tera5[.]zip | Triage

Resubmissions

04/09/2024, 12:50

240904-p3eg2a1hkh 7

04/09/2024, 12:49

240904-p2tkkazfpm 7

Sharing

Copy URL Twitter E-mail

General

Target

tera5.zip
Size

17.8MB
MD5

2d9124796cbb3f2c5bce71e25bf07904
SHA1

0c1215337f56297d3f61e5e557d2b715599af102
SHA256

46a6324977f2617352bbd58766ba1be1d383cc636b8d99488ba6ae05ad3e6bf3
SHA512

0e058a470ddb3c9f06b95fe2e6007184d65c66234215a5927c6f57280167078aaa2ade4e016bf1af4fa42a583f15bf16617d9e8e96ca3f9c305c4e4f56f682ab
SSDEEP

393216:arkW/E7iZ0xQC9f6yleL4eaCYzK0A90Ecj:arkYAiZ0KhyleuZW79TY

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0fs9-setup.exe
unpack001/CertEnroll.dll
unpack001/Chakra.dll
unpack001/ChatApis.dll
unpack001/cdosys.dll
unpack001/cdp.dll
unpack001/cdprt.dll
unpack001/cdpsvc.dll
unpack001/cdpusersvc.dll
unpack001/certadm.dll
unpack001/certca.dll
unpack001/certcli.dll
unpack001/certmgr.dll
unpack001/certmmc.dll
unpack001/certocm.dll
unpack001/certtmpl.dll

Files

tera5.zip
.zip
0fs9-setup.exe
.exe windows:6 windows x86 arch:x86

1aae8bf580c846f39c71c05898e57e88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13.4MB - Virtual size: 13.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 421KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 709KB - Virtual size: 709KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CbsCore.dll
.dll windows:10 windows x64 arch:x64

715217d77a26c9c4889f8ca4930cc478

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:28:1c:73:95:be:53:a8:7f:ed:0b:12:9d:cf:9b:e5:01:53:70:71:48:be:cb:36:b2:2e:6e:81:78:55:f3:fa
Signer

Actual PE Digest

28:28:1c:73:95:be:53:a8:7f:ed:0b:12:9d:cf:9b:e5:01:53:70:71:48:be:cb:36:b2:2e:6e:81:78:55:f3:fa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cbscore.pdb

Imports

msvcrt

strncmp
wcscat_s
strtol
strrchr
_itow_s
_ui64tow_s
sprintf_s
_set_errno
sscanf_s
_wtoi
isdigit
_strnicmp
isspace
memcmp
wcsncmp
memcpy
memmove
memset
wcstok_s
strncpy_s
strchr
__CxxFrameHandler3
towlower
strstr
wcscmp
_wtol
?terminate@@YAXXZ
swscanf_s
_snprintf_s
strcmp
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
wcschr
_wcsnicmp
wcsrchr
_wcsicmp
_vsnwprintf_s
wcsstr
memcpy_s
_purecall
_errno
wcstoul
_vsnprintf
malloc
free
_stricmp
_vsnwprintf

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-libraryloader-l1-1-0

LoadStringW
GetProcAddress
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
GetModuleHandleExW
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegFlushKey
RegSetKeySecurity
RegCreateKeyExW
RegEnumValueW
RegEnumKeyExW
RegSaveKeyExW
RegGetKeySecurity
RegCloseKey
RegUnLoadKeyW
RegRestoreKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegGetValueW
RegOpenKeyExW
RegDeleteValueW

api-ms-win-core-synch-l1-1-0

OpenEventW
CreateEventW
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSection
WaitForSingleObjectEx
LeaveCriticalSection
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
SetEvent
CreateMutexW
ReleaseMutex
ResetEvent
WaitForSingleObject
DeleteCriticalSection

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA
EnumUILanguagesW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceExW
WriteFile
GetFileTime
GetFileSizeEx
RemoveDirectoryW
SetEndOfFile
GetFileSize
FindFirstFileW
CompareFileTime
FindNextFileW
FindClose
DeleteFileW
SetFileAttributesW
GetFileAttributesW
GetFinalPathNameByHandleW
CreateDirectoryW
GetFullPathNameW
GetFileInformationByHandle
SetFileTime
GetFileAttributesExW
SetFilePointer
CreateFileW
FlushFileBuffers
ReadFile
GetVolumePathNameW
GetDiskFreeSpaceW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetTickCount64
GetSystemTime
GetSystemWindowsDirectoryW
GetVersionExW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
TerminateProcess
SetThreadPriority
TlsAlloc
CreateThread
GetExitCodeThread
TlsSetValue
CreateProcessW
TlsGetValue
GetExitCodeProcess
GetCurrentThreadId
GetCurrentProcess
InitializeProcThreadAttributeList
ResumeThread
GetCurrentThread
SetThreadToken
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
OpenThreadToken

api-ms-win-security-base-l1-1-0

CopySid
SetFileSecurityW
InitializeAcl
DuplicateTokenEx
AddAccessAllowedAceEx
IsValidAcl
GetLengthSid
CreateRestrictedToken
CheckTokenMembership
FreeSid
IsValidSid
GetKernelObjectSecurity
GetTokenInformation
GetAclInformation
AdjustTokenPrivileges
GetAce
AddAce
AllocateAndInitializeSid
ImpersonateSelf
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RevertToSelf
DuplicateToken

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalFree
GlobalUnlock
GlobalAlloc
LocalAlloc
GlobalLock
LocalFree

api-ms-win-core-registry-l2-1-0

RegCreateKeyTransactedW
RegDeleteKeyValueW
RegSetKeyValueW
RegDeleteKeyTransactedW
RegDeleteKeyW
RegOpenKeyTransactedW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
MoveFileW
LoadLibraryW
RaiseFailFastException

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx
CopyFileExW

api-ms-win-core-com-l1-1-0

StringFromCLSID
CLSIDFromString
CoGetMalloc
CoTaskMemFree
CoUnmarshalInterface
CoCreateGuid
CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
CoUninitialize
CoImpersonateClient
CoGetCallContext
CoRevertToSelf

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWrite
EventWriteTransfer
EventRegister

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-kernel32-private-l1-1-1

PrivCopyFileExW

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpA

api-ms-win-eventing-legacy-l1-1-0

FlushTraceW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapCreate
HeapFree
HeapDestroy

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-memory-l1-1-0

WriteProcessMemory
MapViewOfFile
UnmapViewOfFile
ReadProcessMemory
VirtualQueryEx
CreateFileMappingW

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext
CryptHashData
CryptAcquireContextW
CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptDestroyHash

api-ms-win-core-localization-l1-2-0

GetThreadPreferredUILanguages
GetLocaleInfoEx

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

ntdll

NtCreateKey
NtQueryVolumeInformationFile
RtlCreateSecurityDescriptor
RtlDestroyEnvironment
NtQueryDirectoryFile
NtQuerySecurityObject
NtSetValueKey
RtlGetDaclSecurityDescriptor
NtQueryValueKey
RtlDeleteSecurityObject
RtlCopyUnicodeString
RtlDuplicateUnicodeString
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlLengthSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMakeSelfRelativeSD
RtlSetEnvironmentVariable
RtlCreateEnvironment
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
NtQuerySystemTime
RtlSetControlSecurityDescriptor
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
RtlIsTextUnicode
RtlUnicodeToMultiByteSize
RtlConvertSidToUnicodeString
RtlValidAcl
NtAdjustPrivilegesToken
RtlSetSaclSecurityDescriptor
RtlValidSid
NtDuplicateToken
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlAllocateAndInitializeSid
RtlGetGroupSecurityDescriptor
RtlCopySid
RtlSetGroupSecurityDescriptor
RtlFindAceByType
NtQueryInformationToken
RtlAddAccessAllowedAce
NtQuerySystemInformation
RtlCreateEnvironmentEx
RtlExpandEnvironmentStrings_U
NtQueryLicenseValue
RtlNtStatusToDosErrorNoTeb
RtlTimeToTimeFields
DbgPrint
RtlCreateUnicodeStringFromAsciiz
NtSetSystemInformation
NtFlushKey
NtOpenThreadToken
NtYieldExecution
NtFsControlFile
NtDuplicateObject
RtlGetVersion
NtFlushBuffersFile
NtQueryAttributesFile
RtlAddAce
NtDeleteValueKey
NtDelayExecution
RtlQueryEnvironmentVariable_U
NtSetSecurityObject
NtDeleteFile
RtlNewSecurityObjectEx
RtlAddAccessAllowedAceEx
NtSetInformationFile
RtlQueryInformationAcl
RtlpApplyLengthFunction
NtQueryPerformanceCounter
RtlGetAce
LdrGetDllHandle
NtOpenKey
RtlSetDaclSecurityDescriptor
NtEnumerateValueKey
NtWriteFile
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtEnumerateKey
RtlSetOwnerSecurityDescriptor
NtOpenProcessToken
NtDeleteKey
NtQueryKey
RtlUpcaseUnicodeChar
RtlDowncaseUnicodeChar
RtlReAllocateHeap
RtlFormatCurrentUserKeyPath
DbgPrintEx
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
NtWaitForSingleObject
NtQueryEaFile
RtlReleaseRelativeName
NtSetEaFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtLoadKey2
NtOpenFile
NtReadFile
RtlCreateAcl
NtSetInformationThread
RtlCreateHeap
RtlDestroyHeap
RtlTimeToSecondsSince1980
NtUnloadKey2
RtlFreeSid
NtResumeThread
RtlCreateUserProcess
RtlCreateProcessParameters
RtlDestroyProcessParameters
RtlNtStatusToDosError
LdrLoadDll
LdrUnloadDll
LdrGetProcedureAddress
RtlAllocateHeap
RtlLengthSid
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtQueryInformationFile
NtCreateFile
NtCommitTransaction
NtCreateTransaction
RtlInitUnicodeStringEx
NtQueryInformationProcess
NtQueryOpenSubKeysEx
RtlInitUnicodeString
NtQueryObject
RtlRaiseStatus
NtClose
NtRollbackTransaction

userenv

GetProfilesDirectoryW

crypt32

CertCloseStore
CertVerifyCertificateChainPolicy
CertGetSubjectCertificateFromStore
CryptDecodeObject
CertFreeCTLContext
CertCreateContext
CryptStringToBinaryW
CertAddStoreToCollection
CertAddEncodedCertificateToStore
CryptMsgClose
CertGetEnhancedKeyUsage
CryptMsgUpdate
CertGetCertificateChain
CertFreeCertificateContext
CryptMsgGetAndVerifySigner
CertFindSubjectInCTL
CryptMsgOpenToDecode
CertOpenStore
CryptMsgGetParam
CertCreateCTLContext
CryptHashCertificate2
CertFreeCertificateChain

rpcrt4

UuidCreate

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

bcrypt

BCryptHashData
BCryptFinishHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

Exports

Exports

CbsCoreEnsureNoStartupProcessing
CbsCoreFinalize
CbsCoreFinalizeShutdownProcessing
CbsCoreGetActiveOfflineSession
CbsCoreInitialize
CbsCoreInitializeDelayedPortion
CbsCoreIsExecutionEngineIdle
CbsCoreLoadComponentStore
CbsCorePrepareShutdownProcessing
CbsCoreServiceIdleProcessing
CbsCoreSetCustomLogging
CbsCoreSetState
CbsCoreShutdownProcessing
CbsCoreStartupProcessing
CbsCoreStopIdleProcessing
CbsCreateSessionNotify
CbsCreateSessionNotifyFinalize
CbsCreateSessionNotifyInitialize
CbsSetCbsCorePathInOfflineImage
SetRebootInProgressFlag
SetTestMode

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CbsProvider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b9d7e53d5d722431250b47d13e6d4713

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:45:8b:e3:f3:31:80:47:c9:d6:ca:38:67:ba:e8:bd:a3:cf:74:5b:6b:5a:be:f3:30:2b:48:13:5a:ca:ce:e4
Signer

Actual PE Digest

1b:45:8b:e3:f3:31:80:47:c9:d6:ca:38:67:ba:e8:bd:a3:cf:74:5b:6b:5a:be:f3:30:2b:48:13:5a:ca:ce:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

CBSProvider.pdb

Imports

msvcrt

_vsnwprintf
__CxxFrameHandler3
wcsstr
_wcsnicmp
iswspace
wcstoul
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_ultow_s
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_wcslwr_s
wcsrchr
_wtoi64
??0exception@@QEAA@XZ
_wtoi
iswdigit
malloc
calloc
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
memcpy_s
_purecall
wcschr
vswprintf_s
_vscwprintf
_wcstoui64
_wcsicmp
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
_unlock
memcpy
memcmp
__RTDynamicCast
memset

advapi32

RegDeleteKeyExW
RegEnumValueW
RegFlushKey
RegEnumKeyExW
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
InitializeAcl
RegDeleteKeyW
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
RegSetValueExW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegUnLoadKeyW
RegQueryValueExW
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

kernel32

ReadFile
RemoveDirectoryW
SetLastError
DeviceIoControl
SetFileAttributesW
GetCurrentDirectoryW
GetLongPathNameW
GetFinalPathNameByHandleW
SetFilePointer
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
GetCurrentProcessId
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
SetThreadUILanguage
GetFileAttributesW
CompareStringW
HeapFree
GetProcessHeap
GetCurrentProcess
CloseHandle
LoadLibraryW
FreeLibrary
CopyFileW
Sleep
DeleteFileW
SizeofResource
LockResource
LoadResource
FindResourceExW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetFileSize
GetTimeFormatW
GetDateFormatW
GetSystemInfo
GetModuleHandleExW
IsWow64Process
SearchPathW
ExpandEnvironmentStringsW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetCurrentThreadId
FormatMessageW
LocalFree
CreateFileW
GetFullPathNameW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetFileInformationByHandle

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
CoCreateGuid
CoGetMalloc

user32

CharNextW
LoadStringW
CharLowerBuffW

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysStringLen
CreateErrorInfo
SysAllocString
UnRegisterTypeLi
SysFreeString
SetErrorInfo
SysAllocStringLen
LoadTypeLi
VarBstrCmp
LoadRegTypeLi
VariantClear
VarBstrCat
RegisterTypeLi
GetErrorInfo

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

ntdll

RtlGetVersion
RtlDeleteCriticalSection
RtlReAllocateHeap
RtlFreeHeap
RtlRaiseStatus
NtYieldExecution
RtlInitializeCriticalSection
RtlNtStatusToDosError
NtSetInformationFile
RtlAllocateHeap

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 485KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CertEnroll.dll
.dll regsvr32 windows:10 windows x64 arch:x64

cd20828b00f497217594a79d546335fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CertEnroll.pdb

Imports

msvcrt

calloc
wcsrchr
qsort
__isascii
ispunct
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
strcmp
realloc
_XcptFilter
_errno
memset
memmove
memcpy
memcmp
__iob_func
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
wcsstr
srand
wcschr
_stricmp
rand
_wcsnicmp
_itow
_wtoi
iswdigit
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
_wcsicmp
_purecall
wcscat_s
wcscpy_s
malloc
wcsncpy_s
_vsnwprintf
free
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
memmove_s
memcpy_s
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strcspn
fprintf
wcscspn
fflush
fclose
fopen
_wgetenv
fseek
ftell
fwrite
iswalpha
strchr
getenv
_vsnprintf
iswxdigit
iswspace
wcsncmp
isdigit
atoi
strncmp
fputws
ferror
_wfopen_s
fwprintf
vfwprintf
towlower
iswupper
iswlower
towupper
_strnicmp
bsearch
_unlock
_onexit
__dllonexit
__C_specific_handler
pow
wcscmp

certca

ord434
ord404
ord444
ord819
ord487
ord435
ord485
ord412
ord869
ord601
ord436
ord809
ord450
ord449
ord602
ord845
ord442
ord453
ord705
ord413
ord452
ord414
ord707
ord824
ord838
ord703
ord455
ord457
ord460
ord462
ord458
ord456
ord468
ord438
ord454
ord467
ord847
ord841
ord839
ord840
ord405
ord430
ord844
ord704
ord416
ord446
ord802
ord420
ord843
ord823
ord820
ord445
ord440
ord486
ord801
ord842
ord813
ord808
ord479
ord846

api-ms-win-core-synch-l1-1-0

CreateMutexExW
CreateEventW
ReleaseMutex
WaitForSingleObjectEx
DeleteCriticalSection
CreateSemaphoreExW
SetEvent
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObject
ReleaseSemaphore
CreateEventExW
InitializeSRWLock
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
AcquireSRWLockShared

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetModuleHandleW
FindResourceExW
LoadLibraryExW
LoadStringW
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleFileNameW
LoadResource
LockResource
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegUnLoadKeyW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyExW
RegGetValueW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegLoadKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l2-1-0

CharLowerW
CharNextW

api-ms-win-core-string-l1-1-0

FoldStringW
CompareStringEx
CompareStringW
MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount
GetComputerNameExW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemTime
GetVersionExW

crypt32

CertFreeCRLContext
CryptFindOIDInfo
CertCreateCRLContext
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertOpenStore
CryptDecodeObject
CertSetCertificateContextProperty
CryptProtectData
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptEncodeObjectEx
CertSerializeCertificateStoreElement
PFXImportCertStore
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptMsgGetParam
CryptMsgUpdate
CryptMsgOpenToEncode
CryptHashPublicKeyInfo
CertEnumCertificateContextProperties
CryptExportPublicKeyInfoEx
CryptHashCertificate2
CryptSignCertificate
CertGetPublicKeyLength
CryptVerifyCertificateSignatureEx
CryptRegisterOIDInfo
CryptEnumOIDInfo
CertComparePublicKeyInfo
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertGetCRLContextProperty
CryptMsgOpenToDecode
CertDuplicateStore
CertRegisterPhysicalStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertFindCTLInStore
CertDuplicateCertificateContext
CryptAcquireCertificatePrivateKey
PFXExportCertStoreEx
CertAddEncodedCertificateToStore
CryptVerifyMessageSignature
CryptMsgCalculateEncodedLength
CryptMsgDuplicate
CryptMemFree
CryptVerifyTimeStampSignature
CryptUnprotectMemory
CryptProtectMemory
CertAddCertificateLinkToStore
CertAddSerializedElementToStore
CertFreeCertificateChainList
CertSelectCertificateChains
CryptImportPublicKeyInfoEx2
CryptHashCertificate
CertDeleteCertificateFromStore
CryptMsgGetAndVerifySigner
CertFindAttribute
CryptQueryObject
CertGetIssuerCertificateFromStore
CryptStringToBinaryW
CryptMsgClose
CertGetNameStringW
CryptEncryptMessage
CertSaveStore
CryptVerifyCertificateSignature
CryptDecodeObjectEx
CertCreateCertificateContext
CertGetEnhancedKeyUsage
CryptExportPKCS8
CertNameToStrW
CryptBinaryToStringW
CertVerifySubjectCertificateContext
CertControlStore
CryptImportPublicKeyInfo
CertGetIntendedKeyUsage
CertStrToNameW
PFXIsPFXBlob
CryptDecryptMessage
CryptSignMessage
CryptFormatObject
CertFindExtension

api-ms-win-core-file-l1-1-0

LocalFileTimeToFileTime
FindClose
FindNextFileW
GetTempFileNameW
DeleteFileW
GetFullPathNameW
FindFirstFileW
GetFileTime
FileTimeToLocalFileTime
GetFileType
CreateFileW
CompareFileTime
GetFileSize
SetEndOfFile
SetFilePointer
WriteFile
CreateDirectoryW

api-ms-win-core-localization-l1-2-0

IdnToUnicode
GetACP
GetLocaleInfoW
FormatMessageW
IdnToAscii

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW
GetStdHandle
GetCommandLineW
GetEnvironmentVariableW

api-ms-win-security-base-l1-1-0

RevertToSelf
IsValidSecurityDescriptor
ImpersonateLoggedOnUser
GetSecurityDescriptorLength
AllocateAndInitializeSid
FreeSid
SetSecurityDescriptorControl
GetLengthSid
CopySid
GetTokenInformation
EqualSid
CreateWellKnownSid
DuplicateTokenEx

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
CreateThread
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
GetProcessId
GetCurrentThreadId

dsparse

DsGetRdnW

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate
UuidFromStringW
UuidIsNil
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer2_Release
NdrClientCall3
IUnknown_AddRef_Proxy
RpcEpResolveBinding
RpcStringBindingComposeW
RpcBindingFromStringBindingW
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
NdrStubCall3
IUnknown_QueryInterface_Proxy
RpcBindingSetAuthInfoExW
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
RpcBindingFree
RpcExceptionFilter
CStdStubBuffer_CountRefs
NdrStubForwardingFunction
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient21
ObjectStublessClient22
NdrProxyForwardingFunction3
ObjectStublessClient3
CStdStubBuffer2_Connect
ObjectStublessClient16
ObjectStublessClient10
ObjectStublessClient17
ObjectStublessClient18
ObjectStublessClient20
ObjectStublessClient9
ObjectStublessClient15
ObjectStublessClient23
CStdStubBuffer2_Disconnect
ObjectStublessClient7
ObjectStublessClient13
ObjectStublessClient8
CStdStubBuffer2_CountRefs
CStdStubBuffer2_QueryInterface
ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient19
ObjectStublessClient6
NdrProxyForwardingFunction5
ObjectStublessClient11
NdrProxyForwardingFunction4

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-datetime-l1-1-0

GetDateFormatA
GetTimeFormatW
GetTimeFormatA
GetDateFormatW

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
TrySubmitThreadpoolCallback
CallbackMayRunLong

api-ms-win-core-url-l1-1-0

UrlGetPartW

api-ms-win-security-activedirectoryclient-l1-1-0

DsUnBindW

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-security-logon-l1-1-0

LogonUserExW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

ntdll

RtlCapabilityCheck
RtlCheckTokenMembershipEx
RtlCheckTokenMembership
RtlSubAuthoritySid
RtlInitializeSid
RtlGetPersistedStateLocation
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlCheckTokenCapability
NtQueryInformationToken
WinSqmIncrementDWORD
WinSqmSetString
RtlInitUnicodeString
EtwTraceMessage
NtQuerySystemInformationEx
RtlNtStatusToDosError
EtwEventWriteFull
EtwEventUnregister
EtwEventRegister
RtlEqualSid

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

CreateLogonCertificateRequest
DeleteLogonCertificateRequest
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
ImportPFXToProvider
ImportPFXToProviderFreeData
InstallLogonCertificateResponse
IsLogonCertificateTemplateAvailable
LogCertArchive
LogCertCopy
LogCertDelete
LogCertExpire
LogCertExport
LogCertImport
LogCertInstall
LogCertReplace
UpdateMachinePolicyConfigurationForTemplate

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 960KB - Virtual size: 960KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Chakra.dll
.dll regsvr32 windows:10 windows x64 arch:x64

11b074a2945e7b1bbeb1dcf10fabcded

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

chakra.pdb

Imports

msvcrt

_snwprintf_s
modf
qsort
_vscwprintf
towupper
_wcslwr_s
isalpha
isdigit
_hypot
_tzset
memcpy
acos
asin
atan
atan2
cos
exp
log
sin
tan
_XcptFilter
_beginthreadex
_aligned_malloc
_aligned_free
abort
fprintf
_wfsopen
wcsrchr
_wcsnicmp
_wsplitpath_s
_itow_s
fwprintf
_flushall
fflush
wprintf
fwprintf_s
fclose
rand_s
_clearfp
_statusfp
_controlfp_s
wcsstr
wcstok_s
strnlen
wcsncmp
_ui64tow_s
_wcstoui64
vswprintf_s
_i64tow_s
wcsncpy_s
__iob_func
strncmp
wcsncat_s
wcstoul
tolower
ceil
ceilf
floor
floorf
sqrt
sqrtf
_wcsdup
_ltow_s
_ultow_s
wcscpy_s
realloc
wcscat_s
_vsnwprintf_s
qsort_s
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
_wcsicmp
malloc
wcschr
free
swprintf_s
_purecall
__C_specific_handler
_amsg_exit
_initterm
strcmp
sinh
pow
memset
memmove
memcmp
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
tanh
__CxxFrameHandler3
_CxxThrowException
_setjmp
cosh
fmod
log10
wcscmp

api-ms-win-core-atoms-l1-1-0

DeleteAtom
AddAtomW
FindAtomW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapUnlock
HeapLock
HeapDestroy
HeapCreate
HeapAlloc
HeapFree

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation
EventActivityIdControl

api-ms-win-core-synch-l1-1-0

SetEvent
CreateMutexExW
AcquireSRWLockShared
WaitForMultipleObjectsEx
ReleaseSRWLockShared
CreateEventW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSection
ReleaseSRWLockExclusive
ResetEvent
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
WaitForSingleObject
TryEnterCriticalSection
InitializeCriticalSectionEx
ReleaseSemaphore
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
GetStdHandle

api-ms-win-core-processthreads-l1-1-0

TlsFree
TlsGetValue
TerminateProcess
GetCurrentThread
SwitchToThread
TlsAlloc
SetThreadPriority
ResumeThread
GetProcessId
SuspendThread
GetCurrentProcessId
TlsSetValue
SetThreadStackGuarantee
GetProcessTimes
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegSetValueExW
RegCloseKey
RegGetValueW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-libraryloader-l1-1-0

LoadResource
FreeLibraryAndExitThread
SizeofResource
FindResourceExW
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
LockResource
GetProcAddress
GetModuleHandleW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-sysinfo-l1-1-0

GetLogicalProcessorInformation
GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo
GetSystemTimeAdjustment
GlobalMemoryStatusEx
GetSystemDirectoryW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
GetUserDefaultLocaleName
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-memory-l1-1-0

VirtualProtectEx
VirtualQuery
CreateFileMappingW
VirtualProtect
VirtualAlloc
VirtualFree

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpICW
StrTrimW
StrCmpLogicalW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathGetDriveNumberW
PathIsUNCW
PathIsLFNFileSpecW
PathIsFileSpecW
PathFindFileNameW
PathRemoveFileSpecW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetSystemTimePreciseAsFileTime

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation
K32GetProcessMemoryInfo

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
QueryDepthSList
InterlockedPopEntrySList
InterlockedFlushSList

api-ms-win-core-memory-l1-1-1

ResetWriteWatch
GetWriteWatch

api-ms-win-core-rtlsupport-l1-1-0

RtlAddFunctionTable
RtlCaptureStackBackTrace
RtlDeleteFunctionTable
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-kernel32-legacy-l1-1-0

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
GetThreadContext
GetProcessMitigationPolicy

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformationForYear
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetProcessIoCounters

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

rpcrt4

IUnknown_Release_Proxy
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
NdrDllCanUnloadNow
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
RpcBindingFree
RpcBindingCreateW
RpcBindingBind
RpcExceptionFilter
NdrClientCall3
RpcServerUseProtseqW
RpcServerRegisterIf3
RpcServerInqBindings
RpcEpRegisterW
RpcBindingVectorFree
RpcServerListen
CStdStubBuffer_Invoke
RpcMgmtStopServerListening
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
NdrDllGetClassObject
NdrDllUnregisterProxy
NdrServerCallNdr64
I_RpcBindingInqLocalClientPID
RpcServerUnregisterIf

api-ms-win-core-memory-l1-1-5

VirtualUnlockEx
MapViewOfFileNuma2
UnmapViewOfFile2

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchCombine

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString

icuuc

unorm2_getInstance
unorm2_normalize
u_strlen
unorm2_isNormalized
u_hasBinaryProperty
u_charType
u_strToUpper
u_strToLower
uloc_addLikelySubtags
uenum_close
uenum_unext
uloc_getBaseName
uloc_getName
uloc_toUnicodeLocaleType
uenum_next
uloc_forLanguageTag
uloc_toLanguageTag
uloc_getAvailable
uloc_countAvailable
uenum_count

icuin

unum_getAvailable
ucol_getAvailable
udat_getAvailable
udat_countAvailable
ucol_getKeywordValuesForLocale
unum_countAvailable
ucol_countAvailable
udat_formatForFields
ucol_open
unumsys_close
udatpg_close
ufieldpositer_close
unum_close
udat_close
ucol_close
uplrules_close
unum_parseDouble
uplrules_select
uplrules_getKeywords
uplrules_openForType
ucal_getDefaultTimeZone
ucal_getCanonicalTimeZoneID
ucal_openTimeZoneIDEnumeration
udatpg_open
udatpg_getBestPatternWithOptions
ucal_setGregorianChange
udat_getCalendar
udat_open
ucol_getAttribute
udat_format
ufieldpositer_next
ufieldpositer_open
unum_formatDoubleForFields
unum_formatDouble
unum_getAttribute
ucol_strcoll
ucol_setAttribute
ucol_setStrength
unum_setTextAttribute
unum_open
unum_setAttribute
unumsys_getName
unumsys_open
ucal_getKeywordValuesForLocale
ulocdata_getCLDRVersion

iertutil

ord650

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringEx

api-ms-win-core-string-l2-1-0

CharLowerW
CharLowerBuffW
CharUpperBuffW

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

bcrypt

BCryptGenRandom

Exports

Exports

CreateChakraEngine
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DumpDiagInfo
JsAddRef
JsBoolToBoolean
JsBooleanToBool
JsCallFunction
JsCollectGarbage
JsConstructObject
JsConvertValueToBoolean
JsConvertValueToNumber
JsConvertValueToObject
JsConvertValueToString
JsCreateArray
JsCreateArrayBuffer
JsCreateContext
JsCreateDataView
JsCreateError
JsCreateExternalArrayBuffer
JsCreateExternalObject
JsCreateFunction
JsCreateNamedFunction
JsCreateObject
JsCreateRangeError
JsCreateReferenceError
JsCreateRuntime
JsCreateSymbol
JsCreateSyntaxError
JsCreateThreadService
JsCreateTypeError
JsCreateTypedArray
JsCreateURIError
JsDefineProperty
JsDeleteIndexedProperty
JsDeleteProperty
JsDisableRuntimeExecution
JsDiscardBackgroundParse
JsDisposeRuntime
JsDoubleToNumber
JsEnableRuntimeExecution
JsEnumerateHeap
JsEquals
JsGetAndClearException
JsGetArrayBufferStorage
JsGetContextData
JsGetContextOfObject
JsGetCurrentContext
JsGetDataViewStorage
JsGetExtensionAllowed
JsGetExternalData
JsGetFalseValue
JsGetGlobalObject
JsGetIndexedPropertiesExternalData
JsGetIndexedProperty
JsGetNullValue
JsGetOwnPropertyDescriptor
JsGetOwnPropertyNames
JsGetOwnPropertySymbols
JsGetProperty
JsGetPropertyIdFromName
JsGetPropertyIdFromSymbol
JsGetPropertyIdType
JsGetPropertyNameFromId
JsGetPrototype
JsGetRuntime
JsGetRuntimeMemoryLimit
JsGetRuntimeMemoryUsage
JsGetStringLength
JsGetSymbolFromPropertyId
JsGetTrueValue
JsGetTypedArrayInfo
JsGetTypedArrayStorage
JsGetUndefinedValue
JsGetValueType
JsHasException
JsHasExternalData
JsHasIndexedPropertiesExternalData
JsHasIndexedProperty
JsHasProperty
JsIdle
JsInitializeJITServer
JsInspectableToObject
JsInstanceOf
JsIntToNumber
JsIsEnumeratingHeap
JsIsRuntimeExecutionDisabled
JsNumberToDouble
JsNumberToInt
JsObjectToInspectable
JsParseScript
JsParseScriptWithAttributes
JsParseSerializedScript
JsParseSerializedScriptWithCallback
JsPointerToString
JsPreventExtension
JsProjectWinRTNamespace
JsQueueBackgroundParse
JsRelease
JsRunScript
JsRunSerializedScript
JsRunSerializedScriptWithCallback
JsSerializeScript
JsSetContextData
JsSetCurrentContext
JsSetException
JsSetExternalData
JsSetIndexedPropertiesToExternalData
JsSetIndexedProperty
JsSetObjectBeforeCollectCallback
JsSetProjectionEnqueueCallback
JsSetPromiseContinuationCallback
JsSetProperty
JsSetPrototype
JsSetRuntimeBeforeCollectCallback
JsSetRuntimeMemoryAllocationCallback
JsSetRuntimeMemoryLimit
JsStartDebugging
JsStartProfiling
JsStopProfiling
JsStrictEquals
JsStringToPointer
JsValueToVariant
JsVarAddRef
JsVarRelease
JsVarToExtension
JsVarToScriptDirect
JsVariantToValue
MemProtectHeapAddRootSection
MemProtectHeapCollect
MemProtectHeapCreate
MemProtectHeapDestroy
MemProtectHeapDisableCollection
MemProtectHeapIsValidObject
MemProtectHeapMemSize
MemProtectHeapNotifyCurrentThreadDetach
MemProtectHeapProtectCurrentThread
MemProtectHeapRemoveRootSection
MemProtectHeapReportHeapSize
MemProtectHeapRootAlloc
MemProtectHeapRootAllocLeaf
MemProtectHeapRootRealloc
MemProtectHeapRootReallocLeaf
MemProtectHeapSynchronizeWithCollector
MemProtectHeapUnprotectCurrentThread
MemProtectHeapUnrootAndZero
RecyclerNativeHeapAddExternalMemoryUsage
RecyclerNativeHeapAllocLeaf
RecyclerNativeHeapAllocLeafFinalized
RecyclerNativeHeapAllocTraced
RecyclerNativeHeapAllocTracedFinalized
RecyclerNativeHeapCollectGarbageInThread
RecyclerNativeHeapCreateWeakReference
RecyclerNativeHeapGetRealAddressFromInterior
RecyclerNativeHeapGetStrongReference
RecyclerNativeHeapHasWeakReferenceCleanupOccurred
RecyclerNativeHeapRootAddRef
RecyclerNativeHeapRootRelease

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mrdata
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ChatApis.dll
.dll windows:10 windows x64 arch:x64

4e49922e3b538d2cc8f4e14368f45197

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ChatApis.pdb

Imports

msvcrt

_amsg_exit
_XcptFilter
_lock
__C_specific_handler
_unlock
memcmp
__dllonexit
_onexit
memcpy
__CxxFrameHandler3
_callnewh
_vsnwprintf
tolower
_wtol
wcstok_s
_errno
_vsnwprintf_s
_wtoi
realloc
memmove_s
wcstoul
_purecall
memmove
wcsncpy_s
malloc
free
memcpy_s
_initterm
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
SizeofResource
GetModuleFileNameA
FindResourceExW
LoadResource
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
FreeLibrary

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
SetEvent
LeaveCriticalSection
AcquireSRWLockShared
CreateEventW
InitializeSRWLock
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
EnterCriticalSection
DeleteCriticalSection
AcquireSRWLockExclusive
CreateEventExW
InitializeCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionEx

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCreateKeyExW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister
EventActivityIdControl

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolWait
SubmitThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
TerminateProcess
SetThreadToken
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
GetCurrentProcess

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize
SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW

ntdll

RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

userdataplatformhelperutil

IsCommsSystemService
GetUserTokenFromContext
GetUserContextFromHandle
RunServicesInProc
GenerateUserModeServiceName
StartAndWaitForServiceForUser

systemeventsbrokerclient

SebDeleteEvent
SebCreateChatNotificationEvent
SebCreateMessageInterceptNotificationEvent
SebCreateRcsEndUserMessageNotificationEvent

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 526KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cdosys.dll
.dll regsvr32 windows:10 windows x64 arch:x64

2a35299dcfba4b331f7f28b0f617b5a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cdosys.pdb

Imports

msvcrt

memmove
_lock
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
wcsrchr
wcstok
isspace
strtoul
bsearch
qsort
_unlock
towlower
toupper
tolower
_strdup
isdigit
atol
memcmp
memset
_XcptFilter
_amsg_exit
__CxxFrameHandler3
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__dllonexit
_onexit
towupper
_wcslwr
strncmp
wcsncmp
strchr
_vsnwprintf
wcsstr
printf
strspn
sscanf_s
memchr
strrchr
strstr
_memicmp
swscanf
strpbrk
strcspn
_stricmp
_purecall
strcpy_s
realloc
strcat_s
malloc
free
_vsnprintf
_wsplitpath_s
iswspace
wcschr
_wcsnicmp
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__C_specific_handler
_wcsicmp
strcmp
wcscmp

kernel32

GetTimeZoneInformation
CompareFileTime
TlsAlloc
ResetEvent
IsDBCSLeadByteEx
GetModuleHandleExW
GetModuleHandleW
DebugBreak
IsValidCodePage
GetFileTime
GetStringTypeW
GlobalUnlock
GlobalHandle
GlobalFree
SetUnhandledExceptionFilter
GlobalAlloc
GlobalReAlloc
GetSystemDefaultLangID
GetCPInfo
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
FormatMessageA
GetLastError
MultiByteToWideChar
FormatMessageW
GetVersionExA
LoadLibraryA
FreeLibrary
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetSystemInfo
TlsFree
TlsGetValue
TlsSetValue
GetCurrentProcess
VirtualQuery
VirtualFree
VirtualAlloc
VirtualProtect
LoadLibraryExA
lstrcmpiA
lstrcpynA
WideCharToMultiByte
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceExA
GetModuleFileNameA
GetUserDefaultLCID
DisableThreadLibraryCalls
FileTimeToSystemTime
SystemTimeToFileTime
GetDateFormatA
GetTimeFormatA
GetDateFormatW
GetTimeFormatW
lstrlenA
GetCurrentProcessId
GetTickCount
CreateFileA
CloseHandle
GetSystemTimeAsFileTime
lstrlenW
GetACP
GetThreadLocale
GetLocaleInfoW
GetCurrentThreadId
LocalFree
GetTempPathA
GetTempFileNameA
CopyFileA
SetFileAttributesA
CreateFileW
CreateEventA
GetFileSize
ReadFile
GetOverlappedResult
WriteFile
SetFilePointer
SetEndOfFile
FlushFileBuffers
FindFirstFileA
FindNextFileA
FindClose
GetLocaleInfoA
GetCurrentThread
SetEvent
WaitForSingleObject
GetSystemTime
Sleep
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GlobalLock

oleaut32

SetErrorInfo
CreateErrorInfo
SafeArrayPutElement
SafeArrayCreateVector
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopyInd
SysFreeString
SysAllocString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VariantChangeType
VariantCopy
SysAllocStringLen
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoCreateGuid
ProgIDFromCLSID
PropVariantClear
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

urlmon

CopyBindInfo
CoInternetGetSession
CoInternetParseUrl

winhttp

WinHttpCrackUrl
WinHttpSetOption

shlwapi

UrlCombineW

inetcomm

MimeOleInetDateToFileTime
MimeOleSetCompatMode
MimeOleGetInternat
MimeOleCreateMessage
MimeOleGetPropertySchema

advapi32

RegDeleteValueA
ImpersonateLoggedOnUser
RevertToSelf
OpenThreadToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegNotifyChangeKeyValue

user32

DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
PostThreadMessageA
CharPrevA
CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 624KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cdp.dll
.dll regsvr32 windows:10 windows x64 arch:x64

298b3183d318f9e71c643ad65c0f5b5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cdp.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

strncmp
memset
strpbrk

api-ms-win-crt-private-l1-1-0

_o__localtime64_s
_o__mkgmtime64
_o__mktime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__strnicmp
_o__strtoui64
_o___std_type_info_destroy_list
_o_atoi
memmove
_o_free
_o_iswspace
_o_malloc
_o_modf
_o_rand
_o_realloc
_o_strcpy_s
_o_strftime
_o_strncpy_s
_o_strtol
_o_strtoul
_o_terminate
_o_tolower
_o_toupper
_o_wcstoul
__C_specific_handler
_o__gmtime64_s
_o___std_exception_destroy
_o___std_exception_copy
_o__get_errno
strstr
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__execute_onexit_table
_o__errno
_o__initialize_narrow_environment
_o__dtest
_o__difftime64
_o__crt_atexit
_o__configure_narrow_argv
__CxxFrameHandler3
__std_terminate
__std_type_info_compare
memchr
strchr
wcschr
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
memcmp
memcpy
_o__wcsicmp

combase

NdrCStdStubBuffer2_Release
ord19
ord27
ord17
ord33
ord21
ord22
ord3
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
ord34
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_QueryInterface
ord9
ord16
CStdStubBuffer_CountRefs
ord8
CStdStubBuffer2_Disconnect
ord7
ord5
CStdStubBuffer_AddRef
ord4
ord12
ord6
ord14
ord2
CStdStubBuffer_DebugServerQueryInterface
ord10
ord13
ord11
CStdStubBuffer_Invoke
ord154
ord20
ord32
CStdStubBuffer2_Connect
ord23
ord24
CStdStubBuffer2_QueryInterface
ord25
ord18
NdrCStdStubBuffer_Release
ord15
ord26
CStdStubBuffer2_CountRefs

ntdll

NtOpenSemaphore
RtlIsMultiUsersInSessionSku
RtlGetDeviceFamilyInfoEnum
RtlSidDominates
RtlInitUnicodeString
NtCreateSemaphore
RtlGetTokenNamedObjectPath
RtlFreeUnicodeString
RtlPublishWnfStateData
NtOpenMutant
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtCreateWnfStateName
NtDeleteWnfStateName
ZwAlpcCancelMessage
RtlWakeAddressAll
TpAllocAlpcCompletion
vDbgPrintEx
NtPowerInformation
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
ZwAlpcSendWaitReceivePort
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
ZwClose
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
TpWaitForAlpcCompletion
ZwAlpcConnectPort
RtlWaitOnAddress
ZwAlpcQueryInformation
TpReleaseAlpcCompletion
ZwAlpcDisconnectPort

rpcrt4

IUnknown_QueryInterface_Proxy
NdrStubCall3
NdrStubForwardingFunction
NdrOleFree
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrOleAllocate
NdrClientCall3
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
RpcServerInqCallAttributesW

api-ms-win-core-libraryloader-l1-2-0

LoadResource
LockResource
GetProcAddress
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleW
FindStringOrdinal
FindResourceExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
SetThreadToken
GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
OpenProcessToken
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount64
GetComputerNameExW
GetLocalTime
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

shcore

IStream_Write
IStream_WriteStr
IStream_Reset
SHCreateMemStream
ord190
IStream_Size
IStream_Read
IStream_ReadStr

msvcp_win

?_Random_device@std@@YAIXZ
?_BADOFF@std@@3_JB
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Cnd_init_in_situ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Thrd_join
_Thrd_id
_Thrd_yield
?setf@ios_base@std@@QEAAHH@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Cnd_unregister_at_thread_exit
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Cnd_register_at_thread_exit
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Thrd_sleep
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Cnd_destroy_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setf@ios_base@std@@QEAAHHH@Z
_Query_perf_frequency
_Query_perf_counter
?_Xinvalid_argument@std@@YAXPEBD@Z
_Cnd_broadcast
_Cnd_init
_Xtime_get_ticks
_Thrd_detach
_Thrd_start
_Mtx_init
_Cnd_wait
_Cnd_destroy
_Cnd_do_broadcast_at_thread_exit
_Thrd_hardware_concurrency
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@D@std@@QEBADD@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Strcoll
_Strxfrm
?id@?$collate@D@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
_Mtx_current_owns
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Syserror_map@std@@YAPEBDH@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
_Cnd_signal
?_Xout_of_range@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
_Mtx_lock
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
_Mtx_init_in_situ
?flags@ios_base@std@@QEBAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??7ios_base@std@@QEBA_NXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
_Mtx_destroy_in_situ
?good@ios_base@std@@QEBA_NXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy

api-ms-win-crt-time-l1-1-0

_time64
clock

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserSize
HSTRING_UserFree
HSTRING_UserMarshal64
HSTRING_UserUnmarshal
HSTRING_UserUnmarshal64
WindowsCreateString
HSTRING_UserSize64
HSTRING_UserFree64
WindowsCreateStringReference
HSTRING_UserMarshal
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageW
GetSystemPreferredUILanguages

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoWaitForMultipleHandles
CoRevertToSelf
StringFromCLSID
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoImpersonateClient
CoTaskMemFree
CLSIDFromString
CoSwitchCallContext
CoTaskMemAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-threadpool-l1-2-0

CreateThreadpool
CreateThreadpoolWait
CloseThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolThreadMinimum
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpool
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SetThreadpoolThreadMaximum

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexW
CreateMutexExW
EnterCriticalSection
CreateSemaphoreExW
DeleteCriticalSection
SetEvent
ReleaseMutex
CreateEventExW
TryAcquireSRWLockExclusive
OpenMutexW
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW
InitializeSRWLock
WaitForSingleObject
OpenSemaphoreW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSemaphore
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
EventProviderEnabled

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageInfo

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken
GetPackageFamilyNameFromToken

api-ms-win-core-sysinfo-l2-1-0

GetUserNameW

api-ms-win-security-base-l1-1-0

GetLengthSid
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
CreateWellKnownSid
CopySid

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegNotifyChangeKeyValue
RegCreateKeyExW
RegGetValueW
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExW
RegGetValueA
RegCreateKeyExA

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

SetFilePointerEx
CreateFileW
FindClose
FindNextFileW
DeleteFileW
DeleteFileA
WriteFile
SetFilePointer
SetEndOfFile
GetFileAttributesW
CreateFileA
GetFileSize
CreateDirectoryA
FlushFileBuffers
FindFirstFileW
CreateDirectoryW
ReadFile
RemoveDirectoryW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchSkipRoot

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

crypt32

CertStrToNameW
CryptProtectData
CryptUnprotectData
CertGetCertificateContextProperty
CertGetNameStringW
CertDeleteCertificateFromStore
CertCreateSelfSignCertificate
CertFreeCertificateContext
CertAddCertificateContextToStore
CertSaveStore
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertCreateCertificateContext

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-devices-query-l1-1-0

DevCreateObjectQuery
DevCloseObjectQuery

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
CancelIoEx
DeviceIoControl
PostQueuedCompletionStatus
GetQueuedCompletionStatus

propsys

PSPropertyBag_WriteStr
PSCreateMemoryPropertyStore
PSPropertyBag_WriteUnknown

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

kernelbase

BaseFormatObjectAttributes

dsreg

DsrFreeJoinInfo
DsrGetJoinInfo

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-capability-l1-1-0

CapabilityCheck
RpcClientCapabilityCheck

Exports

Exports

CDPAccountFromWebAccount
CDPAcquireNetworkingInternal
CDPCreateAFSRegistrationClientInternal
CDPCreateAFSUserSettingsInternal
CDPCreateAccountInternalForUser
CDPCreateAccountProviderInternal
CDPCreateActivity
CDPCreateActivityAsset
CDPCreateActivityAssetInternal
CDPCreateActivityInternal
CDPCreateActivityStoreInfoInternal
CDPCreateActivityStoreInfoWatcher
CDPCreateActivityStoreInfoWatcherForUser
CDPCreateActivityStoreInfoWatcherInternal
CDPCreateActivityStoreReader
CDPCreateActivityStoreReaderForUser
CDPCreateActivityStoreReaderInternal
CDPCreateAllDevicesQuery
CDPCreateAllDevicesQueryForUser
CDPCreateAnonymousAccount
CDPCreateAppControlClient
CDPCreateAppControlClientInternal
CDPCreateAppId
CDPCreateAppRegistrationManager
CDPCreateAppRegistrationManagerForUser
CDPCreateAppRegistrationManagerInternal
CDPCreateAzureActiveDirectoryAccount
CDPCreateBinaryClient
CDPCreateBinaryClientInternal
CDPCreateBinaryHost
CDPCreateBinaryHostInternal
CDPCreateBinaryHostWithSettings
CDPCreateCallbackNotifierInternal
CDPCreateComObjectInternal
CDPCreateCrossPlatformAppId
CDPCreateCrossPlatformAppIdFromAppId
CDPCreateCurrentCrossPlatformAppId
CDPCreateDdsRegistrationClientInternal
CDPCreateDedupedDevice
CDPCreateDedupedDeviceQuery
CDPCreateDedupedDeviceQueryInternal
CDPCreateDedupedDeviceQueryParameters
CDPCreateDeviceInternal
CDPCreateDeviceQuery
CDPCreateDeviceQueryForSessionInternal
CDPCreateDeviceQueryForUser
CDPCreateDeviceQueryInternal
CDPCreateDeviceQueryWithIdentity
CDPCreateDirectNotificationHost
CDPCreateEnvironmentManagerInternal
CDPCreateHttpRequestInternal
CDPCreateMessagingHost
CDPCreateMessagingHostInternal
CDPCreateMicrosoftAccount
CDPCreateRemoteUserInternal
CDPCreateResource
CDPCreateResourceCollection
CDPCreateSettingsInteropInternal
CDPCreateTask
CDPCreateTaskInternal
CDPCreateTelemetryTask
CDPCreateTelemetryTaskInternal
CDPCreateUserInternal
CDPCreateUserNotificationClientInternal
CDPCreateUserServiceNotificationClient
CDPCreateUserServiceNotificationClientForUser
CDPCreateUuid
CDPFixAccounts
CDPGetAFCInitializer
CDPGetAccountProviderInternal
CDPGetAccountsNeedAttention
CDPGetActivityStore
CDPGetActivityStoreForAccount
CDPGetActivityStoreForAccountInternal
CDPGetActivityStoreForStoreInfo
CDPGetActivityStoreForStoreInfoAndUser
CDPGetActivityStoreForStoreInfoInternal
CDPGetActivityStoreForUser
CDPGetActivityStoreInternal
CDPGetCloudNotificationProviderInternal
CDPGetCoreInitializer
CDPGetDeviceCache
CDPGetDeviceCacheInternal
CDPGetHost
CDPGetLogger
CDPGetNearShareAuthorizationPolicyOfInteractiveUser
CDPGetRelayInitializer
CDPGetResourceHandler
CDPGetResourceManager
CDPGetSDKAuthorizationPolicyOfInteractiveUser
CDPGetSGSocket
CDPGetSystemAppId
CDPGetUserActivitySettings
CDPGetUserActivitySettingsForUser
CDPGetUserActivitySettingsInternal
CDPGetUserCollectionInternal
CDPInitialize
CDPInitializeForService
CDPInitializeSGPowerOnPacket
CDPInitializeUserService
CDPInitializeUserServicePhase2
CDPIsEnabled
CDPPreShutdown
CDPRegisterActivityConflictResolverInternal
CDPReleaseNetworkingInternal
CDPResume
CDPSetAccountProviderInternal
CDPSetAppControlHostCallback
CDPSetExtendedLocalDeviceStatus
CDPSetServicePid
CDPShutdown
CDPShutdownBluetooth
CDPStartCCSPolling
CDPStopCCSPolling
CDPSuspend
CDPUninitializeUserService
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cdprt.dll
.dll windows:10 windows x64 arch:x64

bab7de61bcbe52b34e64fc013209ae8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cdprt.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

memset
wcsspn

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__wcsicmp
_o__wcstoui64
memmove
_o_atoi
_o_ceil
_o_free
_o_malloc
_o_modf
_o_realloc
_o_strcpy_s
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
__C_specific_handler
strstr
_o__configure_narrow_argv
_CxxThrowException
wcsrchr
wcschr
__std_type_info_compare
strchr
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o___std_type_info_destroy_list
_o__errno
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
__std_terminate
_o__dtest
__CxxFrameHandler3
memcmp
memcpy

cdp

CDPCreateBinaryHostInternal
CDPCreateAFSRegistrationClientInternal
CDPCreateUuid
CDPGetSystemAppId
CDPCreateAppControlClient
CDPCreateResourceCollection
CDPGetAFCInitializer
CDPCreateAppRegistrationManagerForUser
CDPGetLogger
CDPShutdown
CDPInitialize
CDPCreateBinaryHost
CDPCreateDedupedDevice
CDPCreateCrossPlatformAppId
CDPCreateActivityStoreInfoInternal
CDPCreateAppId
CDPGetActivityStoreForAccount
CDPGetActivityStoreForStoreInfo
CDPCreateAccountInternalForUser
CDPGetUserActivitySettings
CDPAccountFromWebAccount
CDPCreateActivity
CDPCreateActivityStoreInfoWatcher
CDPCreateDedupedDeviceQueryParameters
CDPCreateDedupedDeviceQuery
CDPGetActivityStore
CDPCreateDeviceQuery
CDPCreateCurrentCrossPlatformAppId
CDPCreateAllDevicesQuery
CDPCreateBinaryClient

windows.storage

SHCreateItemFromParsingName

kernelbase

GetPackageFamilyName
GetCurrentPackageFamilyName
LocalAlloc
GetCurrentPackageFullName
GetApplicationUserModelIdFromToken
CloseState
OpenStateExplicit
Sleep
GetSystemAppDataKey

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadStringW
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
WaitForMultipleObjectsEx
CreateEventExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
WaitForSingleObjectEx
EnterCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionEx
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
OpenSemaphoreW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString
WindowsGetStringLen
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsDuplicateString

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetProcessTimes
GetCurrentProcess
TerminateProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
GetProcessId

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoTransformError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoCreateGuid
CoReleaseMarshalData
CoGetCallContext
CoWaitForMultipleHandles
CoMarshalInterface
CoCreateInstance
StringFromGUID2
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoGetInterfaceAndReleaseStream

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl
EventProviderEnabled

api-ms-win-security-base-l1-1-0

GetTokenInformation

ws2_32

inet_ntoa
WSAGetLastError
GetAddrInfoW
FreeAddrInfoW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey
RegOpenKeyExA
RegSetValueExW
RegCreateKeyExW
RegGetValueA

ntdll

RtlPublishWnfStateData
RtlQueryPackageClaims
RtlFreeHeap
NtQueryInformationToken
RtlCompareUnicodeString
RtlInitUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-rtcore-ntuser-window-l1-1-0

GetActiveWindow

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerCreateRequest

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-security-capability-l1-1-0

CapabilityCheck
RpcClientCapabilityCheck

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

combase

ord90
ord157

msvcp_win

?__ExceptionPtrRethrow@@YAXPEBX@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
_Mtx_destroy_in_situ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
_Cnd_signal
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Mtx_init
_Thrd_start
_Thrd_id
_Mtx_destroy
_Cnd_init
_Thrd_join
?_XGetLastError@std@@YAXXZ
_Thrd_detach
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Xbad_function_call@std@@YAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?setf@ios_base@std@@QEAAHHH@Z
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_current_owns
_Thrd_yield
_Query_perf_frequency
_Cnd_timedwait
_Query_perf_counter
_Xtime_get_ticks
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Cnd_init_in_situ
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_unregister_at_thread_exit
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Cnd_wait
_Mtx_init_in_situ
_Cnd_register_at_thread_exit
_Mtx_lock
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setf@ios_base@std@@QEAAHH@Z
??7ios_base@std@@QEBA_NXZ

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cdpsvc.dll
.dll windows:10 windows x64 arch:x64

742be82449efa6b3ef106854ed7fb743

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cdpsvc.pdb

Imports

msvcp_win

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_current_owns
_Thrd_yield
_Cnd_init_in_situ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_timedwait
_Thrd_id
_Xtime_get_ticks
_Thrd_join
_Cnd_broadcast
_Cnd_destroy_in_situ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Mtx_destroy_in_situ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Mtx_init_in_situ
_Cnd_init
_Mtx_destroy
_Thrd_detach
_Thrd_start
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
_Mtx_init
_Cnd_wait
_Cnd_destroy
_Cnd_do_broadcast_at_thread_exit
?_BADOFF@std@@3_JB
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_signal
_Query_perf_counter
_Query_perf_frequency
_Mtx_unlock
_Mtx_lock
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_realloc
_o_strcpy_s
_o_strncpy_s
_o_terminate
__C_specific_handler
_CxxThrowException
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__cexit
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_type_info_compare
__std_terminate
__CxxFrameHandler3
_o__crt_atexit
_o__configure_narrow_argv
memcmp
memcpy
_o___stdio_common_vswprintf

combase

ord154

ntdll

RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlIsMultiUsersInSessionSku

rpcrt4

UuidFromStringA

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-com-l1-1-0

CoFreeUnusedLibrariesEx
CoRevertToSelf
CoRevokeClassObject
CoInitializeEx
CoTaskMemFree
CoIncrementMTAUsage
StringFromGUID2
CoTaskMemAlloc
CoDecrementMTAUsage
CoResumeClassObjects
CoDisconnectContext
CoRegisterClassObject
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoImpersonateClient
CoCreateGuid
CoUninitialize
CoGetApartmentType
CoWaitForMultipleHandles

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
OpenThreadToken
OpenProcessToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateEventW
InitializeCriticalSection
CreateSemaphoreExW
InitializeSRWLock
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
SetEvent
CreateEventExW
ResetEvent
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnterCriticalSection

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
TrySubmitThreadpoolCallback

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsConcatString
WindowsDuplicateString
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsGetStringLen

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoTransformError
RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoRegisterActivationFactories
RoActivateInstance
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegGetValueA
RegGetValueW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

cdp

CDPResume
CDPSuspend
CDPSetServicePid
CDPPreShutdown
CDPInitializeForService
CDPGetLogger
CDPGetHost
CDPShutdownBluetooth
CDPCreateUserNotificationClientInternal
CDPCreateMessagingHostInternal
CDPCreateDirectNotificationHost
CDPCreateDeviceQueryInternal
CDPGetDeviceCacheInternal
CDPShutdown
CDPGetSDKAuthorizationPolicyOfInteractiveUser
CDPCreateDeviceInternal
CDPSetExtendedLocalDeviceStatus
CDPCreateAccountInternalForUser
CDPCreateDedupedDeviceQueryInternal
CDPCreateDedupedDeviceQueryParameters
CDPCreateBinaryHostInternal
CDPCreateBinaryClientInternal
CDPCreateCallbackNotifierInternal
CDPCreateAppId
CDPCreateAppControlClientInternal
CDPCreateAFSUserSettingsInternal
CDPCreateSettingsInteropInternal

api-ms-win-security-capability-l1-1-0

CapabilityCheck
RpcClientCapabilityCheck

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Register_Notification

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cdpusersvc.dll
.dll windows:10 windows x64 arch:x64

b026022a1186fe9917a3f89c8af03fed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cdpusersvc.pdb

Imports

msvcp_win

?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
_Cnd_destroy
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Xtime_get_ticks
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
_Cnd_timedwait
_Cnd_init_in_situ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
_Mtx_current_owns
?_Xbad_function_call@std@@YAXXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_unlock
_Cnd_init
_Cnd_do_broadcast_at_thread_exit
_Mtx_lock
_Mtx_destroy
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
_Thrd_detach
_Thrd_start
_Mtx_init
_Cnd_wait
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_signal

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

strpbrk
memset

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_modf
_o_strcpy_s
_o_strncpy_s
_o_terminate
__C_specific_handler
_CxxThrowException
strstr
_o__cexit
_o__callnewh
_o__dtest
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
__std_type_info_compare
__std_terminate
__CxxFrameHandler3
_o__configure_narrow_argv
memcmp
memcpy

ntdll

RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
ReleaseSemaphore
CreateEventExW
WaitForSingleObject
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
WaitForSingleObjectEx
ResetEvent
ReleaseMutex
CreateEventW
CreateMutexExW
ReleaseSRWLockShared
InitializeCriticalSectionEx
SetEvent
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoGetMalloc
CoUninitialize
CoTaskMemFree
CoResumeClassObjects
CoRegisterClassObject
CoDisconnectContext
CoCreateInstance
CoDecrementMTAUsage
CoIncrementMTAUsage
CoInitializeEx
CoRevokeClassObject
CoImpersonateClient
CoWaitForMultipleHandles
CoRevertToSelf
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsGetStringLen

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
GetCurrentThread
TerminateProcess
GetCurrentProcessId
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile
GetFileSize

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolTimer

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegCloseKey
RegCreateKeyExW
RegNotifyChangeKeyValue
RegGetValueW
RegGetValueA

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

cdp

CDPGetActivityStoreForStoreInfoInternal
CDPCreateActivityStoreReaderInternal
CDPCreateAppRegistrationManagerInternal
CDPGetResourceHandler
CDPCreateRemoteUserInternal
CDPCreateResourceCollection
CDPInitializeForService
CDPShutdown
CDPInitializeUserServicePhase2
CDPGetUserActivitySettingsInternal
CDPCreateActivityStoreInfoWatcherInternal
CDPSetAccountProviderInternal
CDPResume
CDPSuspend
CDPRegisterActivityConflictResolverInternal
CDPPreShutdown
CDPGetLogger
CDPCreateAccountProviderInternal
CDPInitializeUserService
CDPUninitializeUserService
CDPGetActivityStoreForAccountInternal
CDPCreateCallbackNotifierInternal
CDPGetActivityStoreInternal
CDPCreateActivityAssetInternal
CDPAcquireNetworkingInternal
CDPReleaseNetworkingInternal
CDPGetResourceManager
CDPGetAccountProviderInternal
CDPCreateAccountInternalForUser
CDPCreateCrossPlatformAppId
CDPCreateActivityInternal
CDPCreateActivityStoreInfoInternal
CDPCreateAppId

api-ms-win-security-base-l1-1-0

AccessCheck
MapGenericMask
MakeAbsoluteSD

api-ms-win-security-capability-l1-1-0

CapabilityCheck
RpcClientCapabilityCheck

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Unregister_Notification

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certadm.dll
.dll regsvr32 windows:10 windows x64 arch:x64

920aa6745da39a2fdf7e3d92b9471687

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

certadm.pdb

Imports

msvcrt

vswprintf_s
_vscwprintf
_snwprintf_s
swprintf
memset
bsearch
__CxxFrameHandler3
wcsncmp
memmove
__iob_func
memcpy
wcsspn
strcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
calloc
_resetstkoflw
_wtoi
wcstoul
wcsrchr
wcschr
_wcsicmp
strncpy_s
_vsnwprintf
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
_purecall
wcscpy_s
memcpy_s
malloc
wcsncpy_s
free
__C_specific_handler
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
memcmp
vfwprintf
fwprintf
_wfopen_s
ferror
fputws
strncmp
atoi
isdigit
_itow
wcsstr
swscanf
isxdigit
__isascii
_wcsnicmp
iswxdigit
fprintf
wcscspn
fflush
fclose
iswalpha
strchr
iswdigit
wcscmp

certca

ord840
ord841
ord817
ord818
ord842
ord809
ord808
ord813
ord853
ord707
ord705
ord823
ord703
ord820
ord602
ord824
ord601
ord839

oleaut32

VariantInit
SafeArrayGetUBound
SysStringByteLen
SafeArrayGetLBound
SafeArrayGetDim
VariantClear
VariantCopy
SafeArrayPutElement
VariantCopyInd
SysAllocStringByteLen
SysFreeString
SafeArrayCreate
VariantTimeToSystemTime
LoadRegTypeLi
SafeArrayAccessData
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
SetErrorInfo
CreateErrorInfo
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayDestroy
VarUI4FromStr
SystemTimeToVariantTime

api-ms-win-core-synch-l1-1-0

ReleaseMutex
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateMutexW
LeaveCriticalSection
WaitForSingleObject

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstanceEx
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoTaskMemAlloc
CoInitializeEx
CoTaskMemRealloc
StringFromCLSID

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapDestroy
HeapSize
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-memory-l1-1-0

VirtualFree
OpenFileMappingW
MapViewOfFileEx
VirtualAlloc
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LockResource
DisableThreadLibraryCalls
SizeofResource
FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW
LoadStringW
GetProcAddress
LoadResource

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyExW

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemTime
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLangID
GetACP
GetUserDefaultLocaleName
GetLocaleInfoW
GetThreadLocale

api-ms-win-core-localization-l1-2-2

GetSystemDefaultLocaleName

sspicli

LsaLogonUser
LsaDeregisterLogonProcess
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
LsaConnectUntrusted
GetUserNameExW

crypt32

CertGetCertificateChain
CertGetCertificateContextProperty
CryptFormatObject
CryptEnumOIDInfo
PFXExportCertStoreEx
PFXExportCertStore
CryptExportPublicKeyInfoEx
CryptHashCertificate
CertNameToStrW
CertGetCRLContextProperty
CryptDecodeObjectEx
CryptEncodeObjectEx
CertFreeCertificateContext
CertCompareIntegerBlob
CertFreeCertificateChain
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore
CryptAcquireCertificatePrivateKey
CryptDecodeObject
CryptFindOIDInfo
CertComparePublicKeyInfo
CryptQueryObject
PFXIsPFXBlob
CertDeleteCertificateFromStore
CertFindCertificateInStore
CryptExportPKCS8
CertVerifyCertificateChainPolicy
PFXImportCertStore
CertEnumCertificatesInStore
CertFindExtension
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty

api-ms-win-core-file-l1-1-0

ReadFile
GetFullPathNameW
FindClose
FindNextFileW
DeleteFileW
GetFileAttributesExW
WriteFile
CreateFileW
GetFileAttributesW
CreateDirectoryW
CompareFileTime
FileTimeToLocalFileTime
FindFirstFileW
GetFileType
RemoveDirectoryW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetStdHandle
GetEnvironmentVariableW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThread
OpenThreadToken
OpenProcessToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-security-base-l1-1-0

CopySid
MakeSelfRelativeSD
MakeAbsoluteSD
GetTokenInformation
FreeSid
DuplicateToken
AllocateAndInitializeSid
EqualSid
IsValidSid
ImpersonateSelf
RevertToSelf
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetAclInformation
GetAce
InitializeAcl
AddAce
AdjustTokenPrivileges
SetSecurityDescriptorDacl
AccessCheckByType
AccessCheck
GetSecurityDescriptorLength
SetSecurityDescriptorOwner
GetLengthSid
GetSecurityDescriptorGroup

ncrypt

NCryptIsKeyHandle
NCryptFreeObject
NCryptOpenStorageProvider
NCryptImportKey
NCryptGetProperty
NCryptEncrypt
NCryptEnumStorageProviders
NCryptFreeBuffer
NCryptOpenKey
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFinalizeKey
NCryptDecrypt
NCryptExportKey
NCryptSignHash
NCryptVerifySignature
NCryptDeleteKey
NCryptDeriveKey
NCryptSecretAgreement

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom

api-ms-win-core-file-l1-2-0

GetTempPathW

userenv

UnloadUserProfile

advapi32

CryptEnumProvidersA
LsaNtStatusToWinError
CryptReleaseContext
CryptAcquireContextW
CryptGenRandom
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegConnectRegistryW
CryptSetProvParam
CryptDuplicateHash
CryptDestroyKey
CryptGetProvParam
CryptExportKey
CryptEncrypt
CryptGetUserKey
RegEnumKeyW
CryptSetKeyParam
CryptSetHashParam
CryptContextAddRef
SetSecurityInfo
CryptGetKeyParam
CryptVerifySignatureW
CryptSignHashW
CryptImportKey
CryptDecrypt

kernel32

GetUserDefaultUILanguage
GetComputerNameW
GetSystemDefaultUILanguage
lstrcmpW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpiW
EnumResourceLanguagesW

ole32

CoInitialize

user32

UnregisterClassA

ntdll

RtlInitString
RtlCreateUnicodeString
NtAllocateLocallyUniqueId
RtlFreeUnicodeString
NtQuerySystemInformationEx

Exports

Exports

CAClosePerfMon
CACollectPerfMon
CAOpenPerfMon
CertSrvBackupClose
CertSrvBackupEnd
CertSrvBackupFree
CertSrvBackupGetBackupLogsW
CertSrvBackupGetDatabaseNamesW
CertSrvBackupGetDynamicFileListW
CertSrvBackupOpenFileW
CertSrvBackupPrepareW
CertSrvBackupRead
CertSrvBackupTruncateLogs
CertSrvIsServerOnlineW
CertSrvRestoreEnd
CertSrvRestoreGetDatabaseLocationsW
CertSrvRestorePrepareW
CertSrvRestoreRegisterComplete
CertSrvRestoreRegisterThroughFile
CertSrvRestoreRegisterW
CertSrvServerControlW
ClosePerfMon
CollectPerfMon
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OpenPerfMon

Sections

.text
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certca.dll
.dll windows:10 windows x64 arch:x64

069dff49c828697fd2bb2d740b2f78e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

certca.pdb

Imports

msvcrt

_XcptFilter
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strcspn
fprintf
wcscspn
fflush
fclose
fopen
_errno
_wgetenv
fseek
ftell
fwrite
_vsnwprintf
iswalpha
strchr
getenv
_vsnprintf
wcschr
_wcsicmp
iswspace
iswxdigit
iswdigit
_wtoi
__isascii
isxdigit
swscanf
wcsrchr
wcsstr
_wcsnicmp
isdigit
atoi
strncmp
fputws
ferror
_wfopen_s
fwprintf
_swab
free
wcstoul
iswupper
towlower
iswlower
towupper
wcsncmp
strrchr
wcstok
_wtol
wcstol
??0exception@@QEAA@AEBV0@@Z
memcpy_s
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
??0exception@@QEAA@XZ
bsearch
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
??1type_info@@UEAA@XZ
__iob_func
memcmp
memcpy
malloc
_initterm
memmove
_amsg_exit
__C_specific_handler
strcmp
__CxxFrameHandler3
memset
vfwprintf
wcscmp

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibrary
LoadResource
LockResource
FindResourceExW
LoadLibraryExW
LoadStringW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
LeaveCriticalSection
AcquireSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

crypt32

CertFindExtension
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptEnumOIDInfo
CryptFormatObject
CryptEncodeObject
CertGetCRLContextProperty
CertDeleteCTLFromStore
CertFindCTLInStore
CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW
CertAddEncodedCTLToStore
CryptMsgEncodeAndSignCTL
CryptHashPublicKeyInfo
CryptHashCertificate
CryptDecodeObjectEx
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertDuplicateCertificateContext
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CryptEncodeObjectEx
CertNameToStrW
CryptFindOIDInfo
CryptInitOIDFunctionSet
CryptGetOIDFunctionAddress
CryptFreeOIDFunctionAddress
CertCreateCertificateContext
CertGetNameStringW
CertEnumCertificatesInStore
CertOpenStore
CertCreateCertificateChainEngine
CertCloseStore
CertFreeCertificateChainEngine

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateThread
GetCurrentProcess
OpenProcessToken
GetCurrentThread
OpenThreadToken
TerminateProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime
GetVersionExW
GetTickCount
GetSystemDirectoryW
GetComputerNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

WriteFile
GetFileSize
CreateFileW
GetFileAttributesW
LocalFileTimeToFileTime
DeleteFileW
ReadFile
GetTempFileNameW
FileTimeToLocalFileTime
GetFullPathNameW
GetFileType
CompareFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegDeleteKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryInfoKeyW
RegOpenCurrentUser
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegGetValueW

api-ms-win-security-base-l1-1-0

GetSidIdentifierAuthority
AddAccessAllowedObjectAce
GetSecurityDescriptorDacl
InitializeSid
GetSidLengthRequired
GetSidSubAuthorityCount
SetSecurityDescriptorDacl
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
GetSecurityDescriptorLength
AdjustTokenPrivileges
AllocateAndInitializeSid
DuplicateToken
CheckTokenMembership
FreeSid
AddAccessAllowedAce
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
GetLengthSid
CopySid
IsValidSecurityDescriptor
RevertToSelf
GetSidSubAuthority
ImpersonateLoggedOnUser
CreateWellKnownSid
DeleteAce
SetSecurityDescriptorControl
AddAce
InitializeAcl
EqualSid
GetAce
GetAclInformation
GetTokenInformation
GetSecurityDescriptorControl
MakeAbsoluteSD
AccessCheckByType
AccessCheck
MakeSelfRelativeSD

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
FoldStringW
CompareStringW

api-ms-win-core-string-l2-1-0

CharLowerW

rpcrt4

UuidCreate

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
SearchPathW
GetCommandLineW
GetStdHandle

api-ms-win-core-localization-l1-2-0

GetACP
GetLocaleInfoW
IdnToUnicode
FormatMessageW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

wldap32

ord210
ord127
ord147
ord167
ord12
ord65
ord142
ord79
ord18
ord41
ord145
ord14
ord73
ord113
ord40
ord21
ord194
ord10
ord133
ord27
ord69
ord224
ord140
ord26
ord16
ord36
ord203
ord13
ord155

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-security-logon-l1-1-0

LogonUserExW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

ntdll

RtlFindMessage
RtlNtStatusToDosError
RtlValidRelativeSecurityDescriptor

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

Exports

Exports

CAAccessCheck
CAAccessCheckEx
CAAddCACertificateType
CAAddCACertificateTypeEx
CACertTypeAccessCheck
CACertTypeAccessCheckEx
CACertTypeAuthzAccessCheck
CACertTypeGetSecurity
CACertTypeQuery
CACertTypeRegisterQuery
CACertTypeSetSecurity
CACertTypeUnregisterQuery
CACloneCertType
CACloseCA
CACloseCertType
CACountCAs
CACountCertTypes
CACreateAutoEnrollmentObjectEx
CACreateCertType
CACreateLocalAutoEnrollmentObject
CACreateNewCA
CADCSetCertTypePropertyEx
CADeleteCA
CADeleteCAEx
CADeleteCertType
CADeleteCertTypeEx
CADeleteLocalAutoEnrollmentObject
CAEnumCertTypes
CAEnumCertTypesEx
CAEnumCertTypesEx2
CAEnumCertTypesForCA
CAEnumCertTypesForCAEx
CAEnumFirstCA
CAEnumNextCA
CAEnumNextCertType
CAFindByCertType
CAFindByIssuerDN
CAFindByName
CAFindCertTypeByName
CAFindCertTypeByName2
CAFreeCAProperty
CAFreeCertTypeExtensions
CAFreeCertTypeProperty
CAGetCACertificate
CAGetCAExpiration
CAGetCAFlags
CAGetCAProperty
CAGetCASecurity
CAGetCertTypeExpiration
CAGetCertTypeExtensions
CAGetCertTypeExtensionsEx
CAGetCertTypeFlags
CAGetCertTypeFlagsEx
CAGetCertTypeKeySpec
CAGetCertTypeProperty
CAGetCertTypePropertyEx
CAGetDN
CAInstallDefaultCertType
CAInstallDefaultCertTypeEx
CAIsCertTypeCurrent
CAIsCertTypeCurrentEx
CAOIDAdd
CAOIDAddEx
CAOIDCreateNew
CAOIDCreateNewEx
CAOIDDelete
CAOIDDeleteEx
CAOIDFreeLdapURL
CAOIDFreeProperty
CAOIDGetLdapURL
CAOIDGetProperty
CAOIDGetPropertyEx
CAOIDSetProperty
CAOIDSetPropertyEx
CARemoveCACertificateType
CARemoveCACertificateTypeEx
CASetCACertificate
CASetCAExpiration
CASetCAFlags
CASetCAProperty
CASetCASecurity
CASetCertTypeExpiration
CASetCertTypeExtension
CASetCertTypeFlags
CASetCertTypeFlagsEx
CASetCertTypeKeySpec
CASetCertTypeProperty
CASetCertTypePropertyEx
CAUpdateCA
CAUpdateCAEx
CAUpdateCertType
CAUpdateCertTypeEx
CCFindCertificateBuildFilter
CCFindCertificateFreeFilter
CCFindCertificateFromFilter
CCFreeStringArray
CCGetCertNameList

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certcli.dll
.dll regsvr32 windows:10 windows x64 arch:x64

7ab9fd5659af277bd2b26d8427ddb232

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

certcli.pdb

Imports

msvcrt

strcmp
_onexit
__dllonexit
_unlock
wcsncmp
_vsnprintf
_lock
towupper
iswlower
wcscspn
realloc
__isascii
_errno
memmove
iswxdigit
wcsrchr
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
iswupper
towlower
isxdigit
_wcsicmp
atoi
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
iswdigit
memmove_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
__CxxFrameHandler3
strchr
isdigit
iswspace
_vsnprintf_s
_wcsnicmp
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcsstr
_wtoi
_vsnwprintf
wcschr
_purecall
_strnicmp
memcpy_s
malloc
wcsncpy_s
free
__C_specific_handler
memset
swscanf
memcpy
memcmp
bsearch
iswalpha
wcscmp

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventW
WaitForSingleObject
InitializeCriticalSectionEx
CreateSemaphoreExW
WaitForSingleObjectEx
AcquireSRWLockShared
CreateMutexExW
LeaveCriticalSection
DeleteCriticalSection
ReleaseMutex
EnterCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
ReleaseSemaphore

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
DisableThreadLibraryCalls
FindResourceExW
GetModuleHandleW
LoadResource
GetModuleHandleExW
GetModuleFileNameW
LoadStringW
FreeLibrary
SizeofResource
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-string-l2-1-0

CharLowerW
CharNextW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
FoldStringW
CompareStringW
MultiByteToWideChar

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
GlobalFree
LocalAlloc

crypt32

CryptAcquireCertificatePrivateKey
CryptFindOIDInfo
CertGetCertificateContextProperty
CertFindExtension
CryptHashCertificate
CryptHashPublicKeyInfo
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertEnumCertificatesInStore
CertAddCertificateLinkToStore
CertGetNameStringW
CertComparePublicKeyInfo
CryptSignMessage
CryptDecodeObject
CryptDecodeObjectEx
CryptStringToBinaryW
CryptEncodeObjectEx
CryptExportPublicKeyInfoEx
CryptImportPublicKeyInfoEx2
CertNameToStrW
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgGetParam
CryptMsgClose
CryptImportPublicKeyInfo
CertSetStoreProperty
CertFindCertificateInStore
CertCreateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertCloseStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertOpenStore
CertStrToNameW

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
LocalFileTimeToFileTime
WriteFile
SetEndOfFile
SetFilePointer
CompareFileTime
ReadFile
GetFileSize
CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-localization-l1-2-0

IdnToUnicode
GetLocaleInfoW
GetACP
FormatMessageW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
GetCurrentThread

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

rpcrt4

NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
RpcBindingFree
RpcStringFreeW
CStdStubBuffer_AddRef
RpcMgmtInqServerPrincNameW
RpcBindingSetAuthInfoW
RpcNetworkIsProtseqValidW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
IUnknown_Release_Proxy
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
RpcExceptionFilter
RpcCancelThreadEx
NdrClientCall3
RpcBindingSetAuthInfoExW
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_Disconnect
NdrOleAllocate

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetComputerNameExW
GetLocalTime
GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
EqualSid
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
FreeSid
AllocateAndInitializeSid

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

certca

ord602
ord444
ord450
ord445
ord435
ord813
ord823
ord818
ord817
ord601
ord838
ord824
ord840
ord412
ord405
ord841
ord705
ord411
ord842
ord404
ord414
ord413
ord819
ord839
ord707

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW
GetDateFormatA
GetTimeFormatA

wldap32

ord16
ord26
ord18
ord12
ord140
ord13
ord167
ord147
ord127
ord210
ord224
ord41

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW
StartServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-security-logon-l1-1-0

LogonUserExW

api-ms-win-core-registry-l2-1-0

RegConnectRegistryW

api-ms-win-eventlog-legacy-l1-1-0

RegisterEventSourceW
ReportEventW
DeregisterEventSource

cryptsp

CryptDecrypt
CryptEncrypt
CryptSetKeyParam
CryptSetHashParam
CryptSetProvParam
CryptGetHashParam
CryptVerifySignatureW
CryptExportKey
CryptDuplicateKey
CryptGetProvParam
CryptReleaseContext
CryptDestroyKey
CryptContextAddRef
CryptAcquireContextW
CryptGetKeyParam
CryptHashData
CryptSignHashW
CryptGetUserKey
CryptCreateHash
CryptDestroyHash

api-ms-win-service-private-l1-1-0

WaitServiceState

ntdll

EtwTraceMessage

Exports

Exports

AddOrRemoveOCSPISAPIExtension
CAAccessCheck
CAAccessCheckEx
CAAddCACertificateType
CAAddCACertificateTypeEx
CACertTypeAccessCheck
CACertTypeAccessCheckEx
CACertTypeAuthzAccessCheck
CACertTypeGetSecurity
CACertTypeQuery
CACertTypeRegisterQuery
CACertTypeSetSecurity
CACertTypeUnregisterQuery
CACloneCertType
CACloseCA
CACloseCertType
CACountCAs
CACountCertTypes
CACreateAutoEnrollmentObjectEx
CACreateCertType
CACreateLocalAutoEnrollmentObject
CACreateNewCA
CADCSetCertTypePropertyEx
CADeleteCA
CADeleteCAEx
CADeleteCertType
CADeleteCertTypeEx
CADeleteLocalAutoEnrollmentObject
CAEnumCertTypes
CAEnumCertTypesEx
CAEnumCertTypesForCA
CAEnumCertTypesForCAEx
CAEnumFirstCA
CAEnumNextCA
CAEnumNextCertType
CAFindByCertType
CAFindByIssuerDN
CAFindByName
CAFindCertTypeByName
CAFreeCAProperty
CAFreeCertTypeExtensions
CAFreeCertTypeProperty
CAGetAccessRights
CAGetCACertificate
CAGetCAExpiration
CAGetCAFlags
CAGetCAProperty
CAGetCASecurity
CAGetCertTypeAccessRights
CAGetCertTypeExpiration
CAGetCertTypeExtensions
CAGetCertTypeExtensionsEx
CAGetCertTypeFlags
CAGetCertTypeFlagsEx
CAGetCertTypeKeySpec
CAGetCertTypeProperty
CAGetCertTypePropertyEx
CAGetConfigStringFromUIPicker
CAGetDN
CAInstallDefaultCertType
CAInstallDefaultCertTypeEx
CAIsCertTypeCurrent
CAIsCertTypeCurrentEx
CAIsCertTypeValid
CAIsValid
CAOIDAdd
CAOIDAddEx
CAOIDCreateNew
CAOIDCreateNewEx
CAOIDDelete
CAOIDDeleteEx
CAOIDFreeLdapURL
CAOIDFreeProperty
CAOIDGetLdapURL
CAOIDGetProperty
CAOIDGetPropertyEx
CAOIDSetProperty
CAOIDSetPropertyEx
CARemoveCACertificateType
CARemoveCACertificateTypeEx
CASetCACertificate
CASetCAExpiration
CASetCAFlags
CASetCAProperty
CASetCASecurity
CASetCertTypeExpiration
CASetCertTypeExtension
CASetCertTypeFlags
CASetCertTypeFlagsEx
CASetCertTypeKeySpec
CASetCertTypeProperty
CASetCertTypePropertyEx
CAUpdateCA
CAUpdateCAEx
CAUpdateCertType
CAUpdateCertTypeEx
CSPrintAssert
CSPrintError
CSPrintErrorLineFile
CSPrintErrorLineFile2
CSPrintErrorLineFileData
CSPrintErrorLineFileData2
CertcliGetDetailedCertcliVersionString
DbgIsSSActive
DbgLogStringInit
DbgLogStringInit2
DbgPrintf
DbgPrintfInit
DbgPrintfW
DecodeFileW
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
EnableASPInIIS
EnableISAPIExtension
EncodeToFileW
IsASPEnabledInIIS
IsASPEnabledInIIS_New
IsISAPIExtensionEnabled
RemoveISAPIExtension
RemoveVDir
SplitConfigString
WszToMultiByteInteger
WszToMultiByteIntegerBuf
caTranslateFileTimePeriodToPeriodUnits
myAddShare
myCAPropGetDisplayName
myCAPropInfoLookup
myCAPropInfoUnmarshal
myCryptBinaryToString
myCryptBinaryToStringA
myCryptStringToBinary
myCryptStringToBinaryA
myDoesDSExist@209
myEnablePrivilege
myFreeColumnDisplayNames
myGenerateGuidSerialNumber
myGenerateGuidString
myGetErrorMessageText
myGetErrorMessageText1
myGetErrorMessageTextEx
myGetHashAlgorithmOIDInfoFromSignatureAlgorithm
myGetSidFromDomain
myGetTargetMachineDomainDnsName
myHExceptionCode
myHExceptionCodePrint
myHGetLastError
myHResultToStringRaw_old
myHResultToString_old
myIsDelayLoadHResult
myJetHResult
myLogExceptionInit
myModifyVirtualRootsAndFileShares
myNetLogonUser
myOIDHashOIDToString
myRevertSanitizeName
myRobustLdapBind
myRobustLdapBindEx
mySanitizeName
mySanitizedNameToDSName
mySanitizedNameToShortName
mylstrcmpiL

Sections

.text
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certmgr.dll
.dll regsvr32 windows:10 windows x64 arch:x64

12a3ad41d52873303f6b2aa0e5591954

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

certmgr.pdb

Imports

mfc42u

ord1037
ord2384
ord2326
ord2393
ord6102
ord4623
ord4481
ord6612
ord6817
ord2134
ord4131
ord1499
ord4127
ord2902
ord4544
ord2595
ord3820
ord2449
ord1441
ord1650
ord2903
ord6691
ord4177
ord3407
ord4567
ord2328
ord6632
ord3417
ord1648
ord3174
ord2801
ord1286
ord4424
ord6328
ord6216
ord559
ord624
ord4583
ord5082
ord3870
ord4779
ord2059
ord4787
ord5710
ord1698
ord4130
ord4027
ord4582
ord549
ord999
ord2311
ord2764
ord1562
ord1906
ord551
ord3783
ord2427
ord3790
ord2898
ord1647
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord3896
ord620
ord1359
ord1042
ord628
ord3177
ord6767
ord1284
ord1287
ord3396
ord4860
ord6393
ord4548
ord286
ord1574
ord2676
ord2408
ord1677
ord6395
ord2906
ord5382
ord4750
ord2597
ord6734
ord599
ord814
ord3736
ord4257
ord1035
ord3743
ord4741
ord3894
ord912
ord3806
ord3501
ord4747
ord2593
ord6886
ord5584
ord5585
ord6887
ord5583
ord5304
ord5114
ord5352
ord4699
ord5687
ord4722
ord5246
ord5406
ord2517
ord6437
ord1777
ord2586
ord5709
ord5227
ord4771
ord3868
ord1483
ord6880
ord1122
ord6614
ord832
ord3751
ord4743
ord2589
ord4542
ord4473
ord5077
ord2023
ord2422
ord5245
ord1606
ord4601
ord4721
ord5702
ord3761
ord1056
ord3911
ord3531
ord2329
ord911
ord904
ord408
ord6326
ord3805
ord4746
ord2592
ord4543
ord2024
ord2425
ord6801
ord1774
ord867
ord665
ord1067
ord3774
ord4770
ord4988
ord4371
ord3164
ord4077
ord4083
ord2665
ord3182
ord4557
ord852
ord337
ord6418
ord6147
ord2845
ord3180
ord2661
ord4522
ord1264
ord2532
ord1365
ord6222
ord4243
ord1579
ord5980
ord4436
ord2781
ord6050
ord2975
ord6171
ord3829
ord1355
ord6351
ord822
ord4523
ord2474
ord1657
ord2783
ord6542
ord629
ord1043
ord3754
ord938
ord443
ord3873
ord5804
ord6821
ord5815
ord6832
ord3830
ord568
ord1443
ord5935
ord1006
ord5719
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord2412
ord3468
ord5722
ord5724
ord4368
ord5065
ord5730
ord5711
ord6053
ord3534
ord4983
ord3916
ord1381
ord5950
ord2629
ord2411
ord2856
ord6708
ord6705
ord1262
ord1259
ord5887
ord2979
ord1426
ord2752
ord4214
ord659
ord1063
ord2857
ord1577
ord2846
ord4082
ord3535
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5229
ord4017
ord5712
ord4694
ord6812
ord5586
ord2399
ord5663
ord4752
ord1778
ord4365
ord6440
ord1126
ord1463
ord287
ord1040
ord626
ord1003

msvcrt

wcslen
wcscmp
_stricmp
memcmp
_wcsicmp
free
wcstok_s
realloc
strlen
mbstowcs
strcmp
__C_specific_handler
memcpy
memset
_wcsupr
wcsstr
wcscspn
_vsnwprintf
_itow
wcschr
wcscoll
malloc
_onexit
__dllonexit
_purecall
_lock
_wcsnicmp
swprintf_s
_wtol
wcscat_s
wcscpy_s
wcstol
wcsncmp
iswdigit
_wtoi
qsort
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
__RTDynamicCast
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
wcstoul
wcsrchr
iswspace
__CxxFrameHandler3
_unlock
??1exception@@UEAA@XZ
_beginthreadex
_endthreadex
memmove

atl

ord16
ord21
ord15
ord30
ord43
ord32
ord44

ntdll

RtlCompareUnicodeString
RtlNtStatusToDosError
RtlInitUnicodeString
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

certca

ord450
ord451
ord433
ord459
ord446
ord442
ord444
ord435
ord445
ord404
ord411
ord416
ord405
ord413
ord414
ord412
ord424
ord455
ord452
ord453
ord460

certenroll

ord33
ord18
ord29
ord16
ord19
ord15
ord40
ord31
ord21
ord23
ord22

kernel32

UnmapViewOfFile
MapViewOfFile
GetProcessHeap
HeapAlloc
CreateFileMappingW
GetUserDefaultLangID
GetFileTime
GetFileSizeEx
ResetEvent
SetEvent
WaitForSingleObject
CreateEventW
GlobalUnlock
GlobalLock
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileW
CloseHandle
GetCurrentProcess
ReleaseActCtx
GetComputerNameW
GlobalFree
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapFree
GetSystemWindowsDirectoryW
GetVersionExW
FormatMessageW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCommandLineW
GetModuleHandleW
OutputDebugStringA
QueryActCtxW
GetModuleHandleExW
GetModuleFileNameW
CreateActCtxW
FindActCtxSectionStringW
LoadLibraryW
ActivateActCtx
LoadLibraryExW
DeactivateActCtx
GetProcAddress
SetLastError
MultiByteToWideChar
GetACP
SystemTimeToFileTime
GetSystemTime
CompareFileTime
RaiseException
lstrcmpiW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetLastError
FreeLibrary
VirtualFree
VirtualAlloc
LoadLibraryExA
EncodePointer
DecodePointer
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
CompareStringW
GetTickCount
GetComputerNameExW
ExpandEnvironmentStringsA
InitOnceExecuteOnce

user32

EnableMenuItem
SetMenu
LoadMenuW
GetWindowLongPtrW
DestroyWindow
CallWindowProcW
DefWindowProcW
SetFocus
GetKeyState
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
IsDlgButtonChecked
SetWindowLongW
GetWindowLongW
FindWindowExW
GetSysColor
GetClientRect
MessageBoxW
SetWindowLongPtrW
GetWindowTextW
ShowWindow
SetWindowTextW
SendDlgItemMessageW
GetWindowThreadProcessId
GetDlgItem
LoadStringW
RegisterClipboardFormatW
GetParent
PostMessageW
WinHelpW
GetDlgCtrlID
SendMessageW
EnableWindow
LoadBitmapW
LoadImageW
LoadIconW
ReleaseDC
GetDC
SystemParametersInfoW
UpdateWindow
SetWindowsHookExW
UnhookWindowsHookEx
GetWindow
CallNextHookEx
IsWindowVisible
DestroyIcon
CheckDlgButton
GetFocus
GetSubMenu
ChildWindowFromPointEx
ScreenToClient
GetSystemMetrics
InvalidateRect
GetWindowRect
GetMenu

oleaut32

VariantClear
SysStringLen
SysAllocString
SysAllocStringLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
BstrFromVector
SysFreeString
VariantInit
SafeArrayAccessData

ole32

CoUninitialize
CoCreateInstance
StringFromCLSID
GetHGlobalFromStream
ReleaseStgMedium
CoCreateGuid
CLSIDFromString
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

advapi32

RegOpenKeyExA
CopySid
GetLengthSid
EnumServicesStatusW
GetSecurityDescriptorLength
CryptSetProvParam
SaferiChangeRegistryScope
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
GetUserNameW
SaferCreateLevel
SaferCloseLevel
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenProcessToken
GetTokenInformation
SaferGetLevelInformation
SaferiPopulateDefaultsInRegistry
SaferGetPolicyInformation
RegQueryValueExA
RegSetValueExA
RegDeleteTreeW
CryptGetProvParam
SaferSetLevelInformation
LookupAccountNameW
OpenSCManagerW
GetServiceDisplayNameW
CloseServiceHandle
SaferSetPolicyInformation

netutils

NetpwNameValidate
NetApiBufferFree
NetpwNameCanonicalize

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

srvcli

NetServerGetInfo

shell32

SHGetFileInfoW
SHGetMalloc
SHBrowseForFolderW
SHBindToParent
SHGetPathFromIDListW

cryptui

CryptUIWizExport
CryptUIDlgViewCertificateW
CryptUIDlgViewCTLW
CryptUIDlgViewCRLW
CryptUIWizImport
CryptUIDlgPropertyPolicy
CryptUIDlgSelectCertificateW
CryptUIDlgViewCertificatePropertiesW
CryptUIDlgAddPolicyServerWithPriority
CryptUIWizBuildCTL
CryptUIGetCertificatePropertiesPagesW

crypt32

CryptMsgClose
CertAddCRLContextToStore
CryptMsgUpdate
CertEnumCTLsInStore
CertGetSubjectCertificateFromStore
CryptAcquireCertificatePrivateKey
CryptBinaryToStringW
CertAddStoreToCollection
CryptMsgOpenToDecode
CertDeleteCRLFromStore
CertDuplicateCRLContext
CryptEncodeObject
CertAddEncodedCTLToStore
CertEnumCRLsInStore
CertVerifyRevocation
CryptMsgEncodeAndSignCTL
CryptDecodeObject
CertFindExtension
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertGetEnhancedKeyUsage
CertDeleteCertificateFromStore
CertFindCertificateInStore
CertSetCertificateContextProperty
CryptDecodeObjectEx
CertNameToStrW
CryptFindOIDInfo
CertGetNameStringW
CryptImportPublicKeyInfoEx2
CertGetCertificateChain
CertFreeCertificateChain
CertCompareCertificate
CertEnumCertificatesInStore
CertGetCTLContextProperty
CertDeleteCTLFromStore
CertOpenStore
CertCloseStore
CertEnumSystemStore
CryptFindCertificateKeyProvInfo
CertEnumPhysicalStore
CryptEnumOIDInfo
CertAddCertificateContextToStore
CertAddCTLContextToStore
CertDuplicateCTLContext
CertFreeCTLContext
CertGetIntendedKeyUsage
CertGetPublicKeyLength
CertAddSerializedElementToStore
CryptQueryObject
CertControlStore
CertFreeCRLContext
CryptMsgGetParam
CertFindCTLInStore
CertGetCRLFromStore
CertGetStoreProperty
CryptFindLocalizedName
CertVerifyTimeValidity

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

ntdsapi

DsCrackNamesW
DsUnBindW
DsBindW
DsFreeNameResultW

ncrypt

NCryptSetProperty
NCryptGetProperty
NCryptIsKeyHandle
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptGetProperty

shlwapi

SHDeleteKeyW
PathFindExtensionW
StrTrimW

wintrust

WTHelperGetProvSignerFromChain
WTHelperGetFileHash
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

imagehlp

ImageLoad
ImageUnload

secur32

GetUserNameExW

aclui

ord2

iphlpapi

ParseNetworkString

slc

SLGetWindowsInformationDWORD

logoncli

DsGetDcNameW

activeds

ord9

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certmmc.dll
.dll regsvr32 windows:10 windows x64 arch:x64

c63a6e53490b796b18059b5543cfb8fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

certmmc.pdb

Imports

msvcrt

__iob_func
_wfopen
__RTDynamicCast
memcmp
fgetc
feof
memcpy
fgets
strcmp
?terminate@@YAXXZ
__CxxFrameHandler3
_callnewh
memmove
_CxxThrowException
memset
fgetws
_XcptFilter
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
wcsncmp
_errno
_wspawnlp
_wcslwr
iswdigit
_wtoi
_wtol
_vsnwprintf
_wcsicmp
_wcsnicmp
getenv
wcsstr
_wcsupr
malloc
free
wcschr
swscanf
_amsg_exit
_initterm
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
bsearch
__C_specific_handler
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_purecall
_onexit
iswxdigit
wcsrchr
fflush
fprintf
vfwprintf
strcspn
wcscspn
fclose
fopen
_wgetenv
fseek
ftell
fwrite
iswalpha
strchr
_vsnprintf
iswspace
__isascii
isxdigit
isdigit
atoi
strncmp
fputws
ferror
_wfopen_s
fwprintf
wcstoul
wcscmp

atl

ord18
ord22
ord15
ord21
ord16
ord32

certadm

ord210

certca

ord431
ord416
ord602
ord415
ord819
ord808
ord813
ord406
ord814
ord404
ord417
ord408
ord421
ord453
ord451
ord601
ord442
ord839
ord841
ord401
ord801
ord430
ord412
ord432
ord840
ord707
ord806
ord444
ord812
ord433
ord445
ord450
ord809
ord704
ord705
ord802
ord435
ord446
ord820
ord703
ord823
ord847
ord842

certcli

ord210
ord241

api-ms-win-core-synch-l1-1-0

CreateEventW
SetWaitableTimer
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
CreateWaitableTimerExW

api-ms-win-core-com-l1-1-0

CoCreateInstanceEx
CoTaskMemAlloc
CoInitializeEx
CLSIDFromString
CoSetProxyBlanket
CLSIDFromProgID
CoUninitialize
CoCreateInstance
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemFree
StringFromCLSID

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree
LocalAlloc
GlobalFree
LocalReAlloc

api-ms-win-security-base-l1-1-0

ImpersonateSelf
IsValidSid
SetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
IsValidSecurityDescriptor
MapGenericMask
SetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
RevertToSelf
AddAccessDeniedObjectAce
DuplicateToken
AddAccessAllowedObjectAce
GetAclInformation
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
FreeSid
AccessCheck
CheckTokenMembership
AllocateAndInitializeSid
DuplicateTokenEx
SetSecurityDescriptorDacl
MakeSelfRelativeSD
AddAccessDeniedAce
GetSecurityDescriptorGroup
InitializeAcl
GetSecurityDescriptorControl
GetLengthSid
DeleteAce
IsValidAcl
AddAccessAllowedAce
AdjustTokenPrivileges
AddAce
EqualSid
MakeAbsoluteSD
CopySid
SetSecurityDescriptorControl

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

oleaut32

SystemTimeToVariantTime
SafeArrayCreate
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
VariantChangeType
VariantCopy
SafeArrayPutElement
SafeArrayDestroy
SetErrorInfo
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayGetElement
SafeArrayAccessData
VariantTimeToSystemTime
VariantCopyInd
SysAllocString
SafeArrayUnaccessData
CreateErrorInfo
SysStringByteLen
VariantClear
SysFreeString
VariantInit

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateProcessW
TerminateProcess
CreateThread
SetThreadToken
GetExitCodeThread
GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
OpenThreadToken
GetCurrentThread

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LockResource
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW
LoadLibraryExW
LoadResource
GetModuleHandleW
FindResourceExW
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

crypt32

CryptHashCertificate
CryptFindOIDInfo
CertGetCertificateContextProperty
CertGetCRLContextProperty
CertNameToStrW
CryptSignCertificate
CryptExportPublicKeyInfoEx
CryptDecodeObjectEx
CryptEncodeObjectEx
CryptFormatObject
CertGetNameStringW
CertVerifyCRLTimeValidity
CertFindExtension
CertFreeCRLContext
CryptDecodeObject
CertFindCertificateInStore
CertGetPublicKeyLength
CryptSignAndEncodeCertificate
CryptExportPublicKeyInfo
CertCompareCertificateName
CryptEnumOIDInfo
CryptAcquireCertificatePrivateKey
CertComparePublicKeyInfo
CertFreeCertificateContext
CryptHashPublicKeyInfo
CertGetCertificateChain
CertOpenStore
CertCreateCRLContext
CertCreateCertificateContext
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertAddCertificateLinkToStore
CertSetStoreProperty
CertDuplicateCertificateContext
CertCloseStore
PFXImportCertStore
PFXIsPFXBlob
CertAddEncodedCertificateToStore
CertDeleteCertificateFromStore
CryptExportPKCS8
CertEnumCertificatesInStore
CertAddCertificateContextToStore
PFXExportCertStoreEx
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertSetCertificateContextProperty
CertStrToNameW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-service-management-l1-1-0

StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
FoldStringW
CompareStringW
WideCharToMultiByte

api-ms-win-core-memory-l1-1-0

VirtualFree
CreateFileMappingW
VirtualAlloc
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW
GetSystemDirectoryW
GetSystemWindowsDirectoryW

rpcrt4

UuidCreate

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
SearchPathW
GetStdHandle
GetEnvironmentVariableW
GetCommandLineW

api-ms-win-core-file-l1-1-0

GetFullPathNameW
GetFileAttributesExW
GetTempFileNameW
FindNextFileW
FindClose
CompareFileTime
FindFirstFileW
GetFileAttributesW
LocalFileTimeToFileTime
WriteFile
DeleteFileW
GetFileType
FileTimeToLocalFileTime
ReadFile
RemoveDirectoryW
CreateFileW
CreateDirectoryW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetACP
FormatMessageW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-synch-l1-2-0

Sleep

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

ncrypt

NCryptIsKeyHandle
NCryptFreeObject
NCryptOpenStorageProvider
NCryptImportKey
NCryptGetProperty
NCryptEncrypt
NCryptEnumStorageProviders
NCryptFreeBuffer
NCryptOpenKey
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFinalizeKey
NCryptDecrypt
NCryptExportKey
NCryptSignHash
NCryptDeriveKey
NCryptSecretAgreement
NCryptDeleteKey
NCryptVerifySignature

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

wldap32

ord26
ord120
ord140
ord224
ord36
ord41
ord203
ord167
ord12
ord65
ord142
ord155
ord79
ord16
ord18
ord208
ord147
ord13
ord127
ord210

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

advapi32

SetNamedSecurityInfoW
CryptSetProvParam
CryptCreateHash
CryptGetProvParam
CryptGetHashParam
CryptDestroyHash
CryptGenKey
CryptDestroyKey
CryptExportKey
CryptEncrypt
CryptReleaseContext
RegConnectRegistryW
CryptAcquireContextW
CryptHashData
CryptDecrypt
CryptDuplicateHash
CryptGetUserKey
CryptGenRandom
CryptSetHashParam
CryptImportKey
CryptSignHashW
CryptVerifySignatureW
CryptEnumProvidersA
CryptGetKeyParam
CryptContextAddRef
CryptSetKeyParam
SetEntriesInAclW

kernel32

lstrcmpiW
QueryActCtxW
GetComputerNameW
FindActCtxSectionStringW
ActivateActCtx
GetUserDefaultUILanguage
CreateActCtxW
GlobalUnlock
lstrcmpW
GlobalLock
DeactivateActCtx
GetSystemDefaultUILanguage

ole32

CoInitialize
ReleaseStgMedium

secur32

GetComputerObjectNameW

user32

SetDlgItemInt
GetDlgItemInt
DestroyWindow
EndDialog
PostMessageW
IsWindowEnabled
SetWindowTextW
LoadImageW
MessageBoxW
SystemParametersInfoW
GetWindowLongW
SetWindowLongW
SetForegroundWindow
GetDC
DialogBoxParamW
SetCursor
PeekMessageW
DispatchMessageW
CreateDialogParamW
UpdateWindow
RegisterClipboardFormatW
ScreenToClient
IsWindow
GetWindowRect
SetWindowPos
SetClipboardData
EmptyClipboard
SetWindowLongPtrW
GetDlgItemTextW
GetWindowTextW
EnumChildWindows
MsgWaitForMultipleObjects
LoadIconW
ShowWindow
EnableWindow
CloseClipboard
CallWindowProcW
FindWindowExW
OpenClipboard
SetDlgItemTextW
LoadBitmapW
SendMessageW
GetClientRect
GetParent
GetWindowThreadProcessId
GetDlgItem
SendDlgItemMessageW
LoadCursorW
ReleaseDC
SetFocus
GetWindowLongPtrW

aclui

ord1

activeds

ord3
ord15

comctl32

PropertySheetW
CreatePropertySheetPageW
InitCommonControlsEx

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

cryptui

CryptUIDlgViewCertificateW
CryptUIDlgViewCRLW
CryptUIDlgFreeCAContext

gdi32

DeleteObject
GetDeviceCaps
CreateFontIndirectW
GetTextExtentPoint32W

ntdll

NtQuerySystemInformationEx

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

setupapi

SetupGetLineCountW
SetupCloseInfFile
SetupGetFieldCount
SetupFindNextLine
SetupGetIntField
SetupFindFirstLineW
SetupOpenInfFileW
SetupGetStringFieldW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certocm.dll
.dll regsvr32 windows:10 windows x64 arch:x64

c6a4ff182286c4c5e3c48985f9eaf508

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

certocm.pdb

Imports

msvcrt

__iob_func
vfwprintf
memcmp
memmove
memset
memcpy
__CxxFrameHandler3
bsearch
fwprintf
_wfopen_s
strcmp
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
realloc
_errno
_initterm
_amsg_exit
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_wcslwr
iswdigit
_wtoi
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcsncmp
wcscat_s
wcscpy_s
_wputenv
_ultow
wcscspn
wcsrchr
wcsstr
iswspace
ferror
fputws
strncmp
atoi
isdigit
fgets
fgetws
feof
_wcsnicmp
wcschr
_wcsicmp
_vsnwprintf
_XcptFilter
??0exception@@QEAA@XZ
memmove_s
fgetc
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
wcsncpy_s
malloc
free
_purecall
memcpy_s
__C_specific_handler
iswxdigit
_vsnprintf
__isascii
isxdigit
swscanf
iswalpha
_itow
strcspn
fprintf
fflush
fclose
fopen
_wgetenv
fseek
ftell
fwrite
strchr
getenv
_wfopen
wcscmp

certca

ord841
ord705
ord404
ord421
ord839
ord840
ord601
ord704
ord417
ord416
ord431
ord802
ord401
ord842
ord412
ord410
ord406
ord453
ord451
ord814
ord413
ord414
ord415
ord408
ord430
ord435
ord426
ord407
ord808
ord819
ord801
ord823
ord847
ord820
ord602
ord467
ord703
ord707
ord463
ord813
ord464
ord809
ord444
ord437
ord468

oleaut32

SysStringByteLen
VariantCopyInd
VarBstrCat
VariantCopy
SysAllocString
LoadRegTypeLi
SafeArrayAccessData
LoadTypeLi
SysFreeString
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
VariantClear
VarUI4FromStr
SysAllocStringLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SafeArrayGetElement
SafeArrayRedim
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadLibraryExW
SizeofResource
GetProcAddress
FindResourceExW
LoadStringW
LockResource
LoadResource
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

SetEvent
OpenEventW
InitializeCriticalSection
LeaveCriticalSection
ResetEvent
CreateEventW
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoCreateInstance
CoInitializeEx
CoTaskMemRealloc
StringFromGUID2
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID
CoSetProxyBlanket
CoCreateInstanceEx

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegSetKeySecurity
RegQueryValueExW
RegDeleteTreeW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
FoldStringW
CompareStringW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileW
DeleteFileW
FindClose
FindNextFileW
RemoveDirectoryW
GetFileType
FindFirstFileW
FileTimeToLocalFileTime
CompareFileTime
GetFullPathNameW
GetTempFileNameW
WriteFile
CreateDirectoryW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-security-base-l1-1-0

ImpersonateSelf
GetSidSubAuthorityCount
GetSidLengthRequired
InitializeSid
GetSidIdentifierAuthority
GetSidSubAuthority
AllocateAndInitializeSid
DuplicateToken
SetFileSecurityW
SetSecurityDescriptorSacl
CheckTokenMembership
FreeSid
GetSecurityDescriptorLength
RevertToSelf
CreateWellKnownSid
GetSecurityDescriptorOwner
CopySid
SetSecurityDescriptorGroup
GetSecurityDescriptorGroup
GetTokenInformation
AccessCheck
GetSecurityDescriptorDacl
AddAccessDeniedObjectAce
DeleteAce
AddAccessDeniedAce
GetAclInformation
AdjustTokenPrivileges
GetSecurityDescriptorSacl
GetLengthSid
InitializeAcl
GetAce
AddAce
AddAccessAllowedAce
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
IsValidSecurityDescriptor
EqualSid
GetSecurityDescriptorControl
MakeAbsoluteSD
AddAccessAllowedObjectAce
MakeSelfRelativeSD

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetComputerNameExW
GetLocalTime
GetTickCount
GetWindowsDirectoryW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW
LookupAccountSidW

api-ms-win-core-handle-l1-1-0

CloseHandle

crypt32

CryptHashCertificate
CertGetCertificateChain
CryptFormatObject
CryptEnumOIDInfo
CertVerifyCertificateChainPolicy
PFXImportCertStore
CryptDecodeObject
CryptDecodeObjectEx
CryptEncodeObjectEx
CertCreateCertificateContext
CryptStringToBinaryW
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CryptAcquireCertificatePrivateKey
CertGetPublicKeyLength
CertFindExtension
CertOpenStore
CertEnumCertificatesInStore
CertCloseStore
CertStrToNameW
CertGetCRLContextProperty
CertNameToStrW
CryptExportPublicKeyInfoEx
CryptExportPublicKeyInfo
CertVerifySubjectCertificateContext
CryptFindOIDInfo
CertFreeCertificateChain
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CertDuplicateCertificateContext
CryptImportPublicKeyInfo
CryptFreeOIDFunctionAddress
CertAddEncodedCertificateToStore
CryptGetOIDFunctionAddress
CryptInitOIDFunctionSet
CryptSignCertificate
CryptQueryObject
CryptExportPKCS8
CertComparePublicKeyInfo
PFXIsPFXBlob
CryptSignAndEncodeCertificate
CryptImportPublicKeyInfoEx2
CertCompareCertificateName

api-ms-win-core-localization-l1-2-0

GetThreadLocale
GetACP
SetThreadLocale
FormatMessageW
GetLocaleInfoW

wldap32

ord26
ord16
ord224
ord97
ord127
ord147
ord167
ord12
ord65
ord142
ord155
ord203
ord140
ord79
ord41
ord36
ord210
ord13
ord122
ord18
ord208
ord120

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId
GetCurrentProcess
GetExitCodeThread
TerminateProcess
OpenThreadToken
CreateThread

logoncli

DsGetDcNameW

samcli

NetUserModalsGet
NetLocalGroupAddMembers
NetLocalGroupDel
NetLocalGroupAdd

netutils

NetApiBufferFree

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
StartServiceW
CloseServiceHandle

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfig2W
ChangeServiceConfigW

userenv

ord104
ord122

srvcli

NetShareDel
NetShareGetInfo
NetShareAdd

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetEnvironmentVariableW
SearchPathW
GetCommandLineW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

rpcrt4

UuidCreate

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

bcrypt

BCryptEncrypt
BCryptGetProperty
BCryptDecrypt
BCryptExportKey
BCryptEnumAlgorithms
BCryptOpenAlgorithmProvider
BCryptSignHash
BCryptVerifySignature
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptFreeBuffer
BCryptDestroyHash
BCryptSetProperty

ncrypt

NCryptFreeObject
NCryptIsKeyHandle
NCryptGetProperty
NCryptEncrypt
NCryptOpenStorageProvider
NCryptEnumAlgorithms
NCryptEnumKeys
NCryptEnumStorageProviders
NCryptFreeBuffer
NCryptOpenKey
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFinalizeKey
NCryptDecrypt
NCryptImportKey
NCryptExportKey
NCryptDeriveKey
NCryptSecretAgreement
NCryptDeleteKey
NCryptVerifySignature
NCryptSignHash

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-security-lsalookup-l1-1-0

LookupAccountNameLocalW

advapi32

LsaClose
LogonUserW
CryptGetProvParam
CryptReleaseContext
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
CryptEnumProvidersW
CryptAcquireContextW
CryptSetProvParam
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
CryptDestroyKey
CryptGetUserKey
CryptImportKey
CryptGenRandom
CryptSignHashW
CryptVerifySignatureW
CryptGenKey
CryptEnumProvidersA
CryptGetKeyParam
LsaLookupNames2
CryptExportKey
CryptEncrypt
CryptDecrypt
CryptDuplicateHash
CryptContextAddRef
CryptDuplicateKey
CryptSetHashParam
CryptSetKeyParam

kernel32

GetUserDefaultUILanguage
lstrcmpiW
lstrlenA
MoveFileW
lstrcmpW
GetSystemDefaultUILanguage
GetComputerNameW

ole32

CoInitialize

secur32

GetComputerObjectNameW

user32

GetDlgItem
SetWindowTextW
GetWindowTextW
SetFocus
EndDialog
DialogBoxParamW
UnregisterClassA
SendMessageW
MessageBoxW
SetCursor
LoadCursorW

wininet

InternetCanonicalizeUrlW

shlwapi

StrRStrIW

ntdll

RtlInitUnicodeString
RtlNtStatusToDosError
NtQuerySystemInformationEx

comdlg32

CommDlgExtendedError
GetOpenFileNameW

credui

CredUIParseUserNameW

setupapi

SetupGetStringFieldW
SetupGetIntField
SetupCloseInfFile
SetupOpenInfFileW
SetupGetLineCountW
SetupFindFirstLineW
SetupGetFieldCount
SetupFindNextLine

shell32

SHCreateItemFromParsingName

Exports

Exports

CESSetAppPoolCredentials
CertSrvSetupImportPFX
CertSrvSetupImportPFX2
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DoServerUpgrade
MscepSetupSetAccountInformation

Sections

.text
Size: 511KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certtmpl.dll
.dll regsvr32 windows:10 windows x64 arch:x64

6ff56b0eb27c570c238265c7e036a505

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

certtmpl.pdb

Imports

mfc42u

ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord3535
ord4082
ord4083
ord4077
ord3164
ord4371
ord4988
ord4770
ord3805
ord1067
ord665
ord911
ord2329
ord5077
ord2661
ord3177
ord5245
ord4860
ord6880
ord1483
ord3761
ord4771
ord5702
ord4752
ord1777
ord6437
ord2517
ord5406
ord4721
ord5687
ord2393
ord6147
ord4473
ord6328
ord2856
ord4548
ord6632
ord624
ord1122
ord622
ord1287
ord1284
ord6886
ord567
ord1005
ord6223
ord3872
ord6705
ord6708
ord4436
ord4582
ord549
ord999
ord5382
ord2384
ord2311
ord6767
ord5584
ord659
ord1063
ord1479
ord4214
ord2752
ord1426
ord2408
ord2979
ord5887
ord5950
ord1381
ord3868
ord5227
ord5709
ord5246
ord4722
ord4699
ord5352
ord5114
ord5304
ord5583
ord5585
ord3916
ord4983
ord3534
ord6053
ord5711
ord5730
ord5065
ord4368
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord5719
ord1677
ord2676
ord1574
ord286
ord5927
ord1383
ord1358
ord6440
ord628
ord1042
ord5935
ord1657
ord2474
ord5586
ord2532
ord3362
ord912
ord832
ord1355
ord568
ord3873
ord5006
ord4541
ord2587
ord4742
ord3483
ord3746
ord2088
ord6261
ord2631
ord3000
ord3830
ord6832
ord5815
ord6821
ord5804
ord1812
ord4557
ord337
ord852
ord1286
ord4544
ord2595
ord3820
ord2449
ord1441
ord1650
ord2903
ord6691
ord2906
ord5792
ord3774
ord867
ord6614
ord6351
ord3881
ord1019
ord2781
ord2801
ord4602
ord1498
ord4027
ord2422
ord2023
ord4542
ord2589
ord4743
ord3751
ord2326
ord2593
ord4747
ord3501
ord3806
ord2902
ord4257
ord2785
ord3417
ord3396
ord1906
ord6418
ord5912
ord4131
ord2783
ord1262
ord6393
ord6385
ord6326
ord3180
ord3182
ord560
ord1003
ord4583
ord5082
ord3870
ord4779
ord2059
ord4787
ord5710
ord1698
ord3894
ord1035
ord2586
ord4741
ord3743
ord822
ord2379
ord2327
ord3437
ord6543
ord5934
ord3178
ord4424
ord4245
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord3243
ord3049
ord5699
ord2140
ord2399
ord5663
ord4746
ord2592
ord4543
ord2024
ord2425
ord6801
ord1774
ord620
ord2846
ord1126
ord1463
ord287
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5229
ord4017
ord5712
ord4694
ord1778
ord5937
ord6812
ord1365
ord4365
ord1040
ord626
ord1006
ord6887

msvcrt

memset
memcpy
__RTDynamicCast
strcmp
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_vsnwprintf
??0exception@@QEAA@XZ
iswspace
_ultow
realloc
wcschr
wcsstr
_wcsnicmp
memmove_s
memcpy_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
atoi
strncmp
strstr
strspn
??0exception@@QEAA@AEBV0@@Z
__C_specific_handler
_wcsicmp
_stricmp
_purecall
malloc
free
__CxxFrameHandler3
_strcmpi
wcscmp

atl

ord21
ord32
ord15
ord16

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
GlobalFree
LocalFree

crypt32

CertFindExtension
CryptFindOIDInfo
CryptEnumOIDInfo
CryptEncodeObject
CryptDecodeObject

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter

ncrypt

NCryptGetProperty
NCryptFreeObject
NCryptOpenStorageProvider
NCryptFreeBuffer
NCryptEnumAlgorithms
NCryptCreatePersistedKey
NCryptEnumStorageProviders

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
SleepConditionVariableSRW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
GetHGlobalFromStream
StringFromCLSID
CoTaskMemAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
GetProcAddress
FreeLibrary
GetModuleHandleExW
LoadStringW
LoadResource
LockResource
LoadLibraryExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW

netutils

NetApiBufferFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount
GetVersionExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
ReleaseSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection

logoncli

DsGetDcNameW

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

api-ms-win-security-base-l1-1-0

FreeSid
CheckTokenMembership
AccessCheckByType
GetSecurityDescriptorControl
DuplicateToken
SetPrivateObjectSecurityEx
SetSecurityDescriptorControl
GetPrivateObjectSecurity
GetSecurityDescriptorDacl
AllocateAndInitializeSid
MapGenericMask

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
OpenThreadToken
OpenProcessToken
GetCurrentThread

api-ms-win-core-handle-l1-1-0

CloseHandle

wldap32

ord26
ord18
ord46
ord73
ord127
ord140
ord224
ord167
ord41
ord79
ord142
ord203
ord36
ord210
ord208
ord12
ord14
ord16
ord145
ord13

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW

bcrypt

BCryptFreeBuffer
BCryptEnumAlgorithms

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

certca

ord477
ord479
ord473
ord481
ord475
ord855
ord435
ord837
ord464
ord482
ord449
ord441
ord440
ord438
ord492
ord491
ord412
ord405
ord404
ord414
ord413
ord442
ord454
ord450
ord467
ord468
ord470
ord445
ord462
ord456
ord458
ord457
ord453
ord455
ord460
ord446
ord444
ord466
ord452

ntdll

RtlInitUnicodeString
RtlCompareUnicodeString

aclui

ord2
ord1

activeds

ord3

advapi32

CryptGetProvParam
CryptAcquireContextW
CryptEnumProvidersW
CryptReleaseContext
GetUserNameW

gdi32

DeleteObject

kernel32

QueryActCtxW
GlobalUnlock
FindActCtxSectionStringW
ActivateActCtx
DeactivateActCtx
lstrcmpiW
GlobalLock
GetComputerNameW
ReleaseActCtx
CreateActCtxW

ntdsapi

DsFreeDomainControllerInfoW
DsUnBindW
DsBindW
DsGetDomainControllerInfoW

ole32

CoUninitialize
ReleaseStgMedium
CoInitialize

shell32

ShellExecuteW

user32

LoadImageW
GetParent
PostMessageW
WinHelpW
MessageBoxW
RegisterClipboardFormatW
GetActiveWindow
wsprintfW
LoadMenuW
GetSubMenu
ScreenToClient
ChildWindowFromPointEx
InsertMenuItemW
SendMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetAncestor
SetWindowLongPtrW
FindWindowExW
GetWindow
GetFocus
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
SetFocus
EnableWindow
LoadIconW
GetClientRect
LoadBitmapW
CallNextHookEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

1aae8bf580c846f39c71c05898e57e88

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 9.4MB - Virtual size: 9.4MB

.rdata Size: 13.4MB - Virtual size: 13.4MB

.data Size: 421KB - Virtual size: 595KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 709KB - Virtual size: 709KB

.symtab Size: 512B - Virtual size: 4B

.rsrc Size: 22KB - Virtual size: 21KB

715217d77a26c9c4889f8ca4930cc478

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

28:28:1c:73:95:be:53:a8:7f:ed:0b:12:9d:cf:9b:e5:01:53:70:71:48:be:cb:36:b2:2e:6e:81:78:55:f3:faSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-private-l1-1-1

api-ms-win-security-provider-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-eventing-legacy-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-file-l1-2-1

ntdll

userenv

crypt32

rpcrt4

oleaut32

bcrypt

wintrust

Exports

Exports

.text
Size: 9.4MB - Virtual size: 9.4MB

.rdata
Size: 13.4MB - Virtual size: 13.4MB

.data
Size: 421KB - Virtual size: 595KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 709KB - Virtual size: 709KB

.symtab
Size: 512B - Virtual size: 4B

.rsrc
Size: 22KB - Virtual size: 21KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

28:28:1c:73:95:be:53:a8:7f:ed:0b:12:9d:cf:9b:e5:01:53:70:71:48:be:cb:36:b2:2e:6e:81:78:55:f3:fa
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 732KB - Virtual size: 731KB

.data
Size: 9KB - Virtual size: 23KB

.pdata
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

1b:45:8b:e3:f3:31:80:47:c9:d6:ca:38:67:ba:e8:bd:a3:cf:74:5b:6b:5a:be:f3:30:2b:48:13:5a:ca:ce:e4
Signer

.text
Size: 485KB - Virtual size: 485KB

.rdata
Size: 234KB - Virtual size: 234KB

.data
Size: 21KB - Virtual size: 23KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 53KB - Virtual size: 52KB

.reloc
Size: 3KB - Virtual size: 2KB