CWindowsSysWOW64-1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

CWindowsSysWOW64-1.zip
Size

2.6MB
MD5

e23d2659c1c755c68fbd7da66269cdbf
SHA1

6f7c203b1bd0b57046cac1fea842c74ec44c8e49
SHA256

496d6d09056e636dc0278c72a01f7b1ba289803124738267d903cdc3c22eb39f
SHA512

0400e2b13acf1b7d7b612cfefedf9021bcea4f043c94c3042e4776882da7552ac4fcbebfdf254ff65e5a6fc66688366276ee1d77dc81af36bef95a53a0969747
SSDEEP

49152:Ye2eWL0FEHAXR7e7eWL0FEHAXR7ep5F7kwAtGH2Kok4r52SUO3xTYhoREGXgVns:Ye2z0FEzz0FESwXOdrB3xThR5QVs

Score

3^/10

Malware Config

Signatures

Unsigned PE 28 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WPDShextAutoplay.exe
unpack001/WSManHTTPConfig.exe
unpack001/WinRTNetMUAHostServer.exe
unpack001/Windows.Media.BackgroundPlayback.exe
unpack001/Windows.WARP.JITService.exe
unpack001/verifiergui.exe
unpack001/vulkaninfo-1-999-0-0-0.exe
unpack001/vulkaninfo.exe
unpack001/w32tm.exe
unpack001/waitfor.exe
unpack001/wecutil.exe
unpack001/wevtutil.exe
unpack001/wextract.exe
unpack001/where.exe
unpack001/whoami.exe
unpack001/wiaacmgr.exe
unpack001/winrs.exe
unpack001/winrshost.exe
unpack001/winver.exe
unpack001/wlanext.exe
unpack001/wowreg32.exe
unpack001/write.exe
unpack001/wscadminui.exe
unpack001/wscript.exe
unpack001/wsmprovhost.exe
unpack001/wusa.exe
unpack001/xcopy.exe
unpack001/xwizard.exe

Files

CWindowsSysWOW64-1.zip
.zip
WPDShextAutoplay.exe
.exe windows:10 windows x86 arch:x86

56c407376703c809d4e7b5493f440bc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WPDShextAutoplay.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
TraceMessage

kernel32

SetEvent
GetVersion
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetLastError
CompareStringW
CreateProcessW
SizeofResource
LockResource
LoadResource
FindResourceExW
CreateEventW
WaitForSingleObject
UnhandledExceptionFilter
LeaveCriticalSection
GetModuleHandleW
EnterCriticalSection
RaiseException
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetUnhandledExceptionFilter

user32

UnregisterClassA
FindWindowW
SendMessageW

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstok
_o_wmemcpy_s
_except_handler4_common
__current_exception
__current_exception_context
_o___p__commode
wcschr
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcpy
memmove

oleaut32

SysFreeString
SysAllocString

shlwapi

StrRStrIW

ole32

CLSIDFromString
CreateBindCtx
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoUninitialize

setupapi

SetupDiOpenDeviceInterfaceW
SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceAlias
SetupDiGetClassDevsExW

shell32

ord155
ShellExecuteExW
SHParseDisplayName

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WSManHTTPConfig.exe
.exe windows:10 windows x86 arch:x86

c929ac237be32cf84055e96db4572d8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WSManHTTPConfig.pdb

Imports

msvcrt

_controlfp
__iob_func
__dllonexit
_unlock
_lock
_onexit
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_purecall
_wcsicmp
fwprintf
__CxxFrameHandler3
memset

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage

oleaut32

SysAllocString
SysFreeString

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-service-management-l1-1-0

StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfig2W

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

wsmsvc

UninstallMigration
RemovePluginXmlNewAttrForThresholdOrGreater
??1CErrorContext@@UAE@XZ
??0CErrorContext@@QAE@_N@Z
??1OnHTTPInitialize@@QAE@XZ
??0OnHTTPInitialize@@QAE@XZ
?GetErrorCode@CErrorContext@@UBEKXZ
??0?$AutoDeleteVector@E@@QAE@XZ
HandleMigration
MoveSettingsToMigrationKey
WSManError
??1CWSManCriticalSection@@QAE@XZ
?Alloc@WSManMemory@@SGPAXIHW4_NitsFaultMode@@@Z
?Free@WSManMemory@@SGXPAXH@Z
??4?$AutoDeleteVector@E@@QAEAAV0@PAE@Z
??1?$AutoDeleteVector@E@@QAE@XZ

Exports

Exports

??0?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ
??0?$SafeMap_Iterator@VKey@Locale@@K@@QAE@AAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??0?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@ABV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??1?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ
??1?$SafeMap_Iterator@VKey@Locale@@K@@QAE@XZ
??1?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ
??1CWSManCriticalSectionWithConditionVar@@QAE@XZ
??_7?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@6B@
?Acquire@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UBEXXZ
?Acquire@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAEXXZ
?Acquired@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE_NXZ
?AsReference@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAEAAV1@XZ
?Data@?$SafeMap_Iterator@VKey@Locale@@K@@IBEAAV?$STLMap@VKey@Locale@@K@@XZ
?DeInitialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UAE_NAAVIRequestContext@@@Z
?GetInitError@CWSManCriticalSection@@QBEKXZ
?GetMap@?$SafeMap_Iterator@VKey@Locale@@K@@QBEAAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?GetMap@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QBEABV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?Initialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UAE_NAAVIRequestContext@@@Z
?IsValid@?$SafeMap_Iterator@VKey@Locale@@K@@QBE_NXZ
?Release@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UBEXXZ
?Reset@?$SafeMap_Iterator@VKey@Locale@@K@@QAEXXZ
?SkipOrphans@?$SafeMap_Iterator@VKey@Locale@@K@@IAEXXZ

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WWAHost.exe
.exe windows:10 windows x86 arch:x86

f18a14f09612799f7dbe9c5edc0e98ba

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:0c:6d:0e:e0:e5:85:6c:e6:48:51:46:c2:cc:05:9a:e9:c6:b8:ac:f5:fd:e0:9d:77:1d:08:97:f0:d5:f7:29
Signer

Actual PE Digest

1e:0c:6d:0e:e0:e5:85:6c:e6:48:51:46:c2:cc:05:9a:e9:c6:b8:ac:f5:fd:e0:9d:77:1d:08:97:f0:d5:f7:29

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WWAHost.pdb

Imports

msvcrt

??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_vsnprintf_s
??1type_info@@UAE@XZ
_ftol2_sse
floor
_vsnwprintf
wcsstr
memmove_s
_ftol2
strchr
_wcsicmp
wcsncmp
_purecall
wcschr
_CxxThrowException
_itow_s
memmove
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcmp
memcpy
realloc
free
malloc
memcpy_s
__CxxFrameHandler3
memset

api-ms-win-appmodel-runtime-internal-l1-1-0

GetPackageApplicationPropertyString
GetPackageProperty
GetPackageOSMaxVersionTested
GetPackagePropertyString
GetCurrentPackageContext
GetCurrentPackageApplicationContext

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpICW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameW
LoadStringW
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetModuleHandleExA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateMutexExW
InitializeCriticalSection
ReleaseSRWLockExclusive
OpenSemaphoreW
CreateEventExW
ReleaseMutex
AcquireSRWLockShared
ReleaseSRWLockShared
CreateEventW
SleepEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
SetEvent
WaitForSingleObject
ReleaseSemaphore
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
ResetEvent
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
GetProcessTimes
OpenProcessToken
CreateThread
GetCurrentProcessId
ExitProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
GetTokenInformation

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWork
CloseThreadpoolTimer

api-ms-win-core-path-l1-1-0

PathCchCombineEx

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSizeEx
WriteFile
FindClose
FindFirstFileW
GetFileAttributesW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

profapi

ord104

api-ms-win-shcore-scaling-l1-1-1

ord244

combase

ord157
ord110
ord88
ord111
ord160
ord87
ord90
ord86

iertutil

ord792
ord177
ord797
CreateUri
CreateIUriBuilder
ord174

shcore

ord232
ord230
ord233
SHCreateMemStream
ord246
ord245

ntdll

NtQueryInformationToken
RtlInitUnicodeString
NtQueryInformationProcess
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlGetVersion
NtQuerySystemInformation
RtlFreeHeap
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlConvertSidToUnicodeString
RtlIsCriticalSectionLockedByThread
RtlLeaveCriticalSection
RtlIsCriticalSectionLocked
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlQueryPackageClaims
NtSetInformationProcess

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-ro-typeresolution-l1-1-0

RoGetMetaDataFile
RoResolveNamespace

api-ms-win-security-capability-l1-1-0

CapabilityCheck

Sections

.text
Size: 792KB - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WerFault.exe
.exe windows:10 windows x86 arch:x86

e5e377a3c54abe2c2e86222d7ae015eb

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:4c:0d:85:4a:51:00:c1:0d:c8:df:78:54:66:85:be:98:88:11:f9:8d:5f:48:2b:8f:01:87:04:c8:dd:b0:2d
Signer

Actual PE Digest

50:4c:0d:85:4a:51:00:c1:0d:c8:df:78:54:66:85:be:98:88:11:f9:8d:5f:48:2b:8f:01:87:04:c8:dd:b0:2d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WerFault.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsnicmp
_o__wcstoui64
memmove
_o__wtoi
_o__wtoi64
_o_exit
_o_free
_o_isspace
_o_malloc
_o_terminate
_o_tolower
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
_except_handler4_common
__current_exception
__current_exception_context
_CxxThrowException
_o__get_initial_wide_environment
_o__exit
_o__errno
_o__crt_atexit
_o__controlfp_s
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
wcsrchr
wcsstr
wcschr
__std_terminate
__CxxFrameHandler3
_o__wcsicmp
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
memset
wcsnlen

cryptsp

CryptAcquireContextW
CryptReleaseContext

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadStringW
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetModuleHandleExA
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegSetKeySecurity
RegGetKeySecurity
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteTreeW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegGetValueW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
SearchPathW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetPriorityClass
GetThreadId
CreateThread
GetCurrentProcessId
TerminateProcess
SetThreadPriority
GetCurrentProcess
CreateProcessW
GetThreadPriority
SetPriorityClass
OpenThread
GetCurrentThreadId
GetExitCodeProcess
GetProcessId
OpenProcessToken
GetProcessTimes
GetCurrentThread

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLangID
GetUserGeoID
LCMapStringW
GetThreadUILanguage
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent
GetThreadContext
GetThreadTimes
SetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemInfo
GetSystemDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GlobalMemoryStatusEx
GetWindowsDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateMutexW
WaitForSingleObject
CreateMutexExW
OpenSemaphoreW
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseMutex
ReleaseSemaphore
ResetEvent
SetEvent
TryEnterCriticalSection
CreateSemaphoreExW
OpenMutexW
OpenEventW
EnterCriticalSection
CreateEventW

api-ms-win-security-base-l1-1-0

EqualSid
AllocateAndInitializeSid
GetSidSubAuthorityCount
GetTokenInformation
CheckTokenMembership
GetSidSubAuthority
CopySid
CreateWellKnownSid
GetLengthSid
IsValidSid
GetKernelObjectSecurity
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
SetKernelObjectSecurity

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceExW
GetLogicalDriveStringsW
QueryDosDeviceW
GetDriveTypeW
CreateDirectoryW
FindClose
SetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileAttributesW
CreateFileW
GetFinalPathNameByHandleW
GetLongPathNameW
FindFirstFileW
FindNextFileW
WriteFile
FileTimeToLocalFileTime
CompareFileTime
ReadFile
DeleteFileW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW
IsWow64Process2

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32EnumProcessModules
K32GetModuleFileNameExW

api-ms-win-core-string-l1-1-0

GetStringTypeExW
CompareStringOrdinal

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoSetProxyBlanket
CoUnmarshalInterface
CLSIDFromString
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitializeEx
ProgIDFromCLSID

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolTimer

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-memory-l1-1-0

VirtualQueryEx
CreateFileMappingW
OpenFileMappingW
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile
VirtualFree
VirtualAlloc
VirtualQuery

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetProductInfo

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-path-l1-1-0

PathCchStripToRoot

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-file-l1-2-4

GetTempPath2W

rpcrt4

UuidCreate

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

ntdll

RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtDeviceIoControlFile
NtAllocateVirtualMemory
NtClose
NtQueryEvent
NtOpenEvent
RtlGetVersion
RtlImageNtHeaderEx
NtQueryInformationProcess
NtFreeVirtualMemory
NtSetSystemInformation
RtlAdjustPrivilege
RtlGetUnloadEventTraceEx
NtQueryInformationThread
RtlNtStatusToDosError
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwTraceMessage
EtwGetTraceLoggerHandle
RtlSetThreadErrorMode
EtwRegisterTraceGuidsW
NtSetInformationFile
NtQuerySystemInformation
DbgPrint
ZwQueryInformationThread
RtlInitUnicodeString
RtlSecondsSince1970ToTime
NtQueryInformationToken
NtQueryObject
NtCreateFile
DbgPrintEx
ZwQueryWnfStateNameInformation
ZwUpdateWnfStateData
EtwEventWriteNoRegistration
NtWaitForSingleObject
RtlAllocateAndInitializeSid
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
EtwGetTraceEnableLevel
RtlFreeSid
NtSystemDebugControl
NtPowerInformation
RtlFreeHeap
RtlCreateProcessReflection
NtResumeProcess
NtSuspendProcess
PssNtCaptureSnapshot

wer

WerpHashApplicationParameters
WerpSetEventName
WerReportSetParameter
WerpSetDynamicParameter
WerpSetReportNamespaceParameter
WerpInitializeImageCache
WerpAuxmdMapFile
WerpAuxmdHashVaRanges
WerpAuxmdFreeCopyBuffer
WerpAuxmdDumpRegisteredBlocks
WerpAuxmdDumpProcessImages
WerpAuxmdInitialize
WerpRestartApplication
WerpIsTransportAvailable
WerReportSetUIOption
WerpSetReportFlags
WerpGetReportFlags
WerpStitchedMinidumpVmPostReadCallback
WerpStitchedMinidumpVmPreReadCallback
WerpStitchedMinidumpVmQueryCallback
WerpResetTransientImageCacheStatistics
WerpTraceImageCacheStatistics
WerpTraceUnmappedVaRangesStatistics
WerpTraceAuxMemDumpStatistics
WerpTraceSnapshotStatistics
WerpForceDeferredCollection
WerpFlushImageCache
WerpFreeUnmappedVaRanges
WerpAuxmdFree
WerReportCloseHandle
WerpFreeString
WerpAddMemoryBlock
WerpGetExtendedDiagData
WerpAddRegisteredDataToReport
WerReportAddDump
WerpAddAppCompatData
WerpGetFileByIndex
WerpGetNumFiles
WerReportSubmit
WerpSetReportIsFatal
WerpSetCallBack
WerpGetReportId
WerReportCreate
WerpSetProcessTimelines
WerpSetTelemetryAppParams
WerpSetIntegratorReportId
WerpCreateIntegratorReportId
WerpAddFile
WerpSetReportApplicationIdentity
WerpCreateMachineStore
WerpSetExitListeners
WerpReportSprintfParameter
WerpSetTelemetryKernelParams
WerpSetIptEnabled
WerpPromptUser
WerpSetTtdStatus
WerReportAddFile
WerpReserveMachineQueueReportDir
WerpAddTerminationReason
WerpValidateReportKey
WerpGetStorePath
RegisterWaitChainCOMCallback
OpenThreadWaitChainSession
WerpReportCancel
GetThreadWaitChain
WerpUnmapProcessViews
CloseThreadWaitChainSession

dbghelp

SymInitialize
MiniDumpWriteDump
StackWalk64
SymFunctionTableAccess64
SymSetExtendedOption
SymGetModuleInfoW64
SymCleanup
SymGetModuleBase64

diagnosticdatasettings

TelGetWerTelemetryMode

api-ms-win-core-com-private-l1-1-0

CoGetActivationState
CoGetCallState

api-ms-win-core-windowserrorreporting-l1-1-0

GetApplicationRestartSettings
WerGetFlags

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory

api-ms-win-core-processsnapshot-l1-1-0

PssWalkMarkerFree
PssWalkMarkerCreate
PssQuerySnapshot
PssDuplicateSnapshot

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-controller-l1-1-0

StopTraceW
StartTraceW

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW
CM_Get_DevNode_PropertyW
CM_Get_Device_ID_ListW
CM_MapCrToWin32Err
CM_Get_Device_ID_List_SizeW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace
QueryTraceW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyA
RegDeleteKeyW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-toolhelp-l1-1-0

Module32FirstW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
Process32FirstW
Process32NextW
Module32NextW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetProcessIoCounters

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-security-trustee-l1-1-0

BuildSecurityDescriptorW

faultrep

WerpInitiateCrashReporting

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WerFaultSecure.exe
.exe windows:10 windows x86 arch:x86

70633d4106d053dad040b6f80bb75bff

Code Sign

33:00:00:04:4b:c1:da:6a:1a:39:2f:fe:cf:00:00:00:00:04:4b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/08/2023, 18:38

Not After

07/08/2024, 18:38

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:f1:10:61:3e:e8:0b:67:32:76:28:b5:5a:33:24:92:be:44:e6:b6:da:ee:b5:83:f5:3b:01:b5:88:13:38:db
Signer

Actual PE Digest

f4:f1:10:61:3e:e8:0b:67:32:76:28:b5:5a:33:24:92:be:44:e6:b6:da:ee:b5:83:f5:3b:01:b5:88:13:38:db

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WerFaultSecure.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o__wtoi
_o__wtoi64
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcstol
_except_handler4_common
__current_exception
__current_exception_context
_CxxThrowException
_o__exit
_o__errno
_o__crt_atexit
_o__controlfp_s
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExA
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
OpenThread
GetCurrentThreadId
GetProcessId
GetCurrentProcess
GetThreadPriority
GetCurrentThread
SetThreadPriority

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
SetErrorMode
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-memory-l1-1-0

VirtualAlloc
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetThreadContext
IsProcessorFeaturePresent
SetProcessMitigationPolicy

api-ms-win-core-synch-l1-1-0

CreateEventW
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
OpenSemaphoreW
AcquireSRWLockShared
SetEvent
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
AcquireSRWLockExclusive
CreateMutexExW
CreateSemaphoreExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-errorhandling-l1-1-3

SetThreadErrorMode

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegGetValueW

api-ms-win-core-file-l1-1-0

ReadFile
SetEndOfFile
CreateFileW
SetFilePointerEx
WriteFile
GetFinalPathNameByHandleW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrToInt64ExW
StrToIntExW

ntdll

EtwGetTraceEnableLevel
DbgPrint
EtwGetTraceLoggerHandle
NtQueryInformationProcess
EtwUnregisterTraceGuids
EtwTraceMessage
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags

faultrep

WerpInitiateCrashReporting

wer

WerpSetExitListeners

dbghelp

MiniDumpWriteDump

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Thread32First
Thread32Next

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRTNetMUAHostServer.exe
.exe windows:10 windows x86 arch:x86

5a262b3bc065e2a54f668a2fd14236ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WinRTNetMUAHostServer.pdb

Imports

msvcrt

_onexit
__dllonexit
_unlock
_lock
_wcmdln
__CxxFrameHandler3
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
?terminate@@YAXXZ
__wgetmainargs
_controlfp
_amsg_exit
__p__commode
_XcptFilter
free
_except_handler4_common
_callnewh
_initterm
malloc
_purecall

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-com-l1-1-0

CoAddRefServerProcess
CoResumeClassObjects
CoRegisterClassObject
CoInitializeEx
CoRevokeClassObject
CoInitializeSecurity
CoReleaseServerProcess
CoUninitialize

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSRWLockShared
CreateEventW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoActivateInstance
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsStringHasEmbeddedNull

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

combase

ord69
ord163

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Media.BackgroundPlayback.exe
.exe windows:10 windows x86 arch:x86

2d5c02cee7912f808592a4274cf7f337

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Windows.Media.BackgroundPlayback.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___p___argc
_o___p___wargv
_o___p__commode
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoActivateInstance
RoGetActivationFactory
RoInitialize

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.WARP.JITService.exe
.exe windows:10 windows x86 arch:x86

bf84eb40ad4215227446e25d3ff53c35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Windows.WARP.JITService.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vswprintf
_o___stdio_common_vswscanf
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o___p___argc
_o__register_onexit_function
memmove
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExA
GetProcAddress

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
LeaveCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateSemaphoreExW
ReleaseSRWLockShared
EnterCriticalSection
OpenSemaphoreW
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockExclusive
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-security-base-l1-1-0

GetLengthSid
InitializeAcl
AddAccessAllowedAce

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
verifiergui.exe
.exe windows:10 windows x86 arch:x86

efb17d10689ae52299cfd82505979622

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

verifiergui.pdb

Imports

msvcrt

_CxxThrowException
__RTDynamicCast
_ftol2_sse
memcmp
memcpy
_except_handler4_common
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
wprintf
fputws
free
malloc
wcstoul
_putws
printf
puts
fclose
_wfopen
_wtoi
_wcsicmp
exit
_wsetlocale
__argc
__wargv
fflush
_wcsdup
memmove_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler3
wcsncat_s
_wcsnicmp
wcstok_s
__iob_func
memset

ntdll

RtlCreateUnicodeString
RtlSetBit
RtlFreeUnicodeString
RtlSetAllBits
RtlTestBit
RtlCheckRegistryKey
RtlCreateRegistryKey
RtlInitializeBitMap
RtlWriteRegistryValue
RtlDeleteRegistryValue
RtlAllocateHeap
RtlFreeHeap
RtlEqualUnicodeString
RtlCopyUnicodeString
RtlQueryRegistryValuesEx
NtSetSystemInformation
NtQuerySystemInformation
RtlInitUnicodeString
RtlGetPersistedStateLocation

user32

GetClientRect
SendMessageW
GetSysColor
SetTimer
RedrawWindow
PostMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
LoadStringW
LoadIconW
GetWindowRect
EnableWindow
MsgWaitForMultipleObjects
ScreenToClient
DrawIcon
GetSystemMetrics
IsIconic
AppendMenuW
GetSystemMenu
OffsetRect
GetSysColorBrush

shell32

ShellAboutW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

comdlg32

CommDlgExtendedError

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash

crypt32

CertFreeCertificateContext

imagehlp

ImageDirectoryEntryToDataEx
ImageUnload
ImageLoad

advapi32

AdjustTokenPrivileges
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
EventWriteTransfer
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
EventSetInformation
EventRegister
EventUnregister
RegCreateKeyExW

kernel32

Sleep
FreeConsole
SetThreadPreferredUILanguages
GetConsoleOutputCP
HeapSetInformation
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
ExpandEnvironmentStringsW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
CreateEventW
ResetEvent
CreateThread
SetEvent
GetWindowsDirectoryW
GetCurrentDirectoryW
GlobalMemoryStatusEx
CreateFileW
WideCharToMultiByte
GetLocalTime
GetDateFormatW
GetTimeFormatW
lstrcmpiA
MultiByteToWideChar
SetCurrentDirectoryW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
DeviceIoControl
OpenSemaphoreW

mfc42u

ord3658
ord6330
ord2634
ord2350
ord2877
ord2371
ord641
ord355
ord2507
ord3447
ord5679
ord5706
ord2078
ord1172
ord6211
ord6667
ord6879
ord1196
ord3693
ord765
ord4270
ord324
ord4229
ord1761
ord3592
ord5276
ord4847
ord4370
ord500
ord772
ord1899
ord489
ord768
ord4253
ord5602
ord5856
ord268
ord1560
ord1197
ord5977
ord860
ord4124
ord942
ord5855
ord538
ord4197
ord6655
ord713
ord6137
ord414
ord6868
ord859
ord3657
ord5817
ord656
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord3312
ord496
ord771
ord1008
ord1143
ord1165
ord4254
ord3087
ord3133
ord4294
ord4709
ord2858
ord5050
ord470
ord755
ord3695
ord4425
ord2046
ord4433
ord5284
ord2520
ord1683
ord3605
ord2357
ord2289
ord2362
ord1569
ord3281
ord5298
ord4269
ord4667
ord561
ord815
ord540
ord800
ord1131
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord2293
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord6051
ord4073
ord1768
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5286
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord3397
ord4621
ord3716
ord818
ord567
ord795
ord2567
ord4390
ord3569
ord609
ord2574
ord4396
ord3365
ord3635
ord693
ord2294
ord4155
ord2910
ord5568
ord858
ord6195
ord6896
ord4970
ord4704
ord5155
ord4419
ord4829
ord5283
ord1767
ord6048
ord2506
ord4992
ord4848
ord4371
ord5261
ord4352
ord4942
ord4736
ord5156
ord541
ord801
ord941
ord6928
ord2755
ord924
ord926
ord940
ord535
ord6139
ord2606
ord6874
ord536
ord5857
ord861
ord6278
ord6279
ord537

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vulkaninfo-1-999-0-0-0.exe
.exe windows:6 windows x86 arch:x86

d8c8b1b89a43dd70cac90152c8d8faa2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\j\msdk\build\Khronos-Tools\repo\build32\vulkaninfo\RelWithDebInfo\vulkaninfo.pdb

Imports

kernel32

FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryExA
LoadLibraryA
GetConsoleScreenBufferInfo
Sleep
SetConsoleWindowInfo
SetConsoleTitleA
GetConsoleProcessList
HeapSize
CreateFileW
ReadConsoleW
SetConsoleScreenBufferSize
GetStdHandle
WideCharToMultiByte
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
GetLastError
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetCurrentThread
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetProcessHeap
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringA
OutputDebugStringW
SetStdHandle
WriteConsoleW
SetEndOfFile

user32

LoadCursorA
MonitorFromWindow

gdi32

GetStockObject

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cfguard
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vulkaninfo.exe
.exe windows:6 windows x86 arch:x86

d8c8b1b89a43dd70cac90152c8d8faa2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\j\msdk\build\Khronos-Tools\repo\build32\vulkaninfo\RelWithDebInfo\vulkaninfo.pdb

Imports

kernel32

FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryExA
LoadLibraryA
GetConsoleScreenBufferInfo
Sleep
SetConsoleWindowInfo
SetConsoleTitleA
GetConsoleProcessList
HeapSize
CreateFileW
ReadConsoleW
SetConsoleScreenBufferSize
GetStdHandle
WideCharToMultiByte
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
GetLastError
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetCurrentThread
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetProcessHeap
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringA
OutputDebugStringW
SetStdHandle
WriteConsoleW
SetEndOfFile

user32

LoadCursorA
MonitorFromWindow

gdi32

GetStockObject

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cfguard
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
w32tm.exe
.exe windows:10 windows x86 arch:x86

ca2c19d3fa875fb32c1586856aab2e92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w32tm.pdb

Imports

msvcp_win

?__ExceptionPtrRethrow@@YAXPBX@Z
?_Xlength_error@std@@YAXPBD@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z

api-ms-win-crt-string-l1-1-0

memset
wcsspn

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltow
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o__wcsnicmp
_o_exit
_o_free
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_malloc
_o_rand
_o_srand
_o_terminate
_o_wcstombs_s
_o_wcstoul
_except_handler4_common
__current_exception
__current_exception_context
_CxxThrowException
_o__CIlog
_o__controlfp_s
_o__cexit
_o__configure_wide_argv
_o__callnewh
_o__configthreadlocale
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
_set_se_translator
__CxxFrameHandler3
wcschr
_local_unwind4
memcmp
memcpy

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
LoadStringW
GetProcAddress
FreeLibrary

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

GetFileType
CreateFileW
FileTimeToLocalFileTime
GetFullPathNameW
WriteFile

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-handle-l1-1-0

CloseHandle
GetHandleInformation
SetHandleInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetSecurityDescriptorDacl

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-synch-l1-1-0

SetEvent
OpenEventW
CreateEventW
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
ReleaseSRWLockShared
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegGetValueW
RegOpenKeyExW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
CreateProcessW
SetThreadStackGuarantee

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

bcrypt

BCryptCreateHash
BCryptFinishHash
BCryptDestroyHash
BCryptHashData

ws2_32

GetAddrInfoW
WSAGetLastError
WSACleanup
bind
FreeAddrInfoW
WSAAddressToStringW
connect
WSAIoctl
socket
closesocket
GetNameInfoW
WSAEventSelect
WSAStartup
setsockopt

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

iphlpapi

IcmpCreateFile
IcmpCloseHandle
GetAdaptersAddresses
CaptureInterfaceHardwareCrossTimestamp
GetInterfaceActiveTimestampCapabilities
Icmp6SendEcho2
Icmp6CreateFile
IcmpSendEcho

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegConnectRegistryW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

ntdll

RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlImageNtHeader
RtlAllocateHeap
RtlConvertExclusiveToShared
RtlConvertSharedToExclusive
RtlAcquireResourceShared
RtlReleaseResource
NtSetSystemInformation
RtlFreeHeap

ntdsapi

DsGetDomainControllerInfoW
DsFreeDomainControllerInfoW
DsBindW
DsUnBindW

kernel32

DeleteTimerQueueTimer
RegisterWaitForSingleObjectEx
CreateTimerQueueTimer
UnregisterWaitEx

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

nsi

NsiGetAllParameters

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
waitfor.exe
.exe windows:10 windows x86 arch:x86

b4fd83d2bda68920c463dbf0ee61d43a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

waitfor.pdb

Imports

kernel32

CloseHandle
CreateMailslotW
ReadFile
SetLastError
WideCharToMultiByte
GetConsoleOutputCP
HeapSetInformation
GetModuleFileNameW
GetComputerNameExW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ReadConsoleW
SetConsoleMode
MultiByteToWideChar
ExitProcess
WriteConsoleW
CompareStringA
WriteFile
CompareStringW
lstrlenW
lstrlenA
GetStdHandle
GetConsoleMode
GetFileType
FindStringOrdinal
LocalFree
FormatMessageW
SetThreadUILanguage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
GetLastError
CreateFileW
GetThreadLocale
GetComputerNameW

msvcrt

wcstoul
_fileno
_get_osfhandle
fflush
wcstok
memset
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnwprintf
__CxxFrameHandler3
fprintf
__iob_func
_memicmp
_errno
wcstod
wcstol

ntdll

RtlVerifyVersionInfo
VerSetConditionMask

user32

CharUpperW
LoadStringW

ws2_32

GetNameInfoW
GetAddrInfoW
WSAGetLastError
WSAStartup
WSACleanup
FreeAddrInfoW

shlwapi

StrChrW

mpr

WNetCancelConnection2W
WNetGetLastErrorW
WNetAddConnection2W

version

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

sspicli

GetUserNameExW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wecutil.exe
.exe windows:10 windows x86 arch:x86

efe6c8f6ed61c1898d8f10da9dfa23d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wecutil.pdb

Imports

msvcrt

memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
__wgetmainargs
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
wprintf
fgetwc
_vsnwprintf
_wcsicmp
wcstoul
_errno
iswspace
_ui64tow
swscanf
__iob_func
free
_amsg_exit
swprintf_s
_wtoi
setlocale
__set_app_type
sprintf_s
memmove
exit
fwprintf
_purecall
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
__CxxFrameHandler3
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
??3@YAXPAX@Z
??1type_info@@UAE@XZ
wcstok
_controlfp
_except_handler4_common
_XcptFilter
__p__commode
??0exception@@QAE@ABV0@@Z
memset

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
GetConsoleMode
WriteConsoleW

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-file-l1-1-0

GetFileType
GetFullPathNameW
CreateFileW
WriteFile
LocalFileTimeToFileTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
FreeLibrary

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

ntdll

EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

wecapi

EcGetSubscriptionProperty
EcGetSubscriptionRunTimeStatus
EcGetObjectArrayProperty
EcOpenSubscriptionEnum
EcQuickConfig
EcSaveSubscription
EcRemoveObjectArrayElement
EcInsertObjectArrayElement
EcSetObjectArrayProperty
EcSetSubscriptionProperty
EcRetrySubscription
EcDeleteSubscription
EcGetObjectArraySize
EcOpenSubscription
EcEnumNextSubscription
EcClose

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wermgr.exe
.exe windows:10 windows x86 arch:x86

4f9d16097faaa8d8b6190d3488228c55

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:f3:cd:9b:8a:ae:d4:cf:2f:3b:ca:e9:2a:c7:f9:6a:87:4a:96:e3:0f:ea:56:53:6e:28:c7:fc:bb:5c:b1:cb
Signer

Actual PE Digest

d7:f3:cd:9b:8a:ae:d4:cf:2f:3b:ca:e9:2a:c7:f9:6a:87:4a:96:e3:0f:ea:56:53:6e:28:c7:fc:bb:5c:b1:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WerMgr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
memmove
_o__wcstoui64
_o__wtoi
_o__wtoi64
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstol
__current_exception
__current_exception_context
_except_handler4_common
_o__exit
_o__errno
wcsrchr
__CxxFrameHandler3
__std_terminate
_CxxThrowException
_o__crt_atexit
_o__controlfp_s
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
wcsncmp
memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetProcessId
GetStartupInfoW
GetCurrentThread
OpenThreadToken
OpenProcessToken
TerminateProcess
GetCurrentThreadId
CreateProcessW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetProcessMitigationPolicy
OpenProcess

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleExA
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
GetModuleHandleW

ntdll

DbgPrintEx
RtlNtStatusToDosError
NtOpenEvent
NtClose
NtQueryInformationProcess
RtlInitUnicodeString
NtQuerySystemInformation
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlAdjustPrivilege
NtSetSystemInformation
RtlDeleteBoundaryDescriptor
ZwQueryWnfStateNameInformation
ZwUpdateWnfStateData
EtwEventWriteNoRegistration
NtWaitForSingleObject
RtlAllocateAndInitializeSid
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
RtlFreeSid
RtlCreateBoundaryDescriptor
RtlCreateServiceSid
RtlAddSIDToBoundaryDescriptor

diagnosticdatasettings

TelGetWerTelemetryMode

api-ms-win-core-windowserrorreporting-l1-1-0

GetApplicationRecoveryCallback

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
CreateFileMappingW
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile

api-ms-win-security-base-l1-1-0

FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetKernelObjectSecurity
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
AllocateAndInitializeSid
CheckTokenMembership
SetKernelObjectSecurity

api-ms-win-core-file-l1-1-0

FindFirstFileW
FindNextFileW
GetFileAttributesW
SetFileAttributesW
GetLongPathNameW
GetFileSizeEx
ReadFile
CreateFileW
FindClose
FindFirstFileExW
GetFileTime
GetFinalPathNameByHandleW
SetFileInformationByHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoMarshalInterface
CoUninitialize

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
IsWow64Process
Wow64DisableWow64FsRedirection

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateEventW
OpenSemaphoreW
WaitForSingleObjectEx
CreateMutexW
SetEvent
ReleaseMutex
OpenMutexW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-toolhelp-l1-1-0

Process32NextW
CreateToolhelp32Snapshot
Process32FirstW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

wer

WerReportCloseHandle
WerReportAddDump
WerpSetCallBack
WerpSetReportInformation
WerpGetReportInformation
WerpGetReportType
WerpGetReportSettings
WerpLoadReportFromBuffer
WerpDestroyWerString
WerpCleanWer
WerStorePurge
WerReportSubmit
WerpCreateMachineStore
WerpSetExitListeners
WerpHasOobeCompleted
WerpSubmitReportFromStore
WerpGetWerStringData
WerpEnumerateStoreNext
WerpEnumerateStoreStart
WerpOpenMachineQueue
WerpCloseStore
WerpIsOnBattery
WerpIsTransportAvailable

api-ms-win-core-namespace-l1-1-0

OpenPrivateNamespaceW
ClosePrivateNamespace

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wevtutil.exe
.exe windows:10 windows x86 arch:x86

9dc44599dbfd289fd6d31560e274272b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wevtutil.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPBD@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__putws
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__ultow_s
_o__wcsicmp
_o__wcstoui64
_o__wtoi
_o_exit
_o_fflush
_o_free
_o_getwc
_o_malloc
_o_setlocale
_o_terminate
_o_towupper
_o_wcscpy_s
_o_wcstoul
__current_exception
__current_exception_context
_except_handler4_common
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o__cexit
_o___acrt_iob_func
wcschr
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
memset

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcessId
OpenProcessToken
CreateProcessW
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
LocaleNameToLCID
SetThreadPreferredUILanguages
SetThreadUILanguage
FormatMessageW
GetThreadLocale

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW
GetStdHandle

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LockResource
LoadResource
GetModuleHandleW
LoadLibraryExW
GetProcAddress
SizeofResource
FindResourceExW
FreeLibrary
FreeResource

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW
GetFileAttributesW
GetFileSize
GetFileType
WriteFile
GetFullPathNameW

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

oleaut32

SysFreeString
SysStringLen
VariantClear
SysAllocString
SysAllocStringLen
VariantInit

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
IsWow64Process
Wow64DisableWow64FsRedirection

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegDeleteKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegGetValueW
RegEnumKeyExW

rpcrt4

RpcStringBindingComposeW
RpcBindingFree
NdrClientCall2
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingSetOption
RpcBindingFromStringBindingW

ntdll

RtlGetVersion
RtlNtStatusToDosError

api-ms-win-core-registry-l2-1-0

RegDeleteKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetAce
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
AddAce
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
IsValidSecurityDescriptor
MakeSelfRelativeSD
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
InitializeAcl
SetSecurityDescriptorOwner
MapGenericMask
AdjustTokenPrivileges

bcrypt

BCryptGetProperty
BCryptCreateHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptHashData

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wextract.exe
.exe windows:10 windows x86 arch:x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
where.exe
.exe windows:10 windows x86 arch:x86

4e0f7694d67fcb95a9345253ee15f9da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

where.pdb

Imports

msvcrt

__iob_func
_memicmp
_errno
wcstod
wcstol
wcstoul
_fileno
_get_osfhandle
fprintf
fflush
_except_handler4_common
_controlfp
?terminate@@YAXXZ
wcstok
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
localtime
towupper
_wstat
wcsrchr
_wgetenv
wcspbrk
_vsnwprintf
memset

kernel32

GetCurrentProcess
HeapValidate
HeapFree
GetProcessHeap
GetConsoleOutputCP
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
GetUserDefaultLCID
GetStdHandle
GetConsoleMode
GetFileType
WideCharToMultiByte
FindStringOrdinal
LocalFree
FormatMessageW
SetThreadUILanguage
HeapReAlloc
GetModuleFileNameW
FindFirstFileExW
SetLastError
GetFullPathNameW
FindNextFileW
GetLongPathNameW
SetErrorMode
GetEnvironmentVariableW
FindClose
CreateFileW
GetFileAttributesW
GetFileInformationByHandle
GetLastError
FileTimeToSystemTime
CloseHandle
HeapSetInformation
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetTimeFormatW
GetFileSize
GetDateFormatW
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
HeapAlloc
TerminateProcess
HeapSize

ntdll

VerSetConditionMask
RtlVerifyVersionInfo

user32

LoadStringW
CharUpperW

ws2_32

WSACleanup

shlwapi

StrChrW
StrTrimW

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
whoami.exe
.exe windows:10 windows x86 arch:x86

505871a09e1eeb12f301671252c611be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

whoami.pdb

Imports

advapi32

LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
GetSidIdentifierAuthority
LookupAccountSidW
GetLengthSid
OpenProcessToken
IsValidSid
CopySid
GetSidSubAuthority
GetSidSubAuthorityCount
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
InitializeSid
EqualSid

kernel32

LocalFree
CloseHandle
GetCurrentProcess
FileTimeToSystemTime
GetTimeFormatW
GetModuleFileNameW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
HeapSetInformation
GetConsoleOutputCP
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
GetStdHandle
GetConsoleMode
GetFileType
WideCharToMultiByte
FindStringOrdinal
FormatMessageW
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
SleepConditionVariableSRW
GetLastError
SetThreadUILanguage
SetLastError
GetProcessHeap
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
Sleep

msvcrt

fflush
wcstok
_XcptFilter
fprintf
_get_osfhandle
_fileno
wcstoul
_except_handler4_common
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
memset
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_purecall
_callnewh
malloc
??3@YAXPAX@Z
_ultow
_vsnwprintf
__CxxFrameHandler3
__iob_func
_memicmp
_errno
wcstod
wcstol

ntdll

RtlVerifyVersionInfo
VerSetConditionMask

user32

LoadStringW
CharLowerW
CharUpperW

ws2_32

WSACleanup

shlwapi

StrChrW

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

authz

FreeClaimDefinitions
InitializeClaimDictionary
GetClaimDefinitions
FreeClaimDictionary

sspicli

LsaCallAuthenticationPackage
LsaConnectUntrusted
GetUserNameExW
LsaLookupAuthenticationPackage

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wiaacmgr.exe
.exe windows:10 windows x86 arch:x86

c4302b0e273ec546089b50af6cb40fc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wiaacmgr.pdb

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

kernel32

GetSystemInfo
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
CloseHandle
SetEvent
WaitForSingleObject
CreateEventW
HeapSetInformation
GetCommandLineW
RegisterApplicationRestart
ActivateActCtx
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
lstrcpyW
CompareStringW
HeapDestroy
DeactivateActCtx
CreateMutexW
OpenFileMappingW
MapViewOfFile
CreateFileMappingW
ReleaseMutex
UnmapViewOfFile
CreateProcessW
SetLastError
LocalFree
VirtualAlloc
VirtualQuery
GetModuleHandleW
SetFileAttributesW
GetLastError
WritePrivateProfileStringW
GetModuleFileNameW
GetTempPath2W
CreateDirectoryW
DeleteFileW
CreateThread
FreeLibrary
GetProcAddress
LoadLibraryExW
lstrcmpiW
lstrcpynW
ReleaseActCtx
CreateActCtxW
FormatMessageW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
VirtualProtect
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStartupInfoW
Sleep
LocalAlloc

gdi32

GetDeviceCaps

user32

DialogBoxParamW
MessageBoxIndirectW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
SendDlgItemMessageW
LoadImageW
GetSystemMetrics
GetClientRect
DestroyIcon
EndDialog
SetDlgItemTextW
SetWindowTextW
InvalidateRect
SendMessageW
SetWindowLongW
GetWindowLongW
ReleaseDC
GetDC
GetDlgItem
EnableWindow
CharUpperBuffW
DispatchMessageW
GetMessageW
SetProcessDPIAware
PostThreadMessageW
SetForegroundWindow
IsWindow
CharPrevW
CharNextW
LoadStringW

msvcrt

memcpy
_controlfp
??1type_info@@UAE@XZ
_except_handler4_common
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnwprintf
wcstol
wcscpy_s
realloc
wcscat_s
malloc
free
memset
?terminate@@YAXXZ

ole32

StringFromIID
CoRevokeClassObject
CoRegisterClassObject
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoAllowSetForegroundWindow
CoUninitialize
CoInitialize
PropVariantClear

oleaut32

SysAllocStringLen
SysAllocString
VarUI4FromStr
RegisterTypeLi
SysStringLen
LoadTypeLi
SysFreeString

shell32

ExtractIconExW
SHFileOperationW

shlwapi

PathAppendW
PathParseIconLocationW

scansetting

GetDefaultProfileScan

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winrs.exe
.exe windows:10 windows x86 arch:x86

f0ee307fe96339d2235693e095ec19fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

winrs.pdb

Imports

msvcrt

memcpy
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
malloc
isdigit
_wcsnicmp
free
_strnicmp
_purecall
_snwscanf_s
_wcsicmp
_vsnwprintf
_initterm
memset

api-ms-win-core-file-l1-1-0

GetFileType
ReadFile
WriteFile

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
WriteConsoleW
GetConsoleMode
SetConsoleMode
GetConsoleCP
GetConsoleOutputCP
ReadConsoleW

api-ms-win-core-heap-l1-1-0

HeapDestroy
GetProcessHeap
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
SetEvent
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
CreateEventW
WaitForMultipleObjectsEx
InitializeCriticalSection

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SetStdHandle
GetStdHandle

api-ms-win-core-processthreads-l1-1-0

ExitProcess
CreateThread
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-io-l1-1-0

CancelIoEx

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExW
GetModuleHandleW
LoadStringW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-console-l2-1-0

WriteConsoleInputA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

wsmsvc

WSManSetSessionOption
WSManReceiveShellOutput
WSManRunShellCommand
WSManCloseSession
WSManDeinitialize
WSManCloseCommand
??0AutoLibrary@@QAE@PAUHINSTANCE__@@@Z
??1?$AutoDeleteVector@E@@QAE@XZ
??1?$AutoDeleteVector@D@@QAE@XZ
??1AutoLibrary@@QAE@XZ
??1?$AutoDeleteVector@PBG@@QAE@XZ
??4?$AutoDeleteVector@PBG@@QAEAAV0@PAPBG@Z
??0?$AutoDeleteVector@PBG@@QAE@XZ
??0?$AutoDeleteVector@D@@QAE@PAD@Z
??0?$AutoDeleteVector@E@@QAE@PAE@Z
WSManInitialize
WSManCloseOperation
??1CWSManCriticalSection@@QAE@XZ
WSManSignalShell
?Alloc@WSManMemory@@SGPAXIHW4_NitsFaultMode@@@Z
?Free@WSManMemory@@SGXPAXH@Z
WSManCreateShell
WSManCreateSession
WSManCloseShell
WSManSendShellInput

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??1CWSManCriticalSectionWithConditionVar@@QAE@XZ
?GetInitError@CWSManCriticalSection@@QBEKXZ

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winrshost.exe
.exe windows:10 windows x86 arch:x86

6a1b3d16eba25ebcf51de76bc95303e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

winrshost.pdb

Imports

msvcrt

__dllonexit
_acmdln
_lock
_unlock
_onexit
_controlfp
_initterm
__setusermatherr
_except_handler4_common
_ismbblead
__p__fmode
_cexit
_exit
exit
memcpy
__set_app_type
?terminate@@YAXXZ
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
mbtowc
_wcsicmp
memset

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapCreate
HeapDestroy
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
InitializeCriticalSection
SetEvent
DeleteCriticalSection
CreateEventW

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleCtrlHandler
SetConsoleMode
AllocConsole

api-ms-win-core-kernel32-legacy-l1-1-0

GetConsoleWindow

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateProcessW
TerminateProcess
GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-console-l2-1-0

GenerateConsoleCtrlEvent
SetConsoleCP
WriteConsoleInputW
SetConsoleOutputCP

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winver.exe
.exe windows:10 windows x86 arch:x86

6f6011b78ccfe72e1e21c99f70873a70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

winver.pdb

Imports

kernel32

HeapSetInformation
FileTimeToLocalFileTime
GetTimeFormatW
GetModuleHandleW
GetDateFormatW
FileTimeToSystemTime

user32

LoadStringW

msvcrt

_except_handler4_common
_controlfp
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

shell32

ShellAboutW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wlanext.exe
.exe windows:10 windows x86 arch:x86

f88e2fc6eb401ac86c31e7507b651798

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wlanext.pdb

Imports

msvcrt

_exit
exit
_cexit
__wgetmainargs
_amsg_exit
memcpy
_wtol
__p__fmode
__setusermatherr
_initterm
_except_handler4_common
?terminate@@YAXXZ
_controlfp
__p__commode
_XcptFilter
__set_app_type
memset

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-0

ExitProcess
GetCurrentThread
OpenProcessToken
CreateThread
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
OpenThreadToken
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-security-base-l1-1-0

IsValidSid
GetTokenInformation
AdjustTokenPrivileges
EqualSid
CopySid
GetLengthSid

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
SetEvent
WaitForSingleObject
InitializeCriticalSection
ResetEvent
DeleteCriticalSection
LeaveCriticalSection
CreateEventW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleHandleW
FreeLibrary

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
CreateTimerQueueTimer
CreateTimerQueue
ChangeTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueueEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
ReadFile

ntdll

RtlStringFromGUID
NtWaitForSingleObject
RtlFreeUnicodeString
RtlNtStatusToDosError
NtDeviceIoControlFile

api-ms-win-core-kernel32-legacy-l1-1-0

BindIoCompletionCallback

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wowreg32.exe
.exe windows:10 windows x86 arch:x86

86e412f4eec25227a796f822cea0f6df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wowreg32.pdb

Imports

msvcrt

_cexit
_exit
exit
__p__fmode
fprintf
wcsrchr
_vsnwprintf
__setusermatherr
_initterm
_except_handler4_common
?terminate@@YAXXZ
_controlfp
_wcsicmp
__iob_func
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
fwprintf

kernel32

FreeLibrary
GetProcessHeap
HeapAlloc
GetSystemInfo
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
MapViewOfFile
VirtualQuery
GetModuleHandleW
GetProcAddress
SetLastError
GetCommandLineW
OpenEventW
OpenFileMappingW
UnmapViewOfFile
GetLastError
SetEvent
CloseHandle
LoadLibraryW
ResetEvent
SetCurrentDirectoryW

ntdll

DbgPrintEx
NtQueryInformationProcess

setupapi

SetupWriteTextLog

shell32

CommandLineToArgvW

user32

MsgWaitForMultipleObjectsEx
TranslateMessage
PeekMessageW
DispatchMessageW
LoadStringW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
write.exe
.exe windows:10 windows x86 arch:x86

b05c7142e6016ff931cdc4142be82084

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

write.pdb

Imports

shell32

ShellExecuteW

kernel32

TerminateProcess
GetCurrentProcess
GetStartupInfoW
HeapSetInformation
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
Sleep

msvcrt

_wcmdln
?terminate@@YAXXZ
__setusermatherr
_except_handler4_common
_initterm
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_controlfp

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 898B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wscadminui.exe
.exe windows:10 windows x86 arch:x86

3d14ff3aed50fb9c7612f737f4a41021

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wscadminui.pdb

Imports

msvcrt

_controlfp
__setusermatherr
_initterm
_except_handler4_common
?terminate@@YAXXZ
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_wcsicmp

wscapi

wscLaunchAdminMakeDefaultUI

kernel32

GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
TerminateProcess

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 858B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wscript.exe
.exe windows:10 windows x86 arch:x86

3526e19e94d445aad541fe8d01aff89c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wscript.pdb

Imports

msvcrt

memcpy
memcmp
_ftol2
wcsncmp
memmove
_except_handler4_common
free
_callnewh
malloc
sprintf_s
wcscpy_s
_vsnprintf
memmove_s
memcpy_s
_vsnwprintf
_wcsnicmp
_wcsicmp
_itow
_itow_s
wcsrchr
_beginthread
_endthread
wcscat_s
_swab
swprintf_s
strcpy_s
memset

oleaut32

SetErrorInfo
CreateErrorInfo
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayPutElement
SafeArrayCreate
SysStringLen
SysAllocStringLen
SafeArrayCopy
LoadRegTypeLi
SafeArrayGetLBound
SysAllocStringByteLen
SysAllocString
VariantInit
VariantCopy
LoadTypeLi
SafeArrayGetElement
LoadTypeLibEx
VariantChangeType
VariantClear
UnRegisterTypeLi
SysFreeString

kernel32

InitializeCriticalSection
GetCurrentThreadId
HeapReAlloc
DeleteCriticalSection
GetFullPathNameA
GetFullPathNameW
GetCPInfo
GetFileAttributesA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
ReleaseMutex
GetModuleHandleA
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
GetStartupInfoA
AcquireSRWLockShared
ExitProcess
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
EnterCriticalSection
GetACP
GetFileAttributesW
GetModuleFileNameA
FindClose
GetCommandLineW
CreateFileMappingW
GetCommandLineA
MultiByteToWideChar
GetLocaleInfoW
GetLocaleInfoA
WideCharToMultiByte
GetPrivateProfileIntW
LoadResource
FindFirstFileA
FindFirstFileW
GetPrivateProfileStringW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FindResourceExW
GetVersionExA
GetPrivateProfileIntA
GetConsoleMode
GetModuleFileNameW
SearchPathW
GetPrivateProfileStringA
GetStdHandle
CreateFileW
CreateEventA
CreateThread
LCIDToLocaleName
UnmapViewOfFile
FreeLibrary
SetEvent
LoadLibraryExW
LocalAlloc
GetVersionExW
LocalFree
GetSystemDefaultUILanguage
FormatMessageA
GetUserDefaultLCID
CreateFileMappingA
GetFileSize
MapViewOfFile
GetLocaleInfoEx
GetUserDefaultUILanguage
LeaveCriticalSection
WriteFile
LoadLibraryExA
IsDebuggerPresent
GetTempPath2A
CreateFileA
GetSystemDirectoryA
GetTempFileNameA
FlushFileBuffers

user32

MsgWaitForMultipleObjects
GetClassNameA
PostMessageA
PostThreadMessageA
LoadStringA
MsgWaitForMultipleObjectsEx
SetTimer
SetWindowLongA
LoadStringW
CharNextA
GetWindowLongA
RegisterClassA
DefWindowProcA
GetMessageA
DispatchMessageA
CreateWindowExA
TranslateMessage
GetActiveWindow
GetClassInfoA
SendMessageA
EnumThreadWindows
PeekMessageA
KillTimer
PostQuitMessage
GetParent
IsWindowVisible
MessageBoxW

ole32

MkParseDisplayName
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoInitializeSecurity
CreateFileMoniker
CoGetTreatAsClass
CreateBindCtx
CoRegisterMessageFilter
CoGetMalloc
CoRegisterClassObject
StringFromCLSID
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
CoRevokeClassObject

advapi32

GetUserNameW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
LookupAccountNameW
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
IsTextUnicode
RegCreateKeyExA
RegCreateKeyExW
RegCreateKeyA
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyA
RegQueryValueExW
RegSetValueA
RegDeleteKeyA
RegQueryValueA
ImpersonateLoggedOnUser

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wsmprovhost.exe
.exe windows:10 windows x86 arch:x86

2a22f824f59ff9009353e613421fe8be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wsmprovhost.pdb

Imports

msvcrt

memcpy
_controlfp
_amsg_exit
__dllonexit
_unlock
memmove
__CxxFrameHandler3
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
_XcptFilter
_acmdln
_initterm
_except_handler4_common
__setusermatherr
__p__commode
_ismbblead
__p__fmode
_cexit
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_exit
exit
__set_app_type
_purecall
__getmainargs
memset

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-synch-l1-1-0

CreateEventW
InitializeCriticalSection
SetEvent
DeleteCriticalSection
WaitForSingleObjectEx

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoRegisterClassObject
CoCreateInstance
CoInitializeEx
CoUninitialize
CoRevokeClassObject

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

wsmsvc

CreateProvHost
?Alloc@WSManMemory@@SGPAXIHW4_NitsFaultMode@@@Z
??1CWSManCriticalSection@@QAE@XZ
WSManError
?Free@WSManMemory@@SGXPAXH@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??0?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ
??0?$SafeMap_Iterator@VKey@Locale@@K@@QAE@AAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??0?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@ABV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??1?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PAVCListenerOperation@@@@@@QAE@XZ
??1?$SafeMap@PAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PAVIOperation@@@@@@QAE@XZ
??1?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QAE@XZ
??1?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ
??1?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@QAE@XZ
??1?$SafeMap_Iterator@PAVIOperation@@UEmpty@@@@QAE@XZ
??1?$SafeMap_Iterator@UPluginKey@@K@@QAE@XZ
??1?$SafeMap_Iterator@VKey@Locale@@K@@QAE@XZ
??1?$SafeMap_Lock@PAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@@@QAE@XZ
??1?$SafeMap_Lock@PAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PAVIOperation@@UEmpty@@@@@@QAE@XZ
??1?$SafeMap_Lock@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QAE@XZ
??1?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ
??1?$SafeSet@PAVCListenerOperation@@@@QAE@XZ
??1?$SafeSet@PAVIOperation@@@@QAE@XZ
??1?$SafeSet_Iterator@PAVCListenerOperation@@@@QAE@XZ
??1?$SafeSet_Iterator@PAVIOperation@@@@QAE@XZ
??1CWSManCriticalSectionWithConditionVar@@QAE@XZ
??_7?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PAVCListenerOperation@@@@@@6B@
??_7?$SafeMap@PAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PAVIOperation@@@@@@6B@
??_7?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@6B@
??_7?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@6B@
?Acquire@?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@@@UBEXXZ
?Acquire@?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PAVCListenerOperation@@@@@@UBEXXZ
?Acquire@?$SafeMap@PAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PAVIOperation@@UEmpty@@@@@@UBEXXZ
?Acquire@?$SafeMap@PAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PAVIOperation@@@@@@UBEXXZ
?Acquire@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UBEXXZ
?Acquire@?$SafeMap@UUserKey@@PAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PAVBlockedRecord@@@@@@UBEXXZ
?Acquire@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UBEXXZ
?Acquire@?$SafeMap@VStringKeyStore@@PAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PAVServerFullDuplexChannel@@@@@@UBEXXZ
?Acquire@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAEXXZ
?Acquired@?$SafeMap_Lock@PAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@@@QAE_NXZ
?Acquired@?$SafeMap_Lock@PAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PAVIOperation@@UEmpty@@@@@@QAE_NXZ
?Acquired@?$SafeMap_Lock@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QAE_NXZ
?Acquired@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE_NXZ
?AsReference@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAEAAV1@XZ
?Data@?$SafeMap_Iterator@VKey@Locale@@K@@IBEAAV?$STLMap@VKey@Locale@@K@@XZ
?DeInitialize@?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@@@UAE_NAAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PAVCListenerOperation@@@@@@UAE_NAAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@PAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PAVIOperation@@UEmpty@@@@@@UAE_NAAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@PAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PAVIOperation@@@@@@UAE_NAAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UAE_NAAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@UUserKey@@PAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PAVBlockedRecord@@@@@@UAE_NAAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UAE_NAAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@VStringKeyStore@@PAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PAVServerFullDuplexChannel@@@@@@UAE_NAAVIRequestContext@@@Z
?GetInitError@CWSManCriticalSection@@QBEKXZ
?GetMap@?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@QBEAAV?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@@@XZ
?GetMap@?$SafeMap_Iterator@PAVIOperation@@UEmpty@@@@QBEAAV?$SafeMap@PAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PAVIOperation@@UEmpty@@@@@@XZ
?GetMap@?$SafeMap_Iterator@UPluginKey@@K@@QBEAAV?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@XZ
?GetMap@?$SafeMap_Iterator@VKey@Locale@@K@@QBEAAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?GetMap@?$SafeMap_Lock@PAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@@@QBEABV?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@@@XZ
?GetMap@?$SafeMap_Lock@PAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PAVIOperation@@UEmpty@@@@@@QBEABV?$SafeMap@PAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PAVIOperation@@UEmpty@@@@@@XZ
?GetMap@?$SafeMap_Lock@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QBEABV?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@XZ
?GetMap@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QBEABV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?Initialize@?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@@@UAE_NAAVIRequestContext@@@Z
?Initialize@?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PAVCListenerOperation@@@@@@UAE_NAAVIRequestContext@@@Z
?Initialize@?$SafeMap@PAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PAVIOperation@@UEmpty@@@@@@UAE_NAAVIRequestContext@@@Z
?Initialize@?$SafeMap@PAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PAVIOperation@@@@@@UAE_NAAVIRequestContext@@@Z
?Initialize@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UAE_NAAVIRequestContext@@@Z
?Initialize@?$SafeMap@UUserKey@@PAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PAVBlockedRecord@@@@@@UAE_NAAVIRequestContext@@@Z
?Initialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UAE_NAAVIRequestContext@@@Z
?Initialize@?$SafeMap@VStringKeyStore@@PAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PAVServerFullDuplexChannel@@@@@@UAE_NAAVIRequestContext@@@Z
?IsValid@?$SafeMap@VStringKeyStore@@PAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PAVServerFullDuplexChannel@@@@@@QBE_NXZ
?IsValid@?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@QBE_NXZ
?IsValid@?$SafeMap_Iterator@PAVIOperation@@UEmpty@@@@QBE_NXZ
?IsValid@?$SafeMap_Iterator@UPluginKey@@K@@QBE_NXZ
?IsValid@?$SafeMap_Iterator@UUserKey@@PAVBlockedRecord@@@@QBE_NXZ
?IsValid@?$SafeMap_Iterator@VKey@Locale@@K@@QBE_NXZ
?IsValid@?$SafeMap_Iterator@VStringKeyStore@@PAVServerFullDuplexChannel@@@@QBE_NXZ
?Release@?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@@@UBEXXZ
?Release@?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PAVCListenerOperation@@@@@@UBEXXZ
?Release@?$SafeMap@PAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PAVIOperation@@UEmpty@@@@@@UBEXXZ
?Release@?$SafeMap@PAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PAVIOperation@@@@@@UBEXXZ
?Release@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UBEXXZ
?Release@?$SafeMap@UUserKey@@PAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PAVBlockedRecord@@@@@@UBEXXZ
?Release@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UBEXXZ
?Release@?$SafeMap@VStringKeyStore@@PAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PAVServerFullDuplexChannel@@@@@@UBEXXZ
?Reset@?$SafeMap_Iterator@VKey@Locale@@K@@QAEXXZ
?SkipOrphans@?$SafeMap_Iterator@VKey@Locale@@K@@IAEXXZ

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wusa.exe
.exe windows:10 windows x86 arch:x86

d48eee4942e8cc52e43fc3eb66490ac2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wusa.pdb

Imports

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
InitiateSystemShutdownExW
CreateProcessAsUserW
RegOpenKeyExW
ConvertSidToStringSidW
RegDeleteValueW
RegEnumKeyW
RegQueryValueExW
RegDeleteKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
GetTokenInformation
CopySid
RegDeleteKeyValueW
StartTraceW
EnableTrace
ControlTraceW
CloseTrace
IsValidSid
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextW
CryptGenRandom
DecryptFileA
CryptReleaseContext
EventRegister
EventUnregister
EventEnabled
EventWrite

kernel32

GetExitCodeProcess
ProcessIdToSessionId
GetCurrentProcessId
FormatMessageW
GetModuleHandleW
CreateFileW
GetFullPathNameW
GetCurrentProcess
CreateEventW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
GetFileAttributesA
MultiByteToWideChar
GetSystemDirectoryA
lstrcmpW
DeleteFileW
MoveFileExW
RemoveDirectoryW
OutputDebugStringW
GetFileAttributesW
UnhandledExceptionFilter
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemWindowsDirectoryW
CloseHandle
GetExitCodeThread
FindClose
WaitForSingleObject
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
GetLastError
LocalFree
CreateThread
FindFirstFileW
lstrcmpiW
FindNextFileW
Sleep
TerminateProcess

gdi32

GetDeviceCaps
GetStockObject
DeleteDC
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
DeleteObject
CreateFontIndirectW

user32

ReleaseDC
GetDC
SendDlgItemMessageW
SetRect
GetClientRect
ShowWindow
SystemParametersInfoW
DialogBoxParamW
DestroyAcceleratorTable
TranslateAcceleratorW
CreateAcceleratorTableW
DestroyWindow
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
CreateWindowExW
BeginPaint
EndDialog
UpdateWindow
LoadCursorW
LoadIconW
SetWindowLongW
EnableWindow
SetDlgItemTextW
SetFocus
GetDlgItem
EndPaint
PostMessageW
FillRect
RegisterClassExW
DefWindowProcW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
SendMessageW

msvcrt

_vsnwprintf
wcsrchr
_ftol2_sse
memcpy
_unlock
_lock
_wcmdln
__dllonexit
__setusermatherr
__p__fmode
_cexit
_exit
exit
memset
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
free
_callnewh
_onexit
_except_handler4_common
?terminate@@YAXXZ
_controlfp
_initterm
__set_app_type
malloc
_vsnprintf
wcschr
iswdigit
_wcsnicmp
_wcsicmp

oleaut32

SysFreeString
VariantInit
SysAllocString

shell32

ord730
CommandLineToArgvW
ShellExecuteExW

shlwapi

StrToIntExW
PathFindExtensionW

ntdll

WinSqmSetDWORD
WinSqmSetString
WinSqmStartSession
WinSqmEndSession

dpx

DpxNewJob

wtsapi32

WTSQueryUserToken

servicingcommon

SczEnsureBackslashTerminated
SczAllocConcat2Sz
SczFree
SczAllocFormatted
SczAlloc
SczAllocPrefixSz
SczAllocConcatSz
SczAllocFromSz

dismapi

DismUnmountImage
DismMountImage
DismInitialize

comctl32

ord344
InitCommonControlsEx

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoTaskMemFree

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xcopy.exe
.exe windows:10 windows x86 arch:x86

370e0f2a87317776feb42a7b32dd037b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

xcopy.pdb

Imports

msvcrt

?terminate@@YAXXZ
_initterm
__setusermatherr
towupper
__p__fmode
exit
_controlfp
_wcsnicmp
_cexit
_except_handler4_common
_exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_wgetenv

ulib

?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PutMultipleSwitch@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?GetLexemeAt@ARGUMENT_LEXEMIZER@@QAEPAVWSTRING@@K@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
??0ARGUMENT_LEXEMIZER@@QAE@XZ
?Initialize@STRING_ARRAY@@QAEEKKK@Z
??0STRING_ARRAY@@QAE@XZ
?ConvertToUTC@TIMEINFO@@QAEEXZ
?Initialize@TIMEINFO@@QAEXPBV1@@Z
??0TIMEINFO@@QAE@XZ
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
??1STRING_ARGUMENT@@UAE@XZ
??0STRING_ARGUMENT@@QAE@XZ
?TruncateNameAtColon@PATH@@QAEXXZ
?AppendBase@PATH@@QAEEPBVWSTRING@@E@Z
??1PATH@@UAE@XZ
?Initialize@PATH@@QAEEPBGE@Z
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
?Initialize@PATH@@QAEEPBV1@E@Z
??0PATH@@QAE@XZ
?QueryString@WSTRING@@QBEPAV1@KK@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?Initialize@WSTRING@@QAEEPBDK@Z
?PathWasTooBig@PATH@@QAEEXZ
?Truncate@WSTRING@@QAEKK@Z
?Strchr@WSTRING@@QBEKGK@Z
?Strupr@WSTRING@@QAEPAV1@XZ
?Strcmp@WSTRING@@QBEJPBV1@@Z
?GetWSTR@WSTRING@@QBEPBGXZ
?QueryChAt@WSTRING@@QBEGK@Z
?QueryChCount@WSTRING@@QBEKXZ
?QueryResourceString@BASE_SYSTEM@@SAEPAVWSTRING@@KPBDZZ
?ExitProgram@PROGRAM@@SGXK@Z
?FindFirstFileW@@YGPAXPBVPATH@@PAU_WIN32_FIND_DATAW@@@Z
?Copy@FSN_FILE@@QBEEPAVPATH@@PAW4_COPY_ERROR@@KP6GKT_LARGE_INTEGER@@222KKPAX33@Z3PAH@Z
?Resize@FSTRING@@UAEEK@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?DisplaySystemError@SYSTEM@@SGXKH@Z
?QueryWindowsErrorMessage@SYSTEM@@SGEKPAVWSTRING@@@Z
?QueryDriveType@SYSTEM@@SG?AW4DRIVE_TYPE@@PBVWSTRING@@@Z
?RemoveNode@SYSTEM@@SGEPAPAVFSNODE@@E@Z
?MakeDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@0PAW4_COPY_ERROR@@P6GKT_LARGE_INTEGER@@222KKPAX33@Z3PAHK@Z
??OTIMEINFO@@QBEEV0@@Z
?GetNext@FSN_DIRECTORY@@QAEPAVFSNODE@@PAPAXPAK@Z
?IsEmpty@FSN_DIRECTORY@@QBEEXZ
?DeleteDirectory@FSN_DIRECTORY@@QAEEXZ
?CreateDirectoryPath@FSN_DIRECTORY@@QBEPAV1@PBVPATH@@@Z
??0PROGRAM@@IAE@XZ
?ValidateVersion@PROGRAM@@UBEXKK@Z
?Usage@PROGRAM@@UBEXXZ
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
?Fatal@PROGRAM@@UBEXXZ
?Fatal@PROGRAM@@UBAXKKPADZZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
??1PROGRAM@@UAE@XZ
?Initialize@PROGRAM@@QAEEKKK@Z
?Initialize@CLASS_DESCRIPTOR@@QAEEPBD@Z
??0CLASS_DESCRIPTOR@@QAE@XZ
?UseAlternateName@FSNODE@@QAEEXZ
?SetAttributes@FSNODE@@QAEEKPAK@Z
?GetPFlagBreak@KEYBOARD@@QBEQAHXZ
?GotABreak@KEYBOARD@@SGEXZ
?EnableLineMode@KEYBOARD@@QAEEXZ
?EnableBreakHandling@KEYBOARD@@SGEXZ
?DisableLineMode@KEYBOARD@@QAEEXZ
?DisableBreakHandling@KEYBOARD@@SGEXZ
?Initialize@KEYBOARD@@QAEEEE@Z
?Cast@KEYBOARD@@SGPAV1@PBVOBJECT@@@Z
??0KEYBOARD@@QAE@XZ
?TruncateBase@PATH@@QAEEXZ
?QueryFullPathString@PATH@@QBEPAVWSTRING@@XZ
?QueryComponentArray@PATH@@QBEPAVARRAY@@PAV2@@Z
?ModifyName@PATH@@QAEEPBVWSTRING@@@Z
?HasWildCard@PATH@@QBEEXZ
?EndsWithDelimiter@PATH@@QBEEXZ
?Display@MESSAGE@@QAAEPBDZZ
?SetTimeInfo@FSN_FILTER@@QAEEPBVTIMEINFO@@W4FSN_TIME@@G@Z
?SetAttributes@FSN_FILTER@@QAEEKKK@Z
?SetFileName@FSN_FILTER@@QAEEPBD@Z
?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z
?DoesNodeMatch@FSN_FILTER@@QAEEPAVFSNODE@@@Z
?Initialize@FSN_FILTER@@QAEEXZ
??0FSN_FILTER@@QAE@XZ
?Strcat@WSTRING@@QAEEPBV1@@Z
??0OBJECT@@QAE@ABV0@@Z
??1FSTRING@@UAE@XZ
?Initialize@FSTRING@@QAEPAVWSTRING@@PAGK@Z
??9WSTRING@@QBEEABV0@@Z
??8WSTRING@@QBEEABV0@@Z
?Strstr@WSTRING@@QBEKPBV1@@Z
?Stricmp@WSTRING@@QBEJPBV1@@Z
?SetClassDescriptor@OBJECT@@IAEXPBVCLASS_DESCRIPTOR@@@Z
?SPrintfAppend@DSTRING@@UAAEPBGZZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?SetAllowSwitchGlomming@ARGUMENT_LEXEMIZER@@QAEXE@Z
?SetNoSpcBetweenDstAndSwitch@ARGUMENT_LEXEMIZER@@QAEXE@Z
?PutMultiCharSwitch@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
??1OBJECT@@UAE@XZ
?Compare@OBJECT@@UBEJPBV1@@Z
?DebugDump@OBJECT@@UBEXE@Z
?GetLexeme@ARGUMENT@@QAEPAVWSTRING@@XZ
?GetPattern@ARGUMENT@@QAEPAVWSTRING@@XZ
?IsValueSet@ARGUMENT@@QAEEXZ
?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z
?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
??0PATH_ARGUMENT@@QAE@XZ
??1PATH_ARGUMENT@@UAE@XZ
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
?ReadLine@STREAM@@QAEEPAVWSTRING@@E@Z
??0FLAG_ARGUMENT@@QAE@XZ
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
??0ARRAY@@QAE@XZ
??1ARRAY@@UAE@XZ
?Initialize@ARRAY@@QAEEKK@Z
?DeleteAllMembers@ARRAY@@UAEEXZ
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QAEPAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0TIMEINFO_ARGUMENT@@QAE@XZ
??1TIMEINFO_ARGUMENT@@UAE@XZ
?Initialize@TIMEINFO_ARGUMENT@@QAEEPAD@Z
??0DSTRING@@QAE@XZ
??1DSTRING@@UAE@XZ
?Resize@DSTRING@@UAEEK@Z
?NewBuf@DSTRING@@UAEEK@Z
?SPrintf@DSTRING@@UAAEPBGZZ
??0FSTRING@@QAE@XZ

ifsutil

?QueryFreeDiskSpace@IFS_SYSTEM@@SGEPBVWSTRING@@PAVBIG_INT@@@Z

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-file-l1-1-0

SetFileTime
FindClose
GetFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-file-l2-1-0

CreateDirectoryExW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

NtSetInformationProcess
RtlAdjustPrivilege
RtlFreeHeap
RtlAllocateHeap

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xwizard.exe
.exe windows:10 windows x86 arch:x86

2790c7ab558a434b97e98bb8bf89657f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

xwizard.pdb

Imports

msvcrt

__p__fmode
_wcmdln
_except_handler4_common
_cexit
_errno
__setusermatherr
realloc
__set_app_type
__wgetmainargs
?terminate@@YAXXZ
_amsg_exit
__p__commode
_XcptFilter
exit
_lock
_unlock
__dllonexit
memmove
_onexit
_initterm
??1type_info@@UAE@XZ
_controlfp
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_purecall
_callnewh
wcsncpy_s
malloc
free
??3@YAXPAX@Z
memcpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
_exit
memset

oleaut32

VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetProcAddress
SizeofResource
GetModuleFileNameW
FindResourceExW
LoadResource
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

user32

LoadCursorW
LoadIconW
CreateWindowExW
DefWindowProcW
DestroyWindow
MessageBoxW
RegisterClassW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
DeactivateActCtx
ActivateActCtx
CreateActCtxW

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56c407376703c809d4e7b5493f440bc2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

oleaut32

shlwapi

ole32

setupapi

shell32

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

c929ac237be32cf84055e96db4572d8e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-eventing-classicprovider-l1-1-0

oleaut32

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

wsmsvc

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

f18a14f09612799f7dbe9c5edc0e98ba

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

1e:0c:6d:0e:e0:e5:85:6c:e6:48:51:46:c2:cc:05:9a:e9:c6:b8:ac:f5:fd:e0:9d:77:1d:08:97:f0:d5:f7:29Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-appmodel-runtime-internal-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

1e:0c:6d:0e:e0:e5:85:6c:e6:48:51:46:c2:cc:05:9a:e9:c6:b8:ac:f5:fd:e0:9d:77:1d:08:97:f0:d5:f7:29
Signer

.text
Size: 792KB - Virtual size: 792KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 8KB

.didat
Size: 1024B - Virtual size: 728B

.rsrc
Size: 37KB - Virtual size: 36KB

.reloc
Size: 53KB - Virtual size: 53KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

50:4c:0d:85:4a:51:00:c1:0d:c8:df:78:54:66:85:be:98:88:11:f9:8d:5f:48:2b:8f:01:87:04:c8:dd:b0:2d
Signer