5b790d2d085d2498aa63822812562acc256a26febae6cc78563ba656eb9d0c1f[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

5b790d2d085d2498aa63822812562acc256a26febae6cc78563ba656eb9d0c1f.zip
Size

51.1MB
MD5

c421f2ae1826f36d1224070127bb50ef
SHA1

347fd2d1cfc0000c9b7f8525852cecd438692523
SHA256

5b790d2d085d2498aa63822812562acc256a26febae6cc78563ba656eb9d0c1f
SHA512

d5761f517467c36540d9998b20c2dbf9a745de602fa558ea5ae2b9080248374f72372ff73d204836dfb75fea6362ae688c77ac4704e4825e3d743949bb012421
SSDEEP

1572864:amp+AkxOx6mkMspNbawUPlE6bvgqqkzST1T5g9JWicwZKFct:ao+M6mk5pshPlE6bIqnzE15g9otAKFct

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Sgrm/samcli.dll
unpack001/Sgrm/samlib.dll
unpack001/Sgrm/sas.dll
unpack001/wbem/appbackgroundtask.dll
unpack001/wbem/dnsclientcim.dll
unpack001/wbem/dnsclientpsprovider.dll
unpack001/winrm/AcLayers.dll
unpack001/winrm/acledit.dll
unpack001/winrm/aclui.dll

Files

5b790d2d085d2498aa63822812562acc256a26febae6cc78563ba656eb9d0c1f.zip
.zip
Sgrm/samcli.dll
.dll windows:10 windows x64 arch:x64

85d6e08968adbf425e9bb17ac987f7ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

samcli.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memcpy
_o__wcsicmp
_o_wcsncpy_s
__C_specific_handler
_o___std_type_info_destroy_list
wcschr

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

EqualSid

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

ntdll

RtlRunEncodeUnicodeString
NtQuerySystemTime
RtlSetDaclSecurityDescriptor
RtlSecondsSince1970ToTime
RtlCreateSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlTimeToSecondsSince1970
RtlEqualSid
RtlSubAuthoritySid
RtlInitializeSid
RtlCreateUnicodeString
RtlFreeUnicodeString
RtlCopySid
RtlLengthSid
RtlInitUnicodeString
RtlNtStatusToDosError
NtClose
NtOpenThreadToken
RtlQueryInformationAcl
NtSetInformationThread
RtlGetNtProductType
NtImpersonateAnonymousToken
RtlTimeToSecondsSince1980
RtlGetAce

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

NetGetDisplayInformationIndex
NetGroupAdd
NetGroupAddUser
NetGroupDel
NetGroupDelUser
NetGroupEnum
NetGroupGetInfo
NetGroupGetUsers
NetGroupSetInfo
NetGroupSetUsers
NetLocalGroupAdd
NetLocalGroupAddMember
NetLocalGroupAddMembers
NetLocalGroupDel
NetLocalGroupDelMember
NetLocalGroupDelMembers
NetLocalGroupEnum
NetLocalGroupGetInfo
NetLocalGroupGetMembers
NetLocalGroupSetInfo
NetLocalGroupSetMembers
NetQueryDisplayInformation
NetUserAdd
NetUserChangePassword
NetUserDel
NetUserEnum
NetUserGetGroups
NetUserGetInfo
NetUserGetInternetIdentityInfo
NetUserGetLocalGroups
NetUserModalsGet
NetUserModalsSet
NetUserSetGroups
NetUserSetInfo
NetValidatePasswordPolicy
NetValidatePasswordPolicyFree

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sgrm/samlib.dll
.dll windows:10 windows x64 arch:x64

6a2cc1edea87e33c639cb87ae08c89fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

samlib.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsncmp
wcspbrk
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wfopen
_o_fclose
_o_fflush
_o___stdio_common_vfwprintf
__C_specific_handler
memcpy
_o___std_type_info_destroy_list

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
TlsGetValue
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
TlsFree
TlsSetValue

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetWindowsDirectoryW
GetComputerNameExW
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages

api-ms-win-core-registry-l1-1-0

RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteKeyExA
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegCreateKeyExA

api-ms-win-security-base-l1-1-0

GetLengthSid
IsWellKnownSid
RevertToSelf
IsValidSid

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

GetStringTypeW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-eventing-obsolete-l1-1-0

RegisterTraceGuidsA

ntdll

RtlFreeHeap
RtlDeleteCriticalSection
RtlNtStatusToDosError
RtlMakeSelfRelativeSD
RtlEqualUnicodeString
RtlSubAuthoritySid
NtSetInformationThread
RtlUnicodeStringToInteger
RtlSubAuthorityCountSid
NtQueryInformationToken
RtlLengthRequiredSid
RtlCopySid
NtOpenThreadToken
RtlValidSid
RtlLengthSid
RtlAllocateAndInitializeSid
RtlGetNtProductType
RtlInitUnicodeString
RtlUpcaseUnicodeStringToOemString
RtlEnterCriticalSection
RtlEqualComputerName
RtlInitializeCriticalSection
RtlLeaveCriticalSection

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

OnMachineUILanguageInit
SamAddMemberToAlias
SamAddMemberToGroup
SamAddMultipleMembersToAlias
SamChangePasswordUser
SamChangePasswordUser2
SamCloseHandle
SamConnect
SamConnectWithCreds
SamCreateAliasInDomain
SamCreateGroupInDomain
SamCreateUser2InDomain
SamCreateUserInDomain
SamDeleteAlias
SamDeleteGroup
SamDeleteUser
SamEnumerateAliasesInDomain
SamEnumerateDomainsInSamServer
SamEnumerateGroupsInDomain
SamEnumerateUsersInDomain
SamEnumerateUsersInDomain2
SamFreeMemory
SamGetAliasMembership
SamGetCompatibilityMode
SamGetDisplayEnumerationIndex
SamGetGroupsForUser
SamGetMembersInAlias
SamGetMembersInGroup
SamLookupDomainInSamServer
SamLookupIdsInDomain
SamLookupNamesInDomain
SamLookupNamesInDomain2
SamOpenAlias
SamOpenDomain
SamOpenGroup
SamOpenUser
SamPerformGenericOperation
SamQueryDisplayInformation
SamQueryInformationAlias
SamQueryInformationDomain
SamQueryInformationGroup
SamQueryInformationUser
SamQueryLocalizableAccountsInDomain
SamQuerySecurityObject
SamRegisterObjectChangeNotification
SamRemoveMemberFromAlias
SamRemoveMemberFromForeignDomain
SamRemoveMemberFromGroup
SamRemoveMultipleMembersFromAlias
SamRidToSid
SamSetInformationAlias
SamSetInformationDomain
SamSetInformationGroup
SamSetInformationUser
SamSetMemberAttributesOfGroup
SamSetSecurityObject
SamShutdownSamServer
SamTestPrivateFunctionsDomain
SamTestPrivateFunctionsUser
SamUnregisterObjectChangeNotification
SamValidatePassword
SamiChangeKeys
SamiChangePasswordUser
SamiChangePasswordUser2
SamiEncryptPasswords
SamiLmChangePasswordUser
SamiSetBootKeyInformation
SamiSetDSRMPassword
SamiSetDSRMPasswordOWF
SamiSyncDSRMPasswordFromAccount
SamiValidateComputerAccountReuseAttempt

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sgrm/sas.dll
.dll windows:10 windows x64 arch:x64

254d42999f5c04a61117bdfa4963ddca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SAS.pdb

Imports

msvcrt

_XcptFilter
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_vsnwprintf

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

kernel32

LoadLibraryA
HeapFree
SetLastError
HeapAlloc
GetProcessHeap
GetProcAddress
FreeLibrary

rpcrt4

I_RpcExceptionFilter
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcStringFreeW
NdrClientCall3

Exports

Exports

SendSAS

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app__v7.3.5_.msi
.msi
wbem/appbackgroundtask.dll
.dll regsvr32 windows:10 windows x64 arch:x64

2e1ed8e14d5a11566896d404533b10ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

appbackgroundtask.pdb

Imports

msvcrt

swprintf_s
__CxxFrameHandler3
_vsnwprintf
wcsncpy_s
??0exception@@QEAA@AEBV0@@Z
memcpy_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
??0exception@@QEAA@XZ
_CxxThrowException
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
malloc
free
??1exception@@UEAA@XZ
memset

ntdll

RtlAllocateHeap
RtlStringFromGUID
RtlGUIDFromString
RtlInitUnicodeString
RtlFreeUnicodeString
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

RaiseException
LocalFree
GetPackagesByPackageFamily
PackageFamilyNameFromFullName
FormatMessageW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetSystemDirectoryW
GetLastError
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
LoadLibraryExW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId

api-ms-win-core-biptcltapi-l1-1-7

BiPtQueryWorkItem
BiPtActivateWorkItem
BiPtDisassociateWorkItem
BiPtEnumerateWorkItemsForPackageName
BiPtFreeMemory

api-ms-win-core-psm-info-l1-1-0

PsmQueryApplicationPerformanceInformation

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

api-ms-win-core-com-l1-1-0

CoSwitchCallContext

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbem/dnsclientcim.dll
.dll regsvr32 windows:10 windows x64 arch:x64

cfca51f8bf1bf8f90661aaeef676fdc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dnsclientcim.pdb

Imports

msvcrt

memcpy
_XcptFilter
_amsg_exit
_vsnwprintf
__C_specific_handler
_ui64tow_s
malloc
_wcsicmp
free
swprintf_s
_initterm
memset

ntdll

EtwTraceMessageVa
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlLoadString

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-heap-l2-1-0

LocalFree

dnsapi

DnsValidateServerStatus
DnsQuery_W
DnsFree
DnsQueryConfig
DnsResolverOp
DnsGetCacheDataTable
DnsFlushResolverCache
DnsNotifyResolver

ws2_32

WSACleanup
WSAGetLastError
GetAddrInfoW
WSAStartup
GetHostNameW
FreeAddrInfoW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

iphlpapi

GetAdaptersAddresses

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 1024B - Virtual size: 959B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbem/dnsclientpsprovider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

47a7811f3d8736ad100cd1666b45c8f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DnsClientPsProvider.pdb

Imports

msvcrt

?terminate@@YAXXZ
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
iswdigit
_purecall
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
memmove
_onexit
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
__dllonexit
_unlock
_lock
__C_specific_handler
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
_initterm
_amsg_exit
_XcptFilter
malloc
free
??1type_info@@UEAA@XZ
memcpy
swprintf_s
memset

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW
GetSystemDirectoryW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary
GetProcAddress
LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

EtwTraceMessageVa
RtlIpv6StringToAddressW
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlIpv4StringToAddressW

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegGetValueW
RegCreateKeyExW
RegEnumKeyExW

api-ms-win-core-localization-l1-2-0

LocaleNameToLCID
SetThreadPreferredUILanguages
GetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

mi

mi_clientFT_V1

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winrm/AcLayers.dll
.dll windows:10 windows x64 arch:x64

c4de04f54385594ec210f75cb67e2063

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AcLayers.pdb

Imports

apphelp

SE_GetShimId
SE_ShimDPF

msvcrt

memmove
memcpy
_CxxThrowException
memset
__CxxFrameHandler3
_wcsicmp
_vscwprintf
_vsnwprintf
_vsnprintf
_stricmp
__C_specific_handler
sprintf_s
vsprintf_s
atol
_scwprintf
_wcsnicmp
wcsrchr
wcsncmp
wcsspn
iswctype
towlower
wcschr
wcspbrk
wcsstr
_vscprintf
iswspace
_XcptFilter
_amsg_exit
free
malloc
_initterm
??1type_info@@UEAA@XZ
strcmp

ntdll

RtlAllocateHeap
RtlFreeHeap
NtQueryKey
RtlNtStatusToDosError
RtlReportException
NtTerminateProcess
RtlRaiseException
NtQueryInformationProcess
RtlUniform
RtlValidateHeap
RtlCaptureStackBackTrace
RtlImageNtHeader
RtlCaptureContext
WinSqmAddToStream
RtlInitUnicodeString
NtOpenFile
NtQuerySystemInformation
RtlLengthRequiredSid
RtlInitializeSid
NtQueryInformationToken
RtlSubAuthoritySid
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteSize
RtlUnicodeToMultiByteN
RtlGetOwnerSecurityDescriptor
RtlEqualSid
NtQueryObject
RtlAppendUnicodeToString
RtlFormatCurrentUserKeyPath
RtlGetLastNtStatus
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExA
RegSetValueExW
RegGetKeySecurity
RegOpenKeyExW

api-ms-win-security-base-l1-1-0

GetAclInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetAce
CopySid
GetSecurityDescriptorDacl
GetFileSecurityW
GetTokenInformation

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

user32

GetSystemMetrics
EnumDisplaySettingsW
CharUpperW

shell32

ShellExecuteExW

shlwapi

PathFindFileNameW

kernel32

CompareStringEx
LCIDToLocaleName
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
SearchPathW
CreateMutexW
OpenMutexW
ReleaseActCtx
QueryActCtxW
CreateActCtxW
GetTempFileNameW
GetTempPathW
GetTempFileNameA
GetTempPathA
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsA
LeaveCriticalSection
EnterCriticalSection
GetFileSize
SetFilePointer
CreateFileW
LocalFree
LocalAlloc
GetVolumeNameForVolumeMountPointW
GetSystemDirectoryW
GetModuleFileNameW
GetWindowsDirectoryW
GetShortPathNameW
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
GetFileAttributesW
RegisterApplicationRestart
GetApplicationRestartSettings
WerRegisterMemoryBlock
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
CloseHandle
SetNamedPipeHandleState
GetCurrentProcessId
SetLastError
CreateEventW
InitializeCriticalSection
OutputDebugStringA
WriteFile
CancelIo
WaitForSingleObject
ReadFile
InitializeSRWLock
GetCurrentThread
GetCurrentProcess
QueryFullProcessImageNameW
LoadLibraryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
GetCurrentThreadId
AcquireSRWLockShared
IsNLSDefinedString
FindNLSStringEx
WideCharToMultiByte
HeapReAlloc
GetLastError
LCMapStringEx
HeapFree
MultiByteToWideChar
GetProcessHeap
HeapAlloc
GetLocaleInfoEx
GetCommandLineW

advapi32

OpenProcessToken
GetSecurityInfo
GetFileSecurityA
OpenThreadToken

sfc

SfcIsKeyProtected

winspool.drv

ord203

Exports

Exports

GetHookAPIs
NotifyShims

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winrm/acledit.dll
.dll windows:10 windows x64 arch:x64

02f6fc922b46bf9b846109dcfb249d30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

acledit.pdb

Imports

msvcrt

_XcptFilter
__C_specific_handler
_initterm
malloc
free
_amsg_exit
memset

user32

LoadStringW
MessageBoxW

kernel32

Sleep
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DisableThreadLibraryCalls
TerminateProcess

Exports

Exports

DllMain
EditAuditInfo
EditOwnerInfo
EditPermissionInfo
FMExtensionProcW
SedDiscretionaryAclEditor
SedSystemAclEditor
SedTakeOwnership

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winrm/aclui.dll
.dll windows:10 windows x64 arch:x64

d9947ca70a4b70147886d0f02997043e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aclui.pdb

Imports

msvcrt

wcstok_s
_wcsnicmp
_wcstoui64
_ultow_s
iswctype
wcstoul
swprintf_s
wcsncpy_s
_ultow
_ui64tow_s
_i64tow_s
_CxxThrowException
_wcstoi64
memcpy_s
??1exception@@UEAA@XZ
__RTDynamicCast
floor
memcmp
memcpy
memmove
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
__CxxFrameHandler3
free
wcsnlen
_vsnwprintf
memmove_s
_itow_s
wcsncmp
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
wcspbrk
wcsspn
wcscspn
iswspace
wcscpy_s
malloc
__C_specific_handler
wcsrchr
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_errno
realloc
memset
wcschr
wcscmp

shell32

ord259
ord258
ord6

shlwapi

PathAppendW
ord12
ord628
ord165
ord219
StrChrW
StrRChrW

advapi32

EventWrite
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
EqualPrefixSid
AllocateAndInitializeSid
EqualSid
GetLengthSid
IsValidSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
SetThreadToken
AdjustTokenPrivileges
DuplicateTokenEx
OpenThreadToken
LsaGetAppliedCAPIDs
GetWindowsAccountDomainSid
LsaLookupSids
GetSidSubAuthority
IsValidAcl
IsValidSecurityDescriptor
IsWellKnownSid
LookupAccountSidW
DeleteAce
LookupAccountNameW
OpenProcessToken
GetSidSubAuthorityCount
LsaOpenPolicy
AddConditionalAce
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
AddAccessAllowedAce
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
CopySid
EventUnregister
EventRegister
GetAce
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
InitializeAcl

gdi32

CreateDIBSection
DeleteObject
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
SetBkColor
CreateFontIndirectW
SetBkMode
GetObjectW
SetTextColor

kernel32

CreateThread
FreeLibrary
FreeLibraryAndExitThread
HeapReAlloc
GetCurrentProcess
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
GlobalLock
GlobalUnlock
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
lstrcmpiW
HeapSize
HeapDestroy
VirtualFree
VirtualAlloc
LoadLibraryExA
EncodePointer
DecodePointer
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringA
lstrcmpW
FindResourceW
GetCurrentThread
CreateActCtxW
ActivateActCtx
DeactivateActCtx
DelayLoadFailureHook
ResolveDelayLoadedAPI
ReleaseActCtx
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
LocalFree
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
TlsGetValue
EnterCriticalSection
LeaveCriticalSection
RaiseException
MulDiv
InitOnceExecuteOnce
CompareStringW
CheckElevationEnabled
CreateThreadpoolWait
SetThreadpoolWait
AcquireSRWLockShared
ReleaseSRWLockShared
SetEvent
CompareStringEx
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
InitializeCriticalSection
TlsAlloc
TlsFree
DeleteCriticalSection
LocalReAlloc
LoadLibraryExW

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlLengthSid
RtlCreateUnicodeString
RtlFreeUnicodeString
RtlIsPackageSid
RtlInitializeCriticalSectionEx
RtlDeleteCriticalSection
RtlGetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlEqualSid
RtlFirstFreeAce
RtlAddAccessDeniedObjectAce
RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedAceEx
RtlCopySid
RtlAbsoluteToSelfRelativeSD
RtlGetGroupSecurityDescriptor
RtlAddAce
RtlSubAuthorityCountSid
RtlGetOwnerSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlAddAuditAccessAceEx
RtlGetAce
RtlConvertSidToUnicodeString
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
RtlAddAuditAccessObjectAce
RtlGetControlSecurityDescriptor
RtlInitializeSid
RtlSetOwnerSecurityDescriptor
RtlValidSid
RtlSetSaclSecurityDescriptor
RtlValidAcl
RtlRunOnceExecuteOnce
EtwTraceMessage
RtlGetSaclSecurityDescriptor
RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError
RtlEqualUnicodeString
RtlGetNtProductType
RtlInitUnicodeString
RtlAddScopedPolicyIDAce
RtlCreateAcl
WinSqmIsOptedIn
WinSqmEndSession
WinSqmSetString
WinSqmStartSession
WinSqmIsOptedInEx
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmAddToStream
RtlIsCapabilitySid

ntdsapi

DsBindWithSpnExW
DsFreeNameResultW
DsCrackNamesW
DsUnBindW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoGetMalloc
CoTaskMemRealloc
ReleaseStgMedium
CoCreateGuid

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SysReAllocStringLen
SysAllocStringLen
SysAllocString
SysFreeString

user32

GetDlgItemTextW
GetParent
EnableWindow
SetDlgItemTextW
SetWindowPos
SetWindowLongPtrW
GetWindowRect
ShowWindow
GetDlgItem
LoadCursorW
SetCursor
SendDlgItemMessageW
SendMessageW
DestroyWindow
LoadStringW
PostMessageW
EndDialog
GetActiveWindow
SetWindowTextW
DialogBoxParamW
ReleaseDC
GetDC
RedrawWindow
GetFocus
SetFocus
GetWindowLongPtrW
MessageBoxW
LoadIconW
GetAncestor
LoadImageW
RegisterWindowMessageW
GetWindow
GetWindowPlacement
SetWindowPlacement
RegisterClassW
IsWindowVisible
GetClientRect
GetSystemMetrics
MapWindowPoints
UnregisterClassW
SetWindowLongW
GetWindowLongW
MapDialogRect
UnregisterClassA
DrawTextW
RegisterClipboardFormatW
ClientToScreen
KillTimer
SetTimer
keybd_event
CreateWindowExW
EnumDisplaySettingsW
DrawFocusRect
GetSysColor
GetSysColorBrush
FrameRect
InflateRect
ShowScrollBar
MoveWindow
OffsetRect
CallWindowProcW
SetScrollInfo
ScrollWindow
SetScrollPos
GetScrollInfo
DefWindowProcW
GetDlgCtrlID
DestroyIcon
SystemParametersInfoW
IsWindowEnabled

xmllite

CreateXmlReader

Exports

Exports

CreateSecurityPage
EditConditionalAceClaims
EditResourceCondition
EditSecurity
EditSecurityAdvanced
GetLocalizedStringForCondition
GetTlsIndexForClaimDictionary
IID_ISecurityInformation

Sections

.text
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85d6e08968adbf425e9bb17ac987f7ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-1

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.didat Size: 1024B - Virtual size: 560B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 172B

6a2cc1edea87e33c639cb87ae08c89fc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-eventing-obsolete-l1-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 4KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 392B

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 2KB - Virtual size: 1KB

254d42999f5c04a61117bdfa4963ddca

Headers

DLL Characteristics

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 1024B - Virtual size: 560B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 392B

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 360B

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 512B - Virtual size: 196B

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 972B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 820B