XblGameSave.pdb
Static task
static1
1 signatures
General
-
Target
x64_x32_installer__v3.7.7.zip
-
Size
35.9MB
-
MD5
1544c0a62348d4f439deb833d663395a
-
SHA1
dbda12d5117fef1f726e928b3428d53cfd395fda
-
SHA256
bfdebc2e9d9e27a49a4fe57c72c29b67e006149b7d8e12caa098f63c9f29b4de
-
SHA512
c696375a2b1f2c446b2b404ca256838e9a1f4384afbf596cc91eec0e348d2feff7532e030137d75c9464f1b0dff47e0c0b6d77c37a6617dbb159355d8ae2abcf
-
SSDEEP
786432:409kbF9OLHbGhuEffL83/NSgpdLmgKYxCOugqNvX4oJvL5o88XcjfFtCduZqt:W9On3nLRpuDX4ohLJy0tyuZqt
Score
3/10
Malware Config
Signatures
-
Unsigned PE 15 IoCs
Checks for missing Authenticode signature.
resource unpack001/dps/XblGameSave.dll unpack001/dps/dpapisrv.dll unpack001/dps/dps.dll unpack001/dps/wwanmm.dll unpack001/enterprisecsps/energy.dll unpack001/enterprisecsps/enterprisecsps.dll unpack001/enterprisecsps/fhuxadapter.dll unpack001/enterprisecsps/filemgmt.dll unpack001/kbdlisus/KBDKHMR.DLL unpack001/kbdlisus/Pimstore.dll unpack001/kbdlisus/kbdlisus.dll unpack001/kbdlisus/pla.dll unpack001/secur32/SEMgrPS.dll unpack001/secur32/secur32.dll unpack001/secur32/wininetlui.dll
Files
-
x64_x32_installer__v3.7.7.zip.zip
Password: 1
-
dps/XblGameSave.dll.dll windows:10 windows x64 arch:x64
Password: 1
7e80c7b4f275c9ea605678d912adb2c4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
malloc
_initterm
??_V@YAXPEAX@Z
_vsnprintf
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
_onexit
memmove
__CxxFrameHandler3
free
??3@YAXPEAX@Z
_amsg_exit
_XcptFilter
_callnewh
_purecall
_CxxThrowException
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
strchr
realloc
towupper
wcscat_s
??8type_info@@QEBAHAEBV0@@Z
_ultow_s
memmove_s
_wcstoui64
_wcsicmp
wcsstr
wcsncpy_s
wcscpy_s
_wtoi64
wcschr
wcsncmp
swscanf_s
_wtoi
tolower
setlocale
memcpy
___mb_cur_max_func
_errno
___lc_handle_func
___lc_codepage_func
__pctype_func
calloc
__crtLCMapStringW
___lc_collate_cp_func
memcmp
__crtCompareStringW
abort
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
?terminate@@YAXXZ
memset
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcess
OpenThreadToken
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
api-ms-win-core-synch-l1-1-0
SetEvent
ResetEvent
CreateSemaphoreExW
InitializeCriticalSectionEx
InitializeCriticalSection
ReleaseSemaphore
CreateMutexExW
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
CreateEventW
DeleteCriticalSection
InitializeSRWLock
EnterCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
LeaveCriticalSection
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-com-l1-1-0
CoReleaseServerProcess
CoFreeUnusedLibraries
CoCreateInstance
CoInitializeEx
CoAddRefServerProcess
CoUninitialize
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoSetProxyBlanket
CoSwitchCallContext
StringFromGUID2
CoCreateGuid
CoRevertToSelf
CoImpersonateClient
CoRevokeClassObject
CoEnableCallCancellation
CoDecrementMTAUsage
CoCancelCall
CoDisableCallCancellation
CoInitializeSecurity
CoRegisterClassObject
CoResumeClassObjects
CoDisconnectContext
api-ms-win-core-winrt-l1-1-0
RoActivateInstance
RoUninitialize
RoInitialize
RoRegisterActivationFactories
RoGetActivationFactory
RoRevokeActivationFactories
api-ms-win-core-winrt-string-l1-1-0
WindowsCreateString
WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsGetStringLen
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
api-ms-win-core-winrt-error-l1-1-0
RoOriginateErrorW
RoOriginateError
RoTransformError
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-service-core-l1-1-0
SetServiceStatus
RegisterServiceCtrlHandlerExW
api-ms-win-core-synch-l1-2-0
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
InitOnceExecuteOnce
api-ms-win-security-sddl-l1-1-0
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW
api-ms-win-security-base-l1-1-0
MakeAbsoluteSD
RevertToSelf
ImpersonateLoggedOnUser
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetSystemTime
api-ms-win-core-registry-l1-1-0
RegEnumKeyExW
RegDeleteKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegDeleteTreeW
RegGetValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CloseThreadpoolWork
CloseThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
api-ms-win-power-setting-l1-1-0
PowerSettingRegisterNotification
PowerSettingUnregisterNotification
api-ms-win-service-management-l1-1-0
OpenSCManagerW
CloseServiceHandle
OpenServiceW
api-ms-win-service-management-l2-1-0
ChangeServiceConfigW
oleaut32
VariantInit
api-ms-win-security-lsalookup-l2-1-0
LookupAccountSidW
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-file-l1-1-0
FindClose
GetFileInformationByHandle
CreateDirectoryW
CreateFileW
SetFilePointerEx
SetEndOfFile
FindNextFileW
FindFirstFileW
ReadFile
WriteFile
CompareFileTime
GetFileSizeEx
GetFileAttributesW
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
SystemTimeToFileTime
rpcrt4
NdrServerCallAll
NdrServerCall2
RpcRevertToSelfEx
RpcImpersonateClient
RpcServerUnregisterIf
RpcBindingVectorFree
RpcServerUseProtseqW
RpcServerInqBindings
RpcServerRegisterIf3
RpcEpRegisterW
RpcEpUnregister
UuidFromStringW
api-ms-win-core-string-l1-1-0
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
api-ms-win-core-threadpool-legacy-l1-1-0
DeleteTimerQueueTimer
CreateTimerQueueTimer
ntdll
NtFlushBuffersFileEx
NtSetInformationFile
RtlDosPathNameToNtPathName_U
NtQueryInformationToken
DbgPrintEx
NtQueryWnfStateData
RtlUnsubscribeWnfStateChangeNotification
RtlCapabilityCheck
RtlInitUnicodeString
RtlIsMultiSessionSku
RtlSubscribeWnfStateChangeNotification
combase
ord67
ord69
ord68
ord66
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
ServiceMain
Sections
.text Size: 841KB - Virtual size: 840KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
RT_CODE Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 347KB - Virtual size: 346KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
dps/dpapisrv.dll.dll windows:10 windows x64 arch:x64
Password: 1
ee8dd9c021c5e38224032b7f773aec78
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
dpapisrv.pdb
Imports
msvcp_win
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
memcmp
memcpy
api-ms-win-crt-string-l1-1-0
memset
rpcrt4
RpcServerInqDefaultPrincNameW
RpcServerRegisterIfEx
RpcServerInqCallAttributesW
RpcRevertToSelf
RpcServerRegisterAuthInfoW
UuidCreate
RpcStringBindingParseW
UuidFromStringW
RpcServerUnregisterIf
RpcBindingToStringBindingW
RpcServerUseProtseqEpW
RpcBindingFree
RpcEpResolveBinding
RpcStringFreeW
RpcNetworkIsProtseqValidW
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
UuidCompare
RpcServerUnregisterIfEx
RpcServerRegisterIf3
RpcImpersonateClient
RpcRevertToSelfEx
NdrClientCall3
NdrServerCall2
NdrServerCallAll
UuidToStringW
api-ms-win-security-base-l1-1-0
AdjustTokenPrivileges
AllocateAndInitializeSid
ImpersonateSelf
GetLengthSid
DuplicateTokenEx
GetTokenInformation
GetSidSubAuthorityCount
FreeSid
EqualSid
CreateWellKnownSid
SetTokenInformation
CopySid
RevertToSelf
ImpersonateLoggedOnUser
IsValidSid
CheckTokenMembership
AllocateLocallyUniqueId
DuplicateToken
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleHandleExW
api-ms-win-core-registry-l1-1-0
RegSetValueExW
RegOpenKeyExW
RegUnLoadKeyW
RegLoadKeyW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
api-ms-win-core-synch-l1-1-0
WaitForSingleObject
CreateMutexW
InitializeCriticalSectionEx
OpenMutexW
LeaveCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
ReleaseMutex
CreateMutexExW
ReleaseSemaphore
OpenEventW
CreateEventW
EnterCriticalSection
SetEvent
ReleaseSRWLockShared
CreateSemaphoreExW
InitializeSRWLock
OpenSemaphoreW
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSection
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapAlloc
HeapFree
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError
api-ms-win-core-processthreads-l1-1-0
SetThreadToken
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
OpenThreadToken
TerminateProcess
api-ms-win-core-string-l1-1-0
CompareStringW
CompareStringOrdinal
api-ms-win-core-threadpool-l1-2-0
SetThreadpoolTimer
CloseThreadpoolTimer
CloseThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CreateThreadpoolTimer
SubmitThreadpoolWork
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
LocalReAlloc
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetSystemTime
GetComputerNameExW
GetSystemDirectoryW
GetTickCount
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
DebugBreak
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
bcrypt
BCryptGenerateSymmetricKey
BCryptGenRandom
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt
BCryptFinishHash
BCryptDestroyHash
BCryptHashData
BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptCreateHash
BCryptKeyDerivation
BCryptDeriveKeyCapi
BCryptImportKeyPair
BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptExportKey
BCryptOpenAlgorithmProvider
api-ms-win-core-memory-l1-1-0
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
api-ms-win-core-file-l1-1-0
FindFirstFileW
GetFileSize
SetEndOfFile
WriteFile
FindNextFileW
FindClose
CreateFileW
ReadFile
DeleteFileW
CompareFileTime
FlushFileBuffers
SetFilePointer
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
OpenProcess
cryptbase
SystemFunction041
SystemFunction040
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceExecuteOnce
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
ncrypt
NCryptOpenStorageProvider
NCryptFinalizeKey
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFreeObject
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-threadpool-legacy-l1-1-0
QueueUserWorkItem
api-ms-win-core-string-obsolete-l1-1-0
lstrlenW
api-ms-win-core-heap-obsolete-l1-1-0
LocalSize
lsasrv
LsaILookupUserAccountType
LsaIDeriveCredentialKey
ntasn1
ord4
ord5
lsass.exe
LsaGetInterface
ntdll
RtlLeaveCriticalSection
NtOpenEvent
NtCreateEvent
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlFreeHeap
NtCreateFile
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
EtwEventUnregister
RtlEnterCriticalSection
RtlImageNtHeader
RtlDeleteCriticalSection
RtlGetCurrentServiceSessionId
NtQueryInformationProcess
EtwEventWriteTransfer
EtwEventActivityIdControl
RtlEqualDomainName
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlUpcaseUnicodeString
RtlInitUnicodeString
RtlIsStateSeparationEnabled
EtwTraceMessage
RtlInitializeCriticalSection
NtPrivilegeCheck
NtOpenThreadToken
NtClose
EtwEventRegister
NtQueryInformationToken
RtlEqualSid
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
InitializeLsaExtension
QueryLsaInterface
Sections
.text Size: 198KB - Virtual size: 197KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 46KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 392B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 836B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
dps/dps.dll.dll windows:10 windows x64 arch:x64
Password: 1
478392f9d86b8eb13f0da838592a21ba
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
dps.pdb
Imports
msvcrt
_initterm
_vsnwprintf
malloc
free
_amsg_exit
_XcptFilter
__C_specific_handler
_wcsicmp
memcpy
memset
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventUnregister
EtwEventRegister
RtlFirstEntrySList
EtwEventActivityIdControl
EtwEventWrite
EtwEventEnabled
WinSqmIncrementDWORD
WinSqmAddToStream
NtTraceControl
NtAlpcImpersonateClientOfPort
TpAllocAlpcCompletion
NtAlpcCreatePort
RtlInitUnicodeString
NtAlpcCancelMessage
RtlVirtualUnwind
NtAlpcSendWaitReceivePort
NtAlpcAcceptConnectPort
NtAlpcDeleteSecurityContext
AlpcGetMessageAttribute
TpWaitForAlpcCompletion
TpReleaseAlpcCompletion
VerSetConditionMask
AlpcMaxAllowedMessageLength
NtAlpcDisconnectPort
RtlNtStatusToDosError
NtAlpcQueryInformation
AlpcInitializeMessageAttribute
api-ms-win-service-core-l1-1-0
RegisterServiceCtrlHandlerExW
SetServiceStatus
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
api-ms-win-core-heap-l1-1-0
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-eventing-consumer-l1-1-0
CloseTrace
OpenTraceW
ProcessTrace
api-ms-win-core-synch-l1-1-0
AcquireSRWLockShared
ResetEvent
ReleaseSRWLockShared
InitializeSRWLock
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
CreateEventW
ReleaseSRWLockExclusive
SetEvent
WaitForMultipleObjectsEx
WaitForSingleObject
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
CreateThread
CreateProcessAsUserW
GetCurrentThread
OpenThreadToken
GetCurrentProcessId
SetThreadToken
api-ms-win-security-base-l1-1-0
IsValidSid
DuplicateTokenEx
MapGenericMask
SetSecurityDescriptorGroup
CreateWellKnownSid
SetSecurityDescriptorOwner
FreeSid
EqualSid
RevertToSelf
GetSecurityDescriptorDacl
MakeSelfRelativeSD
CopySid
GetLengthSid
MakeAbsoluteSD
GetTokenInformation
IsValidSecurityDescriptor
GetSecurityDescriptorGroup
AccessCheck
AllocateAndInitializeSid
GetSecurityDescriptorOwner
CheckTokenMembership
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-registry-l1-1-0
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList
api-ms-win-core-file-l1-1-0
FindNextFileW
CreateFileW
FindFirstFileW
ReadFile
FindClose
SetFilePointerEx
CompareFileTime
DeleteFileW
SetFilePointer
RemoveDirectoryW
WriteFile
GetDiskFreeSpaceW
api-ms-win-eventing-controller-l1-1-0
ControlTraceW
api-ms-win-service-management-l1-1-0
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceW
api-ms-win-service-winsvc-l1-1-0
QueryServiceStatus
ControlService
api-ms-win-service-management-l2-1-0
QueryServiceStatusEx
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-security-grouppolicy-l1-1-0
UnregisterGPNotificationInternal
RegisterGPNotificationInternal
kernelbase
WTSGetServiceSessionId
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
ServiceMain
Sections
.text Size: 117KB - Virtual size: 117KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
dps/wwanmm.dll.dll windows:10 windows x64 arch:x64
Password: 1
085d30f77f85e03dcd40724f5435c85f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
WWanMM.pdb
Imports
msvcrt
memcmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
_callnewh
_vsnprintf_s
_wtoi
vswprintf_s
swprintf_s
memmove_s
_wtoi64
??3@YAXPEAX@Z
iswdigit
_get_errno
_set_errno
memcpy_s
_vsnwprintf
malloc
free
_purecall
calloc
??_V@YAXPEAX@Z
_resetstkoflw
__C_specific_handler
__CxxFrameHandler3
memset
api-ms-win-core-registry-l1-1-0
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError
api-ms-win-core-synch-l1-1-0
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateEventW
WaitForSingleObject
ResetEvent
AcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
ReleaseSRWLockExclusive
SetEvent
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameW
GetProcAddress
FreeLibrary
LockResource
LoadStringW
FindResourceExW
LoadResource
GetModuleHandleExW
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
api-ms-win-core-com-l1-1-0
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
StringFromIID
CoTaskMemRealloc
CoUninitialize
IIDFromString
CoCreateGuid
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventUnregister
EventRegister
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
oleaut32
SafeArrayGetElement
SafeArrayLock
SysAllocString
VariantClear
SafeArrayDestroy
VariantInit
VariantChangeType
SafeArrayUnlock
SafeArrayAccessData
SysStringLen
SafeArrayRedim
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayCreate
SysFreeString
SafeArrayGetUBound
iphlpapi
ConvertInterfaceLuidToAlias
ConvertInterfaceGuidToLuid
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-winrt-error-l1-1-0
SetRestrictedErrorInfo
api-ms-win-core-winrt-string-l1-1-0
WindowsCreateStringReference
api-ms-win-core-winrt-l1-1-0
RoActivateInstance
RoGetActivationFactory
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-winrt-error-l1-1-1
RoGetMatchingRestrictedErrorInfo
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-synch-l1-2-0
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-sidebyside-l1-1-0
FindActCtxSectionStringW
CreateActCtxW
DeactivateActCtx
ActivateActCtx
QueryActCtxW
kernel32
lstrlenW
lstrcmpW
LocalFree
InitializeCriticalSectionEx
OutputDebugStringW
LoadLibraryExW
CreateFileW
lstrlenA
ExpandEnvironmentStringsW
DebugBreak
GetModuleHandleW
GetProcessHeap
CreateMutexExW
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
CompareStringOrdinal
IsDebuggerPresent
user32
UnregisterClassA
ntdll
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlNtStatusToDosError
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
WinSqmAddToStream
WinSqmSetDWORD
WinSqmAddToStreamEx
shell32
ShellExecuteExW
CommandLineToArgvW
wwapi
WwanFreeMemory
WwanAllocateMemory
mobilenetworking
GetPersistentRegPath
wcmapi
WcmQueryProperty
WcmFreeMemory
datusage
CreateDataUsageHelper
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
crypt32
CryptUnprotectData
CryptProtectData
Exports
Exports
DllCanUnloadNow
DllGetClassObject
StartDiagnosticsW
Sections
.text Size: 186KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 64KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 275KB - Virtual size: 274KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
enterprisecsps/energy.dll.dll windows:10 windows x64 arch:x64
Password: 1
5a6c1bb2d4cdfc861b6d3485be83e4ca
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
energy.pdb
Imports
msvcrt
__dllonexit
_unlock
_lock
__C_specific_handler
_errno
_initterm
_amsg_exit
wcsnlen
floor
??1type_info@@UEAA@XZ
setlocale
__crtLCMapStringW
memmove
_XcptFilter
__uncaught_exception
__pctype_func
memcmp
_CxxThrowException
__CxxFrameHandler3
wcstoul
_wcsicmp
___lc_handle_func
___lc_codepage_func
swprintf_s
iswprint
malloc
??0exception@@QEAA@AEBQEBDH@Z
_wcsnicmp
_vsnwprintf
calloc
memcpy
_onexit
___mb_cur_max_func
_wcsdup
_ismbblead
memset
abort
sprintf_s
free
?terminate@@YAXXZ
localeconv
__doserrno
_wfopen_s
fclose
fwprintf_s
toupper
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
strcspn
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
_wsetlocale
wcscmp
api-ms-win-core-processtopology-obsolete-l1-1-0
GetActiveProcessorCount
api-ms-win-ole32-ie-l1-1-0
CoInitialize
api-ms-win-core-kernel32-legacy-l1-1-0
GetSystemPowerStatus
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
RtlCopySid
RtlVirtualUnwind
NtQueryWnfStateData
NtPowerInformation
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlGetPersistedStateLocation
RtlLengthSid
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventProviderEnabled
EventWriteTransfer
EventSetInformation
EventWrite
EventUnregister
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-synch-l1-1-0
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateEventW
WaitForSingleObject
DeleteCriticalSection
api-ms-win-core-file-l1-1-0
FileTimeToLocalFileTime
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
CreateFileW
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-com-l1-1-0
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
api-ms-win-core-registry-l1-1-0
RegCreateKeyExW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
api-ms-win-core-sysinfo-l1-1-0
GetSystemTime
GetTickCount
GetVersionExW
GetComputerNameExW
GetSystemTimeAsFileTime
rpcrt4
UuidCreate
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameA
GetProcAddress
LoadStringW
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapCreate
HeapFree
HeapDestroy
GetProcessHeap
api-ms-win-eventing-consumer-l1-1-0
ProcessTrace
CloseTrace
OpenTraceW
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
api-ms-win-core-path-l1-1-0
PathCchRemoveBackslash
PathCchAppend
api-ms-win-power-setting-l1-1-0
PowerGetActiveScheme
api-ms-win-security-lsalookup-l2-1-0
LookupAccountSidW
api-ms-win-security-sddl-l1-1-0
ConvertSidToStringSidW
api-ms-win-eventing-controller-l1-1-0
ControlTraceW
EnableTraceEx2
TraceSetInformation
StartTraceW
api-ms-win-core-synch-l1-2-0
SleepConditionVariableSRW
Sleep
WakeAllConditionVariable
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
api-ms-win-eventing-tdh-l1-1-0
TdhUnloadManifest
TdhGetProperty
TdhGetEventInformation
TdhGetPropertySize
powrprof
PowerReadACValueIndex
PowerReadDCValueIndex
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
oleaut32
SysAllocString
VariantClear
GetErrorInfo
SysFreeString
Exports
Exports
EnergyWizard_Analyze
EnergyWizard_CancelTrace
EnergyWizard_CollectTrace
EnergyWizard_CreateEnergyWizard
EnergyWizard_DefaultTraceDuration
EnergyWizard_DestroyEnergyWizard
EnergyWizard_GetLogEntryCounts
EnergyWizard_SaveReport
EnergyWizard_SqmAnalysis
EnergyWizard_TransformReport
SaveBatteryReport
SaveSleepStudyReport
SaveSystemSleepDiagnosticsReport
SendScreenOnTelemetry
TransformBatteryReport
TransformSleepStudyReport
TransformSystemSleepDiagnosticsReport
Sections
.text Size: 449KB - Virtual size: 449KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 172KB - Virtual size: 171KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
enterprisecsps/enterprisecsps.dll.dll windows:10 windows x64 arch:x64
Password: 1
ffba186bc5ad0ddf6c81eb2959a5a51b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
enterprisecsps.pdb
Imports
dmenterprisediagnostics
RecordDiagnosticsError
msvcp110_win
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xbad_function_call@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?uncaught_exception@std@@YA_NXZ
??_7facet@locale@std@@6B@
_Wcsxfrm
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1?$codecvt@GDH@std@@MEAA@XZ
??_7codecvt_base@std@@6B@
??_7?$codecvt@GDH@std@@6B@
?in@?$codecvt@GDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAG3AEAPEAG@Z
??0?$codecvt@GDH@std@@QEAA@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$codecvt@GDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??_7_Facet_base@std@@6B@
_Wcscoll
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@G@std@@2V0locale@2@A
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??Bid@locale@std@@QEAA_KXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_BADOFF@std@@3_JB
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
msvcrt
fputc
fflush
fclose
_wtoi
fwrite
fgetpos
setvbuf
ungetc
fgetc
??3@YAXPEAX@Z
__CxxFrameHandler3
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
_purecall
fsetpos
_fseeki64
ldiv
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
__C_specific_handler
wcsncpy_s
malloc
free
_wcsicmp
swscanf
wcschr
memmove_s
wcstoul
_wcsnicmp
wcsstr
__ExceptionPtrCreate
__ExceptionPtrCopy
wcstok_s
__ExceptionPtrDestroy
?what@exception@@UEBAPEBDXZ
?terminate@@YAXXZ
__ExceptionPtrCurrentException
__ExceptionPtrRethrow
??8type_info@@QEBAHAEBV0@@Z
wcsrchr
toupper
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
realloc
strchr
swprintf_s
srand
rand
??0exception@@QEAA@AEBQEBD@Z
sprintf_s
strncpy_s
_set_errno
_errno
strtol
strrchr
wcsncmp
_wcslwr
towlower
wcstol
_fpclass
wcscpy_s
_callnewh
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_CxxThrowException
__RTDynamicCast
memcmp
memcpy
memmove
memset
wcscmp
ntdll
RtlNtStatusToDosErrorNoTeb
RtlVirtualUnwind
NtDeleteWnfStateName
RtlCaptureContext
RtlIsMultiUsersInSessionSku
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
WinSqmSetDWORD
WinSqmStartSession
WinSqmEndSession
RtlIsStateSeparationEnabled
NtCreateWnfStateName
RtlLookupFunctionEntry
RtlPublishWnfStateData
api-ms-win-core-libraryloader-l1-2-0
LoadResource
SizeofResource
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
FindStringOrdinal
GetModuleHandleW
LoadLibraryExA
GetModuleHandleExW
GetProcAddress
FindResourceExW
LoadStringW
DisableThreadLibraryCalls
api-ms-win-core-synch-l1-1-0
WaitForSingleObjectEx
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateSemaphoreExW
CreateEventW
InitializeCriticalSection
ResetEvent
ReleaseSemaphore
CreateMutexExW
OpenEventW
WaitForSingleObject
ReleaseMutex
AcquireSRWLockExclusive
CreateEventExW
SetEvent
OpenSemaphoreW
EnterCriticalSection
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
api-ms-win-core-processthreads-l1-1-0
TerminateThread
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
CreateProcessAsUserW
GetCurrentProcess
OpenProcessToken
CreateThread
TerminateProcess
OpenThreadToken
CreateProcessW
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
oleaut32
VariantInit
SysFreeString
VariantClear
SysAllocStringLen
VariantChangeType
SystemTimeToVariantTime
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysStringLen
VariantTimeToSystemTime
VariantCopy
VariantChangeTypeEx
SafeArrayUnaccessData
SafeArrayCreate
SysAllocString
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SafeArrayGetDim
SafeArrayGetElement
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventProviderEnabled
EventSetInformation
EventActivityIdControl
EventUnregister
EventWriteTransfer
api-ms-win-core-string-l2-1-0
CharNextW
CharLowerBuffW
api-ms-win-core-registry-l1-1-0
RegDeleteKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegGetValueW
RegEnumValueW
RegCreateKeyExW
RegDeleteTreeW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegOpenCurrentUser
RegSetValueExW
api-ms-win-core-string-l1-1-0
CompareStringW
MultiByteToWideChar
api-ms-win-core-heap-l2-1-0
LocalFree
GlobalFree
LocalAlloc
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
crypt32
CryptExportPublicKeyInfo
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertCreateCertificateContext
CertFindExtension
CryptDecodeObjectEx
CertRDNValueToStrW
CertGetNameStringW
CryptHashCertificate2
CertAddEncodedCertificateToStore
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
CertGetCertificateContextProperty
CryptBinaryToStringW
CryptSetKeyIdentifierProperty
CryptProtectData
CryptUnprotectData
CryptDecryptMessage
CryptAcquireCertificatePrivateKey
CertGetCertificateChain
CertFreeCertificateChain
api-ms-win-core-sysinfo-l1-1-0
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetSystemWindowsDirectoryW
GetLocalTime
GetSystemInfo
GetComputerNameExW
GetWindowsDirectoryW
rpcrt4
UuidCreate
UuidFromStringW
RpcBindingCreateW
UuidToStringW
RpcStringFreeW
RpcBindingFree
RpcBindingBind
I_RpcExceptionFilter
NdrClientCall3
api-ms-win-core-synch-l1-2-0
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
Sleep
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
api-ms-win-core-registry-l1-1-1
RegDeleteKeyValueW
RegSetKeyValueW
api-ms-win-core-winrt-string-l1-1-0
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
RoUninitialize
RoActivateInstance
RoInitialize
api-ms-win-security-sddl-l1-1-0
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
api-ms-win-core-realtime-l1-1-1
QueryUnbiasedInterruptTimePrecise
api-ms-win-core-shutdown-l1-1-0
InitiateSystemShutdownExW
api-ms-win-security-base-l1-1-0
GetTokenInformation
AdjustTokenPrivileges
api-ms-win-security-lsalookup-l2-1-0
LookupPrivilegeValueW
api-ms-win-core-winrt-error-l1-1-0
RoOriginateError
SetRestrictedErrorInfo
ncrypt
NCryptGetProperty
NCryptDeleteKey
NCryptOpenStorageProvider
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFreeObject
NCryptOpenKey
iphlpapi
GetAdaptersAddresses
GetIfEntry2
ws2_32
InetNtopW
api-ms-win-core-winrt-error-l1-1-1
RoGetMatchingRestrictedErrorInfo
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
FileTimeToSystemTime
api-ms-win-core-file-l1-1-0
FindFirstFileW
RemoveDirectoryW
FindClose
CreateFileW
WriteFile
FindNextFileW
GetFullPathNameW
FileTimeToLocalFileTime
DeleteFileW
GetFileAttributesW
CreateDirectoryW
ReadFile
api-ms-win-core-path-l1-1-0
PathCchRemoveFileSpec
PathCchAppend
PathCchSkipRoot
PathAllocCombine
PathCchCombine
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
cryptsp
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
api-ms-win-core-registry-l2-1-0
RegDeleteKeyW
RegEnumKeyW
api-ms-win-core-kernel32-legacy-l1-1-0
GetSystemPowerStatus
GetNamedPipeClientProcessId
api-ms-win-core-string-obsolete-l1-1-0
lstrlenA
lstrcmpiW
api-ms-win-core-heap-obsolete-l1-1-0
GlobalUnlock
GlobalLock
omadmapi
ord34
ord44
ord47
ord23
ord52
ord22
ord53
ord56
ord27
ord54
ord166
ord78
ord24
dmcmnutils
OmDmRegistryAllocAndGetString
SafeWideCharToMultiByte
DmRaiseToastNotification
DmDisableTask
OmaDmRegistryGetString
OmaDmRegistryGetDWORD
OmaDmRegistryDeleteValue
OmaDmRegistrySetDWORD
OmaDmRegistrySetString
HexStringToBinary
DecodeBase64W
OmaDmRegistryGetBinary
BinaryToHexString
BigStrcat
DmDeleteTask
IsPhoneOS
OmaDmRegistryGetAllSubKeys
DMGetClientHardwareUID
CopyString
DmRevertToSelf
InvStrCmpIW
DmGetActiveUserSid
DmImpersonate
DmGetCurrentUserSid
OmaDmRegistrySetBinary
OmaDmRegistryGetAllValues
DmEnableTask
MBToUnicode
UnicodeToMB
EncodeBase64W
CreateBstrArray
dmiso8601utils
FileTimeToISO8601String
SystemTimeToISO8601String
dmcfgutils
SyncGetDeviceUniqueID
policymanager
EnterprisePolicyManagerStore_EvaluatePoliciesUpdateCurrent
EnterprisePolicyManagerStore_GetEnrollmentTypeFromEnrollment
EnterprisePolicyManagerStore_CSPResultAreaGetChildNodeNames
EnterprisePolicyManagerStore_DoesProviderExist
EnterprisePolicyManagerStore_CreateProviderHive
EnterprisePolicyManagerStore_GetAllProviderContextSidAreas
EnterprisePolicyManagerStore_CSPConfigSourceDeleteChild
EnterprisePolicyManagerStore_CSPConfigSourceAreaCreateNodeInstance
EnterprisePolicyManagerStore_EnsureProviderContextSidAreaExist
EnterprisePolicyManagerStore_CSPConfigSourceAreaGetChildNodeNames
EnterprisePolicyManagerStore_IsValidArea
EnterprisePolicyManagerStore_CSPConfigSourceAreaDeleteChild
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicyCreateNodeInstance
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicyGetValue
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicySetValue
EnterprisePolicyManagerStore_IsValidPolicy
EnterprisePolicyManagerStore_CSPResultAreaPolicyGetValue
EnterprisePolicyManagerStore_IsPolicyAreaForIngestedAdmx
EnterprisePolicyManagerStore_DeleteEnrollmentAdmxMetadata
EnterprisePolicyManagerStore_GetPolicyTypeFromMetadata
EnterprisePolicyManagerStore_CSPResultGetAreaChildNodeNames
EnterprisePolicyManagerStore_IsADMXIngestionAllowed
EnterprisePolicyManagerStore_DeleteEnrollmentAppAdmxMetadata
EnterprisePolicyManagerStore_DeleteEnrollmentAppSettingTypeAdmxMetadata
EnterprisePolicyManagerStore_GetAdmxFileData
EnterprisePolicyManagerStore_VerifyAdmxPoliciesAreNotSet
EnterprisePolicyManagerStore_IngestAdmxTextBlob
EnterprisePolicyManagerStore_DoesProviderContextSidAreaPolicyValueExist
EnterprisePolicyManagerStore_SetProviderContextSidAreaPolicyValue
EnterprisePolicyManagerStore_DeleteProvider
EnterprisePolicyManagerStore_GetCurrentPolicyValue
EnterprisePolicyManagerStore_GetAllCurrentSidAreaPolicies
EnterprisePolicyManagerStore_GetAllProviderContextSidAreaPolicies
EnterprisePolicyManagerStore_DeleteProviderContextSidAreaPolicy
EnterprisePolicyManagerStore_GetProviderContextSidAreaPolicyValue
EnterprisePolicyManagerStore_PublishAnyDelayedWnfs
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
xmllite
CreateXmlReader
CreateXmlWriter
CreateXmlWriterOutputWithEncodingName
CreateXmlReaderInputWithEncodingName
api-ms-win-shcore-stream-l1-1-0
SHCreateMemStream
SHCreateStreamOnFileW
combase
ord154
api-ms-win-shcore-registry-l1-1-0
SHCopyKeyW
sspicli
GetUserNameExW
api-ms-win-core-processthreads-l1-1-1
GetProcessMitigationPolicy
api-ms-win-core-file-l2-1-0
GetFileInformationByHandleEx
api-ms-win-service-management-l2-1-0
QueryServiceStatusEx
api-ms-win-service-management-l1-1-0
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW
api-ms-win-core-namedpipe-l1-1-0
CreateNamedPipeW
ConnectNamedPipe
api-ms-win-core-memory-l1-1-0
VirtualProtect
VirtualQuery
certenroll
ord45
Exports
Exports
DllCanUnloadNow
DllGetClassObject
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 518KB - Virtual size: 517KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 27KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
enterprisecsps/fhuxadapter.dll.dll windows:4 windows x86 arch:x86
Password: 1
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
fhuxadapter.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 127KB - Virtual size: 126KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
enterprisecsps/filemgmt.dll.dll regsvr32 windows:10 windows x64 arch:x64
Password: 1
89122c235f124c1d01afc6dc2575d168
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
filemgmt.pdb
Imports
mfc42u
ord2586
ord4741
ord3743
ord822
ord3774
ord867
ord3892
ord1033
ord2329
ord6614
ord6418
ord2661
ord4131
ord1498
ord6351
ord2781
ord2393
ord4860
ord2593
ord4747
ord3501
ord3806
ord912
ord4795
ord4894
ord4846
ord852
ord1035
ord4257
ord4262
ord6395
ord6385
ord2906
ord3396
ord3894
ord337
ord2326
ord4557
ord5245
ord1286
ord3761
ord5702
ord665
ord4612
ord1043
ord3754
ord629
ord599
ord6734
ord3182
ord2801
ord1264
ord5694
ord2666
ord1787
ord3177
ord2377
ord6632
ord2324
ord4344
ord1781
ord2665
ord2379
ord2316
ord4521
ord4127
ord4601
ord3003
ord1657
ord2474
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord1067
ord3751
ord3535
ord5229
ord5712
ord4743
ord1778
ord6440
ord2589
ord4542
ord1566
ord832
ord2023
ord2422
ord1906
ord1499
ord1442
ord2975
ord625
ord6216
ord5585
ord5583
ord5304
ord5114
ord5352
ord4699
ord5687
ord4722
ord5246
ord5406
ord2517
ord6437
ord4365
ord1777
ord4752
ord5663
ord2399
ord5586
ord6812
ord4694
ord5709
ord4017
ord5227
ord4789
ord2670
ord2060
ord6814
ord3933
ord5484
ord1736
ord5683
ord2457
ord2140
ord5699
ord4988
ord4771
ord3868
ord4548
ord6328
ord6147
ord5584
ord6767
ord5077
ord2764
ord2328
ord2311
ord2384
ord5382
ord999
ord549
ord4582
ord2629
ord6708
ord6705
ord2371
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord2412
ord3468
ord5722
ord5724
ord4368
ord5065
ord5730
ord5711
ord6053
ord3049
ord3243
ord3362
ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord3534
ord4082
ord4083
ord4077
ord3164
ord4371
ord4983
ord4770
ord3916
ord1426
ord2752
ord4214
ord1063
ord659
ord1562
ord1647
ord1441
ord2856
ord6050
ord621
ord4436
ord4523
ord2676
ord1677
ord1463
ord3790
ord3830
ord286
ord1574
ord2427
ord3740
ord1284
ord5887
ord2979
ord1287
ord2846
ord4473
ord5719
ord2408
ord287
ord620
ord1122
ord3873
ord568
ord1355
ord5950
ord1483
ord6880
ord626
ord5935
ord6886
ord1126
ord1040
ord624
ord1006
ord4721
ord6887
msvcrt
__RTDynamicCast
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_vsnwprintf
_wtoi64
_wcsnicmp
wcschr
calloc
iswspace
wcsstr
wcsncmp
_wcsicmp
??_V@YAXPEAX@Z
malloc
free
__C_specific_handler
__CxxFrameHandler3
_purecall
memset
atl
ord32
ord16
ord21
ord15
ord18
ord22
ntdll
RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlLookupFunctionEntry
RtlVirtualUnwind
advapi32
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetLengthSid
CopySid
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
EnumServicesStatusW
RegDeleteValueW
GetUserNameW
RegConnectRegistryW
IsWellKnownSid
RevertToSelf
MapGenericMask
AllocateAndInitializeSid
MakeSelfRelativeSD
FreeSid
GetSecurityDescriptorLength
GetSecurityDescriptorControl
LsaOpenPolicy
LsaFreeMemory
LsaClose
LsaSetSystemAccessAccount
LsaGetSystemAccessAccount
LsaCreateAccount
LsaOpenAccount
GetSidSubAuthority
GetSidSubAuthorityCount
LsaLookupNames
user32
SetWindowsHookExW
GetWindowThreadProcessId
FindWindowExW
GetDlgCtrlID
GetSystemMetrics
GetWindowRect
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
EnumThreadWindows
IsWindowVisible
GetDesktopWindow
GetFocus
GetWindowLongW
SetActiveWindow
SetWindowTextW
GetClientRect
ShowWindow
MessageBoxW
PostMessageW
GetParent
LoadImageW
UnhookWindowsHookEx
GetActiveWindow
LoadBitmapW
WinHelpW
EnableWindow
SetDlgItemTextW
EndDialog
GetWindowLongPtrW
GetDlgItemTextW
IsDlgButtonChecked
SetFocus
SetWindowLongPtrW
GetDlgItem
SendMessageW
RegisterClipboardFormatW
LoadStringW
DialogBoxParamW
LoadIconW
CallNextHookEx
version
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW
gdi32
DeleteObject
cfgmgr32
CM_Set_HW_Prof_Flags_ExW
CM_Disconnect_Machine
CM_Connect_MachineW
CM_Get_HW_Prof_Flags_ExW
kernel32
GetLastError
GetModuleFileNameW
GetCurrentThreadId
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
GetProcAddress
SetLastError
DeactivateActCtx
LoadLibraryW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
QueryActCtxW
GetModuleHandleW
OutputDebugStringA
CreateThread
WaitForSingleObject
DuplicateHandle
GlobalLock
GlobalUnlock
GlobalFree
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetCurrentProcess
CloseHandle
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
FormatMessageW
LocalFree
GetSystemWindowsDirectoryW
ResumeThread
LocalAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
ReleaseActCtx
lstrlenW
CreateProcessW
GetExitCodeProcess
GetComputerNameExW
CreateEventW
Sleep
GlobalAlloc
LoadLibraryExW
GetCommandLineW
FreeLibrary
CompareStringW
GetComputerNameW
WideCharToMultiByte
SetEvent
lstrcmpW
Exports
Exports
CacheSettingsDlg
CacheSettingsDlg2
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 228KB - Virtual size: 227KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 136KB - Virtual size: 136KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 560B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kbdlisus/KBDKHMR.DLL.dll windows:10 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
kbdkhmr.pdb
Exports
Exports
KbdLayerDescriptor
Sections
.text Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kbdlisus/Pimstore.dll.dll windows:10 windows x64 arch:x64
a81a027c851e00f8b8d8b277892e88b8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
pimstore.pdb
Imports
msvcrt
_isnan
wcstol
towlower
wcscspn
_wcsrev
tolower
_wcsicmp
strncpy_s
_wcstoui64
wcstod
wcstoul
_wcsnicmp
_vsnwprintf
_stricmp
_itow_s
bsearch
_strnicmp
?terminate@@YAXXZ
_wtoi
wcsncmp
_vsnwprintf_s
iswdigit
_errno
memcmp
swprintf_s
qsort
iswpunct
wcschr
_callnewh
__C_specific_handler
_XcptFilter
_amsg_exit
_initterm
realloc
__CxxFrameHandler3
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
iswspace
wcsncpy_s
malloc
floor
strrchr
free
strcpy_s
memmove
wcsstr
_purecall
memcpy_s
memcpy
ceil
memset
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
GetModuleFileNameW
LoadResource
LoadStringW
GetModuleHandleExW
FindResourceExW
LoadLibraryExW
DisableThreadLibraryCalls
LockResource
FreeLibrary
GetModuleFileNameA
SizeofResource
GetModuleHandleW
api-ms-win-core-synch-l1-1-0
EnterCriticalSection
ReleaseSemaphore
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
LeaveCriticalSection
CreateEventW
OpenSemaphoreW
CreateSemaphoreExW
ReleaseMutex
InitializeCriticalSectionEx
CreateMutexExW
SetEvent
api-ms-win-core-registry-l1-1-0
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSetKeySecurity
RegGetValueW
RegGetKeySecurity
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
RegSetValueExW
api-ms-win-eventing-provider-l1-1-0
EventWrite
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
api-ms-win-core-heap-l2-1-0
LocalReAlloc
LocalFree
LocalAlloc
api-ms-win-core-string-l2-1-0
IsCharUpperW
IsCharAlphaW
CharNextW
IsCharAlphaNumericW
api-ms-win-core-string-l1-1-0
GetStringTypeExW
WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar
CompareStringW
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
lstrcmpW
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-heap-obsolete-l1-1-0
LocalSize
api-ms-win-core-libraryloader-l1-2-1
FindResourceW
LoadLibraryW
api-ms-win-core-localization-obsolete-l1-2-0
GetSystemDefaultUILanguage
api-ms-win-core-localization-l1-2-0
FormatMessageW
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
GetDynamicTimeZoneInformation
SystemTimeToFileTime
GetTimeZoneInformation
api-ms-win-core-datetime-l1-1-0
GetTimeFormatW
GetDateFormatW
api-ms-win-core-sysinfo-l1-1-0
GetVersionExW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount64
GetSystemTime
GetLocalTime
GetTickCount
api-ms-win-core-file-l1-1-0
GetFileSize
ReadFile
WriteFile
GetTempFileNameW
CreateFileW
CompareFileTime
DeleteFileW
api-ms-win-core-shlwapi-legacy-l1-1-0
PathFileExistsW
api-ms-win-core-file-l2-1-2
CopyFileW
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
api-ms-win-security-base-l1-1-0
GetSecurityDescriptorDacl
GetLengthSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
CopySid
api-ms-win-security-trustee-l1-1-1
BuildExplicitAccessWithNameW
api-ms-win-security-provider-l1-1-0
SetEntriesInAclW
ntdll
RtlPublishWnfStateData
RtlReportException
api-ms-win-core-memory-l1-1-0
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
api-ms-win-core-string-l2-1-1
SHLoadIndirectString
api-ms-win-core-processthreads-l1-1-0
OpenProcessToken
TerminateProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak
api-ms-win-core-threadpool-l1-2-0
SetThreadpoolThreadMaximum
CreateThreadpoolWork
CloseThreadpoolCleanupGroupMembers
SubmitThreadpoolWork
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolWork
CreateThreadpool
CreateThreadpoolCleanupGroup
api-ms-win-core-processenvironment-l1-1-0
SearchPathW
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceComplete
InitOnceBeginInitialize
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
userdataplatformhelperutil
GenerateUserModeServiceName
IsCommsSystemService
StartAndWaitForService
GetCombinedTransientObjectSecurityDescriptor
RunServicesInProc
??0Deserializer@Comms@@QEAA@PEBE0_N1@Z
??1Deserializer@Comms@@QEAA@XZ
GetNextNewCalendarColor
?CopyBytesOut@Deserializer@Comms@@QEAA_NPEAX_KAEBVtype_info@@@Z
api-ms-win-service-management-l1-1-0
OpenServiceW
OpenSCManagerW
CloseServiceHandle
api-ms-win-service-management-l2-1-0
QueryServiceStatusEx
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
?Submit@AccountProviderHostJobBase@@QEAAJPEAK@Z
?SubmitSynchronously@AccountProviderHostJobBase@@QEAAJPEAXKPEAT_SNJobOutParams@@@Z
BuildDisplayName
BuildYomiDisplayName
CanonicalizedComparePropVal
ClearPreferenceAndOverride
CompareEmailAddresses
CopyCEPROPVAL
CreateAttendeeList
CreateCategoryDBManager
CreateContactSettingsRegKey
CreateItemInDefaultFolder
CreateOutlookApp
CreateRecurrenceFromData
DestroyNameParser
DisableLocalPoom
DisableLocalPoomEx
DllCanUnloadNow
DllGetClassObject
EnableLocalPoom
EnableLocalPoomEx
EscapePoomRestrictionValues
FindAllMatchingAggregates
FindAllMatchingContactsEx
FindAllMatchingContactsEx2
FindAllMatchingContactsEx3
FindMatchingContactEx
FindMatchingContactEx2
GetActiveOutlookApp
GetAggregateCache
GetAggregateCacheGeneration
GetAppointmentFromUniqueId
GetAppointmentUniqueId
GetBlankName
GetContactDisplayAndSortPropertiesFromRegistry
GetDefaultFolderFromStore
GetDefaultFolderFromStoreEx
GetDefaultStoreFilter
GetDefaultStoreId
GetDefaultStoreItemId
GetDefaultUSStore
GetDisplayBy
GetFloatingTime
GetFullName
GetGivenName
GetHighestUSStoreBit
GetMeetingNotificationFromMessage
GetMiddle
GetNewNameParser
GetNickname
GetPartnerGUID
GetSortBy
GetStartAndEndDate
GetSuffix
GetSurname
GetTitle
GetYomiDisplayName
GetYomiGivenName
GetYomiSurname
HandleMeetingResponseForAppointment
HandleMeetingResponseForMeetingNotification
HasAllBlobBitsSet
HasSameStoreFilter
IsDefaultStore
IsEmptyProp
IsFEString
OlDefaultFoldersToOlItemType
OlItemTypeToOlDefaultFolders
OlObjectTypeFromOLITEMID
POutlookAppManager_CreateInstance
ParseName
PimBinaryBodyToString
PimCreateGlobalObjId
RebuildName
SendPictureUpdateNotification
SetDisplayBy
SetFullName
SetGiven
SetIncludeMiddle
SetMiddle
SetNickname
SetSortBy
SetSuffix
SetSurname
SetTitle
SetYomiGiven
SetYomiSurname
StopNotifications
TextToTag
Sections
.text Size: 743KB - Virtual size: 743KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 158KB - Virtual size: 158KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kbdlisus/kbdlisus.dll.dll windows:10 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
kbdlisus.pdb
Exports
Exports
KbdLayerDescriptor
Sections
.text Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kbdlisus/pla.dll.dll regsvr32 windows:10 windows x64 arch:x64
3f7bf457cf32927d5d8d6d37e648607d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
pla.pdb
Imports
msvcrt
memcpy
memmove
memset
??1type_info@@UEAA@XZ
_initterm
malloc
wcsrchr
_amsg_exit
_XcptFilter
_lseek
time
_errno
_write
_close
_read
_wremove
srand
_wopen
_get_osfhandle
fclose
_wfopen
_wtoi
vfwprintf
fwprintf
qsort
_wtof
iswspace
_wtol
_wsplitpath_s
_wgetenv
wcsstr
wcscspn
rand
swscanf_s
wcsncmp
_wcsnicmp
__C_specific_handler
_purecall
?name@type_info@@QEBAPEBDXZ
_vsnwprintf
wcschr
_wcsicmp
free
wcscmp
ntdll
RtlNtStatusToDosError
NtQuerySystemInformation
EtwNotificationRegister
EtwNotificationUnregister
RtlStringFromGUID
RtlFreeUnicodeString
NtQuerySystemTime
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-service-core-l1-1-0
RegisterServiceCtrlHandlerExW
SetServiceStatus
api-ms-win-service-winsvc-l1-1-0
ControlService
QueryServiceStatus
api-ms-win-service-management-l1-1-0
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
api-ms-win-service-management-l2-1-0
ChangeServiceConfigW
QueryServiceConfigW
ChangeServiceConfig2W
advapi32
ControlTraceW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegEnumKeyW
RegFlushKey
DuplicateTokenEx
SetThreadToken
AccessCheck
GetFileSecurityW
LookupAccountNameW
RevertToSelf
ImpersonateLoggedOnUser
LogonUserW
SetSecurityDescriptorDacl
AddAccessAllowedAceEx
AddAce
EqualSid
GetAce
GetAclInformation
InitializeAcl
GetLengthSid
MakeAbsoluteSD
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegDeleteValueW
RegCreateKeyExW
QueryAllTracesW
FlushTraceW
StopTraceW
StartTraceW
UpdateTraceW
EnumerateTraceGuidsEx
EnableTraceEx
QueryTraceW
AdjustTokenPrivileges
EventAccessQuery
SetNamedSecurityInfoW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
EventAccessRemove
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegConnectRegistryW
CheckTokenMembership
CreateWellKnownSid
RegOpenKeyExW
user32
PeekMessageW
LoadStringW
DestroyWindow
MsgWaitForMultipleObjects
DispatchMessageW
CreateWindowExW
rpcrt4
RpcServerUnregisterIfEx
RpcServerInqCallAttributesW
RpcServerRegisterIf3
RpcServerUseProtseqEpW
RpcRevertToSelf
RpcImpersonateClient
NdrServerCallAll
RpcBindingToStringBindingW
RpcBindingInqAuthClientW
RpcStringFreeW
RpcBindingFree
RpcBindingSetAuthInfoW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
UuidCreate
NdrServerCall2
RpcStringBindingParseW
NdrClientCall3
pdh
PdhCollectQueryData
PdhAddCounterW
PdhExpandWildCardPathW
PdhOpenQueryW
PdhUpdateLogW
PdhCloseLog
PdhOpenLogW
PdhCloseQuery
PdhTranslate009CounterW
PdhTranslateLocaleCounterW
PdhGetFormattedCounterValue
tdh
TdhEnumerateRemoteWBEMProviders
TdhEnumerateProviderFieldInformation
TdhEnumerateRemoteWBEMProviderFieldInformation
TdhEnumerateProviders
nsi
NsiFreeTable
NsiAllocateAndGetTable
shlwapi
PathIsNetworkPathW
PathIsFileSpecW
ord439
cabinet
ord22
ord23
ord10
ord13
ord14
ord11
ord20
wevtapi
EvtRender
EvtCreateRenderContext
EvtClose
EvtOpenChannelConfig
EvtGetChannelConfigProperty
EvtSubscribe
EvtNext
kernel32
HeapValidate
LeaveCriticalSection
EnterCriticalSection
CreateEventW
CloseHandle
UnregisterWait
SetEvent
DebugBreak
HeapFree
HeapAlloc
ExpandEnvironmentStringsW
GetLocaleInfoW
GetLocalTime
MultiByteToWideChar
GetFileInformationByHandle
LocalFileTimeToFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
GetFullPathNameW
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetTimeZoneInformation
CreateDirectoryW
LocalFree
GetComputerNameW
FormatMessageW
InitializeCriticalSection
WaitForMultipleObjects
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
FreeResource
GlobalUnlock
GlobalFree
GetCurrentThread
GetCurrentProcess
GetFileAttributesW
IsWow64Process
Wow64DisableWow64FsRedirection
GetCurrentThreadId
Wow64RevertWow64FsRedirection
LoadLibraryExW
FreeLibrary
ResetEvent
OpenProcess
K32GetModuleFileNameExW
CreateFileW
WriteFile
WaitForSingleObject
QueryPerformanceCounter
GetCurrentProcessId
FindFirstFileW
FindNextFileW
FindClose
DuplicateHandle
GetSystemTimeAsFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetModuleFileNameW
Sleep
FileTimeToLocalFileTime
DeleteCriticalSection
GetWindowsDirectoryW
GetLastError
GetSystemDirectoryW
GetDateFormatW
GetProcessHeap
GetUserDefaultUILanguage
HeapReAlloc
CompareStringW
HeapSize
CreateWaitableTimerW
SetWaitableTimer
IsDebuggerPresent
OpenEventW
GetTickCount64
GetCommandLineW
CreateThread
GetTimeFormatW
GetDiskFreeSpaceExW
GetFileSizeEx
DisableThreadLibraryCalls
DeleteFileW
GetExitCodeThread
SetFileAttributesW
GetTempPathW
SetFileTime
LoadLibraryW
GetFileMUIPath
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetTempFileNameW
SetPriorityClass
GetSystemTime
CopyFileW
RemoveDirectoryW
CopyFileExW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
PlaDeleteReport
PlaExpandTaskArguments
PlaExtractCabinet
PlaGetLegacyAlertActionsFlagsFromString
PlaGetLegacyAlertActionsStringFromFlags
PlaGetServerCapabilities
PlaHost
PlaServer
PlaUpgrade
ServiceMain
SvchostPushServiceGlobals
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 152KB - Virtual size: 152KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 616B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 52KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
secur32/SEMgrPS.dll.dll windows:10 windows x64 arch:x64
7dcc2d309d96727b06e1bbb65b6597f9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
SEMgrPS.pdb
Imports
msvcrt
__C_specific_handler
malloc
_initterm
free
_amsg_exit
_XcptFilter
rpcrt4
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrCStdStubBuffer2_Release
NdrStubForwardingFunction
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
NdrStubCall3
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
api-ms-win-core-winrt-string-l1-1-0
HSTRING_UserUnmarshal64
HSTRING_UserSize
HSTRING_UserSize64
HSTRING_UserFree
HSTRING_UserMarshal64
HSTRING_UserUnmarshal
HSTRING_UserFree64
HSTRING_UserMarshal
api-ms-win-core-com-midlproxystub-l1-1-0
ObjectStublessClient7
ObjectStublessClient15
NdrProxyForwardingFunction23
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
NdrProxyForwardingFunction21
ObjectStublessClient3
ObjectStublessClient10
ObjectStublessClient5
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient30
ObjectStublessClient16
NdrProxyForwardingFunction9
ObjectStublessClient18
NdrProxyForwardingFunction11
NdrProxyForwardingFunction13
NdrProxyForwardingFunction29
NdrProxyForwardingFunction12
ObjectStublessClient4
NdrProxyForwardingFunction10
CStdStubBuffer2_CountRefs
NdrProxyForwardingFunction6
CStdStubBuffer2_Disconnect
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
NdrProxyForwardingFunction3
NdrProxyForwardingFunction7
ObjectStublessClient13
CStdStubBuffer2_Connect
ObjectStublessClient22
ObjectStublessClient27
NdrProxyForwardingFunction19
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient23
ObjectStublessClient19
ObjectStublessClient26
ObjectStublessClient17
ObjectStublessClient29
ObjectStublessClient21
ObjectStublessClient24
ObjectStublessClient25
NdrProxyForwardingFunction27
NdrProxyForwardingFunction26
NdrProxyForwardingFunction24
NdrProxyForwardingFunction18
NdrProxyForwardingFunction22
NdrProxyForwardingFunction17
NdrProxyForwardingFunction14
ObjectStublessClient31
NdrProxyForwardingFunction15
NdrProxyForwardingFunction20
NdrProxyForwardingFunction28
NdrProxyForwardingFunction8
NdrProxyForwardingFunction16
NdrProxyForwardingFunction25
oleaut32
BSTR_UserUnmarshal
BSTR_UserFree
BSTR_UserUnmarshal64
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserMarshal64
BSTR_UserSize64
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Exports
Exports
DllCanUnloadNow
DllGetClassObject
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 264B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
secur32/secur32.dll.dll windows:10 windows x64 arch:x64
f90c2a389f295606533d615109fb248b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
secur32.pdb
Imports
ntdll
_itow
RtlNtStatusToDosError
RtlInitUnicodeString
iswdigit
memcpy
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlFreeHeap
RtlAllocateHeap
RtlCopyUnicodeString
RtlEqualUnicodeString
RtlGetNtProductType
wcsncpy_s
wcschr
RtlFreeUnicodeString
RtlUpcaseUnicodeString
RtlCreateUnicodeString
iswspace
NtClose
NtUnmapViewOfSection
NtMapViewOfSection
NtOpenSection
wcsncmp
memset
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpW
api-ms-win-security-activedirectoryclient-l1-1-0
DsFreeNameResultW
DsUnBindW
DsCrackNamesW
DsBindWithSpnExW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
AddCredentialsA
AddCredentialsW
AddSecurityPackageA
AddSecurityPackageW
ApplyControlToken
ChangeAccountPasswordA
ChangeAccountPasswordW
CloseLsaPerformanceData
CollectLsaPerformanceData
CompleteAuthToken
CredMarshalTargetInfo
CredUnmarshalTargetInfo
DecryptMessage
DeleteSecurityContext
DeleteSecurityPackageA
DeleteSecurityPackageW
EncryptMessage
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
ExportSecurityContext
FreeContextBuffer
FreeCredentialsHandle
GetComputerObjectNameA
GetComputerObjectNameW
GetSecurityUserInfo
GetUserNameExA
GetUserNameExW
ImpersonateSecurityContext
ImportSecurityContextA
ImportSecurityContextW
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaLogonUser
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
LsaRegisterPolicyChangeNotification
LsaUnregisterPolicyChangeNotification
MakeSignature
OpenLsaPerformanceData
QueryContextAttributesA
QueryContextAttributesW
QueryCredentialsAttributesA
QueryCredentialsAttributesW
QuerySecurityContextToken
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
SaslAcceptSecurityContext
SaslEnumerateProfilesA
SaslEnumerateProfilesW
SaslGetContextOption
SaslGetProfilePackageA
SaslGetProfilePackageW
SaslIdentifyPackageA
SaslIdentifyPackageW
SaslInitializeSecurityContextA
SaslInitializeSecurityContextW
SaslSetContextOption
SealMessage
SeciAllocateAndSetCallFlags
SeciAllocateAndSetIPAddress
SeciFreeCallContext
SecpFreeMemory
SecpTranslateName
SecpTranslateNameEx
SetContextAttributesA
SetContextAttributesW
SetCredentialsAttributesA
SetCredentialsAttributesW
SspiCompareAuthIdentities
SspiCopyAuthIdentity
SspiDecryptAuthIdentity
SspiEncodeAuthIdentityAsStrings
SspiEncodeStringsAsAuthIdentity
SspiEncryptAuthIdentity
SspiExcludePackage
SspiFreeAuthIdentity
SspiGetTargetHostName
SspiIsAuthIdentityEncrypted
SspiLocalFree
SspiMarshalAuthIdentity
SspiPrepareForCredRead
SspiPrepareForCredWrite
SspiUnmarshalAuthIdentity
SspiValidateAuthIdentity
SspiZeroAuthIdentity
TranslateNameA
TranslateNameW
UnsealMessage
VerifySignature
Sections
.text Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 612B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
secur32/wininetlui.dll.dll windows:10 windows x64 arch:x64
21e7fc7acd53fc5b2900471ddf863396
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
wininetlui.pdb
Imports
msvcrt
_vsnwprintf
malloc
__C_specific_handler
free
_amsg_exit
_XcptFilter
_initterm
memset
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessageVa
api-ms-win-core-libraryloader-l1-2-0
LoadStringW
api-ms-win-core-com-l1-1-0
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
api-ms-win-core-localization-l1-2-0
GetUserDefaultLCID
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-datetime-l1-1-0
GetTimeFormatW
GetDateFormatW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
InternetErrorDlgEx
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.wpp_sf Size: 512B - Virtual size: 158B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 516B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
secur32/winmde.dll.dll regsvr32 windows:10 windows x64 arch:x64
30d9f815f3d0fe0f8f3741c9f2dc893e
Code Sign
33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15/12/2020, 21:29Not After02/12/2021, 21:29SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
15:4b:2a:de:25:d5:55:ad:40:78:2f:bc:c9:58:69:63:5f:98:c0:a8:8f:ba:61:ea:05:d9:8c:b3:ea:28:ed:3bSigner
Actual PE Digest15:4b:2a:de:25:d5:55:ad:40:78:2f:bc:c9:58:69:63:5f:98:c0:a8:8f:ba:61:ea:05:d9:8c:b3:ea:28:ed:3bDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
winmde.pdb
Imports
msvcrt
_XcptFilter
_callnewh
rand
towlower
iswxdigit
memmove
_onexit
_ui64tow_s
wcsstr
_i64tow_s
_vsnprintf
_ltoa_s
_i64toa_s
_amsg_exit
realloc
__CxxFrameHandler3
memset
_initterm
_ui64toa_s
_ultoa_s
_wtol
towupper
iswalpha
iswdigit
isalpha
isdigit
_ultow_s
wcschr
_vsnwprintf
bsearch
_errno
_lock
_unlock
memcpy
__C_specific_handler
_wcsicmp
_ltow_s
toupper
islower
_gcvt_s
_wcsnicmp
wcsncmp
__dllonexit
strnlen
memcmp
memchr
strncpy_s
strncmp
qsort
_purecall
memcpy_s
free
malloc
wcsncpy_s
wcscmp
api-ms-win-core-synch-l1-1-0
CreateWaitableTimerExW
ReleaseSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
SetEvent
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
WaitForSingleObject
CreateEventA
OpenEventW
CreateEventExW
OpenSemaphoreW
InitializeSRWLock
CreateSemaphoreExW
ResetEvent
SetWaitableTimer
ReleaseSemaphore
AcquireSRWLockShared
CreateEventW
api-ms-win-eventing-provider-l1-1-0
EventSetInformation
EventRegister
EventEnabled
EventUnregister
EventWriteTransfer
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-winrt-error-l1-1-0
RoOriginateError
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableLevel
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
SizeofResource
GetProcAddress
GetModuleFileNameW
FreeLibrary
LoadResource
FindResourceExW
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-registry-l1-1-0
RegEnumKeyExW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegSetValueExW
RegGetValueW
RegDeleteValueW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegCreateKeyExW
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar
api-ms-win-core-synch-l1-2-0
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceExecuteOnce
Sleep
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
GetProcessTimes
TlsGetValue
TlsSetValue
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateThread
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapAlloc
HeapFree
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
DebugBreak
OutputDebugStringA
api-ms-win-core-sysinfo-l1-1-0
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount
GetTickCount64
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-file-l1-1-0
CreateFileW
GetFileSize
WriteFile
GetFileAttributesExW
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
FileTimeToSystemTime
ntdll
RtlInitUnicodeString
NtDeviceIoControlFile
NtQuerySystemInformation
NtClose
NtCreateFile
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
sspicli
QueryContextAttributesW
EncryptMessage
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
d3d11
D3D11CreateDevice
rtworkq
RtwqCancelDeadline
RtwqSetLongRunning
RtwqCreateAsyncResult
RtwqInvokeCallback
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-processthreads-l1-1-1
OpenProcess
api-ms-win-core-toolhelp-l1-1-0
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
api-ms-win-core-heap-l2-1-0
LocalFree
GlobalFree
api-ms-win-core-heap-obsolete-l1-1-0
GlobalLock
GlobalUnlock
api-ms-win-core-memory-l1-1-0
OpenFileMappingW
VirtualQueryEx
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
api-ms-win-core-version-l1-1-1
GetFileVersionInfoW
api-ms-win-core-version-l1-1-0
VerQueryValueW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MFCreateNetVRoot
MFCreateWMPMDEOpCenter
MFCreateWinMDEOpCenter
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 222KB - Virtual size: 222KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 48KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 38KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64_x32_installer__v3.7.7.msi.msi