x64_x32_installer__v4[.]0[.]4[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

x64_x32_installer__v4.0.4.zip
Size

36.2MB
MD5

988cfac0e268c55eea4f1030b60b1073
SHA1

2cf903dc9e0b5e4d0d04cb1ca2b707e2e0f0a376
SHA256

bb514c9b67376a4c1f0dc00a1342b4287d2bb55d85fbedb036d4b6a5537d7347
SHA512

32423a559294c6825145d7503593ae22de773360f31d47f7c0f7eb7ddd12d51c37da5cca3257d5d85006bbcdfdb929bbd48a2ee00de56bcc33be39a41f390e67
SSDEEP

786432:TL9kpnzjGPqcnfL83/NSgpdLmgKYxCOugqNvX4oJvL5o88XcjfFtCduC3I:mnnLRpuDX4ohLJy0tyu3

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dps/XblGameSave.dll
unpack001/dps/dpapisrv.dll
unpack001/dps/wwanmm.dll
unpack001/enterprisecsps/energy.dll
unpack001/enterprisecsps/enterprisecsps.dll
unpack001/enterprisecsps/filemgmt.dll
unpack001/kdnet/NetworkIcon.dll
unpack001/kdnet/ngccredprov.dll
unpack001/ucrtbase/SessEnv.dll
unpack001/ucrtbase/twinui.appcore.dll
unpack001/vbsapi/Windows.Media.Streaming.dll
unpack001/vbsapi/vbsapi.dll

Files

x64_x32_installer__v4.0.4.zip
.zip
dps/XblGameSave.dll
.dll windows:10 windows x64 arch:x64

7e80c7b4f275c9ea605678d912adb2c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

XblGameSave.pdb

Imports

msvcrt

__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
malloc
_initterm
??_V@YAXPEAX@Z
_vsnprintf
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
_onexit
memmove
__CxxFrameHandler3
free
??3@YAXPEAX@Z
_amsg_exit
_XcptFilter
_callnewh
_purecall
_CxxThrowException
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
strchr
realloc
towupper
wcscat_s
??8type_info@@QEBAHAEBV0@@Z
_ultow_s
memmove_s
_wcstoui64
_wcsicmp
wcsstr
wcsncpy_s
wcscpy_s
_wtoi64
wcschr
wcsncmp
swscanf_s
_wtoi
tolower
setlocale
memcpy
___mb_cur_max_func
_errno
___lc_handle_func
___lc_codepage_func
__pctype_func
calloc
__crtLCMapStringW
___lc_collate_cp_func
memcmp
__crtCompareStringW
abort
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
?terminate@@YAXXZ
memset

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
OpenThreadToken
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

SetEvent
ResetEvent
CreateSemaphoreExW
InitializeCriticalSectionEx
InitializeCriticalSection
ReleaseSemaphore
CreateMutexExW
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
CreateEventW
DeleteCriticalSection
InitializeSRWLock
EnterCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
LeaveCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoReleaseServerProcess
CoFreeUnusedLibraries
CoCreateInstance
CoInitializeEx
CoAddRefServerProcess
CoUninitialize
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoSetProxyBlanket
CoSwitchCallContext
StringFromGUID2
CoCreateGuid
CoRevertToSelf
CoImpersonateClient
CoRevokeClassObject
CoEnableCallCancellation
CoDecrementMTAUsage
CoCancelCall
CoDisableCallCancellation
CoInitializeSecurity
CoRegisterClassObject
CoResumeClassObjects
CoDisconnectContext

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoInitialize
RoRegisterActivationFactories
RoGetActivationFactory
RoRevokeActivationFactories

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsGetStringLen
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
RoTransformError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
InitOnceExecuteOnce

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD
RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetSystemTime

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegDeleteTreeW
RegGetValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CloseThreadpoolWork
CloseThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW

oleaut32

VariantInit

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l1-1-0

FindClose
GetFileInformationByHandle
CreateDirectoryW
CreateFileW
SetFilePointerEx
SetEndOfFile
FindNextFileW
FindFirstFileW
ReadFile
WriteFile
CompareFileTime
GetFileSizeEx
GetFileAttributesW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

rpcrt4

NdrServerCallAll
NdrServerCall2
RpcRevertToSelfEx
RpcImpersonateClient
RpcServerUnregisterIf
RpcBindingVectorFree
RpcServerUseProtseqW
RpcServerInqBindings
RpcServerRegisterIf3
RpcEpRegisterW
RpcEpUnregister
UuidFromStringW

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

ntdll

NtFlushBuffersFileEx
NtSetInformationFile
RtlDosPathNameToNtPathName_U
NtQueryInformationToken
DbgPrintEx
NtQueryWnfStateData
RtlUnsubscribeWnfStateChangeNotification
RtlCapabilityCheck
RtlInitUnicodeString
RtlIsMultiSessionSku
RtlSubscribeWnfStateChangeNotification

combase

ord67
ord69
ord68
ord66

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain

Sections

.text
Size: 841KB - Virtual size: 840KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dps/dpapisrv.dll
.dll windows:10 windows x64 arch:x64

ee8dd9c021c5e38224032b7f773aec78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dpapisrv.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

rpcrt4

RpcServerInqDefaultPrincNameW
RpcServerRegisterIfEx
RpcServerInqCallAttributesW
RpcRevertToSelf
RpcServerRegisterAuthInfoW
UuidCreate
RpcStringBindingParseW
UuidFromStringW
RpcServerUnregisterIf
RpcBindingToStringBindingW
RpcServerUseProtseqEpW
RpcBindingFree
RpcEpResolveBinding
RpcStringFreeW
RpcNetworkIsProtseqValidW
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
UuidCompare
RpcServerUnregisterIfEx
RpcServerRegisterIf3
RpcImpersonateClient
RpcRevertToSelfEx
NdrClientCall3
NdrServerCall2
NdrServerCallAll
UuidToStringW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
AllocateAndInitializeSid
ImpersonateSelf
GetLengthSid
DuplicateTokenEx
GetTokenInformation
GetSidSubAuthorityCount
FreeSid
EqualSid
CreateWellKnownSid
SetTokenInformation
CopySid
RevertToSelf
ImpersonateLoggedOnUser
IsValidSid
CheckTokenMembership
AllocateLocallyUniqueId
DuplicateToken

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegUnLoadKeyW
RegLoadKeyW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateMutexW
InitializeCriticalSectionEx
OpenMutexW
LeaveCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
ReleaseMutex
CreateMutexExW
ReleaseSemaphore
OpenEventW
CreateEventW
EnterCriticalSection
SetEvent
ReleaseSRWLockShared
CreateSemaphoreExW
InitializeSRWLock
OpenSemaphoreW
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
OpenThreadToken
TerminateProcess

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CloseThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CreateThreadpoolTimer
SubmitThreadpoolWork

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetComputerNameExW
GetSystemDirectoryW
GetTickCount

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

bcrypt

BCryptGenerateSymmetricKey
BCryptGenRandom
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt
BCryptFinishHash
BCryptDestroyHash
BCryptHashData
BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptCreateHash
BCryptKeyDerivation
BCryptDeriveKeyCapi
BCryptImportKeyPair
BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptExportKey
BCryptOpenAlgorithmProvider

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualQuery

api-ms-win-core-file-l1-1-0

FindFirstFileW
GetFileSize
SetEndOfFile
WriteFile
FindNextFileW
FindClose
CreateFileW
ReadFile
DeleteFileW
CompareFileTime
FlushFileBuffers
SetFilePointer

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

cryptbase

SystemFunction041
SystemFunction040

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

ncrypt

NCryptOpenStorageProvider
NCryptFinalizeKey
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFreeObject

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

lsasrv

LsaILookupUserAccountType
LsaIDeriveCredentialKey

ntasn1

ord4
ord5

lsass.exe

LsaGetInterface

ntdll

RtlLeaveCriticalSection
NtOpenEvent
NtCreateEvent
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlFreeHeap
NtCreateFile
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
EtwEventUnregister
RtlEnterCriticalSection
RtlImageNtHeader
RtlDeleteCriticalSection
RtlGetCurrentServiceSessionId
NtQueryInformationProcess
EtwEventWriteTransfer
EtwEventActivityIdControl
RtlEqualDomainName
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlUpcaseUnicodeString
RtlInitUnicodeString
RtlIsStateSeparationEnabled
EtwTraceMessage
RtlInitializeCriticalSection
NtPrivilegeCheck
NtOpenThreadToken
NtClose
EtwEventRegister
NtQueryInformationToken
RtlEqualSid

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

InitializeLsaExtension
QueryLsaInterface

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dps/wwanmm.dll
.dll windows:10 windows x64 arch:x64

085d30f77f85e03dcd40724f5435c85f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WWanMM.pdb

Imports

msvcrt

memcmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
_callnewh
_vsnprintf_s
_wtoi
vswprintf_s
swprintf_s
memmove_s
_wtoi64
??3@YAXPEAX@Z
iswdigit
_get_errno
_set_errno
memcpy_s
_vsnwprintf
malloc
free
_purecall
calloc
??_V@YAXPEAX@Z
_resetstkoflw
__C_specific_handler
__CxxFrameHandler3
memset

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateEventW
WaitForSingleObject
ResetEvent
AcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
ReleaseSRWLockExclusive
SetEvent

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetProcAddress
FreeLibrary
LockResource
LoadStringW
FindResourceExW
LoadResource
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
StringFromIID
CoTaskMemRealloc
CoUninitialize
IIDFromString
CoCreateGuid

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

oleaut32

SafeArrayGetElement
SafeArrayLock
SysAllocString
VariantClear
SafeArrayDestroy
VariantInit
VariantChangeType
SafeArrayUnlock
SafeArrayAccessData
SysStringLen
SafeArrayRedim
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayCreate
SysFreeString
SafeArrayGetUBound

iphlpapi

ConvertInterfaceLuidToAlias
ConvertInterfaceGuidToLuid

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-sidebyside-l1-1-0

FindActCtxSectionStringW
CreateActCtxW
DeactivateActCtx
ActivateActCtx
QueryActCtxW

kernel32

lstrlenW
lstrcmpW
LocalFree
InitializeCriticalSectionEx
OutputDebugStringW
LoadLibraryExW
CreateFileW
lstrlenA
ExpandEnvironmentStringsW
DebugBreak
GetModuleHandleW
GetProcessHeap
CreateMutexExW
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
CompareStringOrdinal
IsDebuggerPresent

user32

UnregisterClassA

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlNtStatusToDosError
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
WinSqmAddToStream
WinSqmSetDWORD
WinSqmAddToStreamEx

shell32

ShellExecuteExW
CommandLineToArgvW

wwapi

WwanFreeMemory
WwanAllocateMemory

mobilenetworking

GetPersistentRegPath

wcmapi

WcmQueryProperty
WcmFreeMemory

datusage

CreateDataUsageHelper

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

crypt32

CryptUnprotectData
CryptProtectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
StartDiagnosticsW

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
enterprisecsps/energy.dll
.dll windows:10 windows x64 arch:x64

5a6c1bb2d4cdfc861b6d3485be83e4ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

energy.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
__C_specific_handler
_errno
_initterm
_amsg_exit
wcsnlen
floor
??1type_info@@UEAA@XZ
setlocale
__crtLCMapStringW
memmove
_XcptFilter
__uncaught_exception
__pctype_func
memcmp
_CxxThrowException
__CxxFrameHandler3
wcstoul
_wcsicmp
___lc_handle_func
___lc_codepage_func
swprintf_s
iswprint
malloc
??0exception@@QEAA@AEBQEBDH@Z
_wcsnicmp
_vsnwprintf
calloc
memcpy
_onexit
___mb_cur_max_func
_wcsdup
_ismbblead
memset
abort
sprintf_s
free
?terminate@@YAXXZ
localeconv
__doserrno
_wfopen_s
fclose
fwprintf_s
toupper
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
strcspn
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
_wsetlocale
wcscmp

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-ole32-ie-l1-1-0

CoInitialize

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlCopySid
RtlVirtualUnwind
NtQueryWnfStateData
NtPowerInformation
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlGetPersistedStateLocation
RtlLengthSid

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventProviderEnabled
EventWriteTransfer
EventSetInformation
EventWrite
EventUnregister

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateEventW
WaitForSingleObject
DeleteCriticalSection

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
CreateFileW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetVersionExW
GetComputerNameExW
GetSystemTimeAsFileTime

rpcrt4

UuidCreate

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
LoadStringW
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapCreate
HeapFree
HeapDestroy
GetProcessHeap

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
CloseTrace
OpenTraceW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchAppend

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
TraceSetInformation
StartTraceW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-eventing-tdh-l1-1-0

TdhUnloadManifest
TdhGetProperty
TdhGetEventInformation
TdhGetPropertySize

powrprof

PowerReadACValueIndex
PowerReadDCValueIndex

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SysAllocString
VariantClear
GetErrorInfo
SysFreeString

Exports

Exports

EnergyWizard_Analyze
EnergyWizard_CancelTrace
EnergyWizard_CollectTrace
EnergyWizard_CreateEnergyWizard
EnergyWizard_DefaultTraceDuration
EnergyWizard_DestroyEnergyWizard
EnergyWizard_GetLogEntryCounts
EnergyWizard_SaveReport
EnergyWizard_SqmAnalysis
EnergyWizard_TransformReport
SaveBatteryReport
SaveSleepStudyReport
SaveSystemSleepDiagnosticsReport
SendScreenOnTelemetry
TransformBatteryReport
TransformSleepStudyReport
TransformSystemSleepDiagnosticsReport

Sections

.text
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
enterprisecsps/enterprisecsps.dll
.dll windows:10 windows x64 arch:x64

ffba186bc5ad0ddf6c81eb2959a5a51b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

enterprisecsps.pdb

Imports

dmenterprisediagnostics

RecordDiagnosticsError

msvcp110_win

?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xbad_function_call@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?uncaught_exception@std@@YA_NXZ
??_7facet@locale@std@@6B@
_Wcsxfrm
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1?$codecvt@GDH@std@@MEAA@XZ
??_7codecvt_base@std@@6B@
??_7?$codecvt@GDH@std@@6B@
?in@?$codecvt@GDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAG3AEAPEAG@Z
??0?$codecvt@GDH@std@@QEAA@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$codecvt@GDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??_7_Facet_base@std@@6B@
_Wcscoll
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@G@std@@2V0locale@2@A
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??Bid@locale@std@@QEAA_KXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_BADOFF@std@@3_JB
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

msvcrt

fputc
fflush
fclose
_wtoi
fwrite
fgetpos
setvbuf
ungetc
fgetc
??3@YAXPEAX@Z
__CxxFrameHandler3
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
_purecall
fsetpos
_fseeki64
ldiv
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
__C_specific_handler
wcsncpy_s
malloc
free
_wcsicmp
swscanf
wcschr
memmove_s
wcstoul
_wcsnicmp
wcsstr
__ExceptionPtrCreate
__ExceptionPtrCopy
wcstok_s
__ExceptionPtrDestroy
?what@exception@@UEBAPEBDXZ
?terminate@@YAXXZ
__ExceptionPtrCurrentException
__ExceptionPtrRethrow
??8type_info@@QEBAHAEBV0@@Z
wcsrchr
toupper
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
realloc
strchr
swprintf_s
srand
rand
??0exception@@QEAA@AEBQEBD@Z
sprintf_s
strncpy_s
_set_errno
_errno
strtol
strrchr
wcsncmp
_wcslwr
towlower
wcstol
_fpclass
wcscpy_s
_callnewh
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_CxxThrowException
__RTDynamicCast
memcmp
memcpy
memmove
memset
wcscmp

ntdll

RtlNtStatusToDosErrorNoTeb
RtlVirtualUnwind
NtDeleteWnfStateName
RtlCaptureContext
RtlIsMultiUsersInSessionSku
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
WinSqmSetDWORD
WinSqmStartSession
WinSqmEndSession
RtlIsStateSeparationEnabled
NtCreateWnfStateName
RtlLookupFunctionEntry
RtlPublishWnfStateData

api-ms-win-core-libraryloader-l1-2-0

LoadResource
SizeofResource
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
FindStringOrdinal
GetModuleHandleW
LoadLibraryExA
GetModuleHandleExW
GetProcAddress
FindResourceExW
LoadStringW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateSemaphoreExW
CreateEventW
InitializeCriticalSection
ResetEvent
ReleaseSemaphore
CreateMutexExW
OpenEventW
WaitForSingleObject
ReleaseMutex
AcquireSRWLockExclusive
CreateEventExW
SetEvent
OpenSemaphoreW
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

TerminateThread
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
CreateProcessAsUserW
GetCurrentProcess
OpenProcessToken
CreateThread
TerminateProcess
OpenThreadToken
CreateProcessW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocStringLen
VariantChangeType
SystemTimeToVariantTime
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysStringLen
VariantTimeToSystemTime
VariantCopy
VariantChangeTypeEx
SafeArrayUnaccessData
SafeArrayCreate
SysAllocString
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SafeArrayGetDim
SafeArrayGetElement
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventProviderEnabled
EventSetInformation
EventActivityIdControl
EventUnregister
EventWriteTransfer

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegGetValueW
RegEnumValueW
RegCreateKeyExW
RegDeleteTreeW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegOpenCurrentUser
RegSetValueExW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
LocalAlloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

crypt32

CryptExportPublicKeyInfo
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertCreateCertificateContext
CertFindExtension
CryptDecodeObjectEx
CertRDNValueToStrW
CertGetNameStringW
CryptHashCertificate2
CertAddEncodedCertificateToStore
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
CertGetCertificateContextProperty
CryptBinaryToStringW
CryptSetKeyIdentifierProperty
CryptProtectData
CryptUnprotectData
CryptDecryptMessage
CryptAcquireCertificatePrivateKey
CertGetCertificateChain
CertFreeCertificateChain

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetSystemWindowsDirectoryW
GetLocalTime
GetSystemInfo
GetComputerNameExW
GetWindowsDirectoryW

rpcrt4

UuidCreate
UuidFromStringW
RpcBindingCreateW
UuidToStringW
RpcStringFreeW
RpcBindingFree
RpcBindingBind
I_RpcExceptionFilter
NdrClientCall3

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoActivateInstance
RoInitialize

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-realtime-l1-1-1

QueryUnbiasedInterruptTimePrecise

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-security-base-l1-1-0

GetTokenInformation
AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

ncrypt

NCryptGetProperty
NCryptDeleteKey
NCryptOpenStorageProvider
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFreeObject
NCryptOpenKey

iphlpapi

GetAdaptersAddresses
GetIfEntry2

ws2_32

InetNtopW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

FindFirstFileW
RemoveDirectoryW
FindClose
CreateFileW
WriteFile
FindNextFileW
GetFullPathNameW
FileTimeToLocalFileTime
DeleteFileW
GetFileAttributesW
CreateDirectoryW
ReadFile

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAppend
PathCchSkipRoot
PathAllocCombine
PathCchCombine

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

cryptsp

CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
GetNamedPipeClientProcessId

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpiW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

omadmapi

ord34
ord44
ord47
ord23
ord52
ord22
ord53
ord56
ord27
ord54
ord166
ord78
ord24

dmcmnutils

OmDmRegistryAllocAndGetString
SafeWideCharToMultiByte
DmRaiseToastNotification
DmDisableTask
OmaDmRegistryGetString
OmaDmRegistryGetDWORD
OmaDmRegistryDeleteValue
OmaDmRegistrySetDWORD
OmaDmRegistrySetString
HexStringToBinary
DecodeBase64W
OmaDmRegistryGetBinary
BinaryToHexString
BigStrcat
DmDeleteTask
IsPhoneOS
OmaDmRegistryGetAllSubKeys
DMGetClientHardwareUID
CopyString
DmRevertToSelf
InvStrCmpIW
DmGetActiveUserSid
DmImpersonate
DmGetCurrentUserSid
OmaDmRegistrySetBinary
OmaDmRegistryGetAllValues
DmEnableTask
MBToUnicode
UnicodeToMB
EncodeBase64W
CreateBstrArray

dmiso8601utils

FileTimeToISO8601String
SystemTimeToISO8601String

dmcfgutils

SyncGetDeviceUniqueID

policymanager

EnterprisePolicyManagerStore_EvaluatePoliciesUpdateCurrent
EnterprisePolicyManagerStore_GetEnrollmentTypeFromEnrollment
EnterprisePolicyManagerStore_CSPResultAreaGetChildNodeNames
EnterprisePolicyManagerStore_DoesProviderExist
EnterprisePolicyManagerStore_CreateProviderHive
EnterprisePolicyManagerStore_GetAllProviderContextSidAreas
EnterprisePolicyManagerStore_CSPConfigSourceDeleteChild
EnterprisePolicyManagerStore_CSPConfigSourceAreaCreateNodeInstance
EnterprisePolicyManagerStore_EnsureProviderContextSidAreaExist
EnterprisePolicyManagerStore_CSPConfigSourceAreaGetChildNodeNames
EnterprisePolicyManagerStore_IsValidArea
EnterprisePolicyManagerStore_CSPConfigSourceAreaDeleteChild
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicyCreateNodeInstance
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicyGetValue
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicySetValue
EnterprisePolicyManagerStore_IsValidPolicy
EnterprisePolicyManagerStore_CSPResultAreaPolicyGetValue
EnterprisePolicyManagerStore_IsPolicyAreaForIngestedAdmx
EnterprisePolicyManagerStore_DeleteEnrollmentAdmxMetadata
EnterprisePolicyManagerStore_GetPolicyTypeFromMetadata
EnterprisePolicyManagerStore_CSPResultGetAreaChildNodeNames
EnterprisePolicyManagerStore_IsADMXIngestionAllowed
EnterprisePolicyManagerStore_DeleteEnrollmentAppAdmxMetadata
EnterprisePolicyManagerStore_DeleteEnrollmentAppSettingTypeAdmxMetadata
EnterprisePolicyManagerStore_GetAdmxFileData
EnterprisePolicyManagerStore_VerifyAdmxPoliciesAreNotSet
EnterprisePolicyManagerStore_IngestAdmxTextBlob
EnterprisePolicyManagerStore_DoesProviderContextSidAreaPolicyValueExist
EnterprisePolicyManagerStore_SetProviderContextSidAreaPolicyValue
EnterprisePolicyManagerStore_DeleteProvider
EnterprisePolicyManagerStore_GetCurrentPolicyValue
EnterprisePolicyManagerStore_GetAllCurrentSidAreaPolicies
EnterprisePolicyManagerStore_GetAllProviderContextSidAreaPolicies
EnterprisePolicyManagerStore_DeleteProviderContextSidAreaPolicy
EnterprisePolicyManagerStore_GetProviderContextSidAreaPolicyValue
EnterprisePolicyManagerStore_PublishAnyDelayedWnfs

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

xmllite

CreateXmlReader
CreateXmlWriter
CreateXmlWriterOutputWithEncodingName
CreateXmlReaderInputWithEncodingName

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream
SHCreateStreamOnFileW

combase

ord154

api-ms-win-shcore-registry-l1-1-0

SHCopyKeyW

sspicli

GetUserNameExW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
ConnectNamedPipe

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

certenroll

ord45

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 518KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
enterprisecsps/filemgmt.dll
.dll regsvr32 windows:10 windows x64 arch:x64

89122c235f124c1d01afc6dc2575d168

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

filemgmt.pdb

Imports

mfc42u

ord2586
ord4741
ord3743
ord822
ord3774
ord867
ord3892
ord1033
ord2329
ord6614
ord6418
ord2661
ord4131
ord1498
ord6351
ord2781
ord2393
ord4860
ord2593
ord4747
ord3501
ord3806
ord912
ord4795
ord4894
ord4846
ord852
ord1035
ord4257
ord4262
ord6395
ord6385
ord2906
ord3396
ord3894
ord337
ord2326
ord4557
ord5245
ord1286
ord3761
ord5702
ord665
ord4612
ord1043
ord3754
ord629
ord599
ord6734
ord3182
ord2801
ord1264
ord5694
ord2666
ord1787
ord3177
ord2377
ord6632
ord2324
ord4344
ord1781
ord2665
ord2379
ord2316
ord4521
ord4127
ord4601
ord3003
ord1657
ord2474
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord1067
ord3751
ord3535
ord5229
ord5712
ord4743
ord1778
ord6440
ord2589
ord4542
ord1566
ord832
ord2023
ord2422
ord1906
ord1499
ord1442
ord2975
ord625
ord6216
ord5585
ord5583
ord5304
ord5114
ord5352
ord4699
ord5687
ord4722
ord5246
ord5406
ord2517
ord6437
ord4365
ord1777
ord4752
ord5663
ord2399
ord5586
ord6812
ord4694
ord5709
ord4017
ord5227
ord4789
ord2670
ord2060
ord6814
ord3933
ord5484
ord1736
ord5683
ord2457
ord2140
ord5699
ord4988
ord4771
ord3868
ord4548
ord6328
ord6147
ord5584
ord6767
ord5077
ord2764
ord2328
ord2311
ord2384
ord5382
ord999
ord549
ord4582
ord2629
ord6708
ord6705
ord2371
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord2412
ord3468
ord5722
ord5724
ord4368
ord5065
ord5730
ord5711
ord6053
ord3049
ord3243
ord3362
ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord3534
ord4082
ord4083
ord4077
ord3164
ord4371
ord4983
ord4770
ord3916
ord1426
ord2752
ord4214
ord1063
ord659
ord1562
ord1647
ord1441
ord2856
ord6050
ord621
ord4436
ord4523
ord2676
ord1677
ord1463
ord3790
ord3830
ord286
ord1574
ord2427
ord3740
ord1284
ord5887
ord2979
ord1287
ord2846
ord4473
ord5719
ord2408
ord287
ord620
ord1122
ord3873
ord568
ord1355
ord5950
ord1483
ord6880
ord626
ord5935
ord6886
ord1126
ord1040
ord624
ord1006
ord4721
ord6887

msvcrt

__RTDynamicCast
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_vsnwprintf
_wtoi64
_wcsnicmp
wcschr
calloc
iswspace
wcsstr
wcsncmp
_wcsicmp
??_V@YAXPEAX@Z
malloc
free
__C_specific_handler
__CxxFrameHandler3
_purecall
memset

atl

ord32
ord16
ord21
ord15
ord18
ord22

ntdll

RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlLookupFunctionEntry
RtlVirtualUnwind

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetLengthSid
CopySid
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
EnumServicesStatusW
RegDeleteValueW
GetUserNameW
RegConnectRegistryW
IsWellKnownSid
RevertToSelf
MapGenericMask
AllocateAndInitializeSid
MakeSelfRelativeSD
FreeSid
GetSecurityDescriptorLength
GetSecurityDescriptorControl
LsaOpenPolicy
LsaFreeMemory
LsaClose
LsaSetSystemAccessAccount
LsaGetSystemAccessAccount
LsaCreateAccount
LsaOpenAccount
GetSidSubAuthority
GetSidSubAuthorityCount
LsaLookupNames

user32

SetWindowsHookExW
GetWindowThreadProcessId
FindWindowExW
GetDlgCtrlID
GetSystemMetrics
GetWindowRect
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
EnumThreadWindows
IsWindowVisible
GetDesktopWindow
GetFocus
GetWindowLongW
SetActiveWindow
SetWindowTextW
GetClientRect
ShowWindow
MessageBoxW
PostMessageW
GetParent
LoadImageW
UnhookWindowsHookEx
GetActiveWindow
LoadBitmapW
WinHelpW
EnableWindow
SetDlgItemTextW
EndDialog
GetWindowLongPtrW
GetDlgItemTextW
IsDlgButtonChecked
SetFocus
SetWindowLongPtrW
GetDlgItem
SendMessageW
RegisterClipboardFormatW
LoadStringW
DialogBoxParamW
LoadIconW
CallNextHookEx

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

gdi32

DeleteObject

cfgmgr32

CM_Set_HW_Prof_Flags_ExW
CM_Disconnect_Machine
CM_Connect_MachineW
CM_Get_HW_Prof_Flags_ExW

kernel32

GetLastError
GetModuleFileNameW
GetCurrentThreadId
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
GetProcAddress
SetLastError
DeactivateActCtx
LoadLibraryW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
QueryActCtxW
GetModuleHandleW
OutputDebugStringA
CreateThread
WaitForSingleObject
DuplicateHandle
GlobalLock
GlobalUnlock
GlobalFree
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetCurrentProcess
CloseHandle
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
FormatMessageW
LocalFree
GetSystemWindowsDirectoryW
ResumeThread
LocalAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
ReleaseActCtx
lstrlenW
CreateProcessW
GetExitCodeProcess
GetComputerNameExW
CreateEventW
Sleep
GlobalAlloc
LoadLibraryExW
GetCommandLineW
FreeLibrary
CompareStringW
GetComputerNameW
WideCharToMultiByte
SetEvent
lstrcmpW

Exports

Exports

CacheSettingsDlg
CacheSettingsDlg2
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kdnet/NetworkIcon.dll
.dll windows:10 windows x64 arch:x64

f2f242dab5597e0ad5c1fcd0481cf3e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NetworkIcon.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__crt_atexit
memmove
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_toupper
__C_specific_handler
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress
LoadStringW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-synch-l1-1-0

ReleaseMutex
OpenSemaphoreW
WaitForSingleObjectEx
WaitForSingleObject
EnterCriticalSection
DeleteCriticalSection
ReleaseSemaphore
InitializeCriticalSectionEx
CreateEventW
ReleaseSRWLockExclusive
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
SetEvent
AcquireSRWLockExclusive
ResetEvent
LeaveCriticalSection
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventWriteTransfer
EventRegister
EventProviderEnabled

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoIncrementMTAUsage
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

iphlpapi

ConvertInterfaceGuidToLuid
GetIfEntry2Ex

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsPromoteStringBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString
WindowsCreateString
WindowsPreallocateStringBuffer
WindowsDeleteStringBuffer

oleaut32

SysFreeString
SysStringLen

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoFailFastWithErrorContext
RoTransformError

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kdnet/kernel32.dll
.dll windows:10 windows x64 arch:x64

504648a47926611a0869d2a6c53023c8

Code Sign

33:00:00:03:80:e4:bb:91:f3:18:fd:8e:9a:00:00:00:00:03:80
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2022, 19:24

Not After

08/03/2023, 19:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:92:9c:6c:e6:95:de:66:14:52:fb:77:d9:b1:fd:e7:8a:30:78:5c:15:bc:e9:07:81:0d:2d:b5:15:51:bd:60
Signer

Actual PE Digest

13:92:9c:6c:e6:95:de:66:14:52:fb:77:d9:b1:fd:e7:8a:30:78:5c:15:bc:e9:07:81:0d:2d:b5:15:51:bd:60

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

kernel32.pdb

Imports

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlVirtualUnwind
RtlRaiseException
RtlRestoreContext
RtlLookupFunctionEntry
RtlInstallFunctionTableCallback
RtlCompareMemory
RtlDeleteFunctionTable
RtlAddFunctionTable
RtlPcToFileHeader
RtlUnwind
RtlCaptureStackBackTrace
RtlCaptureContext

ntdll

_wcslwr
RtlGetUILanguageInfo
EtwEventEnabled
RtlpConvertLCIDsToCultureNames
NtEnumerateKey
RtlIntegerToUnicodeString
RtlTimeToTimeFields
RtlTimeFieldsToTime
RtlUnhandledExceptionFilter
NtTerminateProcess
wcsncmp
wcsncpy
LdrFindResourceEx_U
RtlReadThreadProfilingData
RtlQueryThreadProfiling
RtlDisableThreadProfiling
RtlNtStatusToDosErrorNoTeb
RtlEnableThreadProfiling
NtMapUserPhysicalPagesScatter
RtlDecodeSystemPointer
bsearch
RtlComputeImportTableHash
RtlFindActivationContextSectionGuid
RtlQueryActivationContextApplicationSettings
RtlSubAuthorityCountSid
LdrResFindResourceDirectory
RtlQueryInformationActivationContext
TpSetPoolStackInformation
TpAllocWait
NtDeleteValueKey
NtSetValueKey
towlower
RtlUnicodeStringToInteger
RtlLCIDToCultureName
RtlSizeHeap
RtlpConvertCultureNamesToLCIDs
NtQueryInstallUILanguage
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlExpandEnvironmentStrings_U
RtlPublishWnfStateData
NtQueryLicenseValue
_wtol
memmove_s
RtlGUIDFromString
sin
TpAllocTimer
TpAllocIoCompletion
RtlSetThreadPreferredUILanguages
RtlMultiAppendUnicodeStringBuffer
swprintf_s
RtlImageNtHeaderEx
NtMapViewOfSection
NtCreateSection
RtlDosPathNameToNtPathName_U_WithStatus
RtlGetActiveActivationContext
RtlDeactivateActivationContext
RtlActivateActivationContext
RtlZombifyActivationContext
RtlReleaseActivationContext
RtlAddRefActivationContext
RtlCreateActivationContext
RtlGetLengthWithoutLastFullDosOrNtPathElement
RtlpApplyLengthFunction
RtlGetFullPathName_U
RtlDoesFileExists_U
RtlDetermineDosPathNameType_U
RtlpEnsureBufferSize
DbgPrintEx
NtUnmapViewOfSection
RtlQueryPackageClaims
tolower
atol
toupper
isdigit
NtQueryInformationThread
RtlEnterUmsSchedulingMode
RtlCreateUmsThreadContext
TpAllocWork
RtlSetUmsThreadInformation
RtlQueryUmsThreadInformation
RtlGetNextUmsListItem
RtlGetCurrentUmsThread
RtlDeleteUmsCompletionList
RtlUmsThreadYield
RtlExecuteUmsThread
RtlGetUmsCompletionListEvent
RtlDequeueUmsCompletionListItems
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlCreateUmsCompletionList
RtlDestroyEnvironment
RtlCreateEnvironmentEx
RtlCreateEnvironment
NtQueryEvent
RtlCreateUnicodeString
NtRaiseHardError
RtlFreeAnsiString
RtlFreeOemString
RtlGetCurrentDirectory_U
wcsrchr
_wcsnicmp
RtlUnicodeStringToOemString
NtQueryVolumeInformationFile
CsrFreeCaptureBuffer
CsrAllocateMessagePointer
CsrAllocateCaptureBuffer
RtlEqualUnicodeString
RtlUnicodeStringToAnsiString
RtlExitUserThread
RtlAddIntegrityLabelToBoundaryDescriptor
RtlQueryProtectedPolicy
NtReplacePartitionUnit
RtlCompareUnicodeString
RtlExitUserProcess
RtlInitUnicodeStringEx
RtlQueryPackageIdentity
EtwEventWriteNoRegistration
RtlWow64LogMessageInEventLogger
LdrUnloadDll
LdrGetProcedureAddress
LdrLoadDll
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlFormatCurrentUserKeyPath
NtQueryValueKey
RtlEqualSid
RtlSubAuthoritySid
RtlInitializeSid
NtQueryInformationToken
NtOpenProcessToken
NtSetInformationThread
NtOpenThreadToken
RtlReleaseSRWLockExclusive
RtlQueryRegistryValuesEx
NtOpenKey
RtlAcquireSRWLockExclusive
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitAnsiStringEx
NtIsSystemResumeAutomatic
NtInitiatePowerAction
RtlIsNameLegalDOS8Dot3
RtlGetCurrentProcessorNumberEx
NtWaitForSingleObject
NtCreateEvent
RtlSetSearchPathMode
LdrGetDllDirectory
RtlUnlockHeap
RtlGetUserInfoHeap
RtlLockHeap
RtlDeregisterSecureMemoryCacheCallback
RtlRegisterSecureMemoryCacheCallback
RtlCompactHeap
NtFsControlFile
NtOpenFile
NtClose
LdrAddRefDll
NtQueryInformationFile
NtSetInformationFile
wcscpy_s
RtlGetActiveConsoleId
RtlDeactivateActivationContextUnsafeFast
RtlActivateActivationContextUnsafeFast
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlWow64GetThreadSelectorEntry
NtSetInformationDebugObject
DbgUiGetThreadDebugObject
DbgUiIssueRemoteBreakin
NtSetSystemInformation
NtQueryInformationProcess
RtlSetCurrentTransaction
RtlGetCurrentTransaction
RtlSetLastWin32Error
CsrClientCallServer
LdrDisableThreadCalloutsForDll
TpCallbackMayRunLong
TpAllocCleanupGroup
TpSimpleTryPost
TpAllocPool
TpQueryPoolStackInformation
RtlDeleteUmsThreadContext
TpSetPoolMinThreads
CsrVerifyRegion
RtlCharToInteger
RtlInitAnsiString
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteSize
RtlDestroyAtomTable
NtFindAtom
NtQueryInformationAtom
RtlAddAtomToAtomTable
NtAddAtomEx
NtDeleteAtom
RtlCreateAtomTable
RtlDeleteAtomFromAtomTable
RtlLookupAtomInAtomTable
RtlQueryAtomInAtomTable
RtlDnsHostNameToComputerName
RtlPrefixString
NtFlushKey
_memicmp
RtlxUnicodeStringToAnsiSize
RtlEnterCriticalSection
wcschr
wcsstr
RtlLeaveCriticalSection
NtCreateKey
NtCreateFile
RtlCreateUnicodeStringFromAsciiz
wcsncpy_s
wcscspn
NtCreateJobSet
RtlReleasePrivilege
NtSetInformationJobObject
NtQueryInformationJobObject
NtCreateJobObject
RtlAcquirePrivilege
NtAssignProcessToJobObject
NtTerminateJobObject
NtOpenJobObject
RtlLengthSecurityDescriptor
NtSetEaFile
NtSetSecurityObject
NtQueryEaFile
NtQuerySecurityObject
LdrQueryImageFileKeyOption
LdrOpenImageFileOptionsKey
RtlQueryElevationFlags
NtSetInformationProcess
RtlRaiseStatus
NtQuerySection
NtFreeVirtualMemory
NtWriteFile
NtEnumerateValueKey
RtlEqualString
RtlUnicodeToMultiByteN
strncpy_s
NtUnlockFile
RtlDosPathNameToNtPathName_U
NtReadFile
NtLockFile
RtlCopyUnicodeString
CsrCaptureMessageString
RtlIsTextUnicode
NtAllocateVirtualMemory
RtlGetLongestNtPathLength
RtlPrefixUnicodeString
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlSetIoCompletionCallback
RtlDeregisterWait
RtlRegisterWait
RtlImageDirectoryEntryToData
NtQueryVirtualMemory
RtlCreateBoundaryDescriptor
NtProtectVirtualMemory
RtlGetThreadErrorMode
NtCreateMailslotFile
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
NtQueryDirectoryFile
strcpy_s
RtlFindActivationContextSectionString
LdrSetDllDirectory
LdrFindResource_U
RtlSwitchedVVI
NtQueryWnfStateData
NtPowerInformation
NtGetDevicePowerState
NtSetThreadExecutionState
NtSetSystemEnvironmentValueEx
NtQuerySystemEnvironmentValueEx
RtlInitString
NtSetVolumeInformationFile
NtDeviceIoControlFile
RtlIsValidHandle
RtlAllocateHandle
RtlReAllocateHeap
RtlFreeHandle
RtlSetUserValueHeap
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
strchr
RtlSetEnvironmentStrings
RtlOemStringToUnicodeString
wcscat_s
RtlAllocateAndInitializeSid
RtlQueryEnvironmentVariable_U
NtQueryAttributesFile
RtlFreeSid
strrchr
NtQueryFullAttributesFile
TpCaptureCaller
RtlWow64EnableFsRedirection
_stricmp
NtSetTimerResolution
NtQueryTimerResolution
RtlGetAppContainerSidType
RtlConvertSidToUnicodeString
RtlSetEnvironmentVariable
RtlGetAppContainerParent
RtlQueryEnvironmentVariable
CsrCaptureMessageMultiUnicodeStringsInPlace
wcsnlen
strcat_s
strnlen
NlsMbCodePageTag
RtlRunOnceExecuteOnce
RtlInitializeCriticalSection
RtlGetThreadPreferredUILanguages
NtReadVirtualMemory
LdrResSearchResource
_strnicmp
strncmp
RtlTryAcquirePebLock
RtlReleasePebLock
RtlEncodeSystemPointer
RtlGetNtSystemRoot
NtWaitForMultipleObjects
NtClearEvent
RtlWerpReportException
DbgPrint
RtlGetDeviceFamilyInfoEnum
RtlHashUnicodeString
NtApphelpCacheControl
RtlGetFullPathName_UEx
ZwClose
ZwOpenFile
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryDirectoryFile
RtlNtPathNameToDosPathName
RtlGetNativeSystemInformation
ZwQuerySystemInformation
ZwUnmapViewOfSection
ZwMapViewOfSection
VerSetConditionMask
RtlVerifyVersionInfo
RtlGetVersion
RtlGetCurrentServiceSessionId
RtlGetSuiteMask
LdrQueryImageFileExecutionOptions
RtlInitUnicodeString
_vsnwprintf
RtlSetProtectedPolicy
LdrSetDllManifestProber
RtlSetThreadPoolStartFunc
RtlImageNtHeader
NtQuerySystemInformation
RtlFreeHeap
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlAllocateHeap
_wcsicmp
__C_specific_handler
memmove
RtlGetPersistedStateLocation
_local_unwind
cos
floor
memcmp
memcpy
memset
wcscmp

kernelbase

NotifyMountMgr
BaseFormatObjectAttributes
GetVolumeNameForVolumeMountPointW
lstrcmpW
lstrcmpiW
GetRegistryExtensionFlags
KernelBaseGetGlobalData
GlobalFree
LoadStringBaseExW
GetUnicodeStringToEightBitStringRoutine
GetUnicodeStringToEightBitSizeRoutine
CompareStringA
GetNamedPipeAttribute
AppXPreCreationExtension
AppXPostSuccessExtension
AppXReleaseAppXContext
AreFileApisANSI
CreateProcessInternalA
AppContainerLookupMoniker
AppContainerFreeMemory
CreateProcessInternalW
CreateProcessAsUserW
BasepNotifyTrackingService
CreateProcessAsUserA
EnumLanguageGroupLocalesW
PackageIdFromFullName
GetPackageFullName
GetCurrentPackageFullName
CheckIsMSIXPackage
ClosePackageInfo
AppXGetOSMaxVersionTested
GetPackageTargetPlatformProperty
GetTargetPlatformContext
OpenPackageInfoByFullNameForUser
EnumSystemLanguageGroupsW
EnumSystemLocalesEx
MoveFileWithProgressTransactedW
BasepAdjustObjectAttributesForPrivateNamespace
GetEightBitStringToUnicodeStringRoutine
GetStringTableEntry
CheckGroupPolicyEnabled
OpenRegKey
InternalLcidToName
NlsIsUserDefaultLocale
GetPtrCalDataArray
GetUserOverrideString
GetPtrCalData
Internal_EnumCalendarInfo
Internal_EnumLanguageGroupLocales
Internal_EnumSystemCodePages
Internal_EnumDateFormats
Internal_EnumUILanguages
Internal_EnumSystemLanguageGroups
NlsValidateLocale
Internal_EnumTimeFormats
GetNamedLocaleHashNode
GetUserOverrideWord
GetLocaleInfoHelper
GetCalendar
BaseDllFreeResourceId
BaseDllMapResourceIdW
CheckAllowDecryptedRemoteDestinationPolicy
PrivCopyFileExW
EnumUILanguagesW
LCIDToLocaleName
GetUserDefaultLocaleName
GetSystemDefaultLocaleName
GetEraNameCountedString
FatalAppExitW
FatalAppExitA
lstrlenW
lstrlenA
lstrcpynW
lstrcpynA
Sleep
SetFileApisToOEM
SetFileApisToANSI
PulseEvent
MapViewOfFileExNuma
LocalUnlock
LocalReAlloc
LocalLock
LocalAlloc
HeapSummary
GlobalAlloc
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetStringTypeA
GetProcAddressForCaller
BaseGetNamedObjectDirectory

api-ms-win-core-processthreads-l1-1-0

SetThreadStackGuarantee
SetProcessShutdownParameters
SetThreadPriority
SetThreadPriorityBoost
ResumeThread
QueueUserAPC
ProcessIdToSessionId
GetCurrentProcess
GetCurrentProcessId
OpenThread
GetThreadPriorityBoost
GetThreadPriority
SuspendThread
SwitchToThread
OpenProcessToken
GetExitCodeProcess
TerminateProcess
CreateProcessA
CreateProcessW
CreateRemoteThreadEx
TerminateThread
TlsAlloc
TlsFree
TlsSetValue
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateRemoteThread
SetProcessAffinityUpdateMode
QueryProcessAffinityUpdateMode
GetProcessVersion
GetThreadId
GetStartupInfoW
GetProcessTimes
GetProcessId
GetExitCodeThread
GetPriorityClass
GetProcessIdOfThread
SetPriorityClass

api-ms-win-core-processthreads-l1-1-3

SetThreadIdealProcessor
SetProcessInformation
GetProcessInformation
GetProcessShutdownParameters

api-ms-win-core-processthreads-l1-1-2

SetProcessPriorityBoost
GetProcessPriorityBoost
SetThreadInformation
GetThreadInformation
GetSystemTimes
GetThreadIOPendingFlag

api-ms-win-core-processthreads-l1-1-1

SetThreadContext
OpenProcess
IsProcessorFeaturePresent
SetThreadIdealProcessorEx
FlushInstructionCache
GetThreadTimes
GetThreadIdealProcessorEx
GetProcessHandleCount
GetThreadContext
GetProcessMitigationPolicy
SetProcessMitigationPolicy

api-ms-win-core-registry-l1-1-0

RegSetValueExA
RegSetKeySecurity
RegSaveKeyExW
RegSaveKeyExA
RegRestoreKeyW
RegRestoreKeyA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenUserClassesRoot
RegOpenKeyExA
RegOpenCurrentUser
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegUnLoadKeyA
RegLoadKeyW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegCopyTreeW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyExA
RegLoadKeyA
RegDeleteTreeA
RegDeleteTreeW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCacheEx
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegSetValueExW
RegUnLoadKeyW
RegLoadAppKeyW
RegGetValueA
RegLoadMUIStringA
RegDeleteKeyExW
RegEnumValueW
RegFlushKey
RegGetKeySecurity

api-ms-win-core-heap-l1-1-0

HeapWalk
HeapValidate
HeapSetInformation
HeapQueryInformation
HeapLock
HeapDestroy
HeapCreate
HeapCompact
HeapReAlloc
GetProcessHeaps
HeapAlloc
GetProcessHeap
HeapFree
HeapUnlock

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-memory-l1-1-1

SetSystemFileCacheSize
ResetWriteWatch
GetWriteWatch
VirtualUnlock
VirtualLock
GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx
QueryMemoryResourceNotification
CreateFileMappingNumaW
CreateMemoryResourceNotification
GetLargePageMinimum
GetSystemFileCacheSize

api-ms-win-core-memory-l1-1-0

VirtualProtectEx
VirtualProtect
WriteProcessMemory
VirtualFreeEx
VirtualQuery
VirtualAllocEx
VirtualAlloc
UnmapViewOfFile
ReadProcessMemory
OpenFileMappingW
MapViewOfFileEx
MapViewOfFile
FlushViewOfFile
CreateFileMappingW
VirtualFree
VirtualQueryEx

api-ms-win-core-memory-l1-1-2

AllocateUserPhysicalPagesNuma
GetMemoryErrorHandlingCapabilities
UnregisterBadMemoryNotification
VirtualAllocExNuma
RegisterBadMemoryNotification
MapUserPhysicalPages
FreeUserPhysicalPages
AllocateUserPhysicalPages

api-ms-win-core-handle-l1-1-0

CloseHandle
SetHandleInformation
GetHandleInformation
DuplicateHandle

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
WaitForMultipleObjectsEx
SleepEx
CreateMutexExA
CreateMutexA
CreateEventW
CreateEventExW
CreateEventExA
EnterCriticalSection
WaitForSingleObjectEx
LeaveCriticalSection
CreateEventA
SetWaitableTimer
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
OpenWaitableTimerW
OpenSemaphoreW
OpenMutexW
OpenEventW
OpenEventA
InitializeCriticalSectionEx
CancelWaitableTimer
InitializeCriticalSectionAndSpinCount
CreateWaitableTimerExW
CreateSemaphoreExW
CreateMutexW
CreateMutexExW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

DeleteSynchronizationBarrier
InitializeSynchronizationBarrier
EnterSynchronizationBarrier
SignalObjectAndWait
InitOnceExecuteOnce

api-ms-win-core-file-l1-1-0

GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileAttributesA
GetFileSizeEx
GetDriveTypeW
GetDriveTypeA
GetFileTime
GetDiskFreeSpaceW
FindFirstFileW
FindFirstVolumeW
FindNextChangeNotification
GetDiskFreeSpaceExW
GetDiskFreeSpaceExA
FileTimeToLocalFileTime
DeleteVolumeMountPointW
DeleteFileW
DeleteFileA
DefineDosDeviceW
CreateFileW
CreateFileA
GetFileType
FindNextFileA
FindNextFileW
FindNextVolumeW
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetLogicalDriveStringsW
GetTempFileNameW
GetVolumeInformationByHandleW
GetVolumeInformationW
GetVolumePathNameW
LocalFileTimeToFileTime
LockFile
LockFileEx
QueryDosDeviceW
ReadFile
ReadFileEx
ReadFileScatter
RemoveDirectoryA
RemoveDirectoryW
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetFileValidData
UnlockFile
UnlockFileEx
WriteFile
GetDiskFreeSpaceA
WriteFileEx
WriteFileGather
FindVolumeClose
FlushFileBuffers
CreateDirectoryW
CreateDirectoryA
CompareFileTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
CreateFile2
GetTempPathW

api-ms-win-core-file-l1-2-2

GetTempPathA
GetTempFileNameA
FindFirstStreamW
FindFirstFileNameW
FindNextFileNameW
GetVolumeInformationA

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW
SetFileIoOverlappedRange
GetCompressedFileSizeA

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetQueuedCompletionStatus
CancelIoEx
GetOverlappedResult
DeviceIoControl

api-ms-win-core-io-l1-1-1

CancelSynchronousIo
CancelIo

api-ms-win-core-job-l1-1-0

IsProcessInJob

api-ms-win-core-threadpool-legacy-l1-1-0

ChangeTimerQueueTimer
CreateTimerQueue
UnregisterWaitEx
CreateTimerQueueTimer
QueueUserWorkItem
DeleteTimerQueueTimer
DeleteTimerQueueEx

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-libraryloader-l1-2-2

EnumResourceNamesW

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
LoadLibraryExW
GetModuleHandleW
GetProcAddress
FreeLibraryAndExitThread
FreeResource
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
GetModuleHandleA
EnumResourceTypesExW
GetModuleHandleExA
GetModuleHandleExW
EnumResourceTypesExA
EnumResourceNamesExA
EnumResourceLanguagesExW
EnumResourceLanguagesExA
SizeofResource
DisableThreadLibraryCalls
LoadResource
LoadLibraryExA
EnumResourceNamesExW
FindResourceExW
LockResource

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA
FindResourceW

api-ms-win-core-libraryloader-l2-1-0

LoadPackagedLibrary

api-ms-win-core-namedpipe-l1-2-2

CallNamedPipeW

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
CreatePipe
DisconnectNamedPipe
GetNamedPipeClientComputerNameW
TransactNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
ConnectNamedPipe
PeekNamedPipe

api-ms-win-core-namedpipe-l1-2-1

GetNamedPipeHandleStateW

api-ms-win-core-datetime-l1-1-0

GetDateFormatA
GetTimeFormatA
GetTimeFormatW
GetDateFormatW

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-datetime-l1-1-2

GetDurationFormatEx

api-ms-win-core-sysinfo-l1-2-0

SetComputerNameExW
EnumSystemFirmwareTables
GetSystemTimePreciseAsFileTime
SetSystemTime
GetProductInfo
GetSystemFirmwareTable
GetNativeSystemInfo

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetComputerNameExA
GetLocalTime
GetLogicalProcessorInformationEx
GetLogicalProcessorInformation
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetVersion
GetVersionExA
GetVersionExW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalMemoryStatusEx
GetComputerNameExW
SetLocalTime

api-ms-win-core-sysinfo-l1-2-3

SetComputerNameExA
SetComputerNameW
SetComputerNameA

api-ms-win-core-sysinfo-l1-2-1

DnsHostnameToComputerNameExW
GetPhysicallyInstalledSystemMemory
SetComputerNameEx2W

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
SetDynamicTimeZoneInformation
GetTimeZoneInformationForYear
GetDynamicTimeZoneInformation
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SetTimeZoneInformation
SystemTimeToFileTime
GetTimeZoneInformation

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetUILanguageInfo
GetCalendarInfoEx
GetThreadPreferredUILanguages
GetACP
GetCPInfo
GetNLSVersion
IsValidNLSVersion
SetThreadPreferredUILanguages
SetThreadUILanguage
GetLocaleInfoA
GetLocaleInfoW
GetOEMCP
GetUserPreferredUILanguages
GetNLSVersionEx
IdnToUnicode
FormatMessageW
IsValidLocaleName
GetProcessPreferredUILanguages
GetSystemDefaultLangID
GetSystemDefaultLCID
GetThreadLocale
SetProcessPreferredUILanguages
GetUserDefaultLCID
IsDBCSLeadByte
IsDBCSLeadByteEx
IsNLSDefinedString
IsValidCodePage
IsValidLanguageGroup
IsValidLocale
LCMapStringA
IdnToAscii
LCMapStringW
SetCalendarInfoW
SetLocaleInfoW
GetSystemPreferredUILanguages
FindNLSString
EnumSystemLocalesW
VerLanguageNameA
EnumSystemLocalesA
VerLanguageNameW
ConvertDefaultLocale
SetThreadLocale
FindNLSStringEx
GetFileMUIInfo
LCMapStringEx
FormatMessageA
LocaleNameToLCID
ResolveLocaleName
GetUserDefaultLangID
GetThreadUILanguage
GetFileMUIPath
GetCalendarInfoW
GetCPInfoExW

api-ms-win-core-processsnapshot-l1-1-0

PssWalkSnapshot
PssQuerySnapshot
PssFreeSnapshot
PssCaptureSnapshot
PssDuplicateSnapshot
PssWalkMarkerCreate
PssWalkMarkerFree
PssWalkMarkerGetPosition
PssWalkMarkerSetPosition
PssWalkMarkerSeekToBeginning

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetEnvironmentVariableA
SetEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentDirectoryA
GetCommandLineW
GetCommandLineA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
GetEnvironmentVariableW
GetEnvironmentStrings
GetStdHandle
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
SetStdHandleEx
GetCurrentDirectoryW

api-ms-win-core-processenvironment-l1-2-0

SearchPathA
NeedCurrentDirectoryForExePathW
NeedCurrentDirectoryForExePathA

api-ms-win-core-string-l1-1-0

CompareStringEx
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
GetStringTypeExW
FoldStringW
CompareStringW
CompareStringOrdinal

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent
WaitForDebugEvent
ContinueDebugEvent
DebugActiveProcessStop
DebugActiveProcess

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
GetErrorMode
SetErrorMode
RaiseException

api-ms-win-core-errorhandling-l1-1-3

SetThreadErrorMode
GetThreadErrorMode

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsSetValue
FlsGetValue
FlsFree

api-ms-win-core-util-l1-1-0

Beep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-security-base-l1-1-0

DuplicateToken
CreateWellKnownSid
FreeSid
EqualSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
InitializeSid
AllocateAndInitializeSid
AccessCheck

api-ms-win-security-base-l1-2-0

GetAppContainerAce
CheckTokenMembershipEx
CheckTokenCapability
SetCachedSigningLevel
AddResourceAttributeAce
AddScopedPolicyIDAce
GetCachedSigningLevel

api-ms-win-security-appcontainer-l1-1-0

GetAppContainerNamedObjectPath

api-ms-win-core-comm-l1-1-0

SetCommBreak
SetCommConfig
GetCommTimeouts
GetCommState
SetCommMask
GetCommModemStatus
GetCommMask
GetCommConfig
ClearCommBreak
ClearCommError
GetCommProperties
SetCommState
SetCommTimeouts
SetupComm
TransmitCommChar
WaitCommEvent
PurgeComm
EscapeCommFunction

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime
QueryIdleProcessorCycleTime
QueryIdleProcessorCycleTimeEx
QueryUnbiasedInterruptTime
QueryProcessCycleTime

api-ms-win-core-wow64-l1-1-1

IsWow64Process2
GetSystemWow64DirectoryA
GetSystemWow64Directory2W
GetSystemWow64DirectoryW

api-ms-win-core-wow64-l1-1-0

IsWow64Process
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

api-ms-win-core-wow64-l1-1-3

Wow64SetThreadContext
Wow64GetThreadContext
Wow64SuspendThread

api-ms-win-core-systemtopology-l1-1-1

GetNumaProximityNodeEx

api-ms-win-core-systemtopology-l1-1-0

GetNumaNodeProcessorMaskEx
GetNumaHighestNodeNumber

api-ms-win-core-processtopology-l1-1-0

GetThreadGroupAffinity
SetThreadGroupAffinity
GetProcessGroupAffinity

api-ms-win-core-namespace-l1-1-0

CreateBoundaryDescriptorW
CreatePrivateNamespaceW
ClosePrivateNamespace
DeleteBoundaryDescriptor
OpenPrivateNamespaceW
AddSIDToBoundaryDescriptor

api-ms-win-core-file-l2-1-2

CopyFileW
CreateHardLinkA

api-ms-win-core-file-l2-1-0

ReplaceFileW
CopyFile2
CopyFileExW
ReadDirectoryChangesW
ReOpenFile
CreateSymbolicLinkW
CreateHardLinkW
GetFileInformationByHandleEx
CreateDirectoryExW
MoveFileWithProgressW
MoveFileExW

api-ms-win-core-file-l2-1-3

ReadDirectoryChangesExW

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-xstate-l2-1-0

CopyContext
InitializeContext
SetXStateFeaturesMask
GetXStateFeaturesMask
LocateXStateFeature
GetEnabledXStateFeatures

api-ms-win-core-xstate-l2-1-1

InitializeContext2

api-ms-win-core-localization-l2-1-0

EnumSystemCodePagesW
EnumTimeFormatsW
EnumCalendarInfoExEx
EnumDateFormatsW
EnumTimeFormatsEx
GetCurrencyFormatEx
GetNumberFormatEx
EnumCalendarInfoW
EnumDateFormatsExEx
EnumCalendarInfoExW
EnumDateFormatsExW

api-ms-win-core-normalization-l1-1-0

NormalizeString
VerifyScripts
IsNormalizedString
GetStringScripts
IdnToNameprepUnicode

api-ms-win-core-fibers-l2-1-0

CreateFiber
DeleteFiber
ConvertThreadToFiber
SwitchToFiber
ConvertFiberToThread

api-ms-win-core-fibers-l2-1-1

ConvertThreadToFiberEx
CreateFiberEx

api-ms-win-core-localization-private-l1-1-0

NlsCheckPolicy
NlsUpdateSystemLocale
NlsUpdateLocale
NlsGetCacheUpdateCount

api-ms-win-core-sidebyside-l1-1-0

GetCurrentActCtx
FindActCtxSectionStringW
FindActCtxSectionGuid
DeactivateActCtx
CreateActCtxW
ZombifyActCtx
AddRefActCtx
ActivateActCtx
ReleaseActCtx
QueryActCtxW
QueryActCtxSettingsW

api-ms-win-core-appcompat-l1-1-0

BaseDumpAppcompatCache
BaseInitAppcompatCacheSupport
BaseCleanupAppcompatCacheSupport
BaseFlushAppcompatCache
BaseUpdateAppcompatCache
BaseCheckAppcompatCacheEx
BaseCheckAppcompatCache

api-ms-win-core-windowserrorreporting-l1-1-0

WerUnregisterRuntimeExceptionModule
WerRegisterFile
WerUnregisterMemoryBlock
GetApplicationRecoveryCallback
WerRegisterMemoryBlock
WerRegisterRuntimeExceptionModule
WerUnregisterFile
GetApplicationRestartSettings

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart
UnregisterApplicationRestart

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterExcludedMemoryBlock
WerUnregisterAdditionalProcess
WerRegisterAdditionalProcess
WerUnregisterExcludedMemoryBlock
WerRegisterCustomMetadata
WerUnregisterCustomMetadata

api-ms-win-core-windowserrorreporting-l1-1-2

WerRegisterAppLocalDump
WerUnregisterAppLocalDump

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleOutputCP
GetConsoleCP
WriteConsoleW
GetNumberOfConsoleInputEvents
ReadConsoleA
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleW
SetConsoleCtrlHandler
SetConsoleMode
WriteConsoleA
AllocConsole

api-ms-win-core-console-l1-2-0

PeekConsoleInputA
AttachConsole
FreeConsole
PeekConsoleInputW

api-ms-win-core-console-l1-2-1

CreatePseudoConsole
ClosePseudoConsole
ResizePseudoConsole

api-ms-win-core-console-l2-1-0

WriteConsoleOutputCharacterW
GenerateConsoleCtrlEvent
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
FlushConsoleInputBuffer
ReadConsoleOutputCharacterA
CreateConsoleScreenBuffer
SetConsoleScreenBufferInfoEx
GetLargestConsoleWindowSize
ReadConsoleOutputA
ReadConsoleOutputAttribute
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfoEx
WriteConsoleOutputW
FillConsoleOutputCharacterA
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SetConsoleActiveScreenBuffer
SetConsoleCP
SetConsoleCursorInfo
SetConsoleCursorPosition
WriteConsoleOutputCharacterA
WriteConsoleOutputAttribute
WriteConsoleOutputA
WriteConsoleInputW
WriteConsoleInputA
SetConsoleWindowInfo
SetConsoleTextAttribute
SetConsoleScreenBufferSize
SetConsoleOutputCP

api-ms-win-core-console-l2-2-0

GetConsoleOriginalTitleA
GetConsoleOriginalTitleW
GetConsoleTitleA
SetConsoleTitleA
SetConsoleTitleW
GetConsoleTitleW

api-ms-win-core-console-l3-2-0

ExpungeConsoleCommandHistoryA
ExpungeConsoleCommandHistoryW
AddConsoleAliasW
AddConsoleAliasA
GetConsoleAliasA
SetCurrentConsoleFontEx
SetConsoleNumberOfCommandsW
SetConsoleNumberOfCommandsA
SetConsoleHistoryInfo
GetConsoleAliasExesA
GetNumberOfConsoleMouseButtons
GetCurrentConsoleFontEx
GetCurrentConsoleFont
GetConsoleWindow
GetConsoleSelectionInfo
GetConsoleProcessList
GetConsoleHistoryInfo
GetConsoleFontSize
GetConsoleDisplayMode
GetConsoleCommandHistoryW
GetConsoleCommandHistoryLengthW
GetConsoleCommandHistoryLengthA
GetConsoleCommandHistoryA
GetConsoleAliasesW
GetConsoleAliasesLengthW
GetConsoleAliasesLengthA
GetConsoleAliasesA
GetConsoleAliasW
GetConsoleAliasExesW
GetConsoleAliasExesLengthW
GetConsoleAliasExesLengthA
SetConsoleDisplayMode

api-ms-win-core-psapi-l1-1-0

K32GetPerformanceInfo
K32GetProcessMemoryInfo
K32GetProcessImageFileNameW
QueryFullProcessImageNameW
K32GetDeviceDriverFileNameW
K32GetDeviceDriverBaseNameW
K32EnumDeviceDrivers
K32GetMappedFileNameW
K32GetWsChangesEx
K32GetWsChanges
K32InitializeProcessForWsWatch
K32EnumProcesses
K32QueryWorkingSetEx
K32EnumProcessModulesEx
K32GetModuleBaseNameW
K32GetModuleFileNameExW
K32GetModuleInformation
K32EmptyWorkingSet
K32EnumPageFilesW
K32QueryWorkingSet
K32EnumProcessModules

api-ms-win-core-psapi-ansi-l1-1-0

K32GetProcessImageFileNameA
K32GetMappedFileNameA
K32GetDeviceDriverFileNameA
K32GetModuleFileNameExA
K32GetModuleBaseNameA
K32EnumPageFilesA
QueryFullProcessImageNameA
K32GetDeviceDriverBaseNameA

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-appcompat-l1-1-1

BaseReadAppCompatDataForProcess
BaseFreeAppCompatDataForProcess

Exports

Exports

AcquireSRWLockExclusive
AcquireSRWLockShared
ActivateActCtx
ActivateActCtxWorker
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AddDllDirectory
AddIntegrityLabelToBoundaryDescriptor
AddLocalAlternateComputerNameA
AddLocalAlternateComputerNameW
AddRefActCtx
AddRefActCtxWorker
AddResourceAttributeAce
AddSIDToBoundaryDescriptor
AddScopedPolicyIDAce
AddSecureMemoryCacheCallback
AddVectoredContinueHandler
AddVectoredExceptionHandler
AdjustCalendarDate
AllocConsole
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
AppPolicyGetClrCompat
AppPolicyGetCreateFileAccess
AppPolicyGetLifecycleManagement
AppPolicyGetMediaFoundationCodecLoading
AppPolicyGetProcessTerminationMethod
AppPolicyGetShowDeveloperDiagnostic
AppPolicyGetThreadInitializationType
AppPolicyGetWindowingModel
AppXGetOSMaxVersionTested
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
AreFileApisANSI
AssignProcessToJobObject
AttachConsole
BackupRead
BackupSeek
BackupWrite
BaseCheckAppcompatCache
BaseCheckAppcompatCacheEx
BaseCheckAppcompatCacheExWorker
BaseCheckAppcompatCacheWorker
BaseCheckElevation
BaseCleanupAppcompatCacheSupport
BaseCleanupAppcompatCacheSupportWorker
BaseDestroyVDMEnvironment
BaseDllReadWriteIniFile
BaseDumpAppcompatCache
BaseDumpAppcompatCacheWorker
BaseElevationPostProcessing
BaseFlushAppcompatCache
BaseFlushAppcompatCacheWorker
BaseFormatObjectAttributes
BaseFormatTimeOut
BaseFreeAppCompatDataForProcessWorker
BaseGenerateAppCompatData
BaseGetNamedObjectDirectory
BaseInitAppcompatCacheSupport
BaseInitAppcompatCacheSupportWorker
BaseIsAppcompatInfrastructureDisabled
BaseIsAppcompatInfrastructureDisabledWorker
BaseIsDosApplication
BaseQueryModuleData
BaseReadAppCompatDataForProcessWorker
BaseSetLastNTError
BaseThreadInitThunk
BaseUpdateAppcompatCache
BaseUpdateAppcompatCacheWorker
BaseUpdateVDMEntry
BaseVerifyUnicodeString
BaseWriteErrorElevationRequiredEvent
Basep8BitStringToDynamicUnicodeString
BasepAllocateActivationContextActivationBlock
BasepAnsiStringToDynamicUnicodeString
BasepAppContainerEnvironmentExtension
BasepAppXExtension
BasepCheckAppCompat
BasepCheckWebBladeHashes
BasepCheckWinSaferRestrictions
BasepConstructSxsCreateProcessMessage
BasepCopyEncryption
BasepFinishPackageActivationForSxS
BasepFreeActivationContextActivationBlock
BasepFreeAppCompatData
BasepGetAppCompatData
BasepGetComputerNameFromNtPath
BasepGetExeArchType
BasepGetPackageActivationTokenForSxS
BasepInitAppCompatData
BasepIsProcessAllowed
BasepMapModuleHandle
BasepNotifyLoadStringResource
BasepPostSuccessAppXExtension
BasepProcessInvalidImage
BasepQueryAppCompat
BasepQueryModuleChpeSettings
BasepReleaseAppXContext
BasepReleaseSxsCreateProcessUtilityStruct
BasepReportFault
BasepSetFileEncryptionCompression
Beep
BeginUpdateResourceA
BeginUpdateResourceW
BindIoCompletionCallback
BuildCommDCBA
BuildCommDCBAndTimeoutsA
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallNamedPipeA
CallNamedPipeW
CallbackMayRunLong
CancelDeviceWakeupRequest
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelTimerQueueTimer
CancelWaitableTimer
CeipIsOptedIn
ChangeTimerQueueTimer
CheckAllowDecryptedRemoteDestinationPolicy
CheckElevation
CheckElevationEnabled
CheckForReadOnlyResource
CheckForReadOnlyResourceFilter
CheckIsMSIXPackage
CheckNameLegalDOS8Dot3A
CheckNameLegalDOS8Dot3W
CheckRemoteDebuggerPresent
CheckTokenCapability
CheckTokenMembershipEx
ClearCommBreak
ClearCommError
CloseConsoleHandle
CloseHandle
ClosePackageInfo
ClosePrivateNamespace
CloseProfileUserMapping
ClosePseudoConsole
CloseState
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CmdBatNotification
CommConfigDialogA
CommConfigDialogW
CompareCalendarDates
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ConsoleMenuControl
ContinueDebugEvent
ConvertCalDateTimeToSystemTime
ConvertDefaultLocale
ConvertFiberToThread
ConvertNLSDayOfWeekToWin32DayOfWeek
ConvertSystemTimeToCalDateTime
ConvertThreadToFiber
ConvertThreadToFiberEx
CopyContext
CopyFile2
CopyFileA
CopyFileExA
CopyFileExW
CopyFileTransactedA
CopyFileTransactedW
CopyFileW
CopyLZFile
CreateActCtxA
CreateActCtxW
CreateActCtxWWorker
CreateBoundaryDescriptorA
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExA
CreateDirectoryExW
CreateDirectoryTransactedA
CreateDirectoryTransactedW
CreateDirectoryW
CreateEnclave
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFiber
CreateFiberEx
CreateFile2
CreateFileA
CreateFileMappingA
CreateFileMappingFromApp
CreateFileMappingNumaA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileTransactedA
CreateFileTransactedW
CreateFileW
CreateHardLinkA
CreateHardLinkTransactedA
CreateHardLinkTransactedW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectA
CreateJobObjectW
CreateJobSet
CreateMailslotA
CreateMailslotW
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeA
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceA
CreatePrivateNamespaceW
CreateProcessA
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessInternalA
CreateProcessInternalW
CreateProcessW
CreatePseudoConsole
CreateRemoteThread
CreateRemoteThreadEx
CreateSemaphoreA
CreateSemaphoreExA
CreateSemaphoreExW
CreateSemaphoreW
CreateSymbolicLinkA
CreateSymbolicLinkTransactedA
CreateSymbolicLinkTransactedW
CreateSymbolicLinkW
CreateTapePartition
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
CreateUmsCompletionList
CreateUmsThreadContext
CreateWaitableTimerA
CreateWaitableTimerExA
CreateWaitableTimerExW
CreateWaitableTimerW
CtrlRoutine
DeactivateActCtx
DeactivateActCtxWorker
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DebugBreakProcess
DebugSetProcessKillOnExit
DecodePointer
DecodeSystemPointer
DefineDosDeviceA
DefineDosDeviceW
DelayLoadFailureHook
DeleteAtom
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileTransactedA
DeleteFileTransactedW
DeleteFileW
DeleteProcThreadAttributeList
DeleteSynchronizationBarrier
DeleteTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteUmsCompletionList
DeleteUmsThreadContext
DeleteVolumeMountPointA
DeleteVolumeMountPointW
DequeueUmsCompletionListItems
DeviceIoControl
DisableThreadLibraryCalls
DisableThreadProfiling
DisassociateCurrentThreadFromCallback
DiscardVirtualMemory
DisconnectNamedPipe
DnsHostnameToComputerNameA
DnsHostnameToComputerNameExW
DnsHostnameToComputerNameW
DosDateTimeToFileTime
DosPathToSessionPathA
DosPathToSessionPathW
DuplicateConsoleHandle
DuplicateEncryptionInfoFileExt
DuplicateHandle
EnableThreadProfiling
EncodePointer
EncodeSystemPointer
EndUpdateResourceA
EndUpdateResourceW
EnterCriticalSection
EnterSynchronizationBarrier
EnterUmsSchedulingMode
EnumCalendarInfoA
EnumCalendarInfoExA
EnumCalendarInfoExEx
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsA
EnumDateFormatsExA
EnumDateFormatsExEx
EnumDateFormatsExW
EnumDateFormatsW
EnumLanguageGroupLocalesA
EnumLanguageGroupLocalesW
EnumResourceLanguagesA
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceLanguagesW
EnumResourceNamesA
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceNamesW
EnumResourceTypesA
EnumResourceTypesExA
EnumResourceTypesExW
EnumResourceTypesW
EnumSystemCodePagesA
EnumSystemCodePagesW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemGeoNames
EnumSystemLanguageGroupsA
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumTimeFormatsA
EnumTimeFormatsEx
EnumTimeFormatsW
EnumUILanguagesA
EnumUILanguagesW
EnumerateLocalComputerNamesA
EnumerateLocalComputerNamesW
EraseTape
EscapeCommFunction
ExecuteUmsThread
ExitProcess
ExitThread
ExitVDM
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExpungeConsoleCommandHistoryA
ExpungeConsoleCommandHistoryW
FatalAppExitA
FatalAppExitW
FatalExit
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindActCtxSectionGuid
FindActCtxSectionGuidWorker
FindActCtxSectionStringA
FindActCtxSectionStringW
FindActCtxSectionStringWWorker
FindAtomA
FindAtomW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileNameTransactedW
FindFirstFileNameW
FindFirstFileTransactedA
FindFirstFileTransactedW
FindFirstFileW
FindFirstStreamTransactedW
FindFirstStreamW
FindFirstVolumeA
FindFirstVolumeMountPointA
FindFirstVolumeMountPointW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileNameW
FindNextFileW
FindNextStreamW
FindNextVolumeA
FindNextVolumeMountPointA
FindNextVolumeMountPointW
FindNextVolumeW
FindPackagesByPackageFamily
FindResourceA
FindResourceExA
FindResourceExW
FindResourceW
FindStringOrdinal
FindVolumeClose
FindVolumeMountPointClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringA
FoldStringW
FormatApplicationUserModelId
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeMemoryJobObject
FreeResource
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GetACP
GetActiveProcessorCount
GetActiveProcessorGroupCount
GetAppContainerAce
GetAppContainerNamedObjectPath
GetApplicationRecoveryCallback
GetApplicationRecoveryCallbackWorker
GetApplicationRestartSettings
GetApplicationRestartSettingsWorker
GetApplicationUserModelId
GetAtomNameA
GetAtomNameW
GetBinaryType
GetBinaryTypeA
GetBinaryTypeW
GetCPInfo
GetCPInfoExA
GetCPInfoExW
GetCachedSigningLevel
GetCalendarDateFormat
GetCalendarDateFormatEx
GetCalendarDaysInMonth
GetCalendarDifferenceInDays
GetCalendarInfoA
GetCalendarInfoEx
GetCalendarInfoW
GetCalendarMonthsInYear
GetCalendarSupportedDateRange
GetCalendarWeekNumber
GetComPlusPackageInstallStatus
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeTransactedA
GetCompressedFileSizeTransactedW
GetCompressedFileSizeW
GetComputerNameA
GetComputerNameExA
GetComputerNameExW
GetComputerNameW
GetConsoleAliasA
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
GetConsoleAliasW
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP

Sections

.text
Size: 507KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kdnet/ngccredprov.dll
.dll windows:10 windows x64 arch:x64

991296ebc87d927e456b677ae4022ab5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ngccredprov.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__configure_narrow_argv
_o__wcsicmp
memmove
_o_free
_o_iswascii
_o_iswcntrl
_o_iswdigit
_o_iswlower
_o_iswprint
_o_iswpunct
_o_iswspace
_o_iswupper
_o_malloc
_o_terminate
_o_wcsncpy_s
_o_wmemcpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
wcschr
wcsstr
__std_terminate
__CxxFrameHandler4
memcmp
_o__wcserror
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
memset
wcsnlen

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LockResource
LoadResource
FindResourceExW
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
LoadStringW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseMutex
InitializeSRWLock
TryAcquireSRWLockExclusive
CreateMutexExW
WaitForSingleObject
CreateEventW
ResetEvent
ReleaseSRWLockExclusive
SetEvent
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
GetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-com-l1-1-0

CoGetMalloc
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
IsValidSid
EqualSid
GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l2-1-0

QueryOptionalDelayLoadedAPI

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegLoadKeyW
RegDeleteValueW
RegEnumKeyExW
RegFlushKey
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegOpenCurrentUser
RegUnLoadKeyW
RegDeleteTreeW

rpcrt4

UuidIsNil
UuidFromStringW
UuidCreate
RpcStringFreeW
UuidToStringW
RpcBindingFree
RpcBindingBind
RpcBindingCreateW
NdrClientCall3
RpcExceptionFilter

api-ms-win-security-lsapolicy-l1-1-0

LsaClose
LsaLookupSids2
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy

ntdll

RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlInitString
RtlIsMultiUsersInSessionSku
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
RtlNtStatusToDosErrorNoTeb
RtlIsMultiSessionSku
RtlNtStatusToDosError
RtlGetPersistedStateLocation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?do_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z
?do_unshift@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?do_out@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?do_encoding@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_max_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_always_noconv@?$codecvt@GDU_Mbstatet@@@std@@MEBA_NXZ
?_Incref@facet@locale@std@@UEAAXXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?do_in@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z

api-ms-win-core-string-l1-1-0

CompareStringEx

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-credentials-l1-1-0

CredIsMarshaledCredentialW
CredFree
CredUnmarshalCredentialW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW
LookupAccountNameLocalW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ucrtbase/SessEnv.dll
.dll windows:10 windows x64 arch:x64

c252150e2ab272715077e6f59b74980d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SessEnv.pdb

Imports

msvcrt

memset
_CxxThrowException
?what@exception@@UEBAPEBDXZ
strcmp
_onexit
memcpy
memmove
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
wcscat_s
??1exception@@UEAA@XZ
wcschr
??_V@YAXPEAX@Z
memmove_s
_wtol
??0exception@@QEAA@AEBV0@@Z
_wcsicmp
swprintf_s
memcpy_s
_vsnprintf
_vsnwprintf
memcmp
toupper
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
__dllonexit
_unlock
_wcsnicmp
wcsrchr
wcsncmp
iswalpha
_lock
__CxxFrameHandler3
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_purecall
??3@YAXPEAX@Z
wcscpy_s
wcscmp

ntdll

NtQueryInformationProcess
NtDuplicateToken
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
RtlCaptureContext
WinSqmSetDWORD
WinSqmStartSession
WinSqmAddToStream
WinSqmEndSession
WinSqmIsOptedIn
RtlGetActiveConsoleId
EtwEventWriteFull
EtwEventRegister
EtwEventUnregister
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlQueryEnvironmentVariable_U
RtlInitUnicodeStringEx
RtlInitializeGenericTable
RtlDeleteElementGenericTable
RtlEnumerateGenericTable
RtlAllocateAndInitializeSid
RtlAcquireResourceExclusive
RtlReleaseResource
RtlAcquireResourceShared
DbgPrint
RtlEqualSid
VerSetConditionMask
RtlFreeSid
RtlLookupFunctionEntry
RtlInitializeResource
RtlVerifyVersionInfo
RtlCaptureStackBackTrace
RtlDeleteResource
NtQuerySystemInformation
RtlVirtualUnwind
RtlLengthSid

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadStringW
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetModuleFileNameA

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSemaphore
EnterCriticalSection
CreateEventW
SetEvent
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
WaitForSingleObject
OpenSemaphoreW
CreateMutexExW
WaitForMultipleObjectsEx
WaitForSingleObjectEx
ResetEvent
ReleaseMutex

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegUnLoadKeyW
RegCreateKeyExW
RegLoadKeyW
RegDeleteTreeW
RegQueryValueExW
RegOpenKeyExW
RegOpenCurrentUser

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventActivityIdControl
EventSetInformation
EventUnregister
EventProviderEnabled

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
GetThreadId
TerminateThread
ProcessIdToSessionId
GetCurrentThreadId
CreateThread
GetCurrentThread
OpenProcessToken
OpenThreadToken
GetCurrentProcess
TerminateProcess
CreateProcessW
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetComputerNameExW
GetVersionExW
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer

sysntfy

SysNotifyStartServer
SysNotifyStopServer

dismapi

DismDisableFeature
DismOpenSession
DismEnableFeature
DismShutdown
DismInitialize

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstanceEx
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CoCreateGuid
CoInitializeEx
CoWaitForMultipleHandles
CoSetProxyBlanket
CoTaskMemFree

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-security-base-l1-1-0

GetFileSecurityW
CopySid
GetAce
EqualSid
CheckTokenMembership
GetAclInformation
FreeSid
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
DuplicateToken
GetSecurityDescriptorLength
SetSecurityDescriptorControl
InitializeSecurityDescriptor
IsValidSid
DeleteAce
GetSecurityDescriptorControl
CreateWellKnownSid
AllocateAndInitializeSid
GetLengthSid
RevertToSelf
GetTokenInformation
ImpersonateLoggedOnUser
SetTokenInformation
SetFileSecurityW
AdjustTokenPrivileges
DuplicateTokenEx
MakeAbsoluteSD

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-localization-l1-2-0

FormatMessageW

rpcrt4

RpcBindingCopy
RpcBindingUnbind
Ndr64AsyncClientCall
UuidCreate
I_RpcBindingInqLocalClientPID
I_RpcExceptionFilter
UuidToStringW
RpcStringFreeW
NdrServerCall2
NdrServerCallAll
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcAsyncCompleteCall
RpcBindingBind
RpcBindingCreateW
UuidFromStringW
RpcAsyncInitializeHandle
RpcBindingVectorFree
RpcEpRegisterW
RpcServerInqBindings
RpcServerUseProtseqExW
RpcBindingFree
RpcBindingInqAuthClientW
RpcBindingServerFromClient
RpcServerUnregisterIfEx
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcServerInqCallAttributesW
RpcGetAuthorizationContextForClient
RpcFreeAuthorizationContext
RpcImpersonateClient
RpcRevertToSelf

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetFileSizeEx
ReadFile
SetFileAttributesW
DeleteVolumeMountPointW
CreateFileW
FindNextVolumeW
GetFileTime
WriteFile
FindClose
FindFirstVolumeW
RemoveDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
FileTimeToLocalFileTime
SetFilePointer
CompareFileTime
CreateDirectoryW
FindVolumeClose

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

MoveFileWithProgressW
GetFileInformationByHandleEx
CopyFileExW
CreateSymbolicLinkW

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

samcli

NetLocalGroupDelMembers
NetLocalGroupAddMembers
NetUserGetInfo

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-security-credentials-l1-1-0

CredUnprotectW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrToIntExW

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
MoveFileW
GetComputerNameW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW
SetVolumeMountPointW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

scecli

SceSetupSystemByInfName

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-security-lsapolicy-l1-1-0

LsaFreeMemory

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
ReportEventW
RegisterEventSourceW

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ucrtbase/twinui.appcore.dll
.dll windows:10 windows x64 arch:x64

b1df93fdba8772075c2fa0f0b3a4490e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

twinui.appcore.pdb

Imports

msvcrt

?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
toupper
wcschr
wcsrchr
wcscspn
_get_errno
memmove
_set_errno
memcmp
??1type_info@@UEAA@XZ
memcpy
_onexit
__dllonexit
_unlock
_CxxThrowException
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
?terminate@@YAXXZ
__CxxFrameHandler3
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
realloc
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LockResource
LoadStringW
DisableThreadLibraryCalls
LoadResource
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
GetModuleFileNameA
FindResourceExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-synch-l1-1-0

ReleaseMutex
InitializeCriticalSection
SetEvent
ReleaseSemaphore
InitializeCriticalSectionEx
CreateMutexW
CreateEventW
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjectsEx
AcquireSRWLockShared
CreateMutexExW
DeleteCriticalSection
CreateSemaphoreExW
CreateEventExW
WaitForSingleObject
InitializeSRWLock
ReleaseSRWLockShared
OpenSemaphoreW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsGetStringLen
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsIsStringEmpty
WindowsCompareStringOrdinal
WindowsSubstringWithSpecifiedLength

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventProviderEnabled
EventUnregister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-processthreads-l1-1-0

GetProcessId
TerminateProcess
GetCurrentThread
OpenThreadToken
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLCID
LocaleNameToLCID
ResolveLocaleName
GetSystemPreferredUILanguages
FindNLSString
FormatMessageW
LCMapStringW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegGetValueW
RegOpenCurrentUser
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf

rpcrt4

UuidCreate

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
SetThreadpoolTimer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrStrIW
StrCmpLogicalW
StrChrW
StrTrimW
StrCmpICW
StrCmpCW
StrCmpNICW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

ntdll

RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtQueryInformationToken
_vsnprintf
RtlInitUnicodeString
strncpy_s
strchr
sprintf_s
_errno
strtol
memmove_s
_wcsicmp
RtlQueryResourcePolicy
RtlNtStatusToDosError
ZwQueryWnfStateData
EtwTraceMessage
RtlFreeHeap

combase

ord140
ord157
ord90
ord147

shcore

IStream_Write
ord142

windows.storage

ord942

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-shlwapi-legacy-l1-1-0

PathMatchSpecExW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 427KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ucrtbase/ucrtbase.dll
.dll windows:10 windows x64 arch:x64

405cde0fc80c30dcc3d783173dbd4143

Code Sign

33:00:00:02:b0:2e:6a:e9:62:cc:9e:88:c2:00:00:00:00:02:b0
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2020, 19:16

Not After

23/09/2021, 19:16

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:25:37:d0:1e:eb:42:bb:b0:f3:57:f4:e9:d3:6e:e2:d7:eb:31:2d:99:eb:ba:3e:5d:3f:46:81:be:4e:91:e1
Signer

Actual PE Digest

3f:25:37:d0:1e:eb:42:bb:b0:f3:57:f4:e9:d3:6e:e2:d7:eb:31:2d:99:eb:ba:3e:5d:3f:46:81:be:4e:91:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ucrtbase.pdb

Imports

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
SetErrorMode
GetLastError

api-ms-win-core-heap-l1-1-0

HeapWalk
HeapValidate
HeapFree
HeapCompact
HeapReAlloc
HeapQueryInformation
GetProcessHeap
HeapAlloc
HeapSize

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
TlsAlloc
GetCurrentThread
TlsGetValue
GetCurrentThreadId
CreateProcessW
TlsSetValue
ExitProcess
ExitThread
CreateThread
TlsFree
GetExitCodeProcess
ResumeThread
TerminateProcess

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
LoadLibraryExW
GetModuleHandleExW
FreeLibraryAndExitThread
GetModuleHandleW
GetProcAddress
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SetStdHandle
GetCommandLineA
GetCurrentDirectoryW
GetStdHandle
SetEnvironmentVariableW
GetEnvironmentStringsW
SetCurrentDirectoryW
FreeEnvironmentStringsW

api-ms-win-core-file-l1-1-0

ReadFile
GetFileSizeEx
GetFileType
SetFilePointerEx
CreateFileW
FindClose
FindNextFileW
FindFirstFileExW
GetFileInformationByHandle
GetFullPathNameW
GetDriveTypeW
GetFileAttributesExW
GetDiskFreeSpaceW
GetLogicalDrives
SetFileAttributesW
SetFileTime
CreateDirectoryW
LockFileEx
UnlockFileEx
FlushFileBuffers
SetEndOfFile
DeleteFileW
WriteFile
RemoveDirectoryW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-localization-l1-2-0

GetOEMCP
EnumSystemLocalesW
IsValidCodePage
GetACP
GetCPInfo
IsValidLocale
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

SetLocalTime
GetSystemTimeAsFileTime
GetLocalTime
GetSystemInfo

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-console-l1-1-0

PeekConsoleInputA
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
WriteConsoleW
GetConsoleOutputCP
GetNumberOfConsoleInputEvents
ReadConsoleW
ReadConsoleInputW
SetConsoleMode

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe
CreatePipe

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
VirtualProtect

api-ms-win-core-util-l1-1-0

Beep
EncodePointer

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList

Exports

Exports

_Cbuild
_Cmulcc
_Cmulcr
_CreateFrameInfo
_CxxThrowException
_Exit
_FCbuild
_FCmulcc
_FCmulcr
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_Getdays
_Getmonths
_Gettnames
_IsExceptionObjectToBeDestroyed
_LCbuild
_LCmulcc
_LCmulcr
_SetImageBase
_SetThrowImageBase
_SetWinRTOutOfMemoryExceptionCallback
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxFrameHandler4
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__acrt_iob_func
__conio_common_vcprintf
__conio_common_vcprintf_p
__conio_common_vcprintf_s
__conio_common_vcscanf
__conio_common_vcwprintf
__conio_common_vcwprintf_p
__conio_common_vcwprintf_s
__conio_common_vcwscanf
__current_exception
__current_exception_context
__daylight
__dcrt_get_wide_environment_from_os
__dcrt_initial_narrow_environment
__doserrno
__dstbias
__fpe_flt_rounds
__fpecode
__initialize_lconv_for_unsigned_char
__intrinsic_setjmp
__intrinsic_setjmpex
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__p___argc
__p___argv
__p___wargv
__p__acmdln
__p__commode
__p__environ
__p__fmode
__p__mbcasemap
__p__mbctype
__p__pgmptr
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__processing_throw
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__setusermatherr
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__strncnt
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__wcserror
__wcserror_s
__wcsncnt
_abs64
_access
_access_s
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_base
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_configthreadlocale
_configure_narrow_argv
_configure_wide_argv
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cputs
_cputws
_creat
_create_locale
_crt_at_quick_exit
_crt_atexit
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_d_int
_dclass
_dexp
_difftime32
_difftime64
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_endthread
_endthreadex
_eof
_errno
_except1
_execl
_execle
_execlp
_execlpe
_execute_onexit_table
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_finitef
_flushall
_fpclass
_fpclassf
_fpieee_flt
_fpreset
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_base
_free_locale
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_fullpath
_futime32
_futime64
_fwrite_nolock
_gcvt
_gcvt_s
_get_FMA3_enable
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_initial_narrow_environment
_get_initial_wide_environment
_get_invalid_parameter_handler
_get_narrow_winmain_command_line
_get_osfhandle
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_stream_buffer_pointers
_get_terminate
_get_thread_local_invalid_parameter_handler
_get_timezone
_get_tzname
_get_unexpected
_get_wide_winmain_command_line
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwc_nolock
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapchk
_heapmin
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_is_exception_typeof
_isalnum_l
_isalpha_l
_isatty
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail
_ismbstrail_l
_isnan
_isnanf
_isprint_l
_ispunct_l
_isspace_l
_isupper_l
_iswalnum_l
_iswalpha_l
_iswblank_l
_iswcntrl_l
_iswcsym_l
_iswcsymf_l
_iswctype_l
_iswdigit_l
_iswgraph_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_isxdigit_l
_itoa
_itoa_s
_itow
_itow_s
_j0
_j1
_jn
_kbhit
_ld_int
_ldclass
_ldexp
_ldlog
_ldpcomp
_ldpoly
_ldscale
_ldsign
_ldsin
_ldtest
_ldunscale
_lfind
_lfind_s
_loaddll
_local_unwind

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vbsapi/Windows.Media.Streaming.dll
.dll windows:10 windows x64 arch:x64

aa6331e18dc86e4a12d7f6a1740bea26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Media.Streaming.pdb

Imports

msvcrt

_ui64tow_s
_ltow_s
swprintf_s
_wcsnicmp
_ultow_s
_wcstoui64
wcstoul
wcsncmp
_wsplitpath_s
_vsnwprintf
_snwscanf_s
realloc
towupper
iswalpha
iswdigit
memmove_s
wcschr
wcspbrk
wcsstr
memcpy_s
_wtol
_strcmpi
qsort
strncpy_s
strnlen
_callnewh
?terminate@@YAXXZ
memset
_onexit
__dllonexit
_unlock
_lock
_wcsicmp
__CxxFrameHandler3
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
_purecall
floor
memcmp
memcpy
wcscmp

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionEx
ResetEvent
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CreateEventW
CreateMutexExW
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared
SetEvent
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
CreateEventExW
InitializeCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
CreateSemaphoreExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
GetModuleHandleW
GetProcAddress
FreeLibrary
FreeLibraryAndExitThread
FindStringOrdinal
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetThreadPriority
TerminateProcess
GetCurrentProcess
CreateThread
OpenProcessToken
TlsGetValue
OpenThreadToken
GetCurrentThread
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcessId
ResumeThread

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

IsThreadpoolTimerSet
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
CallbackMayRunLong
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
PowerSetRequest
PowerClearRequest

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

CreateFileW
GetFullPathNameW
SetFilePointerEx
SetEndOfFile
GetFileInformationByHandle
DeleteFileW
WriteFile
GetFinalPathNameByHandleW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef
GetProcessReference
SHSetThreadRef
SetProcessReference

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-localization-l1-2-0

FormatMessageW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 839KB - Virtual size: 839KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vbsapi/vbsapi.dll
.dll windows:10 windows x64 arch:x64

157b9a66d1e31bf95f8b1a6d3b16df8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

VbsApi.pdb

Imports

msvcrt

??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
_CxxThrowException
memcpy
memmove
_callnewh
malloc
wcsncmp
_XcptFilter
_amsg_exit
free
_initterm
_lock
_unlock
wcsrchr
_wcsnicmp
__dllonexit
__CxxFrameHandler3
_stricmp
_purecall
??3@YAXPEAX@Z
_onexit
_wcsicmp
??1type_info@@UEAA@XZ
memcmp
_vsnwprintf
wcschr
toupper
strncmp
__C_specific_handler
memset

ntdll

RtlGetVersion
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
RtlUpcaseUnicodeString
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlDosPathNameToNtPathName_U_WithStatus
ZwCreateFile
ZwQueryInformationFile
RtlFreeUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwEnumerateKey
ZwClose
RtlFormatCurrentUserKeyPath
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
LdrResSearchResource
VerSetConditionMask
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
ZwOpenKey
ZwQueryValueKey
RtlInitUnicodeStringEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDoesFileExists_U
RtlImageNtHeaderEx
NtQuerySystemEnvironmentValueEx
RtlInitUnicodeString
NtQuerySystemInformation
ZwQuerySystemInformation

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetSystemFirmwareTable

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
TerminateProcess
GetCurrentProcessId
CreateThread
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-file-l1-1-0

FindClose
FindNextFileW
GetFileSizeEx
FindFirstFileW
CreateFileW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObject
CreateMutexW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

HvciGetConfig
HvciGetConfigFromVBSKey
HvciIncompatibilityScanCancel
HvciIncompatibilityScanFree
HvciIncompatibilityScanGetResult
HvciIncompatibilityScanInitialize
HvciIncompatibilityScanOverrideDriverCompatDatabase
HvciIncompatibilityScanOverrideServicesKey
HvciIncompatibilityScanStart
HvciIsActive
VbsGetIssues
VbsIsCapable
VbsIsRecommended
VbsIsScenarioEnabled
VbsSetScenarioEnable
VbsSetScenarioEnableToVBSKey

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64_x32_installer__v4.0.4.msi
.msi

Sharing

General

Malware Config

Signatures

Files

7e80c7b4f275c9ea605678d912adb2c4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-power-setting-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

oleaut32

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-timezone-l1-1-0

rpcrt4

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

ntdll

combase

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 841KB - Virtual size: 840KB

RT_CODE Size: 2KB - Virtual size: 2KB

.rdata Size: 347KB - Virtual size: 346KB

.data Size: 14KB - Virtual size: 17KB

.pdata Size: 40KB - Virtual size: 39KB

.didat Size: 512B - Virtual size: 104B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 5KB - Virtual size: 5KB

ee8dd9c021c5e38224032b7f773aec78

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

rpcrt4

api-ms-win-security-base-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

.text
Size: 841KB - Virtual size: 840KB

RT_CODE
Size: 2KB - Virtual size: 2KB

.rdata
Size: 347KB - Virtual size: 346KB

.data
Size: 14KB - Virtual size: 17KB

.pdata
Size: 40KB - Virtual size: 39KB

.didat
Size: 512B - Virtual size: 104B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 198KB - Virtual size: 197KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 392B

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 1024B - Virtual size: 836B