CWindowsSysWOW64-8[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

CWindowsSysWOW64-8.zip
Size

1.7MB
MD5

581fa7a5528a27794b3c7a5dde47e663
SHA1

53aa5487e6044207f045291f04cd04153f396bb5
SHA256

82d09b4ccb58e0b88107547586f23e7265beb040ab61d66c0b96be277813a19d
SHA512

ed37a67d005624de335f723bb8ed7ae5eabdd012b9a2bfa9beaaba904b405105dc9b12ff82cbf6e144b78b205de89614b0075b85283f4cadb2a6d44dbd402ed0
SSDEEP

49152:bE2uzPIupP6Y9iVqujBlc638oCfXA3MHtrlikCXJQ:bK2YELgw3IikCXJQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 29 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DWWIN.EXE
unpack001/DevicePairingWizard.exe
unpack001/DpiScaling.exe
unpack001/EaseOfAccessDialog.exe
unpack001/EhStorAuthn.exe
unpack001/dccw.exe
unpack001/dcomcnfg.exe
unpack001/ddodiag.exe
unpack001/dfrgui.exe
unpack001/dialer.exe
unpack001/diskpart.exe
unpack001/diskperf.exe
unpack001/diskusage.exe
unpack001/dllhst3g.exe
unpack001/doskey.exe
unpack001/dpapimig.exe
unpack001/dplaysvr.exe
unpack001/dpnsvr.exe
unpack001/driverquery.exe
unpack001/dtdump.exe
unpack001/dvdplay.exe
unpack001/dxdiag.exe
unpack001/edpnotify.exe
unpack001/efsui.exe
unpack001/esentutl.exe
unpack001/eudcedit.exe
unpack001/eventcreate.exe
unpack001/eventvwr.exe
unpack001/expand.exe

Files

CWindowsSysWOW64-8.zip
.zip
DWWIN.EXE
.exe windows:10 windows x86 arch:x86

4704bd46363804e000bd49828e43b350

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dwwin.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wcstoui64
_o__wtoi
_o__wtoi64
_o_exit
_o_free
_o_isspace
_o_malloc
_o_terminate
_o_tolower
_o_towlower
_o_wcscpy_s
_o_wcstol
__current_exception
__current_exception_context
_o__crt_atexit
_except_handler4_common
_o__controlfp_s
_o__configure_wide_argv
_o__configthreadlocale
_o__exit
_o__errno
__CxxFrameHandler3
__std_terminate
wcschr
wcsrchr
wcsstr
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
wcsnlen

kernel32

ReleaseSRWLockExclusive
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
SetLastError
CreateSemaphoreExW
LocalFree
CreateToolhelp32Snapshot
SearchPathW
IsWow64Process2
GetApplicationRestartSettings
CreateFileMappingW
LoadLibraryExW
GetSystemDirectoryW
GetSystemWow64DirectoryW
FreeLibrary
FreeLibraryAndExitThread
UnmapViewOfFile
MultiByteToWideChar
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx
WaitForMultipleObjectsEx
GetTickCount
SetEvent
WaitForSingleObject
MapViewOfFile
DeleteFileW
Sleep
ExpandEnvironmentStringsW
GetCommandLineW
HeapSetInformation
CloseHandle
OutputDebugStringW
GetProcAddress
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageW
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
SetEnvironmentVariableW
ReadProcessMemory
QueryFullProcessImageNameW
Module32FirstW
K32GetModuleFileNameExW
Module32NextW
VirtualAlloc
VirtualFree
CreateEventW
IsWow64Process
DuplicateHandle
GetThreadId
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateMutexW
ResetEvent
CompareStringOrdinal
GetWindowsDirectoryW
GetLogicalDriveStringsW
GetPackageFamilyName
GetVersionExW
ResolveDelayLoadedAPI
DelayLoadFailureHook
InitializeCriticalSectionAndSpinCount
GetLastError
CloseThreadpoolTimer
QueryDosDeviceW
GetDriveTypeW
FindClose
K32EnumProcessModules
GlobalMemoryStatusEx
LoadLibraryW
GetUserDefaultUILanguage
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
VirtualQueryEx
GetModuleHandleExA
OpenMutexW
OpenEventW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

api-ms-win-core-processthreads-l1-1-0

GetProcessTimes
InitializeProcThreadAttributeList
OpenThread
GetProcessId
GetExitCodeThread
OpenProcessToken
CreateProcessW
UpdateProcThreadAttribute
CreateThread
DeleteProcThreadAttributeList

wer

WerpPromptUser
WerpAddTerminationReason
WerpSetTtdStatus
WerReportSubmit
WerReportCloseHandle
WerpGetReportFlags
WerpSetCallBack
WerReportAddDump
WerpSetReportFlags
WerpCreateIntegratorReportId
WerpSetIntegratorReportId
WerpAddAppCompatData
WerpFreeString
WerpIsTransportAvailable
WerReportSetUIOption
WerReportAddFile
WerReportSetParameter
WerReportCreate

bcrypt

BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptCreateHash

ntdll

RtlNtStatusToDosError
RtlFreeSid
NtAlpcSendWaitReceivePort
NtAlpcConnectPort
RtlInitUnicodeString
RtlAllocateAndInitializeSid
NtQuerySystemInformation
NtClose
NtWaitForSingleObject
NtOpenEvent
RtlGetUnloadEventTraceEx
EtwEventWriteNoRegistration
ZwUpdateWnfStateData
DbgPrintEx
NtQueryInformationThread
NtResumeProcess
NtSuspendProcess
EtwTraceMessage
DbgPrint
NtQueryInformationProcess
ZwQueryInformationThread
NtCreateFile
NtDeviceIoControlFile
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtSetSystemInformation
NtOpenKey
RtlAdjustPrivilege
RtlInitUnicodeStringEx
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtQueryValueKey
RtlDetermineDosPathNameType_U
RtlGetNtSystemRoot
RtlGetCurrentTransaction
RtlSetCurrentTransaction
NtWaitForMultipleObjects
RtlSetThreadErrorMode
NtQueryInformationToken
RtlImageNtHeaderEx
ZwQueryWnfStateNameInformation

advapi32

RegDeleteKeyA
RegSetKeySecurity
BuildSecurityDescriptorW
RegGetKeySecurity
CreateWellKnownSid
RegDeleteValueW
EventRegister
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
EventUnregister
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegGetValueW
RegCreateKeyExW
RegSetValueExW
OpenSCManagerW
CloseServiceHandle
EventWriteTransfer
RegSetKeyValueW
RegDeleteKeyW

diagnosticdatasettings

TelGetWerTelemetryMode

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSizeEx
GetFileAttributesW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

api-ms-win-eventing-provider-l1-1-0

EventSetInformation

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-service-management-l1-1-0

OpenServiceW
StartServiceW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DevicePairingWizard.exe
.exe windows:10 windows x86 arch:x86

01c009ab59cfa7b262179479b15e5968

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DevicePairingWizard.pdb

Imports

advapi32

EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl
EventWriteTransfer

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitOnceBeginInitialize
InitOnceComplete
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

mfc42u

ord825
ord4269
ord4667
ord561
ord815
ord3948
ord823
ord567
ord2717
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord1569
ord1165

msvcrt

__p__fmode
__setusermatherr
_initterm
_wcmdln
?terminate@@YAXXZ
_cexit
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
_except_handler4_common
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
_purecall
isspace
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_lock
_vsnwprintf
__CxxFrameHandler3
memset

shlwapi

StrCmpNIW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dism.exe
.exe windows:10 windows x86 arch:x86

3119e9937d1f91fa75b3ebd05409896f

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:af:ed:7a:50:8a:d7:8e:a6:6b:9b:b3:e7:37:ff:a3:93:b5:2f:e4:cd:01:1b:7d:e9:70:6d:96:e7:5e:53:86
Signer

Actual PE Digest

3f:af:ed:7a:50:8a:d7:8e:a6:6b:9b:b3:e7:37:ff:a3:93:b5:2f:e4:cd:01:1b:7d:e9:70:6d:96:e7:5e:53:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

Dism.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
__RTDynamicCast
_ftol2
_lock
_unlock
__dllonexit
_onexit
_errno
realloc
_controlfp
memcmp
_except_handler4_common
wcsstr
wcsncmp
_wcsnicmp
iswalpha
towlower
_snwscanf_s
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
wcscpy_s
wcsrchr
calloc
malloc
_purecall
_wcsicmp
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_wcslwr_s
wcschr
wprintf
memmove_s
memcpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??3@YAXPAX@Z
memset

advapi32

IsValidSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
CopySid
GetLengthSid
TraceEvent
AdjustTokenPrivileges
LookupPrivilegeValueW
EventWriteTransfer
OpenProcessToken
InitiateSystemShutdownExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
EventUnregister
EventRegister
EventActivityIdControl

kernel32

WaitForSingleObject
LoadLibraryExW
SearchPathW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandleEx
DeviceIoControl
SetFileAttributesW
SetFileInformationByHandle
DeleteFileW
CopyFileExW
GetLongPathNameW
GetFinalPathNameByHandleW
GetDriveTypeW
GetVersionExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
InitializeCriticalSection
EnterCriticalSection
SetEvent
LeaveCriticalSection
GetLastError
CloseHandle
SetThreadUILanguage
SetErrorMode
SetConsoleCtrlHandler
OutputDebugStringW
GetCommandLineW
HeapFree
GetProcessHeap
Sleep
GetCurrentProcess
DeleteCriticalSection
RaiseException
GetCurrentThreadId
CompareStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetStdHandle
HeapAlloc
WriteConsoleW
LocalAlloc
WideCharToMultiByte
WriteFile
LocalFree
GetFileType
GetConsoleMode
GetModuleFileNameW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
MultiByteToWideChar
GetSystemInfo
HeapSize
HeapReAlloc
HeapDestroy
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
FindClose

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize

user32

CharLowerBuffW

oleaut32

SysAllocStringLen
SysAllocString
GetErrorInfo
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
SysAllocStringByteLen
VarBstrCmp
SysStringLen
VariantClear
SysFreeString

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

ntdll

RtlGetVersion
RtlAllocateHeap
RtlFreeHeap
NtSetInformationFile
RtlNtStatusToDosError

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DpiScaling.exe
.exe windows:10 windows x86 arch:x86

91aca85d178c3b3f6b7a2fad4cccbee7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DpiScaling.pdb

Imports

user32

LoadStringW

msvcrt

__wgetmainargs
exit
_XcptFilter
_except_handler4_common
_controlfp
__p__commode
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
_amsg_exit
__p__fmode
_cexit
__set_app_type
_exit

shell32

ord100

shlwapi

ord388

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ole32

CoInitialize

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EaseOfAccessDialog.exe
.exe windows:10 windows x86 arch:x86

9facd6a416015891df168f2281603d0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

EaseOfAccessDialog.pdb

Imports

advapi32

EventRegister
EventUnregister
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
TraceMessage
RegEnumValueW
RegDeleteTreeW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
EventSetInformation
EventWriteTransfer
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegLoadMUIStringW

kernel32

FreeLibrary
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSection
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
ExpandEnvironmentStringsW
GetLocaleInfoEx
CompareStringOrdinal
GetThreadPreferredUILanguages
OpenJobObjectW
OpenMutexW
MulDiv
LoadLibraryW
InterlockedPushEntrySList
LocalFree
OpenProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessW
DeleteProcThreadAttributeList
GetFileAttributesW
DeleteFileW
K32EnumProcesses
ProcessIdToSessionId
K32EnumProcessModules
K32GetModuleBaseNameW
InitOnceBeginInitialize
InitOnceComplete
LoadResource
FindResourceExW
LockResource
MultiByteToWideChar
CreateMutexW
GetProductInfo
SizeofResource
RaiseException
HeapSetInformation
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
GetModuleFileNameA
AcquireSRWLockExclusive
CloseThreadpoolTimer
IsProcessInJob
CreateEventW
SetEvent
OOBEComplete
VirtualProtect
LoadLibraryExA
GetSystemInfo
VirtualQuery
InitializeCriticalSectionAndSpinCount
ResetEvent

user32

MessageBoxW
SetWindowTextW
SetWindowPos
LoadStringW
SystemParametersInfoW
SetFocus
GetFocus
GetWindowRect
AdjustWindowRectExForDpi
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
DestroyWindow
PostMessageW
DefWindowProcW
GetWindowLongW
SetWindowLongW
MoveWindow
IsWindow
CreateWindowExW
RegisterClassExW
MonitorFromWindow
GetMonitorInfoW
GetDpiForWindow
SetForegroundWindow
SetDesktopColorTransform
SendNotifyMessageW
GetWindowThreadProcessId
GetShellWindow
GetKeyState
SendInput
GetThreadDesktop
SetTimer
GetUserObjectInformationW
KillTimer
UnregisterClassA
LoadIconW

api-ms-win-crt-string-l1-1-0

wcscspn
memset
wcsspn
strncmp
memmove_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wtoi
_o__initialize_onexit_table
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
wcsrchr
wcschr
wcsstr
_o__get_wide_winmain_command_line
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__exit
_o__errno
_o__crt_atexit
_o__controlfp_s
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler3
memcmp
memcpy
_o__initialize_wide_environment
memmove

ntdll

WinSqmIncrementDWORD
NtQueryWnfStateData
WinSqmIsOptedIn
WinSqmAddToStream

oleacc

AccessibleObjectFromWindow

ole32

CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoInitialize

oleaut32

SysFreeString
SysAllocString
SetErrorInfo
SysStringLen
GetErrorInfo

shell32

ShellExecuteW

shcore

IsProcessInIsolatedContainer

dui70

InitProcessPriv
InitThread
?Create@NativeHWNDHost@DirectUI@@SGJPBG0PAUHWND__@@PAUHICON__@@HHHHHHPAUHINSTANCE__@@IPAPAV12@@Z
?EndDefer@Element@DirectUI@@QAEXK@Z
?ShowWindow@NativeHWNDHost@DirectUI@@QAEXH@Z
StartMessagePump
?Destroy@NativeHWNDHost@DirectUI@@QAEXXZ
UnInitThread
UnInitProcessPriv
?_OnUIStateChanged@HWNDElement@DirectUI@@MAEXGG@Z
?Initialize@HWNDElement@DirectUI@@QAEJPAUHWND__@@_NIPAVElement@2@PAK@Z
??1HWNDElement@DirectUI@@UAE@XZ
??0HWNDElement@DirectUI@@QAE@XZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UAEJPAPAUIAccessible@@@Z
?Register@HWNDElement@DirectUI@@SGJXZ
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UAEXPAPBGPAI@Z
?WndProc@HWNDElement@DirectUI@@UAEJPAUHWND__@@IIJ@Z
?CreateStyleParser@HWNDElement@DirectUI@@UAEJPAPAVDUIXmlParser@2@@Z
?RemoveTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?OnCompositionChanged@HWNDElement@DirectUI@@UAEXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UAEXIJ@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UAEXIJ@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UAEXPAUtagMSG@@PAJ@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UAEXPAUKeyboardEvent@2@@Z
?OnInput@HWNDElement@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UAEXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UAEXPAUThemeChangedEvent@2@@Z
?OnEvent@HWNDElement@DirectUI@@UAEXPAUEvent@2@@Z
?OnDestroy@HWNDElement@DirectUI@@UAEXXZ
?OnGroupChanged@HWNDElement@DirectUI@@UAEXH_N@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?Host@NativeHWNDHost@DirectUI@@QAEXPAVElement@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UAEPAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UAEJABU_GUID@@PAPAX@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?DoubleBuffered@Element@DirectUI@@QAEX_N@Z
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UAEXPAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?Add@Element@DirectUI@@QAEJPAV12@@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?Destroy@Element@DirectUI@@QAEJ_N@Z
?Destroy@Layout@DirectUI@@QAEXXZ
?Create@FillLayout@DirectUI@@SGJPAPAVLayout@2@@Z
?LoadFromResource@DUIFactory@DirectUI@@QAEJPAUHINSTANCE__@@PBG1PAVElement@2@PAKPAPAV42@1@Z
??1DUIFactory@DirectUI@@QAE@XZ
?DestroyWindow@NativeHWNDHost@DirectUI@@QAEXXZ
?GetClassInfoW@HWNDElement@DirectUI@@UAEPAUIClassInfo@2@XZ
?GetHWND@HWNDElement@DirectUI@@UAEPAUHWND__@@XZ
?IsMSAAEnabled@HWNDElement@DirectUI@@UAE_NXZ
?CanSetFocus@HWNDElement@DirectUI@@UAE_NXZ
?SetLayout@Element@DirectUI@@QAEJPAVLayout@2@@Z
?SetAccessible@Element@DirectUI@@QAEJ_N@Z
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?IsRTLReading@Element@DirectUI@@UAE_NXZ
?GetKeyFocusedElement@HWNDElement@DirectUI@@SGPAVElement@2@XZ
?Click@Button@DirectUI@@SG?AVUID@@XZ
?GetClassInfoPtr@CCPushButton@DirectUI@@SGPAUIClassInfo@2@XZ
StrToID
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z

dwmapi

DwmSetWindowAttribute

msvcp_win

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Xbad_alloc@std@@YAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Xout_of_range@std@@YAXPBD@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EhStorAuthn.exe
.exe windows:10 windows x86 arch:x86

d8bea4fef46578b7424738f766c2a7cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

EhStorAuthn.pdb

Imports

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

kernel32

GetModuleHandleW
Sleep
WaitForSingleObject
LocalAlloc
GetLastError
LocalFree
FreeResource
WideCharToMultiByte
CreateFileW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CloseHandle
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
FindResourceW
LoadResource
CreateThread
LockResource

gdi32

CreateSolidBrush
SetTextColor
SetBkColor
CreateFontIndirectW
DeleteObject

user32

FindWindowExW
GetWindowTextLengthW
GetWindowLongW
GetParent
KillTimer
LoadStringW
UnregisterDeviceNotification
PostQuitMessage
FindWindowW
TranslateMessage
DispatchMessageW
RegisterDeviceNotificationW
ShowWindow
RegisterClassExW
UnregisterClassW
SendMessageW
CreateWindowExW
SetActiveWindow
PostMessageW
DefWindowProcW
GetMessageW
GetWindowTextW
EnableWindow
SetForegroundWindow
DialogBoxParamW
GetSysColorBrush
CheckDlgButton
GetDlgItem
SetWindowLongW
LoadIconW
SetFocus
IsDlgButtonChecked
GetSysColor
GetDlgCtrlID
SetDlgItemTextW
EndDialog
SetWindowTextW
DestroyWindow
SendDlgItemMessageW
SetTimer

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
free
memcpy
_wcsicmp
_vsnwprintf
__CxxFrameHandler3
exit
__p__fmode
memset

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString

shell32

CommandLineToArgvW
ShellExecuteExW

uxtheme

CloseThemeData
GetThemeColor
GetThemeFont
OpenThemeData

comctl32

PropertySheetW
ord345
CreatePropertySheetPageW
ord344

crypt32

CryptProtectData
CryptUnprotectData

ntdll

WinSqmAddToStream

Exports

Exports

Microsoft_WDF_UMDF_Version

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
curl.exe
.exe windows:6 windows x86 arch:x86

c50155b1b3d8d868b92e16542e503090

Code Sign

33:00:00:03:84:d9:68:7d:66:cc:75:4b:a1:00:00:00:00:03:84
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/07/2023, 23:45

Not After

15/09/2024, 23:45

Subject

CN=Microsoft 3rd Party Application Component,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:16:11:c5:3f:8b:b3:7d:21:41:c8:10:ce:bf:29:79:9d:f2:c1:be:ad:a6:ab:49:b2:31:47:86:94:ce:f5:94
Signer

Actual PE Digest

50:16:11:c5:3f:8b:b3:7d:21:41:c8:10:ce:bf:29:79:9d:f2:c1:be:ad:a6:ab:49:b2:31:47:86:94:ce:f5:94

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\__w\1\s\_build\src\RelWithDebInfo\curl.pdb

Imports

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetEnvironmentVariableA
GetStdHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleMode
SetConsoleCtrlHandler
WriteConsoleW

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Module32NextW
Module32FirstW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetFileSizeEx
GetFileTime
SetFileTime
ReadFile
GetFileType
CreateFileW
SetEndOfFile

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSRWLockExclusive
EnterCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
SetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
SleepEx
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

ws2_32

listen
bind
inet_ntop
inet_pton
WSAEnumNetworkEvents
getsockopt
recvfrom
send
accept
WSAEventSelect
WSACreateEvent
WSACloseEvent
ioctlsocket
WSAWaitForMultipleEvents
getpeername
htonl
WSAStartup
getsockname
connect
recv
WSACleanup
ntohs
WSASetLastError
WSAGetLastError
freeaddrinfo
__WSAFDIsSet
sendto
gethostname
getaddrinfo
select
socket
closesocket
htons
WSAIoctl
setsockopt
WSAResetEvent

api-ms-win-core-localization-l1-2-0

IdnToUnicode
IdnToAscii
FormatMessageW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

bcrypt

BCryptGenRandom

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptHashData
CryptDestroyKey
CryptGetHashParam
CryptEncrypt
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptImportKey

crypt32

CryptQueryObject
CertAddCertificateContextToStore
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertEnumCertificatesInStore
CertGetCertificateChain
CertCloseStore
CryptDecodeObjectEx
CertFindCertificateInStore
CertFreeCertificateChain
CertOpenStore
CryptStringToBinaryW
CertCreateCertificateChainEngine
PFXImportCertStore
CertFindExtension
CertGetNameStringW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentProcessId
TlsGetValue
TlsSetValue
TlsAlloc

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-stdio-l1-1-0

fclose
fseek
getc
fread
__stdio_common_vsscanf
_set_fmode
_get_osfhandle
_lseeki64
_read
puts
_close
fputs
fwrite
fflush
__acrt_iob_func
fputc
_isatty
_write
_setmode
ftell
feof
_fseeki64
fgets
freopen
__stdio_common_vswprintf
__stdio_common_vsprintf
_wfopen
ferror
_wopen
_fileno
__p__commode

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
_gmtime64
strftime

api-ms-win-crt-convert-l1-1-0

strtol
wcstombs
strtod
strtoll
atoi
strtoul

api-ms-win-crt-runtime-l1-1-0

terminate
_cexit
_set_app_type
_controlfp_s
__sys_errlist
__sys_nerr
_register_thread_local_exe_atexit_callback
_crt_atexit
_c_exit
_register_onexit_function
_beginthreadex
_initialize_onexit_table
__p___wargv
__p___argc
abort
_configure_wide_argv
_initialize_wide_environment
_errno
strerror
_exit
_get_initial_wide_environment
_initterm
_initterm_e
exit
_seh_filter_exe

api-ms-win-crt-string-l1-1-0

strpbrk
strncpy
_strdup
strcspn
_stricmp
strncmp
strtok
wcsncpy
wcspbrk
strspn
_wcsdup
wcsncmp

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_unlink
_wstat64
_fstat64

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

kernel32

InitializeSListHead
SetUnhandledExceptionFilter
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-crt-math-l1-1-0

_fdopen
__setusermatherr

api-ms-win-crt-conio-l1-1-0

_getch

Sections

.text
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dccw.exe
.exe windows:10 windows x86 arch:x86

491393967a8d093caa31d224e1563ec2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dccw.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventRegister
EventUnregister
EventWrite
RegQueryValueExW

kernel32

CreateMutexW
HeapSetInformation
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
WaitForSingleObject
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetLastError
ReleaseMutex
CloseHandle
CreateFileW
GetCurrentProcessId
LockResource
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
FormatMessageW
GetSystemDirectoryW
WriteFile
WideCharToMultiByte
GetSystemTime
CopyFileW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
RaiseException
DeleteCriticalSection
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
OutputDebugStringA
TerminateProcess
SetUnhandledExceptionFilter
HeapFree
VirtualFree
GetCurrentProcess
VirtualAlloc
LoadLibraryExA
EncodePointer
HeapAlloc
DecodePointer
IsProcessorFeaturePresent
GetProcessHeap
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
GetStartupInfoW
UnhandledExceptionFilter
QueryPerformanceCounter

gdi32

StretchBlt
CreateCompatibleBitmap
SetStretchBltMode
SelectObject
CreateCompatibleDC
GetObjectW
GetTextExtentPoint32W
SetDeviceGammaRamp
GetDeviceGammaRamp
GetStockObject
SetBkMode
SetBkColor
SetTextColor
CreateSolidBrush
GetDeviceCaps
CreateDCW
DeleteDC
DeleteObject

user32

LoadStringW
GetWindow
ShowWindow
MessageBoxW
ReleaseDC
GetWindowTextW
GetWindowTextLengthW
GetDC
KillTimer
SetTimer
SetWindowTextW
PostMessageW
MapDialogRect
EnumChildWindows
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes
EnumDisplayDevicesW
ShowCursor
LoadCursorW
SetCursor
GetMonitorInfoW
EnumDisplayMonitors
MonitorFromWindow
GetParent
InvalidateRect
MapWindowPoints
GetWindowRect
GetDlgItem
DefWindowProcW
SendMessageW
CallWindowProcW
SetWindowPos
SetForegroundWindow
OpenIcon
SetWindowLongW
GetWindowLongW
MonitorFromRect
SendMessageTimeoutW
AllowSetForegroundWindow
GetWindowThreadProcessId
FindWindowW
RegisterWindowMessageW
GetActiveWindow
GetSystemMetrics
CharNextW
DestroyWindow
UnregisterClassA
MoveWindow

msvcrt

_ftol2
memcpy
_controlfp
?terminate@@YAXXZ
realloc
_errno
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
swscanf_s
wcsstr
_wcsupr
_purecall
memcpy_s
malloc
wcsncpy_s
free
_ftol2_sse
_vsnwprintf
towlower
iswupper
_CIpow
memset

ntdll

WinSqmAddToStream

dxva2

GetNumberOfPhysicalMonitorsFromHMONITOR
GetPhysicalMonitorsFromHMONITOR
DestroyPhysicalMonitors
GetMonitorBrightness
SetMonitorBrightness
GetMonitorContrast
SetMonitorContrast
GetVCPFeatureAndVCPFeatureReply
SetVCPFeature

mscms

GetColorProfileFromHandle
UninstallColorProfileW
WcsCreateIccProfile
GetColorDirectoryW
InstallColorProfileW
CloseColorProfile
DccwSetDisplayProfileAssociationList
WcsGetUsePerUserProfiles
WcsGetDefaultColorProfile
WcsOpenColorProfileW
DccwGetGamutSize
DccwCreateDisplayProfileAssociationList
DccwGetDisplayProfileAssociationList
WcsGetCalibrationManagementState
SetColorProfileElement
SetColorProfileElementSize
DccwReleaseDisplayProfileAssociationList
WcsDisassociateColorProfileFromDevice
WcsSetCalibrationManagementState
WcsSetDefaultColorProfile

shell32

ShellExecuteW

gdiplus

GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipFree
GdipCreateLineBrushI
GdipFillRectangleI
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup

comctl32

TaskDialogIndirect
DestroyPropertySheetPage
CreatePropertySheetPageW
PropertySheetW

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dcomcnfg.exe
.exe windows:10 windows x86 arch:x86

09dc7c84fc3ff557d19cadf0ea6eb40e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DCOMCnfg.pdb

Imports

kernel32

GetCurrentProcess
GetSystemDirectoryW
FormatMessageW
GetLastError
CloseHandle
HeapSetInformation
LocalFree
CreateProcessW
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcessId

user32

MessageBoxW

msvcrt

__setusermatherr
_initterm
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_cexit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnwprintf
exit
_exit
__p__fmode
memset

ntdll

NtQueryInformationProcess

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ddodiag.exe
.exe windows:10 windows x86 arch:x86

b43ccbc6c55900e84eecec9a08752c16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DDODiag.pdb

Imports

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
_wcsicmp
__setusermatherr
__p__fmode
_cexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
malloc
free
_vsnwprintf
_exit
memset

kernel32

GetLastError
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
FileTimeToSystemTime
GetTempPath2W
SetFilePointerEx
CloseHandle
DuplicateHandle
CreateFileW
WriteFile
GetCurrentProcess
GetFileSizeEx
ReadFile

ole32

PropVariantClear
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID

xmllite

CreateXmlWriter

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dfrgui.exe
.exe windows:10 windows x86 arch:x86

f48ee48bb250143e2fc6d4223581907d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dfrgui.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
OpenProcessToken
EventSetInformation
EventRegister
EventUnregister
RegCloseKey
EventWriteTransfer
RegCreateKeyExW
TraceMessage
DuplicateToken
ControlTraceW
StartTraceW
EnableTraceEx2
CheckTokenMembership
GetTokenInformation
CreateWellKnownSid
RegQueryValueExW
RegSetValueExW

kernel32

FormatMessageW
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
GetFileAttributesW
CreateThread
LoadLibraryExW
LocalAlloc
GetSystemDirectoryW
ExpandEnvironmentStringsW
MoveFileExW
DeviceIoControl
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
InterlockedPopEntrySList
RtlCaptureStackBackTrace
InterlockedPushEntrySList
SystemTimeToFileTime
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
SetEvent
DeleteCriticalSection
InitializeCriticalSection
GetVolumeNameForVolumeMountPointW
GetTimeFormatW
GetDateFormatW
SetLastError
WaitForSingleObject
CreateEventW
CloseHandle
SetErrorMode
GetProcessHeap
HeapSetInformation
RegisterApplicationRestart
GetCommandLineW
GetLocalTime
GetCurrentProcess
LocalFree
GetLastError
CreateDirectoryW
DeleteFileW

gdi32

DeleteDC
GdiFlush
SelectObject
SetLayout
CreateCompatibleDC
DeleteObject
CreateDIBSection
GetObjectW
CreateFontIndirectW
GetDeviceCaps
SetBkColor
ExtTextOutW
SetTextColor

user32

MessageBoxW
RegisterWindowMessageW
GetDlgItemTextW
SetDlgItemTextW
EnumWindows
GetWindowTextW
SendMessageTimeoutW
GetDlgItem
SendMessageW
SetWindowTextW
GetDC
ReleaseDC
SetForegroundWindow
DialogBoxParamW
GetWindowRect
MoveWindow
GetSystemMetrics
ClientToScreen
GetClientRect
DestroyIcon
GetWindowLongW
SetWindowLongW
SetFocus
GetDesktopWindow
ChangeWindowMessageFilterEx
LoadImageW
SetWindowPos
PostMessageW
ShowWindow
BeginPaint
MapWindowPoints
GetSysColor
EndPaint
EndDialog
EnableWindow
IsDlgButtonChecked
DestroyWindow
LoadStringW
CheckDlgButton
DrawFrameControl
OffsetRect
InflateRect
SetTimer
KillTimer
GetSysColorBrush

msvcrt

_ismbblead
__setusermatherr
_initterm
_acmdln
__CxxFrameHandler3
wcstok
?terminate@@YAXXZ
_controlfp
_except_handler4_common
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
malloc
free
_purecall
_wtol
_wcsicmp
memcpy_s
_vsnwprintf
_vscwprintf
iswspace
sprintf_s
memcpy
memset

shell32

ShellExecuteExW
SHGetStockIconInfo
SHGetFileInfoW
CommandLineToArgvW

oleaut32

SysAllocString
SysFreeString
VariantTimeToSystemTime
VariantInit
VariantClear
SysStringLen
SystemTimeToVariantTime

rpcrt4

UuidCreate

comctl32

ImageList_Destroy
ImageList_Create
ord345
ImageList_ReplaceIcon
ImageList_Add
ImageList_AddMasked
InitCommonControlsEx
ord344

ntdll

WinSqmAddToStream
RtlFreeHeap
RtlAllocateHeap
EtwTraceMessage
RtlNtStatusToDosError
RtlGetLastNtStatus
RtlGetPersistedStateLocation

sxshared

SxTracerDebuggerBreak
SxTracerShouldTrackFailure
SxTracerGetThreadContextRetail

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoDisconnectObject

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dialer.exe
.exe windows:10 windows x86 arch:x86

76e0d8d65462216e7b0903bc27d606d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dialer.pdb

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

kernel32

HeapSetInformation
LocalFree
GetModuleHandleW
GetTickCount
lstrcmpW
GetCurrentThreadId
GetLastError
FormatMessageW
LocalAlloc
CreateMutexW
lstrlenW
CloseHandle
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep

gdi32

GetStockObject
GetTextExtentPoint32W
SetBkColor
LPtoDP
CreateFontIndirectW
SelectObject

user32

DefDlgProcW
IsDialogMessageW
DispatchMessageW
ShowWindow
GetActiveWindow
LoadStringW
LoadAcceleratorsW
DrawIcon
GetSystemMetrics
EndDialog
SendMessageW
FillRect
MessageBoxW
SetWindowPos
GetDC
DestroyWindow
GetFocus
GetWindowRect
PostMessageW
CreateDialogParamW
GetMessageW
GetWindowTextLengthW
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
GetSysColor
WinHelpW
SetFocus
TranslateAcceleratorW
TranslateMessage
GetClipboardData
LoadIconW
PeekMessageW
FindWindowW
LoadCursorW
GetClientRect
GetDlgItem
IsClipboardFormatAvailable
CheckDlgButton
PostQuitMessage
GetSysColorBrush
EnableMenuItem
SystemParametersInfoW
GetParent
DialogBoxParamW
UpdateWindow
SetForegroundWindow
IsIconic
ReleaseDC
BeginPaint
EndPaint
EnableWindow
RegisterClassW

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
memset
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
wcscspn
wcsspn
_itow
_wtoi
_vsnwprintf
_exit
memmove

shell32

ShellAboutW

tapi32

lineGetAppPriorityW
lineGetDevCapsW
lineClose
lineGetRequestW
lineSetAppPriorityW
lineRegisterRequestRecipient
lineDrop
lineConfigDialogW
lineDeallocateCall
lineTranslateDialogW
lineInitializeExW
lineGetTranslateCapsW
lineTranslateAddressW
lineShutdown
lineGetAddressCapsW
lineMakeCallW
lineNegotiateAPIVersion
lineOpenW

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
diskpart.exe
.exe windows:10 windows x86 arch:x86

801e31d14c4ea10290c41b08cb303f4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

diskpart.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyW

kernel32

DeviceIoControl
CreateFileW
GetLastError
CloseHandle
SetConsoleCtrlHandler
GetStdHandle
GetModuleFileNameW
SetThreadUILanguage
GetVersionExW
GetConsoleMode
HeapSetInformation
ExitProcess
GetComputerNameW
GetFileType
RegisterApplicationRestart
ExpandEnvironmentStringsW
Sleep
WriteFile
LocalAlloc
FormatMessageW
LoadLibraryW
GetWindowsDirectoryW
WriteConsoleW
LocalFree
GetModuleHandleW
FreeLibrary
WideCharToMultiByte

msvcrt

_callnewh
_purecall
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
memmove
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
__p__fmode
__setusermatherr
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
_except_handler4_common
memcmp
_wcstoui64
_ui64tow
_ltow
wcstol
_wtoi64
_wcsupr
towupper
iswalpha
_cexit
swscanf
_wcsnicmp
fgetwc
wcspbrk
setvbuf
_wfopen
fclose
setlocale
malloc
free
wcsstr
wcschr
_errno
??3@YAXPAX@Z
wcstoul
_vsnwprintf
_wtol
_wtoi
wcsspn
_ultow
_wcsicmp
__CxxFrameHandler3
wcsrchr
__iob_func
memset

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoUninitialize
CoCreateGuid

rpcrt4

RpcStringFreeW
UuidToStringW
UuidFromStringW
UuidCreate

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
diskperf.exe
.exe windows:10 windows x86 arch:x86

b5a8991c7d6cb3fc7fc01baef60ba9b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

diskperf.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vfwprintf
_o___stdio_common_vswprintf
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_initial_narrow_environment
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcsupr
_o__wtoi
_o_exit
_o_free
_o_malloc
_o_setlocale
_o_terminate
_o_wcstok
__current_exception
__current_exception_context
_except_handler4_common
_o___p__commode
_o___p___argv
_o___p___argc
_o___acrt_iob_func

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-file-l1-1-0

GetFileType
FindVolumeClose
FindFirstVolumeW
FindNextVolumeW
CreateFileW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCommandLineW

ntdll

RtlInitUnicodeString
NtClose
NtOpenFile
NtQuerySystemInformation

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l2-1-0

RegConnectRegistryW

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
diskusage.exe
.exe windows:10 windows x86 arch:x86

997a472f95c94f01debd1236b75562e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

diskusage.pdb

Imports

msvcrt

_except_handler4_common
_controlfp
_wcsicmp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
wprintf
malloc
_wcsnicmp
free
wcschr
memcpy
memcmp
_wcstoui64
atoi
_errno
wcstoul
wcscpy_s
iswspace
_vsnwprintf
memmove
memset

kernel32

CreateFileW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
GetNumberFormatW
FileTimeToSystemTime
GetLocaleInfoA
GetLocaleInfoW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetFileInformationByHandle
DeviceIoControl
FindNextFileW
FindFirstFileExW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
FindFirstFileW
GetFullPathNameW
GetStdHandle
GetPrivateProfileIntW
FindClose
GetPrivateProfileStringW
GetConsoleMode
GetLastError
CloseHandle
GetCurrentDirectoryW
SetLastError
GetConsoleOutputCP
WriteFile
SetConsoleMode
FormatMessageW
WriteConsoleW
LocalFree
GetModuleHandleW
WideCharToMultiByte
GetFileType
Sleep
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
LookupPrivilegeValueW
OpenProcessToken

ntdll

RtlInsertElementGenericTableAvl
RtlDeleteCriticalSection
RtlIsDosDeviceName_U
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlCopyUnicodeString
RtlLookupElementGenericTableAvl
NtClose
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlFreeHeap
RtlLeaveCriticalSection
NtCreateFile
NtQueryDirectoryFileEx
RtlIsNameInExpression
NtQueryInformationFile
RtlUpcaseUnicodeString
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtOpenFile
RtlNtStatusToDosError
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlFreeUnicodeString
RtlInitializeGenericTableAvl

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dllhost.exe
.exe windows:10 windows x86 arch:x86

b7f063f6e914db6acb4dcc8d69219a5f

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:1c:3c:c5:4e:bb:8b:09:a0:f0:73:02:7b:3f:60:d7:5e:d2:01:0e:47:4c:ec:46:99:72:f1:e0:e9:5b:1d:3c
Signer

Actual PE Digest

a6:1c:3c:c5:4e:bb:8b:09:a0:f0:73:02:7b:3f:60:d7:5e:d2:01:0e:47:4c:ec:46:99:72:f1:e0:e9:5b:1d:3c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dllhost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o_exit
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common

api-ms-win-crt-string-l1-1-0

memset

ntdll

NtSetInformationProcess

api-ms-win-core-com-private-l1-1-0

CoRegisterSurrogateEx

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
IIDFromString

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dllhst3g.exe
.exe windows:10 windows x86 arch:x86

b7f063f6e914db6acb4dcc8d69219a5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dllhst3g.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o_exit
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common

api-ms-win-crt-string-l1-1-0

memset

ntdll

NtSetInformationProcess

api-ms-win-core-com-private-l1-1-0

CoRegisterSurrogateEx

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
IIDFromString

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
doskey.exe
.exe windows:10 windows x86 arch:x86

815cebc8099878fcfc3eefe858fab97b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

doskey.pdb

Imports

ulib

?Stricmp@WSTRING@@QBEJPBV1@@Z
?IsValueSet@ARGUMENT@@QAEEXZ
?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
??0PATH_ARGUMENT@@QAE@XZ
??1PATH_ARGUMENT@@UAE@XZ
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
?ReadLine@STREAM@@QAEEPAVWSTRING@@E@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Strchr@WSTRING@@QBEKGK@Z
?Initialize@STREAM_MESSAGE@@QAEEPAVSTREAM@@00@Z
?Set@STREAM_MESSAGE@@UAEEKW4MESSAGE_TYPE@@K@Z
??0FLAG_ARGUMENT@@QAE@XZ
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
??0REST_OF_LINE_ARGUMENT@@QAE@XZ
?Initialize@REST_OF_LINE_ARGUMENT@@QAEEXZ
??0ARRAY@@QAE@XZ
?DeleteChAt@WSTRING@@QAEXKK@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?Initialize@WSTRING@@QAEEPBDK@Z
??1STREAM_MESSAGE@@UAE@XZ
?QueryWSTR@WSTRING@@QBEPAGKKPAGKE@Z
?Strcat@WSTRING@@QAEEPBV1@@Z
Get_Standard_Output_Stream
?Display@MESSAGE@@QAAEPBDZZ
?DisplayMsg@MESSAGE@@QAAEKW4MESSAGE_TYPE@@KPBDZZ
?MakeFileToken@MESSAGE@@SG_KPBD@Z
??0STRING_ARGUMENT@@QAE@XZ
??1STRING_ARGUMENT@@UAE@XZ
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
??0ARGUMENT_LEXEMIZER@@QAE@XZ
??1ARGUMENT_LEXEMIZER@@UAE@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QAEPAVWSTRING@@XZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
??0STREAM_MESSAGE@@QAE@XZ
??1OBJECT@@UAE@XZ
??1ARRAY@@UAE@XZ
?Initialize@ARRAY@@QAEEKK@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QAEPAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0LONG_ARGUMENT@@QAE@XZ
?Initialize@LONG_ARGUMENT@@QAEEPAD@Z
Get_Standard_Input_Stream
??0DSTRING@@QAE@XZ
??1DSTRING@@UAE@XZ

kernel32

TerminateProcess
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
GetConsoleCommandHistoryLengthW
AddConsoleAliasW
HeapSetInformation
GetConsoleAliasesLengthW
GetConsoleMode
ExpungeConsoleCommandHistoryW
GetConsoleCommandHistoryW
GetConsoleAliasExesW
SetConsoleMode
SetConsoleNumberOfCommandsW
GetStdHandle
GetConsoleAliasesW
GetConsoleAliasExesLengthW
GetCurrentProcess
UnhandledExceptionFilter

ntdll

RtlFreeHeap
RtlAllocateHeap

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dpapimig.exe
.exe windows:10 windows x86 arch:x86

da3fb0a7eb3f23a19bb11529165ac3da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dpapimig.pdb

Imports

advapi32

GetTokenInformation
GetSidIdentifierAuthority
RegEnumValueW
OpenThreadToken
GetLengthSid
ConvertSidToStringSidW
RegOpenKeyExW
OpenProcessToken
IsValidSid
RegDeleteTreeW
RegEnumKeyExW
ConvertStringSidToSidW
CopySid
GetSidSubAuthority
GetSidSubAuthorityCount
RegCloseKey

kernel32

GetCommandLineW
GetCurrentProcess
CompareStringOrdinal
GetCurrentThread
CloseHandle
LocalAlloc
GetLastError
LocalFree

user32

LoadIconW
LoadStringW
MessageBoxW
PostMessageW

msvcrt

_callnewh
malloc
wcsncmp
?terminate@@YAXXZ
free
_XcptFilter
__p__commode
_controlfp
memset
_except_handler4_common
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit

crypt32

CryptUpdateProtectedState

api-ms-win-core-com-l1-1-0

CoUninitialize

samcli

NetUserModalsGet

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetStartupInfoW
TerminateProcess
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

comctl32

ord345
PropertySheetW

ole32

CoInitialize

shell32

CommandLineToArgvW

dui70

StrToID
?GetEncodedContentString@Element@DirectUI@@QAEJPAGI@Z
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?DestroyCP@TaskPage@DirectUI@@EAEXXZ
?CreateParserCP@TaskPage@DirectUI@@EAEJPAPAVDUIXmlParser@2@@Z
?CreateDUICP@TaskPage@DirectUI@@EAEJPAVHWNDElement@2@PAUHWND__@@1PAPAVElement@2@PAPAVDUIXmlParser@2@@Z
?Click@Button@DirectUI@@SG?AVUID@@XZ
?LoadParser@TaskPage@DirectUI@@MAEJPAPAVDUIXmlParser@2@@Z
?PropSheet_SendMessage@TaskPage@DirectUI@@IAEJIIJ@Z
?DUICreatePropertySheetPage@TaskPage@DirectUI@@QAEJPAUHINSTANCE__@@@Z
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?SetContentString@Element@DirectUI@@QAEJPBG@Z
?SetEnabled@Element@DirectUI@@QAEJ_N@Z
?SetMaxLength@Edit@DirectUI@@QAEJH@Z
?LoadPage@TaskPage@DirectUI@@MAEJPAVHWNDElement@2@PAUHINSTANCE__@@PAPAVElement@2@PAPAVDUIXmlParser@2@@Z
?InitPropSheetPage@TaskPage@DirectUI@@MAEXPAU_PROPSHEETPAGEW@@@Z
?OnQueryCancel@TaskPage@DirectUI@@MAEJXZ
?OnReset@TaskPage@DirectUI@@MAEJXZ
?OnWizBack@TaskPage@DirectUI@@MAEJXZ
?OnWizFinish@TaskPage@DirectUI@@MAEJXZ
?OnWizNext@TaskPage@DirectUI@@MAEJXZ
?OnQueryInitialFocus@TaskPage@DirectUI@@MAEPAVElement@2@XZ
?OnMessage@TaskPage@DirectUI@@MAE_NIIJPAJ@Z
?OnListenerAttach@TaskPage@DirectUI@@MAEXPAVElement@2@@Z
?OnListenerDetach@TaskPage@DirectUI@@MAEXPAVElement@2@@Z
?OnListenedPropertyChanging@TaskPage@DirectUI@@MAE_NPAVElement@2@PBUPropertyInfo@2@HPAVValue@2@2@Z
?OnListenedPropertyChanged@TaskPage@DirectUI@@MAEXPAVElement@2@PBUPropertyInfo@2@HPAVValue@2@2@Z
?OnListenedInput@TaskPage@DirectUI@@MAEXPAVElement@2@PAUInputEvent@2@@Z
UnInitThread
InitThread
??1TaskPage@DirectUI@@UAE@XZ
UnInitProcessPriv
??0TaskPage@DirectUI@@QAE@XZ
InitProcessPriv

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dplaysvr.exe
.dll windows:10 windows x86 arch:x86

5ec8c4d23acae27007a93578ecda7238

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

stub.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
_except_handler4_common

api-ms-win-crt-string-l1-1-0

memset

kernel32

UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent

Exports

Exports

DllMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dpnsvr.exe
.dll windows:10 windows x86 arch:x86

5ec8c4d23acae27007a93578ecda7238

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

stub.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
_except_handler4_common

api-ms-win-crt-string-l1-1-0

memset

kernel32

UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent

Exports

Exports

DllMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driverquery.exe
.exe windows:10 windows x86 arch:x86

dc0b596da001f9c34e67199bf225bdd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

drvqry.pdb

Imports

kernel32

GetNumberFormatW
CreateFileW
CreateFileMappingW
CloseHandle
MapViewOfFile
UnmapViewOfFile
GetDateFormatW
GetTimeFormatW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
GetLocaleInfoW
GetUserDefaultLocaleName
LocaleNameToLCID
GetUserDefaultLCID
FormatMessageW
LocalAlloc
WriteConsoleW
GetStdHandle
GetLastError
GetModuleFileNameW
SetLastError
FileTimeToSystemTime
GetComputerNameExW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ReadConsoleW
ReadFile
SetConsoleMode
MultiByteToWideChar
ExitProcess
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
lstrlenA
GetConsoleMode
GetFileType
WideCharToMultiByte
FindStringOrdinal
SetThreadUILanguage
CreateMutexW
GetConsoleOutputCP

msvcrt

memcpy
_CxxThrowException
fflush
_except_handler4_common
_controlfp
?terminate@@YAXXZ
wcstok
??1type_info@@UAE@XZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
free
_callnewh
malloc
wcschr
_vsnwprintf
_wcsicmp
_wtoi
localtime
_stricmp
_strnicmp
_wcsnset
_ltow
swprintf_s
_wsetlocale
__CxxFrameHandler3
__iob_func
_memicmp
_errno
wcstod
wcstol
wcstoul
_fileno
_get_osfhandle
fprintf
memset

oleaut32

VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantCopy
VariantClear

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree

sspicli

GetUserNameExW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

VerSetConditionMask
RtlVerifyVersionInfo

user32

wsprintfW
CharUpperW
LoadStringW

mpr

WNetGetLastErrorW
WNetCancelConnection2W
WNetAddConnection2W

framedynos

?GetBuffer@CHString@@QAEPAGH@Z
?ReleaseBuffer@CHString@@QAEXH@Z
??0CHString@@QAE@XZ
??4CHString@@QAEABV0@ABV0@@Z
?Compare@CHString@@QBEHPBG@Z
??4CHString@@QAEABV0@PBG@Z
?Find@CHString@@QBEHG@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
?Format@CHString@@QAAXPBGZZ
?FindOneOf@CHString@@QBEHPBG@Z
?Left@CHString@@QBE?AV1@H@Z
??0CHString@@QAE@PBG@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
?Mid@CHString@@QBE?AV1@H@Z
??1CHString@@QAE@XZ

shlwapi

StrCmpNW
StrChrW

ws2_32

WSACleanup
WSAStartup
GetNameInfoW
WSAGetLastError
GetAddrInfoW
FreeAddrInfoW

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dtdump.exe
.exe windows:10 windows x86 arch:x86

cea611d211d90d7bcd32a770ecba7d04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dtdump.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

api-ms-win-crt-string-l1-1-0

strcspn
memset

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
memmove
_o___p___wargv
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcsnicmp
_o__wcstoi64
_o__wcstoui64
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
_o___p___argc
_o___p__commode
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
EnterCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dvdplay.exe
.exe windows:10 windows x86 arch:x86

bf97b65605cc1377925051105d25d252

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dvdplay.pdb

Imports

advapi32

RegGetValueW

kernel32

SearchPathW
CreateProcessW
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common

api-ms-win-crt-string-l1-1-0

memset

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dxdiag.exe
.exe windows:10 windows x86 arch:x86

6186d7c40e113f20d06dd9c1c7aac3b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dxdiag.pdb

Imports

advapi32

EventActivityIdControl
RegQueryValueExW
RegDeleteValueW
EventUnregister
RegOpenKeyExW
RegSetValueExW
EventSetInformation
RegCreateKeyExW
RegFlushKey
EventRegister
EventWriteTransfer
RegCloseKey
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW

kernel32

HeapSetInformation
DeleteCriticalSection
FreeLibrary
RegisterApplicationRestart
WaitForSingleObject
GetSystemDirectoryW
Wow64EnableWow64FsRedirection
GetNativeSystemInfo
GetSystemInfo
GetStartupInfoW
CloseHandle
SetEvent
GetLastError
GetCurrentThreadId
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSection
LeaveCriticalSection
lstrlenW
GetModuleFileNameW
Sleep
CreateEventW
LoadLibraryW
WaitForMultipleObjects
GetCommandLineW
EnterCriticalSection
GetVersionExW
GetFileAttributesW
GetCurrentDirectoryW
GetModuleHandleW
GetFullPathNameW
WriteFile
CreateFileW
WideCharToMultiByte

gdi32

SelectObject
GetTextMetricsW
GetTextExtentPoint32W

user32

GetWindowRect
PostMessageW
ShowScrollBar
GetKeyState
AdjustWindowRectEx
CreateDialogParamW
SetScrollInfo
GetWindowLongW
EnableWindow
ReleaseDC
GetFocus
SetWindowPos
MessageBoxW
ScreenToClient
DestroyWindow
SetForegroundWindow
EndDialog
SetWindowTextW
GetScrollInfo
MsgWaitForMultipleObjects
UpdateWindow
DialogBoxParamW
ScrollWindow
GetDesktopWindow
PostQuitMessage
CheckDlgButton
KillTimer
GetDlgItem
GetClientRect
SetWindowsHookExW
LoadIconW
SendMessageW
GetDC
TranslateMessage
SetFocus
UnhookWindowsHookEx
IsWindowEnabled
PeekMessageW
IsDialogMessageW
SetTimer
DispatchMessageW
ShowWindow
CallNextHookEx
LoadStringW

msvcp_win

?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Xlength_error@std@@YAXPBD@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Xout_of_range@std@@YAXPBD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsprintf
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswscanf
_o__beginthreadex
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__putws
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsnicmp
_o__wtoi
_o__wtoi64
_o_exit
_o_free
_o_iswdigit
_o_malloc
_o_rand
_o_realloc
_o_terminate
_o_wcstok
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
wcsrchr
__std_terminate
wcsstr
__CxxFrameHandler3
wcschr
memcpy
memmove

comctl32

ord17
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon

comdlg32

GetSaveFileNameW

shell32

ShellExecuteW

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
edpnotify.exe
.exe windows:10 windows x86 arch:x86

b7e426de79cd230dde244af2d08b5122

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

EdpNotify.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o__wcsnicmp
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstok_s
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
_o___p__commode

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoAddRefServerProcess
CoRevokeClassObject
CoReleaseServerProcess
CoRegisterClassObject
CoResumeClassObjects
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc
CoWaitForMultipleHandles

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoRegisterActivationFactories
RoGetActivationFactory
RoInitialize
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
CreateSemaphoreExW
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
AcquireSRWLockShared
ReleaseSemaphore
CreateEventExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegOpenCurrentUser
RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
efsui.exe
.exe windows:10 windows x86 arch:x86

fbfcdb62e39168bd77f5a0d82001c66c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

efsui.pdb

Imports

advapi32

GetTokenInformation
ConvertSidToStringSidW
OpenProcessToken

kernel32

LocalFree
CreateMutexW
CloseHandle
GetCurrentProcess
GetCommandLineW
GetLastError
LocalAlloc

msvcrt

_amsg_exit
_XcptFilter
_vsnwprintf
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_wcsicmp
_ismbblead
__p__fmode
__getmainargs
__set_app_type
exit
_exit
_cexit
__p__commode

efsadu

EfsUIUtilEncryptMyDocuments
EfsUIUtilInstallDra
EfsUIUtilSelectCard
EfsUIUtilShowBalloonAndWait
EfsUIUtilPromptForPin
EfsUIUtilEnrollEfsCertificate
EfsUIUtilKeyBackup

crypt32

CryptBinaryToStringW
CryptStringToBinaryW
CertFreeCertificateContext

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

efsutil

EfsUtilGetCurrentKey

ntdll

RtlImageNtHeader

shell32

CommandLineToArgvW

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
esentutl.exe
.exe windows:10 windows x86 arch:x86

c7c5a971b9d7b38ddb5066c26e725f14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

esentutl.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
_onexit
__set_app_type
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_controlfp
_XcptFilter
_wtol
_wcsnicmp
strchr
_wfullpath
_wcsupr_s
_except_handler4_common
wcsstr
memcpy
swprintf_s
__iob_func
wcscpy_s
_getch
_snwscanf_s
_wsplitpath_s
_wmakepath_s
swscanf_s
wcstol
_vsnwprintf
malloc
free
wprintf
__p__commode
iswascii
fwprintf
isprint
_vsnprintf
strtoul
strcspn
strrchr
wcsncmp
wcsrchr
memmove_s
iswalpha
rand_s
wcspbrk
vprintf
strstr
wcschr
_purecall
_wcsicmp
wcscat_s
memset

esent

JetRestore2W
JetGetSystemParameterW
JetBeginSessionW
JetInit4W
JetGetLogFileInfoW
JetGetErrorInfoW
JetEndSession
JetSetSystemParameterA
JetGetDatabaseFileInfoW
JetTerm2
JetSetSystemParameterW
JetAttachDatabase3W
JetInit
JetDetachDatabaseW
JetTestHook
JetDBUtilitiesW

ntdll

RtlCaptureStackBackTrace

api-ms-win-core-file-l1-1-0

ReadFile
GetFinalPathNameByHandleW
FindVolumeClose
WriteFileGather
ReadFileScatter
FindNextVolumeW
FindFirstVolumeW
GetFileAttributesW
CreateFileW
SetFileValidData
DeleteFileW
SetFileInformationByHandle
WriteFile
FindClose
FlushFileBuffers
GetFullPathNameW
GetVolumePathNameW
GetFileInformationByHandle
GetDiskFreeSpaceExW
RemoveDirectoryW
GetDriveTypeW
GetDiskFreeSpaceW
GetFileAttributesExW
GetTempFileNameW
CreateDirectoryW
SetEndOfFile
GetVolumeInformationW
FindFirstFileW
GetFileSizeEx
FindNextFileW
SetFilePointerEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapDestroy
HeapAlloc
HeapFree

api-ms-win-core-io-l1-1-0

GetOverlappedResult
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
DeviceIoControl

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

SetHandleInformation
DuplicateHandle
CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetWindowsDirectoryW
GetVersionExW
GetSystemInfo
GetSystemTime
GetSystemWindowsDirectoryW
GetLocalTime
GetSystemTimeAsFileTime
GetTickCount
GetLogicalProcessorInformationEx

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
FreeLibrary
LoadLibraryExA
GetProcAddress

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx
CopyFileExW

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsFree
CreateProcessW
TlsAlloc
TlsSetValue
GetCurrentThread
GetExitCodeThread
TerminateProcess
GetCurrentProcess
ResumeThread
GetCurrentThreadId
GetCurrentProcessId
OpenThread
SetThreadPriorityBoost
SetThreadPriority
CreateThread

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SleepEx
SetEvent
WaitForSingleObject
ReleaseSRWLockExclusive
ReleaseMutex
EnterCriticalSection
WaitForSingleObjectEx
DeleteCriticalSection
AcquireSRWLockExclusive
CreateEventW
CreateMutexW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
MapViewOfFileEx
CreateFileMappingW
VirtualQueryEx

api-ms-win-core-processthreads-l1-1-1

GetThreadIdealProcessorEx
IsProcessorFeaturePresent

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak

api-ms-win-core-localization-l1-2-0

LCMapStringW
LCMapStringEx
FormatMessageW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-errorhandling-l1-1-3

SetThreadErrorMode

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringW

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eudcedit.exe
.exe windows:10 windows x86 arch:x86

7774bd8e5fdc12121f59cdefe8bb14b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

eudcedit.pdb

Imports

comdlg32

GetOpenFileNameW
ChooseFontW
GetSaveFileNameW

comctl32

InitCommonControlsEx

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellAboutW

gdi32

CreateSolidBrush
GetObjectW
GetTextExtentPoint32W
DeleteDC
CreateCompatibleDC
CreateBitmap
GetStockObject
GetBitmapBits
SetBitmapBits
BitBlt
StretchBlt
Rectangle
CreateCompatibleBitmap
PatBlt
CreatePolygonRgn
CreatePen
Ellipse
GetRgnBox
FillRgn
GetTextExtentExPointW
TranslateCharsetInfo
GetTextExtentPoint32A
ExtTextOutA
ExtTextOutW
OffsetRgn
GetTextMetricsW
GetLayout
DeleteObject
SetBkColor
SetTextColor
GetTextExtentPointW
EnumFontFamiliesW
EnableEUDC
CreateFontIndirectW
SelectObject
GetFontData

imm32

ImmConfigureIMEW
ImmEscapeW
ImmIsIME
ImmSetConversionStatus
ImmSetCompositionStringW
ImmDestroyContext
ImmGetConversionStatus
ImmCreateContext
ImmEnumRegisterWordW
ImmGetCompositionStringW
ImmAssociateContext
ImmRegisterWordW

ole32

CoInitialize
CoCreateInstance

msctf

TF_CreateInputProcessorProfiles
TF_CreateThreadMgr

oleaut32

SysAllocString
SysFreeString

advapi32

RegCloseKey
EventRegister
EventSetInformation
EventWriteTransfer
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
EventUnregister

kernel32

TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
MultiByteToWideChar
GlobalAlloc
GetCurrentProcess
GlobalLock
GlobalUnlock
lstrcmpW
lstrlenW
GetACP
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
GetTickCount
GetSystemWindowsDirectoryW
lstrcmpiW
CreateFileW
CloseHandle
lstrcmpA
CompareStringW
GetTempPathW
GetTempFileNameW
MoveFileExW
CreateFileMappingW
MapViewOfFile
SetUnhandledExceptionFilter
UnmapViewOfFile
WriteFile
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetLastError
IsDebuggerPresent
OutputDebugStringW
SetLastError
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
LocalAlloc
WaitForSingleObject
OpenSemaphoreW
LocalFree
LocalLock
LocalUnlock
InitOnceBeginInitialize
GetCurrentProcessId
CreateMutexExW
InitOnceComplete
CreateSemaphoreExW
ReadFile
SetFilePointer
HeapSetInformation
RegisterApplicationRestart
DeleteFileW
GetSystemDefaultLCID
MoveFileW
ExpandEnvironmentStringsW
UnhandledExceptionFilter
GetStartupInfoW
GetFileSize
Sleep
GlobalFree

user32

DrawMenuBar
DeleteMenu
IsIconic
IsZoomed
IsWindowVisible
SetRectEmpty
GetDialogBaseUnits
DispatchMessageW
TranslateMessage
PeekMessageW
GetSystemMetrics
SetActiveWindow
GetCapture
GetActiveWindow
SetForegroundWindow
FindWindowW
ShowScrollBar
ReleaseCapture
SetCapture
EqualRect
OffsetRect
InvertRect
ScreenToClient
GetCursorPos
UnionRect
CopyRect
SetClipboardData
EmptyClipboard
SetRect
EnumClipboardFormats
CloseClipboard
GetClipboardData
OpenClipboard
RegisterClipboardFormatW
LoadMenuW
SetCursor
DrawIcon
SetDlgItemTextW
ClientToScreen
UpdateWindow
LoadIconW
EnableScrollBar
GetWindowLongW
SetScrollInfo
DefWindowProcW
PostMessageW
GetWindow
GetWindowRect
GetDC
MessageBoxW
HideCaret
CreateWindowExW
SendMessageW
EndDialog
SetWindowTextW
MessageBeep
RegisterClassExW
LoadStringW
SetCaretPos
CreateCaret
GetKeyboardLayout
GetSysColor
IsWindowEnabled
SetFocus
BeginPaint
DestroyCaret
SetWindowLongW
GetDlgItem
ActivateKeyboardLayout
ShowCaret
DrawEdge
GetClassInfoExW
GetParent
DialogBoxParamW
PtInRect
InvalidateRect
IntersectRect
IsWindow
GetClientRect
GetDlgItemTextW
FillRect
LoadCursorW
GetKeyboardLayoutList
GetWindowTextW
EnableWindow
EndPaint
ReleaseDC

mfc42u

ord1569
ord5568
ord2910
ord1172
ord609
ord3567
ord4390
ord2566
ord6213
ord4142
ord2070
ord1150
ord3864
ord2383
ord5096
ord5099
ord3345
ord975
ord2875
ord4148
ord2375
ord5280
ord4431
ord5251
ord4422
ord3133
ord6819
ord4407
ord4495
ord6398
ord6399
ord5026
ord4294
ord4118
ord3491
ord4071
ord5996
ord5879
ord4143
ord2112
ord2119
ord2486
ord2618
ord2619
ord4140
ord4451
ord2084
ord807
ord554
ord402
ord4241
ord1851
ord2577
ord6150
ord2522
ord4359
ord4051
ord5467
ord4116
ord2381
ord5079
ord1702
ord1707
ord4398
ord5230
ord6365
ord5275
ord5254
ord2436
ord6065
ord6193
ord6063
ord3477
ord2072
ord4448
ord2109
ord3792
ord796
ord529
ord4260
ord1922
ord3737
ord5764
ord5869
ord6185
ord6126
ord324
ord641
ord1764
ord6362
ord2405
ord6051
ord4073
ord1768
ord4395
ord5237
ord2377
ord5157
ord6370
ord4347
ord5286
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3397
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4418
ord3634
ord818
ord567
ord692
ord540
ord800
ord4704
ord4155
ord6195
ord6237
ord5798
ord4219
ord1143
ord1165
ord5977
ord2637
ord3087
ord2634
ord4229
ord2854
ord3568
ord2385
ord2406
ord1560
ord268
ord3658
ord3621
ord1634
ord2855
ord2506
ord3592
ord4419
ord5276
ord4401
ord1767
ord6048
ord4992
ord5261
ord5949
ord4847
ord3093
ord4370
ord4215
ord2576
ord3649
ord2430
ord1850
ord4240
ord1637
ord1230
ord2093
ord4452
ord4282
ord289
ord613
ord1633
ord5781
ord3614
ord401
ord3566
ord323
ord640
ord3701
ord674
ord2444
ord2442
ord2397
ord3688
ord5784
ord5783
ord470
ord755
ord6168
ord5025
ord2371
ord5790
ord5871
ord5785
ord4292
ord4128
ord6115
ord2859
ord6390
ord5446
ord6928
ord6379
ord5436
ord4421
ord2437
ord5250
ord4430
ord1658
ord2641
ord5279
ord2374
ord5233
ord4072
ord4147
ord2873
ord2874
ord3398
ord5468
ord976
ord5006
ord3346
ord4298
ord4461
ord5098
ord5094
ord3054
ord2382
ord2715
ord5095
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord3716
ord795
ord6211
ord4269
ord4445
ord815
ord561
ord1197
ord2613
ord6113
ord2717
ord4692
ord3516
ord858
ord3517
ord535
ord3733
ord4616
ord5710
ord5285
ord5303
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord1821
ord4270
ord3605
ord656
ord6125
ord6017

msvcrt

_callnewh
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
wcstok
_controlfp
_except_handler4_common
memcpy
qsort
wcsstr
wcschr
wcstol
_wtoi
_vsnprintf_s
memcpy_s
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
malloc
memcmp
_ftol2_sse
_CxxThrowException
free
wcsrchr
__CxxFrameHandler3
_vsnwprintf
memset

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eventcreate.exe
.exe windows:10 windows x86 arch:x86

9aa2b0ab7dc35fbb1ed0455f25254d9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

evcreate.pdb

Imports

msvcrt

_controlfp
_except_handler4_common
wcstoul
_initterm
exit
_exit
__set_app_type
_cexit
__wgetmainargs
_amsg_exit
__p__commode
__p__fmode
__iob_func
_vsnwprintf
wcstok
wcstol
__setusermatherr
wcstod
?terminate@@YAXXZ
fflush
fprintf
_get_osfhandle
memset
_fileno
_errno
_memicmp
_XcptFilter

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
RegisterEventSourceW
DeregisterEventSource

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
ExitProcess
OpenProcessToken
GetCurrentThreadId
TerminateProcess

api-ms-win-core-registry-l2-1-0

RegConnectRegistryW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
FindStringOrdinal

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemTimeAsFileTime
GetTickCount

ntdll

RtlVerifyVersionInfo
VerSetConditionMask

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetGetLastErrorW

ws2_32

WSAGetLastError
WSAStartup
GetAddrInfoW
GetNameInfoW
WSACleanup
FreeAddrInfoW

sspicli

GetUserNameExW

netutils

NetApiBufferFree

srvcli

NetServerGetInfo

advapi32

CloseEventLog
OpenEventLogW

user32

CharUpperW
LoadStringW

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FormatMessageW
SetThreadUILanguage

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-file-l1-1-0

GetFileType
ReadFile

api-ms-win-core-console-l1-1-0

SetConsoleMode
GetConsoleOutputCP
WriteConsoleW
GetConsoleMode
ReadConsoleW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapSize
HeapAlloc
HeapFree
HeapValidate

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eventvwr.exe
.exe windows:10 windows x86 arch:x86

85cf1d98c00bbd03929b3a386b38c29c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

eventvwr.pdb

Imports

kernel32

GetModuleHandleW
FormatMessageW
LocalFree
GetLastError
HeapSetInformation
GetSystemDirectoryW
GetCommandLineW
CreateFileW
CloseHandle
CreateProcessW
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
GetCurrentProcess

user32

SendMessageW
EndDialog
WaitForInputIdle
DialogBoxParamW
EnableWindow
GetWindowLongW
SetWindowLongW
LoadIconW
DestroyWindow
ShowWindow
SetWindowTextW
GetDlgItem
LoadStringW
SendDlgItemMessageW

msvcrt

__setusermatherr
_initterm
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
free
_vsnwprintf
_cexit
__p__fmode
malloc
memset

shell32

CommandLineToArgvW

shlwapi

StrCmpNIW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
expand.exe
.exe windows:10 windows x86 arch:x86

8e41ddc1bb8ed67accdcd4eb4681f437

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

expand.pdb

Imports

msvcrt

strcat_s
strnlen
_vsnwprintf
_wcsicmp
_wcsnicmp
wcsncmp
memcmp
memcpy
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
toupper
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
malloc
free
vswprintf_s
_vsnprintf
vsprintf_s
strcpy_s
_wsetlocale
_snwprintf_s
fflush
atoi
printf
strncpy_s
_initterm
memset

kernel32

MapViewOfFile
CreateFileMappingW
LoadLibraryExA
FreeLibrary
LoadResource
FindResourceExW
LCIDToLocaleName
UnmapViewOfFile
GetVersionExW
GetLocaleInfoW
GetTempPathW
GetUserDefaultUILanguage
GetLocaleInfoEx
GetSystemDefaultUILanguage
SetLastError
SearchPathW
lstrcmpA
GetStringTypeW
GetFileTime
GlobalFree
GlobalAlloc
IsDBCSLeadByte
VirtualQuery
VirtualProtect
GetFullPathNameW
GetConsoleOutputCP
SetThreadUILanguage
GetFullPathNameA
HeapSetInformation
lstrcmpiA
lstrcmpiW
SetFileTime
LocalAlloc
_lopen
_llseek
ReleaseSRWLockExclusive
GetLastError
CloseHandle
LocalFree
_lread
GetFileSize
_lclose
_lcreat
_lwrite
ReadFile
HeapFree
GetModuleHandleExW
GetConsoleCP
SetFilePointer
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetACP
MultiByteToWideChar
FormatMessageW
GetFileAttributesA
GetSystemInfo
CreateThread
HeapAlloc
LoadLibraryExW
GetCurrentDirectoryW
GetProcAddress
GetProcessHeap
WideCharToMultiByte
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
AcquireSRWLockExclusive
RaiseException
GetVersionExA

user32

CharLowerA
LoadStringA
LoadStringW

cabinet

ord21
ord23
ord20

rpcrt4

UuidCreate

ntdll

NlsMbCodePageTag
RtlMultiByteToUnicodeN

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4704bd46363804e000bd49828e43b350

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

api-ms-win-core-com-l1-1-0

api-ms-win-service-private-l1-1-0

api-ms-win-core-processthreads-l1-1-0

wer

bcrypt

ntdll

advapi32

diagnosticdatasettings

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-version-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

Sections

.text Size: 174KB - Virtual size: 173KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 60B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 9KB

01c009ab59cfa7b262179479b15e5968

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

mfc42u

msvcrt

shlwapi

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

Sections

.text Size: 29KB - Virtual size: 29KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 2KB - Virtual size: 1KB

3119e9937d1f91fa75b3ebd05409896f

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

3f:af:ed:7a:50:8a:d7:8e:a6:6b:9b:b3:e7:37:ff:a3:93:b5:2f:e4:cd:01:1b:7d:e9:70:6d:96:e7:5e:53:86Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

user32

oleaut32

.text
Size: 174KB - Virtual size: 173KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 60B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 29KB - Virtual size: 29KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

3f:af:ed:7a:50:8a:d7:8e:a6:6b:9b:b3:e7:37:ff:a3:93:b5:2f:e4:cd:01:1b:7d:e9:70:6d:96:e7:5e:53:86
Signer

.text
Size: 170KB - Virtual size: 169KB

.data
Size: 6KB - Virtual size: 6KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 13KB - Virtual size: 12KB

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 960B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 68KB - Virtual size: 68KB

.reloc
Size: 512B - Virtual size: 328B

.text
Size: 235KB - Virtual size: 234KB

.data
Size: 3KB - Virtual size: 5KB

.idata
Size: 14KB - Virtual size: 13KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 8KB