x64__installer___v4[.]8[.]2[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

x64__installer___v4.8.2.zip
Size

35.8MB
MD5

795b5e2f1b33ebfc1e4f2906efcb78ac
SHA1

2876fdd917a3eba780d0c321f1c23332a9cb76d7
SHA256

dc8fd3515d109c869484a0bbcf580f845194457c0a3dee32e3697e469ba3f153
SHA512

5a6dbdf35c1fad25fb2df8f3442a7434851003d63f28e8c2939e8de595da48e72250078cacf8c38ed1daeb770fb95594e62fb42f2d4c1bf50ef3a92e3203fee9
SSDEEP

786432:h+dTytJGjsS7lBq3Fvm8xDdeOECyow8WXAmL/P2iCMDETlwJ9oakrKY:h+dTE/Xd9nwzr+wDIOJNe

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KBDLV/KBDLV.DLL
unpack001/KBDLV/MTFFuzzyDS.dll
unpack001/aepic/FXST30.dll
unpack001/aepic/comsvcs.dll
unpack001/user32/mmcbase.dll
unpack001/user32/provcore.dll
unpack001/user32/usbceip.dll
unpack001/userenv/Microsoft.Uev.SmbSyncProvider.dll
unpack001/userenv/Windows.Data.Activities.dll
unpack001/userenv/Windows.Storage.OneCore.dll
unpack001/winsrv/NotificationControllerPS.dll
unpack001/winsrv/webio.dll

Files

x64__installer___v4.8.2.zip
.zip

Password: infected
KBDLV/KBDLV.DLL
.dll windows:10 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

kbdlv.pdb

Exports

Exports

KbdLayerDescriptor

Sections

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KBDLV/MFCaptureEngine.dll
.dll windows:10 windows x64 arch:x64

Password: infected

563623628d6c9e656161e493e4981638

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:79:71:91:bb:2d:c9:48:bb:4f:02:42:fd:a9:ff:44:42:7c:be:0e:43:40:a5:7f:d4:11:6e:f7:14:45:fe:fd
Signer

Actual PE Digest

74:79:71:91:bb:2d:c9:48:bb:4f:02:42:fd:a9:ff:44:42:7c:be:0e:43:40:a5:7f:d4:11:6e:f7:14:45:fe:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFCaptureEngine.pdb

Imports

msvcrt

wcstombs
_vsnprintf
_i64toa_s
_ltoa_s
_ultoa_s
_vsnwprintf
sqrt
_onexit
strnlen
_vscprintf
__dllonexit
_unlock
qsort
realloc
log10
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
strncpy_s
_initterm
_amsg_exit
_XcptFilter
memcpy
memmove
memset
_callnewh
_purecall
_lock
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
_gcvt_s
__CxxFrameHandler3
_CxxThrowException
wcscmp

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TlsSetValue
TerminateProcess
GetCurrentProcess
TlsGetValue

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
LoadResource
FindResourceExW
GetProcAddress
GetModuleHandleExW
SizeofResource
FreeLibrary
GetModuleFileNameW
GetModuleFileNameA
DisableThreadLibraryCalls

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
LeaveCriticalSection
ResetEvent
EnterCriticalSection
InitializeCriticalSection
OpenSemaphoreW
ReleaseMutex
ReleaseSemaphore
CreateMutexExW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
CreateEventExW
AcquireSRWLockExclusive
WaitForSingleObject
CreateEventW
DeleteCriticalSection
SetEvent

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetLocalTime
GetTickCount
GetSystemTimeAsFileTime
GlobalMemoryStatusEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-realtime-l1-1-0

QueryProcessCycleTime

ntdll

RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlAllocateWnfSerializationGroup
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

CheckTokenMembership

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalAlloc

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
MFCreateCaptureEngine

Sections

.text
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KBDLV/MTFFuzzyDS.dll
.dll windows:10 windows x64 arch:x64

Password: infected

138f9238ee3d6faf58a788147baf44cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MTFFuzzyDS.pdb

Imports

msvcrt

memmove
_XcptFilter
_amsg_exit
towlower
wcstoul
towupper
wcsnlen
_wcsicmp
wcscpy_s
wcscat_s
free
_initterm
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
__C_specific_handler
malloc
memmove_s
strrchr
wcsrchr
_lock
_unlock
fgetws
wcschr
__CxxFrameHandler3
_vsnprintf_s
iswalpha
__dllonexit
_onexit
strcpy_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
pow
??1exception@@UEAA@XZ
iswupper
iswdigit
fclose
_wfopen_s
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
_purecall
??3@YAXPEAX@Z
wcsncmp
memset
memcmp
log10
log
sqrt

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventWrite
EventUnregister
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-file-l1-1-0

DeleteFileW
GetTempFileNameW
FindNextFileW
CreateDirectoryW
GetFileAttributesW
FindClose
FindFirstFileW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegGetValueW
RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
ResetEvent
AcquireSRWLockExclusive
CreateEventExW
CreateMutexExW
DeleteCriticalSection
CreateSemaphoreExW
ReleaseSRWLockExclusive
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
SysFreeString
SysAllocStringLen

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetWindowsDirectoryW
GetTickCount

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathAppendW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrRChrW
StrStrIW

profapi

ord104

ntdll

RtlIsMultiSessionSku

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KBDLV/RTWorkQ.dll
.dll windows:10 windows x64 arch:x64

Password: infected

b9047688f735418f4b96b2d9a19f3d26

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:ec:33:a0:6a:83:43:64:23:c4:1b:4d:21:eb:8c:91:88:e9:b2:db:f3:f3:eb:5c:ac:1b:a4:35:0e:57:df:ee
Signer

Actual PE Digest

ec:ec:33:a0:6a:83:43:64:23:c4:1b:4d:21:eb:8c:91:88:e9:b2:db:f3:f3:eb:5c:ac:1b:a4:35:0e:57:df:ee

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rtworkq.pdb

Imports

msvcrt

_onexit
__C_specific_handler
__dllonexit
_unlock
_lock
_XcptFilter
_amsg_exit
_callnewh
malloc
free
srand
_initterm
memmove
_beginthreadex
memcpy
memcpy_s
memset
_vsnwprintf
wcsncmp
_wcsnicmp
_purecall

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-synch-l1-1-0

SetEvent
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
CancelWaitableTimer
SetWaitableTimer
DeleteCriticalSection
CreateWaitableTimerExW
AcquireSRWLockShared
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
WaitForSingleObject
WaitForSingleObjectEx
InitializeSRWLock
ResetEvent
ReleaseSRWLockExclusive
CreateEventW
InitializeCriticalSection
ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockShared

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThread
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetCurrentProcess
TlsFree
TlsAlloc
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoIncrementMTAUsage
CoDecrementMTAUsage
CoWaitForMultipleHandles
CoUninitialize
CoInitializeEx
CoTaskMemFree

api-ms-win-core-threadpool-l1-2-0

CreateThreadpool
SubmitThreadpoolWork
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpool
StartThreadpoolIo
CreateThreadpoolWork
CreateThreadpoolIo
CancelThreadpoolIo
CloseThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CloseThreadpoolIo

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

ntdll

TpSetPoolThreadBasePriority
TpSetPoolWorkerThreadIdleTimeout
TpTrimPools
NtSetInformationThread
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlEqualWnfChangeStamps

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsFree
FlsSetValue

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-com-private-l1-1-0

CoRevokeInitializeSpy
CoRegisterInitializeSpy

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

RtwqAddPeriodicCallback
RtwqAllocateSerialWorkQueue
RtwqAllocateWorkQueue
RtwqBeginRegisterWorkQueueWithMMCSS
RtwqBeginUnregisterWorkQueueWithMMCSS
RtwqCancelDeadline
RtwqCancelMultipleWaitingWorkItem
RtwqCancelWorkItem
RtwqCreateAsyncResult
RtwqEndRegisterWorkQueueWithMMCSS
RtwqEndUnregisterWorkQueueWithMMCSS
RtwqGetPlatform
RtwqGetWorkQueueMMCSSClass
RtwqGetWorkQueueMMCSSPriority
RtwqGetWorkQueueMMCSSTaskId
RtwqInvokeCallback
RtwqJoinWorkQueue
RtwqLockPlatform
RtwqLockSharedWorkQueue
RtwqLockWorkQueue
RtwqPutMultipleWaitingWorkItem
RtwqPutWaitingWorkItem
RtwqPutWorkItem
RtwqRegisterPlatformEvents
RtwqRegisterPlatformWithMMCSS
RtwqRemovePeriodicCallback
RtwqScheduleWorkItem
RtwqSetDeadline
RtwqSetDeadline2
RtwqSetLongRunning
RtwqShutdown
RtwqStartup
RtwqUnjoinWorkQueue
RtwqUnlockPlatform
RtwqUnlockWorkQueue
RtwqUnregisterPlatformEvents
RtwqUnregisterPlatformFromMMCSS

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aepic/FXST30.dll
.dll windows:10 windows x64 arch:x64

Password: infected

d6975405de0aaea04ea577175e5e5768

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FXST30.pdb

Imports

msvcrt

memcpy
memcmp
memset
_vsnprintf
_initterm
malloc
free
_amsg_exit
_XcptFilter
_splitpath_s
_strtime
_makepath_s
_mbsrchr
_mbschr
__C_specific_handler
strchr
atoi
strstr
strncmp
strcmp

kernel32

GetTempPathA
LocalFree
DeleteCriticalSection
CreateEventA
GetTickCount
HeapFree
PostQueuedCompletionStatus
HeapAlloc
VirtualFree
VirtualAlloc
MoveFileExA
GetTempFileNameA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
MultiByteToWideChar
lstrlenA
GetDateFormatA
GetProcAddress
FreeLibrary
WideCharToMultiByte
HeapDestroy
GetProcessHeap
OutputDebugStringA
GetCurrentThreadId
GetFileType
GetVersionExA
_lopen
GetWindowsDirectoryA
_lread
_lclose
GetPrivateProfileStringA
_lcreat
_lwrite
CancelIo
PurgeComm
GetCommTimeouts
EscapeCommFunction
InitializeCriticalSection
ClearCommError
GetOverlappedResult
SetCommMask
SetCommTimeouts
SetCommState
LeaveCriticalSection
EnterCriticalSection
GetCommProperties
SetLastError
WaitForSingleObject
GetCurrentThread
SetThreadPriority
FlushFileBuffers
ResetEvent
CreateThread
CloseHandle
DeleteFileA
SetEvent
CreateFileA
GetLastError
SetFilePointer
WaitForMultipleObjects
WriteFile
ReadFile
Sleep
LocalAlloc
LoadLibraryA
GetCommState

advapi32

RegCreateKeyExA
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsA
RegCloseKey
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
TraceMessage
RegQueryValueExA

tapi32

lineDrop
lineGetCallInfoA
lineMakeCallA
lineTranslateAddressA
lineGetDevConfigA
lineSetCallParams
lineGetDevCapsA
lineGetIDA

fxstiff

TiffOpen
TiffWriteRaw
TiffEndPage
TiffStartPage
TiffSetCurrentPageParams
TiffClose
TiffCreate
FindNextEol
ScanMhSegment
TiffGetCurrentPageData
ConvMmrPageToMrSameRes
ConvMmrPageToMh
TiffSeekToPage
ConvMmrPageHiResToMrLoRes
ScanMrSegment

Exports

Exports

DllMain
FaxDevAbortOperation
FaxDevEndJob
FaxDevInitialize
FaxDevReceive
FaxDevReportStatus
FaxDevSend
FaxDevShutdown
FaxDevStartJob
FaxExtInitializeConfig

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aepic/aepic.dll
.dll windows:10 windows x64 arch:x64

Password: infected

4d969ddedbc410a80393fe465f8d613e

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:ec:41:e9:5d:3b:a6:80:5f:70:03:97:96:58:e1:fd:2a:6b:c1:38:e5:0f:3a:64:38:82:36:d2:0b:53:56:11
Signer

Actual PE Digest

63:ec:41:e9:5d:3b:a6:80:5f:70:03:97:96:58:e1:fd:2a:6b:c1:38:e5:0f:3a:64:38:82:36:d2:0b:53:56:11

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aepic.pdb

Imports

msvcrt

__crtLCMapStringW
wcsstr
_wcslwr
__crtCompareStringW
iscntrl
_wcsdup
memset
abort
memcmp
___lc_collate_cp_func
calloc
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
towlower
_wtoi
_wsetlocale
setlocale
__CxxFrameHandler3
_wsplitpath_s
wcstoul
strnlen
isspace
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
wcstombs
??0bad_cast@@QEAA@PEBD@Z
_amsg_exit
_XcptFilter
memmove
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
memcpy
_CxxThrowException
_vscwprintf
??0exception@@QEAA@AEBQEBDH@Z
tolower
??0exception@@QEAA@AEBQEBD@Z
__C_specific_handler
_vsnwprintf_s
?what@exception@@UEBAPEBDXZ
strchr
_set_errno
strtol
_errno
strncpy_s
sprintf_s
realloc
free
malloc
memmove_s
_wcsicmp
_vsnprintf_s
strncmp
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_wtoi64
_vsnwprintf
_vsnprintf
strcpy_s
_wcsnicmp
wcschr
wcsrchr
wcscpy_s
wcscat_s
wcscmp

ntdll

RtlGetVersion
RtlReleaseRelativeName
NtLoadKeyEx
RtlDosPathNameToRelativeNtPathName_U
RtlStringFromGUID
RtlRandomEx
NtQueryKey
RtlFreeSid
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlImageDirectoryEntryToData
RtlVerifyVersionInfo
LdrResSearchResource
RtlTimeToTimeFields
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitString
EtwEventRegister
EtwEventWrite
EtwEventUnregister
NtQueryLicenseValue
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlDeleteCriticalSection
RtlSecondsSince1970ToTime
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
WinSqmIsOptedInEx
VerSetConditionMask
EtwTraceMessage

rpcrt4

UuidCreate

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadLibraryExW
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleHandleExA
FreeLibraryAndExitThread
GetModuleFileNameW
FreeLibrary

api-ms-win-core-synch-l1-1-0

SetEvent
AcquireSRWLockExclusive
OpenWaitableTimerW
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW
InitializeSRWLock
CreateSemaphoreExW
ReleaseSemaphore
CreateEventW
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
SetWaitableTimer
CreateMutexW
CreateEventExW
InitializeCriticalSectionEx
DeleteCriticalSection
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
SetThreadPriority
GetCurrentThreadId
OpenProcessToken
GetThreadPriority
ResumeThread
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
TlsSetValue
CreateThread
TlsAlloc
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
LocaleNameToLCID

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDuplicateString
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemWindowsDirectoryW
GetTickCount
GetSystemInfo
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateErrorW
SetRestrictedErrorInfo
RoTransformError
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoGetInterfaceAndReleaseStream
CoGetCallContext
CoMarshalInterface
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
CoReleaseMarshalData
CoCreateInstance
CoGetApartmentType
CoTaskMemAlloc
CoWaitForMultipleHandles
CoUninitialize
CoTaskMemFree

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateTokenEx
GetTokenInformation
SetSecurityDescriptorOwner

api-ms-win-shcore-thread-l1-1-0

SetProcessReference
GetProcessReference
SHSetThreadRef
SHGetThreadRef

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
FreeLibraryWhenCallbackReturns
CallbackMayRunLong
TrySubmitThreadpoolCallback
CreateThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumKeyExW
RegSetKeySecurity
RegLoadKeyW
RegFlushKey
RegSaveKeyExW
RegUnLoadKeyW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteTreeW
RegDeleteValueW
RegLoadAppKeyW
RegGetValueW
RegSetValueExW
RegCloseKey
RegDeleteKeyExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-file-l1-1-0

GetTempFileNameW
GetFileTime
GetDriveTypeW
DeleteFileW
FindClose
GetLongPathNameW
GetVolumeInformationByHandleW
CreateFileW
GetLogicalDriveStringsW
GetFileAttributesW
WriteFile
FindNextFileW
FindFirstFileW
QueryDosDeviceW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW
GetCurrentDirectoryW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathUnExpandEnvStringsW
PathFileExistsW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-path-l1-1-0

PathCchCanonicalizeEx
PathCchRemoveFileSpec
PathAllocCombine

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

oleaut32

VariantInit
SysFreeString
VariantChangeType
VariantClear
VariantCopy
SysAllocString

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW
CreateWaitableTimerW

bcrypt

BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptFinishHash

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptAcquireContextW
CryptCreateHash

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
QueryActCtxW
CreateActCtxW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
GetAppInventoryCore
GetPrivacyLevel
PicAmiClose
PicAmiInitialize
PicFreeFileInfo
PicRetrieveFileInfo
PicRetrieveFileInfoAppx
PicRetrieveFileLastRunTime
PicUpdateFileLastRunTime
UpdateSoftwareInventoryTC2

Sections

.text
Size: 376KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aepic/comsvcs.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: infected

d6161c355ce82d73e722e149b8df23ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

comsvcs.pdb

Imports

msvcrt

sqrt
memset
memmove
memcpy
_unlock
memcmp
exp
_local_unwind
_ultow
_onexit
free
iswalpha
wcschr
wcscpy_s
_purecall
wcscat_s
realloc
_lock
?terminate@@YAXXZ
_initterm
??1type_info@@UEAA@XZ
__CxxFrameHandler3
_wtoi
_wcsicmp
_amsg_exit
malloc
_vsnwprintf
_wcsdup
wcstombs
wcsrchr
mbstowcs
_XcptFilter
_CxxThrowException
iswdigit
_vsnprintf
wcstok_s
_wcsupr
memcpy_s
__dllonexit
__doserrno
memmove_s
wcsstr
__C_specific_handler
??0exception@@QEAA@AEBQEBD@Z
_beginthreadex
time
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_waccess
?what@exception@@UEBAPEBDXZ
wcscmp

ntdll

RtlDeleteCriticalSection
RtlInitializeCriticalSectionAndSpinCount
RtlSplay
RtlFreeHeap
RtlImageNtHeader
RtlAllocateHeap
RtlReportException
RtlDllShutdownInProgress
WinSqmSetDWORD
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwNotificationUnregister
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlDelete
NtQuerySystemInformation
RtlNtStatusToDosError
ShipAssertMsgA
EtwNotificationRegister
RtlCreateServiceSid
RtlInitUnicodeString
EtwLogTraceEvent

oleaut32

VariantInit
VARIANT_UserSize64
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LPSAFEARRAY_UserSize64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
VARIANT_UserMarshal64
LoadTypeLi
VARIANT_UserFree
BSTR_UserSize64
BSTR_UserFree64
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserUnmarshal64
BSTR_UserFree
VARIANT_UserUnmarshal
BSTR_UserSize
VARIANT_UserSize
VariantClear
VARIANT_UserMarshal
VARIANT_UserFree64
SafeArrayAccessData
SysStringLen
SafeArrayCreateVector
VARIANT_UserUnmarshal64
SafeArrayUnaccessData
SysAllocString
SysAllocStringByteLen
VarUI4FromStr
SafeArrayDestroy
VariantChangeType
SafeArrayCreate
LoadRegTypeLi
SysFreeString
SysAllocStringLen
VariantCopy
BSTR_UserMarshal64
SysStringByteLen

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
LockResource
LoadLibraryExW
FindResourceExW
FreeLibrary
LoadResource
GetModuleHandleW
FreeLibraryAndExitThread
GetModuleFileNameW
SizeofResource
GetModuleHandleExW
LoadStringW

api-ms-win-core-com-l1-1-0

CoGetObjectContext
CoDisconnectObject
CoTaskMemRealloc
CreateStreamOnHGlobal
CLSIDFromProgID
CoImpersonateClient
CoRevertToSelf
IIDFromString
CoCreateInstanceEx
CLSIDFromString
CoFreeUnusedLibraries
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemAlloc
CoCreateGuid
CoMarshalInterface
CoGetMarshalSizeMax
StringFromCLSID
GetHGlobalFromStream
CoGetDefaultContext
StringFromGUID2
CoGetCurrentLogicalThreadId
CoWaitForMultipleHandles
CoUnmarshalInterface
CoReleaseMarshalData
ProgIDFromCLSID
CoGetClassObject
StringFromIID
CoGetCallContext
CoSetProxyBlanket
CoInitializeEx
CoUninitialize

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryValueExW
RegGetValueW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegCloseKey

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
SetWaitableTimerEx
WaitForMultipleObjectsEx
EnterCriticalSection
ResetEvent
CreateEventW
DeleteCriticalSection
SetEvent
OpenEventW
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

FindClose
DeleteFileW
FindNextFileW
GetVolumeInformationW
FindFirstFileW
WriteFile
GetDiskFreeSpaceExW
GetFileAttributesW
CreateDirectoryW
SetFilePointer
GetDriveTypeW
SetFileAttributesW
GetFileAttributesExW
GetLongPathNameW
CompareFileTime
CreateFileW

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
OpenProcessToken
TlsSetValue
GetCurrentProcessId
ExitProcess
GetCurrentThread
TlsGetValue
SetThreadStackGuarantee
GetExitCodeProcess
CreateProcessAsUserW
CreateProcessW
CreateThread
TlsAlloc
GetCurrentThreadId
GetExitCodeThread
SetThreadPriority
SetThreadToken
GetThreadPriority
OpenThreadToken
TlsFree

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GetLocalTime
GetSystemWindowsDirectoryW
GlobalMemoryStatusEx
GetComputerNameExW
GetSystemInfo

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree
LocalAlloc

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA
DebugBreak

api-ms-win-core-heap-l1-1-0

HeapDestroy
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FormatMessageW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects
CreateWaitableTimerW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-security-base-l1-1-0

GetAce
GetTokenInformation
ImpersonateSelf
SetSecurityDescriptorOwner
AccessCheck
IsValidSecurityDescriptor
AddAce
CheckTokenMembership
GetSidIdentifierAuthority
GetSecurityDescriptorDacl
AddAccessAllowedAceEx
DeleteAce
SetSecurityDescriptorGroup
DuplicateTokenEx
GetAclInformation
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
GetSidSubAuthorityCount
IsValidSid
AllocateAndInitializeSid
RevertToSelf
GetSidSubAuthority
InitializeAcl
SetKernelObjectSecurity
InitializeSecurityDescriptor
AddAccessAllowedAce
SetSecurityDescriptorControl
GetLengthSid
EqualSid
FreeSid
CopySid

rpcrt4

IUnknown_AddRef_Proxy
CStdStubBuffer_AddRef
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
NdrMesTypeEncode3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrStubForwardingFunction
NdrStubCall3
NdrClientCall3
CStdStubBuffer_DebugServerQueryInterface
I_RpcTurnOnEEInfoPropagation
MesEncodeDynBufferHandleCreate
MesHandleFree
MesDecodeBufferHandleCreate
RpcStringFreeA
UuidToStringW
UuidToStringA
RpcStringFreeW
I_RpcBindingInqLocalClientPID
I_RpcBindingInqTransportType
UuidCreate
NdrOleFree
NdrMesTypeDecode3
UuidFromStringW
UuidCreateSequential

api-ms-win-core-path-l1-1-0

PathCchStripToRoot
PathCchRemoveExtension

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
DeviceIoControl

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SubmitThreadpoolWork

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient7
ObjectStublessClient5
ObjectStublessClient6
ObjectStublessClient4
ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient11
ObjectStublessClient18
ObjectStublessClient15
NdrProxyForwardingFunction6
ObjectStublessClient13
ObjectStublessClient19
NdrProxyForwardingFunction5
NdrProxyForwardingFunction7
NdrProxyForwardingFunction12
NdrProxyForwardingFunction9
NdrProxyForwardingFunction10
NdrProxyForwardingFunction11
NdrProxyForwardingFunction8
ObjectStublessClient25
ObjectStublessClient24
ObjectStublessClient21
NdrProxyForwardingFunction4
ObjectStublessClient26
ObjectStublessClient23
ObjectStublessClient20
ObjectStublessClient28
ObjectStublessClient27
ObjectStublessClient22
NdrProxyForwardingFunction3
ObjectStublessClient16
ObjectStublessClient10
ObjectStublessClient17
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient3

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcpynW
lstrcpyW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-com-private-l1-1-0

CoReactivateObject
CoDeactivateObject
CoGetProcessIdentifier
CoGetApartmentID
CoPushServiceDomain
CoPopServiceDomain
CoRetireServer

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

kernel32

ChangeTimerQueueTimer
UnregisterWaitEx
RegisterWaitForSingleObject
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetCurrentPackageId
GetComputerNameW
QueueUserWorkItem
UnregisterWait
MoveFileW

ole32

MkParseDisplayName
MonikerCommonPrefixWith
CreateGenericComposite
MonikerRelativePathTo
CoGetObject
CoGetInterceptor
CreateBindCtx
OleSaveToStream
OleLoadFromStream
CreateAntiMoniker

combase

ord155

api-ms-win-core-shlwapi-legacy-l1-1-0

PathStripPathW
PathStripToRootW
PathRemoveFileSpecW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx

Exports

Exports

CoCreateActivity
CoEnterServiceDomain
CoLeaveServiceDomain
CoLoadServices
ComSvcsExceptionFilter
ComSvcsLogError
CosGetCallContext
DispManGetContext
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetMTAThreadPoolMetrics
GetManagedExtensions
GetObjectContext
GetTrkSvrObject
MTSCreateActivity
MiniDumpW
RecycleSurrogate
SafeRef

Sections

.text
Size: 924KB - Virtual size: 924KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 511KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
user32/mmcbase.dll
.dll windows:10 windows x64 arch:x64

Password: infected

ca39ef89f91de96094ea4386deb612f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mmcbase.pdb

Imports

mfc42u

ord355
ord1477
ord6887
ord6886

msvcrt

memcmp
__CxxFrameHandler3
_purecall
_vsnwprintf
_itow
_ltow
__C_specific_handler
_wcsicmp
wcsrchr
_wcsnicmp
wcschr
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_initterm
_amsg_exit
_XcptFilter
_unlock
_lock
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
wcscat_s
realloc
exit
free
malloc
??_V@YAXPEAX@Z
memset

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwTraceMessage
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwUnregisterTraceGuids

api-ms-win-core-debug-l1-1-0

DebugBreak

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

DeleteFileW
WriteFile
FindFirstFileW
CompareFileTime
FindNextFileW
FindClose
GetFileAttributesW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapCreate
HeapDestroy
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LockResource
FreeResource
GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleHandleW
LoadResource
LoadLibraryExW
GetProcAddress

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
FormatMessageW
GetUserDefaultLangID

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
VirtualProtect
VirtualQuery
VirtualAlloc
UnmapViewOfFile

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentProcessId
GetCurrentProcess
CreateProcessW
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
SetEvent
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateMutexW
InitializeCriticalSectionEx
CreateEventW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetSystemTime

user32

SetWindowLongPtrW
LoadImageW
DialogBoxParamW
DestroyIcon
InvalidateRect
SetDlgItemTextW
GetDlgItemTextW
SendMessageW
IsWindow
LoadCursorW
SetCursor
DrawFocusRect
GetSysColor
GetSystemMetrics
CharPrevW
CharNextW
MessageBoxW
IsWindowVisible
DrawIcon
EnableWindow
GetDlgItem
SendDlgItemMessageW
SetWindowTextW
LoadIconW
SetWindowPos
SystemParametersInfoW
GetWindowLongW
GetWindowRect
GetWindow
DialogBoxIndirectParamW
EnumChildWindows
GetWindowLongPtrW
EndDialog

gdi32

SetBkColor
ExtTextOutW
GetLayout
SetLayout

kernel32

ResolveDelayLoadedAPI
DelayLoadFailureHook
LocalFree
lstrcpynW
lstrcmpiW
SystemTimeToFileTime
WerRegisterMemoryBlock

Exports

Exports

??0?$CEventLock@UAppEvents@@@@QEAA@XZ
??0CEventBuffer@@QEAA@AEBV0@@Z
??0CEventBuffer@@QEAA@XZ
??0CMMCStrongReferences@@AEAA@XZ
??0SC@mmcerror@@QEAA@AEBV01@@Z
??0SC@mmcerror@@QEAA@J@Z
??1?$CEventLock@UAppEvents@@@@QEAA@XZ
??1CEventBuffer@@QEAA@XZ
??1SC@mmcerror@@QEAA@XZ
??4?$CEventLock@UAppEvents@@@@QEAAAEAV0@AEBV0@@Z
??4CEventBuffer@@QEAAAEAV0@AEBV0@@Z
??4CMMCStrongReferences@@QEAAAEAV0@$$QEAV0@@Z
??4CMMCStrongReferences@@QEAAAEAV0@AEBV0@@Z
??4SC@mmcerror@@QEAAAEAV01@AEBV01@@Z
??4SC@mmcerror@@QEAAAEAV01@J@Z
??7SC@mmcerror@@QEBAHXZ
??8SC@mmcerror@@QEBA_NAEBV01@@Z
??8SC@mmcerror@@QEBA_NJ@Z
??9SC@mmcerror@@QEBA_NAEBV01@@Z
??9SC@mmcerror@@QEBA_NJ@Z
??BSC@mmcerror@@QEBA_NXZ
??_FSC@mmcerror@@QEAAXXZ
?AddItem@BookKeeping@@SAJAEAVItemHandle@@@Z
?AddRef@CMMCStrongReferences@@SAKXZ
?AddSnapin@BookKeeping@@SAJPEBGAEAH@Z
?AddSnapinInterface@BookKeeping@@SA_NPEAUIUnknown@@PEBGAEAH@Z
?CheckCallingThreadID@SC@mmcerror@@QEAAXXZ
?Clear@SC@mmcerror@@QEAAXXZ
?DumpWatsonTables@BookKeeping@@SAJPEAXPEBGH@Z
?EnableDiagnosticMessageBox@BookKeeping@@SA_N_N@Z
?ExceptionFilter@CMMCWatsonAPI@@SAJPEAU_EXCEPTION_POINTERS@@H@Z
?FatalError@SC@mmcerror@@QEBAXXZ
?FindAllSnapinUIThreads@BookKeeping@@SAJHPEAPEAKPEAK@Z
?FindAllSnapinUIThreads@BookKeeping@@SAJPEAPEAKPEAK@Z
?FindItem@BookKeeping@@SAPEAVItemHandle@@PEAX@Z
?FindSnapin@BookKeeping@@SAAEBVSnapinBookkeepingInfo@@H@Z
?FindSnapin@BookKeeping@@SAAEBVSnapinBookkeepingInfo@@PEAUIUnknown@@@Z
?FindSnapin@BookKeeping@@SAAEBVSnapinBookkeepingInfo@@PEBG@Z
?ForceException@CMMCWatsonAPI@@SAXH@Z
?FormatErrorIds@@YAXIVSC@mmcerror@@IPEAG@Z
?FormatErrorShort@@YAXVSC@mmcerror@@IPEAG@Z
?FormatErrorString@@YAXPEBGVSC@mmcerror@@IPEAGH@Z
?FromLastError@SC@mmcerror@@QEAAAEAV12@XZ
?FromMMC@SC@mmcerror@@QEAAAEAV12@J@Z
?FromWin32@SC@mmcerror@@QEAAAEAV12@J@Z
?FxSnapinException@BookKeeping@@SA_NHPEBG000HPEAUHWND__@@@Z
?GetCode@SC@mmcerror@@QEBAJXZ
?GetErrorMessage@SC@mmcerror@@QEBAXIPEAG@Z
?GetFacility@SC@mmcerror@@AEBA?AW4facility_type@12@XZ
?GetFunctionName@SC@mmcerror@@QEBAPEBGXZ
?GetHWnd@SC@mmcerror@@SAPEAUHWND__@@XZ
?GetHelpFile@SC@mmcerror@@SAPEBGXZ
?GetHelpID@SC@mmcerror@@QEAAKXZ
?GetHinst@SC@mmcerror@@SAPEAUHINSTANCE__@@XZ
?GetMainThreadID@SC@mmcerror@@SAKXZ
?GetModalHWND@SC@mmcerror@@SAPEAUHWND__@@XZ
?GetNewSnapinInstanceId@BookKeeping@@SAHXZ
?GetSingletonObject@CMMCStrongReferences@@CAAEAV1@XZ
?GetSnapinModuleName@BookKeeping@@SAPEBGH@Z
?GetSnapinName@BookKeeping@@SAPEBGH@Z
?GetSnapinName@SC@mmcerror@@QEBAPEBGXZ
?HrFromSc@@YAJAEBVSC@mmcerror@@@Z
?InitInstance@BookKeeping@@SAJXZ
?InterfaceFailure@BookKeeping@@SAXHPEBG0@Z
?InterfaceMethodActivationContextException@BookKeeping@@SAXHPEBG0KPEAU_EXCEPTION_POINTERS@@@Z
?InterfaceMethodException@BookKeeping@@SAXHPEBG0KPEAU_EXCEPTION_POINTERS@@@Z
?InterfaceNotFound@BookKeeping@@SAXHPEBG@Z
?InternalAddRef@CMMCStrongReferences@@AEAAKXZ
?InternalLastRefReleased@CMMCStrongReferences@@AEAA_NXZ
?InternalRelease@CMMCStrongReferences@@AEAAKXZ
?InvalidInterface@BookKeeping@@SAXHPEBG0@Z
?InvalidMMCInterface@BookKeeping@@SAXHPEBG0@Z
?InvalidMMCInterfaceRelease@BookKeeping@@SAXHPEBG0@Z
?IsError@SC@mmcerror@@QEBA_NXZ
?IsLocked@CEventBuffer@@QEAA_NXZ
?IsValid@ItemHandle@@SA_NPEBV1@@Z
?LKResult2HRESULT@BookKeeping@@SAJ_J@Z
?LastRefReleased@CMMCStrongReferences@@SA_NXZ
?Lock@CEventBuffer@@QEAAXXZ
?MMCErrorBox@@YAHII@Z
?MMCErrorBox@@YAHIVSC@mmcerror@@I@Z
?MMCErrorBox@@YAHPEBGI@Z
?MMCErrorBox@@YAHPEBGVSC@mmcerror@@I@Z
?MMCErrorBox@@YAHVSC@mmcerror@@I@Z
?MMCInterfaceError@BookKeeping@@SAXHPEBG0@Z
?MMCInterfaceLeak@BookKeeping@@SAXHPEBG@Z
?MMCInterfaceMethodException@BookKeeping@@SAXHPEBG0KPEAU_EXCEPTION_POINTERS@@W4_SnapinError@1@@Z
?MMCNullInterface@BookKeeping@@SAXHPEBG0@Z
?MakeSc@SC@mmcerror@@AEAAXW4facility_type@12@J@Z
?RegisterSnapinInterfaceErrorHandler@BookKeeping@@SAP6A_NAEAVSnapinBookkeepingInfo@@W4_SnapinError@1@PEBG222KPEAU_EXCEPTION_POINTERS@@@ZP6A_N012222K3@Z@Z
?RegisterThread@BookKeeping@@SAJHHKW4SnapinThreadFlags@1@@Z
?Release@CMMCStrongReferences@@SAKXZ
?ReleaseSnapinInterface@BookKeeping@@SAJPEAUIUnknown@@H@Z
?RemoveItem@BookKeeping@@SAJPEAX@Z
?SCODEFromSc@@YAJAEBVSC@mmcerror@@@Z
?ScEmitOrPostpone@CEventBuffer@@QEAA?AVSC@mmcerror@@PEAUIDispatch@@JPEAVCComVariant@ATL@@H@Z
?ScFlushPostponed@CEventBuffer@@AEAA?AVSC@mmcerror@@XZ
?ScFromMMC@@YA?AVSC@mmcerror@@J@Z
?ScGetConsoleEventDispatcher@CConsoleEventDispatcherProvider@@SA?AVSC@mmcerror@@AEAPEAVCConsoleEventDispatcher@@@Z
?ScSetConsoleEventDispatcher@CConsoleEventDispatcherProvider@@SA?AVSC@mmcerror@@PEAVCConsoleEventDispatcher@@@Z
?SetFunctionName@SC@mmcerror@@QEAAXPEBG@Z
?SetHWnd@SC@mmcerror@@SAXPEAUHWND__@@@Z
?SetHinst@SC@mmcerror@@SAXPEAUHINSTANCE__@@@Z
?SetMainThreadID@SC@mmcerror@@SAXK@Z
?SetModalHWND@SC@mmcerror@@SAPEAUHWND__@@PEAU3@@Z
?SetSnapinName@SC@mmcerror@@QEAAXPEBG@Z
?Throw@SC@mmcerror@@QEAAXJ@Z
?Throw@SC@mmcerror@@QEAAXXZ
?ToHr@SC@mmcerror@@QEBAJXZ
?TraceAndClear@SC@mmcerror@@QEAAXXZ
?TraceError@@YAXPEBGAEBVSC@mmcerror@@@Z
?TraceSnapinError@@YAXPEBGAEBVSC@mmcerror@@@Z
?Trace_@SC@mmcerror@@QEBAXXZ
?Unlock@CEventBuffer@@QEAAXXZ
?UnregisterAllSnapinInstanceThreads@BookKeeping@@SAJH@Z
?UnregisterThread@BookKeeping@@SAJHK@Z
?s_CallDepth@SC@mmcerror@@0IA
?s_dwMainThreadID@SC@mmcerror@@0KA
?s_hInst@SC@mmcerror@@0PEAUHINSTANCE__@@EA
?s_hWnd@SC@mmcerror@@0PEAUHWND__@@EA
?s_hWndModal@SC@mmcerror@@0PEAUHWND__@@EA
?s_pDispatcher@CConsoleEventDispatcherProvider@@0PEAVCConsoleEventDispatcher@@EA
EnterModalLoop
GetComObjectEventSource
GetEventBuffer
GetStringModule
InsideModalLoop
LeaveModalLoop
LoadStandardOverlays
MMCUpdateRegistry
MMC_PickIconDlg
ReportFxSnapinException

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
user32/provcore.dll
.dll windows:10 windows x64 arch:x64

81a888cb3ce408320e5ea1e6d2c40d06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

provcore.pdb

Imports

msvcp_win

??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@G@std@@2V0locale@2@A
?id@?$ctype@G@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Wcsxfrm
_Wcscoll
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o___stdio_common_vswprintf
memmove
_o__wcsicmp
_o__wtoi
_o_free
_o_malloc
_o_memcpy_s
_o_realloc
_o_wcscpy_s
_o_wcstod
_o_wcstoul
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
_o__beginthreadex
_o__crt_atexit
strchr
__std_type_info_compare
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
wcschr
_o__configure_narrow_argv
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleFileNameW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
CreateEventExW
WaitForSingleObjectEx
WaitForMultipleObjectsEx
InitializeSRWLock
SetEvent
ResetEvent
CreateEventW
CreateSemaphoreExW
OpenSemaphoreW
CreateMutexExW
ReleaseSRWLockExclusive
CreateMutexW
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
AcquireSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetCurrentProcess
TerminateProcess
GetExitCodeThread
OpenThreadToken
GetCurrentProcessId
SetThreadPriority
GetCurrentThread
OpenProcessToken
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW
LocaleNameToLCID

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlEqualSid
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtQueryKey
EtwEventWriteTransfer
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwEventRegister
EtwEventSetInformation
EtwEventUnregister
RtlLoadString
EtwEventActivityIdControl
RtlGetPersistedStateLocation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-namespace-l1-1-0

CreatePrivateNamespaceW
AddSIDToBoundaryDescriptor
CreateBoundaryDescriptorW
ClosePrivateNamespace
OpenPrivateNamespaceW
DeleteBoundaryDescriptor

api-ms-win-security-base-l1-1-0

InitializeAcl
AddAccessAllowedAce
CopySid
SetSecurityDescriptorDacl
AllocateAndInitializeSid
GetLengthSid
CreateWellKnownSid
FreeSid
CheckTokenMembership
InitializeSecurityDescriptor
GetTokenInformation

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
LocalFree
GlobalFree

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

rpcrt4

RpcBindingCreateW
RpcBindingFree
RpcBindingBind
RpcExceptionFilter
RpcServerInqCallAttributesW
NdrClientCall3

api-ms-win-core-file-l1-1-0

GetTempFileNameW
CreateFileW
WriteFile
DeleteFileW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegSetValueExW
RegGetValueW
RegEnumKeyExW
RegDeleteTreeW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
FreeLibraryWhenCallbackReturns
CallbackMayRunLong
TrySubmitThreadpoolCallback
CloseThreadpoolTimer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
CompareStringEx

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

mobilenetworking

GetPersistentRegPath

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevFreeObjectProperties

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 486KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
user32/usbceip.dll
.dll regsvr32 windows:10 windows x64 arch:x64

84bd1741dab17b51ca8069051695cfd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UsbCeip.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsdup
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o_calloc
_o_free
_o_iswdigit
_o_malloc
_o_wcstol
__C_specific_handler
_CxxThrowException
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsncmp

ntdll

RtlCompareMemory
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitUnicodeString
RtlCheckPortableOperatingSystem
RtlGetPersistedStateLocation
RtlStringFromGUID
RtlFreeUnicodeString
RtlCaptureContext
RtlGUIDFromString

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibraryAndExitThread

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcess
ResumeThread

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

oleaut32

VariantClear
SysFreeString
SysStringLen
SysAllocString
SysAllocStringLen

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-file-l1-1-0

CreateFileW
CompareFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevFreeObjectProperties

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

devobj

DevObjCreateDeviceInfoList
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInterfaces
DevObjGetClassProperty
DevObjGetDeviceInterfaceProperty
DevObjOpenDevRegKey
DevObjDestroyDeviceInfoList
DevObjGetDeviceProperty
DevObjOpenDeviceInfo
DevObjGetClassDevs

wmiclnt

WmiDevInstToInstanceNameW
WmiOpenBlock
WmiQuerySingleInstanceW
WmiCloseBlock

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UsbCeip_Execute

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
user32/user32.dll
.dll windows:10 windows x64 arch:x64

d537142adaacbb6d9769635cfbe5edb4

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:be:8e:cb:4e:06:2d:3a:69:36:1c:1d:25:12:22:9a:22:5b:aa:f9:f3:8e:69:2c:d8:b8:ce:3b:18:ec:43:3d
Signer

Actual PE Digest

b4:be:8e:cb:4e:06:2d:3a:69:36:1c:1d:25:12:22:9a:22:5b:aa:f9:f3:8e:69:2c:d8:b8:ce:3b:18:ec:43:3d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

user32.pdb

Imports

win32u

NtUserEnableScrollBar
NtUserTestForInteractiveUser
NtUserTransformRect
NtUserGetClassName
NtUserSetScrollInfo
NtUserSBGetParms
NtUserUpdateLayeredWindow
NtUserFindWindowEx
NtUserRegisterClassExWOW
NtUserPostThreadMessage
NtUserSetClassLongPtr
NtUserGetClipboardFormatName
NtUserRegisterWindowMessage
NtUserGetKeyNameText
NtUserMapVirtualKeyEx
NtUserEnumDisplayDevices
NtUserGetClassInfoEx
NtUserChangeDisplaySettings
NtUserRemoveProp
NtUserUnregisterClass
NtUserEnumDisplaySettings
NtUserGetAltTabInfo
NtUserSetClassLong
NtUserGetMessage
NtUserGetKeyboardLayoutName
NtUserDrawCaptionTemp
NtUserSetProp
NtUserVkKeyScanEx
NtUserCallMsgFilter
NtUserCallHwndLockSafe
NtUserSetImeOwnerWindow
NtUserNotifyIMEStatus
NtUserUpdateInputContext
NtUserCountClipboardFormats
NtUserGetPriorityClipboardFormat
NtUserGetClipboardOwner
NtUserGetClipboardSequenceNumber
NtUserGetClipboardViewer
NtUserSetClipboardViewer
NtUserChangeClipboardChain
NtUserAddClipboardFormatListener
NtUserRemoveClipboardFormatListener
NtUserGetUpdatedClipboardFormats
NtUserSetWindowCompositionAttribute
NtUserWOWCleanup
NtMITSetInputDelegationMode
NtUserGetClipboardData
NtUserSetClipboardData
NtUserDrawIconEx
NtUserGetUpdateRgn
NtUserGetUpdateRect
NtUserWaitForInputIdle
NtUserMsgWaitForMultipleObjectsEx
NtUserWaitForMsgAndEvent
NtUserSetObjectInformation
NtUserCreateWindowStation
NtUserOpenWindowStation
NtUserCreateDesktopEx
NtUserOpenDesktop
NtUserSwitchDesktop
NtUserYieldTask
NtUserGetMenuIndex
NtUserGetQueueStatus
NtUserCallHwndOpt
NtUserUnloadKeyboardLayout
NtUserGetKeyboardLayout
NtUserCreateWindowEx
NtUserSetProcessDpiAwarenessContext
NtUserGetProcessDpiAwarenessContext
NtUserGetDpiForMonitor
NtUserShutdownBlockReasonCreate
NtUserGetCurrentDpiInfoForWindow
NtUserCallHwndSafe
NtUserTransformPoint
NtUserSystemParametersInfoForDpi
NtCreateCompositionInputSink
NtUserCreatePalmRejectionDelayZone
NtUserDestroyPalmRejectionDelayZone
NtUserSystemParametersInfo
NtUserGetProp
NtUserGetHDevName
NtUserGetRawInputDeviceInfo
NtUserEnableMenuItem
NtUserCallNextHookEx
NtGdiDdDDIEscape
NtUserDisplayConfigGetDeviceInfo
NtUserGetDisplayConfigBufferSizes
NtUserSetDisplayConfig
NtUserQueryDisplayConfig
NtUserDisplayConfigSetDeviceInfo
NtUserFunctionalizeDisplayConfig
NtMITGetCursorUpdateHandle
NtMITSynthesizeTouchInput
NtUserHwndSetRedirectionInfo
NtUserHwndQueryRedirectionInfo
NtUserEnableIAMAccess
NtUserGetOpenClipboardWindow
NtUserActivateKeyboardLayout
NtUserSetThreadDesktop
NtUserCallTwoParam
NtUserCallNoParam
NtUserPaintDesktop
NtUserModifyWindowTouchCapability
NtUserDefSetText
NtUserSetCursorIconData
NtUserFindExistingCursorIcon
NtUserSetSystemCursor
NtUserSetWindowStationUser
NtUserInternalGetWindowIcon
NtUserInternalGetWindowText
NtUserSetWindowRgnEx
NtUserSetWindowRgn
NtUserTranslateMessage
NtUserSetWindowLong
NtUserPeekMessage
NtUserOpenClipboard
NtUserGetKeyState
NtUserGetAsyncKeyState
NtUserDrawCaption
NtUserRegisterUserApiHook
NtUserNotifyWinEvent
NtUserSetWinEventHook
NtUserSetWindowsHookEx
NtUserCreateLocalMemHandle
NtUserConvertMemHandle
NtUserGetWOWClass
NtUserEvent
NtUserUpdatePerUserSystemParameters
NtUserLoadKeyboardLayoutEx
NtUserToUnicodeEx
NtUserSetSysColors
NtUserCallHwnd
NtUserModifyUserStartupInfoFlags
NtUserMNDragLeave
NtUserMNDragOver
NtUserDrawMenuBarTemp
NtUserThunkedMenuInfo
NtUserCheckMenuItem
NtUserMinMaximize
NtUserSetWindowLongPtr
NtUserCheckAccessForIntegrityLevel
NtUserScrollWindowEx
NtUserCallHwndParamLock
NtUserDeferWindowPosAndBand
NtUserInitializeClientPfnArrays
NtUserProcessConnect
gDispatchTableValues
NtUserDisableProcessWindowFiltering
NtUserSetProcessUIAccessZorder
NtUserGetRawInputBuffer
NtUserScrollDC
NtUserSetSystemTimer
NtUserCloseClipboard
NtUserEmptyClipboard
NtUserIsClipboardFormatAvailable
NtUserShowCaret
NtUserCreateCaret
NtUserHideCaret
NtUserGetControlColor
NtUserSetCursor
NtUserSetThreadState
NtUserQueryWindow
NtUserFillWindow
NtUserDdeInitialize
NtUserUpdateInstance
NtUserConsoleControl
NtUserSetInformationThread
NtUserSetParent
NtUserReleaseDC
NtUserCallHwndParamLockSafe
NtUserPostMessage
NtUserGetTouchInputInfo
NtUserLockCursor
NtUserLinkDpiCursor
NtUserGetRequiredCursorSizes
NtUserGetCursorFrameInfo
NtUserGetIconInfo
NtUserDestroyAcceleratorTable
NtUserReportInertia
NtUserGetHimetricScaleFactorFromPixelLocation
NtUserRegisterEdgy
NtUserRegisterPointerInputTarget
NtUserGetPointerInfoList
NtUserGetCPD
NtUserCallOneParam
NtUserValidateTimerCallback
NtUserDispatchMessage
NtUserAutoPromoteMouseInPointer
NtUserGetDManipHookInitFunction
NtUserCallHwndLock
NtUserSetMenu
NtUserSetMenuFlagRtoL
NtUserThunkedMenuItemInfo
NtUserSetWindowsHookAW
NtUserUnhookWindowsHookEx
NtUserRealWaitMessageEx
NtUserRealInternalGetMessage
NtUserMessageCall
NtUserInjectGesture
NtUserGetGestureExtArgs
NtUserGetGestureInfo
NtUserBuildNameList
NtUserBuildPropList
NtUserBuildHwndList
NtUserGetAtomName
NtUserCallHwndParam
NtUserAlterWindowStyle
NtMITSetLastInputRecipient
NtUserSetWindowFNID
NtUserBitBltSysBmp
NtUserGetOemBitmapSize
NtUserGetIconSize
NtUserGetThreadState
NtUserGetDC
NtUserGetControlBrush
NtUserDestroyCursor
NtUserCreateEmptyCursorObject
NtUserSetImeHotKey
NtUserGetImeHotKey
NtUserWindowFromPoint
NtUserWindowFromPhysicalPoint
NtUserWindowFromDC
NtUserWaitMessage
NtUserWaitForRedirectionStartComplete
NtUserWaitAvailableMessageEx
NtUserValidateRect
NtUserUserHandleGrantAccess
NtUserUpdateWindowTrackingInfo
NtUserUpdateWindowInputSinkHints
NtUserUpdateDefaultDesktopThumbnail
NtUserUnregisterUserApiHook
NtUserUnregisterSessionPort
NtUserUnregisterHotKey
NtUserUnlockWindowStation
NtUserUnhookWinEvent
NtUserUndelegateInput
NtUserTrackPopupMenuEx
NtUserTrackMouseEvent
NtUserSoundSentry
NtUserSlicerControl
NtUserDiscardPointerFrameMessages
NtUserSignalRedirectionStartComplete
NtUserShutdownBlockReasonQuery
NtUserShutdownReasonDestroy
NtUserShowWindowAsync
NtUserShowWindow
NtUserShowSystemCursor
NtUserShowScrollBar
NtUserShowCursor
NtUserSetWindowWord
NtUserSetWindowShowState
NtUserSetWindowPos
NtUserSetWindowPlacement
NtUserSetWindowGroup
NtUserSetWindowFeedbackSetting
NtUserSetWindowDisplayAffinity
NtUserSetWindowCompositionTransition
NtUserSetWindowBand
NtUserSetWindowArrangement
NtUserSetThreadInputBlocked
NtUserSetTargetForResourceBrokering
NtUserSetSystemMenu
NtUserSetShellWindowEx
NtSetShellCursorState
NtUserSetProcessWindowStation
NtUserSetProcessRestrictionExemption
NtUserSetProcessMousewheelRoutingMode
NtUserSetProcessInteractionFlags
NtUserSetPrecisionTouchPadConfiguration
NtSetPointerDeviceInputSpace
NtUserSetMirrorRendering
NtUserSetMenuDefaultItem
NtUserSetMenuContextHelpId
NtUserMagSetContextInformation
NtUserSetMagnificationDesktopMagnifierOffsetsDWMUpdated
NtUserSetLayeredWindowAttributes
NtUserSetKeyboardState
NtUserSetInternalWindowPos
NtUserSetInteractiveCtrlRotationAngle
NtUserSetInteractiveControlFocus
NtUserSetInputServiceState
NtUserSetGestureConfig
NtUserSetFullscreenMagnifierOffsetsDWMUpdated
NtUserSetForegroundWindowForApplication
NtUserSetFocus
NtUserSetFeatureReportResponse
NtUserSetFallbackForeground
NtUserSetDisplayMapping
NtUserSetDisplayAutoRotationPreferences
NtUserSetDialogControlDpiChangeBehavior
NtUserSetDesktopVisualInputSink
NtUserSetDesktopColorTransform
NtUserSetCursorPos
NtSetCursorInputSpace
NtUserSetCursorContents
NtUserSetCoreWindowPartner
NtUserSetCoreWindow
NtUserSetTimer
NtUserSetClassWord
NtUserSetChildWindowNoActivate
NtUserSetCapture
NtUserSetCalibrationData
NtUserSetBrokeredForeground
NtUserSetBridgeWindowChild
NtUserSetAutoRotation
NtUserSetActiveWindow
NtUserSetActiveProcessForMonitor
NtUserSetActivationFilter
NtUserSendInteractiveControlHapticsReport
NtUserSendInput
NtUserSendEventMessage
NtUserRestoreWindowDpiChanges
NtUserResolveDesktopForWOW
NtUserRequestMoveSizeOperation
NtUserRemoveVisualIdentifier
NtUserRemoveMenu
NtUserReleaseDwmHitTestWaiters
NtUserRegisterTouchPadCapable
NtUserRegisterTouchHitTestingWindow
NtUserRegisterTasklist
NtUserRegisterShellPTPListener
NtUserRegisterSessionPort
NtUserRegisterServicesProcess
NtUserRegisterRawInputDevices
NtUserRegisterPointerDeviceNotifications
NtUserRegisterHotKey
NtUserRegisterErrorReportingDialog
NtUserRegisterDManipHook
NtUserRegisterBSDRWindow
NtUserRedrawWindow
NtUserRealChildWindowFromPoint
NtRIMUpdateInputObserverRegistration
NtRIMUnregisterForInput
NtRIMSetTestModeStatus
NtRIMSetExtendedDeviceProperty
NtRIMRemoveInputObserver
NtRIMRegisterForInput
NtRIMReadInput
NtRIMQueryDevicePath
NtRIMOnTimerNotification
NtRIMOnPnpNotification
NtRIMObserveNextInput
NtRIMGetSourceProcessId
NtRIMGetPhysicalDeviceRect
NtRIMGetDevicePropertiesLockfree
NtRIMGetDeviceProperties
NtRIMGetDevicePreparsedDataLockfree
NtRIMGetDevicePreparsedData
NtRIMFreeInputBuffer
NtRIMEnableMonitorMappingForDevice
NtRIMDeviceIoControl
NtRIMAreSiblingDevices
NtRIMAddInputObserver
NtUserQuerySendMessage
NtUserQueryBSDRWindow
NtUserQueryActivationObject
NtUserPromotePointer
NtUserProcessInkFeedbackCommand
NtUserPrintWindow
NtUserPerMonitorDPIPhysicalToLogicalPoint
NtUserPhysicalToLogicalPoint
NtUserPhysicalToLogicalDpiPointForWindow
NtUserPaintMonitor
NtUserPaintMenuBar
NtUserOpenThreadDesktop
NtUserOpenInputDesktop
NtUserNavigateFocus
NtUserMoveWindow
NtUserMenuItemFromPoint
NtMapVisualRelativePoints
NtUserMapPointsByVisualIdentifier
NtUserLogicalToPerMonitorDPIPhysicalPoint
NtUserLogicalToPhysicalPoint
NtUserLogicalToPhysicalDpiPointForWindow
NtUserLockWorkStation
NtUserLockWindowUpdate
NtUserLockWindowStation
NtUserLayoutCompleted
NtUserKillTimer
NtUserIsWindowGDIScaledDpiMessageEnabled
NtUserIsWindowBroadcastingDpiToChildren
NtUserIsTouchWindow
NtUserIsTopLevelWindow
NtUserIsResizeLayoutSynchronizationEnabled
NtIsOneCoreTransformMode
NtUserIsNonClientDpiScalingEnabled
NtUserIsMouseInputEnabled
NtUserIsMouseInPointerEnabled
NtUserIsChildWindowDpiMessageEnabled
NtUserInvalidateRgn
NtUserInvalidateRect
NtUserInteractiveControlQueryUsage
NtInputSpaceRegionFromPoint
NtUserInjectTouchInput
NtUserInjectPointerInput
NtUserInjectMouseInput
NtUserInjectKeyboardInput
NtUserInjectGenericHidInput
NtUserInjectDeviceInput
NtUserInitializeTouchInjection
NtUserInitializePointerDeviceInjectionEx
NtUserInitializePointerDeviceInjection
NtUserInitializeInputDeviceInjection
NtUserInitializeGenericHidInjection
NtUserInheritWindowMonitor
NtUserImpersonateDdeClientWindow
NtUserHungWindowFromGhostWindow
NtUserHiliteMenuItem
NtUserHidePointerContactVisualization
NtUserHandleDelegatedInput
NtUserGhostWindowFromHungWindow
NtUserGetWindowRgnEx
NtUserGetWindowProcessHandle
NtUserGetWindowPlacement
NtUserGetWindowMinimizeRect
NtUserGetWindowGroupId
NtUserGetWindowFeedbackSetting
NtUserGetWindowDisplayAffinity
NtUserGetWindowDC
NtUserGetWindowCompositionInfo
NtUserGetWindowCompositionAttribute
NtUserGetWindowBand
NtUserGetObjectInformation
NtUserGetUniformSpaceMapping
NtUserGetTouchValidationStatus
NtUserGetTopLevelWindow
NtUserGetTitleBarInfo
NtUserGetThreadDesktop
NtUserGetSystemMenu
NtUserGetSystemDpiForProcess
NtUserGetScrollBarInfo
NtUserGetResizeDCompositionSynchronizationObject
NtUserGetRegisteredRawInputDevices
NtUserGetRawPointerDeviceData
NtUserGetRawInputDeviceList
NtUserGetRawInputData
NtUserGetQueueStatusReadonly
NtUserGetProcessWindowStation
NtUserGetProcessUIContextInformation
NtUserGetPrecisionTouchPadConfiguration
NtUserGetPointerType
NtUserGetPointerProprietaryId
NtUserGetPointerInputTransform
NtUserGetPointerFrameTimes
NtUserGetPointerDevices
NtUserGetPointerDeviceRects
NtUserGetPointerDeviceProperties
NtUserGetPointerDeviceOrientation
NtUserGetPointerDeviceInputSpace
NtUserGetPointerDeviceCursors
NtUserGetPointerDevice
NtUserGetPointerCursorId
NtUserGetPhysicalDeviceRect
NtUserGetOwnerTransformedMonitorRect
NtUserGetMouseMovePointsEx
NtUserGetMenuItemRect
NtUserGetMenuBarInfo
NtUserMagGetContextInformation
NtUserGetListBoxInfo
NtUserGetLayeredWindowAttributes
NtUserGetKeyboardState
NtUserGetKeyboardLayoutList
NtUserGetInternalWindowPos
NtUserGetInteractiveCtrlSupportedWaveforms
NtUserGetInteractiveControlInfo
NtUserGetInteractiveControlDeviceInfo
NtUserGetInputLocaleInfo
NtUserGetInputContainerId
NtUserGetGuiResources
NtUserGetGestureConfig
NtUserGetGUIThreadInfo
NtUserGetForegroundWindow
NtUserGetExtendedPointerDeviceProperty
NtUserGetDoubleClickTime
NtUserGetDisplayAutoRotationPreferencesByProcessId
NtUserGetDisplayAutoRotationPreferences
NtUserGetDesktopID
NtUserGetDCEx
NtUserGetCursorInfo
NtUserGetCursor
NtUserGetCurrentInputMessageSource
NtUserGetComboBoxInfo
NtUserGetClipboardAccessToken
NtUserGetClipCursor
NtUserGetCaretPos
NtUserGetCaretBlinkTime
NtUserGetCIMSSM
NtUserGetAutoRotationState
NtUserGetAncestor
NtUserGetActiveProcessesDpis
NtUserFrostCrashedWindow
NtUserForceWindowToDpiForTest
NtUserFlashWindowEx
NtUserExcludeUpdateRgn
NtUserEnumDisplayMonitors
NtUserEndPaint
NtUserEndMenu
NtUserEndDeferWindowPosEx
NtUserEnableWindowResizeOptimization
NtUserEnableWindowGroupPolicy

ntdll

toupper
memcpy
memcmp
__chkstk
wcscmp
RtlSetLastWin32Error
NlsAnsiCodePage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
_wtoi
RtlRaiseException
NtYieldExecution
NtDeleteValueKey
NtSetValueKey
NtCreateKey
wcstoul
NtVdmControl
RtlFreeUnicodeString
RtlCreateUnicodeStringFromAsciiz
NtOpenDirectoryObject
NtSetSecurityObject
NtQuerySecurityObject
NtQueryInformationProcess
wcstol
ZwQueryWnfStateData
wcsncmp
wcsnlen
RtlDeleteHashTable
RtlInitStrongEnumerationHashTable
RtlLookupEntryHashTable
RtlStronglyEnumerateEntryHashTable
strnlen
RtlInsertEntryHashTable
RtlInitEnumerationHashTable
RtlRemoveEntryHashTable
strncmp
RtlEndStrongEnumerationHashTable
RtlCreateHashTable
RtlEndEnumerationHashTable
RtlEnumerateEntryHashTable
RtlQueryPackageClaims
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
wcsncpy_s
iswspace
qsort
VerSetConditionMask
NtPowerInformation
RtlMultiByteToUnicodeSize
LdrFlushAlternateResourceModules
RtlImageNtHeader
RtlPcToFileHeader
NtRaiseHardError
NtCallbackReturn
wcsncat_s
RtlRetrieveNtUserPfn
RtlInitializeNtUserPfn
_stricmp
RtlGetIntegerAtom
RtlResetNtUserPfn
RtlQueryInformationActiveActivationContext
RtlQueryElevationFlags
NtQuerySystemInformation
RtlInitializeCriticalSection
RtlEqualUnicodeString
LdrQueryImageFileExecutionOptions
isspace
memmove_s
RtlDeleteCriticalSection
CsrClientConnectToServer
sscanf_s
strrchr
strcpy_s
RtlSizeHeap
RtlGetThreadLangIdByIndex
RtlRunEncodeUnicodeString
RtlRunDecodeUnicodeString
_wcsicmp
RtlReAllocateHeap
RtlNtStatusToDosError
RtlGetActiveConsoleId
CsrFreeCaptureBuffer
wcsrchr
CsrClientCallServer
CsrAllocateMessagePointer
CsrAllocateCaptureBuffer
NtOpenProcessToken
NtOpenThreadToken
RtlFreeSid
NtQueryInformationToken
RtlAllocateAndInitializeSid
NtQueryVirtualMemory
_vsnwprintf
memcpy_s
RtlUnicodeToMultiByteSize
RtlIsThreadWithinLoaderCallout
RtlReleaseActivationContext
RtlFindActivationContextSectionString
RtlDeactivateActivationContextUnsafeFast
RtlActivateActivationContextUnsafeFast
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN
RtlEnterCriticalSection
RtlLeaveCriticalSection
__C_specific_handler
wcscat_s
wcscpy_s
NtQueryValueKey
NtEnumerateKey
NtClose
NtOpenKey
RtlOpenCurrentUser
RtlUnicodeStringToInteger
RtlInitUnicodeString
swprintf_s
RtlFreeHeap
RtlAllocateHeap
memset
memmove

api-ms-win-core-localization-l1-2-0

GetACP
GetThreadLocale
IsDBCSLeadByteEx
ConvertDefaultLocale
GetOEMCP
IsDBCSLeadByte
GetSystemDefaultLangID
GetCPInfo
GetLocaleInfoW
GetUserDefaultLCID
FormatMessageW
IsValidLocale

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryValueExW
RegGetValueW
RegDeleteKeyExW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegEnumValueW

api-ms-win-core-heap-l2-1-0

LocalLock
LocalUnlock
GlobalFree
LocalReAlloc
LocalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

EnumResourceNamesExW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleFileNameA
FindResourceExW
SizeofResource
GetModuleHandleExW
GetModuleHandleW
LoadResource
LoadLibraryExW
GetModuleHandleA

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWrite
EventWriteTransfer
EventActivityIdControl
EventProviderEnabled

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
TerminateProcess
GetCurrentThread
CreateThread
GetExitCodeThread
GetCurrentProcess
ExitThread
ProcessIdToSessionId
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
SetEvent
OpenEventW
AcquireSRWLockExclusive
CreateMutexExW
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
InitializeSRWLock
WaitForSingleObject

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringW
WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar
FoldStringW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

CheckTokenMembership

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l2-1-0

CharUpperW
CharPrevW
IsCharAlphaNumericW
CharLowerBuffW
CharUpperBuffW
IsCharUpperW
IsCharLowerW
IsCharAlphaW
CharNextW
CharLowerW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW
SetCurrentDirectoryW
GetCurrentDirectoryW

api-ms-win-core-file-l1-1-0

GetLogicalDrives
GetFileSize
ReadFile
FindClose
FindFirstFileW
CreateFileW
FindNextFileW
SetFileTime

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
WritePrivateProfileStringW

api-ms-win-core-atoms-l1-1-0

GlobalFindAtomA
AddAtomW
GlobalGetAtomNameW
DeleteAtom
GlobalDeleteAtom
GlobalGetAtomNameA
AddAtomA
GlobalAddAtomW
GlobalFindAtomW
GetAtomNameA
GlobalAddAtomA
GetAtomNameW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalHandle
GlobalFlags
GlobalReAlloc
GlobalLock
LocalSize
GlobalSize

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrlenW
lstrcmpiW

api-ms-win-core-localization-obsolete-l1-2-0

GetStringTypeA

api-ms-win-core-stringansi-l1-1-0

CharUpperA
IsCharLowerA
IsCharAlphaA
CharUpperBuffA
CharLowerBuffA
CharLowerA
CharNextExA
IsCharUpperA
CharPrevA
CharPrevExA
IsCharAlphaNumericA
CharNextA

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxSettingsW

api-ms-win-core-kernel32-private-l1-1-0

RegisterWaitForInputIdle

kernelbase

WTSGetServiceSessionId
LoadStringBaseExW

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv
FindResourceExA

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-appinit-l1-1-0

LoadAppInitDlls

gdi32

CreateDIBSection
SetBkMode
SelectObject
IntersectClipRect
SetTextAlign
GetTextAlign
GetStockObject
SetBkColor
SetTextColor
GetObjectW
GetBkColor
GetLayout
GdiGetBitmapBitsSize
GetDIBColorTable
GetDeviceCaps
StretchDIBits
GetMapMode
GetHFONT
ExtSelectClipRgn
GetClipRgn
SetGraphicsMode
GdiPrinterThunk
GdiLoadType1Fonts
GdiAddFontResourceW
GetRgnBox
ExtCreateRegion
GetRegionData
EnableEUDC
TextOutA
GdiReleaseDC
GdiConvertBitmapV5
GdiConvertToDevmodeW
GetClipBox
MirrorRgn
OffsetRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
CreateRectRgn
GetBoundsRect
SetLayout
PlayEnhMetaFile
ExcludeClipRect
StretchBlt
Ellipse
CreateEllipticRgn
GetDCOrgEx
GdiTrackHDelete
GdiFixUpHandle
Rectangle
CreatePen
CreateBrushIndirect
PolyPatBlt
SetViewportOrgEx
GetViewportOrgEx
GetCurrentObject
GetTextCharacterExtra
SetTextCharacterExtra
SetLayoutWidth
GdiConvertAndCheckDC
SetBoundsRect
CreateSolidBrush
GdiProcessSetup
GdiDllInitialize
CopyEnhMetaFileW
CopyMetaFileW
SetPaletteEntries
CreatePalette
GetPaletteEntries
DeleteEnhMetaFile
DeleteMetaFile
GetPixel
GetTextCharsetInfo
QueryFontAssocStatus
ExtTextOutA
GetCharWidthInfo
GetCharWidthA
GetTextExtentPointA
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsA
SetBrushOrgEx
GetDCDpiScaleValue
GetTextFaceAliasW
EnumFontsW
CreateFontIndirectW
TranslateCharsetInfo
GdiCreateLocalEnhMetaFile
GdiCreateLocalMetaFilePict
GdiConvertEnhMetaFile
GdiConvertMetaFilePict
GetTextColor
GetTextMetricsW
TextOutW
GetWindowExtEx
GetViewportExtEx
GetBkMode
GdiGetCharDimensions
GetTextCharset
GdiGetCodePage
GetTextExtentPointW
ExtTextOutW
RestoreDC
OffsetWindowOrgEx
SaveDC
GetObjectType
GetDIBits
SetDIBits
SetStretchBltMode
GdiValidateHandle
PatBlt
CreateCompatibleBitmap
CreateDIBitmap
CreateDCW
GdiTrackHCreate
DeleteDC
BitBlt
CreateCompatibleDC
DeleteObject
CreateBitmap

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ActivateKeyboardLayout
AddClipboardFormatListener
AddVisualIdentifier
AdjustWindowRect
AdjustWindowRectEx
AdjustWindowRectExForDpi
AlignRects
AllowForegroundActivation
AllowSetForegroundWindow
AnimateWindow
AnyPopup
AppendMenuA
AppendMenuW
AreDpiAwarenessContextsEqual
ArrangeIconicWindows
AttachThreadInput
BeginDeferWindowPos
BeginPaint
BlockInput
BringWindowToTop
BroadcastSystemMessage
BroadcastSystemMessageA
BroadcastSystemMessageExA
BroadcastSystemMessageExW
BroadcastSystemMessageW
BuildReasonArray
CalcMenuBar
CalculatePopupWindowPosition
CallMsgFilter
CallMsgFilterA
CallMsgFilterW
CallNextHookEx
CallWindowProcA
CallWindowProcW
CancelShutdown
CascadeChildWindows
CascadeWindows
ChangeClipboardChain
ChangeDisplaySettingsA
ChangeDisplaySettingsExA
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuA
ChangeMenuW
ChangeWindowMessageFilter
ChangeWindowMessageFilterEx
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharToOemA
CharToOemBuffA
CharToOemBuffW
CharToOemW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckBannedOneCoreTransformApi
CheckDBCSEnabledExt
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckProcessForClipboardAccess
CheckProcessSession
CheckRadioButton
CheckWindowThreadDesktop
ChildWindowFromPoint
ChildWindowFromPointEx
CliImmSetHotKey
ClientThreadSetup
ClientToScreen
ClipCursor
CloseClipboard
CloseDesktop
CloseGestureInfoHandle
CloseTouchInputHandle
CloseWindow
CloseWindowStation
ConsoleControl
ControlMagnification
CopyAcceleratorTableA
CopyAcceleratorTableW
CopyIcon
CopyImage
CopyRect
CountClipboardFormats
CreateAcceleratorTableA
CreateAcceleratorTableW
CreateCaret
CreateCursor
CreateDCompositionHwndTarget
CreateDesktopA
CreateDesktopExA
CreateDesktopExW
CreateDesktopW
CreateDialogIndirectParamA
CreateDialogIndirectParamAorW
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateIcon
CreateIconFromResource
CreateIconFromResourceEx
CreateIconIndirect
CreateMDIWindowA
CreateMDIWindowW
CreateMenu
CreatePopupMenu
CreateSyntheticPointerDevice
CreateSystemThreads
CreateWindowExA
CreateWindowExW
CreateWindowInBand
CreateWindowInBandEx
CreateWindowIndirect
CreateWindowStationA
CreateWindowStationW
CsrBroadcastSystemMessageExW
CtxInitUser32
DdeAbandonTransaction
DdeAccessData
DdeAddData
DdeClientTransaction
DdeCmpStringHandles
DdeConnect
DdeConnectList
DdeCreateDataHandle
DdeCreateStringHandleA
DdeCreateStringHandleW
DdeDisconnect
DdeDisconnectList
DdeEnableCallback
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeGetQualityOfService
DdeImpersonateClient
DdeInitializeA
DdeInitializeW
DdeKeepStringHandle
DdeNameService
DdePostAdvise
DdeQueryConvInfo
DdeQueryNextServer
DdeQueryStringA
DdeQueryStringW
DdeReconnect
DdeSetQualityOfService
DdeSetUserHandle
DdeUnaccessData
DdeUninitialize
DefDlgProcA
DefDlgProcW
DefFrameProcA
DefFrameProcW
DefMDIChildProcA
DefMDIChildProcW
DefRawInputProc
DefWindowProcA
DefWindowProcW
DeferWindowPos
DeferWindowPosAndBand
DelegateInput
DeleteMenu
DeregisterShellHookWindow
DestroyAcceleratorTable
DestroyCaret
DestroyCursor
DestroyDCompositionHwndTarget
DestroyIcon
DestroyMenu
DestroyReasons
DestroySyntheticPointerDevice
DestroyWindow
DialogBoxIndirectParamA
DialogBoxIndirectParamAorW
DialogBoxIndirectParamW
DialogBoxParamA
DialogBoxParamW
DisableProcessWindowsGhosting
DispatchMessageA
DispatchMessageW
DisplayConfigGetDeviceInfo
DisplayConfigSetDeviceInfo
DisplayExitWindowsWarnings
DlgDirListA
DlgDirListComboBoxA
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExA
DlgDirSelectComboBoxExW
DlgDirSelectExA
DlgDirSelectExW
DoSoundConnect
DoSoundDisconnect
DragDetect
DragObject
DrawAnimatedRects
DrawCaption
DrawCaptionTempA
DrawCaptionTempW
DrawEdge
DrawFocusRect
DrawFrame
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawMenuBarTemp
DrawStateA
DrawStateW
DrawTextA
DrawTextExA
DrawTextExW
DrawTextW
DwmGetDxRgn
DwmGetDxSharedSurface
DwmGetRemoteSessionOcclusionEvent
DwmGetRemoteSessionOcclusionState
DwmKernelShutdown
DwmKernelStartup
DwmLockScreenUpdates
DwmValidateWindow
EditWndProc
EmptyClipboard
EnableMenuItem
EnableMouseInPointer
EnableNonClientDpiScaling
EnableOneCoreTransformMode
EnableScrollBar
EnableSessionForMMCSS
EnableWindow
EndDeferWindowPos
EndDeferWindowPosEx
EndDialog
EndMenu
EndPaint
EndTask
EnterReaderModeHelper
EnumChildWindows
EnumClipboardFormats
EnumDesktopWindows
EnumDesktopsA
EnumDesktopsW
EnumDisplayDevicesA
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsA
EnumDisplaySettingsExA
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumThreadWindows
EnumWindowStationsA
EnumWindowStationsW
EnumWindows
EqualRect
EvaluateProximityToPolygon
EvaluateProximityToRect
ExcludeUpdateRgn
ExitWindowsEx
FillRect
FindWindowA
FindWindowExA
FindWindowExW
FindWindowW
FlashWindow
FlashWindowEx
FrameRect
FreeDDElParam
FrostCrashedWindow
GetActiveWindow
GetAltTabInfo
GetAltTabInfoA
GetAltTabInfoW
GetAncestor
GetAppCompatFlags
GetAppCompatFlags2
GetAsyncKeyState
GetAutoRotationState
GetAwarenessFromDpiAwarenessContext
GetCIMSSM
GetCapture
GetCaretBlinkTime
GetCaretPos
GetClassInfoA
GetClassInfoExA
GetClassInfoExW
GetClassInfoW
GetClassLongA
GetClassLongPtrA
GetClassLongPtrW
GetClassLongW
GetClassNameA
GetClassNameW
GetClassWord
GetClientRect
GetClipCursor
GetClipboardAccessToken
GetClipboardData
GetClipboardFormatNameA
GetClipboardFormatNameW
GetClipboardOwner
GetClipboardSequenceNumber
GetClipboardViewer
GetComboBoxInfo
GetCurrentInputMessageSource
GetCursor
GetCursorFrameInfo
GetCursorInfo
GetCursorPos
GetDC
GetDCEx
GetDesktopID
GetDesktopWindow
GetDialogBaseUnits
GetDialogControlDpiChangeBehavior
GetDialogDpiChangeBehavior
GetDisplayAutoRotationPreferences
GetDisplayConfigBufferSizes
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDlgItemTextW
GetDoubleClickTime
GetDpiAwarenessContextForProcess
GetDpiForMonitorInternal
GetDpiForSystem
GetDpiForWindow
GetDpiFromDpiAwarenessContext
GetExtendedPointerDeviceProperty
GetFocus
GetForegroundWindow
GetGUIThreadInfo
GetGestureConfig
GetGestureExtraArgs
GetGestureInfo
GetGuiResources
GetIconInfo
GetIconInfoExA
GetIconInfoExW
GetInputDesktop
GetInputLocaleInfo
GetInputState
GetInternalWindowPos
GetKBCodePage
GetKeyNameTextA
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetLastInputInfo
GetLayeredWindowAttributes
GetListBoxInfo
GetMagnificationDesktopColorEffect
GetMagnificationDesktopMagnification
GetMagnificationDesktopSamplingMode
GetMagnificationLensCtxInformation
GetMenu
GetMenuBarInfo
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuItemInfoW
GetMenuItemRect
GetMenuState
GetMenuStringA
GetMenuStringW
GetMessageA
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoA
GetMonitorInfoW
GetMouseMovePointsEx
GetNextDlgGroupItem
GetNextDlgTabItem
GetOpenClipboardWindow
GetParent
GetPhysicalCursorPos
GetPointerCursorId
GetPointerDevice
GetPointerDeviceCursors
GetPointerDeviceInputSpace
GetPointerDeviceOrientation
GetPointerDeviceProperties
GetPointerDeviceRects
GetPointerDevices
GetPointerFrameArrivalTimes
GetPointerFrameInfo
GetPointerFrameInfoHistory
GetPointerFramePenInfo
GetPointerFramePenInfoHistory
GetPointerFrameTimes
GetPointerFrameTouchInfo
GetPointerFrameTouchInfoHistory
GetPointerInfo
GetPointerInfoHistory
GetPointerInputTransform
GetPointerPenInfo
GetPointerPenInfoHistory
GetPointerTouchInfo
GetPointerTouchInfoHistory
GetPointerType
GetPriorityClipboardFormat
GetProcessDefaultLayout
GetProcessDpiAwarenessInternal
GetProcessUIContextInformation
GetProcessWindowStation
GetProgmanWindow
GetPropA
GetPropW
GetQueueStatus
GetRawInputBuffer
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetRawPointerDeviceData
GetReasonTitleFromReasonCode
GetRegisteredRawInputDevices
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSendMessageReceiver
GetShellChangeNotifyWindow
GetShellWindow
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemDpiForProcess
GetSystemMenu
GetSystemMetrics
GetSystemMetricsForDpi
GetTabbedTextExtentA
GetTabbedTextExtentW
GetTaskmanWindow
GetThreadDesktop
GetThreadDpiAwarenessContext
GetThreadDpiHostingBehavior
GetTitleBarInfo
GetTopLevelWindow
GetTopWindow
GetTouchInputInfo
GetUnpredictedMessagePos
GetUpdateRect
GetUpdateRgn
GetUpdatedClipboardFormats
GetUserObjectInformationA
GetUserObjectInformationW
GetUserObjectSecurity
GetWinStationInfo
GetWindow
GetWindowBand
GetWindowCompositionAttribute
GetWindowCompositionInfo
GetWindowContextHelpId
GetWindowDC
GetWindowDisplayAffinity
GetWindowDpiAwarenessContext
GetWindowDpiHostingBehavior
GetWindowFeedbackSetting
GetWindowInfo
GetWindowLongA
GetWindowLongPtrA
GetWindowLongPtrW
GetWindowLongW
GetWindowMinimizeRect
GetWindowModuleFileName
GetWindowModuleFileNameA
GetWindowModuleFileNameW
GetWindowPlacement
GetWindowProcessHandle
GetWindowRect
GetWindowRgn
GetWindowRgnBox
GetWindowRgnEx

Sections

.text
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 900KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
userenv/Microsoft.Uev.SmbSyncProvider.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Uev.SmbSyncProvider.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
userenv/Windows.Data.Activities.dll
.dll windows:10 windows x64 arch:x64

025367c11ce4fba6a8d69c1719bd9fcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Data.Activities.pdb

Imports

msvcrt

__dllonexit
_unlock
memcpy_s
??3@YAXPEAX@Z
_lock
?terminate@@YAXXZ
_initterm
_onexit
__C_specific_handler
_purecall
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
__mb_cur_max
memmove_s
realloc
??0exception@@QEAA@AEBQEBDH@Z
_wcsicmp
setlocale
_CxxThrowException
memcpy
memmove
___mb_cur_max_func
bsearch_s
malloc
___lc_codepage_func
_ismbblead
ldexp
sprintf_s
strcspn
??0bad_cast@@QEAA@PEBD@Z
localeconv
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
memset
_callnewh
abort
_wcsdup
__crtCompareStringW
__crtCompareStringA
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
__pctype_func
isupper
calloc
islower
_Getdays
_Getmonths
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_Gettnames
_Strftime
isspace
tolower
memchr
___lc_collate_cp_func
memcmp
isalnum
isdigit
??1exception@@UEAA@XZ
_vsnprintf_s
free
_XcptFilter
___lc_handle_func
_amsg_exit
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_errno
_vsnwprintf
??_V@YAXPEAX@Z
??0exception@@QEAA@XZ
__CxxFrameHandler3

api-ms-win-core-libraryloader-l1-2-0

LockResource
FindResourceExW
FreeLibrary
GetModuleFileNameA
LoadResource
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateEventW
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
DeleteCriticalSection
ResetEvent
OpenSemaphoreW
CreateMutexExW
ReleaseSemaphore
ReleaseSRWLockShared
InitializeCriticalSectionEx
CreateEventExW
SetEvent
AcquireSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockExclusive
CreateSemaphoreExW
InitializeSRWLock
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
GetCurrentThread
CreateThread
GetCurrentProcess
OpenThreadToken
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

CStdStubBuffer_Connect
IUnknown_AddRef_Proxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister
EventActivityIdControl

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsCreateStringReference
WindowsDuplicateString
WindowsCreateString

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoTransformError
RoOriginateError
SetRestrictedErrorInfo
GetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient7
ObjectStublessClient3
ObjectStublessClient5
ObjectStublessClient8
ObjectStublessClient4
ObjectStublessClient6

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoGetCallContext
CoTaskMemAlloc
CoReleaseMarshalData
CreateStreamOnHGlobal
CoGetMalloc
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoDecrementMTAUsage
CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoTaskMemRealloc
CoTaskMemFree
CoMarshalInterface

api-ms-win-security-base-l1-1-0

CopySid
DuplicateTokenEx
GetTokenInformation
GetLengthSid
RevertToSelf
ImpersonateLoggedOnUser

ntdll

RtlDeriveCapabilitySidsFromName

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-shcore-registry-l1-1-0

SHSetValueW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

cdp

CDPInitialize
CDPShutdown
CDPGetActivityStore
CDPGetActivityStoreForStoreInfo
CDPCreateActivityStoreInfoInternal
CDPAccountFromWebAccount
CDPGetActivityStoreForAccount
CDPGetUserActivitySettings

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetProxyDllInfo
GetSetting

Sections

.text
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
userenv/Windows.Storage.OneCore.dll
.dll windows:10 windows x64 arch:x64

f2dfa967f042f40adb85c3e1d22f9894

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Storage.OneCore.pdb

Imports

msvcp_win

?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_XGetLastError@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__cexit
memmove
_o__execute_onexit_table
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__callnewh
_o__errno
_o__crt_atexit
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__configure_narrow_argv
_o___std_exception_copy
wcsstr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
FindStringOrdinal
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
CreateEventExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateSemaphoreExW
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetCurrentThreadId
OpenProcessToken
GetCurrentThread
OpenThreadToken
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

FindClose
FindFirstFileExW
GetFinalPathNameByHandleW
DeleteFileW
GetFileAttributesExW
RemoveDirectoryW
SetFileAttributesW
GetVolumeInformationByHandleW
GetFullPathNameW
GetFileAttributesW
CreateFileW
CreateDirectoryW
SetFileInformationByHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsPromoteStringBuffer
WindowsCreateString
WindowsPreallocateStringBuffer
WindowsDeleteStringBuffer
WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW
PathSkipRootW
PathIsSameRootW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-com-l1-1-0

CoGetCallContext
CoTaskMemAlloc
CoGetApartmentType
CoTaskMemFree
CoRevertToSelf
CoCreateInstance

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegGetValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey

ntdll

RtlInitializeCriticalSection
RtlAllocateHeap
RtlDeleteCriticalSection
RtlFreeHeap
NtOpenKey
RtlQueryPackageClaims
NtQueryKey
RtlInitUnicodeStringEx

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-file-l2-1-0

ReplaceFileW
GetFileInformationByHandleEx

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-path-l1-1-0

PathCchIsRoot
PathCchFindExtension
PathCchRemoveFileSpec

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ext-ms-win-appmodel-state-ext-l1-2-0

OpenStateExplicit
CloseState
GetSystemAppDataKey

ext-ms-win-winrt-storage-l1-2-0

PathContainedByManifestedKnownFolder_FullTrustCaller_ForPackage

ext-ms-win-winrt-storage-l1-2-2

StorageItemHelpers_IsSupportedRemovablePath

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
GetSidSubAuthority
GetTokenInformation

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName

api-ms-win-appmodel-runtime-l1-1-1

GetPackageFamilyNameFromToken

Exports

Exports

CopyFileFromAppW
CreateDirectoryFromAppW
CreateFile2FromAppW
CreateFileFromAppW
DeleteFileFromAppW
DllCanUnloadNow
DllGetActivationFactory
FindFirstFileExFromAppW
GetFileAttributesExFromAppW
MoveFileFromAppW
RemoveDirectoryFromAppW
ReplaceFileFromAppW
SetFileAttributesFromAppW

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
userenv/userenv.dll
.dll regsvr32 windows:10 windows x64 arch:x64

e8a56fafbeb48b7a01a08d84a69ef377

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:58:9d:5b:d2:29:74:b3:7e:02:96:72:ca:87:d4:97:72:dc:c9:19:40:ba:51:18:f1:28:be:f7:41:e9:28:2a
Signer

Actual PE Digest

4a:58:9d:5b:d2:29:74:b3:7e:02:96:72:ca:87:d4:97:72:dc:c9:19:40:ba:51:18:f1:28:be:f7:41:e9:28:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

userenv.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o_free
_o_malloc
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__errno
_o__cexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler4
_CxxThrowException
memcmp
memmove
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegGetValueW

api-ms-win-security-base-l1-1-0

GetFileSecurityW
GetSecurityDescriptorOwner
EqualSid
FreeSid
AllocateAndInitializeSid
RevertToSelf
GetTokenInformation
GetLengthSid
ImpersonateLoggedOnUser
ImpersonateSelf
CopySid
PrivilegeCheck

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FindResourceExW
GetModuleFileNameA
LoadResource
LockResource
GetModuleHandleW
GetModuleHandleExW
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForMultipleObjectsEx
CreateEventW
ReleaseSRWLockShared
InitializeCriticalSectionEx
AcquireSRWLockShared
SetEvent
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
WaitForSingleObject
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SetThreadToken
GetCurrentProcessId
CreateThread
GetCurrentProcess
OpenThreadToken
GetCurrentThread
OpenProcessToken
TerminateProcess

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
CompareStringW
WideCharToMultiByte

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW
UuidCreate
RpcStringBindingComposeW
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
RpcBindingSetAuthInfoExW
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrClientCall3
I_RpcExceptionFilter
RpcRevertToSelf

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
FindClose
CreateFileW
DeleteFileW
SetFileTime
GetFileAttributesExW
CompareFileTime
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FlushFileBuffers
GetDiskFreeSpaceExW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
MoveFileExW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-path-l1-1-0

PathCchAddBackslashEx

api-ms-win-security-grouppolicy-l1-1-0

GetPreviousFgPolicyRefreshInfoInternal
ForceSyncFgPolicyInternal
RegisterGPNotificationInternal
HasPolicyForegroundProcessingCompletedInternal
GetAppliedGPOListInternalW
GetAppliedGPOListInternalA
EnterCriticalPolicySectionInternal
GenerateGPNotificationInternal
AreThereVisibleShutdownScriptsInternal
LeaveCriticalPolicySectionInternal
FreeGPOListInternalW
RefreshPolicyExInternal
WaitForMachinePolicyForegroundProcessingInternal
GetNextFgPolicyRefreshInfoInternal
GetGPOListInternalA
AreThereVisibleLogoffScriptsInternal
WaitForUserPolicyForegroundProcessingInternal
FreeGPOListInternalA
UnregisterGPNotificationInternal
RsopLoggingEnabledInternal
RefreshPolicyInternal
GetGPOListInternalW

api-ms-win-core-kernel32-private-l1-1-1

PrivCopyFileExW

ntdll

RtlStringFromGUID
NtClose
RtlFreeUnicodeString
EtwEventRegister
RtlNtStatusToDosError
EtwEventUnregister
EtwEventSetInformation
RtlAdjustPrivilege
EtwEventActivityIdControl
EtwEventWriteTransfer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AreThereVisibleLogoffScripts
AreThereVisibleShutdownScripts
CreateAppContainerProfile
CreateEnvironmentBlock
CreateProfile
DeleteAppContainerProfile
DeleteProfileA
DeleteProfileW
DeriveAppContainerSidFromAppContainerName
DeriveRestrictedAppContainerSidFromAppContainerSidAndRestrictedName
DestroyEnvironmentBlock
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserA
ExpandEnvironmentStringsForUserW
ForceSyncFgPolicy
FreeGPOListA
FreeGPOListW
GenerateGPNotification
GetAllUsersProfileDirectoryA
GetAllUsersProfileDirectoryW
GetAppContainerFolderPath
GetAppContainerRegistryLocation
GetAppliedGPOListA
GetAppliedGPOListW
GetDefaultUserProfileDirectoryA
GetDefaultUserProfileDirectoryW
GetGPOListA
GetGPOListW
GetNextFgPolicyRefreshInfo
GetPreviousFgPolicyRefreshInfo
GetProfileType
GetProfilesDirectoryA
GetProfilesDirectoryW
GetUserProfileDirectoryA
GetUserProfileDirectoryW
HasPolicyForegroundProcessingCompleted
LeaveCriticalPolicySection
LoadProfileExtender
LoadUserProfileA
LoadUserProfileW
ProcessGroupPolicyCompleted
ProcessGroupPolicyCompletedEx
RefreshPolicy
RefreshPolicyEx
RegisterGPNotification
RsopAccessCheckByType
RsopFileAccessCheck
RsopLoggingEnabled
RsopResetPolicySettingStatus
RsopSetPolicySettingStatus
UnloadProfileExtender
UnloadUserProfile
UnregisterGPNotification
WaitForMachinePolicyForegroundProcessing
WaitForUserPolicyForegroundProcessing

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winsrv/NotificationControllerPS.dll
.dll regsvr32 windows:10 windows x64 arch:x64

5df1d0c66d2b36330253dfe1511dd69b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NotificationControllerPS.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_wcscpy_s
_o_wcstoull
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

rmclient

HamCloseActivity
HamConnectToServer
HamCreateActivityForProcess
HamStartActivityAsync
HamPopulateActivityProperties
HamDisconnectFromServer

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateMutexExW
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
AcquireSRWLockExclusive
SetEvent
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
ReleaseMutex
LeaveCriticalSection
WaitForSingleObject
AcquireSRWLockShared
ReleaseSemaphore
ReleaseSRWLockExclusive
CreateEventExW
CreateSemaphoreExW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetProcessId
ProcessIdToSessionId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

NdrOleAllocate
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrDllGetClassObject
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_QueryInterface
NdrDllCanUnloadNow
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrDllUnregisterProxy
CStdStubBuffer_Connect
NdrDllRegisterProxy
NdrCStdStubBuffer_Release

oleaut32

BSTR_UserUnmarshal64
BSTR_UserUnmarshal
SysAllocString
BSTR_UserMarshal
SysFreeString
BSTR_UserFree
BSTR_UserSize
BSTR_UserFree64
BSTR_UserMarshal64
BSTR_UserSize64

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient10
ObjectStublessClient14
ObjectStublessClient11
ObjectStublessClient12
ObjectStublessClient4
ObjectStublessClient17
ObjectStublessClient9
ObjectStublessClient6
ObjectStublessClient3
ObjectStublessClient8
ObjectStublessClient15
ObjectStublessClient7
ObjectStublessClient5
ObjectStublessClient13
ObjectStublessClient16

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventActivityIdControl
EventUnregister
EventWriteTransfer

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateInstance
CoGetCallContext
CoCreateFreeThreadedMarshaler

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
NtQueryWnfStateData
wcschr
RtlIsMultiUsersInSessionSku
RtlTestAndPublishWnfStateData

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

UnregisterPowerSettingNotification

combase

ord154

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winsrv/TextInputFramework.dll
.dll windows:10 windows x64 arch:x64

a92a6217e10aa1e34ad9105ef1e46339

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:30:2a:27:6b:89:7c:e0:d2:13:30:34:bd:cb:f2:43:94:ab:75:84:3e:7d:e9:02:fd:41:1f:06:91:a3:58:68
Signer

Actual PE Digest

d9:30:2a:27:6b:89:7c:e0:d2:13:30:34:bd:cb:f2:43:94:ab:75:84:3e:7d:e9:02:fd:41:1f:06:91:a3:58:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

TextInputFramework.pdb

Imports

msvcrt

memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcschr
wcscpy_s
wcsncpy
time
srand
rand
strrchr
strcpy_s
memmove_s
memcmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
__CxxFrameHandler3
memset

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsCreateString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateMutexExW
WaitForSingleObject
InitializeCriticalSectionEx
EnterCriticalSection
WaitForSingleObjectEx
ReleaseSRWLockShared
LeaveCriticalSection
AcquireSRWLockShared
InitializeCriticalSection
CreateSemaphoreExW
ReleaseSemaphore
SetEvent
ReleaseMutex
AcquireSRWLockExclusive
OpenSemaphoreW
CreateEventW
ReleaseSRWLockExclusive

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
FindStringOrdinal
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentProcess
TlsAlloc
GetCurrentProcessId
TlsFree
TlsSetValue
GetCurrentThreadId
TlsGetValue

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantClear
SysFreeString
VariantCopy
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
EventWrite

rpcrt4

UuidCreate

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

coreuicomponents

CoreUIFactoryCreate
CoreUIClientCreate

coremessaging

MsgRelease
MsgBlobCreateShared
MsgStringCreateShared
CoreUICreate
MsgBufferShare

ntdll

RtlDllShutdownInProgress
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationProcess
RtlInitUnicodeString
NtQueryInformationToken
RtlFreeHeap
RtlAllocateHeap

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoGetMalloc
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
InputFocusChanged
NavigateFocusInfoCreate
TextInputClientCreate
TextInputClientCreate2
TextInputHostCreate
TextInputHostCreate2
TextInputHostCreateEx
TextInputHostGetCurrent
TextInputHostSiteCreate
TextInputServerCreate
TsfOneCreate
tsfGetAsyncKeyState
tsfGetKeyState
tsfGetKeyboardState

Sections

.text
Size: 705KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winsrv/webio.dll
.dll windows:10 windows x64 arch:x64

218a48d6282c9e97e959ce67ba586f7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

webio.pdb

Imports

api-ms-win-crt-string-l1-1-0

strcmp
strncmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__strnicmp
memmove
_o__wcsnicmp
_o_free
_o_isalnum
_o_isalpha
_o_isdigit
_o_isspace
_o_malloc
_o_memcpy_s
_o_tolower
_o_toupper
__C_specific_handler
_o__execute_onexit_table
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
__CxxFrameHandler3
__std_terminate
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
memcmp
memcpy

ntdll

RtlGetVersion
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
RtlNtStatusToDosError
RtlVirtualUnwind
EtwGetTraceLoggerHandle
RtlCaptureContext
RtlCompareUnicodeStrings
EtwGetTraceEnableFlags
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlInitUnicodeString
RtlFreeHeap
NtCreateFile
RtlIsCriticalSectionLockedByThread
RtlIpv6AddressToStringW
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
EtwUnregisterTraceGuids
RtlDowncaseUnicodeChar
EtwTraceMessageVa
RtlGetCurrentProcessorNumber
NtSetInformationFile
RtlAllocateHeap
RtlLookupFunctionEntry

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeSRWLock
ReleaseSRWLockExclusive
InitializeCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
CreateEventA
SetEvent
CreateEventW
WaitForMultipleObjectsEx
ResetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-localization-l1-2-0

GetCPInfo
IdnToUnicode
IsDBCSLeadByteEx
GetCPInfoExW
IdnToAscii

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWrite
EventSetInformation
EventWriteTransfer
EventEnabled
EventUnregister
EventActivityIdControl

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
CreateThread
GetCurrentProcess
TerminateProcess
TlsGetValue
SwitchToThread
OpenThreadToken
TlsAlloc
SetThreadToken
TlsSetValue
GetCurrentThread
TlsFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExA
GetModuleHandleExW
FreeLibrary
GetProcAddress
GetModuleHandleW
FreeLibraryAndExitThread

api-ms-win-core-file-l1-1-0

LocalFileTimeToFileTime
CompareFileTime

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemDirectoryW
GetTickCount
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
QueryDepthSList
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
CloseThreadpoolWait
SetThreadpoolWait
SubmitThreadpoolWork
CloseThreadpoolWork
CloseThreadpoolTimer
CallbackMayRunLong
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolTimer
CreateThreadpoolCleanupGroup
StartThreadpoolIo
CreateThreadpoolWork
CreateThreadpoolIo
FreeLibraryWhenCallbackReturns
CloseThreadpoolIo
CancelThreadpoolIo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-security-base-l1-1-0

RevertToSelf
GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-0

SetFileCompletionNotificationModes

kernelbase

GetIsWdagEnabled
UnsubscribeEdpEnabledStateChange
SubscribeEdpEnabledStateChange
UnsubscribeWdagEnabledStateChange
SubscribeWdagEnabledStateChange
GetIsEdpEnabled

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

Sections

.text
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64__installer___v4.8.2.msi
.msi

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

PDB Paths

Exports

Exports

Sections

.text Size: 512B - Virtual size: 24B

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 512B - Virtual size: 196B

Password: infected

563623628d6c9e656161e493e4981638

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

74:79:71:91:bb:2d:c9:48:bb:4f:02:42:fd:a9:ff:44:42:7c:be:0e:43:40:a5:7f:d4:11:6e:f7:14:45:fe:fdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-realtime-l1-1-0

ntdll

api-ms-win-core-featurestaging-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-quirks-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 515KB - Virtual size: 515KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 16KB - Virtual size: 15KB

.didat Size: 1024B - Virtual size: 608B

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 512B - Virtual size: 24B

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 512B - Virtual size: 196B

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

74:79:71:91:bb:2d:c9:48:bb:4f:02:42:fd:a9:ff:44:42:7c:be:0e:43:40:a5:7f:d4:11:6e:f7:14:45:fe:fd
Signer

.text
Size: 515KB - Virtual size: 515KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 16KB - Virtual size: 15KB

.didat
Size: 1024B - Virtual size: 608B

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 628B

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

ec:ec:33:a0:6a:83:43:64:23:c4:1b:4d:21:eb:8c:91:88:e9:b2:db:f3:f3:eb:5c:ac:1b:a4:35:0e:57:df:ee
Signer