUsb_ReadIsochPipeAsap
WinUsb_ReadPipe
WinUsb_RegisterIsochBuffer
WinUsb_ResetPipe
WinUsb_ResetPipeAsync
WinUsb_SetCurrentAlternateSetting
WinUsb_SetCurrentAlternateSettingAsync
WinUsb_SetPipePolicy
WinUsb_SetPowerPolicy
WinUsb_StartTrackingForTimeSync
WinUsb_StopTrackingForTimeSync
WinUsb_UnregisterIsochBuffer
WinUsb_WriteIsochPipe
WinUsb_WriteIsochPipeAsap
WinUsb_WritePipe

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64_x32_installer__v3.5.9.msi
.msi

Sharing

General

Malware Config

Signatures

Files

70c0d8563d26b207db00e647bcd1cbb1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-power-setting-l1-1-0

ntdll

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-lsalookup-l1-1-0

api-ms-win-core-psm-key-l1-1-0

oleaut32

rpcrt4

api-ms-win-appmodel-runtime-internal-l1-1-4

api-ms-win-core-registry-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-threadpool-l1-2-0

resourcepolicyclient

umpdc

eventaggregation

rmclient

api-ms-win-core-apiquery-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-quirks-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-quirks-l1-1-0

api-ms-win-core-processthreads-l1-1-1

Exports

Exports

Sections

.text Size: 568KB - Virtual size: 567KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 1024B - Virtual size: 6KB

.pdata Size: 32KB - Virtual size: 31KB

.didat Size: 512B - Virtual size: 360B

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 5KB - Virtual size: 5KB

731507425e0162f171397c3bbf3f205c

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

60:c5:20:80:e1:af:5c:4f:fe:45:40:28:33:3d:0f:75:de:42:4e:a2:2d:e3:30:24:cc:d0:47:be:a0:db:97:ebSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

.text
Size: 568KB - Virtual size: 567KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 1024B - Virtual size: 6KB

.pdata
Size: 32KB - Virtual size: 31KB

.didat
Size: 512B - Virtual size: 360B

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 5KB - Virtual size: 5KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

60:c5:20:80:e1:af:5c:4f:fe:45:40:28:33:3d:0f:75:de:42:4e:a2:2d:e3:30:24:cc:d0:47:be:a0:db:97:eb
Signer

.text
Size: 210KB - Virtual size: 210KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 15KB - Virtual size: 15KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

33:00:00:01:45:10:eb:f8:9a:d7:99:40:e7:00:00:00:00:01:45
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

b3:d5:d9:23:3e:01:32:37:e5:e3:8e:79:86:82:c9:15:ca:52:46:75:28:03:16:aa:7b:d4:ff:bd:74:75:5e:81
Signer