CWindowsSysWOW64-6[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

CWindowsSysWOW64-6.zip
Size

2.3MB
MD5

fe3e61057ddcd429a67f97e5ec92c6c1
SHA1

b73b609b02a401e09e97e452cdae41c9a2197807
SHA256

2bf6831c609f0daeabd420d950923544ec2a5150f59125d9507f7e00246c74c5
SHA512

34d2929edca50cf9498bbc3d0331b38cb7a1b31a2d8972d2707057dd33a41d85e08e2cda8b5992c685903722d3baed7111a694874031670380d4a7352bf08015
SSDEEP

49152:bTyy77QfQv7lmqPi22uq+vKdh43+tj0x0ZP6Od7td4+/FpCzaq7KSdcf:bh4fQvhm0iXuqak43+1mOVtdlXCa3

Score

3^/10

Malware Config

Signatures

Unsigned PE 31 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LaunchTM.exe
unpack001/LaunchWinApp.exe
unpack001/MRINFO.EXE
unpack001/Magnify.exe
unpack001/MuiUnattend.exe
unpack001/NetCfgNotifyObjectHost.exe
unpack001/iscsicli.exe
unpack001/iscsicpl.exe
unpack001/isoburn.exe
unpack001/ktmutil.exe
unpack001/label.exe
unpack001/lodctr.exe
unpack001/logagent.exe
unpack001/logman.exe
unpack001/makecab.exe
unpack001/mcbuilder.exe
unpack001/mmc.exe
unpack001/mmgaserver.exe
unpack001/mobsync.exe
unpack001/mountvol.exe
unpack001/msdt.exe
unpack001/msfeedssync.exe
unpack001/mshta.exe
unpack001/msiexec.exe
unpack001/msinfo32.exe
unpack001/msra.exe
unpack001/mtstocom.exe
unpack001/ndadmin.exe
unpack001/net.exe
unpack001/net1.exe
unpack001/netbtugc.exe

Files

CWindowsSysWOW64-6.zip
.zip
LaunchTM.exe
.exe windows:10 windows x86 arch:x86

e28d1a46ba8c0c2dd607dfe0e3a12845

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

launchtm.pdb

Imports

msvcrt

__wgetmainargs
_except_handler4_common
__set_app_type
_XcptFilter
_amsg_exit
_controlfp
?terminate@@YAXXZ
exit
__p__commode
_wcmdln
_initterm
_exit
__setusermatherr
_cexit
__p__fmode
memset

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
SetPriorityClass
GetCurrentThreadId
TerminateProcess

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

shell32

ShellExecuteExW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LaunchWinApp.exe
.exe windows:10 windows x86 arch:x86

5967658220e6e42c8b5a4216711c6075

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

LaunchWinApp.pdb

Imports

advapi32

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

kernel32

GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
K32GetModuleFileNameExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
K32EnumProcessModulesEx
OpenProcess
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
LocalFree
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent

msvcrt

_onexit
__dllonexit
_unlock
_purecall
memcmp
_except_handler4_common
_lock
?terminate@@YAXXZ
_wcmdln
memcpy_s
_initterm
__setusermatherr
_controlfp
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnwprintf
memmove_s
_vsnprintf_s
??3@YAXPAX@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
__p__fmode
??1type_info@@UAE@XZ
memmove
memcpy
__CxxFrameHandler3
??0exception@@QAE@ABV0@@Z
malloc
_callnewh
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
?what@exception@@UBEPBDXZ
_CxxThrowException
memset

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemFree

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize

oleaut32

SysFreeString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

iertutil

CreateUri

ntdll

NtQueryInformationProcess

shell32

CommandLineToArgvW
ShellExecuteExW

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MRINFO.EXE
.exe windows:10 windows x86 arch:x86

7d973a1a6fdc7951d42858dbebce3c8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mrinfo.pdb

Imports

msvcrt

_amsg_exit
__wgetmainargs
__set_app_type
__p__commode
_XcptFilter
malloc
fwprintf
__setusermatherr
free
fgetpos
exit
_initterm
_exit
__p__fmode
_cexit
wcschr
_controlfp
_except_handler4_common
_fileno
_write
_setmode
_wtoi
fflush
_wcsicmp
?terminate@@YAXXZ
_get_osfhandle
__iob_func
memset

ws2_32

WSAStartup
htons
htonl
recvfrom
select
GetNameInfoW
WSACleanup
setsockopt
GetAddrInfoW
socket
bind
FreeAddrInfoW
sendto

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileType

ntdll

RtlIpv4AddressToStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Magnify.exe
.exe windows:10 windows x86 arch:x86

597e135a4116dce14172cc160a75198c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Magnify.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
EventRegister
EventWriteTransfer
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegDeleteKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegGetValueW
EventSetInformation
RegQueryValueExW
RegDeleteTreeW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegQueryValueW
RegLoadMUIStringW
RegNotifyChangeKeyValue
RegEnumValueW

kernel32

GetTickCount64
SetProcessShutdownParameters
RegisterApplicationRestart
CreateEventExW
DeleteCriticalSection
InitializeCriticalSectionEx
TerminateProcess
GetCurrentProcess
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalAddAtomW
GlobalDeleteAtom
SetEvent
GetUserDefaultLCID
LoadLibraryExW
FreeLibrary
ResetEvent
VirtualQuery
Sleep
HeapSetInformation
OpenMutexW
CompareStringW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
CreateMutexW
GetSystemInfo
LoadLibraryExA
VirtualProtect
InitOnceComplete
InitOnceBeginInitialize
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses
DeleteFileW
GetFileAttributesW
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcess
ExpandEnvironmentStringsW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
LocalFree
GetLocaleInfoEx
LoadLibraryW
InterlockedPushEntrySList
GlobalAlloc
OOBEComplete
LoadResource
FindResourceExW
CreateThread
LockResource
ProcessIdToSessionId
IsProcessInJob
OpenJobObjectW
CompareStringOrdinal
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
HeapSize
HeapReAlloc
HeapDestroy
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
SizeofResource

gdi32

FillRgn
GetObjectW
CreateCompatibleDC
DeleteDC
LineTo
MoveToEx
SelectObject
GetStockObject
CreateSolidBrush
CreateBrushIndirect
CreateBitmap
DeleteObject
CombineRgn
CreateRectRgn

user32

CallNextHookEx
GetUserObjectInformationW
DestroyCursor
SetFullscreenMagnifierOffsetsDWMUpdated
GetKeyboardLayout
MapVirtualKeyExW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
UnregisterClassA
CloseDesktop
WindowFromPhysicalPoint
ReleaseDC
UpdateLayeredWindow
LoadImageW
GetDC
RegisterClassW
FillRect
SetCursor
GetMessagePos
RemovePropW
SetPropW
SetWindowPlacement
RealGetWindowClassW
GetDoubleClickTime
SendMessageTimeoutW
SetRectEmpty
GetClassNameW
GetForegroundWindow
IsIconic
PostQuitMessage
DispatchMessageW
SetSystemCursor
GetMessageW
OpenInputDesktop
UpdateWindow
GetWindow
AdjustWindowRectEx
IsWindowVisible
SendMessageW
LoadIconW
SetPhysicalCursorPos
MapWindowPoints
GetPointerFrameInfoHistory
GetPointerInfo
GetWindowTextW
GetWindowThreadProcessId
ShowWindow
InvalidateRect
GetCursorPos
SetWindowRgn
SetWindowPos
GetSysColor
GetClientRect
SetWinEventHook
SetLayeredWindowAttributes
LoadCursorW
SetActiveWindow
EndPaint
BeginPaint
GetPointerDeviceRects
GetParent
UnhookWinEvent
SetWindowLongW
InflateRect
SetRect
GetGUIThreadInfo
DefWindowProcW
MonitorFromRect
RegisterClassExW
SetWindowsHookExW
GetWindowRgn
UnregisterHotKey
RegisterHotKey
TranslateMessage
GetAsyncKeyState
UnionRect
RegisterPointerDeviceNotifications
CreateWindowExW
GetPhysicalCursorPos
DestroyWindow
IsWindow
ClipCursor
EnumDisplayMonitors
KillTimer
SystemParametersInfoW
LoadStringW
FindWindowW
PostMessageW
UnhookWindowsHookEx
GetSystemMetrics
GetWindowLongW
GetAncestor
IntersectRect
EqualRect
GetDesktopWindow
GetWindowRect
IsRectEmpty
OffsetRect
PtInRect
SendInput
MonitorFromPoint
GetMonitorInfoW
CopyRect
GetPointerDevices
GetDpiForWindow
AdjustWindowRectExForDpi
GetFocus
SetFocus
GetKeyState
GetShellWindow
SendNotifyMessageW
SetDesktopColorTransform
GetProcessDefaultLayout
GetThreadDesktop
SetTimer

msvcp_win

?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
?_Xbad_function_call@std@@YAXXZ
_Thrd_id
_Thrd_join
_Mtx_unlock
_Mtx_lock
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

api-ms-win-crt-string-l1-1-0

wcsncmp
memset
memmove_s
strncmp
wcsspn
wcscspn

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswscanf
_o__beginthreadex
_o__callnewh
_o__cexit
_o__CIatan2
_o__CIcos
_o__CIfmod
_o__CIlog
_o__CIpow
_o__CIsin
_o__CIsqrt
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__hypot
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wtoi
_o_abort
_o_ceil
_o_exit
_o_floor
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstok
_o_wcstok_s
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
__std_terminate
__CxxFrameHandler3
wcschr
wcsrchr
memcmp
memcpy
memmove

ole32

CoInitialize
CoWaitForMultipleObjects
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoUninitialize

oleacc

AccessibleObjectFromEvent
AccessibleObjectFromWindow

comctl32

ord17
InitCommonControlsEx

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantClear
SafeArrayGetLBound
SysFreeString
SafeArrayGetDim
SafeArrayGetVartype
SafeArrayAccessData
SafeArrayUnaccessData
SetErrorInfo
SysStringLen
GetErrorInfo
SafeArrayGetUBound
SafeArrayPutElement

gdiplus

GdipFree
GdipAlloc
GdipCloneBrush
GdipStringFormatGetGenericTypographic
GdipDrawString
GdipSetTextRenderingHint
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawLine
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipFillRectangle

shell32

ShellExecuteW
SHGetKnownFolderPath
SHAppBarMessage

ntdll

WinSqmIncrementDWORD
NtQueryWnfStateData
RtlPublishWnfStateData
WinSqmIsOptedIn
WinSqmSetDWORD
WinSqmAddToStream

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled

magnification

MagSetInputTransform
MagSetLensUseBitmapSmoothing
MagSetWindowTransform
MagSetWindowSource
MagSetFullscreenUseBitmapSmoothing
MagSetFullscreenColorEffect
MagSetFullscreenTransform
MagInitialize
MagUninitialize
MagShowSystemCursor

uiautomationcore

UiaRaiseStructureChangedEvent
UiaRaiseAutomationEvent
UiaHostProviderFromHwnd
UiaClientsAreListening
UiaReturnRawElementProvider

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-crt-math-l1-1-0

_isnan
_finite

Sections

.text
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MuiUnattend.exe
.exe windows:10 windows x86 arch:x86

12d66cd90680a9232ad1abe81c38f4e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

MUIUnattend.pdb

Imports

msvcrt

_unlock
memcmp
_except_handler4_common
_initterm
__setusermatherr
_controlfp
__p__fmode
_cexit
_exit
exit
memmove
__dllonexit
_wcsnicmp
wcsncmp
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memmove_s
wcschr
_purecall
??3@YAXPAX@Z
_onexit
?terminate@@YAXXZ
memcpy
_wcsicmp
memcpy_s
_vsnprintf
wcsrchr
wprintf
_vsnwprintf
_lock
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegUnLoadKeyW
RegQueryValueExW
RegLoadKeyW
RegCreateKeyExW
RegEnumKeyExW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
OpenSemaphoreW
AcquireSRWLockShared
InitializeCriticalSectionEx
AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockExclusive
EnterCriticalSection
ReleaseMutex
InitializeCriticalSection
WaitForSingleObject
WaitForSingleObjectEx
ReleaseSemaphore
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
FormatMessageW
LocaleNameToLCID
GetLocaleInfoEx
SetUserGeoID

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentProcessId

sspicli

GetUserNameExW

api-ms-win-core-localization-l1-2-2

GetSystemDefaultLocaleName

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-private-l1-1-0

NlsUpdateLocale

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlpSetPreferredUILanguages
RtlNtStatusToDosError
RtlGetUILanguageInfo

api-ms-win-core-file-l1-1-0

GetFullPathNameW
CreateFileW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesExW
GetFileAttributesW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
PrivilegeCheck

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NetCfgNotifyObjectHost.exe
.exe windows:10 windows x86 arch:x86

73e7a1fadab1581ab228d22b44748056

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

NetCfgNotifyObjectHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o___stdio_common_vswscanf
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
memmove
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscpy_s
__current_exception
__current_exception_context
_o___stdio_common_vswprintf_s
_except_handler4_common
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
wcsrchr
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

EtwTraceMessage
RtlReportException
NtSetInformationProcess
RtlCaptureStackBackTrace

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetProcAddress
FreeLibrary
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
SetEvent
WaitForSingleObjectEx
CreateEventW
OpenSemaphoreW
CreateMutexExW
ResetEvent
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetErrorMode
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoFreeUnusedLibraries
CoCreateInstance
CoUninitialize

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

rpcrt4

RpcServerInterfaceGroupDeactivate
RpcServerInterfaceGroupClose
RpcServerInterfaceGroupActivate
RpcServerInterfaceGroupCreateW
NdrServerCall2

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

msvcp_win

?_Xlength_error@std@@YAXPBD@Z

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iscsicli.exe
.exe windows:10 windows x86 arch:x86

d52f09274bdf23c93710dedf1a9d242c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

iscsicli.pdb

Imports

msvcrt

_wtoi
vswprintf_s
fgetws
feof
_wcstoui64
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
__iob_func
_cexit
__p__fmode
__setusermatherr
_except_handler4_common
?terminate@@YAXXZ
_controlfp
memcpy
_vsnwprintf
_wcsicmp
_initterm
memset

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle

api-ms-win-core-file-l1-1-0

WriteFile
GetFileType
CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

ws2_32

WSAStringToAddressA
WSACleanup
WSAStartup

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Registry_PropertyW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

iscsidsc

AddIScsiSendTargetPortalW
GetIScsiSessionListW
ReportIScsiInitiatorListW
RemoveIScsiStaticTargetW
RefreshISNSServerW
RemoveIScsiConnection
ClearPersistentIScsiDevices
SetupPersistentIScsiVolumes
ReportIScsiPersistentLoginsW
SendScsiInquiry
AddISNSServerW
RemoveISNSServerW
RefreshIScsiSendTargetPortalW
SetIScsiIKEInfoW
LoginIScsiTargetW
SetIScsiInitiatorCHAPSharedSecret
GetDevicesForIScsiSessionW
AddIScsiStaticTargetW
RemoveIScsiPersistentTargetW
SendScsiReadCapacity
SetIScsiGroupPresharedKey
GetIScsiVersionInformation
ReportISNSServerListW
AddIScsiConnectionW
ReportIScsiSendTargetPortalsExW
RemovePersistentIScsiDeviceW
AddPersistentIScsiDeviceW
SetIScsiTunnelModeOuterAddressW
SendScsiReportLuns
ReportIScsiTargetsW
GetIScsiInitiatorNodeNameW
GetIScsiIKEInfoW
SetIScsiInitiatorNodeNameW
RemoveIScsiSendTargetPortalW
GetIScsiTargetInformationW
LogoutIScsiTarget
ReportPersistentIScsiDevicesW
ReportActiveIScsiTargetMappingsW

iscsium

DiscpEnumerateDeviceInterfaces
DiscpExecuteMethod
DiscpAllocMemory
DiscpSetRegistryValue
DiscpFreeDeviceInterfaceList
DiscpFreeMemory
DiscpTextAddrToBinary

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iscsicpl.exe
.exe windows:10 windows x86 arch:x86

4751d16fe4697ebbf94f37d0ebc833c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

iscsicpl.pdb

Imports

kernel32

GetCurrentProcessId
lstrcmpW
UnhandledExceptionFilter
GetLocaleInfoW
EnumUILanguagesW
GetUserDefaultUILanguage
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess
GetCurrentProcess

gdi32

GetStockObject

user32

GetClassNameW
LoadCursorW
CharNextW
CharUpperBuffW
DestroyIcon
DestroyWindow
SendMessageW
SetWindowLongW
DefWindowProcW
GetWindowLongW
RegisterClassW
CreateWindowExW
GetWindow

msvcrt

?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_controlfp
_except_handler4_common
_exit
memset

shell32

Control_RunDLL

shlwapi

ord10

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
isoburn.exe
.exe windows:10 windows x86 arch:x86

29b8ff4d31fabd38b1dbd1820b6ba213

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

isoburn.pdb

Imports

advapi32

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventWrite
EventEnabled
RegCloseKey
RegOpenKeyExW
RegEnumKeyW

kernel32

GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
GetLastError
IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
GetModuleHandleExW
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
LeaveCriticalSection
CreateThread
PowerCreateRequest
PowerSetRequest
PowerClearRequest
CompareStringOrdinal
InitOnceBeginInitialize
GetCurrentProcessId
CreateMutexExW
InitOnceComplete
CreateSemaphoreExW
ReleaseSRWLockExclusive
InitializeCriticalSection
LocalFree
GetTickCount64
GetVolumePathNamesForVolumeNameW
RaiseException
HeapDestroy
GetCommandLineW
GetStartupInfoW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
FormatMessageW
EnterCriticalSection

user32

SetWindowLongW
MessageBoxW
EndDialog
SetTimer
GetDlgItem
EnableWindow
IsDlgButtonChecked
ShowWindow
SendDlgItemMessageW
GetDesktopWindow
KillTimer
PostMessageW
SetFocus
SetDlgItemTextW
RegisterWindowMessageW
LoadIconW
SetWindowTextW
LoadStringW
DialogBoxParamW
SendMessageW

msvcrt

__setusermatherr
memcmp
_controlfp
_ismbblead
_initterm
_acmdln
_cexit
_exit
exit
_XcptFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
__p__fmode
__set_app_type
_lock
__p__commode
_except_handler4_common
_amsg_exit
__getmainargs
_callnewh
malloc
free
isalpha
memcpy_s
_vsnwprintf
toupper
_ftol2
memset

shlwapi

SHRegGetValueW
ord158
ord388
PathFindFileNameW

oleaut32

SysFreeString
SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
DispCallFunc

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

comctl32

ord386
ord329
ord328
ord332
ord334

uxtheme

EnableThemeDialogTexture

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ktmutil.exe
.exe windows:10 windows x86 arch:x86

f5b0bff689194f5fca291d9a9715c853

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ktmutil.pdb

Imports

msvcrt

_wcsicmp
_controlfp
?terminate@@YAXXZ
_except_handler4_common
_initterm
__setusermatherr
__p__fmode
_cexit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
exit
wprintf
free
malloc
setlocale
_exit

ntdll

RtlCompareMemory
NtQueryInformationEnlistment
NtOpenEnlistment
NtOpenResourceManager
NtQueryInformationTransactionManager
NtOpenTransactionManager
RtlFreeUnicodeString
NtQueryInformationTransaction
NtEnumerateTransactionObject
RtlStringFromGUID
RtlNtStatusToDosError
NtOpenTransaction

ktmw32

RecoverEnlistment
CommitEnlistment
RollbackEnlistment
CommitComplete
OpenEnlistment
OpenTransactionManagerById
OpenResourceManager

kernel32

GetCurrentProcess
GetModuleHandleW
LocalFree
FormatMessageW
WriteFile
GetConsoleOutputCP
WideCharToMultiByte
WriteConsoleW
GetFileType
GetStdHandle
CloseHandle
GetLastError
GetVersionExW
HeapSetInformation
SetThreadUILanguage
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
Sleep
SetUnhandledExceptionFilter
GetConsoleMode
TerminateProcess
QueryPerformanceCounter

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

ole32

IIDFromString

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
label.exe
.exe windows:10 windows x86 arch:x86

2dff96a00dee83e667dc424359e9647d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

label.pdb

Imports

msvcrt

__p__commode
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
HeapSetInformation
GetVolumeInformationW

ulib

?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
??0FLAG_ARGUMENT@@QAE@XZ
?IsYesResponse@STREAM_MESSAGE@@UAEEE@Z
??0REST_OF_LINE_ARGUMENT@@QAE@XZ
?Initialize@STREAM_MESSAGE@@QAEEPAVSTREAM@@00@Z
??1STREAM_MESSAGE@@UAE@XZ
??0STREAM_MESSAGE@@QAE@XZ
Get_Standard_Error_Stream
?QueryCurrentDosDriveName@SYSTEM@@SGEPAVWSTRING@@@Z
?IsValueSet@ARGUMENT@@QAEEXZ
??1OBJECT@@UAE@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QAEPAVWSTRING@@XZ
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UAE@XZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
??1STRING_ARGUMENT@@UAE@XZ
??0STRING_ARGUMENT@@QAE@XZ
?AnalyzePath@PATH@@QAE?AW4PATH_ANALYZE_CODE@@PAVWSTRING@@PAV1@0@Z
?IsGuidVolName@PATH@@QAEEXZ
??1PATH@@UAE@XZ
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
??0PATH@@QAE@XZ
?Display@MESSAGE@@QAAEPBDZZ
Get_Standard_Output_Stream
?Strcat@WSTRING@@QAEEPBV1@@Z
?QueryWSTR@WSTRING@@QBEPAGKKPAGKE@Z
?DeleteChAt@WSTRING@@QAEXKK@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?Initialize@WSTRING@@QAEEPBDK@Z
?Strchr@WSTRING@@QBEKGK@Z
?Stricmp@WSTRING@@QBEJPBV1@@Z
?Initialize@WSTRING@@QAEEXZ
??1DSTRING@@UAE@XZ
?Initialize@REST_OF_LINE_ARGUMENT@@QAEEXZ
??0ARRAY@@QAE@XZ
??1ARRAY@@UAE@XZ
?Initialize@ARRAY@@QAEEKK@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
Get_Standard_Input_Stream
??0DSTRING@@QAE@XZ
?Set@STREAM_MESSAGE@@UAEEKW4MESSAGE_TYPE@@K@Z

ifsutil

?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z

ntdll

RtlFreeHeap
NtClose
NtQueryVolumeInformationFile
NtSetVolumeInformationFile
NtOpenFile

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lodctr.exe
.exe windows:10 windows x86 arch:x86

43f3b0323297d7955b9d1105d70aa196

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

lodctr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
memcpy
_o__set_new_mode
_o__wcsnicmp
_o__wsplitpath_s
_o__wtof
_o_exit
_o_floor
_o_terminate
_o_wcstoul
_except_handler4_common
__current_exception
__current_exception_context
_o___p___wargv
_o___p___argc
_o___stdio_common_vfprintf
_o___acrt_iob_func
_o___stdio_common_vswprintf
wcschr
_o___p__commode

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle
GetCurrentDirectoryW
SearchPathW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

loadperf

LpReleaseInstallationMutex
LpAcquireInstallationMutex
LoadPerfCounterTextStringsW
UpdatePerfNameFilesW
BackupPerfRegistryToFileW
RestorePerfRegistryFromFileW
SetServiceAsTrustedW

api-ms-win-core-file-l1-1-0

GetFileSize
ReadFile
GetFileType
WriteFile
CreateFileW

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

api-ms-win-base-util-l1-1-0

IsTextUnicode

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logagent.exe
.exe windows:10 windows x86 arch:x86

b6c7b26ad38a6146c7bb1a6bf5fbaaa8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

logagent.pdb

Imports

advapi32

RegEnumKeyExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
RegSetValueExA
RegCreateKeyExA
AllocateAndInitializeSid
RegCloseKey
RegDeleteValueW
OpenProcessToken
GetTokenInformation
GetAclInformation
GetAce
EqualSid
DeleteAce
AddAce
AddAccessAllowedAce
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
SetSecurityDescriptorGroup
RegQueryValueExA
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW

kernel32

ReleaseSemaphore
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetLastError
CloseHandle
CreateThread
HeapAlloc
GetVersionExA
FreeLibraryAndExitThread
GetCurrentThread
SetThreadPriority
lstrlenW
GetModuleFileNameW
GetComputerNameW
LoadLibraryA
SetUnhandledExceptionFilter
HeapFree
DeleteCriticalSection
LoadLibraryW
CreateEventW
WaitForSingleObject
GetVersionExW
LocalAlloc
LocalFree
CreateEventA
GetProcessHeap
WideCharToMultiByte
CreateSemaphoreA
GetModuleFileNameA
EnterCriticalSection
SizeofResource
VirtualProtect
WaitForSingleObjectEx
SetEvent
HeapSize
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
VirtualAlloc
UnhandledExceptionFilter
GetStartupInfoW
Sleep
LoadLibraryExA
GetCurrentThreadId
GetModuleHandleA
GetCommandLineA
VirtualQuery
lstrcmpiA
FreeLibrary
lstrcpynA
GetProcAddress
LoadResource
IsDBCSLeadByte
HeapSetInformation
GetSystemInfo
FindResourceExA

user32

DispatchMessageA
CharPrevA
PostThreadMessageA
PostQuitMessage
CreateWindowExA
GetMessageA
RegisterClassA
GetWindowLongA
SetWindowLongA
PostMessageA
DestroyWindow
CharNextA
DefWindowProcA

msvcrt

swscanf
_wtoi
_stricmp
_vsnprintf
_ultow
_controlfp
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
wcsrchr
iswalpha
_beginthreadex
towupper
iswcntrl
iswascii
wcsspn
wcscspn
wcschr
strchr
_strnicmp
_ultow_s
sscanf_s
_wcsicmp
_vsnwprintf
__CxxFrameHandler3
memcmp
memcpy
iswdigit
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
strcat_s
_purecall
realloc
malloc
_wcsnicmp
free
memset

ole32

CoUninitialize
CoInitializeEx
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoSuspendClassObjects
CoTaskMemRealloc
CoRevokeClassObject
CoCreateGuid

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

wininet

InternetReadFile
InternetConnectW
InternetCloseHandle
HttpSendRequestExW
InternetCrackUrlW
HttpQueryInfoW
InternetSetOptionA
HttpEndRequestA
InternetOpenW
InternetErrorDlg
InternetQueryDataAvailable
HttpQueryInfoA
HttpOpenRequestW
InternetQueryOptionA

wsock32

getsockopt
getpeername
inet_ntoa
getsockname
closesocket
bind
socket
WSACleanup
WSAStartup
setsockopt
WSAGetLastError
ntohl
htons
ntohs
WSAAsyncSelect
inet_addr
shutdown

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logman.exe
.exe windows:10 windows x86 arch:x86

80f9d11eb42b1a527198bd8d537aac03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

logman.pdb

Imports

msvcrt

??3@YAXPAX@Z
wcsncmp
_wmakepath_s
_wsplitpath_s
memmove
wprintf
_except_handler4_common
_controlfp
?terminate@@YAXXZ
wcstok
_initterm
_wcsnicmp
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
wcsrchr
isspace
__CxxFrameHandler3
fgetws
wcsstr
_wfopen
wcschr
_errno
qsort
fseek
_wtoi
fclose
__setusermatherr
_wcsicmp
towlower
ferror
_vsnwprintf
iswspace
malloc
_callnewh
memcpy
memset

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetTokenInformation
SetSecurityDescriptorGroup
InitializeSecurityDescriptor

api-ms-win-core-file-l1-1-0

WriteFile
GetFileType
ReadFile
CreateFileW
SetFilePointerEx
FindNextFileW
FindClose
FindFirstFileW
GetFullPathNameW

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LoadLibraryExW
FreeResource
GetModuleHandleW
FindResourceExW
FreeLibrary
LoadResource
GetModuleFileNameW
LockResource
LoadStringW

oleaut32

VarBstrFromDate
VarDateFromStr
VariantClear
SafeArrayAccessData
SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayCreateVector
VariantInit
SysFreeString
SafeArrayUnaccessData
VariantChangeType
SysAllocString
VariantTimeToSystemTime

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenThreadToken
OpenProcessToken
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
TerminateProcess

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SearchPathW
GetCurrentDirectoryW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-console-l1-1-0

ReadConsoleW
WriteConsoleW
SetConsoleMode
GetConsoleMode
GetConsoleOutputCP

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
CoUninitialize
StringFromGUID2
CoInitializeSecurity
CreateStreamOnHGlobal

sspicli

GetUserNameExW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree
GlobalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
SetThreadPreferredUILanguages
GetLocaleInfoW
FormatMessageW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
makecab.exe
.exe windows:10 windows x86 arch:x86

db419917f8dba7d951eb3bcbfc2572aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

makecab.pdb

Imports

msvcrt

fread
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
__p__fmode
feof
_initterm
?terminate@@YAXXZ
_controlfp
_except_handler4_common
memcpy
fwrite
tolower
ferror
_mkdir
memmove_s
_tempnam
_stat
_unlink
_vsnprintf
__doserrno
_open_osfhandle
_eof
_lseek
ctime
setvbuf
time
_ltoa_s
_errno
_open
_strnicmp
_write
_close
fprintf
_read
remove
fclose
fopen
clock
exit
isdigit
atol
strchr
strspn
atoi
_stricmp
strncmp
printf
toupper
strpbrk
malloc
free
__setusermatherr
_strdup
__iob_func
_ftol2_sse
memset

api-ms-win-core-versionansi-l1-1-1

GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-core-versionansi-l1-1-0

VerQueryValueA

user32

CharNextExA

kernel32

LocalFileTimeToFileTime
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FileTimeToDosDateTime
DosDateTimeToFileTime
GetCurrentProcessId
GetFileSize
FileTimeToLocalFileTime
SetFileAttributesA
GetFileAttributesExW
CreateFileW
MultiByteToWideChar
GetFileAttributesW
SetFileTime
GetFullPathNameW
GetFileAttributesExA
CreateDirectoryW
GetModuleHandleW
GetProcAddress
CloseHandle
CreateFileA
GetLastError
Sleep
GetVersion

cabinet

ord14
ord10
ord12
ord13
ord11

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mcbuilder.exe
.exe windows:10 windows x86 arch:x86

98b3a3808ea3fb36e29ed8a8a2b35319

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mcbuilder.pdb

Imports

kernel32

HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
FreeLibrary
GetProcAddress
LoadLibraryW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetLastError
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
RaiseException
HeapFree
GetModuleHandleExW
GetCurrentThread
CloseHandle
HeapAlloc
LocalFree
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CompareStringW
LCMapStringW
HeapSize
DecodePointer

ntdll

EtwEventWrite
EtwEventUnregister
RtlUnwind
RtlReAllocateHeap
EtwEventEnabled
RtlAllocateHeap
RtlFreeHeap
EtwEventRegister

advapi32

OpenThreadToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
PrivilegeCheck
RegFlushKey
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfpmp.exe
.exe windows:10 windows x86 arch:x86

c935ea535b975bdbca41191bc227b9d5

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:64:87:d3:58:b1:1b:54:ae:13:ac:84:c1:ac:08:b5:7a:66:37:56:e0:8b:a6:e9:1f:6c:74:7b:a3:a8:e5:c2
Signer

Actual PE Digest

db:64:87:d3:58:b1:1b:54:ae:13:ac:84:c1:ac:08:b5:7a:66:37:56:e0:8b:a6:e9:1f:6c:74:7b:a3:a8:e5:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

MFPMP.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
memcpy
_o__set_new_mode
_o_exit
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_qsort
_o_strncpy_s
_o_terminate
_o_towupper
__current_exception
__current_exception_context
_except_handler4_common
_o___p__commode

api-ms-win-crt-string-l1-1-0

memset
strnlen

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSetInformation
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
SetErrorMode
GetErrorMode
GetLastError
RaiseException

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetCommandLineW

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
IIDFromString
CoFreeUnusedLibraries
CoCreateFreeThreadedMarshaler
CoInitializeEx
StringFromCLSID
CoUninitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
OpenEventW
DeleteCriticalSection
ResetEvent
WaitForSingleObject
InitializeCriticalSection
WaitForMultipleObjectsEx
EnterCriticalSection
SetEvent
CreateEventW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TlsGetValue
TlsSetValue
TerminateProcess
GetStartupInfoW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetMediaFoundationCodecLoading

mfcore

MFCreatePMPHost

mfplat

MFStartup
MFGetCallStackTracingWeakReference
MFGetSystemTime
MFShutdown

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mmc.exe
.exe windows:10 windows x86 arch:x86

80f725b9cf07b27e2df061c0329d6be7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mmc.pdb

Imports

gdi32

GetTextExtentPoint32W
SelectObject
GetStockObject
PtInRegion
CreatePolygonRgn
FillRgn
GetTextMetricsW
GetLayout
SetLayout
BitBlt
GetObjectW
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
DeleteObject
GetDeviceCaps
CreateFontIndirectW

user32

GetWindowTextLengthW
SetWindowTextW
GetClassNameW
wsprintfW
GetClassInfoExW
CreateWindowExW
CreateAcceleratorTableW
InvalidateRgn
CallWindowProcW
RegisterClassExW
ReleaseDC
GetDC
EndPaint
BeginPaint
GetDoubleClickTime
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
UnionRect
GetMessageTime
CopyImage
DrawIconEx
CharUpperW
GetSubMenu
DestroyIcon
DrawFrameControl
SetMenu
GetMenu
ChangeClipboardChain
SetForegroundWindow
SetActiveWindow
EnumThreadWindows
GetWindowTextW
SetClipboardViewer
KillTimer
SetTimer
SetWindowPos
DefWindowProcW
DrawFocusRect
IsWindowEnabled
TrackPopupMenuEx
GetNextDlgTabItem
GetDlgItem
CharLowerW
SetMenuDefaultItem
GetForegroundWindow
NotifyWinEvent
ReleaseCapture
GetCapture
AdjustWindowRectEx
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
IsZoomed
GetSystemMenu
BringWindowToTop
EnableMenuItem
GetWindowPlacement
SetWindowPlacement
SetParent
DrawTextW
SetWinEventHook
IsChild
SetWindowLongW
LoadImageW
DrawEdge
GetSysColor
DestroyMenu
SetMenuItemInfoW
AppendMenuW
GetMenuStringW
GetMenuItemInfoW
GetMenuItemCount
CreatePopupMenu
IsMenu
MoveWindow
EnumChildWindows
LoadCursorW
SetCursor
GetMessagePos
ClientToScreen
GetDlgCtrlID
ModifyMenuW
InsertMenuW
GetMenuState
DeleteMenu
SetFocus
GetFocus
ChildWindowFromPointEx
IsIconic
MapWindowPoints
ScreenToClient
GetCursorPos
GetKeyState
SetCapture
InflateRect
IsRectEmpty
InvalidateRect
ShowWindow
PtInRect
GetClientRect
GetWindowRect
GetClassInfoW
GetSysColorBrush
FillRect
GetMenuItemID
TabbedTextOutW
GrayStringW
SetRectEmpty
GetSystemMetrics
SendMessageW
IsWindow
PeekMessageW
DestroyWindow
CharNextW
GetParent
LoadStringW
PostMessageW
IsWindowVisible
UpdateWindow
LoadIconW
MessageBeep
GetIconInfo
PrivateExtractIconsW
CopyIcon
LoadMenuW
GetWindowLongW
SendMessageTimeoutW
MessageBoxW
OffsetRect
MonitorFromPoint
GetMonitorInfoW
CopyRect
SystemParametersInfoW
SetRect
RedrawWindow
FindWindowExW
GetWindowThreadProcessId
GetWindow
EnableWindow
RegisterWindowMessageW
DestroyAcceleratorTable
LoadAcceleratorsW
TranslateAcceleratorW
IntersectRect
GetDesktopWindow

mfc42u

ord6390
ord5446
ord6379
ord5436
ord400
ord702
ord3936
ord3436
ord5592
ord1569
ord4186
ord915
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5790
ord5575
ord5567
ord6057
ord5860
ord3573
ord3808
ord1258
ord1863
ord3215
ord5783
ord4266
ord810
ord3728
ord3292
ord3298
ord4501
ord4267
ord1934
ord3729
ord3394
ord5255
ord1147
ord3697
ord501
ord2100
ord6279
ord6278
ord5596
ord773
ord543
ord803
ord3579
ord765
ord3693
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord4352
ord4371
ord5283
ord4829
ord1683
ord5284
ord4433
ord2046
ord4425
ord6868
ord4273
ord5706
ord6330
ord6024
ord4848
ord4253
ord2362
ord2293
ord2290
ord609
ord3569
ord4390
ord2567
ord768
ord489
ord1899
ord2520
ord4254
ord4709
ord1008
ord771
ord496
ord1900
ord2506
ord1264
ord3864
ord2119
ord2383
ord3054
ord4462
ord975
ord2375
ord4431
ord4422
ord4584
ord3016
ord4787
ord4904
ord4869
ord4148
ord5280
ord5096
ord4495
ord6325
ord2634
ord5251
ord4451
ord402
ord4331
ord2875
ord4272
ord4241
ord1851
ord755
ord470
ord823
ord825
ord2606
ord861
ord5215
ord5213
ord2755
ord3341
ord1172
ord6466
ord1151
ord2385
ord1560
ord268
ord3658
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord800
ord4418
ord2859
ord296
ord617
ord5193
ord6211
ord411
ord709
ord2176
ord1196
ord2177
ord5935
ord3943
ord1165
ord1662
ord2644
ord1995
ord1938
ord4269
ord4604
ord4606
ord4609
ord561
ord815
ord4215
ord2576
ord3649
ord2430
ord2422
ord538
ord5499
ord540
ord2810
ord6315
ord6113
ord1131
ord2613
ord4154
ord986
ord5713
ord5712
ord2627
ord5297
ord334
ord648
ord942
ord940
ord1143
ord2717
ord2862
ord5285
ord6399
ord3517
ord2910
ord5568
ord535
ord858
ord5303
ord4692
ord4118
ord1637
ord4211
ord2776
ord927
ord1215
ord641
ord693
ord4616
ord5710
ord4074
ord5298
ord5296
ord2388
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord3597
ord985
ord3190
ord3441
ord5498
ord5190
ord5725
ord1994
ord3466
ord4479
ord4603
ord4605
ord5214
ord3654
ord6449
ord3348
ord4157
ord3188
ord3439
ord988
ord5612
ord3102
ord4209
ord5726
ord4689
ord1817
ord4233
ord338
ord652
ord6076
ord1594
ord5679
ord4124
ord3193
ord3449
ord4817
ord6191
ord6332
ord2391
ord4155
ord4414
ord1197
ord2532
ord3865
ord4420
ord4617
ord6171
ord4381
ord5649
ord3167
ord5573
ord1739
ord5239
ord3053
ord4690
ord6928
ord1184
ord941
ord4583
ord4893
ord4335
ord4343
ord4717
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord6051
ord4073
ord1768
ord5236
ord2377
ord5157
ord6370
ord4347
ord5286
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3743
ord5059
ord1719
ord2438
ord2116
ord5273
ord4621
ord4426
ord813
ord3744
ord1720
ord5257
ord818
ord567
ord3282
ord3291
ord6004
ord3909
ord3490
ord4078
ord2855
ord3087
ord1937
ord4268
ord2371
ord4607
ord4608
ord560
ord3296
ord2527
ord5256
ord1229
ord4458
ord2108
ord3344
ord1090
ord2225
ord2879
ord5848
ord5640
ord6193
ord6375
ord6373
ord4282
ord3905
ord5977
ord4502
ord4294
ord537
ord3494
ord1567
ord3288
ord5047
ord3133
ord4401
ord3737
ord384
ord686
ord2406
ord3621
ord1634
ord4582
ord4364
ord4886
ord5070
ord5237
ord3397
ord3716
ord795
ord3614
ord4279
ord2445
ord2447
ord1635
ord5261
ord4370
ord4847
ord4992
ord4704
ord6048
ord1767
ord5276
ord4419
ord3592
ord324
ord2574
ord4396
ord3365
ord3635
ord2294
ord2350
ord4229
ord5949
ord3871
ord2821
ord6195
ord3991
ord2857
ord3993
ord562
ord816
ord5785
ord4018
ord2746
ord6168
ord5871
ord3566
ord521
ord6303
ord2400
ord1192
ord2088
ord2575
ord4526
ord4397
ord5249
ord3366
ord3636
ord303
ord3792
ord2572
ord4394
ord3625
ord682
ord4270
ord4239
ord6316
ord289
ord613
ord5732
ord5869
ord283
ord3568
ord5674
ord3084
ord6712
ord6900
ord6238
ord6896
ord3281
ord860
ord2836
ord2099
ord3629
ord2858
ord1850
ord4240
ord401
ord674
ord5250
ord2873
ord1243
ord4452
ord4718
ord5233
ord1177
ord1561
ord4494
ord4407
ord5095
ord5048
ord4998
ord4766
ord4788
ord976
ord2373
ord4421
ord2437
ord4430
ord1658
ord2641
ord5279
ord2374
ord4072
ord4147

msvcrt

memcmp
_ftol2_sse
__RTDynamicCast
__CxxFrameHandler3
??_V@YAXPAX@Z
_vsnwprintf
memcpy_s
_purecall
wcsncmp
_ltow
wcstoul
_ultow
wcsrchr
iswspace
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_vsnprintf_s
_wcsnicmp
_wcsicmp
malloc
free
swscanf
__wargv
__argc
wcscpy_s
realloc
wcstol
__p__fmode
_mbsnbcnt
_mbslen
wcsstr
_wtoi
wcschr
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
_controlfp
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
memset
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memmove
memcpy
_CxxThrowException

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwTraceMessage

mmcbase

?AddSnapin@BookKeeping@@SGJPBGAAH@Z
?InterfaceMethodActivationContextException@BookKeeping@@SGXHPBG0KPAU_EXCEPTION_POINTERS@@@Z
?AddSnapinInterface@BookKeeping@@SG_NPAUIUnknown@@PBGAAH@Z
?ReleaseSnapinInterface@BookKeeping@@SGJPAUIUnknown@@H@Z
?GetSnapinName@BookKeeping@@SGPBGH@Z
?InvalidInterface@BookKeeping@@SGXHPBG0@Z
?InterfaceMethodException@BookKeeping@@SGXHPBG0KPAU_EXCEPTION_POINTERS@@@Z
?MMCNullInterface@BookKeeping@@SGXHPBG0@Z
?s_hWnd@SC@mmcerror@@0PAUHWND__@@A
?TraceSnapinError@@YGXPBGABVSC@mmcerror@@@Z
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
MMC_PickIconDlg
InsideModalLoop
?FindAllSnapinUIThreads@BookKeeping@@SGJPAPAKPAK@Z
?AddItem@BookKeeping@@SGJAAVItemHandle@@@Z
LoadStandardOverlays
?RemoveItem@BookKeeping@@SGJPAX@Z
GetStringModule
??7SC@mmcerror@@QBEHXZ
?FindItem@BookKeeping@@SGPAVItemHandle@@PAX@Z
??1?$CEventLock@UAppEvents@@@@QAE@XZ
??0?$CEventLock@UAppEvents@@@@QAE@XZ
?Throw@SC@mmcerror@@QAEXJ@Z
?Throw@SC@mmcerror@@QAEXXZ
?MMCErrorBox@@YGHPBGI@Z
?FatalError@SC@mmcerror@@QBEXXZ
?IsError@SC@mmcerror@@QBE_NXZ
?AddRef@CMMCStrongReferences@@SGKXZ
?Release@CMMCStrongReferences@@SGKXZ
?GetErrorMessage@SC@mmcerror@@QBEXIPAG@Z
?GetHelpID@SC@mmcerror@@QAEKXZ
?MMCErrorBox@@YGHPBGVSC@mmcerror@@I@Z
?FromLastError@SC@mmcerror@@QAEAAV12@XZ
?LastRefReleased@CMMCStrongReferences@@SG_NXZ
?GetHelpFile@SC@mmcerror@@SGPBGXZ
?ScSetConsoleEventDispatcher@CConsoleEventDispatcherProvider@@SG?AVSC@mmcerror@@PAVCConsoleEventDispatcher@@@Z
?SetMainThreadID@SC@mmcerror@@SGXK@Z
?SetHWnd@SC@mmcerror@@SGXPAUHWND__@@@Z
?MMCErrorBox@@YGHVSC@mmcerror@@I@Z
?ScFromMMC@@YG?AVSC@mmcerror@@J@Z
GetComObjectEventSource
?TraceAndClear@SC@mmcerror@@QAEXXZ
?MMCErrorBox@@YGHII@Z
GetEventBuffer
MMCUpdateRegistry
?ToHr@SC@mmcerror@@QBEJXZ
??0SC@mmcerror@@QAE@ABV01@@Z
??4SC@mmcerror@@QAEAAV01@ABV01@@Z
?SetFunctionName@SC@mmcerror@@QAEXPBG@Z
??BSC@mmcerror@@QBE_NXZ
?TraceError@@YGXPBGABVSC@mmcerror@@@Z
??1SC@mmcerror@@QAE@XZ
?s_CallDepth@SC@mmcerror@@0IA
?LKResult2HRESULT@BookKeeping@@SGJJ@Z

ole32

CoCreateInstance
CoDisconnectObject
CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoRevokeClassObject
OleRun
CoTaskMemFree
ProgIDFromCLSID
CoCreateGuid
RevokeDragDrop
RegisterDragDrop
DoDragDrop
CoGetClassObject
CoTaskMemAlloc
StringFromCLSID
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoGetMalloc
GetHGlobalFromStream
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StringFromGUID2

shlwapi

PathFindFileNameW
ord176
ord225

uxtheme

SetWindowTheme
DrawThemeBackground
OpenThemeData
IsAppThemed
IsThemeActive
CloseThemeData

duser

SetGadgetStyle
GetGadgetRect

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey

uiautomationcore

UiaReturnRawElementProvider
UiaHostProviderFromHwnd
UiaClientsAreListening
UiaRaiseAutomationEvent
UiaDisconnectProvider

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
LoadLibraryExW
GetModuleHandleA

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree
HeapDestroy
HeapCreate

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
CreateProcessW
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetFileMUIPath

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
GetCommandLineW
GetCurrentDirectoryW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-file-l1-1-0

GetLongPathNameW
WriteFile
GetFullPathNameW
FindFirstFileW
GetFileTime
CreateFileW
FindNextFileW
FindClose
GetFileSize
GetFileAttributesW
DeleteFileW
ReadFile
CreateDirectoryW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetSystemDirectoryW
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA
FindResourceW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualFree
VirtualQuery

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

lstrcmpW
lstrlenW
lstrcpyW
AddAtomW
DeleteAtom
GlobalUnlock
GlobalLock
lstrcmpiW
GlobalReAlloc
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mmgaserver.exe
.exe windows:10 windows x86 arch:x86

a6fe7c6ff8b11e43086faa85c9dab610

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mmgaserver.pdb

Imports

user32

TranslateMessage
PostThreadMessageA
GetMessageA
DispatchMessageA
PeekMessageA

msvcp_win

_Cnd_broadcast
_Mtx_unlock
_Thrd_detach
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_init_in_situ
?_Xlength_error@std@@YAXPBD@Z
_Cnd_destroy_in_situ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__callnewh
_o__set_new_mode
_o_ceil
_o_exit
_o_free
_o_malloc
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
_o__beginthreadex
_o___stdio_common_vswprintf
_o__cexit
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler3
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
FreeLibrary
LoadLibraryExA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateEventW
AcquireSRWLockExclusive
ResetEvent
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
CreateEventExW
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
SetEvent
EnterCriticalSection
ReleaseMutex
LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetThreadId
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
FlushInstructionCache

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 844KB - Virtual size: 843KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mobsync.exe
.exe windows:10 windows x86 arch:x86

b4668b610d5fa04c01b79ce854744b5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mobsync.pdb

Imports

advapi32

GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

kernel32

lstrlenW
LocalAlloc
LocalFree
GetCommandLineW
HeapSetInformation
ResolveDelayLoadedAPI
DelayLoadFailureHook

user32

GetMessageW
TranslateMessage
DispatchMessageW

msvcrt

_controlfp
?terminate@@YAXXZ
_wcmdln
__dllonexit
_initterm
_lock
__setusermatherr
__p__fmode
_cexit
_exit
_except_handler4_common
_unlock
_onexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
wcsstr
towupper
wcschr
_vsnwprintf
memcpy_s
memset

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateMutexExW
WaitForSingleObject
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

shell32

CommandLineToArgvW

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mountvol.exe
.exe windows:10 windows x86 arch:x86

30f2c65a9103a7536b77118a741917b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mountvol.pdb

Imports

msvcrt

_controlfp
_vsnwprintf
_initterm
exit
_except_handler4_common
__getmainargs
?terminate@@YAXXZ
_amsg_exit
__p__commode
_XcptFilter
_exit
__setusermatherr
_cexit
__set_app_type
__p__fmode
memcpy

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
FindVolumeClose
DefineDosDeviceW
FindFirstVolumeW
CreateFileW
DeleteVolumeMountPointW
RemoveDirectoryW
FindNextVolumeW
WriteFile

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

ntdll

NtQuerySystemInformation

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msdt.exe
.exe windows:10 windows x86 arch:x86

0ec41687678c414bc5f42fc0c7868e1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msdt.pdb

Imports

advapi32

EventRegister
EventWriteTransfer
EventUnregister
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
CheckTokenMembership
CreateWellKnownSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventSetInformation
RegLoadMUIStringW

kernel32

WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
Sleep
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
SizeofResource
GetFileSizeEx
FreeResource
LockResource
GlobalAlloc
ReleaseSRWLockShared
GetStringTypeW
CloseHandle
GlobalFree
LoadResource
FindResourceW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
MoveFileW
SetFileTime
GetFileInformationByHandle
LocalFileTimeToFileTime
FileTimeToLocalFileTime
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
DosDateTimeToFileTime
FileTimeToDosDateTime
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
GetModuleHandleExW
CloseThreadpoolTimer
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
GetCurrentThreadId
WaitForSingleObject
SetThreadpoolTimer
GetModuleFileNameA
LocalAlloc
OpenEventW
ConnectNamedPipe
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
ReleaseMutex
CreateNamedPipeW
GetSystemTime
LoadLibraryExW
CopyFileW
RemoveDirectoryW
SetFileAttributesW
DeleteCriticalSection
CreateDirectoryW
GetCurrentProcess
GetCurrentThread
GetTempPath2W
GetTempFileNameW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetUserPreferredUILanguages
ExpandEnvironmentStringsW
FreeLibrary
LocalFree
GetFullPathNameW
GetFileAttributesW
GetCommandLineW
ReadFile
WriteFile
CreateFileW
GetModuleFileNameW
CreateThread
CreateEventW
WaitForMultipleObjects
HeapReAlloc
ResetEvent
SetEvent
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetDllDirectoryW
InitializeCriticalSection
GetTickCount64
TlsSetValue
TlsFree
TlsAlloc
TlsGetValue
LoadLibraryW
GetExitCodeProcess
HeapSetInformation
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateSemaphoreExW

user32

IsChild
EnableWindow
GetKeyState
LoadImageW
GetClientRect
SendMessageW
CreateWindowExW
CallNextHookEx
GetFocus
GetWindowLongW
MessageBoxW
LoadStringW
AllowSetForegroundWindow
IsWindow
ShowScrollBar
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetWindowLongW
UnhookWindowsHookEx
GetSystemMetrics
PostMessageW
SetForegroundWindow
SetWindowsHookExW

msvcrt

__p__commode
_XcptFilter
_amsg_exit
_wsetlocale
__crtLCMapStringW
__crtCompareStringW
_wcsdup
abort
memcmp
__pctype_func
memset
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
_unlock
_lock
_errno
___lc_collate_cp_func
setlocale
memmove
memcpy
_CxxThrowException
??0exception@@QAE@ABQBDH@Z
_callnewh
mbstowcs_s
wcstok
wcschr
_wtol
calloc
wcstol
iswdigit
wcsncmp
_wcslwr_s
malloc
wcstombs_s
??0exception@@QAE@ABQBD@Z
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
realloc
free
strchr
?what@exception@@UBEPBDXZ
wcsstr
towlower
_wcsicmp
_vsnprintf
_wcsnicmp
memmove_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler3
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp
_except_handler4_common
_close
_write
time
_lseek
wcstok_s
_get_osfhandle
_wopen
srand
_wremove
_read
rand

ntdll

DbgPrintEx
RtlInitializeSid
RtlNtStatusToDosError
NtOpenProcessToken
NtQueryInformationToken
NtClose
NtOpenThreadToken
RtlSubAuthoritySid
RtlCreateEnvironment
RtlInitUnicodeStringEx
RtlSetEnvironmentVariable
RtlExpandEnvironmentStrings
RtlDestroyEnvironment
WinSqmAddToStreamEx

shell32

ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetKnownFolderIDList
CommandLineToArgvW

comctl32

ImageList_ReplaceIcon
PropertySheetW
ImageList_Destroy
ImageList_Create

oleaut32

SysAllocString
SysFreeString
VariantInit
SafeArrayDestroy
SafeArrayGetElement
SysStringLen
VariantClear
SafeArrayCreate
SafeArrayPutElement
SysAllocStringLen
SafeArrayAccessData
SafeArrayUnaccessData

uxtheme

SetWindowTheme

atl

ord40
ord42

ole32

CoInitializeEx
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoTaskMemAlloc
PropVariantClear
CoCreateInstance
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
GetHGlobalFromStream
CoCreateGuid

comdlg32

CommDlgExtendedError
GetOpenFileNameW

rpcrt4

UuidCreate

duser

GetGadgetFocus
ForwardGadgetMessage

wer

WerReportSubmit
WerReportCloseHandle
WerReportSetParameter
WerReportAddFile
WerReportCreate

secur32

GetUserNameExW

wintrust

WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptHashCertificate

dui70

?CreateHWND@CCBase@DirectUI@@UAEPAUHWND__@@PAU3@@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?SetKeyFocus@HWNDHost@DirectUI@@UAEXXZ
?AddBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?MessageCallback@Edit@DirectUI@@UAEIPAUtagGMSG@@@Z
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UAEXPAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?OnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
?OnUnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
?UpdateTooltip@Element@DirectUI@@MAEXPAV12@@Z
?ActivateTooltip@Element@DirectUI@@MAEXPAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MAEXPAV12@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UAE_NXZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UAEJPAPAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?GetUIAElementProvider@Element@DirectUI@@UAEJABU_GUID@@PAPAX@Z
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UAEPAV12@XZ
?OnNotify@Edit@DirectUI@@UAE_NIIJPAJ@Z
?OnMessage@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnSysChar@HWNDHost@DirectUI@@UAE_NG@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UAEXIPBUtagSTYLESTRUCT@@@Z
?SetWindowDirection@HWNDHost@DirectUI@@UAEXPAUHWND__@@@Z
?EraseBkgnd@HWNDHost@DirectUI@@MAE_NPAUHDC__@@PAJ@Z
?CreateHWND@Edit@DirectUI@@MAEPAUHWND__@@PAU3@_N@Z
?Initialize@Edit@DirectUI@@QAEJIPAVElement@2@PAK@Z
?AttachCtrlSubclassProc@HWNDHost@DirectUI@@KGXPAUHWND__@@@Z
?GetThemedBorder@Edit@DirectUI@@QAE_NXZ
?GetMultiline@Edit@DirectUI@@QAE_NXZ
?OnAdjustWindowSize@HWNDHost@DirectUI@@UAEHHHI@Z
?GetHWND@HWNDHost@DirectUI@@UAEPAUHWND__@@XZ
?SetWinStyle@CCBase@DirectUI@@QAEJH@Z
?Destroy@Element@DirectUI@@QAEJ_N@Z
?Initialize@CCListView@DirectUI@@QAEJIPAVElement@2@PAK@Z
?OnInput@CCBase@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnInput@Element@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnPropertyChanged@CCBase@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?DirectionProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
??1CCBase@DirectUI@@UAE@XZ
??0CCBase@DirectUI@@QAE@KPBG@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetContentSize@Edit@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Paint@HWNDHost@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?OnEvent@HWNDHost@DirectUI@@UAEXPAUEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UAEXXZ
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnInput@Edit@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Edit@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetContentStringAsDisplayed@Edit@DirectUI@@UAEPBGPAPAVValue@2@@Z
?IsContentProtected@Edit@DirectUI@@UAE_NXZ
?IsRTLReading@Element@DirectUI@@UAE_NXZ
??1Edit@DirectUI@@UAE@XZ
??0Edit@DirectUI@@QAE@XZ
?Register@Edit@DirectUI@@SGJXZ
?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
??1CritSecLock@DirectUI@@QAE@XZ
?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
?Register@ClassInfoBase@DirectUI@@QAEJXZ
?Register@HWNDElement@DirectUI@@SGJXZ
?Register@CCBase@DirectUI@@SGJXZ
?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
?Initialize@CCBase@DirectUI@@QAEJIPAVElement@2@PAK@Z
?GetClassInfoPtr@Edit@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClassInfoPtr@CCBase@DirectUI@@SGPAUIClassInfo@2@XZ
??0CCListView@DirectUI@@QAE@XZ
??0ClassInfoBase@DirectUI@@QAE@XZ
??1ClassInfoBase@DirectUI@@UAE@XZ
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z
?GetClassInfoW@CCBase@DirectUI@@UAEPAUIClassInfo@2@XZ
?DefaultAction@CCBase@DirectUI@@UAEJXZ
?OnNotify@CCBase@DirectUI@@UAE_NIIJPAJ@Z
?OnCustomDraw@CCBase@DirectUI@@UAE_NPAUtagNMCUSTOMDRAWINFO@@PAJ@Z
?OnLostDialogFocus@CCBase@DirectUI@@UAE_NPAUIDialogElement@2@@Z
?OnReceivedDialogFocus@CCBase@DirectUI@@UAE_NPAUIDialogElement@2@@Z
?PostCreate@CCBase@DirectUI@@MAEXPAUHWND__@@@Z
?GetClassInfoW@CCListView@DirectUI@@UAEPAUIClassInfo@2@XZ
?AddRef@ClassInfoBase@DirectUI@@UAEXXZ
?Release@ClassInfoBase@DirectUI@@UAEHXZ
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
?SetNote@CCCommandLink@DirectUI@@QAEJPBG@Z
?GetContentString@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z
?SetValue@Element@DirectUI@@QAEJPBUPropertyInfo@2@HPAVValue@2@@Z
UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv
?DUICreatePropertySheetPage@TaskPage@DirectUI@@QAEJPAUHINSTANCE__@@@Z
?GetChildren@Element@DirectUI@@QAEPAV?$DynamicArray@PAVElement@DirectUI@@$0A@@2@PAPAVValue@2@@Z
?SetID@Element@DirectUI@@QAEJPBG@Z
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?Add@Element@DirectUI@@QAEJPAV12@@Z
?SetSelected@Element@DirectUI@@QAEJ_N@Z
?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
?RemoveAll@Element@DirectUI@@QAEJXZ
?SetEnabled@Element@DirectUI@@QAEJ_N@Z
?Release@Value@DirectUI@@QAEXXZ
?ContentProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?SetValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZHPAVValue@2@@Z
?DestroyCP@TaskPage@DirectUI@@EAEXXZ
?CreateParserCP@TaskPage@DirectUI@@EAEJPAPAVDUIXmlParser@2@@Z
?CreateDUICP@TaskPage@DirectUI@@EAEJPAVHWNDElement@2@PAUHWND__@@1PAPAVElement@2@PAPAVDUIXmlParser@2@@Z
?OnQueryInitialFocus@TaskPage@DirectUI@@MAEPAVElement@2@XZ
?OnWizFinish@TaskPage@DirectUI@@MAEJXZ
?OnReset@TaskPage@DirectUI@@MAEJXZ
?OnKillActive@TaskPage@DirectUI@@MAEJXZ
?InitPropSheetPage@TaskPage@DirectUI@@MAEXPAU_PROPSHEETPAGEW@@@Z
?LoadPage@TaskPage@DirectUI@@MAEJPAVHWNDElement@2@PAUHINSTANCE__@@PAPAVElement@2@PAPAVDUIXmlParser@2@@Z
?LoadParser@TaskPage@DirectUI@@MAEJPAPAVDUIXmlParser@2@@Z
?OnListenedInput@TaskPage@DirectUI@@MAEXPAVElement@2@PAUInputEvent@2@@Z
?OnListenedPropertyChanged@TaskPage@DirectUI@@MAEXPAVElement@2@PBUPropertyInfo@2@HPAVValue@2@2@Z
?OnListenedPropertyChanging@TaskPage@DirectUI@@MAE_NPAVElement@2@PBUPropertyInfo@2@HPAVValue@2@2@Z
?OnListenerDetach@TaskPage@DirectUI@@MAEXPAVElement@2@@Z
?OnListenerAttach@TaskPage@DirectUI@@MAEXPAVElement@2@@Z
?SetTooltipMaxWidth@Element@DirectUI@@QAEJH@Z
?SetTooltip@Element@DirectUI@@QAEJ_N@Z
?SetContentString@Element@DirectUI@@QAEJPBG@Z
?SetAccDesc@Element@DirectUI@@QAEJPBG@Z
?SetAccValue@Element@DirectUI@@QAEJPBG@Z
?SetAccName@Element@DirectUI@@QAEJPBG@Z
?CreateGraphic@Value@DirectUI@@SGPAV12@PAUHICON__@@_N11@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?SetVisible@Element@DirectUI@@QAEJ_N@Z
StrToID
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?EndDefer@Element@DirectUI@@QAEXK@Z
?StartDefer@Element@DirectUI@@QAEXPAK@Z
?PropSheet_SendMessage@TaskPage@DirectUI@@IAEJIIJ@Z
?Click@Button@DirectUI@@SG?AVUID@@XZ
??1TaskPage@DirectUI@@UAE@XZ
??0TaskPage@DirectUI@@QAE@XZ
?OnNotify@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?GetClassInfoW@HWNDHost@DirectUI@@UAEPAUIClassInfo@2@XZ
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?OnInput@HWNDHost@DirectUI@@UAEXPAUInputEvent@2@@Z
?GetClassInfoPtr@HWNDHost@DirectUI@@SGPAUIClassInfo@2@XZ
?Register@HWNDHost@DirectUI@@SGJXZ
?KeyFocusedProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?OnPropertyChanged@HWNDHost@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?Initialize@HWNDHost@DirectUI@@QAEJIIPAVElement@2@PAK@Z
??1HWNDHost@DirectUI@@UAE@XZ
??0HWNDHost@DirectUI@@QAE@XZ
??1CCListView@DirectUI@@UAE@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UBEXXZ
?GetChildren@ClassInfoBase@DirectUI@@UBEHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UAEXXZ
?AddChild@ClassInfoBase@DirectUI@@UAEXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UBE_NPAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UBE_NPBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z

shlwapi

SHCreateStreamOnFileEx

winhttp

WinHttpWriteData
WinHttpSendRequest
WinHttpConnect
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpGetDefaultProxyConfiguration
WinHttpCrackUrl

cabinet

ord10
ord23
ord20
ord22
ord14
ord11
ord13

Sections

.text
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msfeedssync.exe
.exe windows:10 windows x86 arch:x86

fb37fe4156f06a97c2155a4255fd8a97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msfeedssync.pdb

Imports

kernel32

GetVersion
GetProcAddress
LocalFree
GetModuleHandleW
LocalAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep

msvcrt

?terminate@@YAXXZ
_except_handler4_common
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
wcstoul
_controlfp

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitializeEx

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mshta.exe
.exe windows:10 windows x86 arch:x86

ee4e4a67c3e30b424aa8a1c9c579181f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mshta.pdb

Imports

msvcrt

__p__fmode
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
malloc
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
free
_callnewh

kernel32

SetProcessDEPPolicy
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
MultiByteToWideChar
LoadLibraryA
ExpandEnvironmentStringsA
GetCurrentProcessId
GetCurrentThreadId
FreeLibrary
LoadLibraryW
GetProcAddress
GetVersion
GetModuleHandleW

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

iertutil

ord650

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msiexec.exe
.exe windows:10 windows x86 arch:x86

e4e40938e4bf6c66424859ed02171c41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msiexec.pdb

Imports

advapi32

GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
MakeSelfRelativeSD
RegQueryValueExW
OpenThreadToken
AddAccessAllowedAce
GetSecurityDescriptorLength
GetLengthSid
StartServiceCtrlDispatcherW
RegOpenKeyExW
InitializeAcl
InitializeSecurityDescriptor
SetThreadToken
FreeSid
OpenProcessToken
RegSetValueExW
RegisterServiceCtrlHandlerW
RegCreateKeyExW
SetServiceStatus
AllocateAndInitializeSid
EqualSid
GetAce
SetSecurityDescriptorOwner
RegEnumKeyW
RegCloseKey
RevertToSelf
AdjustTokenPrivileges
SetSecurityDescriptorDacl
LookupPrivilegeValueW

kernel32

CompareStringW
SetLastError
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
lstrlenW
GetStdHandle
WriteFile
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
GetLocaleInfoW
WaitForSingleObject
OpenEventW
GetVersionExW
GetSystemDefaultLangID
GetACP
OpenProcess
GetVersion
SetProcessMitigationPolicy
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
OutputDebugStringW
SetEvent
GetCurrentThread
GlobalAlloc
GlobalFree
CloseHandle
LoadLibraryW
CreateThread
SetCurrentDirectoryW
GetProcAddress
DeleteCriticalSection
ExitProcess
UnhandledExceptionFilter
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetFileType
lstrcmpW
LoadLibraryExW
GetSystemDirectoryW
LoadLibraryExA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
DelayLoadFailureHook
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
GetStartupInfoW

user32

GetMessageW
MsgWaitForMultipleObjects
DispatchMessageW
IsCharAlphaNumericW
TranslateMessage
PostThreadMessageW
PostQuitMessage
PeekMessageW

msvcrt

_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__p__fmode
_ismbblead
__setusermatherr
_initterm
_acmdln
_lock
_unlock
__dllonexit
_onexit
memcpy
memset
?terminate@@YAXXZ
_controlfp
_vsnwprintf
_wcsicmp
_vsnprintf

ntdll

RtlUnwind
NtQueryInformationProcess

ole32

CoUninitialize
CoRegisterClassObject
StgOpenStorage
CoRevokeClassObject
CoInitialize

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msinfo32.exe
.exe windows:10 windows x86 arch:x86

fa477659889131ad82edbbcff8f030c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msinfo32.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW
RegSetValueExW
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

kernel32

HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
MulDiv
DnsHostnameToComputerNameW
GetVersionExW
GetTickCount
CreateEventW
InitializeCriticalSection
ResetEvent
CreateThread
SetEvent
TerminateThread
GetLocaleInfoW
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
MultiByteToWideChar
GetNativeSystemInfo
GetSystemWow64DirectoryW
GetSystemDirectoryW
CreateThreadpoolTimer
GetModuleFileNameA
GetVolumePathNameW
GetFirmwareType
GetPhysicallyInstalledSystemMemory
WaitForThreadpoolTimerCallbacks
CreateFileW
ReadFile
SetFilePointer
FindFirstFileW
FindNextFileW
FindClose
GetTempPath2W
CreateDirectoryExW
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
LoadLibraryW
GlobalLock
GlobalUnlock
GetFileSize
LocalFree
GlobalAlloc
GetComputerNameW
GetCommandLineW
HeapSetInformation
RegisterApplicationRestart
InitializeCriticalSectionEx
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
LoadLibraryExW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
WaitForSingleObject
HeapFree
GlobalMemoryStatusEx
CreateSemaphoreExW
FreeLibrary

gdi32

CreateSolidBrush
SetTextColor
EndDoc
EndPage
StartDocW
CreateFontW
TextOutW
StartPage
GetTextExtentPoint32W
DeleteObject
CreateFontIndirectW
GetDeviceCaps
GetObjectW

user32

CheckDlgButton
DrawFocusRect
GetDCEx
ClientToScreen
SetFocus
ReleaseCapture
SetCapture
PtInRect
OffsetRect
InflateRect
DestroyIcon
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
IsWindowEnabled
IsWindowVisible
GetFocus
SetMenuItemInfoW
SetCursor
ShowWindow
UpdateWindow
InvalidateRect
SetClipboardData
CopyRect
GetClientRect
SetClassLongW
PostQuitMessage
SetWindowPlacement
SystemParametersInfoW
LoadAcceleratorsW
MoveWindow
GetWindowRect
SetRect
GetWindowLongW
SendInput
EnableWindow
GetWindowTextW
GetSubMenu
LoadCursorW
BeginPaint
EndPaint
IsDlgButtonChecked
ReleaseDC
GetDC
EnumChildWindows
GetDpiForSystem
GetSysColor
FillRect
RedrawWindow
LoadStringW
PostMessageW
MessageBoxW
LoadMenuW
SetMenu
SetWindowPos
GetMenu
EmptyClipboard
ScreenToClient
SetDlgItemTextW
SetWindowTextW
SendMessageW
GetDlgItem
KillTimer
SetTimer
DialogBoxParamW
EndDialog
AdjustWindowRectEx
NotifyWinEvent
CreateDialogParamW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
DestroyAcceleratorTable
LoadIconW
CheckRadioButton
SetWindowLongW

mfc42u

ord1571
ord600
ord269
ord826
ord2444
ord5781
ord5785
ord5871
ord6168
ord5790
ord2559
ord640
ord6921
ord6919
ord6867
ord6563
ord5597
ord2755
ord5618
ord2757
ord802
ord812
ord559
ord4182
ord6565
ord911
ord542
ord5588
ord698
ord396
ord2442
ord1172
ord6466
ord1634
ord3621
ord268
ord1560
ord2406
ord3614
ord1633
ord323
ord860
ord2776
ord2819
ord942
ord2813
ord3806
ord537
ord825
ord540
ord800
ord858
ord861
ord2910
ord5568
ord2855
ord4124
ord2606
ord538
ord535
ord6140
ord5858
ord941
ord2810
ord940
ord6278
ord823
ord4155
ord1165
ord2756
ord922
ord5706
ord1594
ord398
ord700
ord4184
ord913
ord2809
ord773
ord394
ord696
ord501
ord998
ord5617
ord4180
ord909
ord1083
ord5596
ord3430
ord5586
ord6218
ord4199
ord4197
ord6279
ord927
ord925
ord834
ord2805
ord5852
ord2768
ord6928
ord1184
ord3432
ord349
ord3658
ord5647
ord3121
ord3608
ord2385
ord352

msvcrt

_onexit
??1type_info@@UAE@XZ
_controlfp
_except_handler4_common
memcmp
__dllonexit
_unlock
_ftol2_sse
_ftol2
_lock
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
wcsncpy_s
iswascii
wcstod
_wtol
iswalpha
wcstoul
wcstol
_wcsicmp
swprintf_s
_wcsicoll
_wtoi
memmove_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPAX@Z
__CxxFrameHandler3
_wcsupr
memset

atl

ord30

ntdll

NtQuerySystemInformation

oleaut32

VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantClear
VariantChangeType
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString

ole32

CoInitializeSecurity
CoCreateGuid
CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize
StringFromCLSID

shlwapi

StrFormatByteSizeEx

setupapi

SetupIterateCabinetW

comdlg32

PrintDlgExW
GetOpenFileNameW
GetSaveFileNameW

shell32

CommandLineToArgvW
ShellAboutW

comctl32

ord410
ord412
ord413
InitCommonControlsEx

powrprof

PowerDeterminePlatformRoleEx

slc

SLGetWindowsInformationDWORD

Sections

.text
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msra.exe
.exe windows:10 windows x86 arch:x86

3a9cfbe2704d53479014b87df3daf578

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msra-stub.pdb

Imports

kernel32

SetLastError
Wow64DisableWow64FsRedirection
WaitForSingleObject
GetLastError
CloseHandle
GetExitCodeProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess
GetCurrentProcess

msvcrt

_except_handler4_common
__setusermatherr
_initterm
?terminate@@YAXXZ
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_wcmdln
_controlfp
memset

shell32

ShellExecuteExW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtstocom.exe
.exe windows:10 windows x86 arch:x86

08b4f5ceb407d118d07c8692bb1c07ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mtstocom.pdb

Imports

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
BuildSecurityDescriptorW
BuildTrusteeWithNameW
BuildTrusteeWithSidW
LsaLookupNames
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegConnectRegistryW

kernel32

GetVersionExA
CloseHandle
HeapSetInformation
CreateFileA
GetLocalTime
MoveFileExW
GetFileSize
LocalSize
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetLastError
OpenEventW
CreateFileW
SetFilePointer
GetModuleFileNameW
WriteFile
SetEvent
GetWindowsDirectoryA
GetComputerNameW

msvcrt

_initterm
_except_handler4_common
__setusermatherr
_cexit
?terminate@@YAXXZ
_controlfp
_lock
_unlock
__dllonexit
_onexit
memcpy
__p__fmode
_exit
exit
__set_app_type
memcmp
_local_unwind4
_waccess
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_strtime
_stricmp
wcsstr
wcschr
wcstombs
_wcsicmp
clock
_vsnwprintf
__CxxFrameHandler3
realloc
free
malloc
memset

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemRealloc
CoGetObjectContext
StringFromGUID2
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CLSIDFromString
CoInitializeEx

api-ms-win-core-string-l2-1-0

IsCharAlphaNumericW
CharNextW
CharPrevW
IsCharAlphaW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
OpenThreadToken
CreateProcessW
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
SetThreadToken
TerminateProcess
OpenProcessToken

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LockResource
FreeLibrary
GetProcAddress
FindResourceExW
LoadLibraryExW
LoadStringW
LoadResource

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegDeleteTreeW
RegQueryValueExW
RegDeleteValueW

api-ms-win-core-file-l1-1-0

FindClose
DeleteFileW
CreateDirectoryW
SetFileAttributesW
FindNextFileW
FindFirstFileW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

sspicli

LogonUserExExW

api-ms-win-security-base-l1-1-0

GetTokenInformation
CopySid
IsWellKnownSid
AllocateAndInitializeSid
GetSidSubAuthorityCount
GetSidLengthRequired
InitializeAcl
GetLengthSid
AddAccessAllowedAce
GetSecurityDescriptorDacl
CreatePrivateObjectSecurityEx
GetSecurityDescriptorLength
GetSidSubAuthority
DestroyPrivateObjectSecurity
FreeSid
AddAce
IsValidSecurityDescriptor

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW
LookupAccountNameLocalW

api-ms-win-security-lsapolicy-l1-1-0

LsaEnumerateAccountRights
LsaQueryInformationPolicy
LsaClose
LsaFreeMemory
LsaAddAccountRights
LsaRemoveAccountRights
LsaStorePrivateData
LsaRetrievePrivateData
LsaOpenPolicy

user32

CharNextA
CharPrevA

ntdll

wcsrchr
_wcsnicmp

Exports

Exports

?GetRegNodeDispenser@@YGJPAPAUIRegNodeDispenser@@@Z

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ndadmin.exe
.exe windows:10 windows x86 arch:x86

5c2a6be2fbea9dde5e237a67c853d0fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

NDAdmin.pdb

Imports

kernel32

CreateDirectoryW
GetFileAttributesW
GetFullPathNameW
HeapAlloc
HeapFree
GetProcessHeap
FreeLibrary
ExitProcess
GetProcAddress
HeapSetInformation
LoadLibraryW
GetLastError
GetCommandLineW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateEventW
WaitForSingleObjectEx
CloseHandle
SetEvent
ExpandEnvironmentStringsW
SetLastError
GetSystemWindowsDirectoryW
RaiseException

msvcrt

_controlfp
?terminate@@YAXXZ
_except_handler4_common
_acmdln
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
swscanf
_initterm
_resetstkoflw
wcschr
wcsrchr
memcpy

ntdll

RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtClose
RtlInitUnicodeString
NtOpenKey
NtQueryValueKey
RtlNtStatusToDosError

shell32

CommandLineToArgvW

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
net.exe
.exe windows:10 windows x86 arch:x86

6c829877160814fc33b041ab46abac59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

net.pdb

Imports

msvcrt

?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
wcsncat_s
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
wcscspn
_controlfp
_XcptFilter
wcsrchr
_except_handler4_common
wcstok
wcsncpy_s
wcsncmp
wcspbrk
qsort
_wcsdup
_wcsupr
calloc
wcsspn
malloc
iswctype
free
_ultow
_wcsicmp
sprintf_s
_wcsnicmp
memmove
wcschr
exit
_local_unwind4
_fileno
_setmode
wcscat_s
wcscpy_s
putchar
_vsnwprintf_s
_snwprintf_s
__iob_func
setlocale
__p__commode
memset

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCommandLineW

api-ms-win-core-console-l1-1-0

SetConsoleMode
GetConsoleMode
GetConsoleOutputCP
WriteConsoleW
ReadConsoleW

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW
GetCPInfo

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetExitCodeProcess
CreateProcessW
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentThread

mpr

WNetOpenEnumW
WNetGetLastErrorW
WNetCancelConnection2W
WNetCloseEnum
WNetGetConnectionW
WNetEnumResourceW
WNetAddConnection4W

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
RevertToSelf
ImpersonateSelf

sspicli

SspiMarshalAuthIdentity
SspiLocalFree
SspiEncodeStringsAsAuthIdentity
SspiFreeAuthIdentity

wkscli

NetUseGetInfo
NetUseEnum
NetWkstaUserGetInfo
NetWkstaGetInfo

netutils

NetpwNameValidate
NetapipBufferAllocate
NetpwPathType
NetApiBufferReallocate
NetApiBufferFree
NetApiBufferAllocate

samcli

NetUserGetInfo

api-ms-win-core-file-l1-1-0

WriteFile
GetDriveTypeW
GetFileType

srvcli

NetServerGetInfo
NetShareEnum

iphlpapi

GetCurrentThreadCompartmentId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-console-l1-2-0

PeekConsoleInputW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

RtlAllocateHeap

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
net1.exe
.exe windows:10 windows x86 arch:x86

fa57ec07c0a8e480f5d417e8860b906d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

net1.pdb

Imports

msvcrt

_vsnwprintf_s
putchar
wcstod
_wcsdup
_snwprintf_s
wcspbrk
wcstok
_ftol2
_ftol2_sse
_local_unwind4
memcpy
memmove
_wcsicmp
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
wcscspn
iswctype
wcsrchr
calloc
_wcsrev
malloc
free
realloc
swprintf_s
_ultow
wcsstr
wcsncat_s
_vsnwprintf
wcschr
sprintf_s
_wcsnicmp
_fileno
_setmode
setlocale
exit
wcsspn
qsort
wcsncmp
wcscpy_s
_wcsupr
wcsncpy_s
_cexit
_wcslwr
wcscat_s
__iob_func
memset

samcli

NetGroupGetInfo
NetGroupSetInfo
NetUserDel
NetGroupGetUsers
NetGroupEnum
NetGroupAddUser
NetGroupDel
NetGroupAdd
NetUserSetInfo
NetUserGetGroups
NetUserEnum
NetUserGetInfo
NetUserAdd
NetUserModalsSet
NetUserModalsGet
NetGroupDelUser

netutils

NetApiBufferReallocate
NetApiBufferAllocate
NetpwNameValidate
NetApiBufferFree
NetapipBufferAllocate
NetpwListCanonicalize
NetpwNameCompare
NetpwListTraverse
NetpwPathType
NetpwNameCanonicalize

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
SetLocalTime
GetComputerNameExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

srvcli

NetFileGetInfo
NetFileClose
NetFileEnum
NetSessionEnum
NetServerTransportEnum
NetServerSetInfo
NetServerGetInfo
NetConnectionEnum
NetSessionGetInfo
NetSessionDel
NetShareGetInfo
NetShareCheck
NetShareEnum
NetShareSetInfo
NetShareDel
NetShareAdd
NetShareDelSticky
NetRemoteTOD

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW
GetUserDefaultLCID
GetCPInfo

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCommandLineW

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleMode
ReadConsoleW
GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSetInformation

wkscli

NetUseDel
NetWkstaUserGetInfo
NetWkstaTransportEnum
NetWkstaGetInfo
NetUseEnum
NetWkstaStatisticsGet

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW

api-ms-win-security-base-l1-1-0

AddAccessAllowedAce
GetSidSubAuthority
SetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
GetSidLengthRequired
CopySid
GetSecurityDescriptorDacl
CreateWellKnownSid
EqualSid
GetAce
GetSidSubAuthorityCount

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-file-l1-1-0

GetFileType
GetDriveTypeW
WriteFile

api-ms-win-core-sysinfo-l1-2-0

SetSystemTime

logoncli

DsGetDcNameW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

cryptbase

SystemFunction036

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
StartServiceW
CloseServiceHandle

api-ms-win-service-core-l1-1-2

GetServiceKeyNameW
GetServiceDisplayNameW

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW
EnumDependentServicesW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-console-l1-2-0

PeekConsoleInputW

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringW

api-ms-win-security-activedirectoryclient-l1-1-0

DsUnBindW
DsBindWithSpnExW
DsCrackNamesW
DsFreeNameResultW

ntdll

NtQuerySystemTime
RtlGetNtProductType
RtlLengthSid
RtlAllocateHeap
RtlCopySid
RtlxOemStringToUnicodeSize
RtlInitString
RtlOemStringToUnicodeString
RtlInitUnicodeString
RtlInitAnsiString
RtlQueryTimeZoneInformation
NtSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
RtlTimeFieldsToTime
RtlSubAuthorityCountSid
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlTimeToSecondsSince1970
NtClose
RtlNtStatusToDosError
NtOpenProcessToken

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netbtugc.exe
.exe windows:10 windows x86 arch:x86

63592917831019c6758c6afeec76e093

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

netbtugc.pdb

Imports

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
RegEnumValueA
RegSetValueExA

kernel32

GetFileAttributesW
CreateDirectoryW
GetFullPathNameW
ExpandEnvironmentStringsW
FormatMessageA
MultiByteToWideChar
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
SetLastError
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetLastError
HeapAlloc
GetProcAddress
DeleteCriticalSection
GetProcessHeap
FreeLibrary
LoadLibraryExW

msvcrt

memcpy
wcsncmp
_wcsnicmp
wcschr
_onexit
__dllonexit
_unlock
_lock
memmove
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
free
_vsnprintf
malloc
_except_handler4_common
wcsrchr
memset

ntdll

RtlAllocateHeap
RtlFreeHeap

iphlpapi

ConvertInterfacePhysicalAddressToLuid
ConvertStringToInterfacePhysicalAddress
ConvertInterfaceAliasToLuid
ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToGuid

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e28d1a46ba8c0c2dd607dfe0e3a12845

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

shell32

Sections

.text Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 992B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 324B

5967658220e6e42c8b5a4216711c6075

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-l1-1-0

oleaut32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

iertutil

ntdll

shell32

Sections

.text Size: 44KB - Virtual size: 44KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

7d973a1a6fdc7951d42858dbebce3c8f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ws2_32

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

ntdll

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 992B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 324B

.text
Size: 44KB - Virtual size: 44KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 532B

.text
Size: 546KB - Virtual size: 546KB

.data
Size: 5KB - Virtual size: 7KB

.idata
Size: 15KB - Virtual size: 14KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 22KB - Virtual size: 22KB