v6[.]15[.]8_installer_x64_[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

v6.15.8_installer_x64_.zip
Size

51.5MB
MD5

c0fef7eef8395a49ef48b63ab7b46789
SHA1

1f27e4d4eeca43a814eaffe97a4e96bf86f8898d
SHA256

1bbae7fd65ce859fdebbef69b00e51de4940b85cbf3171f0199f444677b42ae5
SHA512

25476f8634c209c329694249d90a2eaefcf7b8675ed1201d850b8c6d6ebe4f61aa1e3e5449f2d67db41929e6dc8b7ec328f1d41fc79e34221c640b5e60b1c3cf
SSDEEP

1572864:TOp+AkxOx6mkMspNbawUPlE6t7NqR2nWXHxMDT5oNc:TA+M6mk5pshPlE6t7NqR2nYMf5p

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Repository/dnsclientcim.dll
unpack001/Repository/dnsclientpsprovider.dll
unpack001/Repository/dsprov.dll
unpack001/SR/spsrx.dll
unpack001/SR/srloc.dll
unpack001/SpeechUX/SpeechUXPS.DLL
unpack001/SpeechUX/sapi.cpl
unpack001/SpeechUX/speechuxcpl.dll
unpack001/TTS/MSTTSLoc.dll
unpack001/UMDF/EhStorPwdDrv.dll
unpack001/UMDF/HidTelephony.dll
unpack001/UMDF/IddCx.dll
unpack001/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll
unpack001/UMDF/NfcCx.dll

Files

v6.15.8_installer_x64_.zip
.zip
Repository/dnsclientcim.dll
.dll regsvr32 windows:10 windows x64 arch:x64

cfca51f8bf1bf8f90661aaeef676fdc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dnsclientcim.pdb

Imports

msvcrt

memcpy
_XcptFilter
_amsg_exit
_vsnwprintf
__C_specific_handler
_ui64tow_s
malloc
_wcsicmp
free
swprintf_s
_initterm
memset

ntdll

EtwTraceMessageVa
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlLoadString

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-heap-l2-1-0

LocalFree

dnsapi

DnsValidateServerStatus
DnsQuery_W
DnsFree
DnsQueryConfig
DnsResolverOp
DnsGetCacheDataTable
DnsFlushResolverCache
DnsNotifyResolver

ws2_32

WSACleanup
WSAGetLastError
GetAddrInfoW
WSAStartup
GetHostNameW
FreeAddrInfoW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

iphlpapi

GetAdaptersAddresses

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 1024B - Virtual size: 959B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Repository/dnsclientpsprovider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

47a7811f3d8736ad100cd1666b45c8f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DnsClientPsProvider.pdb

Imports

msvcrt

?terminate@@YAXXZ
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
iswdigit
_purecall
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
memmove
_onexit
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
__dllonexit
_unlock
_lock
__C_specific_handler
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
_initterm
_amsg_exit
_XcptFilter
malloc
free
??1type_info@@UEAA@XZ
memcpy
swprintf_s
memset

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW
GetSystemDirectoryW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary
GetProcAddress
LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

EtwTraceMessageVa
RtlIpv6StringToAddressW
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlIpv4StringToAddressW

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegGetValueW
RegCreateKeyExW
RegEnumKeyExW

api-ms-win-core-localization-l1-2-0

LocaleNameToLCID
SetThreadPreferredUILanguages
GetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

mi

mi_clientFT_V1

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Repository/dsprov.dll
.dll regsvr32 windows:10 windows x64 arch:x64

f512e8a06eebaee00a6ec0e81b77e259

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dsprov.pdb

Imports

msvcrt

_unlock
memset
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_onexit
_lock
__dllonexit
_amsg_exit
__CxxFrameHandler3
malloc
free
swscanf
towlower
??1exception@@UEAA@XZ
memcpy_s
_vsnprintf_s
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
memmove_s
iswspace
_vsnprintf
atol
sscanf_s
_wtol
?terminate@@YAXXZ
_purecall
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_vsnwprintf
_wcsnicmp
_wcsicmp
_XcptFilter
_CxxThrowException
memcmp
memcpy
wcscmp

provthrd

?s_aLogs@ProvDebugLog@@2PAV1@A
?WriteW@ProvDebugLog@@QEAAXPEBGZZ

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
OpenSemaphoreW
InitializeCriticalSectionEx
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockExclusive
CreateMutexExW
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObjectEx
ReleaseMutex

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress
GetModuleFileNameW

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromGUID2
CoGetCallContext

oleaut32

VariantCopy
SafeArrayCreate
SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocString
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayPutElement
SafeArrayUnaccessData
SysFreeString
SafeArrayAccessData
SafeArrayDestroy
VariantChangeTypeEx

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
OpenThreadToken
GetCurrentProcessId

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

LCMapStringW
FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation

api-ms-win-core-file-l1-1-0

CompareFileTime

activeds

ord9
ord4
ord6
ord5
ord15

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SR/spsrx.dll
.dll regsvr32 windows:10 windows x64 arch:x64

623052070b7eb1d9cebfa38f9eb93fca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

spsrx.pdb

Imports

kernel32

LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DisableThreadLibraryCalls
SetLastError
WideCharToMultiByte
GetCommandLineA
FlsSetValue
GetVersionExW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
EncodePointer
DecodePointer
FlsAlloc
FlsGetValue
FlsFree
FreeLibrary
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
HeapCreate
HeapDestroy
HeapSetInformation
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringA
WriteFile
HeapReAlloc
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
Sleep
GetStringTypeW
LCMapStringW
GetVersion
HeapWalk
GetProcAddress
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapAlloc
HeapFree

user32

UnregisterClassA
CharNextW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SR/srloc.dll
.dll regsvr32 windows:10 windows x64 arch:x64

d83c436f2c45db50cdd9841f0ed5cf06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

srloc.pdb

Imports

kernel32

RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
WideCharToMultiByte
GetCommandLineA
FlsSetValue
GetVersionExW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
EncodePointer
DecodePointer
SetLastError
FlsAlloc
FlsGetValue
FlsFree
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
HeapCreate
HeapDestroy
GetModuleHandleW
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringA
WriteFile
HeapReAlloc
HeapSize
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesA
GetStringTypeW
LCMapStringW
GetLocaleInfoW
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReadFileEx
VirtualFree
MapViewOfFile
LoadLibraryExW
GetProcAddress
FreeLibrary
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapAlloc
CreateFileMappingW
UnmapViewOfFile
lstrcmpiW
HeapSetInformation
HeapFree
GetProcessHeap
SetEndOfFile
WriteConsoleW
RtlPcToFileHeader
SetFilePointer
FlushFileBuffers
RtlUnwind
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetStdHandle
GetVersion
HeapWalk
CreateFileW
CloseHandle
GetFileSize
ReadFile
ExpandEnvironmentStringsW
LoadLibraryW

user32

UnregisterClassA
CharNextW
CharLowerBuffW
IsCharLowerW
CharUpperBuffW
IsCharUpperW
GetKeyboardLayoutList
CharLowerW

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

oleaut32

SysStringLen
VarUI4FromStr
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysFreeString

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CLSIDFromProgID
StringFromCLSID

imm32

ImmEnumRegisterWordW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpeechUX/SpeechUXPS.DLL
.dll regsvr32 windows:10 windows x64 arch:x64

8829fd2a260d90741120b084abeb8d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SpeechUXPS.pdb

Imports

msvcrt

_amsg_exit
malloc
_XcptFilter
_initterm
__C_specific_handler
free
memcmp

kernel32

GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
DisableThreadLibraryCalls
Sleep
GetCurrentProcess

oleaut32

BSTR_UserFree
BSTR_UserUnmarshal64
BSTR_UserMarshal64
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserSize64
BSTR_UserUnmarshal

rpcrt4

CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
NdrStubCall3
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
CStdStubBuffer_Invoke
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease

api-ms-win-core-marshal-l1-1-0

HWND_UserUnmarshal64
HWND_UserMarshal64
HWND_UserMarshal
HWND_UserSize
HWND_UserSize64
HWND_UserFree64
HWND_UserFree
HWND_UserUnmarshal

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient4
ObjectStublessClient24
CStdStubBuffer2_Connect
NdrProxyForwardingFunction3
ObjectStublessClient21
ObjectStublessClient16
ObjectStublessClient10
ObjectStublessClient17
ObjectStublessClient26
ObjectStublessClient9
ObjectStublessClient27
ObjectStublessClient8
CStdAsyncStubBuffer_QueryInterface
ObjectStublessClient6
ObjectStublessClient19
CStdAsyncStubBuffer_Invoke
CStdAsyncStubBuffer_AddRef
CStdStubBuffer2_QueryInterface
ObjectStublessClient5
CStdAsyncStubBuffer_Connect
CStdAsyncStubBuffer_Release
CStdAsyncStubBuffer_Disconnect
ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient11
CStdStubBuffer2_CountRefs
ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient25
ObjectStublessClient18
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient15
ObjectStublessClient23
CStdStubBuffer2_Disconnect
ObjectStublessClient7
ObjectStublessClient13

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpeechUX/sapi.cpl
.dll regsvr32 windows:10 windows x64 arch:x64

02aeb6e42acafca4d9e23e7cc11e41ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sapi.pdb

Imports

msvcrt

free
malloc
__C_specific_handler
_itow
wcsncpy_s
memcpy_s
wcscpy_s
wcscat_s
_vsnwprintf
wcschr
wcsncmp
_ultow_s
_wcsicmp
_wcslwr
iswspace
memmove_s
tolower
wcsrchr
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
realloc
_lock
_unlock
__dllonexit
_onexit
memcpy
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBDH@Z
memset

gdi32

SetTextColor
SetBkColor
ExtTextOutW
GetTextExtentPoint32W

user32

GetFocus
FindWindowW
DestroyWindow
GetParent
ShowWindow
LoadIconW
GetSystemMetrics
CharNextW
MessageBoxW
DrawFocusRect
IsWindow
SendDlgItemMessageW
SendMessageW
GetDlgItem
EnableWindow
LoadStringW
EndDialog
SetWindowLongPtrW
GetWindowLongPtrW
SystemParametersInfoW
LoadImageW
SetForegroundWindow
MessageBeep
SetFocus
SetCursor
PrivateExtractIconsW
CallWindowProcW
SetWindowTextW
UnregisterClassA
GetSysColor
LoadCursorW
DialogBoxParamW

kernel32

DeactivateActCtx
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetUserDefaultLangID
GetCommandLineW
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
LockResource
ExpandEnvironmentStringsW
GetCurrentProcess
LocalFree
OpenMutexW
ReleaseMutex
CreateMutexW
CloseHandle
WaitForSingleObject
CreateProcessW
GetWindowsDirectoryW
SearchPathW
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
GetModuleHandleW
SetLastError
GetUserDefaultUILanguage
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
GetSystemDirectoryW
GetModuleFileNameW
GetLastError
LoadLibraryExW

advapi32

GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
OpenProcessToken
RegOpenKeyExW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetUserNameW
RegQueryValueExW

shell32

CommandLineToArgvW
ShellExecuteW

ole32

PropVariantClear
StringFromCLSID
StringFromGUID2
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid

oleaut32

SysFreeString
VarUI4FromStr
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi

ntdll

WinSqmAddToStream

shlwapi

PathFindExtensionW
PathParseIconLocationW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

CPlApplet
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpeechUX/speechuxcpl.dll
.dll regsvr32 windows:10 windows x64 arch:x64

9602aa96e1595eb184b0fde3b2bd3ceb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

speechuxcpl.pdb

Imports

msvcrt

_vsnprintf_s
memcmp
memmove_s
__CxxFrameHandler3
_beginthreadex
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
malloc
free
__C_specific_handler
vswprintf_s
_vscwprintf
memcpy_s
wcschr
tolower
_ultow_s
_vsnwprintf
memset

user32

DestroyIcon
GetFocus
LoadStringW
FindWindowW
SetForegroundWindow
SendMessageW
IsWindow
GetForegroundWindow
GetWindowLongW
MessageBoxW

dui70

?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?AddRef@XProvider@DirectUI@@UEAAKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1XProvider@DirectUI@@UEAA@XZ
??0XProvider@DirectUI@@QEAA@XZ
?Release@Value@DirectUI@@QEAAXXZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
??1Element@DirectUI@@UEAA@XZ
??0Element@DirectUI@@QEAA@XZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
??1CritSecLock@DirectUI@@QEAA@XZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
??0ClassInfoBase@DirectUI@@QEAA@XZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?Register@Element@DirectUI@@SAJXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
InitProcessPriv
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
UnInitThread
UnInitProcessPriv
InitThread
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z

kernel32

LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapDestroy
GetLastError
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetModuleFileNameW
FormatMessageW
GetModuleHandleExW
GetModuleFileNameA
ActivateActCtx
GetModuleHandleW
GetProcAddress
LockResource
OutputDebugStringW
SetLastError
ReleaseSemaphore
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
OpenSemaphoreW
CreateThreadpoolTimer
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CompareStringOrdinal
InitOnceBeginInitialize
InitOnceComplete
CreateMutexExW
LeaveCriticalSection
CreateSemaphoreExW
ReleaseActCtx
CreateActCtxW
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetExitCodeThread
RaiseException
CloseHandle
DisableThreadLibraryCalls
HeapFree
GetProcessHeap
HeapAlloc
IsDebuggerPresent
DeactivateActCtx
LoadLibraryExW
SizeofResource
ResolveDelayLoadedAPI
DelayLoadFailureHook
DebugBreak

advapi32

EventRegister
EventWriteTransfer
EventUnregister

shell32

ord155
SHParseDisplayName
SHGetFolderPathW
ord25
ord18
ShellExecuteExW
ShellExecuteW
SHBindToObject

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx

oleaut32

VariantClear

advpack

RegInstallW

ntdll

EtwEventSetInformation
EtwEventRegister
EtwLogTraceEvent
WinSqmAddToStream
EtwEventUnregister
EtwEventWriteTransfer

shlwapi

ord174
ord514
ord24
ord618
ord219
ord176
ord256
ord172
ord199
ord158
ord204
SHStrDupW
ord156

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTS/MSTTSLoc.dll
.dll windows:10 windows x64 arch:x64

936851e62dbbc290e5656d1905192998

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MSTTSLoc.pdb

Imports

msvcrt

swprintf_s
_errno
pow
memset
memmove
qsort_s
wcstombs_s
_wsplitpath_s
swscanf_s
wcsncpy_s
_wcsdup
realloc
_strnicmp
_vsnwprintf
iswupper
wcstok
_wcsnicmp
iswdigit
wcsncmp
wcsrchr
wcsstr
bsearch
memmove_s
_wtoi
_wcsicmp
wcschr
towlower
_purecall
qsort
wcscpy_s
memcpy_s
__C_specific_handler
sqrt
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
iswlower
__CxxFrameHandler3
calloc
fwprintf
free
iswalpha
memcpy
memcmp
printf
exit
__RTDynamicCast
exp
expf
log
wcscmp

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr

ole32

CoTaskMemRealloc
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc

kernel32

WideCharToMultiByte
GetFileType
OutputDebugStringA
CompareStringW
HeapDestroy
GetProcessHeap
MapViewOfFileEx
CreateFileMappingW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
DeleteCriticalSection
RaiseException
DisableThreadLibraryCalls
InitializeCriticalSection
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetLastError
CloseHandle
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
GetFileSize
GetSystemDirectoryW
LoadLibraryExW
FindResourceExW
lstrcmpiW
GetModuleFileNameW
GetModuleHandleW
SetLastError
SizeofResource
LockResource
LoadResource
FreeLibrary
GetProcAddress
LoadLibraryW
CreateFileW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW

user32

UnregisterClassA
CharLowerBuffW
CharLowerW
CharNextW

shell32

SHGetFileInfoW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW

Exports

Exports

GetLocaleHandler

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/EhStorPwdDrv.dll
.dll windows:10 windows x64 arch:x64

534a0927defe4d5bb14c2ca60ad1d5ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

EhStorPwdDrv.pdb

Imports

msvcrt

memcmp
__CxxFrameHandler3
memcpy
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_CxxThrowException
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memcpy_s
_callnewh
malloc
free
_purecall
__C_specific_handler
_unlock
memset

kernel32

HeapSize
InitializeCriticalSection
GetVersionExW
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
HeapReAlloc
MultiByteToWideChar
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc
GetProcessHeap
HeapDestroy
GetLastError
RtlVirtualUnwind

ole32

CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
PropVariantClear

oleaut32

SysFreeString
SysAllocString

advapi32

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
CryptGenRandom
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
TraceEvent
UnregisterTraceGuids

Exports

Exports

DllGetClassObject
Microsoft_WDF_UMDF_Version

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/HidTelephony.dll
.dll windows:10 windows x64 arch:x64

7143fc73024f2f4e0fdd7e4df5c226e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

HidTelephony.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__seh_filter_dll
memmove
_o_free
_o_malloc
__C_specific_handler
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__cexit
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__callnewh
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlVirtualUnwind
DbgPrintEx
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateThread
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-core-synch-l1-1-0

OpenEventW
ResetEvent
CreateEventW
WaitForSingleObject
SetEvent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObjectEx

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

PropVariantClear
CoCreateInstance

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

hid

HidP_GetUsages
HidP_UsageListDifference
HidP_MaxUsageListLength
HidP_GetButtonCaps
HidP_GetSpecificButtonCaps
HidP_GetCaps
HidP_SetUsages
HidP_UnsetUsages
HidP_GetLinkCollectionNodes

wpprecorderum

WppAutoLogStart
WppAutoLogStop
WppAutoLogTrace

callhistoryclient

UdmCreateDataSession
UdmCreateSyncCallbackHandler

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

phoneom

PhoneGetProviderLineInfo
PhoneFreeCallInfo
PhoneIsActionAvailable
PhoneDial
PhoneSwap
PhoneSendDTMF
PhoneRejectIncoming
PhoneDropAccept
PhoneAcceptIncomingEx
PhoneGetState
PhoneConference
PhoneGetProviderLineServiceInfo
PhonePrivate
PhoneGetDefaultOutgoingLine
PhoneAPIInitialize
PhoneGetLines
PhoneRemoveListener
PhoneAddListener
PhoneSetHold
PhoneEnd

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/IddCx.dll
.dll windows:10 windows x64 arch:x64

0bd8e168fad73542a802ed0ffedd1cce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

IddCx.pdb

Imports

msvcrt

_purecall
??1type_info@@UEAA@XZ
_onexit
??3@YAXPEAX@Z
__dllonexit
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memcmp
_wsetlocale
__crtLCMapStringW
memcpy_s
_wcsdup
memset
_vsnwprintf
__CxxFrameHandler3
calloc
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
_errno
_unlock
_lock
setlocale
__uncaught_exception
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
_callnewh
malloc
strcspn
localeconv
free
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
sprintf_s
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??_V@YAXPEAX@Z
_vscprintf
memmove_s
wcscpy_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
abort

ntdll

NtQuerySystemInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
DbgPrintEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateEventW
CreateEventExW
WaitForSingleObjectEx
ResetEvent
InitializeSRWLock
TryAcquireSRWLockExclusive
SetEvent
ReleaseSemaphore
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OpenSemaphoreW
WaitForSingleObject
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseMutex
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
CreateThread
TerminateProcess
GetCurrentThreadId
ExitProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
UnregisterTraceGuids

wpprecorderum

WppAutoLogTrace
WppAutoLogStop
WppAutoLogStart

api-ms-win-dx-d3dkmt-l1-1-0

D3DKMTEscape
D3DKMTCloseAdapter

api-ms-win-security-base-l1-1-0

AllocateLocallyUniqueId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-dx-d3dkmt-l1-1-1

D3DKMTOpenAdapterFromLuid

api-ms-win-dx-d3dkmt-l1-1-2

D3DKMTAbandonSwapChain

d2d1

ord1

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

dwrite

DWriteCreateFactory

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll
.dll windows:10 windows x64 arch:x64

abbac69270f8a5d2e4dfeb1d2908df5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Bluetooth.Profiles.HidOverGatt.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_qsort
_o_realloc
_o_strcat_s
_o_wcstoull
__C_specific_handler
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset
strnlen

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString
RtlVirtualUnwind
DbgPrintEx
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
NtQuerySystemInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSRWLockExclusive
SetEvent
CreateEventExW
AcquireSRWLockExclusive
CreateEventW
ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
OpenSemaphoreW
CreateSemaphoreExW
CreateMutexExW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceEnableLevel

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoActivateInstance
RoGetActivationFactory

api-ms-win-core-com-l1-1-0

CoIncrementMTAUsage
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoDecrementMTAUsage

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-com-l1-1-1

RoGetAgileReference

wpprecorderum

WppAutoLogStart
WppAutoLogStop
WppAutoLogTrace

api-ms-win-core-io-l1-1-0

DeviceIoControl

bcrypt

BCryptCreateHash
BCryptGetProperty
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptOpenAlgorithmProvider

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

devobj

DevObjGetClassDevs
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInterfaces
DevObjCreateDeviceInfoList
DevObjDestroyDeviceInfoList

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/NfcCx.dll
.dll windows:10 windows x64 arch:x64

ff52f8de87fa8680782f83a0278acd52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NfcCx.pdb

Imports

msvcrt

__C_specific_handler
strtok_s
_vsnwprintf
sprintf_s
toupper
_amsg_exit
_XcptFilter
_callnewh
wcstombs_s
_initterm
swscanf_s
wcschr
free
memmove
memcpy
memcmp
malloc
memcpy_s
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
DbgPrintEx

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
UnregisterTraceGuids

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetCurrentProcessId
OpenProcessToken
ResumeThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
CreateThread

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-com-l1-1-0

StringFromGUID2

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateEventW
WaitForSingleObject
DeleteCriticalSection
ResetEvent
CreateEventA
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitializeSRWLock
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CallbackMayRunLong
CloseThreadpoolTimer
CloseThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA

api-ms-win-core-heap-l2-1-0

LocalAlloc

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app__v6.15.8_t.msi
.msi

Sharing

General

Malware Config

Signatures

Files

cfca51f8bf1bf8f90661aaeef676fdc5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l2-1-0

dnsapi

ws2_32

api-ms-win-core-registry-l1-1-1

iphlpapi

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.wpp_sf Size: 1024B - Virtual size: 959B

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 18KB - Virtual size: 19KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

47a7811f3d8736ad100cd1666b45c8f8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-obsolete-l1-1-0

mi

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 107KB

.wpp_sf Size: 1KB - Virtual size: 1KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 6KB - Virtual size: 8KB

.pdata Size: 5KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 144B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

f512e8a06eebaee00a6ec0e81b77e259

Headers

DLL Characteristics

File Characteristics

PDB Paths

.text
Size: 28KB - Virtual size: 28KB

.wpp_sf
Size: 1024B - Virtual size: 959B

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 18KB - Virtual size: 19KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 108KB - Virtual size: 107KB

.wpp_sf
Size: 1KB - Virtual size: 1KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 6KB - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 144B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 512B - Virtual size: 444B

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 8KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 1024B - Virtual size: 852B

.text
Size: 309KB - Virtual size: 308KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 79KB - Virtual size: 87KB