CWindowsSysWOW64-7[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

CWindowsSysWOW64-7.zip
Size

3.4MB
MD5

dc2a6351d8cb1514c7f7cd20eb198aa1
SHA1

0b33e9023dd702741a58b3d0a70cd4b2bb2f6738
SHA256

056d6de7af518e20c87f75995d887f667c36e2819336fc5af7c7464ca4a9bed2
SHA512

9608c28254199902a920af2e17f8f684bbbc32974ceaff4ce22e9fcdbdb30186e09269eea48921913ef1aea2ff9e7b29fdf165799bcf30a0f3fea3a3d21064c5
SSDEEP

49152:Gs8gSpEomH60Qno6p/k9wLuuaD2cmImhYq3A2z7OogONMCHOEb91:Gpho6p/2wLkjmII3A2nkZCusX

Score

3^/10

Malware Config

Signatures

Unsigned PE 29 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Fondue.exe
unpack001/GameBarPresenceWriter.exe
unpack001/GamePanel.exe
unpack001/HOSTNAME.EXE
unpack001/InfDefaultInstall.exe
unpack001/InputSwitchToastHandler.exe
unpack001/extrac32.exe
unpack001/fc.exe
unpack001/find.exe
unpack001/findstr.exe
unpack001/finger.exe
unpack001/fixmapi.exe
unpack001/fltMC.exe
unpack001/fontview.exe
unpack001/forfiles.exe
unpack001/fsquirt.exe
unpack001/ftp.exe
unpack001/getmac.exe
unpack001/gpresult.exe
unpack001/gpupdate.exe
unpack001/grpconv.exe
unpack001/hdwwiz.exe
unpack001/help.exe
unpack001/hh.exe
unpack001/icacls.exe
unpack001/ieUnatt.exe
unpack001/iexpress.exe
unpack001/instnm.exe
unpack001/ipconfig.exe

Files

CWindowsSysWOW64-7.zip
.zip
Fondue.exe
.exe windows:10 windows x86 arch:x86

c90a9b51b5004e7bf81f560d871186e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

FonDUE.pdb

Imports

kernel32

GetCurrentThreadId
GetVersionExW
ProcessIdToSessionId
FormatMessageW
GetLastError
LoadLibraryW
HeapSetInformation
GetProcAddress
GetCurrentProcessId
GetModuleHandleW

user32

IntersectRect
IsRectEmpty
GetForegroundWindow
CreateDesktopW
CopyRect
GetMonitorInfoW
CloseDesktop
LoadStringW
GetThreadDesktop
SetThreadDesktop
GetSystemMetrics
MonitorFromWindow
MessageBoxW
EqualRect
GetWindowRect
SwitchDesktop
GetWindowBand
SetRect

msvcrt

__set_app_type
_cexit
_initterm
_wcmdln
__p__fmode
__setusermatherr
__wgetmainargs
_amsg_exit
__p__commode
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
exit
_lock
_except_handler4_common
_controlfp
_exit
_XcptFilter
memcpy_s
_vsnwprintf
wcsstr
memset

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeSecurity

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateMutexExW
ReleaseSemaphore
OpenMutexW
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
CreateSemaphoreExW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

ole32

CoInitialize

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GameBarPresenceWriter.exe
.exe windows:10 windows x86 arch:x86

d35968b2bd94590ba3c0b4f90d8af4a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

GameBarPresenceWriter.pdb

Imports

advapi32

RegGetValueW
RegCreateKeyExW
RegCloseKey
RegNotifyChangeKeyValue
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

kernel32

GetModuleFileNameA
HeapFree
EnterCriticalSection
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
GetCurrentThreadId
FormatMessageW
OutputDebugStringW
RaiseException
HeapAlloc
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
SetLastError
CreateEventExW
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
GetLastError
WaitForThreadpoolWaitCallbacks
ReleaseSRWLockExclusive
CloseThreadpoolTimer
AcquireSRWLockExclusive
CreateThreadpoolWait
CloseHandle
SetThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolTimer
ParseApplicationUserModelId
InitOnceExecuteOnce
CreateSemaphoreExW
ReleaseSemaphore
EncodePointer
WaitForSingleObject
ReleaseMutex
CreateEventW
Sleep
SetEvent
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
DecodePointer
CreateMutexExW
LocalFree
AcquireSRWLockShared
GetCurrentProcessId

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_exit
_errno
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_wide_environment
_initialize_wide_environment
_invalid_parameter_noinfo
_configure_wide_argv
_set_app_type
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_seh_filter_exe
_controlfp_s
terminate
abort
_initterm
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__acrt_iob_func
__p__commode
__stdio_common_vsnprintf_s
__stdio_common_vswprintf
_set_fmode
__stdio_common_vfwprintf

api-ms-win-crt-heap-l1-1-0

_malloc_base
_callnewh
free
_realloc_base
_set_new_mode
malloc
_calloc_base
calloc
_free_base

ole32

CoReleaseServerProcess
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitializeSecurity
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoAddRefServerProcess

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsCreateStringReference
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoUninitialize
RoGetActivationFactory
RoInitialize
RoRevokeActivationFactories
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

ntdll

RtlUnwind

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
TryAcquireSRWLockExclusive

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

GetCPInfo
LCMapStringEx
GetLocaleInfoEx

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsFree
FlsSetValue
FlsGetValue

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
__pctype_func
___mb_cur_max_func
___lc_locale_name_func
setlocale
_unlock_locales
_lock_locales
___lc_collate_cp_func
localeconv
_configthreadlocale

api-ms-win-crt-string-l1-1-0

strcspn
strcpy_s
wcsnlen
__strncnt
isspace
tolower
islower
isupper
_wcsdup

api-ms-win-crt-convert-l1-1-0

strtof
strtod

api-ms-win-crt-math-l1-1-0

frexp
_CIpow
ldexp
ceil

api-ms-win-crt-time-l1-1-0

_Getmonths
_Gettnames
_W_Gettnames
_Wcsftime
_Getdays
_W_Getdays
_W_Getmonths
_Strftime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
CompareStringEx

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GamePanel.exe
.exe windows:10 windows x86 arch:x86

aebcb02352b68bcb99c49dcade027f25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

GamePanel.pdb

Imports

advapi32

RegGetValueW
EventWriteTransfer
RegCloseKey
RegNotifyChangeKeyValue
RegCreateKeyExW
EventSetInformation
EventRegister
EventUnregister
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptGetHashParam
CryptHashData
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
FreeSid
CheckTokenMembership
DuplicateToken
OpenProcessToken
AllocateAndInitializeSid
RegDeleteTreeW

kernel32

CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateThreadpoolWait
CreateEventExW
SetEvent
IsWow64Process2
GetCurrentProcess
CreateEventW
LocalFree
OpenProcess
FreeLibrary
GetCurrentThreadId
SystemTimeToFileTime
SetThreadpoolTimer
GetSystemTime
GetUserDefaultLocaleName
CloseHandle
CreateThreadpoolTimer
WaitForSingleObjectEx
LoadResource
LockResource
SizeofResource
DeleteFileW
QueryPerformanceCounter
GetTempFileNameW
GetDateFormatEx
GetTimeFormatEx
GetApplicationUserModelId
GetEnvironmentVariableW
WriteFile
CreateFileW
CreateThread
OutputDebugStringW
GetLocaleInfoEx
GetUserDefaultUILanguage
LCIDToLocaleName
WideCharToMultiByte
RaiseException
Sleep
ResolveLocaleName
GetCurrentThread
SetThreadDescription
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
VirtualQuery
GetSystemInfo
LoadLibraryExA
VirtualProtect
LocalAlloc
GetLocalTime
GetLocaleInfoW
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
HeapAlloc
CloseThreadpoolTimer
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
OpenSemaphoreW
GetLastError
FormatMessageW
FindResourceW
ReleaseMutex
MulDiv
ResetEvent

gdi32

GetDIBits
DeleteDC
GetObjectW
CreateRectRgn
GetRgnBox
SelectObject
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC

user32

SetForegroundWindow
SetCursorPos
ShowCursor
SetActiveWindow
ChangeWindowMessageFilterEx
ReleaseDC
GetDC
UnregisterClassW
GetSysColor
LoadStringW
SetWindowPos
GetClassLongW
SetClassLongW
ClientToScreen
TrackMouseEvent
SetCapture
ReleaseCapture
TranslateMessage
GetDesktopWindow
ScreenToClient
SendMessageW
MonitorFromRect
SetWindowCompositionAttribute
PostQuitMessage
DispatchMessageW
SendInput
BlockInput
PostMessageW
SetFocus
CreateWindowInBand
GetWindowThreadProcessId
SetCursor
GetMessageW
EnableWindow
IsWindow
GetCursorInfo
CreateWindowExW
GetIconInfo
SetProcessDefaultLayout
FindWindowW
GetForegroundWindow
GetNextDlgTabItem
SetWindowLongW
GetClientRect
GetWindowTextW
mouse_event
SetWinEventHook
UnhookWinEvent
MonitorFromWindow
GetWindowRect
MapWindowPoints
GetAncestor
SetWindowRgn
GetWindowRgn
SystemParametersInfoW
GetParent
GetSystemMetrics
GetRawInputData
GetMessageExtraInfo
RegisterRawInputDevices
LoadCursorW
PtInRect
MonitorFromPoint
GetMonitorInfoW
KillTimer
SetTimer
InvalidateRect
ValidateRect
MoveWindow
SetWindowTextW
SetParent
DestroyWindow
WindowFromPhysicalPoint
GetWindowLongW
GetActiveWindow
GetFocus
ShowWindow
GetCursorPos
CallNextHookEx
UnhookWindowsHookEx
DefWindowProcW
SetWindowsHookExW
GetKeyState
LoadIconW
RegisterClassExW
RegisterWindowMessageW
TranslateAcceleratorW

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_exit
exit
_errno
_invalid_parameter_noinfo_noreturn
terminate
_initterm_e
_beginthreadex
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_errno
_set_app_type
_controlfp_s
_register_onexit_function
_crt_atexit
_initialize_onexit_table
_seh_filter_exe
_c_exit
abort
_cexit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vswprintf
__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__p__commode
__stdio_common_vsnwprintf_s
fclose
_wfopen
_set_fmode

api-ms-win-crt-string-l1-1-0

islower
strcspn
strcpy_s
_wcsdup
strncpy_s
isupper
__strncnt
isspace
tolower
wcsnlen
_wcsnicmp

api-ms-win-crt-convert-l1-1-0

wcstoul
wcstol
strtod
strtol
strtof

api-ms-win-crt-time-l1-1-0

_Getdays
_W_Getmonths
_Getmonths
_W_Gettnames
_Wcsftime
_Strftime
_W_Getdays
_time32
_localtime32_s
_Gettnames

api-ms-win-crt-math-l1-1-0

floor
roundf
frexp
_CIpow
_CIsqrt
ceil
ldexp

api-ms-win-crt-heap-l1-1-0

_callnewh
_realloc_base
free
calloc
_malloc_base
_free_base
_set_new_mode
_calloc_base
malloc

api-ms-win-crt-locale-l1-1-0

setlocale
___lc_codepage_func
_lock_locales
___lc_collate_cp_func
__pctype_func
___mb_cur_max_func
localeconv
___lc_locale_name_func
_configthreadlocale
_unlock_locales

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoCreateGuid
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoTaskMemFree
CoInitializeSecurity
PropVariantClear
CoCreateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringLen
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString
WindowsCompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoActivateInstance
RoUninitialize

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

rpcrt4

UuidCreate
UuidFromStringW

oleaut32

VariantInit
SysAllocStringLen
SysAllocString

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeSRWLock
TryAcquireSRWLockExclusive

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
InitializeConditionVariable

api-ms-win-core-processthreads-l1-1-0

GetExitCodeThread

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

api-ms-win-core-localization-l1-2-0

GetCPInfo
LCMapStringEx

api-ms-win-core-string-l1-1-0

CompareStringEx
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

comctl32

ord411
ord410
ord412
ord413

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
SetProcessDpiAwareness

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState

api-ms-win-core-featurestaging-l1-1-1

GetFeatureVariant

d2d1

ord7

d3d11

D3D11CreateDevice

dwrite

DWriteCreateFactory

dcomp

DCompositionCreateDevice2

shell32

SHGetKnownFolderPath
SHCreateDirectoryExW
ShellExecuteW
CommandLineToArgvW

shlwapi

SHStrDupA
PathFileExistsW

msdrm

DRMIsWindowProtected

uxtheme

CloseThemeData
OpenThemeData

dxgi

CreateDXGIFactory2

ntdll

RtlInitUnicodeString
NtQueryLicenseValue
RtlPublishWnfStateData

uiautomationcore

UiaHostProviderFromHwnd
UiaReturnRawElementProvider
UiaRaiseAutomationEvent

gamepanelexternalhook

?Hook@CGamePanelExternalHook@@QAEXPAUHWND__@@@Z
?SetIntercept@CGamePanelExternalHook@@QAEX_NPAUHWND__@@@Z
?GPHHookWindowPointerDown@CGamePanelExternalHook@@SGIXZ
?GetInstance@CGamePanelExternalHook@@SGAAV1@XZ
?Unhook@CGamePanelExternalHook@@QAEXXZ

dwmapi

DwmSetWindowAttribute

Sections

.text
Size: 757KB - Virtual size: 756KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 90KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HOSTNAME.EXE
.exe windows:10 windows x86 arch:x86

a4063db4a815f52872ced059021a8b79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

hostname.pdb

Imports

msvcrt

_amsg_exit
__p__commode
__set_app_type
_XcptFilter
_exit
_initterm
fgetpos
__wgetmainargs
exit
__setusermatherr
_cexit
wcschr
_except_handler4_common
_controlfp
_vscwprintf
_fileno
_write
_setmode
vswprintf_s
fflush
__p__fmode
_wcsicmp
_get_osfhandle
fwprintf
?terminate@@YAXXZ
__iob_func

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

ws2_32

WSAStartup
GetHostNameW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

mswsock

GetSocketErrorMessageW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InfDefaultInstall.exe
.exe windows:10 windows x86 arch:x86

f2f450ce56a210fae3c67af46756bf51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

InfDefaultInstall.pdb

Imports

kernel32

LocalFree
GetNativeSystemInfo
GetLastError
FormatMessageW
GetCommandLineW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetLastError

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnwprintf
memset

ext-ms-win-shell-shell32-l1-2-1

RestartDialogEx

shell32

CommandLineToArgvW

comctl32

TaskDialogIndirect

setupapi

SetupDiGetActualSectionToInstallW
InstallHinfSectionW
SetupOpenInfFileW
SetupFindFirstLineW
SetupCloseInfFile

newdev

DiInstallDriverW

drvstore

DriverPackageGetPropertyW
DriverPackageClose
DriverPackageOpenW

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InputSwitchToastHandler.exe
.exe windows:10 windows x86 arch:x86

c3e61963208826aaed0197bf7a8d99ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

InputSwitchToastHandler.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
memmove
_o__set_new_mode
_o__wcsicmp
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vswprintf
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoReleaseServerProcess
CoAddRefServerProcess
CoCreateInstance
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseMutex
EnterCriticalSection
CreateEventW
CreateMutexExW
CreateSemaphoreExW
ReleaseSRWLockExclusive
DeleteCriticalSection
WaitForSingleObject
ReleaseSemaphore
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
SetEvent

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories
RoUninitialize
RoInitialize

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

oleaut32

SysStringLen
SysFreeString
SetErrorInfo

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
explorer.exe
.exe windows:10 windows x86 arch:x86

60a925426d1295a93bcd45d0dcbd57e9

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:98:1e:03:99:7e:8d:c9:7e:d0:ae:9e:9c:25:b9:32:f8:cf:b5:5d:44:22:81:5c:3e:0e:3e:2e:69:4e:32:46
Signer

Actual PE Digest

48:98:1e:03:99:7e:8d:c9:7e:d0:ae:9e:9c:25:b9:32:f8:cf:b5:5d:44:22:81:5c:3e:0e:3e:2e:69:4e:32:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

explorer.pdb

Imports

msvcp_win

?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
_Cnd_wait
?_Xinvalid_argument@std@@YAXPBD@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?tolower@?$ctype@G@std@@QBEPBGPAGPBG@Z
?tolower@?$ctype@G@std@@QBEGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?id@?$collate@G@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
??0_Lockit@std@@QAE@H@Z
??0_Locinfo@std@@QAE@PBD@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??1_Lockit@std@@QAE@XZ
??1_Locinfo@std@@QAE@XZ
?is@?$ctype@G@std@@QBE_NFG@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBEPAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Thrd_yield
?_Xbad_function_call@std@@YAXXZ
?width@ios_base@std@@QAE_J_J@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
_Thrd_id
_Mtx_unlock
_Cnd_do_broadcast_at_thread_exit
?_Incref@facet@locale@std@@UAEXXZ
?_Xlength_error@std@@YAXPBD@Z
_Mtx_lock

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_set_error_mode
_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

wcscspn
strncmp
memset
wcsncmp

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-private-l1-1-0

_o_exit
_o_floor
_o_free
_o_iswspace
_o_lround
_o_lroundf
_o_malloc
_o_memcpy_s
_o_realloc
_o_ceil
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
_o_wcstoll
__current_exception
__current_exception_context
_except_handler4_common
_o__wcsnicmp
_o__wcslwr_s
_o__wcsicmp
_o__wtoi
_CxxThrowException
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__seh_filter_exe
_o__register_onexit_function
_o__recalloc
_o__purecall
_o__mktime32
_o_abort
_o__ltow_s
_o__localtime32
_o__itow_s
_o__itoa_s
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__difftime32
_o__crt_atexit
_o__controlfp_s
_o__configure_wide_argv
_o__configthreadlocale
_o__CIsqrt
_o__CIpow
_o__CIfmod
_o__cexit
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o____lc_codepage_func
wcsrchr
wcsstr
__std_terminate
__CxxFrameHandler3

aepic

PicRetrieveFileInfo
PicFreeFileInfo

twinapi

ord9

api-ms-win-core-job-l2-1-0

CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject
QueryInformationJobObject
OpenJobObjectW

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-url-l1-1-0

PathIsURLW
HashData
UrlUnescapeW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata
WerUnregisterCustomMetadata

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled
CheckElevation

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetBoolUSValueW
SHRegGetUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterInitializeSpy
CoRegisterMessageFilter
CoRevokeInitializeSpy

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx

ntdll

RtlInitUnicodeString
NtSetInformationProcess
NtQueryInformationProcess
NtDeviceIoControlFile
WinSqmAddToStream
WinSqmIsOptedIn
RtlGetVersion
ZwQuerySystemInformation
ZwQueryValueKey
ZwOpenKey
ZwClose
RtlReAllocateHeap
ZwEnumerateValueKey
ZwCreateFile
NtQueryInformationFile
RtlAppendUnicodeToString
RtlAnsiStringToUnicodeString
RtlImageDirectoryEntryToData
ZwUnmapViewOfSection
RtlNtPathNameToDosPathName
RtlUpcaseUnicodeChar
ZwCreateSection
RtlxAnsiStringToUnicodeSize
ZwQueryInformationProcess
RtlpEnsureBufferSize
RtlGetNativeSystemInformation
RtlVerifyVersionInfo
ZwQueryDirectoryFile
ZwSetInformationProcess
RtlInitUnicodeStringEx
ZwMapViewOfSection
RtlFormatCurrentUserKeyPath
ZwEnumerateKey
RtlInitString
ZwOpenFile
ZwQueryInformationFile
LdrResSearchResource
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtQueryWnfStateData
NtClose
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlFlushHeaps
NtSetSystemInformation
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlNtStatusToDosError
strchr
memmove_s
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
wcschr
RtlAllocateHeap
RtlFreeHeap
RtlAppendUnicodeStringToString
RtlCompareUnicodeString
NtOpenProcessToken
NtQueryInformationToken
NtOpenThreadToken
wcsspn
memcpy
memcmp
memmove
RtlGetNtSystemRoot
RtlRunOnceExecuteOnce
RtlNtStatusToDosErrorNoTeb
RtlCopyUnicodeString
RtlUpcaseUnicodeString
NtSetThreadExecutionState
NtPowerInformation
VerSetConditionMask
RtlQueryResourcePolicy
RtlQueryUnbiasedInterruptTime
NtQuerySystemInformation
NtOpenFile

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleA
FindResourceExW
LockResource
FreeLibrary
FindStringOrdinal
GetProcAddress
LoadStringW
GetModuleHandleExW
SizeofResource
LoadResource
LoadLibraryExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

OpenMutexW
DeleteCriticalSection
ResetEvent
SleepEx
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
AcquireSRWLockShared
WaitForMultipleObjectsEx
CreateMutexW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenSemaphoreW
InitializeSRWLock
TryAcquireSRWLockShared
ReleaseMutex
TryEnterCriticalSection
CreateEventExW
CreateEventW
SetEvent
ReleaseSRWLockShared
WaitForSingleObject
OpenEventW
InitializeCriticalSectionEx
LeaveCriticalSection
CreateSemaphoreExW
ReleaseSemaphore
InitializeCriticalSection
EnterCriticalSection
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetLongPathNameW
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesExW
CreateFileW
GetFileAttributesW
CompareFileTime
DeleteFileW
WriteFile

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventEnabled
EventUnregister
EventWrite
EventRegister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
WaitForThreadpoolIoCallbacks
CloseThreadpoolIo
TrySubmitThreadpoolCallback
CloseThreadpoolWait
SubmitThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
GetCurrentProcess
SetPriorityClass
TlsGetValue
UpdateProcThreadAttribute
TlsFree
OpenProcessToken
CreateThread
TerminateProcess
InitializeProcThreadAttributeList
GetPriorityClass
GetCurrentProcessId
ResumeThread
DeleteProcThreadAttributeList
GetStartupInfoW
ExitProcess
GetExitCodeProcess
TlsAlloc
GetCurrentThreadId
SetProcessShutdownParameters
CreateProcessW
QueueUserAPC
ProcessIdToSessionId
GetThreadPriority
GetProcessId
SetThreadPriorityBoost
SetThreadPriority
OpenThread
TlsSetValue

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetLocaleInfoEx
GetGeoInfoW
GetCalendarInfoW
GetThreadUILanguage
FormatMessageW
FormatMessageA

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SafeArrayCreate
SafeArrayAccessData
SysStringLen
SafeArrayUnaccessData
SafeArrayDestroy
VarUI4FromStr
VariantInit
VariantClear
SysFreeString
SysAllocString
SysAllocStringByteLen

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-sysinfo-l1-1-0

SetCurrentProcessExplicitAppUserModelID
IsOS

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoWaitForMultipleHandles
StringFromCLSID
CoDisableCallCancellation
IIDFromString
CoGetApartmentType
CoEnableCallCancellation
CoGetCallContext
CoReleaseMarshalData
CLSIDFromString
CoUninitialize
CoInitializeEx
CoGetMalloc
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoRevokeClassObject
CoGetInterfaceAndReleaseStream
CoRegisterClassObject
PropVariantClear
CoGetObjectContext
CoGetStdMarshalEx
CoCreateGuid
StringFromIID
StringFromGUID2
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoTaskMemFree
CoCancelCall
CoFreeUnusedLibraries
CoSetProxyBlanket
CreateStreamOnHGlobal

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrCmpICW
StrCmpW
StrChrIW
StrCmpICA
StrToIntW
StrChrW
StrCmpNICW
StrCmpIW
StrCmpNIW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegOpenCurrentUser
RegSetValueExW
RegOpenKeyExW
RegDeleteTreeW
RegDeleteKeyExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegDeleteValueW
RegLoadMUIStringW
RegCloseKey
RegEnumValueW
RegQueryValueExW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_GetSite
IUnknown_Set
IUnknown_QueryService
IUnknown_SetSite

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
GlobalFree
LocalFree
GlobalAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemDirectoryW
GetTickCount64
GetTickCount
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemTime
GetVersionExW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
GetCurrentDirectoryW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetArgsW
PathQuoteSpacesW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathGetDriveNumberW
PathFileExistsW
PathParseIconLocationW
SHExpandEnvironmentStringsW
PathRemoveBlanksW
PathIsFileSpecW
PathCombineW
PathCommonPrefixW

api-ms-win-shcore-registry-l1-1-0

SHQueryInfoKeyW
SHDeleteValueW
SHDeleteKeyW
SHSetValueW
SHEnumKeyExW
SHRegGetValueW
SHGetValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW
CompareStringOrdinal

api-ms-win-core-winrt-string-l1-1-0

WindowsPromoteStringBuffer
WindowsCompareStringOrdinal
WindowsCreateString
WindowsDeleteStringBuffer
WindowsSubstringWithSpecifiedLength
WindowsPreallocateStringBuffer
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference
WindowsDuplicateString

api-ms-win-shcore-thread-l1-1-0

SetProcessReference
SHCreateThreadRef
SHGetThreadRef
SHSetThreadRef
SHCreateThread

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-security-base-l1-1-0

FreeSid
SetKernelObjectSecurity
GetTokenInformation
CopySid
GetLengthSid
IsValidSid
MakeAbsoluteSD
DuplicateToken
GetSecurityDescriptorDacl
EqualSid
GetAclInformation
GetAce
CheckTokenMembership
DeleteAce
CreateWellKnownSid
AddAce
AllocateAndInitializeSid
InitializeAcl

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses
QueryFullProcessImageNameW
K32EnumProcessModules
K32GetModuleFileNameExW
K32GetModuleBaseNameW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation
SetThreadDescription

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoActivateInstance
RoInitialize

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchAddExtension
PathCchRemoveFileSpec
PathCchAppend
PathCchSkipRoot
PathCchCombine

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
VirtualProtect
VirtualFree
VirtualAlloc

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
ord244

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

IStream_Read
SHCreateMemStream
SHCreateStreamOnFileW
IStream_Reset
SHCreateStreamOnFileEx
IStream_Write
SHOpenRegStream2W

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetNativeSystemInfo

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
GetDynamicTimeZoneInformation
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime

api-ms-win-core-io-l1-1-0

CancelIoEx
CreateIoCompletionPort
DeviceIoControl
GetQueuedCompletionStatus

api-ms-win-core-file-l2-1-0

ReadDirectoryChangesW
GetFileInformationByHandleEx

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
GetComputerNameW
RegisterWaitForSingleObject

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceConfigW

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

CallNtPowerInformation
GetPwrCapabilities

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord544
ord509
SHCreateWorkerWindowW
SHPinDllOfCLSID
AssocQueryStringW
ord197
ord635
ord279
ShellMessageBoxW
ord292
IUnknown_GetWindow
StrRetToStrW
ord165
SHIsChildOrSelf
StrRetToBufW
ord478
ord479
ord481
PathRemoveArgsW

api-ms-win-ntuser-sysparams-l1-1-0

GetMonitorInfoW
EnumDisplayMonitors
QueryDisplayConfig
GetDisplayConfigBufferSizes
EnumDisplayDevicesW
GetSystemMetrics
SystemParametersInfoW

api-ms-win-ntuser-rectangle-l1-1-0

OffsetRect
IntersectRect
SubtractRect
CopyRect
SetRectEmpty
IsRectEmpty
UnionRect
EqualRect
SetRect
PtInRect
InflateRect

api-ms-win-rtcore-ntuser-winevent-l1-1-0

NotifyWinEvent
SetWinEventHook
UnhookWinEvent

api-ms-win-shell-namespace-l1-1-0

ILIsEqual
ILRemoveLastID
SHBindToObject
SHBindToParent
ILFindLastID
ILGetSize
ILCombine
SHGetNameFromIDList
ILFree
SHCreateItemFromParsingName
SHGetIDListFromObject
SHCreateItemFromIDList
ILIsParent
SHBindToFolderIDListParent
SHParseDisplayName
ILClone
ILCloneFirst

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

EnableMouseInPointer
GetPointerInfo
GetPointerDevices
GetCurrentInputMessageSource
GetPointerType

api-ms-win-storage-exports-internal-l1-1-0

SetThreadFlags
SHGetFolderPathEx
GetThreadFlags
SHGetKnownFolderIDList

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily
GetPackageFullName

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-shell-dataobject-l1-1-1

DragQueryFileW

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand
GetWindowBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

UnregisterPowerSettingNotification
RegisterPowerSettingNotification

api-ms-win-shell-changenotify-l1-1-1

SHChangeNotifyRegister
SHChangeNotification_Unlock
SHChangeNotifyRegisterThread
SHHandleUpdateImage
SHChangeNotifyDeregister
SHChangeNotification_Lock

propsys

PSPropertyBag_WriteStr
PropVariantToUInt32
PSPropertyBag_WriteDWORD
InitVariantFromResource
InitVariantFromGUIDAsString
PropVariantToStringAlloc
PSGetPropertyFromPropertyStorage
PSCreateMemoryPropertyStore
PropVariantToBoolean

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

FindPackagesByPackageFamily
ParseApplicationUserModelId

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

gdi32

GetClipBox
SelectObject
CreateCompatibleDC
SetStretchBltMode
ExcludeClipRect
StretchBlt
Rectangle
CreateRectRgn
CreateFontIndirectW
SetTextColor
GetCurrentObject
GetDeviceCaps
GetStockObject
DeleteDC
SetRectRgn
OffsetRgn
CombineRgn
DeleteObject
SelectClipRgn
GetObjectW
GetClipRgn
GetOutlineTextMetricsW
GetGlyphOutlineW
CreateRectRgnIndirect
GetTextExtentPoint32W
ExtTextOutW
GetTextMetricsW
SetTextAlign

kernel32

IsBadWritePtr
GetModuleHandleExA
SetProcessDEPPolicy
HeapDestroy
HeapReAlloc
HeapSize

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory

wininet

InternetCrackUrlW

shcore

ord190
ord123
ord121
ord174
ord109
ord126
ord183
ord187
SHUnicodeToAnsi
ord1
ord192
ord162
ord186
ord191
ord141
ord142
ord200
ord184

shell32

ord134
ord22
ord850
ord743
ord907
ord43
ord723
Shell_GetCachedImageIndexW
ord790
ord792
ord727
ord162
ord894
ord906
ord181
ord895
SHGetLocalizedName
SHGetPropertyStoreForWindow
ord764
ord866
SHEvaluateSystemCommandTemplate
ord244
ExtractIconExW
ord132
ord137
Shell_NotifyIconW
Shell_NotifyIconGetRect
ord6
SHGetStockIconInfo
DuplicateIcon
ShellExecuteW
ord91
ord254
ord54
SHEnableServiceObject
ord61
ord896
SHAddToRecentDocs
ord60
SHUpdateRecycleBinIcon
ord711
SHFileOperationW
SHGetPathFromIDListW
ord753
ord733
ord67
SHCreateItemInKnownFolder
ord206
ord201
ord188
ord899
ShellExecuteExW
ord245
ord200
ord89
ord190
ord85
ord100
ord95
ord885
ord680
ord172
SHAppBarMessage

shlwapi

ord164
PathIsDirectoryW
ord413
ord548
ord163
ord467
AssocQueryKeyW
ChrCmpIW
PathIsRelativeW
AssocCreate

uxtheme

GetWindowTheme
BufferedPaintInit
SetWindowTheme
IsAppThemed
GetThemeMetric
CloseThemeData
DrawThemeParentBackground
DrawThemeBackground
BeginBufferedPaint
GetThemeFont
DrawThemeTextEx
IsCompositionActive
GetThemeColor
GetThemeInt
BufferedPaintUnInit
IsThemeActive
EndBufferedPaint
GetThemePartSize
IsThemePartDefined
ord86
GetThemeBackgroundExtent
GetThemeBool
OpenThemeData
OpenThemeDataForDpi
GetBufferedPaintBits
GetThemeMargins
ord126
BufferedPaintSetAlpha
ord138

dwmapi

ord140
ord141
DwmGetWindowAttribute
ord138
ord159
ord139
DwmRegisterThumbnail
DwmEnableBlurBehindWindow
DwmQueryThumbnailSourceSize
ord124
DwmUpdateThumbnailProperties
ord114
DwmUnregisterThumbnail
DwmIsCompositionEnabled
ord113
DwmSetWindowAttribute

user32

TrackMouseEvent
SetCapture
GetCapture
ReleaseCapture
GetDoubleClickTime
CalculatePopupWindowPosition
CopyIcon
GetLastInputInfo
GetCursorFrameInfo
AdjustWindowRect
GetDpiForWindow
SetWindowCompositionAttribute
SetGestureConfig
LoadImageW
CheckMenuItem
EnableMenuItem
RemoveMenu
SetMenuDefaultItem
TrackPopupMenuEx
DeleteMenu
FillRect
DrawTextW
GetSysColor
GetCaretBlinkTime
InjectKeyboardInput
MapVirtualKeyExW
InjectMouseInput
LockWorkStation
TileWindows
CascadeWindows
HungWindowFromGhostWindow
LoadIconW
IsIconic
AdjustWindowRectEx
GetDC
ReleaseDC
CreatePopupMenu
GetMenuDefaultItem
DestroyMenu
LoadCursorW
SetCursor
SetMenuItemInfoW
MonitorFromWindow
DefWindowProcA
IsWindowUnicode
LoadAcceleratorsW
ChangeWindowMessageFilterEx
TranslateAcceleratorW
ord2611
MonitorFromRect
GetGuiResources
IsHungAppWindow
ord2574
GetSystemMetricsForDpi
SendInput
SetDesktopColorTransform
DestroyIcon
SwitchToThisWindow
GetLastActivePopup
ord2005
GetKeyState
LoadMenuW
GetSubMenu
CreateIconIndirect
GetMenuItemCount
CopyImage
DrawIconEx
GetMenuItemInfoW
MonitorFromPoint
ReplyMessage
GetAsyncKeyState
ModifyMenuW
GetSystemMenu
GetSysColorBrush
SetLayeredWindowAttributes
GetIconInfoExW
GetIconInfo
GetClassWord
GetClassLongW
GetPhysicalCursorPos
GetCursorInfo
ShowWindowAsync
RegisterHotKey
SendDlgItemMessageW
InsertMenuW
BringWindowToTop
ord2573
GhostWindowFromHungWindow
EndTask
IsTopLevelWindow
GetMenuState
SetScrollInfo
GetScrollInfo
SetScrollPos
GetMenuStringW
InternalGetWindowText
GetLayeredWindowAttributes
DrawTextExW
IsProcessDPIAware
SetThreadDpiAwarenessContext
EndDialog
GetWindowCompositionAttribute
GetWindowProcessHandle
UpdateLayeredWindow
ord2521
UnregisterClassA
UnregisterClassW
ExitWindowsEx
ord2522
WindowFromDC
GetMenuInfo
SetMenuInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
CharLowerW
IsCharAlphaNumericW
UnregisterHotKey

sspicli

GetUserNameExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
PowerSetRequest
VerifyVersionInfoW

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
StopTraceW

api-ms-win-core-job-l1-1-0

IsProcessInJob

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
NdrClientCall2

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

api-ms-win-core-biptcltapi-l1-1-7

BiPtAssociateApplicationEntryPoint
BiPtQueryWorkItem
BiPtEnumerateWorkItemsForPackageName
BiPtFreeMemory

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

api-ms-win-rtcore-ntuser-shell-l1-1-0

GetShellWindow

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

combase

GetErrorInfo
SetErrorInfo

Exports

Exports

g_trayTriageBlock

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
extrac32.exe
.exe windows:10 windows x86 arch:x86

994f1973c030823f85f372447fa09619

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

extrac32.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
__doserrno

api-ms-win-crt-stdio-l1-1-0

_tempnam
_open

api-ms-win-crt-string-l1-1-0

strpbrk
strncmp
memset
strspn

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o___stdio_common_vfprintf
_o___stdio_common_vsprintf
_o__cexit
_o__chmod
_o__chsize
_o__close
_o__configthreadlocale
_o__configure_narrow_argv
_o__controlfp_s
_o__crt_atexit
_o__eof
_o__errno
_o__exit
_o__filelength
_o__get_narrow_winmain_command_line
_o__getdrive
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__lseek
_o__mkdir
_o__read
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stat32
_o__strdup
_o__stricmp
_o__unlink
_o__write
_o_atoi
_o_exit
_o_fgets
_o_free
_o_getenv
_o_isalpha
_o_isdigit
_o_malloc
_o_terminate
_o_tolower
_o_toupper
__current_exception
__current_exception_context
_except_handler4_common
_o___acrt_iob_func
strchr
memcpy

kernel32

UnhandledExceptionFilter
GetFileAttributesExA
GetDriveTypeA
SetFileTime
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetModuleHandleW
GetProcAddress
GetVersion
GetModuleFileNameA
FileTimeToDosDateTime
DosDateTimeToFileTime
GetCurrentProcessId
FileTimeToLocalFileTime
SetFileAttributesA
CloseHandle
CreateFileA
GetLastError
LocalFileTimeToFileTime
Sleep

user32

DispatchMessageA
GetSystemMenu
CharNextExA
EnableMenuItem
CreateDialogParamA
DestroyWindow
SendDlgItemMessageA
MessageBoxA
PeekMessageA

comctl32

ord17

cabinet

ord21
ord22
ord23
ord24
ord20

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fc.exe
.exe windows:10 windows x86 arch:x86

73545fb54e17f7f9ed3c2652ed0d1570

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fc.pdb

Imports

msvcrt

_except_handler4_common
_initterm
_controlfp
?terminate@@YAXXZ
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
sprintf_s
memmove

ulib

?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z
?IsValueSet@ARGUMENT@@QAEEXZ
?Strcmpis@MBSTR@@SGHPAD0@Z
?Strcmps@MBSTR@@SGHPAD0@Z
?Stricmp@MBSTR@@SGHPAD0@Z
?DebugDump@OBJECT@@UBEXE@Z
?Compare@OBJECT@@UBEJPBV1@@Z
??1OBJECT@@UAE@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UAE@XZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
??1STRING_ARGUMENT@@UAE@XZ
??0STRING_ARGUMENT@@QAE@XZ
?QueryFsnodeArray@FSN_DIRECTORY@@QBEPAVARRAY@@PAVFSN_FILTER@@@Z
??0PROGRAM@@IAE@XZ
?ValidateVersion@PROGRAM@@UBEXKK@Z
?Usage@PROGRAM@@UBEXXZ
?ReadMbLine@STREAM@@QAEEPADKPAKEK@Z
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
?Fatal@PROGRAM@@UBEXXZ
?Fatal@PROGRAM@@UBAXKKPADZZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
??1PROGRAM@@UAE@XZ
?Initialize@PROGRAM@@QAEEKKK@Z
??0FSTRING@@QAE@XZ
??0CLASS_DESCRIPTOR@@QAE@XZ
?TruncateBase@PATH@@QAEEXZ
?SetName@PATH@@QAEEPBVWSTRING@@@Z
?QueryWCExpansion@PATH@@QAEPAV1@PAV1@@Z
?HasWildCard@PATH@@QBEEXZ
??1PATH@@UAE@XZ
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
?Initialize@PATH@@QAEEPBV1@E@Z
??0PATH@@QAE@XZ
?SetAttributes@FSN_FILTER@@QAEEKKK@Z
?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z
?Initialize@FSN_FILTER@@QAEEXZ
??1FSN_FILTER@@UAE@XZ
??0FSN_FILTER@@QAE@XZ
?FillAndReadByte@BYTE_STREAM@@AAEEPAE@Z
?Initialize@BYTE_STREAM@@QAEEPAVSTREAM@@K@Z
??1BYTE_STREAM@@UAE@XZ
??0BYTE_STREAM@@QAE@XZ
?Strcmpis@WSTRING@@SGHPAG0@Z
?Strcmps@WSTRING@@SGHPAG0@Z
?QueryNumber@WSTRING@@QBEEPAJKK@Z
?QueryString@WSTRING@@QBEPAV1@KK@Z
?Initialize@WSTRING@@QAEEPBDK@Z
??1FSTRING@@UAE@XZ
?Initialize@FSTRING@@QAEPAVWSTRING@@PAGK@Z
?Strupr@WSTRING@@QAEPAV1@XZ
?Stricmp@WSTRING@@QBEJPBV1@@Z
?Stricmp@WSTRING@@SGHPAG0@Z
?Strcmp@WSTRING@@SGHPAG0@Z
??0PATH_ARGUMENT@@QAE@XZ
??1PATH_ARGUMENT@@UAE@XZ
?Initialize@CLASS_DESCRIPTOR@@QAEEPBD@Z
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
?ReadWLine@STREAM@@QAEEPAGKPAKEK@Z
??0FLAG_ARGUMENT@@QAE@XZ
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
??0ARRAY@@QAE@XZ
??1ARRAY@@UAE@XZ
?Initialize@ARRAY@@QAEEKK@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QAEPAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0LONG_ARGUMENT@@QAE@XZ
?Initialize@LONG_ARGUMENT@@QAEEPAD@Z
??0DSTRING@@QAE@XZ
??1DSTRING@@UAE@XZ
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ

ntdll

RtlAllocateHeap
RtlFreeHeap

kernel32

HeapSetInformation
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
find.exe
.exe windows:10 windows x86 arch:x86

7f4b8a6e664fccde400a695352ee2a16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

find.pdb

Imports

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
exit

ulib

??0MULTIPLE_PATH_ARGUMENT@@QAE@XZ
?IsValueSet@ARGUMENT@@QAEEXZ
?DebugDump@OBJECT@@UBEXE@Z
?Compare@OBJECT@@UBEJPBV1@@Z
??1OBJECT@@UAE@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UAE@XZ
?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
??1STRING_ARGUMENT@@UAE@XZ
??0STRING_ARGUMENT@@QAE@XZ
??0PROGRAM@@IAE@XZ
?ValidateVersion@PROGRAM@@UBEXKK@Z
?Usage@PROGRAM@@UBEXXZ
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
??1MULTIPLE_PATH_ARGUMENT@@UAE@XZ
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
?Fatal@PROGRAM@@UBEXXZ
?Fatal@PROGRAM@@UBAXKKPADZZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
??1PROGRAM@@UAE@XZ
?Initialize@PROGRAM@@QAEEKKK@Z
?Initialize@CLASS_DESCRIPTOR@@QAEEPBD@Z
??0CLASS_DESCRIPTOR@@QAE@XZ
?IsDrive@PATH@@QBEEXZ
?SetConsoleConversions@WSTRING@@SGXXZ
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?Initialize@WSTRING@@QAEEPBDK@Z
?Strupr@WSTRING@@QAEPAV1@XZ
?Initialize@WSTRING@@QAEEXZ
?Initialize@MULTIPLE_PATH_ARGUMENT@@QAEEPADEE@Z
?IsCorrectVersion@SYSTEM@@SGEXZ
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z
?ReadLine@STREAM@@QAEEPAVWSTRING@@E@Z
??0STREAM_MESSAGE@@QAE@XZ
??1STREAM_MESSAGE@@UAE@XZ
??0FLAG_ARGUMENT@@QAE@XZ
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
??0ARRAY@@QAE@XZ
??1ARRAY@@UAE@XZ
?Initialize@ARRAY@@QAEEKK@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QAEPAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0DSTRING@@QAE@XZ
??1DSTRING@@UAE@XZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ

ntdll

RtlAllocateHeap
RtlFreeHeap

kernel32

CompareStringW
HeapSetInformation
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
findstr.exe
.exe windows:10 windows x86 arch:x86

3b8b7b8d31464219f843a112a3a3d99e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

findstr.pdb

Imports

msvcrt

exit
strcoll
isalpha
_strlwr
free
islower
memcpy
memmove
_controlfp
?terminate@@YAXXZ
_except_handler4_common
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
sprintf_s
strchr
_wsetlocale
_stricmp
swprintf_s
_fileno
fgets
isalnum
isxdigit
isupper
_strnicoll
fprintf
_isatty
_setmode
tolower
fclose
fopen
clock
_ultoa
_itoa_s
malloc
_splitpath_s
strcat_s
strcpy_s
strcspn
__iob_func
_strncoll
strncpy_s
_strupr
realloc
memset

ntdll

RtlMultiByteToUnicodeN
DbgPrint
RtlUnicodeToOemN

api-ms-win-core-file-l1-1-0

GetFileAttributesA
FindClose
FindNextFileA
WriteFile
GetFileSize
CreateFileA
ReadFile
FindFirstFileA

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
GetConsoleOutputCP

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
GetConsoleScreenBufferInfo

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryA
SetCurrentDirectoryA
GetStdHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte
FormatMessageA
SetThreadPreferredUILanguages

api-ms-win-core-kernel32-legacy-l1-1-0

CreateFileMappingA

api-ms-win-core-file-l1-2-2

SetFileApisToOEM

api-ms-win-core-processthreads-l1-1-0

ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
finger.exe
.exe windows:10 windows x86 arch:x86

358d15891d3205ed994a81d9c95ebabb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

finger.pdb

Imports

msvcrt

wcschr
fgetpos
_vscwprintf
_fileno
wcsrchr
_write
_setmode
fwprintf
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_get_osfhandle
vswprintf_s
fflush
_except_handler4_common
_wcsicmp
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
__iob_func
free
malloc
wprintf

ws2_32

send
recv
GetAddrInfoW
connect
socket
FreeAddrInfoW
closesocket
WSASetLastError
WSAStartup
GetHostNameW
WSAGetLastError

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-1-0

HeapSetInformation

mswsock

GetSocketErrorMessageW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fixmapi.exe
.exe windows:10 windows x86 arch:x86

d3f6e9ace4901f633fa0f60c8ad30b47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fixmapi.pdb

Imports

kernel32

GetLastError
LoadLibraryA
GetProcAddress
LoadLibraryW
FreeLibrary
lstrcmpiA
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess

user32

MessageBoxA
DispatchMessageA
GetMessageA
PostQuitMessage

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsprintf_s
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_strtok
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
__CxxFrameHandler3
memcpy

api-ms-win-crt-string-l1-1-0

memset

ole32

CoRevokeClassObject
CoRegisterPSClsid
CoInitialize
CoRegisterClassObject
HWND_UserUnmarshal
HWND_UserFree
HWND_UserSize
HWND_UserMarshal
CoUninitialize

rpcrt4

NdrOleFree
NdrDllGetClassObject
NdrOleAllocate

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fltMC.exe
.exe windows:10 windows x86 arch:x86

1e932c725fbe688280abe609b3499399

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fltMC.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_c_exit

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
memcpy
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_qsort
_o_terminate
_except_handler4_common
__current_exception
__current_exception_context
_o___p__commode
_o___p___wargv
_o___p___argc

fltlib

FilterFindFirst
FilterFindClose
FilterInstanceFindClose
FilterVolumeInstanceFindNext
FilterAttach
FilterUnload
FilterVolumeInstanceFindClose
FilterFindNext
FilterVolumeFindFirst
FilterGetDosName
FilterInstanceFindFirst
FilterAttachAtAltitude
FilterLoad
FilterInstanceFindNext
FilterDetach
FilterVolumeFindNext
FilterVolumeFindClose
FilterVolumeInstanceFindFirst

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-file-l1-1-0

GetFileType
WriteFile

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fontview.exe
.exe windows:10 windows x86 arch:x86

45c6dec368899af38b3c2f1bd3e62e67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fontview.pdb

Imports

kernel32

MultiByteToWideChar
GetSystemDefaultLangID
CloseHandle
MulDiv
LocalFree
GetLastError
LocalAlloc
ExitProcess
GetACP
FreeLibrary
CreateFileW
FormatMessageW
lstrlenW
GetCommandLineW
HeapSetInformation
LoadLibraryW
GetProcAddress

gdi32

ExtTextOutW
GetLayout
GetFontRealizationInfo
EndDoc
EndPage
StartPage
StartDocW
LineTo
RemoveFontResourceW
CreateCompatibleDC
TranslateCharsetInfo
CreateFontIndirectW
SelectObject
GetTextCharsetInfo
DeleteObject
DeleteDC
AddFontResourceExW
RemoveFontResourceExW
GetDeviceCaps
GetFontResourceInfoW
GetFontData
SetTextAlign
SetTextColor
SetBkMode
GetTextExtentPoint32W
GetTextMetricsW
MoveToEx

user32

GetSysColor
SetWindowTextW
SetRect
GetClientRect
BeginPaint
FillRect
EndPaint
SendMessageW
SetWindowPos
DestroyWindow
PostQuitMessage
DefWindowProcW
SetScrollInfo
PostMessageW
ScrollWindowEx
InvalidateRect
SetCursor
GetSystemMetrics
DrawTextW
LoadStringW
SystemParametersInfoW
CreateWindowExW
RegisterClassW
GetSysColorBrush
LoadCursorW
LoadIconW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
EnableWindow
GetNextDlgTabItem
CharNextW
SetFocus
GetFocus
GetDlgItem
MessageBoxW
GetDesktopWindow
MessageBeep
DispatchMessageW

msvcrt

__setusermatherr
_controlfp
_except_handler4_common
_initterm
_unlock
exit
__p__fmode
__dllonexit
_acmdln
_cexit
?terminate@@YAXXZ
_lock
_exit
_ismbblead
_onexit
__set_app_type
__getmainargs
__p__commode
_XcptFilter
_vsnwprintf
_ftol2_sse
_amsg_exit
memcpy_s
memset

shlwapi

PathAppendW
ord158
PathFindExtensionW
PathRenameExtensionW
PathFindFileNameW
PathRemoveFileSpecW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-1-0

CreateMutexExW
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

comdlg32

PrintDlgW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
forfiles.exe
.exe windows:10 windows x86 arch:x86

70989ed30e9f20a14dd5c822c98f6c10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

forfiles.pdb

Imports

kernel32

SearchPathW
SetLastError
WaitForSingleObject
MultiByteToWideChar
GetLastError
FileTimeToSystemTime
CloseHandle
FileTimeToLocalFileTime
GetTimeFormatW
CreateProcessW
GetDateFormatW
FindFirstFileW
FindNextFileW
SetErrorMode
FindClose
GetLocaleInfoW
HeapSetInformation
GetLocalTime
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
FileTimeToDosDateTime
UnhandledExceptionFilter
GetModuleFileNameW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
GetConsoleOutputCP
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
GetUserDefaultLCID
GetStdHandle
GetConsoleMode
GetFileType
WideCharToMultiByte
FindStringOrdinal
FormatMessageW
SetThreadUILanguage
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
Sleep

msvcrt

fflush
fprintf
_get_osfhandle
_fileno
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
wcstoul
toupper
_vsnwprintf
_ui64tow
_ultow
__iob_func
_memicmp
_errno
wcstod
wcstol
memset

ntdll

RtlVerifyVersionInfo
VerSetConditionMask

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

user32

CharLowerW
CharUpperW
LoadStringW

ws2_32

WSACleanup

shlwapi

StrPBrkW
StrRChrW
StrDupW
StrChrW
StrStrW
PathRelativePathToW

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fsquirt.exe
.exe windows:10 windows x86 arch:x86

4dac79f4463af97caac636947d45e5f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fsquirt.pdb

Imports

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegOpenKeyExW
RegGetValueW
RegSetValueExW

kernel32

IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
GetModuleFileNameW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CreateThreadpoolCleanupGroup
CreateThreadpoolWork
SubmitThreadpoolWork
GetCurrentProcessId
GetLastError
CreateSemaphoreExW
CreateFileW
WriteFile
RaiseException
HeapFree
ResetEvent
CreateEventW
CreateThread
MulDiv
RemoveDirectoryW
LocalFree
PowerCreateRequest
PowerSetRequest
GetFileSizeEx
GetTickCount64
GetFileAttributesW
GetTempPath2W
CreateDirectoryW
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
ReadFile
WaitForMultipleObjects
GetOverlappedResult
HeapReAlloc
GetModuleHandleExW
GetProcessHeap
SetEvent
HeapAlloc
FormatMessageW
CreateMutexExW
GetTickCount

gdi32

GetDeviceCaps
GetObjectW
DeleteObject
CreateFontIndirectW

user32

GetWindowLongW
LoadImageW
GetDC
ReleaseDC
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
SendDlgItemMessageW
SetWindowLongW
EnableWindow
KillTimer
PostQuitMessage
PostThreadMessageW
GetParent
PostMessageW
GetDlgItem
LoadStringW
CharNextW
MessageBoxW
ShowWindow
SetDlgItemTextW
GetWindowTextLengthW
SetWindowTextW
SetForegroundWindow
MapWindowPoints
GetWindowRect
SendMessageW

msvcrt

__dllonexit
_onexit
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
__p__fmode
__getmainargs
_amsg_exit
memcpy
__p__commode
_unlock
_cexit
_CxxThrowException
memmove_s
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_lock
_acmdln
_initterm
__setusermatherr
_XcptFilter
_ismbblead
malloc
free
_get_errno
_exit
exit
__CxxFrameHandler3
__set_app_type
_set_errno
rand_s
_ui64tow_s
wcstoul
_wcsicmp
memcpy_s
_vsnwprintf
memmove
_callnewh
memset

comctl32

PropertySheetW
InitCommonControlsEx

shell32

ord258
SHCreateItemFromParsingName
ord190
SHCreateShellItemArrayFromIDLists
SHBindToParent
SHGetKnownFolderItem
SHSetLocalizedName
SHBrowseForFolderW
SHGetDesktopFolder
SHCreateItemFromIDList
ord155
ShellExecuteW
SHGetFolderPathW

comdlg32

CommDlgExtendedError
GetOpenFileNameW

shlwapi

PathFindFileNameW
StrFormatByteSizeW
StrStrIA
PathAddExtensionW
PathAppendW
PathRemoveFileSpecW
StrRetToBufW
ord174
PathIsDirectoryW
PathFindExtensionW
PathCombineW

ws2_32

getpeername
ioctlsocket
WSARecv
WSAGetOverlappedResult
WSASend
WSASetServiceW
listen
getsockname
bind
connect
WSAGetLastError
setsockopt
socket
closesocket
WSACleanup
WSAStartup

mswsock

AcceptEx

ole32

CoTaskMemFree
PropVariantClear
CoTaskMemAlloc
OleUninitialize
OleInitialize
CoTaskMemRealloc
CoRegisterClassObject
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoInitializeEx
CoRevokeClassObject

bthprops.cpl

BluetoothEnableDiscovery
BluetoothGetDeviceInfo
BluetoothFindRadioClose
BluetoothFindFirstRadio
BluetoothAuthenticateDeviceEx

powrprof

PowerUnregisterSuspendResumeNotification
PowerRegisterSuspendResumeNotification

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fsutil.exe
.exe windows:10 windows x86 arch:x86

396a19b2f5016a7923fb04bba9ffe1cd

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:b5:50:9b:58:5c:6d:1c:d1:65:3f:3a:db:28:b8:cf:c0:1a:ca:00:c7:78:d5:8c:40:6d:5f:76:3f:a4:a0:bf
Signer

Actual PE Digest

b1:b5:50:9b:58:5c:6d:1c:d1:65:3f:3a:db:28:b8:cf:c0:1a:ca:00:c7:78:d5:8c:40:6d:5f:76:3f:a4:a0:bf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fsutil.pdb

Imports

msvcrt

wcstol
calloc
wcschr
_errno
_XcptFilter
_pclose
_amsg_exit
fgetws
wcstok_s
_wcstoui64
__wgetmainargs
__set_app_type
_wpopen
iswctype
_wcsdup
wcsncpy_s
_exit
_cexit
__p__fmode
memcpy_s
__setusermatherr
wcscpy_s
realloc
_initterm
towupper
_wtoi
wcsrchr
wcscat_s
isalpha
isdigit
toupper
mbstowcs_s
wcstoul
_except_handler4_common
?terminate@@YAXXZ
_controlfp
setlocale
_vsnwprintf
wprintf
swprintf_s
malloc
_wcsicmp
free
memcpy
_local_unwind4
exit
_wcsnicmp
__p__commode
memset

ntdll

RtlInitializeBitMap
RtlSetBits
RtlSetBit
NtFlushBuffersFileEx
NtClose
RtlVerifyVersionInfo
VerSetConditionMask
RtlGetLastNtStatus
NtQuerySystemInformation
RtlTimeToTimeFields
RtlStringFromGUID
NtEnumerateTransactionObject
RtlGetOwnerSecurityDescriptor
RtlAllocateHeap
NtQuerySecurityObject
RtlConvertSidToUnicodeString
NtCreateFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlSetCurrentTransaction
RtlNumberOfSetBits
NtSetQuotaInformationFile
NtQueryQuotaInformationFile
RtlInitializeCriticalSection
RtlLengthSid
NtSetVolumeInformationFile
NtOpenFile
RtlInitUnicodeString
NtQueryVolumeInformationFile
NtQueryEaFile
NtQueryInformationFile
NtSetInformationFile
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlWriteRegistryValue
RtlDeleteRegistryValue
RtlFreeUnicodeString
RtlQueryRegistryValuesEx
RtlNtStatusToDosError
RtlGetVersion
RtlGetCurrentTransaction

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW

api-ms-win-core-file-l1-1-0

GetTempFileNameW
FindNextFileW
ReadFile
WriteFile
QueryDosDeviceW
GetFullPathNameW
GetFileType
GetFileAttributesW
CreateDirectoryW
FindVolumeClose
CreateFileW
FindNextVolumeW
FindFirstVolumeW
GetFileInformationByHandle
FindFirstFileW
FindClose
GetDiskFreeSpaceExW
DeleteFileW
SetFilePointerEx
GetVolumePathNameW
GetDriveTypeW
GetLogicalDriveStringsW
GetFileSizeEx
GetFinalPathNameByHandleW
SetEndOfFile
GetVolumeInformationW

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemDirectoryW
GetTickCount
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetVersionExW
GetSystemInfo

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExA
GetModuleHandleW
GetProcAddress
LoadLibraryExA

api-ms-win-core-sysinfo-l1-2-6

GetDeveloperDriveEnablementState

fltlib

FilterFindClose
FilterVolumeInstanceFindNext
FilterVolumeInstanceFindFirst

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateProcessW
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
OpenProcessToken

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW

api-ms-win-core-com-l1-1-0

StringFromGUID2
IIDFromString
StringFromIID
CoTaskMemFree

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
CreateHardLinkW

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-file-l1-2-2

FindNextFileNameW
FindFirstFileNameW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
GetProcessHeap
HeapAlloc

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW
LookupAccountNameLocalW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
SetConsoleCtrlHandler

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetStdHandle

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-security-lsapolicy-l1-1-0

LsaOpenPolicy
LsaFreeMemory
LsaLookupSids

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

fmifs

ClearPerMachineFileSystemState
CreatePerMachineFileSystemStateKey

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ftp.exe
.exe windows:10 windows x86 arch:x86

e31c220ed6451bfb3057109ef4ab4a4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ftp.pdb

Imports

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_fstat
iswdigit
_read
memcpy_s
_wfsopen
clock
calloc
_vsnwprintf
malloc
memmove_s
fread
_wfopen
feof
fgetpos
_unlink
clearerr
longjmp
fwprintf
towupper
_wchdir
_wunlink
_chdrive
free
_wgetcwd
_wgetenv
wcschr
_errno
_vscwprintf
_fileno
_write
_setmode
vswprintf_s
wcscat_s
_wtempnam
wcscpy_s
memcpy
_wtmpnam
_wtoi
fclose
fflush
_wcsicmp
towlower
_isatty
iswlower
_get_osfhandle
exit
_setjmp3
__iob_func
memset

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
GetProcessHeap
HeapFree

ws2_32

socket
connect
getservbyname
select
htonl
WSARecv
WSASetLastError
WSAStartup
getsockname
WSAGetLastError
FreeAddrInfoW
closesocket
shutdown
send
recv
GetHostNameW
htons
bind
ntohs
__WSAFDIsSet
GetAddrInfoW
listen
setsockopt
GetNameInfoW
accept

mswsock

s_perror
TransmitFile

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
GetCurrentDirectoryW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

GetFileType
CreateFileW
SetFilePointerEx
FindNextFileW
FindClose
GetTempFileNameW
FindFirstFileW
GetFileAttributesW
GetFileSizeEx
ReadFile

sspicli

GetUserNameExW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
SetConsoleMode
ReadConsoleW
GetConsoleMode

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte
SetThreadUILanguage
FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

ResetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
CreateEventW
WaitForMultipleObjectsEx
InitializeCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
CreateProcessW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ntdll

RtlIsTextUnicode

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getmac.exe
.exe windows:10 windows x86 arch:x86

15d387a6e5baf0a4ef358010f8152adb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

getmac.pdb

Imports

msvcrt

fflush
fprintf
_get_osfhandle
_fileno
__p__commode
_XcptFilter
wcstoul
wcstol
wcstod
_errno
_vsnwprintf
_memicmp
__iob_func
_callnewh
wcstok
malloc
free
wcsstr
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__CxxFrameHandler3
__p__fmode
__setusermatherr
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_wcsicmp
memcpy
_CxxThrowException
memset

oleaut32

SafeArrayGetLBound
VariantCopy
VariantChangeType
VariantClear
SafeArrayGetElement
SysStringLen
SysAllocStringByteLen
SysAllocString
SafeArrayGetUBound
VariantInit
SysFreeString

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

sspicli

GetUserNameExW

api-ms-win-core-console-l1-1-0

WriteConsoleW
SetConsoleMode
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FormatMessageW
SetThreadUILanguage

wkscli

NetWkstaTransportEnum

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

ExitProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW
FindStringOrdinal
GetModuleFileNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount

user32

wsprintfW

ntdll

RtlVerifyVersionInfo
VerSetConditionMask

mpr

WNetGetLastErrorW
WNetCancelConnection2W
WNetAddConnection2W

ws2_32

GetNameInfoW
GetAddrInfoW
WSACleanup
WSAStartup
WSAGetLastError
FreeAddrInfoW

framedynos

?Mid@CHString@@QBE?AV1@HH@Z
?Empty@CHString@@QAEXXZ
?SetAt@CHString@@QAEXHG@Z
?Compare@CHString@@QBEHPBG@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
??YCHString@@QAEABV0@PBG@Z
??4CHString@@QAEABV0@ABV0@@Z
?Find@CHString@@QBEHG@Z
?FindOneOf@CHString@@QBEHPBG@Z
??4CHString@@QAEABV0@PBG@Z
??1CHString@@QAE@XZ
??0CHString@@QAE@XZ
?Left@CHString@@QBE?AV1@H@Z
?Format@CHString@@QAAXPBGZZ
?ReleaseBuffer@CHString@@QAEXH@Z
?Mid@CHString@@QBE?AV1@H@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
??0CHString@@QAE@PBG@Z

srvcli

NetServerGetInfo

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-file-l1-1-0

GetFileType
ReadFile

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrlenW

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapValidate
HeapAlloc
HeapReAlloc
HeapSize

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gpresult.exe
.exe windows:10 windows x86 arch:x86

532abb30f94112bd92b06a6e5df8ecae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

gprslt.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
LookupAccountSidW
RegOpenKeyExW
RegCloseKey
RegGetValueW
LsaOpenPolicy
LsaNtStatusToWinError
LsaClose
LsaEnumerateAccountRights
LookupPrivilegeDisplayNameW
LsaFreeMemory

kernel32

SetThreadPreferredUILanguages
SetLastError
GetFileAttributesExW
GetLastError
CloseHandle
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
WriteConsoleW
OpenMutexW
CreateMutexW
LocalFree
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
CreateThreadpoolTimer
GetComputerNameExW
GetComputerNameW
GetLocalTime
GetDateFormatW
GetTimeFormatW
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
CreateMutexExW
CreateSemaphoreExW
LeaveCriticalSection
LocalAlloc
VerifyVersionInfoW
CompareStringA

msvcrt

??1type_info@@UAE@XZ
wcstok_s
_lock
_unlock
_initterm
_onexit
wcstok
?terminate@@YAXXZ
_controlfp
_except_handler4_common
??0exception@@QAE@XZ
memcmp
__wgetmainargs
_amsg_exit
??0exception@@QAE@ABV0@@Z
memmove_s
__p__commode
_XcptFilter
memmove
memcpy
__setusermatherr
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
_purecall
__dllonexit
_wcsicmp
_vsnprintf_s
memcpy_s
_vsnwprintf
??3@YAXPAX@Z
??1exception@@UAE@XZ
__p__fmode
_cexit
_exit
exit
__set_app_type
??_V@YAXPAX@Z
__CxxFrameHandler3
__iob_func
_errno
wcstod
wcstol
wcstoul
wcschr
wcsstr
_fileno
_get_osfhandle
fprintf
fflush
memset

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoInitializeEx

oleaut32

VariantChangeType
VariantCopy
SysStringLen
SysAllocStringByteLen
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
VariantInit
SysFreeString
SysAllocString

sspicli

GetUserNameExW

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

ExitProcess
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

api-ms-win-core-localization-l1-2-0

FindNLSString
GetUserDefaultLCID
GetThreadLocale

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadLibraryExW
LoadStringW
FreeLibrary

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

ws2_32

inet_addr
GetNameInfoW
WSAGetLastError
WSAStartup
WSACleanup

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-file-l1-1-0

ReadFile
GetFileType

api-ms-win-core-console-l1-1-0

GetConsoleMode
ReadConsoleW
SetConsoleMode
GetConsoleOutputCP

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapValidate
HeapSize

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-string-l2-1-0

CharUpperW

srvcli

NetServerGetInfo

framedynos

??0CHString@@QAE@PBG@Z
??H@YG?AVCHString@@PBGABV0@@Z
?AllocSysString@CHString@@QBEPAGXZ
??H@YG?AVCHString@@ABV0@PBG@Z
??0CHString@@QAE@ABV0@@Z
??YCHString@@QAEABV0@PBG@Z
?MakeLower@CHString@@QAEXXZ
?Format@CHString@@QAAXPBGZZ
?SetAt@CHString@@QAEXHG@Z
?Find@CHString@@QBEHPBG@Z
?Mid@CHString@@QBE?AV1@HH@Z
?Left@CHString@@QBE?AV1@H@Z
??4CHString@@QAEABV0@ABV0@@Z
?Find@CHString@@QBEHG@Z
??1CHString@@QAE@XZ
??YCHString@@QAEABV0@ABV0@@Z
??0CHString@@QAE@XZ
?Empty@CHString@@QAEXXZ
?Compare@CHString@@QBEHPBG@Z
?GetBuffer@CHString@@QAEPAGH@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
??0CHString@@QAE@PBD@Z
?FindOneOf@CHString@@QBEHPBG@Z
?ReleaseBuffer@CHString@@QAEXH@Z
??4CHString@@QAEABV0@PBG@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
??H@YG?AVCHString@@ABV0@0@Z
?Mid@CHString@@QBE?AV1@H@Z

ntdsapi

DsUnBindW
DsFreeNameResultW
DsBindWithCredW
DsCrackNamesW

secur32

TranslateNameW
GetComputerObjectNameW

user32

wsprintfW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

Sections

.text
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gpupdate.exe
.exe windows:10 windows x86 arch:x86

63406737dbfda68c1b64635c25c61035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

gpupdate.pdb

Imports

advapi32

InitiateSystemShutdownExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation

kernel32

GetLastError
LocalFree
GetCurrentProcess
GetConsoleOutputCP
WaitForMultipleObjects
SetThreadUILanguage
FormatMessageW
CloseHandle
CreateThread
HeapSetInformation
GetModuleHandleW
LocalReAlloc
Sleep
LocalAlloc

msvcrt

_wcsnicmp
_wsetlocale
_amsg_exit
__wgetmainargs
getwchar
__p__commode
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
_XcptFilter
exit
?terminate@@YAXXZ
_ultow
towupper
__set_app_type
_wcsicmp
wcstol
__dllonexit
_unlock
_lock
_except_handler4_common
_controlfp
??1type_info@@UAE@XZ
_onexit
_callnewh
malloc
_vsnwprintf
wprintf
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler3
??3@YAXPAX@Z
_purecall
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z

gpapi

ord115

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

userenv

ForceSyncFgPolicy

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

RtlConvertSidToUnicodeString
NtQueryInformationToken
RtlCopySid
RtlLengthSid

user32

ExitWindowsEx

wevtapi

EvtFormatMessage
EvtNext
EvtQuery
EvtOpenPublisherMetadata
EvtClose

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
grpconv.exe
.exe windows:10 windows x86 arch:x86

53f2ec8a4091b21c48cf8e7f125eda29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

grpconv.pdb

Imports

advapi32

RegEnumValueW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

kernel32

lstrlenW
GlobalUnlock
GlobalFree
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
lstrcmpW
HeapSetInformation
GetThreadLocale
GetCommandLineW
lstrcmpiW
GetPrivateProfileSectionW
GlobalLock
LocalFree
LocalAlloc
SetErrorMode
GlobalAlloc

user32

LoadStringW
CharNextW
SetCursor
LoadCursorW

msvcrt

_cexit
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_acmdln
_exit
_initterm
__setusermatherr
_ismbblead
exit
__set_app_type
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__p__fmode
memmove

comctl32

ord17
ord332
ord334
ord328

shell32

ord58
ord42
ord165
ord49
ord94
SHAddToRecentDocs
ord164
SHChangeNotify
SHGetFolderPathEx
ord51

shlwapi

ord456
ord158
PathRemoveFileSpecW
StrToIntW
PathGetArgsW
PathFileExistsW
PathAppendW
PathIsUNCW
PathGetDriveNumberW
PathFindFileNameW
PathUnquoteSpacesW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

imm32

ImmDisableIME

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hdwwiz.exe
.exe windows:10 windows x86 arch:x86

d68ee550428f6725d6b2e00c2cbb47b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

HdwWiz.pdb

Imports

kernel32

GetLastError
LoadLibraryW
GetProcAddress
ExitProcess
FreeLibrary
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

msvcrt

_acmdln
__setusermatherr
_controlfp
_except_handler4_common
_initterm
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
?terminate@@YAXXZ

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 942B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
help.exe
.exe windows:10 windows x86 arch:x86

611805a7c3221ebb521e87bf9182d982

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

help.pdb

Imports

kernel32

GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
GetConsoleMode
FormatMessageW
HeapSetInformation
WriteConsoleW
LocalFree
WideCharToMultiByte
GetFileType
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
TerminateProcess

msvcrt

__wgetmainargs
__set_app_type
__p__commode
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_amsg_exit
_XcptFilter
malloc
_wcsnicmp
free
_wsystem
wcscat_s
wcscpy_s
_ultow
setlocale
exit

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hh.exe
.exe windows:10 windows x86 arch:x86

f937a8a0dd0b39468ff87dde8d9cdb45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

hh.pdb

Imports

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueExW

kernel32

ExpandEnvironmentStringsA
LoadLibraryA
HeapSetInformation
SetProcessDEPPolicy
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
GetTickCount
GetSystemTimeAsFileTime

msvcrt

_initterm
_acmdln
?terminate@@YAXXZ
_controlfp
_except_handler4_common
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnprintf
__setusermatherr
_ismbblead
memset

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icacls.exe
.exe windows:10 windows x86 arch:x86

019f88299d7f5e77f17221da15112a43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

icacls.pdb

Imports

msvcrt

exit
__wgetmainargs
_amsg_exit
_exit
_cexit
__p__fmode
calloc
__p__commode
_XcptFilter
__setusermatherr
wcsncpy_s
malloc
wcsrchr
_initterm
_wcsnicmp
_except_handler4_common
?terminate@@YAXXZ
_controlfp
feof
free
printf
_wfopen
wcschr
swprintf_s
fgetwc
wcscat_s
wcscpy_s
_local_unwind4
fputws
realloc
__set_app_type
_ultow
_wcsdup
fclose
_wcsicmp
_wperror
memcpy

ntdll

RtlNtStatusToDosError
RtlFreeHeap
NtQueryInformationFile
NtOpenFile
NtClose
RtlReleaseRelativeName
RtlIsPackageSid
RtlDosPathNameToRelativeNtPathName_U
RtlIsCapabilitySid

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW

api-ms-win-core-file-l1-1-0

FindFirstFileW
GetFileType
FindNextFileW
GetFileAttributesW
WriteFile
GetFinalPathNameByHandleW
FindClose

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-security-base-l1-1-0

InitializeAcl
AddAce
IsValidSid
EqualSid
CopySid
GetSecurityDescriptorControl
SetSecurityAccessMask
GetLengthSid
IsValidAcl
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
AdjustTokenPrivileges
DeleteAce

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-provider-l1-1-0

GetSecurityInfo
SetSecurityInfo

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icsunattend.exe
.exe windows:10 windows x86 arch:x86

11531fa26dd040394d31f8396f295974

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:e6:9f:07:80:a4:e5:c4:12:18:47:77:dd:3c:d9:e2:97:ce:59:7c:56:f8:21:93:d7:0f:b1:bb:1d:da:15:06
Signer

Actual PE Digest

84:e6:9f:07:80:a4:e5:c4:12:18:47:77:dd:3c:d9:e2:97:ce:59:7c:56:f8:21:93:d7:0f:b1:bb:1d:da:15:06

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

icsunattend.pdb

Imports

msvcrt

malloc
_callnewh
_XcptFilter
swprintf_s
free
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
memset

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
StringFromCLSID
CLSIDFromString

api-ms-win-core-synch-l1-1-0

CreateEventW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-ole32-ie-l1-1-0

CoInitialize

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ieUnatt.exe
.exe windows:10 windows x86 arch:x86

17b9ec9e0dbe389609de19cd6788a7c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ieUnAtt.pdb

Imports

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

kernel32

GetModuleHandleExW
ReleaseSemaphore
CreateSemaphoreExW
GetModuleFileNameA
FormatMessageW
WaitForSingleObject
ExpandEnvironmentStringsW
ReleaseMutex
GetFullPathNameW
CreateDirectoryW
GetFileAttributesW
LoadLibraryExW
FreeLibrary
GetProcessHeap
DeleteCriticalSection
GetProcAddress
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DebugBreak
IsDebuggerPresent
lstrcmpiW
LocalFree
GetLastError
GetCommandLineW
WritePrivateProfileStringW
LocalAlloc
Sleep
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
HeapFree
SetLastError
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
HeapAlloc

msvcrt

wcschr
memcpy_s
wcspbrk
_onexit
__dllonexit
_unlock
iswalpha
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
free
_callnewh
malloc
wcsncmp
_wcsnicmp
_itow_s
iswspace
_vsnwprintf
_lock
_vsnprintf
wcsrchr
memset

shell32

SHGetFolderPathW
CommandLineToArgvW

shlwapi

StrChrW
ord158
StrCmpW

user32

LoadStringW

ntdll

RtlAllocateHeap
RtlFreeHeap

api-ms-win-core-com-l1-1-0

CoCreateGuid
StringFromGUID2

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iexpress.exe
.exe windows:10 windows x86 arch:x86

74c91aab7b963325bc9bc79d27993fb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

iexpress.pdb

Imports

kernel32

CloseHandle
GetSystemInfo
WritePrivateProfileStringA
SetFileAttributesA
GetProcAddress
LocalFree
GetModuleHandleW
lstrcmpiA
CreateProcessA
CreateDirectoryA
FormatMessageA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileSectionA
GetExitCodeProcess
EnumResourceLanguagesA
SizeofResource
MoveFileA
SetLastError
LoadLibraryExA
EnumResourceNamesA
EnumResourceTypesA
UnmapViewOfFile
FreeResource
_llseek
GetFileInformationByHandle
GetTempPathA
FindResourceExA
CreateFileA
GlobalAlloc
GlobalFree
LoadResource
GlobalLock
CreateFileMappingA
_lread
FreeLibrary
_lclose
GetTempFileNameA
MapViewOfFile
GetTickCount
GlobalUnlock
_lwrite
GetCurrentDirectoryA
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesA
GetLastError
CopyFileA
CompareStringA
GetVersion
DeleteFileA
GetPrivateProfileSectionA
lstrcmpA
LocalAlloc
FindClose
GetFullPathNameA
GetUserDefaultUILanguage
WriteFile
FindFirstFileA
GetModuleFileNameA
Sleep
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetVersionExA
IsDBCSLeadByte
ReadFile
LockResource
GetShortPathNameA

gdi32

CreateFontIndirectA
DeleteObject
GetObjectA
GetDeviceCaps
CreateFontIndirectW
GetStockObject

user32

GetDlgItemTextA
ShowWindow
CheckRadioButton
GetWindowRect
SystemParametersInfoW
CharPrevA
CheckDlgButton
CharNextA
DispatchMessageA
GetDC
LoadStringA
PostMessageA
GetSystemMetrics
MessageBeep
IsDlgButtonChecked
SetWindowLongA
CallWindowProcA
GetWindowLongA
MessageBoxA
SetFocus
SendDlgItemMessageA
SendMessageA
GetDlgItem
PeekMessageA
GetParent
ReleaseDC
EnableWindow
MsgWaitForMultipleObjects
SetDlgItemTextA

msvcrt

?terminate@@YAXXZ
_acmdln
_initterm
memcpy
_ismbblead
__p__fmode
_cexit
_except_handler4_common
__setusermatherr
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
wcsncmp
mbstowcs
malloc
_splitpath_s
strchr
free
strtoul
_vsnprintf
memcpy_s
toupper
strtok
_itoa_s
_controlfp
memset

comctl32

CreatePropertySheetPageA
PropertySheetA
DestroyPropertySheetPage

comdlg32

GetOpenFileNameA
GetSaveFileNameA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

imagehlp

CheckSumMappedFile

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
instnm.exe
.exe windows:10 windows x86 arch:x86

34ef1d42eb1da272f024f086ee53f0d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

instnm.pdb

Imports

msvcrt

_except_handler4_common
_controlfp
__setusermatherr
?terminate@@YAXXZ
_initterm
_XcptFilter
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode

setupapi

SetupScanFileQueueA
SetupOpenInfFileW
SetupTermDefaultQueueCallback
SetupCommitFileQueueA
SetupCloseFileQueue
SetupCloseInfFile
SetupOpenAppendInfFileW
SetupInstallFilesFromInfSectionW
SetupInitDefaultQueueCallbackEx
SetupOpenFileQueue
SetupInstallFromInfSectionW
SetupDefaultQueueCallbackW

kernel32

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
Sleep
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ipconfig.exe
.exe windows:10 windows x86 arch:x86

c983706c01a0a915341af70fb20c0fbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ipconfig.pdb

Imports

msvcrt

exit
fgetpos
_except_handler4_common
_XcptFilter
?terminate@@YAXXZ
__p__commode
_amsg_exit
_vsnwprintf
_wcsicmp
memcpy
_controlfp
_initterm
memset
__wgetmainargs
_get_osfhandle
wcschr
__set_app_type
_exit
_write
_cexit
__p__fmode
__setusermatherr
setlocale
__iob_func
fwprintf
fflush
_setmode
_fileno
toupper

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetProcAddress

iphlpapi

GetAdaptersAddresses
GetCurrentThreadCompartmentId
GetNetworkParams
ConvertGuidToStringW
ConvertInterfaceLuidToGuid
FreeInterfaceDnsSettings
GetInterfaceDnsSettings
ConvertInterfaceLuidToNameW
ConvertInterfaceIndexToLuid
SetCurrentThreadCompartmentId
ConvertLengthToIpv4Mask

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-file-l1-1-0

GetFileType
FileTimeToLocalFileTime

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

dhcpcsvc

DhcpHandlePnPEvent
DhcpReleaseParameters
DhcpEnumClasses
DhcpAcquireParameters

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ntdll

RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlFreeUnicodeString
RtlIpv6AddressToStringW
RtlStringFromGUID

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemTimeAsFileTime
GetTickCount

dhcpcsvc6

Dhcpv6IsEnabled
Dhcpv6SetUserClass
Dhcpv6ReleaseParameters
Dhcpv6GetUserClasses
Dhcpv6AcquireParameters

ws2_32

InetNtopW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

dnsapi

DnsFree
DnsQueryConfigAllocEx
DnsFreeConfigStructure
DnsGetCacheDataTableEx
DnsFlushResolverCache
DnsQuery_W
DnsResolverOp
DnsRecordStringForType

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
HeapAlloc
GetProcessHeap

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

nsi

NsiAllocateAndGetTable
NsiSetAllParameters
NsiGetAllParameters
NsiFreeTable

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c90a9b51b5004e7bf81f560d871186e8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

ole32

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 87KB - Virtual size: 86KB

.reloc Size: 1024B - Virtual size: 992B

d35968b2bd94590ba3c0b4f90d8af4a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

ole32

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-featurestaging-l1-1-0

ntdll

api-ms-win-power-setting-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-fibers-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-core-string-l1-1-0

Sections

.text Size: 217KB - Virtual size: 216KB

.data Size: 13KB - Virtual size: 15KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

aebcb02352b68bcb99c49dcade027f25

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 87KB - Virtual size: 86KB

.reloc
Size: 1024B - Virtual size: 992B

.text
Size: 217KB - Virtual size: 216KB

.data
Size: 13KB - Virtual size: 15KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 757KB - Virtual size: 756KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 90KB - Virtual size: 99KB

.idata
Size: 12KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 12B

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 53KB - Virtual size: 52KB