kernelbase.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f2cd076150b112d5ff0ea60192055f986ac9edc0a2582c0444962e5ffa32a154N.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
120 seconds
Behavioral task
behavioral2
Sample
f2cd076150b112d5ff0ea60192055f986ac9edc0a2582c0444962e5ffa32a154N.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
120 seconds
General
-
Target
f2cd076150b112d5ff0ea60192055f986ac9edc0a2582c0444962e5ffa32a154N
-
Size
399KB
-
MD5
c903d753ea42809e7ad97de825480600
-
SHA1
b61501bf8301c3bea8a05da4d41e5625b87cfa4d
-
SHA256
f2cd076150b112d5ff0ea60192055f986ac9edc0a2582c0444962e5ffa32a154
-
SHA512
490a2e569e52d5ec8f34e9f62d6dfc6e6550f33fa2bf855fd07e0a86f5ab689459c5144142f1d737969d4d48f8c467ef6a6c6fbf2e02e69610dc8a13844198cb
-
SSDEEP
12288:KFVEWViUW+rstO6NGcNzTZEe1N+JzTKrONEyag:KoWLrs1NJTZx+JzuruEy
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f2cd076150b112d5ff0ea60192055f986ac9edc0a2582c0444962e5ffa32a154N
Files
-
f2cd076150b112d5ff0ea60192055f986ac9edc0a2582c0444962e5ffa32a154N.dll windows:6 windows x64 arch:x64
6a48aa47cdcdc66076ec8efdb825610c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
ntdll
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlCreateTagHeap
_vsnwprintf
NtQuerySystemInformation
RtlGetNativeSystemInformation
CsrClientConnectToServer
CsrVerifyRegion
RtlAllocateHeap
RtlFreeHeap
RtlFreeAnsiString
NtQueryInformationProcess
NtSetInformationProcess
NtCreateIoCompletion
NtSetInformationFile
NtClose
NtSetIoCompletion
SbSelectProcedure
RtlSetLastWin32Error
NtRemoveIoCompletion
RtlActivateActivationContextUnsafeFast
NtRemoveIoCompletionEx
RtlDeactivateActivationContextUnsafeFast
NtOpenFile
NtCreateNamedPipeFile
RtlDosPathNameToNtPathName_U
RtlDefaultNpAcl
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtFsControlFile
NtWaitForSingleObject
NtCreateEvent
NtQueryInformationFile
RtlCreateUnicodeString
RtlDetermineDosPathNameType_U
RtlInitUnicodeString
RtlPrefixString
RtlFreeUnicodeString
_wcsnicmp
RtlAppendUnicodeStringToString
NtCreateFile
NtDeviceIoControlFile
RtlTimeToTimeFields
RtlTimeFieldsToTime
RtlAcquirePrivilege
NtSetSystemTime
RtlReleasePrivilege
RtlInitializeSRWLock
wcscpy_s
wcschr
RtlUnicodeStringToInteger
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlpCheckDynamicTimeZoneInformation
RtlCutoverTimeToSystemTime
_stricmp
_wcsicmp
RtlRegisterWait
RtlDeregisterWaitEx
RtlCreateTimerQueue
NtDelayExecution
RtlCreateTimer
RtlUpdateTimer
RtlDeleteTimer
RtlDeleteTimerQueueEx
NtAllocateVirtualMemory
wcsrchr
NtOpenKey
NtQueryValueKey
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlQueryEnvironmentVariable
RtlReleasePebLock
wcsncmp
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
NlsMbOemCodePageTag
RtlxOemStringToUnicodeSize
RtlxUnicodeStringToOemSize
RtlxUnicodeStringToAnsiSize
RtlOemStringToUnicodeString
RtlUnicodeStringToOemString
RtlRaiseException
NtDuplicateObject
NtQueryObject
NtSetInformationObject
memmove
NtQueryVolumeInformationFile
NtReadFile
NtWriteFile
NtFlushBuffersFile
NtLockFile
NtUnlockFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtReadFileScatter
NtWriteFileGather
RtlWow64EnableFsRedirectionEx
NtCreateSection
NtOpenSection
NtMapViewOfSection
NtFlushVirtualMemory
NtUnmapViewOfSection
RtlFlushSecureMemoryCache
NtReadVirtualMemory
NtProtectVirtualMemory
NtWriteVirtualMemory
NtFlushInstructionCache
NtFreeVirtualMemory
NtQueryVirtualMemory
RtlGetCurrentProcessorNumberEx
NtQuerySystemInformationEx
NtOpenProcess
RtlReportSilentProcessExit
NtTerminateProcess
RtlInitUnicodeStringEx
RtlRaiseStatus
NtRaiseHardError
RtlExitUserProcess
RtlInitAnsiStringEx
CsrClientCallServer
RtlQueryEnvironmentVariable_U
strchr
CsrAllocateCaptureBuffer
CsrAllocateMessagePointer
RtlUpcaseUnicodeString
RtlCopyUnicodeString
CsrFreeCaptureBuffer
RtlUpcaseUnicodeChar
RtlEqualUnicodeString
NtOpenDirectoryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtQueryDirectoryObject
RtlCompareMemory
RtlUnicodeToMultiByteSize
RtlUnicodeToOemN
RtlSetEnvironmentStrings
RtlSetEnvironmentVariable
RtlSetEnvironmentVar
RtlExpandEnvironmentStrings_U
RtlExpandEnvironmentStrings
RtlInitializeCriticalSectionAndSpinCount
RtlInitializeCriticalSectionEx
NtOpenEvent
NtSetEvent
NtClearEvent
NtPulseEvent
NtCreateSemaphore
NtOpenSemaphore
NtReleaseSemaphore
NtCreateMutant
NtOpenMutant
NtReleaseMutant
NtWaitForMultipleObjects
NtCreateTimer
NtOpenTimer
NtSetTimerEx
NtCancelTimer
RtlDosApplyFileIsolationRedirection_Ustr
LdrGetDllHandleByName
RtlDosSearchPath_Ustr
RtlImageNtHeaderEx
LdrGetDllHandleByMapping
RtlGetActiveActivationContext
LdrAddLoadAsDataTable
LdrLoadDll
RtlImageNtHeader
LdrRemoveLoadAsDataTable
LdrUnloadAlternateResourceModule
LdrUnloadDll
RtlExitUserThread
LdrDisableThreadCalloutsForDll
LdrLockLoaderLock
LdrUnlockLoaderLock
LdrGetDllHandle
RtlPcToFileHeader
RtlComputePrivatizedDllName_U
LdrAddRefDll
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToNtPathName_U_WithStatus
NtQueryAttributesFile
RtlGetVersion
LdrAccessResource
LdrFindResource_U
RtlReAllocateHeap
RtlAllocateAndInitializeSid
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlAddMandatoryAce
RtlSetSaclSecurityDescriptor
RtlFreeSid
DbgPrint
NtCreateThreadEx
RtlAllocateActivationContextStack
RtlQueryInformationActivationContext
RtlActivateActivationContextEx
NtResumeThread
RtlReleaseActivationContext
RtlFreeActivationContextStack
NtTerminateThread
NtOpenThread
NtSetInformationThread
NtQueryInformationThread
TpCaptureCaller
RtlCaptureStackBackTrace
TpCheckTerminateWorker
NtSuspendThread
RtlGetCurrentUmsThread
RtlFindClearBitsAndSet
RtlAreBitsSet
RtlClearBits
NtQueueApcThread
ord8
RtlFlsAlloc
RtlProcessFlsData
RtlFlsFree
NtYieldExecution
RtlInitAnsiString
RtlFindMessage
RtlFormatMessageEx
RtlLoadString
RtlUnicodeToMultiByteN
RtlLockHeap
RtlAllocateHandle
RtlFreeHandle
RtlSetUserValueHeap
RtlUnlockHeap
RtlIsValidHandle
RtlInitializeHandleTable
RtlCreateHeap
RtlDestroyHeap
RtlQueryHeapInformation
RtlValidateHeap
RtlGetProcessHeaps
RtlCompactHeap
RtlWalkHeap
RtlSetHeapInformation
RtlGetCurrentDirectory_U
wcsncpy_s
RtlIntegerToChar
RtlAnsiCharToUnicodeChar
RtlIsDosDeviceName_U
RtlSetThreadErrorMode
toupper
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtQueryFullAttributesFile
NtQueryDirectoryFile
NtNotifyChangeDirectoryFile
RtlGetFullPathName_UEx
RtlSetCurrentDirectory_U
NtQueryEaFile
ord1
NtIsProcessInJob
NtDuplicateToken
NtAllocateLocallyUniqueId
NtAccessCheck
NtAccessCheckByType
NtAccessCheckByTypeResultList
NtOpenProcessToken
NtOpenThreadToken
NtQueryInformationToken
NtSetInformationToken
NtAdjustPrivilegesToken
NtAdjustGroupsToken
NtPrivilegeCheck
NtAccessCheckAndAuditAlarm
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtOpenObjectAuditAlarm
NtPrivilegeObjectAuditAlarm
NtCloseObjectAuditAlarm
NtDeleteObjectAuditAlarm
NtPrivilegedServiceAuditAlarm
RtlValidSid
RtlEqualSid
RtlEqualPrefixSid
RtlLengthRequiredSid
RtlInitializeSid
RtlIdentifierAuthoritySid
RtlSubAuthoritySid
RtlSubAuthorityCountSid
RtlCopySid
RtlAreAllAccessesGranted
RtlAreAnyAccessesGranted
RtlMapGenericMask
RtlValidAcl
RtlQueryInformationAcl
RtlSetInformationAcl
RtlAddAce
RtlDeleteAce
RtlGetAce
RtlAddAccessAllowedAceEx
RtlAddAccessDeniedAce
RtlAddAccessDeniedAceEx
RtlAddAuditAccessAce
RtlAddAuditAccessAceEx
RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedObjectAce
RtlAddAuditAccessObjectAce
RtlFirstFreeAce
RtlValidSecurityDescriptor
RtlValidRelativeSecurityDescriptor
RtlLengthSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlSetControlSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlNewSecurityObject
RtlConvertToAutoInheritSecurityObject
RtlNewSecurityObjectEx
RtlNewSecurityObjectWithMultipleInheritance
RtlSetSecurityObject
RtlSetSecurityObjectEx
RtlQuerySecurityObject
RtlDeleteSecurityObject
RtlAbsoluteToSelfRelativeSD
RtlSelfRelativeToAbsoluteSD
NtSetSecurityObject
NtQuerySecurityObject
RtlImpersonateSelf
NtImpersonateAnonymousToken
NtFilterToken
RtlSelfRelativeToAbsoluteSD2
RtlGetSecurityDescriptorRMControl
RtlSetSecurityDescriptorRMControl
RtlUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNormalizeString
EtwEventEnabled
RtlLocaleNameToLcid
wcspbrk
EtwEventRegister
EtwEventUnregister
NtSetDefaultLocale
NtSetValueKey
RtlLcidToLocaleName
RtlOpenCurrentUser
NtEnumerateValueKey
RtlLCIDToCultureName
qsort
RtlpCreateProcessRegistryInfo
RtlpGetLCIDFromLangInfoNode
RtlCultureNameToLCID
RtlpIsQualifiedLanguage
RtlpGetNameFromLangInfoNode
RtlpInitializeLangRegistryInfo
RtlpLoadUserUIByPolicy
RtlpLoadMachineUIByPolicy
RtlpMuiFreeLangRegistryInfo
NtQueryInstallUILanguage
RtlGetLocaleFileMappingAddress
NtGetNlsSectionPtr
RtlGetProcessPreferredUILanguages
LdrFindResourceEx_U
RtlGetThreadPreferredUILanguages
RtlpQueryDefaultUILanguage
RtlGetSystemPreferredUILanguages
RtlGetUserPreferredUILanguages
RtlpGetSystemDefaultUILanguage
RtlGetUILanguageInfo
RtlGetFileMUIPath
NtEnumerateKey
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
NtCreateKey
NtDeleteKey
EtwEventWrite
NtQueryDefaultLocale
NtNotifyChangeKey
swprintf_s
CsrCaptureMessageBuffer
RtlUTF8ToUnicodeN
RtlUnicodeToUTF8N
NtDeleteValueKey
DbgPrintEx
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
TpAllocCleanupGroup
TpQueryPoolStackInformation
TpSetPoolStackInformation
TpAllocWait
TpAllocPool
TpCallbackMayRunLong
TpSimpleTryPost
TpSetPoolMinThreads
TpAllocWork
TpAllocIoCompletion
TpAllocTimer
NtQueryMultipleValueKey
memset
memcpy
memcmp
__C_specific_handler
_local_unwind
Exports
Exports
AccessCheck
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AcquireSRWLockExclusive
AcquireSRWLockShared
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddDllDirectory
AddMandatoryAce
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
AreFileApisANSI
BaseDllFreeResourceId
BaseDllMapResourceIdW
BaseGetProcessDllPath
BaseGetProcessExePath
BaseInvalidateDllSearchPathCache
BaseInvalidateProcessSearchPathCache
BaseReleaseProcessDllPath
BaseReleaseProcessExePath
Beep
BemCopyReference
BemCreateContractFrom
BemCreateReference
BemFreeContract
BemFreeReference
CallbackMayRunLong
CancelIoEx
CancelThreadpoolIo
CancelWaitableTimer
ChangeTimerQueueTimer
CheckGroupPolicyEnabled
CheckTokenMembership
CloseHandle
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ConvertDefaultLocale
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFileA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeW
CreatePipe
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateRemoteThread
CreateRemoteThreadEx
CreateRestrictedToken
CreateSemaphoreExW
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateWaitableTimerExW
CreateWellKnownSid
DebugBreak
DecodePointer
DecodeSystemPointer
DefineDosDeviceW
DeleteAce
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointW
DestroyPrivateObjectSecurity
DeviceIoControl
DisableThreadLibraryCalls
DisassociateCurrentThreadFromCallback
DisconnectNamedPipe
DuplicateHandle
DuplicateToken
DuplicateTokenEx
EncodePointer
EncodeSystemPointer
EnterCriticalSection
EnumCalendarInfoExEx
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsExEx
EnumDateFormatsExW
EnumDateFormatsW
EnumLanguageGroupLocalesW
EnumSystemCodePagesW
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumTimeFormatsEx
EnumTimeFormatsW
EnumUILanguagesW
EqualDomainSid
EqualPrefixSid
EqualSid
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FatalAppExitA
FatalAppExitW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstFreeAce
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeW
FindResourceExW
FindStringOrdinal
FindVolumeClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringW
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeResource
FreeSid
GetACP
GetAce
GetAclInformation
GetCPFileNameFromRegistry
GetCPHashNode
GetCPInfo
GetCPInfoExW
GetCalendar
GetCalendarInfoEx
GetCalendarInfoW
GetCommandLineA
GetCommandLineW
GetComputerNameExA
GetComputerNameExW
GetCurrencyFormatEx
GetCurrencyFormatW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStrings
GetEnvironmentStringsA
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetEraNameCountedString
GetErrorMode
GetExitCodeProcess
GetExitCodeThread
GetFallbackDisplayName
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileMUIInfo
GetFileMUIPath
GetFileSecurityW
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetHandleInformation
GetKernelObjectSecurity
GetLastError
GetLengthSid
GetLocalTime
GetLocaleInfoA
GetLocaleInfoEx
GetLocaleInfoHelper
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameA
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNLSVersion
GetNLSVersionEx
GetNamedLocaleHashNode
GetNamedPipeAttribute
GetNamedPipeClientComputerNameW
GetNumberFormatEx
GetNumberFormatW
GetOEMCP
GetOverlappedResult
GetPriorityClass
GetPrivateObjectSecurity
GetProcAddress
GetProcessHeap
GetProcessHeaps
GetProcessId
GetProcessIdOfThread
GetProcessPreferredUILanguages
GetProcessTimes
GetProcessVersion
GetPtrCalData
GetPtrCalDataArray
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetShortPathNameW
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetStartupInfoW
GetStdHandle
GetStringTableEntry
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultLocaleName
GetSystemDefaultUILanguage
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemPreferredUILanguages
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetTempFileNameW
GetThreadId
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadPriority
GetThreadPriorityBoost
GetThreadUILanguage
GetTickCount
GetTickCount64
GetTimeZoneInformation
GetTimeZoneInformationForYear
GetTokenInformation
GetUILanguageInfo
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultLocaleName
GetUserDefaultUILanguage
GetUserInfo
GetUserInfoWord
GetUserPreferredUILanguages
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationByHandleW
GetVolumeInformationW
GetVolumePathNameW
GetWindowsAccountDomainSid
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalMemoryStatusEx
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapQueryInformation
HeapReAlloc
HeapSetInformation
HeapSize
HeapSummary
HeapUnlock
HeapValidate
HeapWalk
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InitializeSecurityDescriptor
InitializeSid
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedPushListSList
InternalLcidToName
Internal_EnumCalendarInfo
Internal_EnumDateFormats
Internal_EnumLanguageGroupLocales
Internal_EnumSystemCodePages
Internal_EnumSystemLanguageGroups
Internal_EnumSystemLocales
Internal_EnumTimeFormats
Internal_EnumUILanguages
InvalidateTzSpecificCache
IsDBCSLeadByte
IsDBCSLeadByteEx
IsDebuggerPresent
IsNLSDefinedString
IsProcessInJob
IsThreadpoolTimerSet
IsTokenRestricted
IsValidAcl
IsValidCodePage
IsValidLanguageGroup
IsValidLocale
IsValidLocaleName
IsValidRelativeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
IsWow64Process
KernelBaseGetGlobalData
LCIDToLocaleName
LCMapStringA
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LeaveCriticalSectionWhenCallbackReturns
LoadLibraryExA
LoadLibraryExW
LoadResource
LoadStringA
LoadStringBaseExW
LoadStringByReference
LoadStringW
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalLock
LocalReAlloc
LocalUnlock
LocaleNameToLCID
LockFile
LockFileEx
LockResource
MakeAbsoluteSD
MakeAbsoluteSD2
MakeSelfRelativeSD
MapGenericMask
MapViewOfFile
MapViewOfFileEx
MapViewOfFileExNuma
MultiByteToWideChar
NeedCurrentDirectoryForExePathA
NeedCurrentDirectoryForExePathW
NlsCheckPolicy
NlsDispatchAnsiEnumProc
NlsEventDataDescCreate
NlsGetACPFromLocale
NlsGetCacheUpdateCount
NlsIsUserDefaultLocale
NlsUpdateLocale
NlsUpdateSystemLocale
NlsValidateLocale
NlsWriteEtwEvent
NotifyMountMgr
NotifyRedirectedStringChange
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmW
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmW
OpenEventA
OpenEventW
OpenFileMappingW
OpenMutexW
OpenProcess
OpenProcessToken
OpenRegKey
OpenSemaphoreW
OpenThread
OpenThreadToken
OpenWaitableTimerW
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
PrivilegeCheck
PrivilegedServiceAuditAlarmW
ProcessIdToSessionId
PulseEvent
QueryDepthSList
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryProcessAffinityUpdateMode
QuerySecurityAccessMask
QueryThreadpoolStackInformation
QueueUserAPC
RaiseException
ReadFile
ReadFileEx
ReadFileScatter
ReadProcessMemory
RegisterWaitForSingleObjectEx
ReleaseMutex
ReleaseMutexWhenCallbackReturns
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseSemaphoreWhenCallbackReturns
RemoveDirectoryA
RemoveDirectoryW
RemoveDllDirectory
ResetEvent
ResolveLocaleName
Sections
.text Size: 282KB - Virtual size: 281KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 83KB - Virtual size: 83KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 316B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ