MALWARE[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MALWARE.zip
Size

36.2MB
MD5

2ca3f1a63cb9724c3d725760fb4b1c1e
SHA1

169e5219b44ca6b2e981978a7ab3180aac382921
SHA256

152f341b52987811a442f1679e78d5244c3bcfc147aaf6a7503f2b9ed9327842
SHA512

0661e54a5be0ca92febd994582b4f85716ceb359ac6d4a5cee41483efdac12269e4a30c747b76141c6a527b406a74f56243df9f7e7c4b73451b27ded5077aae9
SSDEEP

786432:Epz3brQezVfGddLGUn/7kCdAMS8SE7+Hdbalx9FKKrLRCkr6PPzs/3Df:Epzbkd7Az8vDKKJ/2PA/3Df

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AppResolver/CaptureService.dll
unpack001/AppResolver/Windows.UI.FileExplorer.dll
unpack001/AppResolver/aadjcsp.dll
unpack001/SettingsHandlers_Region/Microsoft.Uev.ModernAppAgent.dll
unpack001/SettingsHandlers_Region/SettingsHandlers_Region.dll
unpack001/SettingsHandlers_Region/hnetmon.dll
unpack001/SettingsHandlers_Region/nsisvc.dll
unpack001/idndl/MTFFuzzyDS.dll
unpack001/idndl/fontext.dll
unpack001/idndl/loghours.dll
unpack001/vmrdvcore/VideoHandlers.dll
unpack001/vmrdvcore/vmrdvcore.dll
unpack001/vmrdvcore/wkssvc.dll
unpack001/win32spl/WiFiDisplay.dll
unpack001/win32spl/win32spl.dll

Files

MALWARE.zip
.zip
AppResolver/AppResolver.dll
.dll windows:10 windows x64 arch:x64

0e436b03a9170a850ade7a48204599a3

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:a5:d2:e2:b6:11:6e:26:00:33:af:bf:01:10:f8:87:22:4e:eb:79:ad:95:a0:fc:f5:95:6e:56:48:d7:5a:65
Signer

Actual PE Digest

6c:a5:d2:e2:b6:11:6e:26:00:33:af:bf:01:10:f8:87:22:4e:eb:79:ad:95:a0:fc:f5:95:6e:56:48:d7:5a:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppResolver.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__wcstoui64
memmove
_o__wtoi
_o_free
_o_malloc
_o_towupper
__C_specific_handler
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
wcschr
wcsrchr
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsspn

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsCreateString

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
OpenSemaphoreW
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
InitializeCriticalSectionEx
CreateEventExW
SetEvent
WaitForSingleObject
InitializeCriticalSection
ResetEvent
ReleaseMutex
CreateEventW
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenEventW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapReAlloc
HeapAlloc

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetProcessTimes
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
OpenProcessToken
GetCurrentThread
GetCurrentProcess
TerminateProcess
OpenThreadToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-shell-namespace-l1-1-0

ILClone
SHCreateItemWithParent
ILCloneFirst
SHBindToParent
ILFindLastID
SHCreateItemFromIDList
ILFree
SHCreateItemFromParsingName
SHBindToFolderIDListParentEx
ILIsParent
ILIsEqual
SHParseDisplayName
ILCombine
ILGetSize
SHGetIDListFromObject
SHBindToObject

bcp47langs

GetUserLanguages

shcore

IStream_Read
IUnknown_QueryService
SHTaskPoolQueueTask
GetScaleFactorForDevice
ord109
IStream_Size
SHSetValueW
SHGetValueW
ord123
ord170
SHAnsiToUnicode
ord145
ord193
ord190
ord188
SHQueryValueExW
SHTaskPoolGetUniqueContext
ord213
IUnknown_GetSite
IUnknown_Set
ord192
SHStrDupW
ord130
ord122

windows.storage

SHGetDesktopFolder
ord942
SHGetKnownFolderPath

gdi32

GetObjectW
CreateDIBSection
CreateCompatibleDC
StretchDIBits
GdiAlphaBlend
DeleteDC
DeleteObject
SelectObject

ntdll

NtQueryInformationProcess
RtlNtStatusToDosError
RtlPublishWnfStateData
RtlFreeHeap
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlReleaseSRWLockExclusive
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationToken
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlAcquireSRWLockExclusive
RtlAllocateHeap

ole32

CoAllowSetForegroundWindow
CoInitializeEx
CoUninitialize
PropVariantClear
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoGetMalloc
CoWaitForMultipleHandles
CoGetCallContext
StringFromGUID2
CoCreateFreeThreadedMarshaler
CoCreateGuid
RoGetAgileReference
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CreateBindCtx
ReleaseStgMedium

shlwapi

StrDupW
StrCmpW
PathRemoveFileSpecW
AssocCreate
PathGetDriveNumberW
PathIsUNCW
PathIsRelativeW
PathIsURLW
ord487
ord219
PathCommonPrefixW
PathFindExtensionW
PathIsPrefixW
PathUnquoteSpacesW
ord156
PathRemoveBlanksW
PathGetArgsW
StrStrIW
PathParseIconLocationW
ord158
ord157
PathFindFileNameW
PathIsFileSpecW
ord154
PathFileExistsW
StrChrW
SHStrDupA
ord217
ord174
ord24
ord236
ord460
PathRemoveExtensionW
ord172

slc

SLGetWindowsInformationDWORD

user32

MonitorFromPoint
PostMessageW
FindWindowW
SetWindowLongPtrW
DefWindowProcW
GetWindowLongPtrW
SendNotifyMessageW
SetTimer
DestroyWindow
KillTimer
SetWindowTextW
InsertMenuW
CreatePopupMenu
LoadStringA
CharUpperBuffW
GetWindowThreadProcessId
CopyImage
GetSysColor
SystemParametersInfoW
CreateIconIndirect
DestroyIcon
ReleaseDC
GetDC
LoadStringW
DestroyMenu
GetMenuDefaultItem
RegisterClipboardFormatW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-localization-l1-2-0

GetThreadPreferredUILanguages
GetUserDefaultLCID
FormatMessageW
GetUserGeoID

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchFindExtension
PathCchCombine
PathCchAppend
PathCchRemoveExtension
PathAllocCombine
PathCchRemoveFileSpec

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetLongPathNameW
CompareFileTime
DeleteFileW
GetFileSizeEx
CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
ReadProcessMemory
UnmapViewOfFile

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW

userenv

GetProfileType

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-security-base-l1-1-0

GetFileSecurityW
GetSecurityDescriptorSacl
GetAce
GetSidSubAuthority
GetTokenInformation
DuplicateTokenEx

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName
OpenPackageInfoByFullName
GetPackageInfo
ClosePackageInfo

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppResolver/CaptureService.dll
.dll windows:10 windows x64 arch:x64

602844247931d42e1fd8895d53bc7a53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CaptureService.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o___stdio_common_vswprintf
memmove
_o_ceil
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
_o__cexit
_CxxThrowException
_o__callnewh
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
_o__crt_atexit
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoAddRefServerProcess
CoReleaseServerProcess
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoRegisterClassObject
CoDisconnectContext
CoCreateInstance
CoResumeClassObjects
CoDecrementMTAUsage
CoReleaseMarshalData
CoGetCallContext
CoInitializeSecurity
CoRevokeClassObject
CreateStreamOnHGlobal
CoWaitForMultipleHandles
CoMarshalInterface

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
CreateEventW
SetEvent
AcquireSRWLockShared
CreateEventExW
ReleaseSRWLockShared
CreateMutexExW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
OpenProcessToken
GetCurrentProcessId
GetProcessId
TerminateProcess

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoUninitialize
RoRevokeActivationFactories
RoGetActivationFactory
RoInitialize

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
RoOriginateErrorW
GetRestrictedErrorInfo
SetRestrictedErrorInfo

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW
RegCloseKey

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-security-base-l1-1-0

GetTokenInformation
MakeAbsoluteSD
GetSidSubAuthorityCount
GetSidSubAuthority

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

dcomp

DCompositionCreateDevice

policymanager

PolicyManager_GetPolicyInt

combase

ord67
ord69
ord68
ord66

Exports

Exports

ServiceMain

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppResolver/Windows.UI.FileExplorer.dll
.dll windows:10 windows x64 arch:x64

976f837abd707819a5be58be89a64d37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

windows.ui.fileexplorer.pdb

Imports

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_toupper
__CxxFrameHandler4
__std_terminate
memcmp
memcpy
memmove
_o__crt_atexit
_o___stdio_common_vswprintf
_o__execute_onexit_table
_o__errno
_o___stdio_common_vsprintf_s
_o__configure_narrow_argv
_o___stdio_common_vsnprintf_s
_o__cexit
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
__CxxFrameHandler3
__C_specific_handler

api-ms-win-crt-string-l1-1-0

wcslen
memset
wcsncmp
strlen

api-ms-win-crt-math-l1-1-0

ceilf

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

msvcp_win

_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoGetObjectContext
StringFromGUID2
CoTaskMemAlloc
CoIncrementMTAUsage
CoCreateInstance
PropVariantClear

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-url-l1-1-0

PathIsURLW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventProviderEnabled
EventUnregister
EventRegister

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
CreateMutexExW
ReleaseSRWLockExclusive
OpenSemaphoreW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

rpcrt4

UuidCreate

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetProcAddress
FindStringOrdinal

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW
RegQueryInfoKeyW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

oleaut32

SysStringLen
VariantInit
SysAllocString
SysFreeString

api-ms-win-core-file-l1-1-0

GetFullPathNameW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPushEntrySList

propsys

PropVariantToUInt32

shlwapi

ord176
PathIsUNCW

shell32

SHParseDisplayName
ord850
SHCreateItemFromParsingName
ord68

oleacc

CreateStdAccessibleObject
LresultFromObject

comctl32

ord410
ord412
ord413

shcore

ord142
ord190

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

ntdll

RtlNtStatusToDosError
RtlQueryWnfStateData

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoTransformError
RoFailFastWithErrorContext
GetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-core-winrt-string-l1-1-0

WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsDeleteString
WindowsCreateString
WindowsDeleteStringBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-com-l1-1-1

RoGetAgileReference

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppResolver/aadjcsp.dll
.dll windows:10 windows x64 arch:x64

f21820724f17b824298b4c5044c69c3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AADJCSP.pdb

Imports

msvcp110_win

?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcrt

memmove
memcpy
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
memmove_s
memcmp
memset
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_CxxThrowException
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
_wcsicmp
toupper
__CxxFrameHandler3
_vsnprintf_s

aadtb

AADTBAcquireTokenEx
AADTBFreeString

dsreg

DsrIsDeviceJoined

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ResetEvent
OpenSemaphoreW
CreateMutexExW
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseMutex
WaitForSingleObject
DeleteCriticalSection
ReleaseSRWLockExclusive
CreateEventA
EnterCriticalSection
ReleaseSRWLockShared
ReleaseSemaphore
AcquireSRWLockExclusive
SetEvent
LeaveCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventActivityIdControl
EventRegister
EventProviderEnabled

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

wkscli

NetGetJoinInformation

iphlpapi

CancelMibChangeNotify2
NotifyNetworkConnectivityHintChange
GetNetworkConnectivityHint

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoGetMalloc
CoCreateInstance
CoTaskMemFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

oleaut32

VariantInit
SysFreeString
SysAllocString

netutils

NetApiBufferFree

api-ms-win-core-winrt-l1-1-0

RoInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

LocalAlloc

Exports

Exports

DllGetClassObject

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Region/Microsoft.Uev.ModernAppAgent.dll
.dll windows:10 windows x64 arch:x64

146a403f3cc494a8b973be7b733121ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Uev.ModernAppAgent.pdb

Imports

msvcrt

??3@YAXPEAX@Z
_wfsopen
fseek
?before@type_info@@QEBAHAEBV1@@Z
_beginthreadex
strerror
__RTtypeid
??0bad_typeid@@QEAA@AEBV0@@Z
_putws
wprintf
towlower
wcsncpy_s
__ExceptionPtrRethrow
__ExceptionPtrCurrentException
__ExceptionPtrDestroy
__ExceptionPtrCopy
__ExceptionPtrCreate
?name@type_info@@QEBAPEBDXZ
time
memmove_s
_wtoi
_stricmp
_gmtime64
_mkgmtime
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
swprintf_s
fgetc
fflush
fputc
_vsnprintf_s
fwrite
fclose
_vsnwprintf
__RTDynamicCast
??1type_info@@UEAA@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
isdigit
isalnum
memchr
tolower
isspace
_Strftime
_Gettnames
__mb_cur_max
_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
_Getmonths
_Getdays
memset
ldexp
abort
memcmp
___lc_collate_cp_func
_wsetlocale
__crtLCMapStringA
__crtLCMapStringW
__crtCompareStringA
__crtCompareStringW
??9type_info@@QEBAHAEBV0@@Z
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
islower
_ismbblead
___mb_cur_max_func
calloc
___lc_codepage_func
___lc_handle_func
isupper
__pctype_func
??0exception@@QEAA@AEBQEBDH@Z
__uncaught_exception
memmove
feof
ferror
fread
_wfopen_s
memcpy
_CxxThrowException
setlocale
_unlock
_lock
_callnewh
malloc
_errno
strchr
realloc
sprintf_s
_wcsnicmp
free
localeconv
ldiv
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
strcspn
_wcsicmp
memcpy_s
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??_V@YAXPEAX@Z
__CxxFrameHandler3
??1bad_typeid@@UEAA@XZ
mbstowcs_s
ftell
wcscmp

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

kernel32

WaitForSingleObjectEx
OutputDebugStringW
GetLastError
GetLongPathNameW
GetTempPathW
CreateHardLinkW
SleepConditionVariableSRW
WakeAllConditionVariable
QueryPerformanceFrequency
TlsFree
TlsGetValue
TlsAlloc
ResumeThread
CreateWaitableTimerW
TlsSetValue
OpenEventA
SetWaitableTimer
FormatMessageA
AreFileApisANSI
CopyFileW
GetCurrentDirectoryW
GetFileAttributesExW
RemoveDirectoryW
DeviceIoControl
CreateDirectoryW
LocalAlloc
GetProcessMitigationPolicy
GetModuleFileNameW
OpenSemaphoreW
GetModuleHandleA
DuplicateHandle
GetUserDefaultLCID
CreateThread
GetExitCodeThread
GetSystemInfo
CreateThreadpoolWork
SubmitThreadpoolWork
ResetEvent
CreateEventExW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetLocalTime
SystemTimeToFileTime
LocalFree
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
InitializeCriticalSectionEx
GetLocaleInfoW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
FormatMessageW
GetProcessHeap
GetModuleHandleW
DebugBreak
ReleaseMutex
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
LocalLock
GetModuleFileNameA
ReadFile
CreateEventA
WriteFile
ExpandEnvironmentStringsW
GetFileAttributesW
GetComputerNameExW
SetFileAttributesW
LocalUnlock
IsDebuggerPresent
SetFileTime
QueryPerformanceCounter
CloseThreadpoolWork
CreateMutexW
WaitNamedPipeW
GetCurrentThread
SetThreadPriority
CreateSemaphoreA
WaitForMultipleObjectsEx
ProcessIdToSessionId
OpenEventW
lstrlenA
FindClose
FindNextFileW
FindFirstFileW
LoadLibraryExW
FreeLibrary
AcquireSRWLockShared
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
AcquireSRWLockExclusive
CloseThreadpoolTimer
ReleaseSRWLockExclusive
WaitForThreadpoolTimerCallbacks
GetFileTime
CopyFileExW
GetFileSize
MoveFileExW
DeleteFileW
CreateEventW
SetEvent

ole32

CoCreateGuid
CLSIDFromProgID
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
OleRun
CoUninitialize
StringFromGUID2

oleaut32

LoadRegTypeLi
VariantInit
SafeArrayCreateEx
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayRedim
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayGetLBound
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SafeArrayPutElement
SafeArrayCreate
VariantClear
SafeArrayLock
SysStringLen
SysAllocStringLen
VariantCopy
GetRecordInfoFromTypeInfo

advapi32

EventSetInformation
EventUnregister
GetTokenInformation
EventActivityIdControl
RegSetKeyValueW
RegDeleteKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
EventRegister
RegEnumKeyExW
RegDeleteTreeW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
OpenProcessToken
GetNamedSecurityInfoW
CreateWellKnownSid
EqualSid
RegCreateKeyExW
EventWriteTransfer

user32

GetDoubleClickTime
SetSysColors
SystemParametersInfoW
GetSysColor
GetSystemMetrics

shell32

DoEnvironmentSubstW
SHGetKnownFolderPath

activeds

ord3

Exports

Exports

AllocateSettingsContext
ExportModernSettings
ExportSettingsToStore
FreeSettingsContext
GetModernTemplateId
GetOSSettingsRoamingState
ImportModernSettings
ImportSettingsFromStore
InitializeRollbackState

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 618KB - Virtual size: 618KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Region/SettingsHandlers_Region.dll
.dll windows:10 windows x64 arch:x64

95bd90ee02c4f844813fa104647a2ee4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_Region.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_bsearch_s
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_toupper
_o_wcstol
__C_specific_handler
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
__std_terminate
_o___std_type_info_destroy_list
_o___std_exception_destroy
__CxxFrameHandler4
memcmp
memcpy
_o___std_exception_copy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObjectEx
CreateEventW
InitializeSRWLock
CreateSemaphoreExW
OpenSemaphoreW
EnterCriticalSection
ResetEvent
InitializeCriticalSectionEx
SetEvent
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex
CreateMutexExW
CreateEventExW
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-string-l1-1-0

CompareStringEx
CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread
OpenThreadToken
GetCurrentThread
TerminateProcess

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
FormatMessageW
GetCalendarInfoEx
GetLocaleInfoEx
GetCalendarInfoW
SetLocaleInfoW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateString

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

winlangdb

SetUserLanguages
SetUserLanguagesCore
GetRegionalFormatList
EnsureLanguageProfileExists

bcp47langs

Bcp47GetMuiForm
AppendUserLanguageInputMethods
GetAppropriateUserLocaleForUserLanguages
GetUserLanguages
GetUserLocaleFromLanguageProfileOptOut
Bcp47Normalize
ClearUserLocaleFromLanguageProfileOptOut
SetUserLocaleFromLanguageProfileOptOut
GetPendingUserDisplayLanguage
Bcp47GetDistance
Bcp47GetIsoLanguageCode
Bcp47GetIsoScriptCode

shcore

SHStrDupW
ord162

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
EventProviderEnabled

api-ms-win-core-localization-l1-2-3

SetUserGeoName
GetGeoInfoEx
GetUserDefaultGeoName
EnumSystemGeoNames

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-com-l1-1-0

CoUninitialize
CoGetMalloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoDecrementMTAUsage
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoGetApartmentType
CoTaskMemRealloc

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-localization-l2-1-0

EnumCalendarInfoExEx
EnumTimeFormatsEx

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
EnumUILanguagesW

coremessaging

CoreUICreate

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-private-l1-1-0

NlsUpdateLocale
NlsCheckPolicy

ntdll

RtlIsMultiUsersInSessionSku

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSetting

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Region/hnetmon.dll
.dll windows:10 windows x64 arch:x64

0b9ea8568c545a22994c3072ae81182b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

hnetmon.pdb

Imports

msvcrt

_XcptFilter
_amsg_exit
wcscat_s
free
malloc
_initterm
__C_specific_handler
wcscpy_s
wcstoul
memset

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

kernel32

RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
RtlVirtualUnwind
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapAlloc
GetProcessHeap
HeapFree

netsh.exe

RegisterHelper
FreeString
PrintMessage
MakeString
PrintError
MatchEnumTag
PreprocessCommand
PrintMessageFromModule
RegisterContext

netshell

NcFreeNetconProperties

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
StringFromGUID2

Exports

Exports

InitHelperDll

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Region/nsisvc.dll
.dll windows:10 windows x64 arch:x64

ac3e5282a238b31279268ef6604f7386

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

nsisvc.pdb

Imports

api-ms-win-core-crt-l2-1-0

_initterm
_initterm_e

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
EtwTraceMessage
RtlPublishWnfStateData
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

rpcrt4

RpcSsContextLockExclusive
RpcServerSubscribeForNotification
RpcAsyncCompleteCall
RpcServerRegisterIf3
RpcServerUseProtseqW
RpcServerUnregisterIfEx
RpcBindingVectorFree
NdrServerCall2
Ndr64AsyncServerCallAll
RpcServerInqBindings
RpcServerInqCallAttributesW
RpcEpRegisterW
RpcEpUnregister
RpcImpersonateClient
RpcServerUnsubscribeForNotification
RpcRevertToSelf
NdrAsyncServerCall
NdrServerCallAll

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-crt-l1-1-0

memcmp
__C_specific_handler
memcpy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Region/ntdll.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:03:81:a4:c7:63:e7:ad:c5:b4:ee:00:00:00:00:03:81
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2022, 19:24

Not After

08/03/2023, 19:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:91:a3:a8:7f:bf:1b:8b:42:90:48:72:d6:9b:8f:5d:0e:04:02:b6:4e:c7:54:b4:75:a6:7c:4c:18:eb:2c:24
Signer

Actual PE Digest

23:91:a3:a8:7f:bf:1b:8b:42:90:48:72:d6:9b:8f:5d:0e:04:02:b6:4e:c7:54:b4:75:a6:7c:4c:18:eb:2c:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ntdll.pdb

Exports

Exports

A_SHAFinal
A_SHAInit
A_SHAUpdate
AlpcAdjustCompletionListConcurrencyCount
AlpcFreeCompletionListMessage
AlpcGetCompletionListLastMessageInformation
AlpcGetCompletionListMessageAttributes
AlpcGetHeaderSize
AlpcGetMessageAttribute
AlpcGetMessageFromCompletionList
AlpcGetOutstandingCompletionListMessageCount
AlpcInitializeMessageAttribute
AlpcMaxAllowedMessageLength
AlpcRegisterCompletionList
AlpcRegisterCompletionListWorkerThread
AlpcRundownCompletionList
AlpcUnregisterCompletionList
AlpcUnregisterCompletionListWorkerThread
ApiSetQueryApiSetPresence
ApiSetQueryApiSetPresenceEx
CsrAllocateCaptureBuffer
CsrAllocateMessagePointer
CsrCaptureMessageBuffer
CsrCaptureMessageMultiUnicodeStringsInPlace
CsrCaptureMessageString
CsrCaptureTimeout
CsrClientCallServer
CsrClientConnectToServer
CsrFreeCaptureBuffer
CsrGetProcessId
CsrIdentifyAlertableThread
CsrSetPriorityClass
CsrVerifyRegion
DbgBreakPoint
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgUiConnectToDbg
DbgUiContinue
DbgUiConvertStateChangeStructure
DbgUiConvertStateChangeStructureEx
DbgUiDebugActiveProcess
DbgUiGetThreadDebugObject
DbgUiIssueRemoteBreakin
DbgUiRemoteBreakin
DbgUiSetThreadDebugObject
DbgUiStopDebugging
DbgUiWaitStateChange
DbgUserBreakPoint
EtwCheckCoverage
EtwCreateTraceInstanceId
EtwDeliverDataBlock
EtwEnumerateProcessRegGuids
EtwEventActivityIdControl
EtwEventEnabled
EtwEventProviderEnabled
EtwEventRegister
EtwEventSetInformation
EtwEventUnregister
EtwEventWrite
EtwEventWriteEndScenario
EtwEventWriteEx
EtwEventWriteFull
EtwEventWriteNoRegistration
EtwEventWriteStartScenario
EtwEventWriteString
EtwEventWriteTransfer
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwLogTraceEvent
EtwNotificationRegister
EtwNotificationUnregister
EtwProcessPrivateLoggerRequest
EtwRegisterSecurityProvider
EtwRegisterTraceGuidsA
EtwRegisterTraceGuidsW
EtwReplyNotification
EtwSendNotification
EtwSetMark
EtwTraceEventInstance
EtwTraceMessage
EtwTraceMessageVa
EtwUnregisterTraceGuids
EtwWriteUMSecurityEvent
EtwpCreateEtwThread
EtwpGetCpuSpeed
EvtIntReportAuthzEventAndSourceAsync
EvtIntReportEventAndSourceAsync
ExpInterlockedPopEntrySListEnd
ExpInterlockedPopEntrySListFault
ExpInterlockedPopEntrySListResume
KiRaiseUserExceptionDispatcher
KiUserApcDispatcher
KiUserCallbackDispatcher
KiUserExceptionDispatcher
KiUserInvertedFunctionTable
LdrAccessResource
LdrAddDllDirectory
LdrAddLoadAsDataTable
LdrAddRefDll
LdrAppxHandleIntegrityFailure
LdrCallEnclave
LdrControlFlowGuardEnforced
LdrCreateEnclave
LdrDeleteEnclave
LdrDisableThreadCalloutsForDll
LdrEnumResources
LdrEnumerateLoadedModules
LdrFastFailInLoaderCallout
LdrFindEntryForAddress
LdrFindResourceDirectory_U
LdrFindResourceEx_U
LdrFindResource_U
LdrFlushAlternateResourceModules
LdrGetDllDirectory
LdrGetDllFullName
LdrGetDllHandle
LdrGetDllHandleByMapping
LdrGetDllHandleByName
LdrGetDllHandleEx
LdrGetDllPath
LdrGetFailureData
LdrGetFileNameFromLoadAsDataTable
LdrGetKnownDllSectionHandle
LdrGetProcedureAddress
LdrGetProcedureAddressEx
LdrGetProcedureAddressForCaller
LdrInitShimEngineDynamic
LdrInitializeEnclave
LdrInitializeThunk
LdrIsModuleSxsRedirected
LdrLoadAlternateResourceModule
LdrLoadAlternateResourceModuleEx
LdrLoadDll
LdrLoadEnclaveModule
LdrLockLoaderLock
LdrOpenImageFileOptionsKey
LdrProcessInitializationComplete
LdrProcessRelocationBlock
LdrProcessRelocationBlockEx
LdrQueryImageFileExecutionOptions
LdrQueryImageFileExecutionOptionsEx
LdrQueryImageFileKeyOption
LdrQueryModuleServiceTags
LdrQueryOptionalDelayLoadedAPI
LdrQueryProcessModuleInformation
LdrRegisterDllNotification
LdrRemoveDllDirectory
LdrRemoveLoadAsDataTable
LdrResFindResource
LdrResFindResourceDirectory
LdrResGetRCConfig
LdrResRelease
LdrResSearchResource
LdrResolveDelayLoadedAPI
LdrResolveDelayLoadsFromDll
LdrRscIsTypeExist
LdrSetAppCompatDllRedirectionCallback
LdrSetDefaultDllDirectories
LdrSetDllDirectory
LdrSetDllManifestProber
LdrSetImplicitPathOptions
LdrSetMUICacheType
LdrShutdownProcess
LdrShutdownThread
LdrStandardizeSystemPath
LdrSystemDllInitBlock
LdrUnloadAlternateResourceModule
LdrUnloadAlternateResourceModuleEx
LdrUnloadDll
LdrUnlockLoaderLock
LdrUnregisterDllNotification
LdrUpdatePackageSearchPath
LdrVerifyImageMatchesChecksum
LdrVerifyImageMatchesChecksumEx
LdrpResGetMappingSize
LdrpResGetResourceDirectory
MD4Final
MD4Init
MD4Update
MD5Final
MD5Init
MD5Update
NlsAnsiCodePage
NlsMbCodePageTag
NlsMbOemCodePageTag
NtAcceptConnectPort
NtAccessCheck
NtAccessCheckAndAuditAlarm
NtAccessCheckByType
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultList
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtAcquireCrossVmMutant
NtAcquireProcessActivityReference
NtAddAtom
NtAddAtomEx
NtAddBootEntry
NtAddDriverEntry
NtAdjustGroupsToken
NtAdjustPrivilegesToken
NtAdjustTokenClaimsAndDeviceGroups
NtAlertResumeThread
NtAlertThread
NtAlertThreadByThreadId
NtAllocateLocallyUniqueId
NtAllocateReserveObject
NtAllocateUserPhysicalPages
NtAllocateUserPhysicalPagesEx
NtAllocateUuids
NtAllocateVirtualMemory
NtAllocateVirtualMemoryEx
NtAlpcAcceptConnectPort
NtAlpcCancelMessage
NtAlpcConnectPort
NtAlpcConnectPortEx
NtAlpcCreatePort
NtAlpcCreatePortSection
NtAlpcCreateResourceReserve
NtAlpcCreateSectionView
NtAlpcCreateSecurityContext
NtAlpcDeletePortSection
NtAlpcDeleteResourceReserve
NtAlpcDeleteSectionView
NtAlpcDeleteSecurityContext
NtAlpcDisconnectPort
NtAlpcImpersonateClientContainerOfPort
NtAlpcImpersonateClientOfPort
NtAlpcOpenSenderProcess
NtAlpcOpenSenderThread
NtAlpcQueryInformation
NtAlpcQueryInformationMessage
NtAlpcRevokeSecurityContext
NtAlpcSendWaitReceivePort
NtAlpcSetInformation
NtApphelpCacheControl
NtAreMappedFilesTheSame
NtAssignProcessToJobObject
NtAssociateWaitCompletionPacket
NtCallEnclave
NtCallbackReturn
NtCancelIoFile
NtCancelIoFileEx
NtCancelSynchronousIoFile
NtCancelTimer
NtCancelTimer2
NtCancelWaitCompletionPacket
NtClearEvent
NtClose
NtCloseObjectAuditAlarm
NtCommitComplete
NtCommitEnlistment
NtCommitRegistryTransaction
NtCommitTransaction
NtCompactKeys
NtCompareObjects
NtCompareSigningLevels
NtCompareTokens
NtCompleteConnectPort
NtCompressKey
NtConnectPort
NtContinue
NtContinueEx
NtConvertBetweenAuxiliaryCounterAndPerformanceCounter
NtCreateCrossVmEvent
NtCreateCrossVmMutant
NtCreateDebugObject
NtCreateDirectoryObject
NtCreateDirectoryObjectEx
NtCreateEnclave
NtCreateEnlistment
NtCreateEvent
NtCreateEventPair
NtCreateFile
NtCreateIRTimer
NtCreateIoCompletion
NtCreateJobObject
NtCreateJobSet
NtCreateKey
NtCreateKeyTransacted
NtCreateKeyedEvent
NtCreateLowBoxToken
NtCreateMailslotFile
NtCreateMutant
NtCreateNamedPipeFile
NtCreatePagingFile
NtCreatePartition
NtCreatePort
NtCreatePrivateNamespace
NtCreateProcess
NtCreateProcessEx
NtCreateProfile
NtCreateProfileEx
NtCreateRegistryTransaction
NtCreateResourceManager
NtCreateSection
NtCreateSectionEx
NtCreateSemaphore
NtCreateSymbolicLinkObject
NtCreateThread
NtCreateThreadEx
NtCreateTimer
NtCreateTimer2
NtCreateToken
NtCreateTokenEx
NtCreateTransaction
NtCreateTransactionManager
NtCreateUserProcess
NtCreateWaitCompletionPacket
NtCreateWaitablePort
NtCreateWnfStateName
NtCreateWorkerFactory
NtDebugActiveProcess
NtDebugContinue
NtDelayExecution
NtDeleteAtom
NtDeleteBootEntry
NtDeleteDriverEntry
NtDeleteFile
NtDeleteKey
NtDeleteObjectAuditAlarm
NtDeletePrivateNamespace
NtDeleteValueKey
NtDeleteWnfStateData
NtDeleteWnfStateName
NtDeviceIoControlFile
NtDirectGraphicsCall
NtDisableLastKnownGood
NtDisplayString
NtDrawText
NtDuplicateObject
NtDuplicateToken
NtEnableLastKnownGood
NtEnumerateBootEntries
NtEnumerateDriverEntries
NtEnumerateKey
NtEnumerateSystemEnvironmentValuesEx
NtEnumerateTransactionObject
NtEnumerateValueKey
NtExtendSection
NtFilterBootOption
NtFilterToken
NtFilterTokenEx
NtFindAtom
NtFlushBuffersFile
NtFlushBuffersFileEx
NtFlushInstallUILanguage
NtFlushInstructionCache
NtFlushKey
NtFlushProcessWriteBuffers
NtFlushVirtualMemory
NtFlushWriteBuffer
NtFreeUserPhysicalPages
NtFreeVirtualMemory
NtFreezeRegistry
NtFreezeTransactions
NtFsControlFile
NtGetCachedSigningLevel
NtGetCompleteWnfStateSubscription
NtGetContextThread
NtGetCurrentProcessorNumber
NtGetCurrentProcessorNumberEx
NtGetDevicePowerState
NtGetMUIRegistryInfo
NtGetNextProcess
NtGetNextThread
NtGetNlsSectionPtr
NtGetNotificationResourceManager
NtGetTickCount
NtGetWriteWatch
NtImpersonateAnonymousToken
NtImpersonateClientOfPort
NtImpersonateThread
NtInitializeEnclave
NtInitializeNlsFiles
NtInitializeRegistry
NtInitiatePowerAction
NtIsProcessInJob
NtIsSystemResumeAutomatic
NtIsUILanguageComitted
NtListenPort
NtLoadDriver
NtLoadEnclaveData
NtLoadKey
NtLoadKey2
NtLoadKey3
NtLoadKeyEx
NtLockFile
NtLockProductActivationKeys
NtLockRegistryKey
NtLockVirtualMemory
NtMakePermanentObject
NtMakeTemporaryObject
NtManageHotPatch
NtManagePartition
NtMapCMFModule
NtMapUserPhysicalPages
NtMapUserPhysicalPagesScatter
NtMapViewOfSection
NtMapViewOfSectionEx
NtModifyBootEntry
NtModifyDriverEntry
NtNotifyChangeDirectoryFile
NtNotifyChangeDirectoryFileEx
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtNotifyChangeSession
NtOpenDirectoryObject
NtOpenEnlistment
NtOpenEvent
NtOpenEventPair
NtOpenFile
NtOpenIoCompletion
NtOpenJobObject
NtOpenKey
NtOpenKeyEx
NtOpenKeyTransacted
NtOpenKeyTransactedEx
NtOpenKeyedEvent
NtOpenMutant
NtOpenObjectAuditAlarm
NtOpenPartition
NtOpenPrivateNamespace
NtOpenProcess
NtOpenProcessToken
NtOpenProcessTokenEx
NtOpenRegistryTransaction
NtOpenResourceManager
NtOpenSection
NtOpenSemaphore
NtOpenSession
NtOpenSymbolicLinkObject
NtOpenThread
NtOpenThreadToken
NtOpenThreadTokenEx
NtOpenTimer
NtOpenTransaction
NtOpenTransactionManager
NtPlugPlayControl
NtPowerInformation
NtPrePrepareComplete
NtPrePrepareEnlistment
NtPrepareComplete
NtPrepareEnlistment
NtPrivilegeCheck
NtPrivilegeObjectAuditAlarm
NtPrivilegedServiceAuditAlarm
NtPropagationComplete
NtPropagationFailed
NtProtectVirtualMemory
NtPssCaptureVaSpaceBulk
NtPulseEvent
NtQueryAttributesFile
NtQueryAuxiliaryCounterFrequency
NtQueryBootEntryOrder
NtQueryBootOptions
NtQueryDebugFilterState
NtQueryDefaultLocale
NtQueryDefaultUILanguage
NtQueryDirectoryFile
NtQueryDirectoryFileEx
NtQueryDirectoryObject
NtQueryDriverEntryOrder
NtQueryEaFile
NtQueryEvent
NtQueryFullAttributesFile
NtQueryInformationAtom
NtQueryInformationByName
NtQueryInformationEnlistment
NtQueryInformationFile
NtQueryInformationJobObject
NtQueryInformationPort
NtQueryInformationProcess
NtQueryInformationResourceManager
NtQueryInformationThread
NtQueryInformationToken
NtQueryInformationTransaction
NtQueryInformationTransactionManager
NtQueryInformationWorkerFactory
NtQueryInstallUILanguage
NtQueryIntervalProfile
NtQueryIoCompletion
NtQueryKey
NtQueryLicenseValue
NtQueryMultipleValueKey
NtQueryMutant
NtQueryObject
NtQueryOpenSubKeys
NtQueryOpenSubKeysEx
NtQueryPerformanceCounter
NtQueryPortInformationProcess
NtQueryQuotaInformationFile
NtQuerySection
NtQuerySecurityAttributesToken
NtQuerySecurityObject

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT
Size: 512B - Virtual size: 505B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
idndl/MTFFuzzyDS.dll
.dll windows:10 windows x64 arch:x64

138f9238ee3d6faf58a788147baf44cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MTFFuzzyDS.pdb

Imports

msvcrt

memmove
_XcptFilter
_amsg_exit
towlower
wcstoul
towupper
wcsnlen
_wcsicmp
wcscpy_s
wcscat_s
free
_initterm
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
__C_specific_handler
malloc
memmove_s
strrchr
wcsrchr
_lock
_unlock
fgetws
wcschr
__CxxFrameHandler3
_vsnprintf_s
iswalpha
__dllonexit
_onexit
strcpy_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
pow
??1exception@@UEAA@XZ
iswupper
iswdigit
fclose
_wfopen_s
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
_purecall
??3@YAXPEAX@Z
wcsncmp
memset
memcmp
log10
log
sqrt

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventWrite
EventUnregister
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-file-l1-1-0

DeleteFileW
GetTempFileNameW
FindNextFileW
CreateDirectoryW
GetFileAttributesW
FindClose
FindFirstFileW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegGetValueW
RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
ResetEvent
AcquireSRWLockExclusive
CreateEventExW
CreateMutexExW
DeleteCriticalSection
CreateSemaphoreExW
ReleaseSRWLockExclusive
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
SysFreeString
SysAllocStringLen

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetWindowsDirectoryW
GetTickCount

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathAppendW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrRChrW
StrStrIW

profapi

ord104

ntdll

RtlIsMultiSessionSku

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
idndl/fontext.dll
.dll windows:10 windows x64 arch:x64

15d10ff5cde51d34d0483b38e6ef093a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fontext.pdb

Imports

msvcrt

_vsnwprintf
__CxxFrameHandler3
memcpy
memcmp
memmove
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
bsearch_s
_wcsnset_s
wcsstr
_wtoi
wcstok_s
_wcsicmp
__C_specific_handler
iswxdigit
wcschr
swprintf_s
memcpy_s
_CxxThrowException
memmove_s
_stricmp
_strcmpi
_vsnprintf
_vsnprintf_s
memset

propsys

VariantCompare
VariantToPropVariant
PropVariantToVariant
PSGetPropertyFromPropertyStorage
PSPropertyBag_ReadType
PSPropertyBag_ReadInt
InitPropVariantFromStringVector
InitPropVariantFromFileTime
PSCreateMemoryPropertyStore
VariantGetStringElem
VariantGetElementCount
PSFormatForDisplay
PSPropertyBag_ReadStr

shell32

ord155
ord19
SHBindToParent
SHGetPathFromIDListW
SHGetKnownFolderPath
SHGetFolderPathW
ord256
ord702
SHCreateShellItemArrayFromIDLists
SHParseDisplayName
ord25
ord701
SHCreateDataObject
ord16
SHGetIconOverlayIndexW
SHCreateDefaultContextMenu
SHGetSpecialFolderLocation
ord680
ord152
AssocCreateForClasses
ord727
ShellExecuteExW
SHChangeNotify
ord763
ord17
ord18
SHBindToObject

shlwapi

PathFindFileNameA
ord204
ord156
ord618
ord24
ord514
PathRemoveExtensionA
ord197
ord12
ord639
ord174
ord215
ord16
StrDupW
StrStrW
PathRenameExtensionW
AssocCreate
ord158
ord538
ord172
ord176
ord256
PathFileExistsW
PathCompactPathExW
StrChrW
PathStripPathW
ord619
ord268
ord199
PathRemoveFileSpecA
StrRetToBufW
PathFindExtensionW
PathRemoveFileSpecW
PathRemoveExtensionW
PathCombineW
PathIsPrefixW
SHCreateStreamOnFileW
ord219
PathAppendW
PathAddBackslashW
PathStripToRootW
PathIsUNCW
SHStrDupW
PathFindFileNameW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadResource
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameA
LoadLibraryExW
FindResourceExW
LockResource
GetModuleHandleW
SizeofResource
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSemaphore
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseMutex
LeaveCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
CreateSemaphoreExW
CreateMutexExW
EnterCriticalSection
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
OpenProcessToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
IsDBCSLeadByte
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileA
GetFileSize
CompareFileTime
GetDiskFreeSpaceExW
SetEndOfFile
CreateFileW
GetDriveTypeW
ReadFile
SetFilePointer
FindNextFileW
DeleteFileW
SetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindClose

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-security-base-l1-1-0

GetFileSecurityW
DuplicateToken
AccessCheck
SetSecurityDescriptorDacl
CreateWellKnownSid
InitializeSecurityDescriptor
MapGenericMask

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar
CompareStringOrdinal
CompareStringEx

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemRealloc
CoGetMalloc
StringFromGUID2
PropVariantClear
CoCreateInstance
CoUninitialize
CoInitializeEx

mpr

WNetGetConnectionW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree
GlobalAlloc

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

oleaut32

VariantClear
SysAllocString
VariantInit

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetEntriesInAclW

gdi32

RemoveFontResourceExW
AddFontResourceW
RemoveFontResourceW
DeleteObject
AddFontResourceExW
EnumFontFamiliesExW
GetFontResourceInfoW
GetDeviceCaps
SetTextColor
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetTextMetricsW
CreateSolidBrush
CreateCompatibleDC
DeleteDC
MoveToEx
LineTo
GetTextExtentPointI
ExtTextOutW
GetTextExtentExPointI
GetTextExtentExPointW
GetGlyphIndicesW
SetBkColor
GetLayout
CreateDIBSection
SetBkMode
SetTextAlign
GetTextCharsetInfo

kernel32

CreateFileMappingA
ReleaseActCtx
_lclose
LZOpenFileW
LZClose
_lopen
LZRead
LZSeek
lstrcmpW
GlobalSize
QueryActCtxW
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx
DeactivateActCtx
GlobalUnlock
GlobalLock
lstrcmpiA
lstrlenW
MulDiv

ntdll

EtwLogTraceEvent
WinSqmAddToStream
EtwEventWriteTransfer

ole32

ReleaseStgMedium
CoGetObject
CreateBindCtx

user32

PeekMessageW
GetSysColorBrush
GetParent
GetDlgItem
CreateDialogParamW
DrawTextW
DefWindowProcW
InvalidateRect
ScrollWindowEx
SetRect
SetScrollInfo
GetClientRect
EndPaint
GetMessageW
BeginPaint
IsDialogMessageW
TranslateMessage
DispatchMessageW
SetWindowTextW
ShowWindow
SendMessageW
SetWindowLongPtrW
GetWindowLongPtrW
LoadImageW
FillRect
CreateWindowExW
RegisterClassW
GetFocus
SetWindowPos
UnregisterClassW
DestroyWindow
DrawIconEx
MessageBoxW
ReleaseDC
GetDC
GetDesktopWindow
PostMessageW
DestroyIcon
DrawTextExW
GetActiveWindow
RegisterClipboardFormatW
GetSystemMetrics
GetWindowRect
InsertMenuItemW
LoadCursorW
SetCursor
SetMenuItemInfoW
GetMenuItemInfoW
MoveWindow
SetPropW
GetPropW
SetTimer
KillTimer
RemovePropW

uxtheme

BufferedPaintInit
EndBufferedPaint
BeginBufferedPaint
BufferedPaintUnInit

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DownloadAndInstallOptionalFontsAsync
InstallFontFile

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
idndl/loghours.dll
.dll windows:10 windows x64 arch:x64

5915094804fae1e245d5c3d588f4bda2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

loghours.pdb

Imports

mfc42u

ord3052
ord3166
ord3046
ord4082
ord4083
ord4077
ord3164
ord4371
ord4983
ord4770
ord6886
ord3535
ord6440
ord4988
ord4365
ord1778
ord1067
ord4752
ord5663
ord2399
ord5586
ord6812
ord4694
ord5712
ord4017
ord5229
ord4789
ord2670
ord2060
ord6814
ord3933
ord2661
ord5484
ord1736
ord5683
ord2457
ord2140
ord5699
ord2474
ord1657
ord665
ord5687
ord6437
ord1777
ord4771
ord5702
ord852
ord4721
ord5406
ord2517
ord3761
ord4741
ord822
ord2586
ord3743
ord2329
ord287
ord1035
ord3894
ord528
ord3862
ord2408
ord286
ord1869
ord2393
ord6351
ord6102
ord3231
ord4623
ord3174
ord2906
ord2979
ord5887
ord2856
ord2846
ord1122
ord1126
ord2629
ord624
ord4647
ord3740
ord3830
ord984
ord525
ord1950
ord1441
ord2574
ord2776
ord4442
ord4621
ord6577
ord6238
ord6131
ord6130
ord6133
ord2898
ord303
ord3742
ord1574
ord4599
ord2427
ord1647
ord2900
ord3790
ord2639
ord4548
ord6328
ord6632
ord6612
ord6614
ord3177
ord6660
ord5245
ord5077
ord337
ord2488
ord4273
ord4557
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord1463
ord4815
ord3362
ord3243
ord3049
ord3916
ord659
ord5615
ord3366
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord2752
ord6053
ord5065
ord5724
ord1063
ord5711
ord5730
ord4368
ord5722
ord3468
ord2412
ord4598
ord6887
ord626
ord4473
ord1966
ord1040

msvcrt

_XcptFilter
_amsg_exit
free
malloc
_purecall
__C_specific_handler
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
_initterm
wcsncpy_s
_wtoi
??_V@YAXPEAX@Z
_wsetlocale
_snwprintf_s
__CxxFrameHandler3
__dllonexit
_onexit
memset
memmove
memcpy

kernel32

GetTimeZoneInformation
GetLocaleInfoW
GetConsoleOutputCP
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalAlloc
LoadLibraryW
GetProcAddress
GetTimeFormatW
FreeLibrary
GetSystemTimeAsFileTime
LocalFree
MulDiv

user32

BeginPaint
EndPaint
GetFocus
InflateRect
GetDC
FillRect
GetSystemMetrics
OffsetRect
GetCapture
DestroyIcon
CopyRect
GetParent
SendMessageW
EnableWindow
IsWindow
ReleaseDC
SetCursorPos
InvalidateRect
LoadImageW
ReleaseCapture
UpdateWindow
PtInRect
DrawIconEx
SetRect
GetClientRect
SetCapture
IntersectRect
IsRectEmpty
ClientToScreen
GetSysColor
DrawFocusRect
FrameRect
DrawTextExW

gdi32

PatBlt
CreatePatternBrush
GetTextExtentPoint32W
GetTextColor
CreateBitmap
GetBkColor

oleaut32

SysAllocString

ole32

CoDisconnectObject

Exports

Exports

ConnectionScheduleDialog
ConnectionScheduleDialogEx
DialinHoursDialog
DialinHoursDialogEx
DirSyncScheduleDialog
DirSyncScheduleDialogEx
LogonScheduleDialog
LogonScheduleDialogEx
ReplicationScheduleDialog
ReplicationScheduleDialogEx

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vmrdvcore/VideoHandlers.dll
.dll windows:10 windows x64 arch:x64

d8665a89cb65b8d90996d9f921641fab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

VideoHandlers.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_bsearch_s
_o_free
_o_malloc
_o_qsort
_o_realloc
_o_strncpy_s
_o_terminate
__C_specific_handler
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__crt_atexit
_o___std_exception_copy
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
__std_terminate
_CxxThrowException
__CxxFrameHandler4
_o___stdio_common_vsnprintf_s
__CxxFrameHandler3
memcpy

api-ms-win-crt-string-l1-1-0

memset
strnlen
wcsnlen
wcsncmp

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObject
InitializeCriticalSectionEx
CreateSemaphoreExW
ReleaseMutex
SetEvent
ResetEvent
AcquireSRWLockShared
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
DeleteCriticalSection
InitializeCriticalSection
ReleaseSemaphore
CreateEventW
CreateEventExW
CreateMutexExW
InitializeSRWLock
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TlsSetValue
TlsGetValue
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsDeleteString
WindowsConcatString
WindowsGetStringRawBuffer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemFree
CoGetMalloc
CoTaskMemRealloc
CoDecrementMTAUsage
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoUninitialize
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-shcore-registry-l1-1-0

SHGetValueW
SHSetValueW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoGetActivationFactory
RoUninitialize

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegSetKeySecurity
RegGetValueW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-shcore-scaling-l1-1-1

ord244

ntdll

RtlUnsubscribeWnfStateChangeNotification
NtPowerInformation
RtlSubscribeWnfStateChangeNotification

api-ms-win-power-setting-l1-1-0

PowerReadDCValue
PowerWriteDCValueIndex
PowerSetActiveScheme
PowerGetActiveScheme

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
SubscribeFeatureStateChangeNotification

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-storage-exports-internal-l1-1-0

SHGetKnownFolderIDList

api-ms-win-rtcore-ntuser-window-l1-1-0

TranslateMessage
SendMessageW
UnregisterClassW
DestroyWindow
GetMessageW
GetWindowRect
AllowSetForegroundWindow
PostQuitMessage
DefWindowProcW
RegisterClassExW
CreateWindowExW
DispatchMessageW

d3d11

D3D11CreateDevice

api-ms-win-ntuser-sysparams-l1-1-0

QueryDisplayConfig
GetDisplayConfigBufferSizes
EnumDisplayDevicesW
DisplayConfigGetDeviceInfo

api-ms-win-ntuser-rectangle-l1-1-0

PtInRect
IntersectRect

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
GetSetting
NotifyVideoHandler

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vmrdvcore/vmrdvcore.dll
.dll windows:10 windows x64 arch:x64

055a22c998dd9328accc6de5710f416b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vmrdvcore.pdb

Imports

msvcrt

_callnewh
??0exception@@QEAA@AEBQEBD@Z
swprintf_s
_purecall
_wcsicmp
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
??_V@YAXPEAX@Z
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_vsnwprintf
_XcptFilter
wcscspn
??3@YAXPEAX@Z
_vsnwprintf_s
wcsrchr
wcsncmp
_wcsnicmp
_wtol
wcschr
memmove
__CxxFrameHandler3
iswalpha
memcmp
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
memcpy
memset

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateThread
GetExitCodeProcess
GetCurrentProcess
OpenThreadToken
GetExitCodeThread
GetCurrentThread
CreateProcessW
SuspendThread
OpenProcessToken
TerminateProcess
GetCurrentThreadId
ResumeThread

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

OpenEventW
SetEvent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObject
AcquireSRWLockExclusive
CreateEventW
ReleaseSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CLSIDFromString
CoUninitialize
CoInitializeEx
CoCreateGuid
CoCreateInstanceEx
StringFromGUID2
CoCreateInstance
CoTaskMemFree

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-security-lsapolicy-l1-1-0

LsaClose
LsaOpenPolicy
LsaFreeMemory
LsaQueryInformationPolicy

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW
StartServiceW

netutils

NetApiBufferFree

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegUnLoadKeyW
RegLoadKeyW
RegDeleteTreeW
RegCreateKeyExW
RegGetValueW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegEnumKeyExW

api-ms-win-core-file-l1-1-0

FindNextFileW
FindFirstFileW
FindClose
CreateFileW
WriteFile
RemoveDirectoryW
GetLongPathNameW
GetShortPathNameW
GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
FindFirstVolumeW
DeleteFileW
FindNextVolumeW
FindVolumeClose
ReadFile
DeleteVolumeMountPointW

api-ms-win-shcore-registry-l1-1-0

SHGetValueW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
MoveFileW

oleaut32

VariantClear
VariantInit
SysAllocString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayCreate
SafeArrayRedim
SafeArrayLock
VarBstrCmp
VariantTimeToSystemTime
SysStringByteLen
SysStringLen
SysFreeString

userenv

DeleteProfileW
GetUserProfileDirectoryW
GetProfilesDirectoryW
RefreshPolicyEx

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupPrivilegeValueW

iphlpapi

GetAdaptersAddresses

ws2_32

InetNtopW
WSAGetLastError

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

samcli

NetLocalGroupDelMembers
NetLocalGroupAddMembers

api-ms-win-security-base-l1-1-0

GetFileSecurityW
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
CreateWellKnownSid
GetLengthSid
DeleteAce
EqualSid
AdjustTokenPrivileges
IsValidSid
SetFileSecurityW
GetAclInformation
MakeAbsoluteSD

api-ms-win-core-string-l1-1-0

CompareStringEx

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

xmllite

CreateXmlReader

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

rpcrt4

UuidToStringW
RpcServerUseProtseqEpW
RpcServerInqBindings
RpcEpRegisterW
RpcServerRegisterAuthInfoW
RpcServerRegisterIfEx
RpcBindingVectorFree
RpcBindingInqAuthClientW
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcEpUnregister
UuidCompare
RpcBindingFree
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcServerUnregisterIf
RpcRaiseException
NdrServerCallAll
NdrServerCall2
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
RpcAsyncCancelCall
Ndr64AsyncClientCall
UuidCreate

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW
VerifyVersionInfoW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
MoveFileWithProgressW
CopyFileExW
CreateSymbolicLinkW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-security-systemfunctions-l1-1-0

SystemFunction036

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

srvcli

NetShareGetInfo

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
SetNamedPipeHandleState
ConnectNamedPipe
DisconnectNamedPipe

api-ms-win-core-io-l1-1-1

CancelIo

advapi32

LsaNtStatusToWinError

netapi32

I_NetLogonControl2

virtdisk

OpenVirtualDisk
DetachVirtualDisk
GetVirtualDiskPhysicalPath
AttachVirtualDisk

wtsapi32

WTSSendMessageW

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-timezone-l1-1-0

TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

VmRdvCore_CreateInstance
VmRdvCore_GetInstance
VmRdvCore_TerminateInstance

Sections

.text
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vmrdvcore/wkssvc.dll
.dll windows:10 windows x64 arch:x64

4df40003d563631ed1e3880008a18229

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wkssvc.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o_free
_o_iswalpha
_o_malloc
_o_tolower
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
_o__execute_onexit_table
_o__errno
_CxxThrowException
_o__configure_narrow_argv
wcsstr
__std_terminate
__CxxFrameHandler4
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
wcschr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsspn

rpcrt4

RpcBindingVectorFree
NdrAsyncServerCall
I_RpcMapWin32Status
RpcAsyncAbortCall
RpcBindingToStringBindingW
RpcServerUseProtseqW
RpcServerUnregisterIf
RpcAsyncCompleteCall
RpcStringFreeW
NdrServerCall2
RpcStringBindingParseW
RpcServerRegisterIfEx
RpcImpersonateClient
NdrServerCallAll
RpcBindingServerFromClient
RpcServerTestCancel
RpcBindingFree
RpcEpUnregister
Ndr64AsyncServerCallAll
RpcEpRegisterW
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
RpcServerInqBindings
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcServerInqCallAttributesW
RpcRevertToSelf
Ndr64AsyncClientCall
I_RpcBindingIsClientLocal
NdrClientCall3
RpcBindingSetOption
RpcAsyncInitializeHandle
RpcAsyncCancelCall
RpcBindingSetAuthInfoExW
RpcEpResolveBinding
RpcMgmtSetComTimeout
RpcBindingFromStringBindingW

api-ms-win-security-activedirectoryclient-l1-1-0

DsBindWithSpnExW
DsMakePasswordCredentialsW
DsFreeNameResultW
DsFreePasswordCredentials
DsCrackNamesW
DsFreeDomainControllerInfoW
DsGetDomainControllerInfoW
DsUnBindW

api-ms-win-core-heap-l2-1-0

LocalUnlock
LocalReAlloc
LocalFree
LocalLock
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

ntdll

NtOpenThreadToken
RtlCopyLuid
RtlAcquireResourceShared
RtlCompareUnicodeString
WinSqmSetDWORD
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtCreateFile
RtlIpv6AddressToStringExW
NtQueryVolumeInformationFile
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlRunDecodeUnicodeString
RtlRunEncodeUnicodeString
RtlIpv6AddressToStringW
RtlGetNtProductType
RtlInitUnicodeString
NtQueryInformationFile
RtlIpv4AddressToStringW
RtlAcquireResourceExclusive
RtlReleaseResource
RtlValidRelativeSecurityDescriptor
NtQueryInformationToken
NtOpenFile
NtFsControlFile
NtClose
RtlAdjustPrivilege
NtAccessCheckAndAuditAlarm
RtlIpv4AddressToStringExW
NtDeviceIoControlFile
RtlMapSecurityErrorToNtStatus
RtlCopySid
RtlLengthSid
RtlCreateAcl
RtlAddAce
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetSaclSecurityDescriptor
NtOpenProcessToken
RtlNewSecurityObject
RtlDeleteSecurityObject
DbgPrint
RtlInitializeGenericTable
RtlNtStatusToDosError
RtlDeregisterWaitEx
RtlDeleteElementGenericTable
NtCreateEvent
RtlDeregisterWait
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTable
WinSqmIsOptedIn
RtlRegisterWait
RtlInitString
RtlDeleteResource
RtlInitializeResource
RtlHashUnicodeString

api-ms-win-security-base-l1-1-0

RevertToSelf
CreateWellKnownSid
PrivilegeCheck
CheckTokenMembership

netutils

NetpwPathCanonicalize
NetpwListTraverse
NetpwListCanonicalize
NetpwPathType
NetApiBufferAllocate
NetpwNameCanonicalize
NetApiBufferFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
CreateEventW
DeleteCriticalSection
OpenEventW
ResetEvent
SetEvent
WaitForSingleObject
WaitForMultipleObjectsEx
EnterCriticalSection

api-ms-win-core-kernel32-private-l1-1-0

DosPathToSessionPathW
EnumerateLocalComputerNamesW
SetLocalPrimaryComputerNameW
RemoveLocalAlternateComputerNameW

api-ms-win-security-lsalookup-l1-1-0

LsaLookupGetDomainInfo
LsaLookupClose
LsaLookupFreeMemory
LsaLookupOpenLocalPolicy

bcrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptDecrypt
BCryptEncrypt
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGenerateSymmetricKey

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-kernel32-legacy-l1-1-0

DnsHostnameToComputerNameW
RegisterWaitForSingleObject
AddLocalAlternateComputerNameW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersion
GetTickCount64
GetVersionExW
GetComputerNameExW
GlobalMemoryStatusEx
GetLocalTime

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

DefineDosDeviceW
QueryDosDeviceW
CreateFileW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
CreateThread
TerminateProcess
GetCurrentProcessId
SetThreadToken

userenv

LeaveCriticalPolicySection
UnregisterGPNotification
EnterCriticalPolicySection
RegisterGPNotification

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyExW
RegGetValueW
RegCreateKeyExW
RegFlushKey
RegEnumKeyExW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolCleanupGroup
TrySubmitThreadpoolCallback

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlCompareMemory

api-ms-win-service-private-l1-1-0

I_ScSetServiceBitsW

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-io-l1-1-0

PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort

dsparse

DsMakeSpnW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win32spl/SecurityHealthAgent.dll
.dll regsvr32 windows:10 windows x64 arch:x64

8ffde2a931024fbe67b40744526c0839

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:8c:80:95:4d:71:cc:0f:36:95:4b:30:ec:fd:70:3c:dc:6f:51:9b:d6:3f:b8:81:b7:ce:b2:b2:80:4a:2e:d5
Signer

Actual PE Digest

f6:8c:80:95:4d:71:cc:0f:36:95:4b:30:ec:fd:70:3c:dc:6f:51:9b:d6:3f:b8:81:b7:ce:b2:b2:80:4a:2e:d5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SecurityHealthAgent.pdb

Imports

msvcp_win

?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPEADK@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Xlength_error@std@@YAXPEBD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Xbad_alloc@std@@YAXXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_errno
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_crt_atexit
terminate
_cexit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vswprintf
__stdio_common_vsnprintf_s

api-ms-win-crt-string-l1-1-0

towlower
_wcsicmp
strnlen
wcsnlen
memset
iswspace
wcscmp

api-ms-win-crt-convert-l1-1-0

_wcstod_l
_wtoi
_i64toa_s
_ui64tow_s
_i64tow_s
_ui64toa_s

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-private-l1-1-0

memcmp
__std_exception_destroy
memcpy
__std_exception_copy
_CxxThrowException
__CxxFrameHandler4
__std_type_info_destroy_list
__CxxFrameHandler3
__C_specific_handler
__std_terminate
_purecall
memmove

api-ms-win-core-libraryloader-l1-2-0

LockResource
FreeLibrary
GetModuleHandleW
LoadResource
DisableThreadLibraryCalls
SizeofResource
GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW
GetProcAddress
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
ReleaseMutex
WaitForSingleObjectEx
DeleteCriticalSection
CreateEventW
SetEvent
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObject
CreateMutexExW
ResetEvent
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
OpenThreadToken
ProcessIdToSessionId
GetCurrentProcess
TerminateProcess
OpenProcessToken
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenCurrentUser
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoSetProxyBlanket
CoRevertToSelf
CoCreateInstance
CoImpersonateClient
StringFromGUID2
StringFromCLSID

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

rpcrt4

NdrDllCanUnloadNow
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrCStdStubBuffer_Release
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
UuidCreate
NdrOleAllocate
NdrDllGetClassObject
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-rtcore-ntuser-window-l1-1-0

GetForegroundWindow

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ole32

ObjectStublessClient6
ObjectStublessClient5
ObjectStublessClient7
CoGetObject
ObjectStublessClient4
ObjectStublessClient3

shell32

ShellExecuteW

wldp

WldpQueryWindowsLockdownMode

ntdll

RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
RtlGetPersistedStateLocation

api-ms-win-crt-locale-l1-1-0

_create_locale
_free_locale
__pctype_func

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-base-l1-1-0

FreeSid
CheckTokenMembership
InitializeAcl
GetLengthSid
CopySid
GetTokenInformation
GetSecurityDescriptorOwner
AllocateAndInitializeSid
AccessCheck
AdjustTokenPrivileges
GetSecurityDescriptorDacl

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW

api-ms-win-core-synch-l1-2-0

Sleep

wintrust

CryptCATAdminCalcHashFromFileHandle
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win32spl/WiFiDisplay.dll
.dll windows:10 windows x64 arch:x64

22ea731bf4d650c96ee339f4201d44bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WiFiDisplay.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__execute_onexit_table
_o_free
_o_isdigit
_o_malloc
_o_terminate
_o_wcscpy_s
_o_wcsncpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__errno
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__atoi64
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcspbrk

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
CreateEventW
ResetEvent
CreateEventExW
SetEvent
CreateSemaphoreExW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolIo
WaitForThreadpoolTimerCallbacks
StartThreadpoolIo
CancelThreadpoolIo
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
SetThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolCleanupGroup
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-handle-l1-1-0

CloseHandle

ntdll

RtlGetDeviceFamilyInfoEnum
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegGetValueW

devobj

DevObjDestroyDeviceInfoList
DevObjCreateDeviceInfoList
DevObjOpenDeviceInfo
DevObjOpenDevRegKey

api-ms-win-core-file-l1-1-0

SetFilePointer
ReadFile
CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister
EventActivityIdControl

ws2_32

closesocket
connect
WSAIoctl
ntohs
shutdown
getsockname
getpeername
WSAAddressToStringW
InetPtonW
send
htons
recv
listen
WSAStartup
WSACleanup
socket
WSAGetLastError
setsockopt
bind

sspicli

InitializeSecurityContextW
AcquireCredentialsHandleW
DecryptMessage
QueryContextAttributesW
AcceptSecurityContext
EncryptMessage
FreeCredentialsHandle
DeleteSecurityContext
ImportSecurityContextW
FreeContextBuffer
ExportSecurityContext

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

api-ms-win-devices-query-l1-1-0

DevGetObjects
DevCloseObjectQuery
DevFreeObjects

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Unregister_Notification

dnsapi

DnsServiceFreeInstance
DnsServiceRegister
DnsServiceDeRegister
DnsServiceConstructInstance

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

iphlpapi

GetIfEntry2Ex
GetAdaptersAddresses
ConvertInterfaceLuidToGuid
GetIfTable2
FreeMibTable

api-ms-win-core-com-l1-1-0

CoCreateGuid

mswsock

AcceptEx

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

rpcrt4

UuidFromStringW

api-ms-win-dx-d3dkmt-l1-1-1

D3DKMTNetDispQueryMiracastDisplayDeviceSupport

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CloseMiracastSession
CreateDAFProviderMiracastHelper
CreateInfraCastSourceConnector
CreateWiFiDisplayEtwProvider
IsMiracastSupportedByWlan
MiracastFreeMemory
MiracastIeDecode
MiracastIeEncode
MiracastQueryParameters
MiracastRegisterDatarateCallback
MiracastUnregisterDatarateCallback
OpenMiracastSession
VsIeProviderGetFunctionTable
WFDDisplaySinkCloseSession
WFDDisplaySinkDeInit
WFDDisplaySinkInit
WFDDisplaySinkQueryCapabilities
WFDDisplaySinkSetPersistedGroupIDList
WFDDisplaySinkSetProperty
WFDDisplaySinkStart
WFDDisplaySinkStartEx
WFDDisplaySinkStop

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win32spl/win32spl.dll
.dll windows:10 windows x64 arch:x64

8b131f6c824bbfd621b1af5c1e0b0060

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

win32spl.pdb

Imports

msvcrt

wcstol
wcscpy_s
wcstoul
tolower
_wcsnicmp
_wtol
wcsnlen
wcsstr
_wcsicmp
wcsncmp
??_V@YAXPEAX@Z
_itow_s
qsort
malloc
_purecall
memmove_s
??0exception@@QEAA@AEBV0@@Z
_callnewh
_CxxThrowException
_wcstoi64
_get_errno
memcpy
??3@YAXPEAX@Z
??1exception@@UEAA@XZ
memmove
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_set_errno
_wcsdup
_open
_errno
_read
_write
_close
_lseek
_wopen
_stricmp
swprintf_s
sprintf_s
wcsrchr
isdigit
isupper
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
localeconv
strcspn
__uncaught_exception
setlocale
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__pctype_func
calloc
islower
??8type_info@@QEBAHAEBV0@@Z
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
abort
memset
memchr
memcmp
sqrt
_XcptFilter
_amsg_exit
free
_initterm
?terminate@@YAXXZ
wcschr
_wtof
strchr
_wcslwr
__CxxFrameHandler3
iswspace
strcpy_s
wcstok_s
wcscat_s
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
__C_specific_handler
wcscmp

ntdll

NtSetInformationThread
NtOpenThreadToken
RtlFreeHeap
RtlInitUnicodeString
NtSetInformationToken
RtlAllocateHeap
WinSqmIncrementDWORD
WinSqmAddToStreamEx
WinSqmSetDWORD
WinSqmIsOptedIn
EtwEventWrite
EtwEventEnabled
EtwEventUnregister
EtwEventRegister
RtlValidRelativeSecurityDescriptor
RtlIsThreadWithinLoaderCallout
NtFsControlFile
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
TpAllocPool
TpSetPoolMinThreads
TpSetPoolMaxThreads
NtOpenProcessToken
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
RtlInitAnsiString
RtlOemStringToUnicodeString
RtlUnicodeToOemN
RtlxUnicodeStringToOemSize
NtImpersonateAnonymousToken
NtCreateFile
TpReleaseWait
TpWaitForWait
TpReleaseWork
TpWaitForWork
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
RtlNtStatusToDosError
TpSimpleTryPost
TpSetWait
TpCallbackMayRunLong
TpReleasePool
TpReleaseAlpcCompletion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VerSetConditionMask
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
NtClose

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-file-l1-1-0

LocalFileTimeToFileTime
FindNextFileW
FindFirstFileW
RemoveDirectoryW
SetFileTime
SetFileAttributesW
FindClose
DeleteFileW
SetFilePointerEx
WriteFile
CreateFileW
ReadFile
SetEndOfFile
CreateDirectoryW
GetFileSize
GetFileAttributesW
CompareFileTime
GetFullPathNameW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
LoadStringW
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages
FormatMessageW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

rpcrt4

RpcAsyncCompleteCall
RpcSmDestroyClientContext
NdrClientCall3
RpcStringFreeW
NdrMesProcEncodeDecode3
MesEncodeIncrementalHandleCreate
MesDecodeIncrementalHandleCreate
Ndr64AsyncClientCall
RpcBindingSetObject
RpcEpResolveBinding
RpcAsyncInitializeHandle
I_RpcExceptionFilter
RpcBindingSetOption
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
MesHandleFree
RpcBindingFree

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
SetThreadToken
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
TerminateProcess
GetCurrentThreadId
ExitProcess

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockShared
CreateSemaphoreExW
ReleaseSemaphore
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
CreateEventW
CreateMutexExW
InitializeCriticalSection
CreateEventExW
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
WaitForSingleObjectEx
ReleaseMutex
LeaveCriticalSection

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
IsThreadpoolTimerSet
CloseThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenCurrentUser
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyExW
RegEnumKeyExW

api-ms-win-security-base-l1-1-0

MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AddAccessDeniedAceEx
CheckTokenMembership
SetTokenInformation
AddAccessAllowedAceEx
IsWellKnownSid
GetTokenInformation
DuplicateTokenEx
CopySid
CreateWellKnownSid
RevertToSelf
ImpersonateLoggedOnUser
InitializeAcl
EqualSid
GetLengthSid
GetSecurityDescriptorLength
AllocateAndInitializeSid
IsTokenRestricted
IsValidSecurityDescriptor

oleaut32

GetRecordInfoFromTypeInfo
SafeArrayCopyData
VariantCopy
LoadTypeLi
VariantCopyInd
VariantChangeType
SysAllocStringLen
BSTR_UserMarshal64
SetErrorInfo
LoadRegTypeLi
LPSAFEARRAY_UserSize64
BSTR_UserSize64
BSTR_UserFree64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal64
BSTR_UserMarshal
BSTR_UserUnmarshal
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserFree64
SafeArrayGetElement
SysStringLen
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayDestroy
BSTR_UserSize
SafeArrayCreateVector
BSTR_UserFree
LPSAFEARRAY_UserSize
VariantClear
SysAllocString
BSTR_UserUnmarshal64
LPSAFEARRAY_UserFree
SafeArrayPtrOfIndex
SysFreeString
VariantInit
LPSAFEARRAY_UserUnmarshal

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemInfo
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-security-lsalookup-l1-1-0

LookupAccountNameLocalW
LookupAccountSidLocalW

spoolss

CacheIsNameInNodeList
IsNamedPipeRpcCall
SetJobW
GetPrinterDriverW
CallRouterFindFirstPrinterChangeNotification
SetPortW
GetJobW
GetPrinterDriverDirectoryW
GetServerPolicy
GetJobNamedPropertyValue
AllocSplStr
RouterCreatePrintAsyncNotificationChannel
SplRegisterForSessionEvents
SplUnregisterForSessionEvents
ReplyPrinterChangeNotification
PartialReplyPrinterChangeNotification
SpoolerRefreshPrinterChangeNotification
SpoolerFindClosePrinterChangeNotification
SpoolerFindFirstPrinterChangeNotification
GetPrinterW
OpenPrinter2W
AppendPrinterNotifyInfoData
RouterAllocPrinterNotifyInfo
RouterFreePrinterNotifyInfo
ReplyPrinterChangeNotificationEx
DllFreeSplStr
FreePrintPropertyValue
EnumPrintersW
MIDL_user_allocate1
MIDL_user_free1
IsNameTheLocalMachineOrAClusterSpooler
DeletePrinterConnectionW
RevertToPrinterSelf
ImpersonatePrinterClient
OpenPrinterW
ClosePrinter
DllFreeSplMem
DllAllocSplMem
CallDrvDevModeConversion
AllowRemoteCalls
GetPrinterDataW

localspl

SplAddPrinter
SplAddMonitor
SplCopyNumberOfFiles
SplEnumPrinterDrivers
SplIsCompatibleDriver
SplEnumPrinters
SplEnumPorts
SplXcvData
SplIsDriverInstalled
SplOpenPrinter
SplSetJobNamedProperty
SplDeleteJobNamedProperty
SplSetForm
SplDoesCSRPrinterDevnodeExist
SplGetDriverUpdateStatus
SplRegeneratePrintDeviceCapabilities
SplAddForm
SplDeleteForm
SplSetJobError
SplPrintSupportOperation
SplIppCreateJobOnPrinter
SplIppGetJobAttributes
SplIppSetJobAttributes
SplCloseSpooler
SplDeleteSpooler
SplCreateSpooler
SplNotifyServerStatus
SplGetPrintClassObject_4CSR
SplIsLocalDriverAvailable
SplSetDriverUpdateStatus
SplAddPrinterDriverEx
SplGetUserPropertyBag
SplSetJob
SplEnumJobs
SplDeletePrinterWithJobs
SplGetPrinter
SplSetPrinter
SplSetJobExtra
SplGetDriverDir
SplSetCSRPrinterDevnode
LocalAddForm
SplCopyFileEvent
SplLoadLibraryTheCopyFileModule
SplGetJobExtra
LocalDeleteForm
LocalEnumForms
SplEnumForms
SplGetForm
SplMonitorIsInstalled
SplGetPrintClassObject
SplDeletePrintProcCacheData
SplEnumPrintProcCacheData
SplGetLocalDevMode
SplSetPrintProcCacheData
SplGetPrintProcCacheData
SplEnumPrinterKey
SplEnumPrinterDataEx
SplEnumPrinterData
SplDeletePrinterKey
SplDeletePrinterDataEx
SplDeletePrinterData
SplSetPrinterDataEx
SplSetPrinterData
SplGetPrinterDataEx
SplGetPrinterData
SplGetPrinterDriver
SplGetPrinterDriverEx
SplResetPrinter
SplDeletePrinterIC
SplPlayGdiScriptOnPrinterIC
SplCreatePrinterIC
SplEnumJobNamedProperties
SplGetJobNamedPropertyValue
SplReportJobProcessingProgress
SplGetJob
SplScheduleJob
SplAddJob
SplAbortPrinter
LocalReadPrinter
SplWritePrinter
SplEndDocPrinter
SplEndPagePrinter
SplStartPagePrinter
SplStartDocPrinter
SplClosePrinter
SplAddCSRPrinter
SplEnableCSRPrinterDeviceInterface
SplDriverEvent

shlwapi

SHCreateStreamOnFileW

setupapi

SetupDiCreateDeviceInfoListExW
SetupDiOpenDeviceInfoW
SetupDiGetDevicePropertyW
SetupDiDestroyDeviceInfoList
CMP_WaitNoPendingInstallEvents
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW

cfgmgr32

SwDeviceSetLifetime
SwDeviceClose
SwDeviceCreate

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery
DevCreateObjectQuery
DevCreateObjectQueryFromId

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime
GetComputerNameW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

kernelbase

LocalAlloc
LocalReAlloc
GetIsEdpEnabled

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetTimeZoneInformation

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

iphlpapi

GetAdaptersAddresses

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
RegisterEventSourceW
ReportEventW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileSectionW
GetPrivateProfileStringW

Exports

Exports

DllMain
InitializePrintMonitor2
InitializePrintProvidor

Sections

.text
Size: 884KB - Virtual size: 883KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64_x32_installer__v4.3.3.msi
.msi

Sharing

General

Malware Config

Signatures

Files

0e436b03a9170a850ade7a48204599a3

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

6c:a5:d2:e2:b6:11:6e:26:00:33:af:bf:01:10:f8:87:22:4e:eb:79:ad:95:a0:fc:f5:95:6e:56:48:d7:5a:65Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-shell-namespace-l1-1-0

bcp47langs

shcore

windows.storage

gdi32

ntdll

ole32

shlwapi

slc

user32

msvcp_win

api-ms-win-core-localization-l1-2-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-memory-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-registry-l1-1-0

userenv

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-security-capability-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-appmodel-runtime-l1-1-3

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

6c:a5:d2:e2:b6:11:6e:26:00:33:af:bf:01:10:f8:87:22:4e:eb:79:ad:95:a0:fc:f5:95:6e:56:48:d7:5a:65
Signer

.text
Size: 405KB - Virtual size: 404KB

.rdata
Size: 111KB - Virtual size: 110KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 15KB - Virtual size: 14KB

.didat
Size: 1024B - Virtual size: 656B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB