I@ucnherEx[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

[email protected]
Size

11.5MB
MD5

e17763ef1ee58d850380d2a4d6817c53
SHA1

5d702dfd8c85a50f95d538c3afaa61395136a455
SHA256

fd17c39f31d3ad3ce0c7d7f3ad03e85f0475e3e84e3e582dcac4864f8a2390c7
SHA512

6ae17f89f46bb61b286319306c71d4bbf130f5e685fe8d0bc991fb9966e83199c81edda2695ab6be799643f1d1ac33e25871aae0d0331542073aca4a1a1ed084
SSDEEP

196608:DwKvTooU6zxaJNjb1H/RZKCSHuknYoEwGyFSD/4ATpD3N2w7261cA/fGuAhRkY4V:DzZErjb1H/ZSpz7GysDQsDd2w7j68f/d

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack002/ExxxxSet_up.exe
unpack002/UP/AspNetMMCExt.ni.dll
unpack002/UP/AudioEndpointBuilder.dll
unpack002/UP/AuthFWSnapin.dll
unpack002/UP/audiosrv.dll
unpack002/UP/authfwcfg.dll

Files

[email protected]
.rar

Password: 1885
ExxxxSet_up.rar
.rar

Password: 1885
ExxxxSet_up.exe
.exe windows:6 windows x86 arch:x86

Password: 1885

1aae8bf580c846f39c71c05898e57e88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 13.3MB - Virtual size: 13.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18.3MB - Virtual size: 18.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 954KB - Virtual size: 954KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UP/AspNetMMCExt.ni.dll
.dll windows:5 windows x64 arch:x64

Password: 1885

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AspNetMMCExt.pdb

Sections

.data
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 826KB - Virtual size: 826KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extjmp
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extrel
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UP/AudioEndpointBuilder.dll
.dll windows:10 windows x64 arch:x64

Password: 1885

321a01d0256a771698d60a2f7ed40ad3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AudioEndpointBuilder.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-string-l1-1-0

wcsncmp
memset
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
memmove
_o_calloc
_o_free
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_towlower
_o_wcsncpy_s
_o_wcstol
_o_wmemcpy_s
_o__crt_atexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__errno
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
SizeofResource
LockResource
LoadResource
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceExW
DisableThreadLibraryCalls
LoadStringW
GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSection
ResetEvent
ReleaseSemaphore
ReleaseSRWLockShared
CreateSemaphoreExW
SetEvent
CreateEventW
InitializeSRWLock
WaitForMultipleObjectsEx
CreateEventExW

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetExitCodeProcess
TerminateProcess
CreateProcessW
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

SysAllocString
SysStringByteLen
SysStringLen
VarBstrCmp
SysAllocStringByteLen
SysFreeString

ntdll

RtlHashUnicodeString
RtlNtStatusToDosError
WinSqmAddToStreamEx
RtlPublishWnfStateData
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlReportException
RtlDllShutdownInProgress
RtlAllocateMemoryBlockLookaside
NtQueryInformationProcess
EtwTraceMessage
EtwEventRegister
EtwEventSetInformation
EtwEventUnregister
EtwEventWriteTransfer
RtlCreateMemoryBlockLookaside
RtlGetCurrentServiceSessionId
RtlGetActiveConsoleId
RtlFreeMemoryBlockLookaside
RtlInitUnicodeString
RtlExtendMemoryBlockLookaside

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWork
SetThreadpoolTimerEx
IsThreadpoolTimerSet
CreateThreadpoolWork
SetThreadpoolTimer
CloseThreadpool
SubmitThreadpoolWork
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegGetValueW
RegEnumKeyExW

api-ms-win-devices-config-l1-1-1

CM_Get_Device_IDW
CM_Unregister_Notification
CM_Get_DevNode_PropertyW
CM_Get_Device_ID_Size
CM_Get_Sibling
CM_Get_Child
CM_Register_Notification
CM_Locate_DevNodeW
CM_Open_DevNode_Key
CM_MapCrToWin32Err

api-ms-win-devices-query-l1-1-0

DevFindProperty
DevGetObjectProperties
DevFreeObjectProperties
DevGetObjects
DevSetObjectProperties
DevFreeObjects
DevCreateObjectQuery
DevCloseObjectQuery

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString
WindowsGetStringLen
WindowsGetStringRawBuffer

api-ms-win-core-winrt-registration-l1-1-0

RoGetActivatableClassRegistration

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
CompareStringOrdinal

api-ms-win-devices-swdevice-l1-1-0

SwDevicePropertySet
SwDeviceInterfacePropertySet
SwDeviceCreate
SwDeviceInterfaceRegister
SwDeviceClose
SwDeviceInterfaceSetState

mmdevapi

ord2
ord21
ord29
ord7
ord9
ord27
ord15

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-io-l1-1-0

PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl

api-ms-win-security-base-l1-1-0

MakeSelfRelativeSD
MakeAbsoluteSD
AddAce
GetSecurityDescriptorLength
GetLengthSid
IsValidSid
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
InitializeSid
CopySid
GetSecurityDescriptorControl
GetAclInformation
InitializeSecurityDescriptor
GetSidLengthRequired
GetSidSubAuthority
GetSecurityDescriptorGroup
InitializeAcl

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW
GetTickCount

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
TraceEvent

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathParseIconLocationW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

sinf

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 540KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 183B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 32B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UP/AudioEng.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 1885

34e7cb1f513e96f7c2540bdc53e88ee5

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:b7:ca:62:16:c8:eb:54:1f:6c:1a:f7:5f:03:76:88:b2:bc:6e:03:b2:b2:73:93:e8:35:aa:f2:04:8d:cb:ab
Signer

Actual PE Digest

a0:b7:ca:62:16:c8:eb:54:1f:6c:1a:f7:5f:03:76:88:b2:bc:6e:03:b2:b2:73:93:e8:35:aa:f2:04:8d:cb:ab

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AUDIOENG.pdb

Imports

oleaut32

VarUI4FromStr

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventActivityIdControl
EventSetInformation

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapSize
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-com-l1-1-0

PropVariantClear
StringFromCLSID
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
IIDFromString
CoTaskMemAlloc
CoCreateGuid
CoDisconnectObject
StringFromIID

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

SetThreadLocale
FormatMessageW
GetThreadLocale

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-synch-l1-1-0

ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
InitializeSRWLock
CreateEventW
AcquireSRWLockExclusive
CreateEventA
WaitForSingleObject
OpenSemaphoreW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
ResetEvent
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
SetWaitableTimer
SetEvent
LeaveCriticalSection
CreateMutexExW
CreateSemaphoreExW
WaitForMultipleObjectsEx
CancelWaitableTimer
CreateWaitableTimerExW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW
FindResourceExW
LockResource
GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
LoadResource

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
SetThreadPriority
GetCurrentThread
CreateThread
TlsSetValue
TlsGetValue
GetCurrentThreadId

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExA
RegQueryValueExA
RegNotifyChangeKeyValue
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegGetValueW
RegDeleteKeyExW
RegSetValueExW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
TraceEvent

ntdll

NtClose
RtlLockCurrentThread
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
EtwLogTraceEvent
RtlAllocateMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlReportException
NtQueryInformationProcess
RtlUnlockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
RtlLockModuleSection
RtlUnlockModuleSection
NtSetTimerResolution
RtlLockMemoryBlockLookaside
RtlUnlockCurrentThread
RtlNtStatusToDosError
RtlFreeMemoryBlockLookaside

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

rpcrt4

NdrClientCall3
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFree

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceInitialize
InitOnceComplete
InitOnceExecuteOnce

propsys

PropVariantToBuffer
PropVariantGetElementCount
PropVariantToString

api-ms-win-crt-math-l1-1-0

tanf
sinf
logf
log10f
floorf
expf
cosf
ceilf
atan2f
asinf
_isnan
_finite
sqrtf

api-ms-win-crt-string-l1-1-0

memmove_s
memset
strnlen
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o___stdio_common_vswprintf_s
_o__wcsicmp
_o__wfopen_s
_o__wmkdir
_o__wstat32
_o__wtof
_o_acos
_o_atan2
_o_atoi
_o_calloc
_o_ceil
_o_cos
_o_exp
_o_fclose
_o_fgets
_o_floor
_o_fmod
_o_fopen
_o_fread
_o_free
_o_fseek
_o_fwrite
_o_log
_o_malloc
_o_memcpy_s
_o_pow
_o_powf
_o_qsort
_o_realloc
_o_sin
_o_sqrt
_o_strcat_s
_o_strcpy_s
_o_strncpy_s
_o_strtod
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstombs_s
strchr
strstr
_o___stdio_common_vfprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o__crt_atexit
_o___acrt_iob_func
_o__configure_narrow_argv
__C_specific_handler
__std_terminate
__CxxFrameHandler3
_o__cexit
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__aligned_malloc
_o__aligned_free
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vfwprintf
memcmp
memcpy
memmove

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
SetThreadpoolThreadMinimum
CreateThreadpool
CloseThreadpool
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CreateThreadpoolTimer
CreateThreadpoolWork
CloseThreadpoolWork
CloseThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsConcatString
WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-path-l1-1-0

PathCchRenameExtension

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueEx
CreateTimerQueueTimer
CreateTimerQueue

api-ms-win-core-file-l1-1-0

GetFileSize
ReadFile
CreateFileA
WriteFile

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

avrt

AvThreadOpenTaskIndex
AvTaskIndexYieldCancel
AvTaskIndexYield
AvSetMultimediaMode
AvSetMmThreadCharacteristicsA
AvQuerySystemResponsiveness
AvRevertMmThreadCharacteristics
AvSetMmThreadPriority

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AERT_Allocate
AERT_Free
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1013KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 878KB - Virtual size: 878KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UP/AudioSes.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 1885

1fcf296bc1cd4eeaafc61530b402aa13

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:b8:e8:94:8e:d6:ad:d6:93:04:5c:ef:8f:de:b4:d7:b6:f7:24:1b:62:09:db:ee:85:d5:b3:5c:b2:88:1d:fb
Signer

Actual PE Digest

41:b8:e8:94:8e:d6:ad:d6:93:04:5c:ef:8f:de:b4:d7:b6:f7:24:1b:62:09:db:ee:85:d5:b3:5c:b2:88:1d:fb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

audioses.pdb

Imports

msvcp_win

_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

memset
wcscmp
memmove_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__localtime64_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wsplitpath_s
_o__wtof
_o__wtoi
_o_calloc
_o_ceil
_o_floor
_o_free
_o_log2
_o_malloc
_o_pow
_o_powf
_o_realloc
_o_sqrt
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
wcschr
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

rpcrt4

CStdStubBuffer_AddRef
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
I_RpcMapWin32Status
CStdStubBuffer_Invoke
CStdStubBuffer_CountRefs
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerQueryInterface
RpcSmDestroyClientContext
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingFree
NdrDllCanUnloadNow
I_RpcExceptionFilter
CStdStubBuffer_Disconnect
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrOleFree
NdrClientCall3
RpcStringFreeW

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient8
ObjectStublessClient13
ObjectStublessClient9
ObjectStublessClient17
ObjectStublessClient7
ObjectStublessClient6
ObjectStublessClient15
ObjectStublessClient20
ObjectStublessClient18
ObjectStublessClient3
ObjectStublessClient22
ObjectStublessClient4
ObjectStublessClient19
ObjectStublessClient10
ObjectStublessClient16
ObjectStublessClient12
ObjectStublessClient21
ObjectStublessClient5
ObjectStublessClient11
ObjectStublessClient14

oleaut32

BSTR_UserUnmarshal
BSTR_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal64
BSTR_UserUnmarshal64
LPSAFEARRAY_UserFree
BSTR_UserFree64
LPSAFEARRAY_UserUnmarshal
BSTR_UserSize64
SystemTimeToVariantTime
LPSAFEARRAY_UserSize64
BSTR_UserMarshal64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserSize
VariantTimeToSystemTime
VarUI4FromStr
BSTR_UserFree

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
SizeofResource
GetModuleFileNameW
LoadResource
GetProcAddress
LoadLibraryExW
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExW
LockResource
GetModuleHandleW

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadLocale
GetThreadLocale

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceInitialize
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObject
WaitForMultipleObjectsEx
CancelWaitableTimer
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
DeleteCriticalSection
OpenEventW
InitializeCriticalSectionEx
SetWaitableTimer
ReleaseSemaphore
ReleaseMutex
EnterCriticalSection
CreateEventW
ResetEvent
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateMutexExW
CreateEventExW
TryEnterCriticalSection
SetEvent
CreateWaitableTimerExW
OpenSemaphoreW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
GetProcessHeap
HeapDestroy
HeapReAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsGetStringLen

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoInitializeEx
PropVariantClear
CoTaskMemRealloc
CoTaskMemFree
CoWaitForMultipleHandles
PropVariantCopy
CoCreateFreeThreadedMarshaler
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoCreateGuid
CoUninitialize

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumKeyExW
RegGetValueW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
CreateThread

api-ms-win-core-string-l2-1-0

IsCharAlphaW
CharNextW

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CloseThreadpool
CreateThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CreateThreadpool
SetThreadpoolThreadMaximum
CreateThreadpoolTimer
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolThreadMinimum
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CreateThreadpoolCleanupGroup

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

ntdll

RtlQueryPackageClaims
RtlCreateMemoryBlockLookaside
RtlDestroyMemoryZone
RtlLockMemoryZone
RtlFreeMemoryBlockLookaside
RtlCreateMemoryZone
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
NtQueryInformationProcess
RtlInitUnicodeStringEx
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
AlpcInitializeMessageAttribute
AlpcGetMessageAttribute
NtAlpcSendWaitReceivePort
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
RtlEqualWnfChangeStamps
RtlNtStatusToDosError
RtlAllocateMemoryBlockLookaside
RtlAllocateMemoryZone
ShipAssert
NtSetInformationThread
NtQueryInformationThread
NtAlpcConnectPort
RtlUnlockMemoryZone

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
MapViewOfFile

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-memory-l1-1-1

VirtualUnlock
SetProcessWorkingSetSizeEx
PrefetchVirtualMemory
VirtualLock
GetProcessWorkingSetSizeEx

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-service-private-l1-1-0

UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-mm-time-l1-1-0

timeBeginPeriod

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
GetFeatureEnabledState

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-rtcore-ntuser-private-l1-1-4

ord2597

mmdevapi

ord30
ord5
ord10
ord29
ord11

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsA
AvQuerySystemResponsiveness
AvSetMmThreadPriority
AvSetMmThreadCharacteristicsW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

log10f
sinf
sqrtf

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 806KB - Virtual size: 805KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UP/AuthFWSnapin.dll
.dll windows:4 windows x86 arch:x86

Password: 1885

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AuthFWSnapin.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UP/audiosrv.dll
.dll windows:10 windows x64 arch:x64

Password: 1885

187d568e5c32ae7693c1d967c32d4dc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AudioSrv.pdb

Imports

audiosrvpolicymanager

ActivatePolicyManager
TS_SessionChanged
TS_SessionGetAudioProtocol
TS_RegisterAudioProtocolNotification
TS_UnregisterAudioProtocolNotification
TS_AudioProtocolNotifyRundown
PbmReportAppInteractivityChange
PbmReportAppClosing
PbmAllowMediaPlaybackForApp
PbmRegisterPlaybackManagerNotifications
PbmUnregisterPlaybackManagerNotifications
PbmSetSmtcSubscriptionState
PbmGetSoundLevel
PbmIsPlaying
PbmRegisterAppManagerNotification
PbmUnregisterAppManagerNotification
PbmRegisterAppClosureNotification
PbmUnregisterAppClosureNotification
PbmPlayToStreamStateChanged
PbmCastingAppStateChanged
HHOSTEDAPPMANAGERCONTEXTRundown
PbmSetScreenReaderState
PbmReportHostedAppStateChange
PbmSwitchSoftNonInteractiveAppsToHardNonInteractive
PbmReportApplicationState
PbmLaunchBackgroundTask

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ

api-ms-win-crt-string-l1-1-0

wcsnlen
wcsncmp
wcscspn
wcsspn
memset
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsicoll
_o__wcsnicmp
_o__wcsupr_s
_o__wtof
_o__wtoi
_o_calloc
_o_free
_o_log10
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_terminate
_o_towlower
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
wcsstr
wcsrchr
__C_specific_handler
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy
memmove

ntdll

EtwUnregisterTraceGuids
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
ShipAssert
EtwLogTraceEvent
RtlAcquireResourceShared
RtlReleaseResource
RtlAcquireResourceExclusive
RtlDeleteResource
ZwAlpcCancelMessage
RtlWakeAddressAll
TpAllocAlpcCompletion
ZwAlpcDisconnectPort
ZwAlpcSendWaitReceivePort
TpReleaseAlpcCompletion
ZwAlpcQueryInformation
RtlInitUnicodeString
RtlFreeMemoryBlockLookaside
ZwAlpcConnectPort
TpWaitForAlpcCompletion
AlpcInitializeMessageAttribute
AlpcGetMessageAttribute
ZwClose
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlInitializeResource
RtlFreeHeap
NtPowerInformation
RtlGetPersistedStateLocation
vDbgPrintEx
RtlNtStatusToDosError
NtCreateWnfStateName
EtwEventActivityIdControl
RtlGetCurrentServiceSessionId
RtlGetActiveConsoleId
NtDeleteWnfStateName
RtlPublishWnfStateData
RtlFreeSid
EtwTraceMessage
EtwEventRegister
EtwEventSetInformation
EtwEventWriteTransfer
EtwEventUnregister
RtlReportException
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateMemoryBlockLookaside
NtQueryInformationProcess
RtlCreateMemoryBlockLookaside
RtlDllShutdownInProgress
RtlAllocateHeap
RtlWaitOnAddress

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FindResourceExW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW
LoadResource
LockResource
GetModuleFileNameA
SizeofResource
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
LoadStringW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
CreateEventExW
AcquireSRWLockShared
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
InitializeSRWLock
CreateEventW
CreateSemaphoreExW
InitializeCriticalSection
WaitForMultipleObjectsEx
ReleaseSemaphore
CreateMutexW
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ResetEvent
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapDestroy
HeapReAlloc
HeapSize
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetProcessTimes
GetExitCodeProcess
GetCurrentThread
GetCurrentProcessId
ProcessIdToSessionId
SetThreadPriority
CreateThread
OpenThreadToken
CreateProcessW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

rpcrt4

RpcServerRegisterIf3
RpcServerUseProtseqEpW
RpcBindingVectorFree
RpcStringFreeW
RpcServerUnregisterIfEx
NdrServerCallAll
RpcBindingFromStringBindingW
RpcStringBindingParseW
RpcBindingToStringBindingW
UuidEqual
RpcServerInqBindings
I_RpcBindingInqLocalClientPID
I_RpcBindingInqTransportType
UuidCreate
NdrServerCall2
RpcRevertToSelf
RpcImpersonateClient
RpcBindingFree
I_RpcExceptionFilter
RpcStringBindingComposeW
NdrClientCall3

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64
GetTickCount

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpool
CreateThreadpoolTimer
CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
IsThreadpoolTimerSet
CloseThreadpoolCleanupGroup
TrySubmitThreadpoolCallback
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWork
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpool
SetEventWhenCallbackReturns
SetThreadpoolTimer
WaitForThreadpoolWorkCallbacks
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolTimerEx

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenCurrentUser
RegQueryInfoKeyW
RegEnumValueW
RegSetKeySecurity
RegGetValueW
RegCreateKeyExW
RegQueryValueExW
RegGetKeySecurity
RegEnumKeyExW
RegOpenKeyExW

mmdevapi

ord25
ord24
ord9
ord12
ord16
ord29
ord21
ord23
ord7
ord2
ord15
ord27

api-ms-win-core-file-l1-1-0

CreateFileW
FileTimeToLocalFileTime
CompareFileTime

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-appmodel-identity-l1-2-0

AppContainerDeriveSidFromMoniker

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetSystemPowerStatus

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
TraceEvent

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
RecordFeatureError
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-featurestaging-l1-1-1

GetFeatureVariant

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

xmllite

CreateXmlReader

api-ms-win-appmodel-runtime-l1-1-1

GetStagedPackageOrigin

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName

api-ms-win-crt-math-l1-1-0

sinf
floorf

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1024B - Virtual size: 533B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UP/authfwcfg.dll
.dll windows:10 windows x64 arch:x64

281feea4ff3b38770dee2e967abaaef2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

authfwcfg.pdb

Imports

msvcrt

memcpy
_onexit
memcmp
__CxxFrameHandler3
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
isdigit
isalnum
abort
tolower
isspace
__crtGetStringTypeW
__crtLCMapStringW
__mb_cur_max
__pctype_func
___lc_codepage_func
___lc_handle_func
_errno
___mb_cur_max_func
setlocale
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
memchr
localeconv
_strtoi64
_strtoui64
_wcsnicmp
_itow_s
iswdigit
free
malloc
_vsnprintf
_vsnwprintf
wcstok_s
wcscpy_s
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
memcpy_s
_wcsicmp
?what@exception@@UEBAPEBDXZ
__dllonexit
memset

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

bcrypt

BCryptGetFipsAlgorithmMode

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoUninitialize
CoCreateInstance
CoInitializeEx
CoCreateGuid

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW
GetVersionExW

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

ntdll

RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
WinSqmAddToStream
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW

ws2_32

htonl

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

netsh.exe

MatchToken
PrintError
MatchTagsInCmdLine
PrintMessageFromModule
RegisterContext
PrintMessage
RegisterHelper

fwpolicyiomgr

FwCopyPortsContents

firewallapi

FwStringToAddresses
FwBstrToPorts
FWFreeFirewallRule
FWFreeConnectionSecurityRule
FWEnumPhase2SAs
FWEnumPhase1SAs
FWFreeAuthenticationSets
FWCopyAuthenticationSet
FWEnumAuthenticationSets
FWFreeCryptoSets
FWCopyCryptoSet
FWFreeConnectionSecurityRules
FWCopyConnectionSecurityRule
FWEnumConnectionSecurityRules
FWFreeFirewallRules
FWCopyFirewallRule
FWEnumFirewallRules
FWGetGlobalConfig
FWOpenPolicyStore
FWStatusMessageFromStatusCode
FWDeletePhase2SAs
FWDeletePhase1SAs
FWFreePhase2SAs
FWFreePhase1SAs
FWDeleteFirewallRule
FWAddFirewallRule
FWVerifyFirewallRule
FWEnumMainModeRules
FWSetMainModeRule
FWDeleteMainModeRule
FWFreeMainModeRules
FWAddMainModeRule
FWVerifyMainModeRule
FwGetAddressesAsString
FWSetCryptoSet
FwCopyWFAddressesContents
FWSetConnectionSecurityRule
FWEnumCryptoSets
FWDeleteCryptoSet
FWDeleteAuthenticationSet
FWDeleteConnectionSecurityRule
FWAddConnectionSecurityRule
FWAddAuthenticationSet
FWAddCryptoSet
FWFreeAuthenticationSet
FwFreeAddresses
FWVerifyConnectionSecurityRule
FWVerifyAuthenticationSet
FWRestoreGPODefaults
FWFreeProducts
FWEnumProducts
FwIsRemoteManagementEnabled
FWGetConfig
FWFreeCryptoSet
FWVerifyCryptoSet
FWSetGlobalConfig
FWSetFirewallRule
FWSetConfig
FWClosePolicyStore
FWImportPolicy
FWExportPolicy
FWRestoreDefaults

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetResourceString
InitHelperDll

Sections

.text
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IIl__Pa$$w0rd - 1885.txt

Sharing

General

Malware Config

Signatures

Files

Password: 1885

Password: 1885

Password: 1885

1aae8bf580c846f39c71c05898e57e88

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 13.3MB - Virtual size: 13.3MB

.rdata Size: 18.3MB - Virtual size: 18.3MB

.data Size: 1.7MB - Virtual size: 2.0MB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 954KB - Virtual size: 954KB

.symtab Size: 512B - Virtual size: 4B

.rsrc Size: 172KB - Virtual size: 172KB

Password: 1885

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.data Size: 123KB - Virtual size: 122KB

.xdata Size: 18KB - Virtual size: 18KB

.text Size: 826KB - Virtual size: 826KB

.extjmp Size: 2KB - Virtual size: 2KB

.extrel Size: 512B - Virtual size: 106B

.reloc Size: 19KB - Virtual size: 18KB

Password: 1885

321a01d0256a771698d60a2f7ed40ad3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

ntdll

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-devices-query-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-registration-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-devices-swdevice-l1-1-0

mmdevapi

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-service-core-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-memory-l1-1-1

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

.text
Size: 13.3MB - Virtual size: 13.3MB

.rdata
Size: 18.3MB - Virtual size: 18.3MB

.data
Size: 1.7MB - Virtual size: 2.0MB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 954KB - Virtual size: 954KB

.symtab
Size: 512B - Virtual size: 4B

.rsrc
Size: 172KB - Virtual size: 172KB

.data
Size: 123KB - Virtual size: 122KB

.xdata
Size: 18KB - Virtual size: 18KB

.text
Size: 826KB - Virtual size: 826KB

.extjmp
Size: 2KB - Virtual size: 2KB

.extrel
Size: 512B - Virtual size: 106B

.reloc
Size: 19KB - Virtual size: 18KB

.text
Size: 540KB - Virtual size: 539KB

RT_CODE
Size: 512B - Virtual size: 183B

RT_BSS
Size: - Virtual size: 32B

.rdata
Size: 158KB - Virtual size: 158KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 22KB - Virtual size: 22KB

.didat
Size: 1024B - Virtual size: 664B

RT_DATA
Size: 512B - Virtual size: 32B

RT_CONST
Size: 512B - Virtual size: 424B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

a0:b7:ca:62:16:c8:eb:54:1f:6c:1a:f7:5f:03:76:88:b2:bc:6e:03:b2:b2:73:93:e8:35:aa:f2:04:8d:cb:ab
Signer