v6[.]25[.]1_installer_x64_[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

v6.25.1_installer_x64_.zip
Size

51.3MB
MD5

ece88a3db07e06633ababe57e25e7d56
SHA1

4dfcc0ad3ba7da57e454157f1fa4238be9ec9d30
SHA256

e6f86e7df02ea6a76e55d0fd97e6c98d5456e9d6566cd529fd817277212bd444
SHA512

e443e5a53c4cdb48cbbf27ba040a27f6c5cbc61eb414f9574545745ff60d0c0ddeda3f3ee3c5c3ba18ff0a9fb6421e9f4937415655bc0bb8a3ff3092344bfe26
SSDEEP

1572864:Qp+AkxOx6mkMspNbawUPlE6kVvx+cQET5g9JWicwZKFZmb5:K+M6mk5pshPlE6kVvkcH5g9otAKFUb5

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wbem/NCProv.dll
unpack001/wbem/NetEventPacketCapture.dll
unpack001/wbem/appbackgroundtask.dll
unpack001/wbem/ndisimplatcim.dll
unpack001/wbem/netdacim.dll

Files

v6.25.1_installer_x64_.zip
.zip
app__v6.25.1_.msi
.msi
migration/APMonPortMig.dll
.dll regsvr32 windows:10 windows x64 arch:x64

72bf59904e010e22435bd2ded7575c53

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:9c:77:46:40:22:f1:86:00:00:8f:07:c5:a2:28:f9:e1:3d:59:54:c3:5d:93:82:a3:20:4b:89:19:fa:e5:75
Signer

Actual PE Digest

80:9c:77:46:40:22:f1:86:00:00:8f:07:c5:a2:28:f9:e1:3d:59:54:c3:5d:93:82:a3:20:4b:89:19:fa:e5:75

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

APMonPortMig.pdb

Imports

msvcrt

wcsncpy_s
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
__CxxFrameHandler3
malloc
memcpy
memmove
realloc
_errno
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_wcsicmp
towlower
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
_purecall
wcscat_s
wcscpy_s
??_V@YAXPEAX@Z
free
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

winspool.drv

XcvDataW
OpenPrinterW
ClosePrinter
EnumPortsW

oleaut32

VariantClear
VariantInit
GetErrorInfo
SysFreeString
VarUI4FromStr
SysAllocString

user32

UnregisterClassA
CharNextW

advapi32

RegSetKeyValueW
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

kernel32

OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
LocalFree
GetVersionExW
InitOnceComplete
InitOnceBeginInitialize
InitializeCriticalSection
DelayLoadFailureHook
ResolveDelayLoadedAPI
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
LoadLibraryExW
FreeLibrary
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
migration/audmigplugin.dll
.dll regsvr32 windows:10 windows x64 arch:x64

129672cc4d9f93d06764e571d9bb75cd

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

94:2e:d1:ec:5b:32:74:17:ec:74:9f:37:da:7e:12:ad:f7:be:34:b9:2f:4a:f8:fe:71:4e:c6:14:c0:fd:67:52
Signer

Actual PE Digest

94:2e:d1:ec:5b:32:74:17:ec:74:9f:37:da:7e:12:ad:f7:be:34:b9:2f:4a:f8:fe:71:4e:c6:14:c0:fd:67:52

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

AudMigPlugin.pdb

Imports

msvcrt

_lock
__dllonexit
_unlock
realloc
??1type_info@@UEAA@XZ
_errno
memcmp
_CxxThrowException
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
wcsstr
_wcslwr
swprintf_s
_vsnwprintf
_purecall
memmove_s
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
_onexit
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

oleaut32

SysAllocString
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
SysFreeString
VarBstrCmp
LoadRegTypeLi
SysStringLen
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LockResource
FindResourceExW
LoadResource
SizeofResource
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
LoadLibraryExW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemRealloc
StringFromCLSID
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegGetValueW
RegDeleteTreeW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
HeapSize
HeapDestroy

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

setupapi

SetupOpenLog
SetupLogErrorW
SetupDiGetClassDevsW
SetupCloseLog
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDevicePropertyW
SetupDiEnumDriverInfoW
SetupDiGetDriverInfoDetailW
SetupDiBuildDriverInfoList

newdev

DiInstallDevice

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
migration/bridgemigplugin.dll
.dll regsvr32 windows:10 windows x64 arch:x64

2638f6a2f8c41fac5b5cd266d2e8c5c4

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:4e:d1:3f:a2:e2:a8:fd:96:d0:4d:50:df:c0:ac:9b:a1:5d:95:7d:b6:09:17:8c:00:35:e1:74:fb:fc:93:cf
Signer

Actual PE Digest

2b:4e:d1:3f:a2:e2:a8:fd:96:d0:4d:50:df:c0:ac:9b:a1:5d:95:7d:b6:09:17:8c:00:35:e1:74:fb:fc:93:cf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

BridgeMigPlugin.pdb

Imports

msvcrt

_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnwprintf
wcsncpy_s
malloc
free
wcscat_s
wcscpy_s
memcpy_s
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
wcschr
memmove_s
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
_errno
__CxxFrameHandler3
realloc
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
wcsncmp
memcmp
memset

kernel32

OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
LocalFree
HeapDestroy
GetProcessHeap
SizeofResource
SetThreadLocale
EnterCriticalSection
GetModuleFileNameW
GetThreadLocale
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetLastError
RaiseException
FindResourceExW
LoadResource
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
lstrlenW
GetVersionExW
CreateEventW
CloseHandle
LoadLibraryW
LockResource
HeapSize
HeapReAlloc
HeapFree
HeapAlloc

user32

CharNextW
UnregisterClassA

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

ole32

CoSetProxyBlanket
CLSIDFromString
CoUninitialize
CoWaitForMultipleHandles
StringFromCLSID
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoInitialize

oleaut32

UnRegisterTypeLi
LoadTypeLi
SysFreeString
RegisterTypeLi
SysAllocString
VarUI4FromStr
GetErrorInfo
SysStringLen
LoadRegTypeLi

shlwapi

SHDeleteKeyW

shell32

SHGetFileInfoW

nsi

NsiSetAllParameters

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
migration/bthmigplugin.dll
.dll regsvr32 windows:10 windows x64 arch:x64

66121ef6612c88e7717e606995f096ee

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:4b:02:dc:a5:cd:5b:d8:a5:86:dc:e5:2e:f4:33:f5:b1:3e:eb:9e:ab:63:80:f4:b0:0b:39:da:19:54:83:42
Signer

Actual PE Digest

30:4b:02:dc:a5:cd:5b:d8:a5:86:dc:e5:2e:f4:33:f5:b1:3e:eb:9e:ab:63:80:f4:b0:0b:39:da:19:54:83:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

BthMigPlugin.pdb

Imports

msvcrt

??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
memcpy
memmove
_XcptFilter
_amsg_exit
_initterm
_errno
??0exception@@QEAA@AEBQEBD@Z
_callnewh
calloc
wcscpy_s
free
memmove_s
malloc
wcsncpy_s
wcscat_s
_purecall
_vsnwprintf
wcstoul
swprintf_s
_wcsnicmp
_vscwprintf
vswprintf_s
_wcsicmp
_CxxThrowException
memcmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
??0exception@@QEAA@AEBQEBDH@Z
memcpy_s
??_V@YAXPEAX@Z
__C_specific_handler
realloc
memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

kernel32

LocalAlloc
SetLastError
CloseHandle
SizeofResource
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetLastError
LockResource
RaiseException
FindResourceExW
LoadResource
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
FreeLibrary
MultiByteToWideChar
GetThreadLocale
SetThreadLocale
DisableThreadLibraryCalls
OutputDebugStringW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
LocalFree
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
VerSetConditionMask
VerifyVersionInfoW

advapi32

RegQueryInfoKeyW
GetSecurityDescriptorDacl
GetTokenInformation
SetNamedSecurityInfoW
FreeSid
SetSecurityInfo
SetEntriesInAclW
AllocateAndInitializeSid
GetSecurityInfo
CreateWellKnownSid
RegQueryValueExW
RegSetKeySecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW

user32

UnregisterClassA
CharNextW

ole32

StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
StringFromCLSID

oleaut32

GetErrorInfo
RegisterTypeLi
SysAllocString
UnRegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysFreeString
SysStringLen
VarUI4FromStr

shlwapi

SHDeleteKeyW

shell32

SHGetFileInfoW

setupapi

CM_Get_Device_ID_ExW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
CM_Get_Parent_Ex
SetupDiOpenDevRegKey
CM_Get_DevNode_Registry_Property_ExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetDeviceRegistryPropertyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
migration/chxmig.dll
.dll windows:10 windows x64 arch:x64

04ed949102c97f40c910d61ff125f4af

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:75:fa:52:42:14:42:1a:9e:31:cc:c0:4b:26:fd:fc:bb:93:f8:67:86:be:c6:44:9e:eb:84:77:4b:0c:85:98
Signer

Actual PE Digest

76:75:fa:52:42:14:42:1a:9e:31:cc:c0:4b:26:fd:fc:bb:93:f8:67:86:be:c6:44:9e:eb:84:77:4b:0c:85:98

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ChxMig.pdb

Imports

msvcrt

_vsnwprintf
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
swscanf
_errno
setlocale
__uncaught_exception
__pctype_func
___lc_handle_func
___lc_codepage_func
calloc
___mb_cur_max_func
_ismbblead
abort
memset
_wcsdup
__crtLCMapStringW
_wsetlocale
_lock
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
wcsncmp
_wcsicmp
??_V@YAXPEAX@Z
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
__CxxFrameHandler3

kernel32

EnterCriticalSection
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
LoadLibraryExW
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
GetModuleFileNameW
GetFullPathNameW
LeaveCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionEx
GetTickCount
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
GetSystemTimeAsFileTime
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetSystemDefaultLangID
LocalFree
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
OutputDebugStringW

oleaut32

SysFreeString
SysAllocString
GetErrorInfo
SysStringLen

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetKeyValueW
RegDeleteKeyValueW
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
RegGetValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW

Exports

Exports

ApplySuccess
Gather
PreApply

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
migration/imkrudt.dll
.dll regsvr32 windows:10 windows x64 arch:x64

bbcc0796298c5faf8df06ace02482b0b

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:28:3f:f6:e9:a7:e4:19:a3:c9:d8:a3:e0:22:f3:46:02:98:10:a6:7b:e0:1f:3e:3a:46:be:18:15:03:9a:d9
Signer

Actual PE Digest

23:28:3f:f6:e9:a7:e4:19:a3:c9:d8:a3:e0:22:f3:46:02:98:10:a6:7b:e0:1f:3e:3a:46:be:18:15:03:9a:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

imkrudt.pdb

Imports

msvcrt

memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
_initterm
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memmove
realloc
memcmp
_XcptFilter
_amsg_exit
memmove_s
wcscat_s
wcscpy_s
free
malloc
wcsncpy_s
__C_specific_handler
wcsnlen
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??3@YAXPEAX@Z
_errno
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
?terminate@@YAXXZ
memset

kernel32

SetThreadpoolTimer
GetVersionExW
CreateThreadpoolTimer
CloseThreadpoolTimer
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
WaitForThreadpoolTimerCallbacks
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
LoadLibraryW
GetUserDefaultUILanguage
FindResourceExW
LoadResource
LockResource
FreeLibrary
InitOnceBeginInitialize
InitOnceComplete
LoadLibraryExW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
InitializeCriticalSectionEx
GetTickCount
OutputDebugStringA
ReleaseSRWLockShared
AcquireSRWLockShared
HeapAlloc
GetSystemTimeAsFileTime

user32

IsDialogMessageW
GetWindowPlacement
GetWindowRect
SetWindowPlacement
GetWindowLongPtrW
GetDlgItem
MapWindowPoints
CreateWindowExW
SendMessageW
SetFocus
GetNextDlgTabItem
MessageBoxW
GetDlgCtrlID
GetDC
ReleaseDC
UnregisterClassA
CallNextHookEx
GetDlgItemTextW
GetForegroundWindow
TranslateAcceleratorW
DestroyAcceleratorTable
DestroyWindow
UnhookWindowsHookEx
LoadAcceleratorsW
SetWindowsHookExW
ShowWindow
CreateDialogIndirectParamW
GetFocus
CharNextW

gdi32

GetStockObject
DeleteObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
EnumFontFamiliesExW

advapi32

GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
GetTokenInformation
OpenProcessToken
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
StringFromGUID2

oleaut32

VarUI4FromStr
SysFreeString
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
migwiz/MXEAgent.dll
.dll windows:10 windows x64 arch:x64

1e206e43c8057412b49917c02c56ca25

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:23:69:27:16:d8:45:9b:a1:72:59:6f:ac:10:a6:ab:c7:dd:c1:fa:30:c9:5a:c8:a9:bf:c1:9e:44:e6:d6:81
Signer

Actual PE Digest

86:23:69:27:16:d8:45:9b:a1:72:59:6f:ac:10:a6:ab:c7:dd:c1:fa:30:c9:5a:c8:a9:bf:c1:9e:44:e6:d6:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

MXEAgent.pdb

Imports

msvcrt

__RTDynamicCast
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
memmove_s
free
?name@type_info@@QEBAPEBDXZ
_purecall
calloc
__CxxFrameHandler3
memset

kernel32

TerminateProcess
GetLastError
Sleep
QueryPerformanceCounter
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject

unbcl

??C?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$ArrayList@PEAVString@UnBCL@@@1@XZ
??1?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@UEAA@XZ
??0?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@PEAV?$ArrayList@PEAVString@UnBCL@@@1@@Z
?Combine@Path@UnBCL@@SAPEAVString@2@PEBV32@0@Z
?SanitizeTypeName@SerializationStream@UnBCL@@SAPEAVString@2@AEBV32@@Z
?GetCallingModule@SerializationStream@UnBCL@@SAPEAUHINSTANCE__@@XZ
?CanRegister@SerializationStream@UnBCL@@SAHXZ
?UnregisterType@SerializationStream@UnBCL@@SAXPEBVString@2@HPEAUHINSTANCE__@@@Z
?RegisterType@SerializationStream@UnBCL@@SAXPEBVString@2@HPEAUHINSTANCE__@@PEAUIInstanceFactory@2@@Z
??5SerializationStream@UnBCL@@QEAAAEAV01@AEAH@Z
??5SerializationStream@UnBCL@@QEAAAEAV01@AEAPEAVString@1@@Z
??5SerializationStream@UnBCL@@QEAAAEAV01@AEAPEAUISerializable@1@@Z
??6SerializationStream@UnBCL@@QEAAAEAV01@H@Z
??6SerializationStream@UnBCL@@QEAAAEAV01@PEBVString@1@@Z
??6SerializationStream@UnBCL@@QEAAAEAV01@PEBUISerializable@1@@Z
??0XmlDocument@UnBCL@@QEAA@XZ
?FormatV@String@UnBCL@@SAPEAV12@PEBGPEAD@Z
?Concat@String@UnBCL@@SAPEAV12@PEBG00@Z
?Trim@String@UnBCL@@QEBAPEAV12@XZ
?Substring@String@UnBCL@@QEBAPEAV12@HH@Z
?Split@String@UnBCL@@QEBAPEAV?$ArrayList@PEAVString@UnBCL@@@2@PEBG@Z
?LastIndexOf@String@UnBCL@@QEBAHG@Z
?get_CString@String@UnBCL@@QEBAPEBGXZ
?CompareTo@String@UnBCL@@UEBAHPEBVObject@2@@Z
?Clone@String@UnBCL@@UEBAPEAVObject@2@XZ
?ToString@String@UnBCL@@UEBAPEAV12@XZ
?GetHashCode@String@UnBCL@@UEBAHXZ
?Equals@String@UnBCL@@UEBAHPEBVObject@2@@Z
??1String@UnBCL@@UEAA@XZ
??0String@UnBCL@@QEAA@PEBV01@@Z
??0String@UnBCL@@QEAA@PEBG@Z
??0String@UnBCL@@QEAA@AEBV01@@Z
?SetLiteralStorage@_@UnBCL@@YAXPEAPEBVString@2@PEBG@Z
?DecRef@Object@UnBCL@@QEAAHXZ
?AddRef@Object@UnBCL@@QEAAXXZ
??3Object@UnBCL@@SAXPEAX@Z
??2Object@UnBCL@@SAPEAX_K@Z
??2Object@UnBCL@@SAPEAX_KI@Z
?Clone@Object@UnBCL@@UEBAPEAV12@XZ
?CompareTo@Object@UnBCL@@UEBAHPEBV12@@Z
?GetObjectID@Object@UnBCL@@UEBAIXZ
?ToString@Object@UnBCL@@UEBAPEAVString@2@XZ
?GetType@Object@UnBCL@@UEBAPEAVType@2@XZ
?GetHashCode@Object@UnBCL@@UEBAHXZ
?Equals@Object@UnBCL@@UEBAHPEBV12@@Z
??1Object@UnBCL@@UEAA@XZ
??0Object@UnBCL@@QEAA@XZ
??0Object@UnBCL@@QEAA@AEBV01@@Z
?Clone@?$ArrayList@PEAVString@UnBCL@@@UnBCL@@UEBAPEAVObject@2@XZ
?Equals@?$ArrayList@PEAVString@UnBCL@@@UnBCL@@UEBAHPEBVObject@2@@Z
??0?$ArrayList@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ
??0Win32Exception@UnBCL@@QEAA@K@Z
??0Win32Exception@UnBCL@@QEAA@KPEBG@Z
??0IInstanceFactory@UnBCL@@QEAA@XZ
??1?$IEnumerator@PEAVString@UnBCL@@@UnBCL@@UEAA@XZ
??0?$IEnumerator@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ
??0?$ICollection@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ
??0?$IEnumerable@PEAVString@UnBCL@@@UnBCL@@QEAA@XZ
??1NotSupportedException@UnBCL@@UEAA@XZ
??1InvalidCastException@UnBCL@@UEAA@XZ
??4Object@UnBCL@@QEAAAEAV01@AEBV01@@Z
??1ArgumentOutOfRangeException@UnBCL@@UEAA@XZ
??1?$ICollection@PEAVString@UnBCL@@@UnBCL@@UEAA@XZ
??_D?$ArrayList@PEAVString@UnBCL@@@UnBCL@@QEAAXXZ
??1InvalidOperationException@UnBCL@@UEAA@XZ
??1ISerializable@UnBCL@@UEAA@XZ
??0ISerializable@UnBCL@@QEAA@XZ
??1Win32Exception@UnBCL@@UEAA@XZ
??1ArgumentException@UnBCL@@UEAA@XZ
??1ArgumentNullException@UnBCL@@UEAA@XZ
?get_P@?$SmartPtr@V?$ArrayList@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$ArrayList@PEAVString@UnBCL@@@2@XZ
??1XmlDocument@UnBCL@@UEAA@XZ
?Load@XmlDocument@UnBCL@@QEAAXPEAVString@2@@Z
?Exists@Directory@UnBCL@@SAHPEBVString@2@@Z
?GetFiles@Directory@UnBCL@@SAPEAV?$Array@PEAVString@UnBCL@@@2@PEBVString@2@0H@Z
?GetCurrentDir@Directory@UnBCL@@SAPEAVString@2@XZ
??0InvalidCastException@UnBCL@@QEAA@XZ
?MemAllocFailed@Allocator@UnBCL@@SAHXZ
?ToString@Exception@UnBCL@@UEBAPEAVString@2@XZ
?get_InnerException@Exception@UnBCL@@UEBAPEBV12@XZ
?get_Message@Exception@UnBCL@@UEBAPEBVString@2@XZ
?get_Source@Exception@UnBCL@@UEBAPEBVString@2@XZ
?set_Source@Exception@UnBCL@@UEAAXPEBVString@2@@Z
?AddStackTrace@Exception@UnBCL@@QEAAXPEBD@Z
?GetBaseException@Exception@UnBCL@@UEBAPEBV12@XZ
?get_HResult@Exception@UnBCL@@UEBAJXZ
?set_HResult@Exception@UnBCL@@MEAAXJ@Z
?SetMessage@Exception@UnBCL@@MEAAXPEAVString@2@@Z
??0ArgumentNullException@UnBCL@@QEAA@PEBG@Z
??0NotSupportedException@UnBCL@@QEAA@PEBG@Z
??0ArgumentException@UnBCL@@QEAA@PEBG@Z
??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@PEAVString@1@@Z
??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@XZ
??1?$SmartPtr@VString@UnBCL@@@UnBCL@@UEAA@XZ
??4?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z
??D?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAAEAVString@1@XZ
??C?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@1@XZ
?get_P@?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@2@XZ
??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
??0InvalidOperationException@UnBCL@@QEAA@PEBG@Z
??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@@Z
??0?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEAA@PEAV?$Array@PEAVString@UnBCL@@@1@@Z
??1?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@UEAA@XZ
??C?$SmartPtr@V?$Array@PEAVString@UnBCL@@@UnBCL@@@UnBCL@@QEBAPEAV?$Array@PEAVString@UnBCL@@@1@XZ
?EnqueueSbRegistration@SbRegistrationList@UnBCL@@SAXPEBDHPEAUHINSTANCE__@@PEAUIInstanceFactory@2@@Z
?ExpandEnvironmentVariables@Environment@UnBCL@@SAPEAVString@2@PEBV32@@Z
??0ArgumentOutOfRangeException@UnBCL@@QEAA@PEBG@Z
?Exists@File@UnBCL@@SAHPEBVString@2@@Z
?FromASCII@String@UnBCL@@SAPEAV12@PEBD@Z

migcore

??4CAgent@Mig@@QEAAAEAV01@AEBV01@@Z
??0CAgent@Mig@@QEAA@AEBV01@@Z
??1?$ICollection@PEAVCMigUnit@Mig@@@UnBCL@@UEAA@XZ
??1?$IList@PEAVCMigUnit@Mig@@@UnBCL@@UEAA@XZ
??0?$IEnumerable@PEAVCMigUnit@Mig@@@UnBCL@@QEAA@XZ
??0?$ICollection@PEAVCMigUnit@Mig@@@UnBCL@@QEAA@XZ
??0?$IList@PEAVCMigUnit@Mig@@@UnBCL@@QEAA@XZ
??_D?$ArrayList@PEAVCMigUnit@Mig@@@UnBCL@@QEAAXXZ
?AddMigrationXml@CMXEService@Mig@@SAPEAVString@UnBCL@@PEAVCPlatform@2@PEAV34@PEAVXmlDocument@4@11PEAH@Z
?GetMigrationUnits@CMXEService@Mig@@SAXPEAVString@UnBCL@@PEAVCPlatform@2@PEAVCUserContext@2@PEAV?$Hashtable@PEAVString@UnBCL@@PEAVCMigUnit@Mig@@@4@@Z
?SetWorkingDirectory@CMXEService@Mig@@SAXPEAVString@UnBCL@@0@Z
?AddDetectInfo@CMXEService@Mig@@SAXPEAVString@UnBCL@@PEAVCPlatform@2@PEAVCUserContext@2@PEAVCMigUnit@2@@Z
?AddGatherInfo@CMXEService@Mig@@SAXPEAVString@UnBCL@@PEAVCPlatform@2@PEAVCUserContext@2@PEAVCMigUnit@2@@Z
?AddApplyInfo@CMXEService@Mig@@SAXPEAVString@UnBCL@@0PEAVCPlatform@2@1PEAVCUserContext@2@PEAVCMigUnit@2@@Z
?AdjustRules@CMXEService@Mig@@SAXPEAVString@UnBCL@@PEAVCPlatform@2@1PEAVCUserContext@2@PEAVCMigUnit@2@@Z
?set_AgentName@CMigUnit@Mig@@QEAAXPEAVString@UnBCL@@@Z
?set_ExtraData@CMigUnit@Mig@@QEAAXPEAVObject@UnBCL@@@Z
?Clone@?$ArrayList@PEAVCMigUnit@Mig@@@UnBCL@@UEBAPEAVObject@2@XZ
??0CMigUnitList@Mig@@QEAA@XZ
??_DCMigUnitList@Mig@@QEAAXXZ
??0?$ArrayList@PEAVCMigUnit@Mig@@@UnBCL@@QEAA@PEBU?$ICollection@PEAVCMigUnit@Mig@@@1@@Z
?Equals@?$ArrayList@PEAVCMigUnit@Mig@@@UnBCL@@UEBAHPEBVObject@2@@Z
?Init@CAgent@Mig@@UEAAXPEAVCPlatform@2@PEAVString@UnBCL@@@Z
?Done@CAgent@Mig@@UEAAXH@Z
?RefreshGatherInfo@CAgent@Mig@@UEAAXPEAVCMigUnit@2@PEAUICancelable@@@Z
?InitApply@CAgent@Mig@@UEAAXPEAVCPlatform@2@0PEAVString@UnBCL@@@Z
??0CAgent@Mig@@IEAA@PEAVString@UnBCL@@@Z
??1CAgent@Mig@@UEAA@XZ

wdscore

ConstructPartialMsgVW
CurrentIP
WdsSetupLogMessageW

Exports

Exports

??0CMXEAgent@Mig@@QEAA@$$QEAV01@@Z
??0CMXEAgent@Mig@@QEAA@AEBV01@@Z
??0CMXEAgent@Mig@@QEAA@PEAVString@UnBCL@@@Z
??1CMXEAgent@Mig@@UEAA@XZ
??4CMXEAgent@Mig@@QEAAAEAV01@$$QEAV01@@Z
??4CMXEAgent@Mig@@QEAAAEAV01@AEBV01@@Z
??_7CMXEAgent@Mig@@6B01@@
??_7CMXEAgent@Mig@@6BCAgent@1@@
??_8CMXEAgent@Mig@@7B@
??_DCMXEAgent@Mig@@QEAAXXZ
?AddApplyInfo@CMXEAgent@Mig@@UEAAXPEAVCMigUnit@2@@Z
?AddGatherInfo@CMXEAgent@Mig@@UEAAXPEAVCMigUnit@2@PEAUICancelable@@@Z
?AddXmlFile@CMXEAgent@Mig@@IEAAXPEAVString@UnBCL@@@Z
?AdjustRules@CMXEAgent@Mig@@UEAAXPEAVCMigUnit@2@0@Z
?Detect@CMXEAgent@Mig@@UEAAPEAVCMigUnitList@2@PEAVCUserContext@2@PEAUICancelable@@@Z
?Done@CMXEAgent@Mig@@UEAAXH@Z
?Init@CMXEAgent@Mig@@UEAAXPEAVCPlatform@2@PEAVString@UnBCL@@@Z
?Init@CMXEAgent@Mig@@UEAAXPEAVCPlatform@2@PEAVString@UnBCL@@PEAV?$ArrayList@PEAVString@UnBCL@@@5@@Z
?InitApply@CMXEAgent@Mig@@UEAAXPEAVCPlatform@2@0PEAVString@UnBCL@@@Z
LoadAgent

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
migwiz/cmi2migxml.dll
.dll windows:10 windows x64 arch:x64

ed7988298b6c68e0a63a784ef1147f68

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:40:a6:33:5e:da:f1:f9:7a:09:6d:03:4e:e6:ce:82:fc:9c:60:75:cc:ca:7c:74:4c:d2:12:e7:b5:cf:77:72
Signer

Actual PE Digest

7d:40:a6:33:5e:da:f1:f9:7a:09:6d:03:4e:e6:ce:82:fc:9c:60:75:cc:ca:7c:74:4c:d2:12:e7:b5:cf:77:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

cmi2migxml.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
memmove_s
free
_purecall
calloc
__CxxFrameHandler3
__RTDynamicCast

kernel32

RtlCaptureContext
GetLastError
Sleep
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

unbcl

??0InvalidOperationException@UnBCL@@QEAA@PEBG@Z
??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@PEAVException@1@@Z
?get_P@?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@2@XZ
??C?$SmartPtr@VString@UnBCL@@@UnBCL@@QEBAPEAVString@1@XZ
??4?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAAAEAV01@AEBV01@@Z
?Steal@?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAAPEAVString@2@XZ
??1?$SmartPtr@VString@UnBCL@@@UnBCL@@UEAA@XZ
??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@XZ
??0?$SmartPtr@VString@UnBCL@@@UnBCL@@QEAA@PEAVString@1@@Z
??0ArgumentException@UnBCL@@QEAA@PEBG@Z
??0NotSupportedException@UnBCL@@QEAA@PEBG@Z
??0ArgumentNullException@UnBCL@@QEAA@PEBG@Z
?SetNamedItem@XmlAttributeCollection@UnBCL@@QEAAPEAVXmlNode@2@PEAV32@@Z
?get_Item@XmlAttributeCollection@UnBCL@@QEAAPEAVXmlAttribute@2@PEAVString@2@@Z
?SetMessage@Exception@UnBCL@@MEAAXPEAVString@2@@Z
?set_HResult@Exception@UnBCL@@MEAAXJ@Z
?get_HResult@Exception@UnBCL@@UEBAJXZ
?GetBaseException@Exception@UnBCL@@UEBAPEBV12@XZ
?AddStackTrace@Exception@UnBCL@@QEAAXPEBD@Z
?set_Source@Exception@UnBCL@@UEAAXPEBVString@2@@Z
?get_Source@Exception@UnBCL@@UEBAPEBVString@2@XZ
?get_Message@Exception@UnBCL@@UEBAPEBVString@2@XZ
?get_InnerException@Exception@UnBCL@@UEBAPEBV12@XZ
?ToString@Exception@UnBCL@@UEBAPEAVString@2@XZ
?MemAllocFailed@Allocator@UnBCL@@SAHXZ
?ExpandEnvironmentVariables@Environment@UnBCL@@SAPEAVString@2@PEBV32@@Z
?AppendChild@XmlNode@UnBCL@@QEAAPEAV12@PEAV12@@Z
?SelectSingleNode@XmlNode@UnBCL@@QEAAPEAV12@PEAVString@2@@Z
?SelectNodes@XmlNode@UnBCL@@QEAAPEAVXmlNodeList@2@PEAVString@2@@Z
?get_OwnerDocument@XmlNode@UnBCL@@QEAAPEAVXmlDocument@2@XZ
?get_OuterXml@XmlNode@UnBCL@@QEAAPEAVString@2@XZ
?get_ChildNodes@XmlNode@UnBCL@@QEAAPEAVXmlNodeList@2@XZ
?set_InnerText@XmlNode@UnBCL@@QEAAXPEAVString@2@@Z
?get_InnerText@XmlNode@UnBCL@@QEAAPEAVString@2@XZ
?get_Value@XmlNode@UnBCL@@QEAAPEAVString@2@XZ
?get_Name@XmlNode@UnBCL@@QEAAPEAVString@2@XZ
?get_NodeType@XmlNode@UnBCL@@QEAA?AW4XmlNodeType@2@XZ
?get_Attributes@XmlNode@UnBCL@@QEAAPEAVXmlAttributeCollection@2@XZ
?set_ValidateOnParse@XmlDocument@UnBCL@@QEAAXH@Z
?CreateNode@XmlDocument@UnBCL@@QEAAPEAVXmlNode@2@W4XmlNodeType@2@PEAVString@2@1@Z
?LoadXml@XmlDocument@UnBCL@@QEAAXPEAVString@2@@Z
??1XmlDocument@UnBCL@@UEAA@XZ
??0XmlDocument@UnBCL@@QEAA@XZ
?Format@String@UnBCL@@SAPEAV12@PEBGZZ
?Copy@String@UnBCL@@SAPEAV12@PEBV12@@Z
?Concat@String@UnBCL@@SAPEAV12@PEBG0@Z
?Concat@String@UnBCL@@SAPEAV12@PEBG00@Z
?Concat@String@UnBCL@@SAPEAV12@HZZ
?Compare@String@UnBCL@@SAHPEBG0H@Z
?Compare@String@UnBCL@@SAHPEBV12@0H@Z
?Trim@String@UnBCL@@QEBAPEAV12@XZ
?Replace@String@UnBCL@@QEBAPEAV12@PEBG0W4StringCasing@12@@Z
?IndexOfAny@String@UnBCL@@QEBAHPEBGH@Z
?IndexOf@String@UnBCL@@QEBAHPEBGH@Z
?StartsWith@String@UnBCL@@QEBAHPEBGH@Z
?get_CString@String@UnBCL@@QEBAPEBGXZ
?get_Length@String@UnBCL@@QEBAHXZ
?CompareTo@String@UnBCL@@UEBAHPEBVObject@2@@Z
?Clone@String@UnBCL@@UEBAPEAVObject@2@XZ
?ToString@String@UnBCL@@UEBAPEAV12@XZ
?GetHashCode@String@UnBCL@@UEBAHXZ
?Equals@String@UnBCL@@UEBAHPEBVObject@2@@Z
??1String@UnBCL@@UEAA@XZ
??0String@UnBCL@@QEAA@PEBV01@@Z
??0String@UnBCL@@QEAA@PEBG@Z
?get_Item@XmlNodeList@UnBCL@@QEAAPEAVXmlNode@2@H@Z
?get_Count@XmlNodeList@UnBCL@@QEAAHXZ
?SetLiteralStorage@_@UnBCL@@YAXPEAPEBVString@2@PEBG@Z
?DecRef@Object@UnBCL@@QEAAHXZ
?AddRef@Object@UnBCL@@QEAAXXZ
??3Object@UnBCL@@SAXPEAX@Z
??2Object@UnBCL@@SAPEAX_K@Z
?Clone@Object@UnBCL@@UEBAPEAV12@XZ
?CompareTo@Object@UnBCL@@UEBAHPEBV12@@Z
?GetObjectID@Object@UnBCL@@UEBAIXZ
?ToString@Object@UnBCL@@UEBAPEAVString@2@XZ
?GetType@Object@UnBCL@@UEBAPEAVType@2@XZ
?GetHashCode@Object@UnBCL@@UEBAHXZ
?Equals@Object@UnBCL@@UEBAHPEBV12@@Z
??1Object@UnBCL@@UEAA@XZ
??0Object@UnBCL@@QEAA@XZ
??0Object@UnBCL@@QEAA@AEBV01@@Z
??1NotSupportedException@UnBCL@@UEAA@XZ
??1InvalidOperationException@UnBCL@@UEAA@XZ
??1ArgumentOutOfRangeException@UnBCL@@UEAA@XZ
??4Object@UnBCL@@QEAAAEAV01@AEBV01@@Z
??1ArgumentException@UnBCL@@UEAA@XZ
??1ArgumentNullException@UnBCL@@UEAA@XZ
??4MutableString@UnBCL@@QEAAAEAV01@PEBG@Z
??0InvalidOperationException@UnBCL@@QEAA@PEBVString@1@@Z
?GetEnvironmentVar@Environment@UnBCL@@SAPEAVString@2@PEBV32@@Z
?SetEnvironmentVar@Environment@UnBCL@@SAXPEBVString@2@0@Z
??0ArgumentOutOfRangeException@UnBCL@@QEAA@PEBG@Z
?CloneNode@XmlNode@UnBCL@@QEAAPEAV12@H@Z

wdscore

WdsSetupLogMessageW
CurrentIP
ConstructPartialMsgVW

Exports

Exports

??0CAppendNewAttributeRule@Mig@@QEAA@AEBV01@@Z
??0CAppendNewAttributeRule@Mig@@QEAA@PEAVString@UnBCL@@00PEAUITranslationRule@1@@Z
??0CAppendNewChildRule@Mig@@QEAA@AEBV01@@Z
??0CAppendNewChildRule@Mig@@QEAA@PEAVString@UnBCL@@W4XmlNodeType@3@PEAUITranslationRule@1@H@Z
??0CComponentPathRule@Mig@@QEAA@$$QEAV01@@Z
??0CComponentPathRule@Mig@@QEAA@AEBV01@@Z
??0CComponentPathRule@Mig@@QEAA@XZ
??0CCopyAttributesRule@Mig@@QEAA@$$QEAV01@@Z
??0CCopyAttributesRule@Mig@@QEAA@AEBV01@@Z
??0CCopyAttributesRule@Mig@@QEAA@XZ
??0CCopyChildrenRule@Mig@@QEAA@$$QEAV01@@Z
??0CCopyChildrenRule@Mig@@QEAA@AEBV01@@Z
??0CCopyChildrenRule@Mig@@QEAA@XZ
??0CEnvExpandRule@Mig@@QEAA@AEBV01@@Z
??0CEnvExpandRule@Mig@@QEAA@PEAVString@UnBCL@@@Z
??0CIdStringAsInnerTextRule@Mig@@QEAA@$$QEAV01@@Z
??0CIdStringAsInnerTextRule@Mig@@QEAA@AEBV01@@Z
??0CIdStringAsInnerTextRule@Mig@@QEAA@XZ
??0CLinkedRule@Mig@@QEAA@AEBV01@@Z
??0CLinkedRule@Mig@@QEAA@PEAUITranslationRule@1@@Z
??0CNodeInnerTextCopyRule@Mig@@QEAA@$$QEAV01@@Z
??0CNodeInnerTextCopyRule@Mig@@QEAA@AEBV01@@Z
??0CNodeInnerTextCopyRule@Mig@@QEAA@XZ
??0CSelectRule@Mig@@QEAA@AEBV01@@Z
??0CSelectRule@Mig@@QEAA@XZ
??0CStatePatternRule@Mig@@QEAA@$$QEAV01@@Z
??0CStatePatternRule@Mig@@QEAA@AEBV01@@Z
??0CStatePatternRule@Mig@@QEAA@XZ
??0CSupportedIdRule@Mig@@QEAA@$$QEAV01@@Z
??0CSupportedIdRule@Mig@@QEAA@AEBV01@@Z
??0CSupportedIdRule@Mig@@QEAA@XZ
??0CTranslationMigAttrib@Mig@@QEAA@AEBV01@@Z
??0CTranslationMigAttrib@Mig@@QEAA@PEAVString@UnBCL@@PEAVXmlNode@3@@Z
??0CTranslationPattern@Mig@@QEAA@AEBV01@@Z
??0CTranslationPattern@Mig@@QEAA@PEAVString@UnBCL@@0@Z
??0CTranslationRuleCollection@Mig@@QEAA@AEBV01@@Z
??0CTranslationRuleCollection@Mig@@QEAA@XZ
??0CUrlIdRule@Mig@@QEAA@$$QEAV01@@Z
??0CUrlIdRule@Mig@@QEAA@AEBV01@@Z
??0CUrlIdRule@Mig@@QEAA@XZ
??0CXPathRule@Mig@@QEAA@AEBV01@@Z
??0CXPathRule@Mig@@QEAA@PEAVString@UnBCL@@IIPEAUITranslationRule@1@@Z
??0ITranslationRule@Mig@@QEAA@$$QEAU01@@Z
??0ITranslationRule@Mig@@QEAA@AEBU01@@Z
??0ITranslationRule@Mig@@QEAA@XZ
??1CAppendNewAttributeRule@Mig@@UEAA@XZ
??1CAppendNewChildRule@Mig@@UEAA@XZ
??1CComponentPathRule@Mig@@UEAA@XZ
??1CCopyAttributesRule@Mig@@UEAA@XZ
??1CCopyChildrenRule@Mig@@UEAA@XZ
??1CEnvExpandRule@Mig@@UEAA@XZ
??1CIdStringAsInnerTextRule@Mig@@UEAA@XZ
??1CLinkedRule@Mig@@UEAA@XZ
??1CNodeInnerTextCopyRule@Mig@@UEAA@XZ
??1CSelectRule@Mig@@UEAA@XZ
??1CStatePatternRule@Mig@@UEAA@XZ
??1CSupportedIdRule@Mig@@UEAA@XZ
??1CTranslationMigAttrib@Mig@@UEAA@XZ
??1CTranslationPattern@Mig@@UEAA@XZ
??1CTranslationRuleCollection@Mig@@UEAA@XZ
??1CUrlIdRule@Mig@@UEAA@XZ
??1CXPathRule@Mig@@UEAA@XZ
??1ITranslationRule@Mig@@UEAA@XZ
??4CAppendNewAttributeRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4CAppendNewChildRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4CComponentPathRule@Mig@@QEAAAEAV01@$$QEAV01@@Z
??4CComponentPathRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4CCopyAttributesRule@Mig@@QEAAAEAV01@$$QEAV01@@Z
??4CCopyAttributesRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4CCopyChildrenRule@Mig@@QEAAAEAV01@$$QEAV01@@Z
??4CCopyChildrenRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4CEnvExpandRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4CIdStringAsInnerTextRule@Mig@@QEAAAEAV01@$$QEAV01@@Z
??4CIdStringAsInnerTextRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4CLinkedRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4CNodeInnerTextCopyRule@Mig@@QEAAAEAV01@$$QEAV01@@Z
??4CNodeInnerTextCopyRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4CSelectRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4CStatePatternRule@Mig@@QEAAAEAV01@$$QEAV01@@Z
??4CStatePatternRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4CSupportedIdRule@Mig@@QEAAAEAV01@$$QEAV01@@Z
??4CSupportedIdRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4CTranslationMigAttrib@Mig@@QEAAAEAV01@AEBV01@@Z
??4CTranslationPattern@Mig@@QEAAAEAV01@AEBV01@@Z
??4CTranslationRuleCollection@Mig@@QEAAAEAV01@AEBV01@@Z
??4CTranslationRuleFactory@Mig@@QEAAAEAV01@$$QEAV01@@Z
??4CTranslationRuleFactory@Mig@@QEAAAEAV01@AEBV01@@Z
??4CUrlIdRule@Mig@@QEAAAEAV01@$$QEAV01@@Z
??4CUrlIdRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4CXPathRule@Mig@@QEAAAEAV01@AEBV01@@Z
??4ITranslationRule@Mig@@QEAAAEAU01@$$QEAU01@@Z
??4ITranslationRule@Mig@@QEAAAEAU01@AEBU01@@Z
??_7CAppendNewAttributeRule@Mig@@6BITranslationRule@1@@
??_7CAppendNewAttributeRule@Mig@@6BObject@UnBCL@@@
??_7CAppendNewChildRule@Mig@@6BITranslationRule@1@@
??_7CAppendNewChildRule@Mig@@6BObject@UnBCL@@@
??_7CComponentPathRule@Mig@@6B@
??_7CComponentPathRule@Mig@@6BITranslationRule@1@@
??_7CComponentPathRule@Mig@@6BObject@UnBCL@@@
??_7CCopyAttributesRule@Mig@@6BITranslationRule@1@@
??_7CCopyAttributesRule@Mig@@6BObject@UnBCL@@@
??_7CCopyChildrenRule@Mig@@6BITranslationRule@1@@
??_7CCopyChildrenRule@Mig@@6BObject@UnBCL@@@
??_7CEnvExpandRule@Mig@@6BITranslationRule@1@@
??_7CEnvExpandRule@Mig@@6BObject@UnBCL@@@
??_7CIdStringAsInnerTextRule@Mig@@6B@
??_7CIdStringAsInnerTextRule@Mig@@6BITranslationRule@1@@
??_7CIdStringAsInnerTextRule@Mig@@6BObject@UnBCL@@@
??_7CLinkedRule@Mig@@6BITranslationRule@1@@
??_7CLinkedRule@Mig@@6BObject@UnBCL@@@
??_7CNodeInnerTextCopyRule@Mig@@6BITranslationRule@1@@
??_7CNodeInnerTextCopyRule@Mig@@6BObject@UnBCL@@@
??_7CSelectRule@Mig@@6BITranslationRule@1@@
??_7CSelectRule@Mig@@6BObject@UnBCL@@@
??_7CStatePatternRule@Mig@@6BITranslationRule@1@@
??_7CStatePatternRule@Mig@@6BObject@UnBCL@@@
??_7CSupportedIdRule@Mig@@6B@
??_7CSupportedIdRule@Mig@@6BITranslationRule@1@@
??_7CSupportedIdRule@Mig@@6BObject@UnBCL@@@
??_7CTranslationMigAttrib@Mig@@6B@
??_7CTranslationPattern@Mig@@6B@
??_7CTranslationRuleCollection@Mig@@6BITranslationRule@1@@
??_7CTranslationRuleCollection@Mig@@6BObject@UnBCL@@@
??_7CUrlIdRule@Mig@@6B@
??_7CUrlIdRule@Mig@@6BITranslationRule@1@@
??_7CUrlIdRule@Mig@@6BObject@UnBCL@@@
??_7CXPathRule@Mig@@6BITranslationRule@1@@
??_7CXPathRule@Mig@@6BObject@UnBCL@@@
??_8CAppendNewAttributeRule@Mig@@7B@
??_8CAppendNewAttributeRule@Mig@@7BCLinkedRule@1@@
??_8CAppendNewAttributeRule@Mig@@7BITranslationRule@1@@
??_8CAppendNewChildRule@Mig@@7B@
??_8CAppendNewChildRule@Mig@@7BCLinkedRule@1@@
??_8CAppendNewChildRule@Mig@@7BITranslationRule@1@@
??_8CComponentPathRule@Mig@@7B@
??_8CComponentPathRule@Mig@@7BCIdStringAsInnerTextRule@1@@
??_8CComponentPathRule@Mig@@7BITranslationRule@1@@
??_8CCopyAttributesRule@Mig@@7B01@@
??_8CCopyAttributesRule@Mig@@7BITranslationRule@1@@
??_8CCopyChildrenRule@Mig@@7B01@@
??_8CCopyChildrenRule@Mig@@7BITranslationRule@1@@
??_8CEnvExpandRule@Mig@@7B01@@
??_8CEnvExpandRule@Mig@@7BITranslationRule@1@@
??_8CNodeInnerTextCopyRule@Mig@@7B01@@
??_8CNodeInnerTextCopyRule@Mig@@7BITranslationRule@1@@
??_8CSelectRule@Mig@@7B01@@
??_8CSelectRule@Mig@@7BITranslationRule@1@@
??_8CStatePatternRule@Mig@@7B01@@
??_8CStatePatternRule@Mig@@7BITranslationRule@1@@
??_8CSupportedIdRule@Mig@@7B01@@
??_8CSupportedIdRule@Mig@@7BCIdStringAsInnerTextRule@1@@
??_8CSupportedIdRule@Mig@@7BCUrlIdRule@1@@
??_8CSupportedIdRule@Mig@@7BITranslationRule@1@@
??_8CTranslationMigAttrib@Mig@@7B@
??_8CTranslationPattern@Mig@@7B@
??_8CTranslationRuleCollection@Mig@@7B01@@
??_8CTranslationRuleCollection@Mig@@7BITranslationRule@1@@
??_8CUrlIdRule@Mig@@7B@
??_8CUrlIdRule@Mig@@7BCIdStringAsInnerTextRule@1@@
??_8CUrlIdRule@Mig@@7BITranslationRule@1@@
??_8CXPathRule@Mig@@7B@
??_8CXPathRule@Mig@@7BCLinkedRule@1@@
??_8CXPathRule@Mig@@7BITranslationRule@1@@
??_DCAppendNewAttributeRule@Mig@@QEAAXXZ
??_DCAppendNewChildRule@Mig@@QEAAXXZ
??_DCComponentPathRule@Mig@@QEAAXXZ
??_DCCopyAttributesRule@Mig@@QEAAXXZ
??_DCCopyChildrenRule@Mig@@QEAAXXZ
??_DCEnvExpandRule@Mig@@QEAAXXZ
??_DCNodeInnerTextCopyRule@Mig@@QEAAXXZ
??_DCSelectRule@Mig@@QEAAXXZ
??_DCStatePatternRule@Mig@@QEAAXXZ
??_DCSupportedIdRule@Mig@@QEAAXXZ
??_DCTranslationMigAttrib@Mig@@QEAAXXZ
??_DCTranslationPattern@Mig@@QEAAXXZ
??_DCTranslationRuleCollection@Mig@@QEAAXXZ
??_DCUrlIdRule@Mig@@QEAAXXZ
??_DCXPathRule@Mig@@QEAAXXZ
?AddAssemblyIdentityRule@CSelectRule@Mig@@QEAAXPEAUITranslationRule@2@@Z
?AddRule@CTranslationRuleCollection@Mig@@QEAAXPEAUITranslationRule@2@@Z
?AddSupportedComponentIdentityRule@CSelectRule@Mig@@QEAAXPEAUITranslationRule@2@@Z
?CreateRuleNode@CStatePatternRule@Mig@@IEAAPEAVXmlNode@UnBCL@@PEAV34@PEAVString@4@0@Z
?CreateTranslationRule@CTranslationRuleFactory@Mig@@SAPEAUITranslationRule@2@PEAVString@UnBCL@@HH@Z
?GetIdString@CIdStringAsInnerTextRule@Mig@@IEAAPEAVString@UnBCL@@PEAVXmlNode@4@@Z
?GetPatterns@CStatePatternRule@Mig@@IEAAPEAV?$ArrayList@PEAVCTranslationPattern@Mig@@@UnBCL@@PEAVXmlNode@4@H@Z
?GetType@CStatePatternRule@Mig@@IEAAPEAVString@UnBCL@@XZ
?TransformIdString@CComponentPathRule@Mig@@UEAAPEAVString@UnBCL@@PEAVXmlNode@4@PEAV34@@Z
?TransformIdString@CSupportedIdRule@Mig@@UEAAPEAVString@UnBCL@@PEAVXmlNode@4@PEAV34@@Z
?TransformIdString@CUrlIdRule@Mig@@MEAAPEAVString@UnBCL@@PEAVXmlNode@4@PEAV34@@Z
?Translate@CAppendNewAttributeRule@Mig@@UEAAHPEAVXmlNode@UnBCL@@0@Z
?Translate@CAppendNewChildRule@Mig@@UEAAHPEAVXmlNode@UnBCL@@0@Z
?Translate@CCopyAttributesRule@Mig@@UEAAHPEAVXmlNode@UnBCL@@0@Z
?Translate@CCopyChildrenRule@Mig@@UEAAHPEAVXmlNode@UnBCL@@0@Z
?Translate@CEnvExpandRule@Mig@@UEAAHPEAVXmlNode@UnBCL@@0@Z
?Translate@CIdStringAsInnerTextRule@Mig@@UEAAHPEAVXmlNode@UnBCL@@0@Z
?Translate@CNodeInnerTextCopyRule@Mig@@UEAAHPEAVXmlNode@UnBCL@@0@Z
?Translate@CSelectRule@Mig@@UEAAHPEAVXmlNode@UnBCL@@0@Z
?Translate@CStatePatternRule@Mig@@UEAAHPEAVXmlNode@UnBCL@@0@Z
?Translate@CTranslationRuleCollection@Mig@@UEAAHPEAVXmlNode@UnBCL@@0@Z
?Translate@CXPathRule@Mig@@UEAAHPEAVXmlNode@UnBCL@@0@Z
?TranslateToMigRule@CStatePatternRule@Mig@@IEAAPEAVXmlNode@UnBCL@@PEAVXmlDocument@4@PEAVString@4@PEAVCTranslationMigAttrib@2@@Z
?get_Attribute@CTranslationMigAttrib@Mig@@QEAAPEAVXmlNode@UnBCL@@XZ
?get_Context@CTranslationPattern@Mig@@QEAAPEAVString@UnBCL@@XZ
?get_PatternString@CTranslationPattern@Mig@@QEAAPEAVString@UnBCL@@XZ
?get_RuleName@CTranslationMigAttrib@Mig@@QEAAPEAVString@UnBCL@@XZ
Translate

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
migwiz/migres.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:4a:ee:46:83:5f:fd:de:65:99:7d:2f:65:cf:3c:ab:22:a0:9e:31:91:42:f1:f7:49:89:19:8a:98:dc:36:38
Signer

Actual PE Digest

ef:4a:ee:46:83:5f:fd:de:65:99:7d:2f:65:cf:3c:ab:22:a0:9e:31:91:42:f1:f7:49:89:19:8a:98:dc:36:38

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wbem/NCProv.dll
.dll regsvr32 windows:10 windows x64 arch:x64

1ef54f8bb5f737b5c94ff9ec456fb61b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NCProv.pdb

Imports

msvcrt

??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
_onexit
_wcsupr
??0exception@@QEAA@AEBV0@@Z
wcsstr
wcscpy_s
??1exception@@UEAA@XZ
__CxxFrameHandler3
realloc
wcscat_s
malloc
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
free
__C_specific_handler
_unlock
__dllonexit
_purecall
_vsnwprintf
memcmp
memset

api-ms-win-core-heap-l1-1-0

HeapDestroy
GetProcessHeap

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
DeleteCriticalSection
SetEvent
CreateEventW
WaitForMultipleObjectsEx
OpenEventW
ResetEvent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
CreateThread

api-ms-win-core-namedpipe-l1-1-0

DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-file-l1-1-0

WriteFile
ReadFileEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetModuleFileNameW
SizeofResource
LoadResource
GetProcAddress
LoadLibraryExW
FindResourceExW
DisableThreadLibraryCalls

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcpyW
lstrcpynW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

wbemcomn

?Next@CAbstractQl1Parser@@MEAAHH@Z
??1QL1_Parser@@UEAA@XZ
??1QL_LEVEL_1_RPN_EXPRESSION@@QEAA@XZ
??0QL1_Parser@@QEAA@PEAVCGenLexSource@@@Z
GetMemLogObject
?Write@CMemoryLog@@QEAAXJ@Z
_ThrowMemoryException_
?WbemHeapInitialize@CWin32DefaultArena@@SAHPEAX@Z
?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z
?Parse@QL1_Parser@@QEAAHPEAPEAUQL_LEVEL_1_RPN_EXPRESSION@@@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbem/NetEventPacketCapture.dll
.dll regsvr32 windows:10 windows x64 arch:x64

a1a1336d4b2381c909c2c8473904e9a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NetEventPacketCapture.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_terminate
_o_tolower
_o_toupper
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler4
_o__cexit
_o__callnewh
memchr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-synch-l1-1-0

CreateEventA
CreateMutexExW
OpenSemaphoreW
ReleaseMutex
CreateEventW
WaitForSingleObjectEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSection
CreateSemaphoreExW
ReleaseSemaphore
InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantClear
VariantInit
SysFreeString

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW
StartTraceW
StopTraceW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegDeleteTreeW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

iphlpapi

ConvertInterfaceGuidToLuid
ConvertInterfaceLuidToIndex

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
StartServiceW
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService

ws2_32

ntohl

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW

ntdll

RtlEthernetAddressToStringW
RtlIpv4AddressToStringW
RtlIpv4StringToAddressW
RtlEthernetStringToAddressW
RtlIpv6StringToAddressW
NtOpenFile
RtlIpv6AddressToStringW

netsetupapi

NetSetupClose
NetSetupInitialize
NetSetupGetObjectProperties
NetSetupFreeObjectProperties
NetSetupFreeObjects
NetSetupGetObjects

fwpuclnt

FwpmEngineOpen0
FwpmSubLayerAdd0
FwpmProviderAdd0
FwpmCalloutDeleteById0
FwpmEngineClose0
FwpmCalloutAdd0
FwpmFilterAdd0
FwpmFilterDeleteById0

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbem/appbackgroundtask.dll
.dll regsvr32 windows:10 windows x64 arch:x64

2e1ed8e14d5a11566896d404533b10ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

appbackgroundtask.pdb

Imports

msvcrt

swprintf_s
__CxxFrameHandler3
_vsnwprintf
wcsncpy_s
??0exception@@QEAA@AEBV0@@Z
memcpy_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
??0exception@@QEAA@XZ
_CxxThrowException
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
malloc
free
??1exception@@UEAA@XZ
memset

ntdll

RtlAllocateHeap
RtlStringFromGUID
RtlGUIDFromString
RtlInitUnicodeString
RtlFreeUnicodeString
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

RaiseException
LocalFree
GetPackagesByPackageFamily
PackageFamilyNameFromFullName
FormatMessageW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetSystemDirectoryW
GetLastError
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
LoadLibraryExW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId

api-ms-win-core-biptcltapi-l1-1-7

BiPtQueryWorkItem
BiPtActivateWorkItem
BiPtDisassociateWorkItem
BiPtEnumerateWorkItemsForPackageName
BiPtFreeMemory

api-ms-win-core-psm-info-l1-1-0

PsmQueryApplicationPerformanceInformation

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

api-ms-win-core-com-l1-1-0

CoSwitchCallContext

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbem/ndisimplatcim.dll
.dll regsvr32 windows:10 windows x64 arch:x64

37ebfa6305c8823cec2b50169eaa2cbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NdisImplatCim.pdb

Imports

msvcrt

_initterm
__C_specific_handler
__CxxFrameHandler3
_lock
memset
?terminate@@YAXXZ
memcmp
??1type_info@@UEAA@XZ
memcpy
_CxxThrowException
_unlock
__dllonexit
?what@exception@@UEBAPEBDXZ
memmove
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_wcsicmp
iswspace
vswprintf_s
malloc
free
swprintf_s
toupper
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??_V@YAXPEAX@Z
_amsg_exit
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
_onexit
_XcptFilter
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlNtStatusToDosError

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibrary
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSemaphore
WaitForSingleObject
CreateMutexExW
OpenSemaphoreW
CreateSemaphoreExW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
GetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount
GetTickCount64

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-com-l1-1-0

StringFromGUID2
IIDFromString

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

netsetupapi

NetSetupSynchronizeDevices
NetSetupCreateObject
NetSetupDeleteObject
NetSetupGetObjectProperties
NetSetupClose
NetSetupInitialize
NetSetupFreeObjects
NetSetupGetObjects
NetSetupCommit
NetSetupValidateTransaction
NetSetupFreeObjectProperties
NetSetupSetObjectProperties

rpcrt4

UuidCreate

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-heap-l2-1-0

LocalFree

mi

MI_Application_InitializeV1

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbem/netdacim.dll
.dll regsvr32 windows:10 windows x64 arch:x64

c2b3ad892319a4711be4694947f3c6af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

netdacim.pdb

Imports

msvcrt

__C_specific_handler
malloc
_wcsicmp
_wcslwr_s
wcsstr
wcstok_s
wcschr
_vsnwprintf
_wcsupr_s
_initterm
_amsg_exit
_XcptFilter
free
swprintf_s
memcpy
memset

advapi32

RegOpenKeyExW
RegCloseKey
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
CreateWellKnownSid
RegQueryInfoKeyW
RegDeleteTreeW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW

dnsapi

DnsValidateName_W

kernel32

CreateEventW
SetEvent
HeapFree
GetProcessHeap
WaitForSingleObject
DisableThreadLibraryCalls
FreeLibrary
GetSystemDirectoryW
LoadLibraryExW
GetLastError
GetProcAddress
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetComputerNameExW
LocalFree
IsValidLocaleName
GetThreadPreferredUILanguages
LocalAlloc
SetThreadPreferredUILanguages
CloseHandle
GetModuleHandleExW
FormatMessageW
RtlCompareMemory
HeapAlloc

wevtapi

EvtSubscribe
EvtClose

ws2_32

FreeAddrInfoW
GetAddrInfoW
WSAStartup
WSACleanup

wldap32

ord27
ord41
ord13
ord224
ord301
ord97
ord140
ord127
ord26
ord145
ord16
ord118
ord18
ord14
ord88
ord73
ord208
ord36

netutils

NetApiBufferFree

logoncli

DsGetDcNameW

api-ms-win-core-com-l1-1-0

CoCreateGuid

iphlpapi

ConvertStringToGuidW
ConvertGuidToStringW
ParseNetworkString

rpcrt4

RpcBindingFree
RpcBindingUnbind
NdrClientCall3
RpcBindingCreateW
RpcBindingBind

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72bf59904e010e22435bd2ded7575c53

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

80:9c:77:46:40:22:f1:86:00:00:8f:07:c5:a2:28:f9:e1:3d:59:54:c3:5d:93:82:a3:20:4b:89:19:fa:e5:75Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

winspool.drv

oleaut32

user32

advapi32

kernel32

ole32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 536B

129672cc4d9f93d06764e571d9bb75cd

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

94:2e:d1:ec:5b:32:74:17:ec:74:9f:37:da:7e:12:ad:f7:be:34:b9:2f:4a:f8:fe:71:4e:c6:14:c0:fd:67:52Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-heap-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

setupapi

newdev

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 32B

.rsrc Size: 1KB - Virtual size: 1KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

80:9c:77:46:40:22:f1:86:00:00:8f:07:c5:a2:28:f9:e1:3d:59:54:c3:5d:93:82:a3:20:4b:89:19:fa:e5:75
Signer

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 536B

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

94:2e:d1:ec:5b:32:74:17:ec:74:9f:37:da:7e:12:ad:f7:be:34:b9:2f:4a:f8:fe:71:4e:c6:14:c0:fd:67:52
Signer

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 32B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 460B

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

2b:4e:d1:3f:a2:e2:a8:fd:96:d0:4d:50:df:c0:ac:9b:a1:5d:95:7d:b6:09:17:8c:00:35:e1:74:fb:fc:93:cf
Signer

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 488B

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

30:4b:02:dc:a5:cd:5b:d8:a5:86:dc:e5:2e:f4:33:f5:b1:3e:eb:9e:ab:63:80:f4:b0:0b:39:da:19:54:83:42
Signer

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 856B

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

76:75:fa:52:42:14:42:1a:9e:31:cc:c0:4b:26:fd:fc:bb:93:f8:67:86:be:c6:44:9e:eb:84:77:4b:0c:85:98
Signer