CWindowsSysWOW64-9[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

CWindowsSysWOW64-9.zip
Size

1.8MB
MD5

ed2ce30da3492caf8eb18278967d05d1
SHA1

34b114c0832ff78f877d4ef0579efd832ff1e124
SHA256

ef48e665188594956f98f9540ae5f35cc406926276407f3fb619ced0e5c2c74a
SHA512

df25e5c5dd2ab6e9aa45827d07ffae132e83df55dff1ad4f626627d4ec7c4f267c3a543d995dfeff6968766bd6c058118a77a0d58b90af2ca28e9d32b0d09110
SSDEEP

49152:zks0gxlojW8XCCTgHBfhDZ/FBDABPe6k4j/Cnu0o:t0jNTefhDZDqPe6tq+

Score

3^/10

Malware Config

Signatures

Unsigned PE 29 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CertEnrollCtrl.exe
unpack001/CheckNetIsolation.exe
unpack001/ComputerDefaults.exe
unpack001/calc.exe
unpack001/certreq.exe
unpack001/certutil.exe
unpack001/charmap.exe
unpack001/chkdsk.exe
unpack001/chkntfs.exe
unpack001/choice.exe
unpack001/cipher.exe
unpack001/cleanmgr.exe
unpack001/cliconfg.exe
unpack001/clip.exe
unpack001/cmd.exe
unpack001/cmdkey.exe
unpack001/cmdl32.exe
unpack001/cmmon32.exe
unpack001/cmstp.exe
unpack001/colorcpl.exe
unpack001/comp.exe
unpack001/compact.exe
unpack001/control.exe
unpack001/convert.exe
unpack001/credwiz.exe
unpack001/cscript.exe
unpack001/ctfmon.exe
unpack001/cttune.exe
unpack001/cttunesvr.exe

Files

CWindowsSysWOW64-9.zip
.zip
CameraSettingsUIHost.exe
.exe windows:10 windows x86 arch:x86

f3d7ee4441d6e0b9d144542a4cb6194e

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:e9:e4:13:7f:27:45:1c:11:bd:e1:01:fb:f6:12:6e:79:4d:b4:44:8e:2b:8a:3c:f5:03:b2:5a:54:dc:8e:ef
Signer

Actual PE Digest

35:e9:e4:13:7f:27:45:1c:11:bd:e1:01:fb:f6:12:6e:79:4d:b4:44:8e:2b:8a:3c:f5:03:b2:5a:54:dc:8e:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

CameraSettingsUIHost.pdb

Imports

advapi32

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

kernel32

AcquireSRWLockShared
GetCurrentProcess
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
GetStartupInfoW
ReleaseSRWLockShared
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
SetUnhandledExceptionFilter
AcquireSRWLockExclusive
GetCurrentThreadId
EncodePointer
InitOnceExecuteOnce
GetModuleHandleW
TerminateProcess

user32

TranslateMessage
PostThreadMessageW
DispatchMessageW
GetMessageW

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
__CxxFrameHandler3
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

dui70

InitThread
UnInitProcessPriv
UnInitThread
InitProcessPriv

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoReleaseServerProcess
CoUninitialize
CoCreateInstance
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoAddRefServerProcess

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

imm32

ImmDisableIME

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CertEnrollCtrl.exe
.exe windows:10 windows x86 arch:x86

5b8e1455454cdaf58cd7ce3dd83ba3d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

CertEnrollCtrl.pdb

Imports

msvcrt

_cexit
_exit
_XcptFilter
__setusermatherr
_initterm
_wcmdln
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_lock
_unlock
__dllonexit
_onexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
__p__fmode
__CxxFrameHandler3
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strcspn
fprintf
wcscspn
fflush
fclose
fopen
_errno
_wgetenv
fseek
ftell
fwrite
_vsnwprintf
strchr
getenv
_vsnprintf
iswxdigit
iswdigit
_wcsnicmp
??3@YAXPAX@Z
_purecall
malloc
_wcsicmp
wcsncmp
_callnewh
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
memmove
??1type_info@@UAE@XZ
memset

certca

ord707
ord847
ord705
ord841
ord842
ord823
ord840
ord802
ord839

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-libraryloader-l1-2-0

LoadResource
LockResource
FreeLibrary
LoadLibraryExW
LoadStringW
FindResourceExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW
GetLocalTime
GetSystemTime

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

CompareFileTime
DeleteFileW
CreateFileW
FileTimeToLocalFileTime
GetFullPathNameW
GetTempFileNameW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetCommandLineW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetACP
GetLocaleInfoEx

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

certenroll

ord20

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CheckNetIsolation.exe
.exe windows:10 windows x86 arch:x86

8c4b70b06fd4e738845e670ca5e4f39b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

CheckNetIsolation.pdb

Imports

msvcrt

?terminate@@YAXXZ
_controlfp
fprintf
_wsetlocale
_initterm
_except_handler4_common
__iob_func
__p__commode
__setusermatherr
__p__fmode
_amsg_exit
wprintf
_cexit
_exit
__wgetmainargs
exit
_XcptFilter
__set_app_type
swprintf_s
towupper
memset

ntdll

RtlIsParentOfChildAppContainer
RtlFreeSid
RtlEqualSid
EtwTraceMessage
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
SetConsoleCtrlHandler

ws2_32

htonl

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
SetEvent
CreateEventW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

fwpuclnt

FwpmNetEventSubscribe4
FwpmEngineOpen0
FwpmProviderAdd0
FwpmEngineClose0
FwpmEngineSetOption0
FwpmFreeMemory0
FwpmNetEventUnsubscribe0
FwpmEngineGetOption0
FwpmFilterAdd0

firewallapi

NetworkIsolationSetAppContainerConfig
NetworkIsolationGetAppContainerConfig
FwEmptyWFAddresses
NetworkIsolationEnumAppContainers

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudNotifications.exe
.exe windows:10 windows x86 arch:x86

ee27b94f5c5cf9de447f466d4197cc00

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:df:cb:e5:b4:20:35:dc:4a:4b:e1:60:91:7f:c3:1d:50:ba:1d:c8:af:68:3f:0e:27:2b:c2:b7:c5:b1:8b:fd
Signer

Actual PE Digest

a1:df:cb:e5:b4:20:35:dc:4a:4b:e1:60:91:7f:c3:1d:50:ba:1d:c8:af:68:3f:0e:27:2b:c2:b7:c5:b1:8b:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

CloudNotifications.pdb

Imports

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

kernel32

HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CreateSemaphoreExW
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
CreateMutexW
LockResource
LoadResource
FindResourceExW
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetModuleFileNameA
CloseHandle

user32

TranslateMessage
GetMessageW
DispatchMessageW

msvcrt

_except_handler4_common
_lock
?terminate@@YAXXZ
_unlock
memcmp
_initterm
__dllonexit
_onexit
_controlfp
_wcmdln
__CxxFrameHandler3
__setusermatherr
__p__fmode
_cexit
_exit
??1type_info@@UAE@XZ
memmove
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_purecall
??3@YAXPAX@Z
memcpy_s
_vsnwprintf
wcsstr
memmove_s
malloc
_callnewh
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
memset

shlwapi

SHGetThreadRef
ord487
PathRemoveFileSpecW
PathAppendW

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentProcess
TerminateProcess
TlsSetValue
GetStartupInfoW
TlsAlloc
TlsGetValue

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-winrt-string-l1-1-0

WindowsReplaceString
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockExclusive

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

ntdll

WinSqmAddToStream

uxtheme

GetCurrentThemeName

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ComputerDefaults.exe
.exe windows:10 windows x86 arch:x86

baf2b2a54fa5e51b646474c16c67dfe7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ComputerDefaults.pdb

Imports

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent

msvcrt

_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_wcmdln
_cexit
_exit
_initterm
exit
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
__setusermatherr
_lock
__p__fmode
memcpy_s
_vsnwprintf
__set_app_type
memset

shell32

ShellExecuteExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CredentialUIBroker.exe
.exe windows:10 windows x86 arch:x86

1607f2772f9de511de7baac973968957

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:34:b9:07:af:49:8f:95:05:1d:cf:89:7b:f2:4a:51:9e:3a:ce:b7:4e:e0:07:10:5b:ff:c7:a7:58:bd:4f:21
Signer

Actual PE Digest

78:34:b9:07:af:49:8f:95:05:1d:cf:89:7b:f2:4a:51:9e:3a:ce:b7:4e:e0:07:10:5b:ff:c7:a7:58:bd:4f:21

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

CredentialUIBroker.pdb

Imports

advapi32

EventActivityIdControl
GetTokenInformation
EventUnregister
RegGetValueW
RegOpenKeyExW
CheckTokenMembership
OpenProcessToken
RegEnumKeyExW
EventSetInformation
AllocateAndInitializeSid
EventRegister
EventWriteTransfer
RegQueryInfoKeyW
RegCloseKey

kernel32

GetModuleFileNameA
FindStringOrdinal
InitOnceBeginInitialize
InitOnceExecuteOnce
CreateSemaphoreExW
HeapFree
SetLastError
CreateEventExW
EnterCriticalSection
ReleaseSemaphore
RegisterWaitForSingleObject
GetModuleHandleExW
UnregisterWait
GetProcessId
EncodePointer
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
OpenEventW
ReleaseMutex
OpenProcess
CreateEventW
GetExitCodeThread
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
SetEvent
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
RaiseException
CreateThreadpoolTimer
CreateThread
HeapAlloc
DecodePointer
GetProcAddress
CreateMutexExW
LocalFree
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
QueryFullProcessImageNameW
DebugBreak
IsDebuggerPresent
GlobalGetAtomNameW
DelayLoadFailureHook
ResolveDelayLoadedAPI

user32

GetPropW
ord2521
GetWindowBand
GetDesktopWindow
GetWindowThreadProcessId
PostQuitMessage
GetMessageW
PostThreadMessageW
TranslateMessage
GetWindowRect
IsWindowVisible
DispatchMessageW
IsWindow
GetShellWindow

msvcrt

_except_handler4_common
memcpy
memcmp
_controlfp
malloc
wcschr
_vsnwprintf
memcpy_s
_purecall
memmove_s
memset
free
_XcptFilter
?terminate@@YAXXZ
_callnewh
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode

shlwapi

SHSetThreadRef

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoReleaseServerProcess
CoAddRefServerProcess
CoCreateGuid
CoWaitForMultipleHandles
StringFromGUID2
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoRevokeClassObject
CoTaskMemFree
CoTaskMemRealloc
CoRegisterClassObject
CoGetCallContext
CoInitializeEx
CoResumeClassObjects

oleaut32

SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayGetDim
SafeArrayGetElemsize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoRegisterActivationFactories
RoGetActivationFactory
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalAlloc

ntdll

RtlEqualSid
NtQueryInformationToken
RtlInitUnicodeString
RtlFreeHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlIsParentOfChildAppContainer
RtlAllocateHeap

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
calc.exe
.exe windows:10 windows x86 arch:x86

ba072a972fe6c47c8cf7a0347bb0af7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

calc.pdb

Imports

shell32

ShellExecuteW

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter

msvcrt

_amsg_exit
__p__fmode
__setusermatherr
_initterm
_wcmdln
?terminate@@YAXXZ
_controlfp
_exit
exit
__p__commode
_XcptFilter
__set_app_type
_except_handler4_common
__wgetmainargs
_cexit

advapi32

EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certreq.exe
.exe windows:10 windows x86 arch:x86

94c45b4e79ab8aebe640aac4c5d58304

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

certreq.pdb

Imports

advapi32

CryptReleaseContext
CryptGenKey
CryptAcquireContextW
RevertToSelf
CryptDestroyKey
WaitServiceState

kernel32

DecodePointer
RaiseException
LocalFree
GetTempFileNameW
GetSystemTimeAsFileTime
GetTickCount
lstrcmpW
EncodePointer
LocalAlloc
GetFileAttributesW
DeleteFileW
DelayLoadFailureHook
ResolveDelayLoadedAPI

msvcrt

memcmp
__iob_func
??3@YAXPAX@Z
_vsnwprintf
ferror
fflush
_wfopen_s
fclose
fputws
_vsnprintf
iswdigit
wcschr
wcsstr
_swab
_wcsnicmp
wcsrchr
??1type_info@@UAE@XZ
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
memmove
memcpy
_CxxThrowException
_itoa_s
wcscpy_s
_stricmp
towupper
iswlower
iswupper
sscanf_s
strpbrk
strcat_s
strcpy_s
strspn
_fileno
_setmode
getenv
fwrite
ftell
_wgetenv
_errno
fopen
fprintf
strcspn
_except_handler4_common
_controlfp
?terminate@@YAXXZ
wcsncmp
_onexit
__dllonexit
strncmp
_unlock
_lock
_wcmdln
atoi
strchr
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
isdigit
exit
qsort
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
wcscspn
__CxxFrameHandler3
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
iswspace
iswxdigit
_wtoi
gmtime
_wsetlocale
iswalpha
_wfopen
fgetc
feof
fseek
fgetws
fgets
vfwprintf
_wcsicmp
_purecall
malloc
free
towlower
memset

certcli

CACloseCertType
ord252
ord366
ord260
ord223
ord357
ord373
ord213
ord261
ord360
ord225
ord207
ord254
ord205
ord203
CAGetCertTypeProperty
CAFreeCertTypeProperty
ord220
ord221
ord256
ord358
ord246
ord356
ord359
CAFindCertTypeByName
ord219

gdi32

GetStockObject

ncrypt

NCryptOpenStorageProvider
NCryptGetProperty
NCryptIsKeyHandle
NCryptFreeObject
NCryptEnumStorageProviders
NCryptFreeBuffer
NCryptOpenKey
NCryptSetProperty

normaliz

IdnToUnicode

ntdll

RtlTimeToSecondsSince1970
NtQuerySystemTime
EtwTraceMessage

setupapi

SetupFindNextLine
SetupGetIntField
SetupCloseInfFile
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetLineCountW
SetupGetFieldCount
SetupGetStringFieldW

profapi

ord104

wldap32

ord167
ord12
ord18
ord127
ord13
ord142
ord41
ord140
ord79
ord26
ord224
ord147
ord210
ord16
ord203

crypt32

CryptFindOIDInfo
CertFindAttribute
CertFreeCertificateContext
CertFreeCRLContext
CertGetCertificateChain
CryptMsgUpdate
CryptMsgClose
CryptDecodeObject
CryptHashPublicKeyInfo
CertEnumCRLsInStore
CryptAcquireCertificatePrivateKey
CertCreateCertificateContext
CryptMsgOpenToDecode
CryptMsgControl
CryptFindCertificateKeyProvInfo
CryptSignAndEncodeCertificate
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertCloseStore
CryptMsgGetParam
CertFreeCertificateChain
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertVerifySubjectCertificateContext
CertFindExtension
CryptEncodeObjectEx
CryptDecodeObjectEx
CryptStringToBinaryW
CertGetNameStringW
CryptExportPublicKeyInfoEx
CryptSignCertificate
CertNameToStrW
CryptHashCertificate
CertSetStoreProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertAddCertificateLinkToStore
CryptEnumOIDInfo
CryptFormatObject
CryptSignMessage
CryptMsgGetAndVerifySigner
CertStrToNameW
CryptMsgOpenToEncode

ole32

StringFromCLSID
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoTaskMemFree

oleaut32

SysAllocStringByteLen
SafeArrayGetElement
VariantCopyInd
CreateErrorInfo
SetErrorInfo
VariantClear
SysStringLen
SysAllocStringLen
SysStringByteLen
SysFreeString
VariantInit
VariantTimeToSystemTime
SafeArrayUnaccessData
SystemTimeToVariantTime
SafeArrayCreate
SafeArrayPutElement
SafeArrayAccessData
SysAllocString
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound

rpcrt4

RpcEpResolveBinding
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFree
NdrClientCall4
UuidCreate
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcExceptionFilter

secur32

GetUserNameExW
GetComputerObjectNameW

user32

DispatchMessageW
CreateWindowExW
RegisterClassW
PostQuitMessage
GetMessageW
LoadCursorW
PostMessageW
TranslateMessage
UpdateWindow
GetDesktopWindow
MessageBoxW
CharLowerW
DefWindowProcW
LoadIconW
LoadStringW
SetCursor

wininet

InternetCrackUrlW
InternetCreateUrlW
InternetCanonicalizeUrlW

shlwapi

PathFindFileNameW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
GetStartupInfoW
GetCurrentThread
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
FreeLibrary
LoadResource
GetModuleHandleW
LockResource
LoadLibraryExW
GetProcAddress

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalReAlloc

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize
GetFileType
CompareFileTime
GetFullPathNameW
WriteFile
SetEndOfFile
SetFilePointer
FileTimeToLocalFileTime
LocalFileTimeToFileTime

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
HeapAlloc
GetProcessHeap

api-ms-win-core-string-l1-1-0

FoldStringW
MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemDirectoryW
GetComputerNameExW
GetVersionExW
GetLocalTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptSetProvParam
CryptGetHashParam
CryptEnumProvidersA
CryptGetProvParam
CryptCreateHash
CryptHashData

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW
GetStdHandle
GetCommandLineW
GetEnvironmentVariableW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW
GetLocaleInfoEx
GetACP

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
CreateWellKnownSid
EqualSid
GetTokenInformation
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
DuplicateToken

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-security-logon-l1-1-0

LogonUserExW

api-ms-win-core-datetime-l1-1-0

GetDateFormatA
GetTimeFormatA
GetTimeFormatW
GetDateFormatW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
SetEvent
WaitForSingleObjectEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringA

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle
StartServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-winsvc-l1-1-0

ControlService

Sections

.text
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certutil.exe
.exe windows:10 windows x86 arch:x86

4bf70f7433c5fd135e07446f35709d1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

certutil.pdb

Imports

advapi32

IsValidSecurityDescriptor
GetSecurityDescriptorLength
CryptReleaseContext
CryptAcquireContextW
LookupAccountNameW
IsValidSid
ConvertSidToStringSidW
ImpersonateSelf
RevertToSelf
LookupAccountSidW
CryptGetProvParam
CryptGetUserKey
CryptGetKeyParam
CryptDestroyKey
RegCreateKeyExW
RegSetValueExW
RegSetValueExA
RegDeleteKeyExW
RegCloseKey
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
CryptSetProvParam
CryptGenRandom
CryptCreateHash
CryptVerifySignatureW
CryptHashData
CryptDestroyHash
CryptSetKeyParam
CryptDecrypt
CryptImportKey
RegDeleteTreeW
RegOpenKeyW
CryptGetHashParam
CryptDuplicateKey
CryptEncrypt
CryptGenKey
CryptContextAddRef
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
SetNamedSecurityInfoW
AddAccessDeniedAce
AddAccessAllowedAce
AddAccessDeniedObjectAce
AddAccessAllowedObjectAce
AddAce
InitializeAcl
LsaStorePrivateData
LsaRetrievePrivateData
RegConnectRegistryW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
CryptEnumProvidersA
CryptGetDefaultProviderW
LogonUserExW
ImpersonateLoggedOnUser
CreateWellKnownSid
MakeAbsoluteSD
MakeSelfRelativeSD
LsaClose
LsaFreeMemory
LsaOpenPolicy
FreeSid
CheckTokenMembership
DuplicateToken
OpenThreadToken
ConvertStringSidToSidW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
SetEntriesInAclW
GetSecurityDescriptorDacl
DeleteAce
EqualSid
GetAce
GetAclInformation
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSecurityDescriptorControl
CryptSignHashW
CryptSetHashParam
CryptExportKey
CryptDuplicateHash

kernel32

GetFullPathNameW
CloseThreadpoolTimer
CloseThreadpoolWait
FindCloseChangeNotification
FindNextChangeNotification
SetThreadpoolWait
SetThreadpoolTimer
MultiByteToWideChar
VerifyVersionInfoW
VerSetConditionMask
LeaveCriticalSection
SetConsoleCtrlHandler
EnterCriticalSection
SetEndOfFile
WriteFile
LockResource
SizeofResource
LoadResource
FindResourceW
GetVersionExW
GetComputerNameExW
GetComputerNameW
SetFilePointer
ReadFile
FindClose
FindNextFileW
FindFirstChangeNotificationW
Sleep
GetTickCount
LoadLibraryW
DecodePointer
EncodePointer
GetFileAttributesExW
GetCurrentProcess
QueryFullProcessImageNameW
GetProcessTimes
OpenProcess
GetLastError
GetTickCount64
PulseEvent
OpenEventW
GetSystemDefaultUILanguage
LocalReAlloc
LocalFileTimeToFileTime
GetModuleHandleW
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetSystemDefaultLangID
FormatMessageW
HeapAlloc
HeapFree
GetProcessHeap
lstrcmpW
DeleteFileW
CreateThreadpoolTimer
FindFirstFileW
CreateThreadpoolWait
SetEvent
ReleaseSemaphore
TrySubmitThreadpoolCallback
CreateSemaphoreW
GetFileSize
CreateFileW
GetProcAddress
CreateEventW
GetEnvironmentVariableW
GetUserDefaultUILanguage
GetTempFileNameW
SetLastError
SetConsoleMode
LocalFree
GetSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalAlloc
GetFileAttributesW
FreeLibrary
CompareFileTime
CreateThread
WaitForSingleObject
GetExitCodeThread
CloseHandle
GetConsoleMode
GetFileType
GetStdHandle
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
DelayLoadFailureHook
ResolveDelayLoadedAPI
FindResourceExW
LCIDToLocaleName
GetLocaleInfoW
GetLocaleInfoEx
SearchPathW
LoadLibraryExA
GetProfileStringA
ResetEvent
GetFileTime
lstrlenW
VirtualFree
VirtualAlloc
GetTempPathW
GetLocalTime
K32GetProcessImageFileNameW
HeapSetInformation
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemInfo
GetCurrentThread
CreateDirectoryW
RemoveDirectoryW
GetConsoleOutputCP
CompareStringW
FoldStringW
GetTimeFormatW
GetDateFormatW
FileTimeToLocalFileTime
LoadLibraryExW
GetSystemDirectoryW
GetCommandLineW
FileTimeToSystemTime
WriteConsoleW
GetACP
WideCharToMultiByte
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId

msvcrt

realloc
_errno
??1type_info@@UAE@XZ
wcstok
_onexit
__dllonexit
_unlock
_lock
_controlfp
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_wcmdln
_itoa_s
memset
wcscpy_s
towupper
iswlower
towlower
iswupper
sscanf_s
strpbrk
strcat_s
strcpy_s
strspn
getenv
fwrite
ftell
_wgetenv
_ftol2
_setmode
wcstoul
fgetws
feof
fgetc
_wfopen
fputws
atoi
iswalpha
_wsetlocale
isxdigit
gmtime
iswxdigit
vfwprintf
iswspace
__iob_func
__p__commode
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
fprintf
_strlwr
_swab
ferror
fseek
fputs
strchr
fgets
fopen
_except_handler4_common
_fileno
__isascii
??3@YAXPAX@Z
__CxxFrameHandler3
_purecall
_vsnwprintf
iswdigit
wcsrchr
wcschr
fwprintf
_wfopen_s
fclose
fflush
_fgetwchar
wcsspn
_wcsnicmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
qsort
wcscspn
free
??_V@YAXPAX@Z
memcmp
isdigit
_strnicmp
swscanf
_stricmp
_wtoi
_vsnprintf
_wcslwr
strncmp
strcspn
wcsstr
strstr
wcsncmp
_ultow
_wcsicmp
bsearch

certcli

ord254
ord360
ord223
ord256
ord246
ord225
ord358
ord207
ord359
ord217
ord213
ord205
ord356
CAEnumCertTypesEx
ord258
CAGetCertTypeFlagsEx
CAGetCertTypePropertyEx
CAFreeCertTypeProperty
CAGetCertTypeKeySpec
ord357
CACertTypeGetSecurity
CAGetCertTypeExtensions
CAFreeCertTypeExtensions
CAEnumCertTypesForCAEx
CAGetCertTypeProperty
CACertTypeAccessCheckEx
CAEnumNextCertType
CACloseCertType
ord373
CAEnumFirstCA
CAFindByName
CAGetCAProperty
CAFreeCAProperty
CAEnumNextCA
CACloseCA
ord362
CAGetCAFlags
CAGetCAExpiration
CAAccessCheck
ord361
CAGetCACertificate
CAGetCASecurity
CASetCAProperty
CAUpdateCAEx
CAFindByCertType
ord257
ord218
ord255
CAEnumCertTypesForCA
CACountCertTypes
CACertTypeAccessCheck
CACountCAs
CARemoveCACertificateTypeEx
CAAddCACertificateTypeEx
CAUpdateCA
ord260
ord366
ord252
ord261
ord253
ord203
ord247
ord210
CASetCASecurity
CASetCACertificate
CASetCAFlags
CACreateNewCA
CAFindCertTypeByName
ord370
ord245
CAGetCertTypeExpiration

crypt32

CryptFindOIDInfo
CertGetCertificateContextProperty
CertFindExtension
CryptEncodeObjectEx
CertFreeCertificateContext
CertCloseStore
CertDuplicateCertificateContext
CertEnumCRLsInStore
CertFreeCRLContext
CertCreateCRLContext
CryptExportPKCS8
PFXExportCertStoreEx
PFXExportCertStore
CryptFreeOIDFunctionAddress
CryptGetOIDFunctionAddress
CryptInitOIDFunctionSet
CertStrToNameW
CryptDecryptMessage
CryptEncryptMessage
CryptSignMessage
CryptFormatObject
CertAddCertificateLinkToStore
CertGetIntendedKeyUsage
CryptHashPublicKeyInfo
CryptStringToBinaryW
CryptMsgOpenToDecode
CertNameToStrW
CryptSignCertificate
CryptExportPublicKeyInfoEx
CryptSignAndEncodeCertificate
CertDuplicateStore
CryptMsgUpdate
CryptMsgOpenToEncode
CryptBinaryToStringW
CertOpenServerOcspResponse
I_CryptWalkAllLruCacheEntries
I_CryptRemoveLruEntry
I_CryptGetLruEntryData
I_CryptFindLruEntry
I_CryptReleaseLruEntry
I_CryptInsertLruEntry
I_CryptCreateLruEntry
CertCloseServerOcspResponse
I_CryptFreeLruCache
I_CryptCreateLruCache
CryptMsgEncodeAndSignCTL
CertGetNameStringA
CertSetCertificateContextPropertiesFromCTLEntry
CertCreateContext
I_CertProtectFunction
CertAddStoreToCollection
CertVerifyCertificateChainPolicy
CryptMemFree
CertVerifySubjectCertificateContext
CryptVerifyCertificateSignatureEx
CertGetEnhancedKeyUsage
CertVerifyCRLTimeValidity
CertVerifyRevocation
CertVerifyTimeValidity
CryptEnumKeyIdentifierProperties
CryptImportPublicKeyInfo
CertDuplicateCRLContext
CertDeleteCRLFromStore
CertAddCTLContextToStore
CertAddCRLContextToStore
CertEnumSystemStore
CertEnumSystemStoreLocation
CertEnumPhysicalStore
CertControlStore
CertSaveStore
CertAddSerializedElementToStore
CertAddEncodedCTLToStore
CertAddEncodedCRLToStore
CertAddEncodedCertificateToStore
CertSetCTLContextProperty
CertSetCRLContextProperty
CryptFindCertificateKeyProvInfo
CryptAcquireCertificatePrivateKey
CertEnumCertificateContextProperties
CertGetCRLContextProperty
CertEnumCRLContextProperties
CertGetCTLContextProperty
CertEnumCTLContextProperties
CertSetStoreProperty
CertComparePublicKeyInfo
CryptExportPublicKeyInfo
CertFreeCTLContext
CertCreateCTLContext
CertEnumCTLsInStore
CertDeleteCertificateFromStore
CertGetNameStringW
CryptDecodeObjectEx
CryptQueryObject
CryptMsgGetParam
CryptVerifyDetachedMessageSignature
CryptMsgGetAndVerifySigner
CryptMsgControl
PFXIsPFXBlob
PFXImportCertStore
CryptImportPKCS8
CertGetPublicKeyLength
CryptMsgClose
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CryptGetKeyIdentifierProperty
CertFindAttribute
CryptHashCertificate
CryptDecodeObject
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CryptFindLocalizedName
CryptVerifyCertificateSignature
CertCompareCertificateName
CertFreeCertificateChain
CertGetCertificateChain
CryptHashCertificate2
CryptImportPublicKeyInfoEx2
CryptRegisterOIDInfo
CertCreateCertificateContext
CryptEnumOIDInfo

cabinet

ord20
ord21
ord22
ord23

comctl32

InitCommonControlsEx

cryptui

CryptUIDlgFreeCAContext
CryptUIDlgViewCRLW
CryptUIDlgViewCertificateW

gdi32

GetStockObject

ncrypt

NCryptFreeObject
BCryptVerifySignature
BCryptDestroyKey
NCryptOpenStorageProvider
NCryptImportKey
NCryptSetProperty
NCryptFinalizeKey
BCryptSetProperty
BCryptGetProperty
BCryptCloseAlgorithmProvider
SslEnumProtocolProviders
SslOpenProvider
SslFreeBuffer
SslFreeObject
NCryptGetProperty
BCryptFreeBuffer
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptDecrypt
BCryptEncrypt
BCryptExportKey
BCryptGenRandom
BCryptSignHash
NCryptCreatePersistedKey
NCryptDecrypt
NCryptDeleteKey
NCryptDeriveKey
NCryptEncrypt
NCryptExportKey
NCryptOpenKey
NCryptSecretAgreement
NCryptSignHash
NCryptVerifySignature
NCryptEnumAlgorithms
NCryptIsAlgSupported
NCryptEnumKeys
NCryptEnumStorageProviders
NCryptFreeBuffer
BCryptEnumAlgorithms
BCryptGenerateKeyPair
BCryptQueryProviderRegistration
BCryptEnumContexts
BCryptQueryContextConfiguration
BCryptEnumContextFunctions
BCryptResolveProviders
NCryptIsKeyHandle

netapi32

DsGetDcNameW
NetApiBufferFree
NetUserGetGroups
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
DsGetSiteNameW

normaliz

IdnToUnicode
IdnToAscii

ntdll

NtQuerySystemTime
RtlTimeToSecondsSince1970
NtQuerySystemInformationEx
WinSqmIncrementDWORD

ntdsapi

DsFreeNameResultW
DsUnBindW
DsCrackNamesW
DsBindW
DsGetDomainControllerInfoW
DsFreeDomainControllerInfoW

setupapi

SetupGetLineCountW
SetupOpenInfFileW
SetupCloseInfFile
SetupGetIntField
SetupFindNextLine
SetupFindFirstLineW
SetupGetStringFieldW
SetupGetFieldCount

shell32

SHGetKnownFolderPath
SHGetFolderPathW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wldap32

ord16
ord208
ord73
ord14
ord12
ord18
ord191
ord113
ord140
ord224
ord142
ord79
ord127
ord167
ord147
ord155
ord206
ord135
ord203
ord36
ord26
ord27
ord145
ord41
ord65
ord210
ord13

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoInitializeEx
CLSIDFromString
CoCreateInstance
StringFromCLSID
ProgIDFromCLSID
CoTaskMemAlloc
CoCreateInstanceEx
CoSetProxyBlanket
CLSIDFromProgID
StgOpenStorageEx
PropVariantClear

oleaut32

SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SysStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopyInd
CreateErrorInfo
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SetErrorInfo
SafeArrayAccessData
SafeArrayGetElement
SysFreeString
SafeArrayUnaccessData
SysStringByteLen

rpcrt4

UuidCreate
I_RpcExceptionFilter
NdrClientCall2

secur32

GetComputerObjectNameW
TranslateNameW
GetUserNameExW

user32

GetDlgItem
GetWindowTextW
ShowWindow
SetFocus
SetWindowLongW
UpdateWindow
LoadStringW
LoadCursorW
DefWindowProcW
LoadIconW
RegisterClassW
MessageBoxW
SendMessageW
SetCursor
EnableWindow
SendDlgItemMessageA
CheckDlgButton
CharLowerW
GetDesktopWindow
SetDlgItemInt
EndDialog
CallWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
CreateWindowExW
SetDlgItemTextW
GetWindowLongW
SetWindowTextW
DialogBoxParamW
GetDlgItemTextW
IsDlgButtonChecked
PostQuitMessage
GetDlgItemInt

shlwapi

PathFindFileNameW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
charmap.exe
.exe windows:10 windows x86 arch:x86

9c60cad1816f0f3589f360915257b4e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

CharMap.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW

kernel32

WaitForSingleObject
OpenSemaphoreW
RegisterApplicationRestart
LoadLibraryW
GetThreadLocale
FindResourceW
LoadResource
SizeofResource
LockResource
InitOnceBeginInitialize
GetCurrentProcessId
CreateMutexExW
InitOnceComplete
CreateSemaphoreExW
ReleaseSRWLockExclusive
LocalFree
LocalAlloc
IsValidLanguageGroup
GetSystemDirectoryW
FindFirstFileW
FindNextFileW
FindClose
AcquireSRWLockExclusive
ReleaseSemaphore
SetLastError
WaitForSingleObjectEx
IsDebuggerPresent
HeapAlloc
GetLocaleInfoW
HeapSetInformation
FreeLibrary
GetProcessHeap
HeapFree
GetLastError
GetCurrentThreadId
lstrcmpW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
IsDBCSLeadByteEx
GetCPInfo
CloseHandle
DecodePointer
EncodePointer
MulDiv
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
FormatMessageW
OutputDebugStringW
GlobalFree
GlobalAlloc
GetACP
lstrlenW
GlobalLock
WideCharToMultiByte
GlobalUnlock
IsValidCodePage
EnumSystemCodePagesW
CompareStringW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
GetStringTypeW
MultiByteToWideChar
ReleaseMutex

gdi32

GetLayout
ExtTextOutW
CreateDIBitmap
SetTextAlign
GetTextAlign
BitBlt
GetTextExtentPointW
GetStockObject
PatBlt
CreateSolidBrush
UnrealizeObject
GetObjectW
CreateCompatibleBitmap
SetBkMode
CreateCompatibleDC
DeleteDC
TranslateCharsetInfo
CreatePen
SetTextColor
LineTo
MoveToEx
GetTextExtentPoint32W
TextOutW
SetBkColor
GetTextMetricsW
CreateFontW
GetCharWidth32W
EnumFontFamiliesExW
GetFontData
SelectObject
CreateFontIndirectW
DeleteObject

user32

GetMonitorInfoW
GetWindowRect
SetThreadDpiAwarenessContext
CreateWindowExW
GetSystemMetrics
GetClientRect
ShowWindow
GetDpiForSystem
InvalidateRect
CallWindowProcW
RegisterClassW
DefWindowProcW
GetSysColor
SetDlgItemTextW
EnableWindow
SetScrollInfo
SetRect
AdjustWindowRectEx
GetAsyncKeyState
PtInRect
SetCapture
ReleaseCapture
GetScrollInfo
DrawFocusRect
UnregisterClassW
SetTimer
KillTimer
GetParent
GetWindowTextLengthW
GetWindowTextW
PostMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
GetMessageW
IsDialogMessageW
CreateDialogParamW
UpdateWindow
ClientToScreen
GetAncestor
MapDialogRect
SetWindowPos
MapWindowPoints
MoveWindow
GetDpiForWindow
GetClassNameW
LoadIconW
EnumChildWindows
ScreenToClient
SetDialogControlDpiChangeBehavior
GetKeyboardLayout
GetMessagePos
FillRect
GetFocus
GetDlgItemTextW
GetUpdateRect
ShowCursor
WindowFromPoint
GetCursorPos
GetMessageTime
ValidateRect
SetScrollPos
SetScrollRange
NotifyWinEvent
GetWindowInfo
IsWindowEnabled
GetDlgCtrlID
SetWindowTextW
BeginPaint
GetDC
EndPaint
SetWindowLongW
GetWindowLongW
DestroyWindow
LoadCursorW
ReleaseDC
GetWindowDC
SendMessageW
GetDlgItem
SendDlgItemMessageW
RegisterClipboardFormatW
LoadStringW
MonitorFromWindow
SetFocus

msvcrt

_amsg_exit
__p__commode
exit
__set_app_type
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_acmdln
__getmainargs
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
memcpy
_XcptFilter
_callnewh
_ftol2_sse
_exit
_vsnwprintf
free
towupper
_wcsupr
swscanf_s
wcsncpy_s
memcpy_s
wcsstr
calloc
realloc
malloc
_wtol
memset

getuname

GetUName

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoGetMalloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetStartupInfoW
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

comctl32

ord17

ole32

DoDragDrop
OleInitialize
OleUninitialize

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chkdsk.exe
.exe windows:10 windows x86 arch:x86

ee92f1baa2b860c1f2abfb7a44cc9619

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

chkdsk.pdb

Imports

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
ReportEventW
RegisterEventSourceW

ntdll

NtTerminateProcess
RtlUnhandledExceptionFilter

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetErrorMode

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

ExitProcess

ulib

?AppendString@PATH@@QAEEPBVWSTRING@@@Z
?IsDrive@PATH@@QBEEXZ
??1PATH@@UAE@XZ
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
??0PATH@@QAE@XZ
?Initialize@LONG_ARGUMENT@@QAEEPAD@Z
?QueryPackedLog@MESSAGE@@QAEEPAVHMEM@@PAK@Z
?Log@MESSAGE@@QAAEPBDZZ
?DisplayMsg@MESSAGE@@QAAEKPBDZZ
?DisplayMsg@MESSAGE@@QAAEKW4MESSAGE_TYPE@@KPBDZZ
?Display@MESSAGE@@QAAEPBDZZ
Get_Standard_Output_Stream
?Resize@HMEM@@QAEEKK@Z
?Initialize@HMEM@@QAEEXZ
??1HMEM@@UAE@XZ
??0HMEM@@QAE@XZ
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?AnalyzePath@PATH@@QAE?AW4PATH_ANALYZE_CODE@@PAVWSTRING@@PAV1@0@Z
?DisplayMsg@MESSAGE@@QAEEK@Z
??8WSTRING@@QBEEABV0@@Z
?Strupr@WSTRING@@QAEPAV1@XZ
?Stricmp@WSTRING@@QBEJPBV1@@Z
??0FLAG_ARGUMENT@@QAE@XZ
?SqmExportOnError@SQMEXPORT@@SGXKKEE_KU_GUID@@@Z
Get_Standard_Input_Stream
??0DSTRING@@QAE@XZ
??1DSTRING@@UAE@XZ
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
??0ARRAY@@QAE@XZ
?IsGuidVolName@PATH@@QAEEXZ
??0STRING_ARGUMENT@@QAE@XZ
??0CHKDSK_MESSAGE@@QAE@XZ
??1ARRAY@@UAE@XZ
??1CHKDSK_MESSAGE@@UAE@XZ
?Initialize@ARRAY@@QAEEKK@Z
?DeleteAllMembers@ARRAY@@UAEEXZ
?Set@CHKDSK_MESSAGE@@UAEEKW4MESSAGE_TYPE@@K@Z
?Initialize@CHKDSK_MESSAGE@@QAEEPAVSTREAM@@00@Z
??1STRING_ARGUMENT@@UAE@XZ
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
??0ARGUMENT_LEXEMIZER@@QAE@XZ
??1ARGUMENT_LEXEMIZER@@UAE@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QAEPAVWSTRING@@XZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
??1OBJECT@@UAE@XZ
?IsValueSet@ARGUMENT@@QAEEXZ
?QueryCurrentDosDriveName@SYSTEM@@SGEPAVWSTRING@@@Z
?QueryDriveType@SYSTEM@@SG?AW4DRIVE_TYPE@@PBVWSTRING@@@Z
?QueryLibraryEntryPoint@SYSTEM@@SGP6GHXZPBVWSTRING@@0PAPAX@Z
?QueryNextLibraryEntryPoint@SYSTEM@@SGP6GHXZPAXPBVWSTRING@@@Z
?FreeLibraryHandle@SYSTEM@@SGXPAX@Z
??0PATH_ARGUMENT@@QAE@XZ
?Initialize@WSTRING@@QAEEPBDK@Z
??1PATH_ARGUMENT@@UAE@XZ
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?Strcat@WSTRING@@QAEEPBV1@@Z
??0LONG_ARGUMENT@@QAE@XZ
?MakeFileToken@MESSAGE@@SG_KPBD@Z

ifsutil

?GetSnapshotErrorMessage@SNAPSHOT@@SGEJPAVWSTRING@@@Z
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EE@Z
??1DP_DRIVE@@UAE@XZ
??0DP_DRIVE@@QAE@XZ
?IsVolumeDirty@IFS_SYSTEM@@SGEPAVWSTRING@@PAE1PAJ@Z
?QueryVolumeSize@IFS_SYSTEM@@SGEPBVWSTRING@@PA_K@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?GetSnapshotNtDeviceName@SNAPSHOT@@QAEPAGXZ
?QuerySnapshotDiffAreaVolume@SNAPSHOT@@QAEEPAVWSTRING@@@Z
?GetVolumeSnapshot@SNAPSHOT@@SGJPAVWSTRING@@PAPAV1@@Z
?ReleaseVolumeSnapshot@SNAPSHOT@@SGEPAV1@@Z
?IsFatalError@SNAPSHOT@@SGEJ@Z
?QueryID@DP_DRIVE@@QAEEPAU_GUID@@PBVWSTRING@@@Z
?QueryFileSystemName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@PAJ1@Z

msvcrt

_controlfp
?terminate@@YAXXZ
_except_handler4_common
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chkntfs.exe
.exe windows:10 windows x86 arch:x86

d0f4e345e64f27143a66b4c09c8b88d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

chkntfs.pdb

Imports

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__p__fmode
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
__setusermatherr
exit

ulib

??0PATH@@QAE@XZ
?Strcat@WSTRING@@QAEEPBV1@@Z
?QueryString@WSTRING@@QBEPAV1@KK@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?Initialize@WSTRING@@QAEEPBDK@Z
??8WSTRING@@QBEEABV0@@Z
??1PATH@@UAE@XZ
??1PROGRAM@@UAE@XZ
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?Fatal@PROGRAM@@UBAXKKPADZZ
?AnalyzePath@PATH@@QAE?AW4PATH_ANALYZE_CODE@@PAVWSTRING@@PAV1@0@Z
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
?Usage@PROGRAM@@UBEXXZ
?ValidateVersion@PROGRAM@@UBEXKK@Z
??0PROGRAM@@IAE@XZ
??0STRING_ARGUMENT@@QAE@XZ
??1STRING_ARGUMENT@@UAE@XZ
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
??0ARGUMENT_LEXEMIZER@@QAE@XZ
??1ARGUMENT_LEXEMIZER@@UAE@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
??0CLASS_DESCRIPTOR@@QAE@XZ
?Fatal@PROGRAM@@UBEXXZ
?Initialize@PROGRAM@@QAEEKKK@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
??1OBJECT@@UAE@XZ
?Compare@OBJECT@@UBEJPBV1@@Z
?DebugDump@OBJECT@@UBEXE@Z
?GetLexeme@ARGUMENT@@QAEPAVWSTRING@@XZ
?IsValueSet@ARGUMENT@@QAEEXZ
??0MULTIPLE_PATH_ARGUMENT@@QAE@XZ
??1MULTIPLE_PATH_ARGUMENT@@UAE@XZ
?Initialize@MULTIPLE_PATH_ARGUMENT@@QAEEPADEE@Z
?QueryDriveType@SYSTEM@@SG?AW4DRIVE_TYPE@@PBVWSTRING@@@Z
??0FLAG_ARGUMENT@@QAE@XZ
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
??0ARRAY@@QAE@XZ
??1ARRAY@@UAE@XZ
?Initialize@ARRAY@@QAEEKK@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
??0LONG_ARGUMENT@@QAE@XZ
?Initialize@LONG_ARGUMENT@@QAEEPAD@Z
??0DSTRING@@QAE@XZ
??1DSTRING@@UAE@XZ
?Initialize@CLASS_DESCRIPTOR@@QAEEPBD@Z

ifsutil

??1DP_DRIVE@@UAE@XZ
??0DP_DRIVE@@QAE@XZ
?IsFrontEndPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@E@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@0@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@00@Z
?PushEntry@AUTOREG@@SGEPBVWSTRING@@@Z
??0MOUNT_POINT_MAP@@QAE@XZ
?IsVolumeDirty@IFS_SYSTEM@@SGEPAVWSTRING@@PAE1PAJ@Z
?QueryIsSystemUEFI@IFS_SYSTEM@@SGEXZ
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?QueryFileSystemName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@PAJ1@Z
??0MOUNT_POINT_TUPLE@@QAE@XZ
?SetAutochkTimeOut@VOL_LIODPDRV@@SGEK@Z
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EE@Z
?Initialize@MOUNT_POINT_MAP@@QAEEXZ
??1MOUNT_POINT_MAP@@UAE@XZ
?AddEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?QueryAutochkTimeOut@VOL_LIODPDRV@@SGEPAK@Z

ntdll

RtlAllocateHeap
RtlFreeHeap

kernel32

UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
HeapSetInformation
GetLastError
GetVersionExW
SetErrorMode
GetCurrentProcess
TerminateProcess

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

user32

ExitWindowsEx

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
choice.exe
.exe windows:10 windows x86 arch:x86

f0284b27e1fdda95ba325d8869dc07fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

choice.pdb

Imports

kernel32

ReadFile
SetConsoleCtrlHandler
SetLastError
GetStdHandle
SetConsoleMode
WaitForSingleObject
GetConsoleMode
GetLastError
ReadConsoleW
HeapSetInformation
FlushConsoleInputBuffer
PeekConsoleInputW
Beep
GetFileType
GetTickCount
QueryPerformanceCounter
GetModuleFileNameW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
lstrlenA
WideCharToMultiByte
FindStringOrdinal
LocalFree
FormatMessageW
SetThreadUILanguage
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetCurrentProcessId

msvcrt

_amsg_exit
fflush
fprintf
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
__set_app_type
__wgetmainargs
memset
__p__commode
_XcptFilter
wcschr
_errno
wcstol
_vsnwprintf
exit
__iob_func
_memicmp
wcstod
wcstoul
_fileno
_get_osfhandle

ntdll

RtlVerifyVersionInfo
VerSetConditionMask

user32

LoadStringW
CharNextW
CharUpperW
CharUpperBuffW

ws2_32

WSACleanup

shlwapi

StrChrW

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cipher.exe
.exe windows:10 windows x86 arch:x86

2119b2a038fa67fb7336f5b02e7761b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cipher.pdb

Imports

advapi32

EncryptFileW
CryptReleaseContext
RegQueryValueExW
LookupAccountSidW
ConvertSidToStringSidW
RemoveUsersFromEncryptedFile
RegOpenKeyExW
QueryUsersOnEncryptedFile
AddUsersToEncryptedFile
AddUsersToEncryptedFileEx
ConvertStringSidToSidW
QueryRecoveryAgentsOnEncryptedFile
EncryptedFileKeyInfo
FlushEfsCache
FreeEncryptionCertificateHashList
EqualSid
CryptAcquireContextW
RegCloseKey
SetUserFileEncryptionKey
FreeEncryptedFileKeyInfo
DecryptFileW
CryptGetUserKey
CryptDestroyKey

kernel32

SetLastError
VirtualFree
GetFullPathNameW
FindNextFileW
GetDiskFreeSpaceW
SetConsoleMode
DeviceIoControl
VirtualAlloc
RemoveDirectoryW
GetProcessHeap
SetFilePointer
SetEndOfFile
FindClose
GetVolumePathNameW
CreateFileW
GetFileAttributesW
GetVolumeNameForVolumeMountPointW
GetDiskFreeSpaceExW
ReadConsoleW
CloseHandle
HeapSetInformation
FindFirstFileW
SetCurrentDirectoryW
VerSetConditionMask
GetComputerNameW
FindVolumeClose
VerifyVersionInfoW
GetTempFileNameW
FindNextVolumeW
lstrcmpW
GetDriveTypeW
FlushFileBuffers
ResolveDelayLoadedAPI
GetTickCount
DelayLoadFailureHook
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetVolumeInformationW
QueryDosDeviceW
CreateDirectoryW
FindFirstVolumeW
GetFileType
WideCharToMultiByte
GetCurrentDirectoryW
GetModuleHandleW
LocalFree
GetProcAddress
WriteConsoleW
HeapAlloc
GetLastError
FormatMessageW
GetConsoleMode
WriteFile
GetStdHandle
lstrlenW
HeapFree
SetErrorMode

msvcrt

_initterm
__setusermatherr
__p__fmode
_controlfp
_except_handler4_common
memcpy
?terminate@@YAXXZ
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
towupper
_wcsnicmp
_putws
getchar
printf
fgetws
wcschr
_wcsicmp
_vsnwprintf
__iob_func
_get_osfhandle
memset

ntdll

RtlNtStatusToDosError

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

user32

MessageBoxW

ntdsapi

DsFreeNameResultW
DsUnBindW
DsBindW
DsCrackNamesW

crypt32

CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CryptQueryObject
CertCloseStore
PFXExportCertStoreEx
CertFindCertificateInStore
CertOpenStore
CryptStringToBinaryW
CertGetCertificateContextProperty
CryptBinaryToStringW

bcrypt

BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt

efsutil

EfsUtilGetSmartcardProviderName
EfsUtilCreateSelfSignedCertificate
EfsUtilGetCurrentUserInformation

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cleanmgr.exe
.exe windows:10 windows x86 arch:x86

afb291654f85a34f0ec0dd79ffabc278

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cleanmgr.pdb

Imports

gdi32

ExtTextOutW
GetLayout
SetBkMode
SetTextColor
SetBkColor
GetTextExtentPoint32W

user32

GetClientRect
SetDlgItemTextW
GetParent
SendDlgItemMessageW
SetWindowLongW
CreateDialogParamW
SendMessageW
ShowWindow
LoadStringW
EnumWindows
DispatchMessageW
TranslateMessage
SetForegroundWindow
IsDialogMessageW
GetMessageW
GetSystemMetrics
DestroyIcon
DestroyWindow
DialogBoxParamW
EndDialog
SetFocus
GetSysColor
DrawIconEx
MessageBoxW
DrawFocusRect
GetWindowTextW
PostMessageW
LoadIconW
EnableWindow
GetWindowLongW
GetDlgItem

msvcrt

memcpy_s
_wcsicmp
_CIsqrt
memset
_ftol2
_vsnwprintf
toupper
_i64toa_s
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter

comctl32

ord345
CreatePropertySheetPageW
PropertySheetW
ImageList_Create
ImageList_ReplaceIcon
ord17

shell32

SHGetFileInfoW
ExtractIconExW
ord680
ShellExecuteExW

shlwapi

SHDeleteKeyW
ord487
StrFormatByteSizeW
ord271
StrCmpNW
StrCmpW
StrToIntW
StrStrIW
PathStripToRootW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CreateThread
TerminateProcess

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
SetErrorMode

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseMutex
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObject
SetEvent
CreateSemaphoreExW
CreateMutexExW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CreateEventW
ReleaseSemaphore

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-com-l1-1-0

CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoTaskMemAlloc

api-ms-win-security-base-l1-1-0

CheckTokenMembership
CreateWellKnownSid

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceExW
GetVolumeInformationW
GetDriveTypeW
GetDiskFreeSpaceW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegGetValueW

oleaut32

VariantInit
SysStringLen
VariantClear

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

GetStartupInfoA
MulDiv
lstrlenW
CheckElevationEnabled

ntdll

RtlNtStatusToDosError
NtOpenProcessToken
NtOpenThreadToken
NtClose
NtQueryInformationToken

ole32

CoInitialize

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cliconfg.exe
.exe windows:10 windows x86 arch:x86

0bdcee28946450c424eeaf4f97f264ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cliconfg.pdb

Imports

kernel32

FormatMessageW
GetLastError
GetProcAddress
LoadLibraryExW
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

user32

GetMessageW
SetWindowLongW
LoadCursorW
LoadIconW
TranslateMessage
RegisterClassW
DispatchMessageW
ShowWindow
CreateWindowExW
PostMessageW
MessageBoxW
DefWindowProcW
PostQuitMessage

msvcrt

_initterm
_acmdln
_ismbblead
_controlfp
_except_handler4_common
__p__fmode
_cexit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnwprintf
__setusermatherr
?terminate@@YAXXZ
_exit

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clip.exe
.exe windows:10 windows x86 arch:x86

857c38b84347441a2a03a3fd32855e24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

clip.pdb

Imports

advapi32

IsTextUnicode

kernel32

HeapSetInformation
SetLastError
GetStdHandle
GetFileType
MultiByteToWideChar
GetConsoleOutputCP
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
GetLastError
ReadFile
SetUnhandledExceptionFilter
GetModuleFileNameW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
GetConsoleMode
WideCharToMultiByte
FindStringOrdinal
LocalFree
FormatMessageW
SetThreadUILanguage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
Sleep

msvcrt

memcpy
fflush
fprintf
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
__iob_func
_memicmp
_vsnwprintf
_errno
wcstod
wcstol
wcstoul
_fileno
_get_osfhandle
memset

ntdll

RtlVerifyVersionInfo
VerSetConditionMask

user32

EmptyClipboard
CloseClipboard
SetClipboardData
LoadStringW
CharUpperW
OpenClipboard

ws2_32

WSACleanup

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

shlwapi

StrChrW

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmd.exe
.exe windows:10 windows x86 arch:x86

fd97afec4dc549dcd1fe1dad15035df9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cmd.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
wcsspn

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_initial_narrow_environment
_o__get_osfhandle
_o__getch
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__open_osfhandle
_o__pclose
_o__pipe
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__setmode
memmove
_o__ultoa
_o__ultoa_s
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wcsupr
_o__wpopen
_o__wtol
_o_calloc
_o_exit
_o_feof
_o_ferror
_o_fflush
_o_fgets
_o_free
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_iswxdigit
_o_malloc
_o_qsort
_o_rand
_o_realloc
_o_setlocale
_o_srand
_o_terminate
_o_towlower
_o_towupper
_o_wcstol
_o_wcstoul
_except_handler4_common
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__exit
_o__errno
_o__dup2
_o__dup
_o__crt_atexit
_o__controlfp_s
_o__configure_narrow_argv
_o__configthreadlocale
_o__close
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___argv
_o___p___argc
_o___acrt_iob_func
wcsstr
wcsrchr
wcschr
longjmp
_local_unwind4
_setjmp3
memcmp
memcpy
_o__tell

ntdll

RtlCreateUnicodeStringFromAsciiz
NtOpenProcessToken
NtQueryInformationToken
NtClose
NtOpenThreadToken
NtCancelSynchronousIoFile
RtlNtStatusToDosError
NtQueryInformationProcess
NtSetInformationProcess
NtQueryVolumeInformationFile
NtSetInformationFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtOpenFile
RtlReleaseRelativeName
RtlFreeUnicodeString
RtlFindLeastSignificantBit
RtlDosPathNameToNtPathName_U
NtFsControlFile
RtlFreeHeap

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
ReleaseSRWLockExclusive
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObject
WaitForSingleObjectEx
InitializeCriticalSectionEx
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSemaphore
EnterCriticalSection
DeleteCriticalSection
CreateMutexExW
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapSize
HeapFree
HeapAlloc
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

DeleteProcThreadAttributeList
CreateProcessAsUserW
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetCurrentThreadId
GetCurrentProcess
ResumeThread
GetCurrentProcessId
GetExitCodeProcess
TerminateProcess
OpenThread
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
GetCPInfo
SetThreadLocale
GetACP
GetThreadLocale
GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualFree
VirtualAlloc
ReadProcessMemory

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
SetConsoleMode
GetConsoleMode
SetConsoleCtrlHandler
WriteConsoleW
ReadConsoleW

api-ms-win-core-file-l1-1-0

WriteFile
FindFirstFileExW
CompareFileTime
RemoveDirectoryW
GetFileSize
GetFileAttributesW
GetFileType
GetVolumePathNameW
SetFilePointer
SetFileTime
DeleteFileW
SetEndOfFile
SetFileAttributesW
GetDriveTypeW
CreateDirectoryW
ReadFile
GetVolumeInformationW
GetDiskFreeSpaceExW
CreateFileW
FlushFileBuffers
GetFileAttributesExW
FindClose
FindNextFileW
FindFirstFileW
FileTimeToLocalFileTime
GetFullPathNameW
SetFilePointerEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentStringsW
SetEnvironmentVariableW
FreeEnvironmentStringsW
SearchPathW
GetCommandLineW
GetStdHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetEnvironmentStringsW

api-ms-win-core-console-l2-1-0

SetConsoleCursorPosition
FlushConsoleInputBuffer
FillConsoleOutputCharacterW
ScrollConsoleScreenBufferW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
FillConsoleOutputAttribute

api-ms-win-security-base-l1-1-0

RevertToSelf
GetFileSecurityW
GetSecurityDescriptorOwner

api-ms-win-core-sysinfo-l1-1-0

SetLocalTime
GetSystemTime
GetSystemTimeAsFileTime
GetVersion
GetLocalTime
GetWindowsDirectoryW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-systemtopology-l1-1-0

GetNumaNodeProcessorMaskEx
GetNumaHighestNodeNumber

api-ms-win-core-console-l2-2-0

SetConsoleTitleW
GetConsoleTitleW

api-ms-win-core-processenvironment-l1-2-0

NeedCurrentDirectoryForExePathW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-file-l2-1-0

CreateHardLinkW
GetFileInformationByHandleEx
MoveFileWithProgressW
MoveFileExW
CreateSymbolicLinkW

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
GlobalAlloc

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-core-processtopology-l1-1-0

GetThreadGroupAffinity

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-misc-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmdkey.exe
.exe windows:10 windows x86 arch:x86

19caf11535b9ca1beb2ef45eb8724422

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cmdkey.pdb

Imports

msvcrt

__setusermatherr
_except_handler4_common
_initterm
?terminate@@YAXXZ
free
_controlfp
_wcsicmp
malloc
__p__fmode
_resetstkoflw
_cexit
_XcptFilter
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
memset

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-security-credentials-l1-1-0

CredGetSessionTypes
CredDeleteW
CredFree
CredEnumerateW
CredIsMarshaledCredentialW
CredUnmarshalCredentialW
CredWriteW

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCommandLineW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-file-l1-1-0

GetFileType
WriteFile

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmdl32.exe
.exe windows:10 windows x86 arch:x86

f9e3c82e9c985ddb248100c9ad9c8921

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cmdl32.pdb

Imports

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

kernel32

GetTempPath2A
GetLastError
CreateFileA
CloseHandle
SetFileAttributesA
lstrcmpiA
GetTempFileNameA
DosDateTimeToFileTime
FindFirstFileA
lstrlenW
LoadLibraryExA
FindNextFileA
FindClose
WaitForSingleObject
lstrcmpA
GetModuleHandleA
SetCurrentDirectoryA
GetCommandLineA
Sleep
CopyFileA
ConvertDefaultLocale
SetEvent
GetVersionExA
DeleteFileA
GetSystemInfo
ReadFile
lstrlenA
GetProcAddress
RemoveDirectoryA
GetCurrentProcessId
FreeLibrary
CreateEventA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTickCount
FlushFileBuffers
GetPrivateProfileSectionA
GlobalFree
CreateMutexA
ReleaseMutex
GetFileSize
CreateDirectoryA
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
WriteFile
CreateThread
SetLastError
WritePrivateProfileStringA
GetProcessHeap

user32

GetSystemMetrics
RegisterClassExA
EnableMenuItem
KillTimer
SystemParametersInfoA
SetDlgItemTextA
PostMessageA
SendDlgItemMessageA
CharNextA
MoveWindow
SetWindowTextA
GetWindowLongA
SetWindowLongA
DialogBoxParamA
ShowWindow
EndDialog
GetClassInfoExA
RegisterWindowMessageA
GetDlgItemTextA
SetFocus
GetWindowRect

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnprintf
exit
memset

cmpbk32

PhoneBookMergeChanges
PhoneBookFreeFilter
PhoneBookLoad
PhoneBookUnload
PhoneBookParseInfoA

cmutil

CmLoadIconA
SzToWzWithAlloc
CmStrrchrA
WzToSzWithAlloc
CmFmtMsgA
CmLoadSmallIconA
CmCompareStringA
??1CmLogFile@@QAE@XZ
IsLogonAsSystem
CmStrCpyAllocW
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
CmBuildFullPathFromRelativeA
CmRealloc
CmStrchrA
CmStrCpyAllocA
CmMalloc
??0CmLogFile@@QAE@XZ
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
?SetParams@CmLogFile@@QAEJHKPBD@Z
?Start@CmLogFile@@QAEJH@Z
?Stop@CmLogFile@@QAEJXZ
?DeInit@CmLogFile@@QAEJXZ
CmFree

comctl32

ord17

cabinet

ord20
ord23
ord22
ord21

rasapi32

RasEnumConnectionsA

winhttp

WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpGetProxyForUrl
WinHttpGetDefaultProxyConfiguration
WinHttpConnect
WinHttpSendRequest
WinHttpOpenRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmmon32.exe
.exe windows:10 windows x86 arch:x86

d3e67dc5271176e155375662c3682d3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cmmon32.pdb

Imports

kernel32

FreeLibrary
SetProcessWorkingSetSize
lstrcmpiW
GetTickCount
LoadLibraryExW
GetExitCodeProcess
LoadLibraryExA
GetProcessHeap
GetModuleHandleA
SetEvent
GetCurrentProcessId
lstrlenA
Sleep
GetLocaleInfoW
CloseHandle
MapViewOfFile
GetProcAddress
OpenEventW
UnmapViewOfFile
OpenFileMappingW
WaitForSingleObject
WideCharToMultiByte
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
CreateThread
GetLastError
CreateEventW
OpenProcess
GetCurrentThreadId
lstrlenW
GetNumberFormatW
lstrcmpW

gdi32

DeleteObject

user32

GetUserObjectInformationW
GetThreadDesktop
RegisterClassExW
CreateWindowExW
PostMessageW
DefWindowProcW
SendDlgItemMessageW
SetDlgItemTextW
RegisterWindowMessageW
GetDlgItem
SetWindowTextW
GetWindowLongW
PostQuitMessage
EnableWindow
SetForegroundWindow
SystemParametersInfoW
PostThreadMessageW
TranslateMessage
GetProcessWindowStation
PeekMessageW
IsDialogMessageW
DispatchMessageW
IsWindow
ShowWindow
MsgWaitForMultipleObjects
SendMessageW
SetWindowPos
IsWindowVisible
DestroyWindow
GetWindowRect
GetLastActivePopup
GetMessageW
SetWindowLongW
CreateDialogParamW

msvcrt

memmove
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnwprintf
exit
_vsnprintf
memcpy
memset

cmutil

CmLoadIconW
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
?DeInit@CmLogFile@@QAEJXZ
?Stop@CmLogFile@@QAEJXZ
?Start@CmLogFile@@QAEJH@Z
?SetParams@CmLogFile@@QAEJHKPBG@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
??1CmLogFile@@QAE@XZ
??0CmLogFile@@QAE@XZ
?GPPB@CIniW@@QBEHPBG0H@Z
?GPPI@CIniW@@QBEKPBG0K@Z
?GPPS@CIniW@@QBEPAGPBG00@Z
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
?GetFile@CIniW@@QBEPBGXZ
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z
?SetPrimaryFile@CIniW@@QAEXPBG@Z
?SetFile@CIniW@@QAEXPBG@Z
?Clear@CIniW@@QAEXXZ
??1CIniW@@QAE@XZ
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
IsLogonAsSystem
CmLoadSmallIconW
CmStrCpyAllocW
CmBuildFullPathFromRelativeW
CmFmtMsgW
CmLoadStringW
ReleaseBold
MakeBold
CmIsDigitW
CmAtolW
CmMalloc
?SetHInst@CIniW@@QAEXPAUHINSTANCE__@@@Z
CmFree

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmstp.exe
.exe windows:10 windows x86 arch:x86

1bfcd0aad19887a1035bf48d79219292

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cmstp.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyW
FreeSid
RegSetValueExW
RegCreateKeyExW
AllocateAndInitializeSid
AdjustTokenPrivileges
InitiateSystemShutdownW
LookupPrivilegeValueW
RegEnumValueW

kernel32

FreeLibrary
LoadLibraryExW
FindFirstFileW
WritePrivateProfileStringW
CompareStringW
FindNextFileW
GetCurrentProcess
lstrlenW
GetPrivateProfileIntW
GetPrivateProfileSectionW
FindClose
CreateFileW
SetFileAttributesW
GetLastError
CloseHandle
GetCurrentProcessId
WritePrivateProfileSectionW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
LoadLibraryExA
lstrlenA
GetSystemDirectoryW
GetModuleHandleA
GetWindowsDirectoryA
LocalFree
CopyFileW
CreateMutexW
WaitForSingleObject
ReleaseMutex
HeapAlloc
HeapFree
GetSystemInfo
GetVersionExW
SetCurrentDirectoryW
CreateDirectoryW
WideCharToMultiByte
LocalAlloc
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetProcessHeap
Sleep
GetProcAddress
GetCurrentDirectoryW
GetPrivateProfileStringW
GetCommandLineW
GetModuleHandleW
GetWindowsDirectoryW
GetFileType

user32

GetDlgItemTextW
IsWindow
SetFocus
EndDialog
MessageBoxExW
CheckRadioButton
IsDlgButtonChecked
GetDlgItem
LoadStringW
CheckDlgButton
CharPrevW
DialogBoxParamW
CharNextW
MessageBoxW
SetWindowTextW

msvcrt

_amsg_exit
__p__commode
_XcptFilter
_vsnwprintf
_exit
__getmainargs
__set_app_type
_cexit
exit
_vsnprintf
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
memset

cmutil

SzToWzWithAlloc
GetOSVersion
CmFree
WzToSzWithAlloc
CmRealloc
GetOSMajorVersion
CmMalloc

ole32

CoInitialize
CoUninitialize

shell32

ShellExecuteExW
SHGetMalloc
SHChangeNotify
SHFileOperationW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFolderPathW

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
colorcpl.exe
.exe windows:10 windows x86 arch:x86

fe642844d8bb41a0a5162838127d9366

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

colorcpl.pdb

Imports

kernel32

HeapSetInformation
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

msvcrt

_controlfp
?terminate@@YAXXZ
_initterm
_except_handler4_common
_wcmdln
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter

colorui

LaunchColorCpl

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
comp.exe
.exe windows:10 windows x86 arch:x86

c5dc0432c35b6d80851f60294d3b3bd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

comp.pdb

Imports

msvcrt

_controlfp
?terminate@@YAXXZ
_except_handler4_common
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
towupper
_wcsicmp

ulib

?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z
?IsCorrectVersion@SYSTEM@@SGEXZ
?IsValueSet@ARGUMENT@@QAEEXZ
?GetLexeme@ARGUMENT@@QAEPAVWSTRING@@XZ
?DebugDump@OBJECT@@UBEXE@Z
?Compare@OBJECT@@UBEJPBV1@@Z
??1OBJECT@@UAE@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PutMultipleSwitch@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UAE@XZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
??1STRING_ARGUMENT@@UAE@XZ
??0STRING_ARGUMENT@@QAE@XZ
?QueryResourceString@BASE_SYSTEM@@SAEPAVWSTRING@@KPBDZZ
?QueryFsnodeArray@FSN_DIRECTORY@@QBEPAVARRAY@@PAVFSN_FILTER@@@Z
??0PROGRAM@@IAE@XZ
?ValidateVersion@PROGRAM@@UBEXKK@Z
??0STREAM_MESSAGE@@QAE@XZ
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
?Fatal@PROGRAM@@UBEXXZ
?Fatal@PROGRAM@@UBAXKKPADZZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
??1PROGRAM@@UAE@XZ
??0PATH_ARGUMENT@@QAE@XZ
??0CLASS_DESCRIPTOR@@QAE@XZ
?TruncateBase@PATH@@QAEEXZ
?SetName@PATH@@QAEEPBVWSTRING@@@Z
?QueryWCExpansion@PATH@@QAEPAV1@PAV1@@Z
?QueryFullPathString@PATH@@QBEPAVWSTRING@@XZ
?QueryFullPath@PATH@@QBEPAV1@XZ
?IsDrive@PATH@@QBEEXZ
?HasWildCard@PATH@@QBEEXZ
?AppendBase@PATH@@QAEEPBVWSTRING@@E@Z
??1PATH@@UAE@XZ
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
?Initialize@PATH@@QAEEPBV1@E@Z
??0PATH@@QAE@XZ
?Display@MESSAGE@@QAAEPBDZZ
Get_Standard_Output_Stream
?SetAttributes@FSN_FILTER@@QAEEKKK@Z
?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z
?Initialize@FSN_FILTER@@QAEEXZ
??1FSN_FILTER@@UAE@XZ
??0FSN_FILTER@@QAE@XZ
?FillAndReadByte@BYTE_STREAM@@AAEEPAE@Z
?Initialize@BYTE_STREAM@@QAEEPAVSTREAM@@K@Z
??1BYTE_STREAM@@UAE@XZ
??0BYTE_STREAM@@QAE@XZ
?Strcat@WSTRING@@QAEEPBV1@@Z
?DeleteChAt@WSTRING@@QAEXKK@Z
?QueryNumber@WSTRING@@QBEEPAJKK@Z
?QueryString@WSTRING@@QBEPAV1@KK@Z
?Initialize@WSTRING@@QAEEPBDK@Z
?Strcspn@WSTRING@@QBEKPBV1@K@Z
??1PATH_ARGUMENT@@UAE@XZ
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
?Initialize@CLASS_DESCRIPTOR@@QAEEPBD@Z
Get_Standard_Error_Stream
?Initialize@STREAM_MESSAGE@@QAEEPAVSTREAM@@00@Z
??0FLAG_ARGUMENT@@QAE@XZ
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
??0ARRAY@@QAE@XZ
??1ARRAY@@UAE@XZ
?Initialize@ARRAY@@QAEEKK@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QAEPAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0LONG_ARGUMENT@@QAE@XZ
?Initialize@LONG_ARGUMENT@@QAEEPAD@Z
Get_Standard_Input_Stream
??0DSTRING@@QAE@XZ
??1DSTRING@@UAE@XZ
?Usage@PROGRAM@@UBEXXZ

ntdll

RtlAllocateHeap
RtlFreeHeap

kernel32

GetFileAttributesW
HeapSetInformation
IsDBCSLeadByte
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
compact.exe
.exe windows:10 windows x86 arch:x86

2f681d6796f539a29be2fd4cbc0e65df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

compact.pdb

Imports

kernel32

GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
GetLocaleInfoW
GetConsoleMode
FormatMessageW
WriteConsoleW
WideCharToMultiByte
GetFileType
GetFullPathNameW
GetLastError
HeapSetInformation
GetCurrentDirectoryW
SetCurrentDirectoryW
SetThreadPreferredUILanguages
UnhandledExceptionFilter
PowerCreateRequest
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
Sleep

ntdll

RtlDecompressBufferEx
RtlCompressBuffer
RtlAcquirePrivilege
NtPowerInformation
RtlGetCompressionWorkSpaceSize
RtlGetNtProductType
NtSetInformationThread
RtlRandom
NtQueryVolumeInformationFile
RtlNtStatusToDosError
RtlAllocateHeap
RtlFreeHeap

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

SetFileAttributesW
CreateFileW
GetDriveTypeW
GetVolumePathNameW
FindClose
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
GetFileAttributesW

api-ms-win-core-synch-l1-1-0

SetEvent
WaitForSingleObject
ReleaseMutex
CreateMutexW
CreateEventW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetWindowsDirectoryW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegLoadKeyW
RegCloseKey
RegOpenKeyExW
RegUnLoadKeyW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-errorhandling-l1-1-0

SetLastError

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThread
GetCurrentProcess
OpenProcessToken
CreateThread

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-security-base-l1-1-0

RevertToSelf
PrivilegeCheck
ImpersonateLoggedOnUser
AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

msvcrt

memcpy
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
printf
_get_osfhandle
wcscpy_s
wcscat_s
wcschr
_wcsicmp
_wcsnicmp
memcpy_s
memset
swprintf_s
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
wcsncmp

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-psapi-l1-1-0

K32GetPerformanceInfo

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
control.exe
.exe windows:10 windows x86 arch:x86

254431fc03472457970b01527b1b077f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

control.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegEnumValueW

kernel32

GetStartupInfoW
GetCommandLineW
lstrlenW
ExpandEnvironmentStringsW
HeapSetInformation
GetModuleHandleW

user32

AllowSetForegroundWindow

msvcrt

_vsnwprintf
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
exit
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
memset

shlwapi

ord437
ord154
StrTrimW
ord158

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

shell32

ShellExecuteExW

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
convert.exe
.exe windows:10 windows x86 arch:x86

4075bd8c3d5493a1502e6d9bcbd30110

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

convert.pdb

Imports

kernel32

SetUnhandledExceptionFilter
HeapSetInformation
SetErrorMode
CompareStringW
Sleep
GetModuleHandleW

ulib

?Initialize@CLASS_DESCRIPTOR@@QAEEPBD@Z
??0CLASS_DESCRIPTOR@@QAE@XZ
?AnalyzePath@PATH@@QAE?AW4PATH_ANALYZE_CODE@@PAVWSTRING@@PAV1@0@Z
?IsGuidVolName@PATH@@QAEEXZ
?AppendBase@PATH@@QAEEPBVWSTRING@@E@Z
??1PATH@@UAE@XZ
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
??0PATH@@QAE@XZ
?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
?Strcat@WSTRING@@QAEEPBV1@@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?Initialize@WSTRING@@QAEEPBDK@Z
??8WSTRING@@QBEEABV0@@Z
?Strupr@WSTRING@@QAEPAV1@XZ
?Initialize@PROGRAM@@QAEEKKK@Z
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
?QueryCurrentDosDriveName@SYSTEM@@SGEPAVWSTRING@@@Z
?QueryDriveType@SYSTEM@@SG?AW4DRIVE_TYPE@@PBVWSTRING@@@Z
?QueryVolumeLabel@SYSTEM@@SGPAVWSTRING@@PAVPATH@@PAU_VOL_SERIAL_NUMBER@@@Z
?QueryLibraryEntryPoint@SYSTEM@@SGP6GHXZPBVWSTRING@@0PAPAX@Z
?FreeLibraryHandle@SYSTEM@@SGXPAX@Z
?QueryWindowsErrorMessage@SYSTEM@@SGEKPAVWSTRING@@@Z
??0FLAG_ARGUMENT@@QAE@XZ
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
??0ARRAY@@QAE@XZ
??1ARRAY@@UAE@XZ
?Initialize@ARRAY@@QAEEKK@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
??0DSTRING@@QAE@XZ
??1PROGRAM@@UAE@XZ
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?Fatal@PROGRAM@@UBEXXZ
?Fatal@PROGRAM@@UBAXKKPADZZ
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
?Usage@PROGRAM@@UBEXXZ
?ValidateVersion@PROGRAM@@UBEXKK@Z
??0PROGRAM@@IAE@XZ
??0STRING_ARGUMENT@@QAE@XZ
??1STRING_ARGUMENT@@UAE@XZ
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
??0ARGUMENT_LEXEMIZER@@QAE@XZ
??1ARGUMENT_LEXEMIZER@@UAE@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QAEPAVWSTRING@@XZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
??1OBJECT@@UAE@XZ
?Compare@OBJECT@@UBEJPBV1@@Z
?DebugDump@OBJECT@@UBEXE@Z
?IsValueSet@ARGUMENT@@QAEEXZ
?Stricmp@WSTRING@@QBEJPBV1@@Z
?QuerySystemDirectory@SYSTEM@@SGPAVPATH@@XZ
??1DSTRING@@UAE@XZ

ifsutil

?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@0@Z
?AddEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?GenerateLabelNotification@SUPERAREA@@SGJPBVWSTRING@@PAV2@PAU_FILE_FS_SIZE_INFORMATION@@PAU_FILE_FS_VOLUME_INFORMATION@@@Z
?IsArcSystemPartition@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?QueryFileSystemName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@PAJ1@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z

ntdll

NtTerminateProcess
RtlFreeHeap
RtlAllocateHeap
RtlUnhandledExceptionFilter

scecli

SceConfigureConvertedFileSecurity

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_cexit

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
credwiz.exe
.exe windows:10 windows x86 arch:x86

c522c040599e6f476c170a0a19155c14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

credwiz.pdb

Imports

advapi32

GetTokenInformation
DuplicateToken
ImpersonateLoggedOnUser
RevertToSelf
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
CredBackupCredentials
CredRestoreCredentials
CredpEncodeSecret
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

GetOverlappedResult
LocalFree
SleepEx
GetTempFileNameW
GetTempPath2W
GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
GlobalFree
GetCurrentThreadId
ReleaseMutex
ReleaseSRWLockExclusive
HeapSetInformation
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
DeleteFileW
CreateThread
OutputDebugStringW
CloseHandle
GetModuleHandleA
SetEvent
GetLastError
FormatMessageW
CreateEventW
OpenProcess
DuplicateHandle
CreateFileW
LocalAlloc
WaitForMultipleObjects
WriteFile
GetCommandLineW
SetLastError
GetFileSizeEx
CancelIo
ReadFile
WaitForSingleObject

gdi32

CreateFontIndirectW
GetObjectW

user32

EnableWindow
GetParent
GetDlgItem
SetWindowLongW
SetFocus
SendDlgItemMessageW
GetDlgItemTextW
ShowWindow
LoadStringW
SetWindowTextW
SendMessageW
CheckRadioButton
PostMessageW
GetMessageW
GetWindowLongW
PostThreadMessageW
TranslateMessage
DispatchMessageW

msvcrt

__set_app_type
__getmainargs
_amsg_exit
__p__commode
_exit
memmove_s
_purecall
??3@YAXPAX@Z
memcpy_s
wcsncmp
swscanf
exit
_XcptFilter
_cexit
__CxxFrameHandler3
__p__fmode
_ismbblead
memcmp
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_acmdln
_initterm
__setusermatherr
_vsnwprintf
memset

rpcrt4

RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncCancelCall
RpcAsyncCompleteCall
I_RpcExceptionFilter
NdrAsyncClientCall2
RpcStringFreeW
RpcBindingFree
RpcAsyncInitializeHandle

crypt32

CryptProtectData
CryptUnprotectData

samcli

NetValidatePasswordPolicy

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

NtAdjustPrivilegesToken
TpWaitForWait
RtlNtStatusToDosError
TpAllocWait
NtPrivilegeCheck
NtClose
TpReleaseWait
TpSetWait
NtOpenProcessToken

comctl32

CreatePropertySheetPageW
PropertySheetW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

shell32

CommandLineToArgvW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cscript.exe
.exe windows:10 windows x86 arch:x86

3ce209ddb95c050cc22e12ca494e12e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cscript.pdb

Imports

msvcrt

memmove
free
_callnewh
malloc
memcmp
wcsncmp
_wcsnicmp
_wcsicmp
memmove_s
memcpy_s
memcpy
memset
swprintf_s
sprintf_s
_vsnprintf
_swab
strcpy_s
wcsrchr
_itow
_itow_s
_except_handler4_common
_vsnwprintf
wcscat_s
wcscpy_s

oleaut32

SysStringLen
LoadRegTypeLi
SafeArrayCopy
SysAllocString
SafeArrayGetLBound
CreateErrorInfo
SetErrorInfo
SafeArrayGetElement
VariantClear
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayPutElement
SafeArrayCreate
SysAllocStringLen
LoadTypeLi
SysFreeString
VariantCopy
VariantChangeType
VariantInit

kernel32

CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetCommandLineW
ReleaseSemaphore
WideCharToMultiByte
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
GetModuleHandleA
GetCommandLineA
MultiByteToWideChar
FormatMessageW
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetLastError
LocalAlloc
GetPrivateProfileStringW
GetConsoleMode
LocalFree
WriteFile
FormatMessageA
GetPrivateProfileIntW
LoadLibraryExW
FindFirstFileW
FindFirstFileA
FindClose
GetFileAttributesW
GetACP
GetFileAttributesA
GetStdHandle
GetCPInfo
GetModuleFileNameA
GetPrivateProfileIntA
GetModuleFileNameW
GetPrivateProfileStringA
CreateFileW
InitializeCriticalSection
HeapReAlloc
UnmapViewOfFile
LoadLibraryW
GetLocaleInfoA
GetLocaleInfoW
CreateFileMappingA
FreeLibrary
GetFullPathNameA
GetFileSize
MapViewOfFile
GetUserDefaultUILanguage
GetLocaleInfoEx
CreateFileMappingW
SearchPathW
GetFullPathNameW
GetVersionExW
LCIDToLocaleName
FindResourceExW
FlushFileBuffers
GetTempFileNameA
GetVersionExA
GetSystemDefaultUILanguage
GetSystemDirectoryA
CreateFileA
GetTempPath2A
GetTickCount
LoadLibraryExA
LoadResource
GetUserDefaultLCID
CreateEventA
CreateThread
SetEvent

ole32

MkParseDisplayName
CLSIDFromProgID
CoGetClassObject
CLSIDFromString
CoCreateInstance
CoInitializeSecurity
CoRegisterMessageFilter
CreateFileMoniker
CreateBindCtx
CoUninitialize
CoInitialize
CoGetTreatAsClass

advapi32

GetUserNameW
IsTextUnicode
DeregisterEventSource
RegisterEventSourceW
ReportEventW
LookupAccountNameW
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExW
RegEnumKeyExA
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
ImpersonateLoggedOnUser
RegCreateKeyExA

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW

user32

GetParent
PostQuitMessage
KillTimer
PeekMessageA
MsgWaitForMultipleObjectsEx
EnumThreadWindows
SendMessageA
GetActiveWindow
GetClassInfoA
GetMessageA
DispatchMessageA
TranslateMessage
IsWindowVisible
GetWindowLongA
LoadStringW
LoadStringA
PostMessageA
DefWindowProcA
SetWindowLongA
CharNextA
SetTimer
CreateWindowExA
MsgWaitForMultipleObjects
GetClassNameA
RegisterClassA

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ctfmon.exe
.exe windows:10 windows x86 arch:x86

a0df2cae30cd48f978a8d80039c738e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ctfmon.pdb

Imports

kernel32

HeapSetInformation
GetStartupInfoW
WerSetFlags
GetCommandLineW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep

msvcrt

_acmdln
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_except_handler4_common

msctfmonitor

DoMsCtfMonitor

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 974B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cttune.exe
.exe windows:10 windows x86 arch:x86

be0d4481f378a3cff5f2491f52b41d91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cttune.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EventWriteTransfer
EventRegister
EventUnregister
OpenProcessToken
GetTokenInformation
CreateWellKnownSid
CheckTokenMembership
RegCreateKeyExW
RegSetValueExW

kernel32

GetCurrentProcess
IsWow64Process
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
GetLastError
VerifyVersionInfoW
CreateMutexW
MulDiv
VerSetConditionMask
GetTickCount64

gdi32

SetBkColor
Polyline
CreatePen
GetTextMetricsW
SetBkMode
SetStretchBltMode
StretchBlt
DeleteObject
GetDeviceCaps
CreateFontIndirectW
GetObjectW
CreateCompatibleDC
SelectObject
GdiAlphaBlend
BitBlt
DeleteDC
GetStockObject
GdiSetBatchLimit
SetTextColor
CreateSolidBrush
PatBlt
CreateDIBSection
CreateCompatibleBitmap

user32

EndDialog
SetTimer
KillTimer
DialogBoxParamW
ShowWindow
EnableWindow
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
EnumDisplaySettingsW
EnumDisplayDevicesW
ChangeDisplaySettingsExW
FindWindowW
DestroyWindow
CopyImage
CreateWindowExW
DrawFocusRect
GetFocus
MapWindowPoints
FillRect
RedrawWindow
IsCharAlphaNumericW
GetWindowLongW
InvalidateRect
GetDC
SetForegroundWindow
RegisterClassExW
LoadCursorW
GetSysColor
LoadStringW
ReleaseDC
TrackMouseEvent
GetProcessDefaultLayout
GetSystemMetrics
GetWindowRect
PtInRect
SetWindowPos
SendMessageTimeoutW
DefWindowProcW
SendMessageW
EndPaint
GetSysColorBrush
FrameRect
DrawTextW
SetWindowTextW
MessageBoxW
SystemParametersInfoW
SetFocus
GetParent
PostMessageW
SetWindowLongW
SetDlgItemTextW
GetDlgItem
GetClientRect
MapDialogRect
SendDlgItemMessageW
BeginPaint

msvcrt

_except_handler4_common
memcmp
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_ftol2_sse
_ftol2
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
wcschr
realloc
free
_purecall
_wtoi
_vsnwprintf
memset

oleaut32

SysFreeString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantInit
VariantClear
SysAllocString

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
StringFromGUID2

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

comctl32

ord381
PropertySheetW
InitCommonControlsEx

dwrite

DWriteCreateFactory

ntdll

WinSqmIncrementDWORD
WinSqmAddToStream

ole32

CoGetObject

oleacc

CreateStdAccessibleObject
LresultFromObject

setupapi

SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

uxtheme

GetThemeFont
GetThemeColor
OpenThemeData
IsThemeActive
DrawThemeParentBackground
GetThemeSysFont
GetThemeSysColor
CloseThemeData

shlwapi

ord628

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cttunesvr.exe
.exe windows:10 windows x86 arch:x86

411c977a314bdc3b35fb4973f62a0d4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cttunesvr.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

kernel32

FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
IsWow64Process
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
SetEvent
GetCurrentThreadId
Sleep
CreateEventW
CreateThread
CloseHandle
WaitForSingleObject
GetStartupInfoW
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

GetMessageW
TranslateMessage
DispatchMessageW
CharUpperW
CharNextW
UnregisterClassA
PostThreadMessageW

msvcrt

?terminate@@YAXXZ
_controlfp
memcmp
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
__dllonexit
_callnewh
wcscat_s
wcscpy_s
_purecall
memcpy_s
free
malloc
wcsncpy_s
_unlock
_lock
realloc
_errno
_except_handler4_common
_onexit
_wcmdln
_initterm
__setusermatherr
__p__fmode
_XcptFilter
_cexit
memset

ole32

CoRevokeClassObject
CoCreateInstance
StringFromGUID2
CoRegisterClassObject
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize

oleaut32

UnRegisterTypeLi
SysAllocString
LoadRegTypeLi
SysFreeString
VarUI4FromStr
LoadTypeLi
SysStringLen
RegisterTypeLi

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3d7ee4441d6e0b9d144542a4cb6194e

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

35:e9:e4:13:7f:27:45:1c:11:bd:e1:01:fb:f6:12:6e:79:4d:b4:44:8e:2b:8a:3c:f5:03:b2:5a:54:dc:8e:efSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

dui70

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

imm32

Sections

.text Size: 15KB - Virtual size: 14KB

.imrsiv Size: - Virtual size: 4B

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

5b8e1455454cdaf58cd7ce3dd83ba3d7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

certca

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-datetime-l1-1-0

certenroll

api-ms-win-core-localization-l1-2-2

api-ms-win-core-localization-obsolete-l1-2-0

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

8c4b70b06fd4e738845e670ca5e4f39b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

35:e9:e4:13:7f:27:45:1c:11:bd:e1:01:fb:f6:12:6e:79:4d:b4:44:8e:2b:8a:3c:f5:03:b2:5a:54:dc:8e:ef
Signer

.text
Size: 15KB - Virtual size: 14KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 76B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

a1:df:cb:e5:b4:20:35:dc:4a:4b:e1:60:91:7f:c3:1d:50:ba:1d:c8:af:68:3f:0e:27:2b:c2:b7:c5:b1:8b:fd
Signer

.text
Size: 46KB - Virtual size: 46KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 100B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 2KB