8da5ea42440fd700812cba7ed808b8e07d5610a86c2a4da94daa53b7a5c4fdc8[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

8da5ea42440fd700812cba7ed808b8e07d5610a86c2a4da94daa53b7a5c4fdc8.zip
Size

48.3MB
MD5

7d41520d5ed486c1fac7656e4e38e32b
SHA1

5787c806d02d79686daca5f95d89271dc6c578ee
SHA256

8da5ea42440fd700812cba7ed808b8e07d5610a86c2a4da94daa53b7a5c4fdc8
SHA512

4197cee4a73583f9e34936a8c6fac389ea98f03520d623bf59d72aca9b22409cce271e29b0ff1600df7cb5ce6fb2bf2496b09b6ca7416752d8eef3cadef8677f
SSDEEP

1572864:cp+AkxOx6mkMspNbawUPlE6YJ4H7Yf7EhHfB7dHB/:++M6mk5pshPlE6YiH7YQ5fB7

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FxsTmp/Family.Authentication.dll
unpack001/FxsTmp/Family.Cache.dll
unpack001/FxsTmp/f3ahvoas.dll
unpack001/mfis/RpcNs4.dll
unpack001/mfis/efsadu.dll
unpack001/mfis/hotplug.dll
unpack001/mtxclu/imapi.dll
unpack001/mtxclu/itircl.dll
unpack001/mtxclu/mtxclu.dll
unpack001/mtxclu/nlhtml.dll
unpack001/oobe/odbccp32.dll
unpack001/oobe/odbccr32.dll
unpack001/oobe/odbccu32.dll
unpack001/oobe/odbcint.dll
unpack001/oobe/odbctrac.dll

Files

8da5ea42440fd700812cba7ed808b8e07d5610a86c2a4da94daa53b7a5c4fdc8.zip
.zip
FxsTmp/Family.Authentication.dll
.dll windows:10 windows x64 arch:x64

045d5fcdf29e1bd670205872ddd84e75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Family.Authentication.pdb

Imports

msvcrt

_callnewh
memcmp
__CxxFrameHandler3
realloc
_purecall
free
_XcptFilter
_onexit
malloc
_initterm
__C_specific_handler
memcpy_s
_lock
_unlock
_vsnwprintf
__dllonexit
_amsg_exit
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
_wcstoui64
memmove_s

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsDeleteString
HSTRING_UserUnmarshal
HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
WindowsCreateString
WindowsCreateStringReference
HSTRING_UserUnmarshal64
WindowsGetStringRawBuffer
HSTRING_UserMarshal
HSTRING_UserSize
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc
CoGetApartmentType
CoMarshalInterface
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoCreateFreeThreadedMarshaler

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError
RoTransformError

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

advapi32

EventUnregister
EventRegister
EventWriteTransfer
EventActivityIdControl
OpenProcessToken
GetTokenInformation
EventSetInformation

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
EncodePointer
CreateSemaphoreExW
ReleaseSRWLockShared
CreateMutexExW
GetCurrentProcessId
InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize
ReleaseSRWLockExclusive
DecodePointer
DisableThreadLibraryCalls
OpenSemaphoreW
WaitForSingleObject
QueryPerformanceCounter
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CloseHandle
SetLastError
OutputDebugStringW
IsDebuggerPresent
GetLastError
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
FormatMessageW
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
InitializeSRWLock
RaiseException
OpenProcess
AcquireSRWLockShared
GetModuleHandleExW

rpcrt4

CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
NdrStubCall3
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrStubForwardingFunction
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleFree

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
CStdStubBuffer2_Connect
NdrProxyForwardingFunction3
CStdStubBuffer2_QueryInterface
ObjectStublessClient7
CStdStubBuffer2_Disconnect
ObjectStublessClient3
CStdStubBuffer2_CountRefs
ObjectStublessClient8

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FxsTmp/Family.Cache.dll
.dll windows:10 windows x64 arch:x64

5c91ca46803767598306d8004367b675

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Family.Cache.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__execute_onexit_table
_o__errno
memmove
_o__cexit
_o__callnewh
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseMutex
CreateSemaphoreExW
AcquireSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
InitializeSRWLock
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
ReleaseSRWLockExclusive
ReleaseSemaphore

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserUnmarshal
WindowsDuplicateString
WindowsDeleteString
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer
HSTRING_UserSize
HSTRING_UserUnmarshal64
WindowsPromoteStringBuffer
WindowsDeleteStringBuffer
WindowsPreallocateStringBuffer
WindowsCreateStringReference

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoCreateFreeThreadedMarshaler
CoGetCallContext
CoIncrementMTAUsage
CoTaskMemAlloc

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegDeleteTreeW
RegCreateKeyExW
RegGetValueW
RegEnumKeyExW
RegCloseKey
RegSetValueExW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

advapi32

EventSetInformation
DuplicateTokenEx
RegCreateKeyTransactedW
EventActivityIdControl
EventWriteTransfer
EventUnregister
OpenProcessToken
EventRegister

kernel32

InterlockedPushEntrySList
GetCurrentThreadId
HeapFree
MultiByteToWideChar
InterlockedFlushSList
FormatMessageW
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
EncodePointer
GetCurrentProcessId
OutputDebugStringW
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetProcAddress
GetModuleHandleW
CloseHandle
SetLastError
GetLastError
IsDebuggerPresent
GetProcessHeap
HeapAlloc
DecodePointer

ktmw32

CommitTransaction
CreateTransaction

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo
RoTransformError
GetRestrictedErrorInfo

rpcrt4

CStdStubBuffer_IsIIDSupported
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllCanUnloadNow
CStdStubBuffer_Invoke
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
NdrStubCall3
IUnknown_QueryInterface_Proxy

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient7
CStdStubBuffer2_Disconnect
ObjectStublessClient15
CStdStubBuffer2_QueryInterface
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
CStdStubBuffer2_Connect
NdrProxyForwardingFunction4
ObjectStublessClient13
NdrProxyForwardingFunction5
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient17
ObjectStublessClient10
CStdStubBuffer2_CountRefs
NdrProxyForwardingFunction3
ObjectStublessClient16

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

SysFreeString
SysStringLen

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FxsTmp/f3ahvoas.dll
.dll windows:10 windows x64 arch:x64

5fee61a2496e6d30478467592dd1e320

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

f3ahvoas.pdb

Imports

win32u

NtUserCallTwoParam

Exports

Exports

FujitsuOyayubiControl
KbdLayerDescriptor
KbdNlsLayerDescriptor

Sections

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfis/RpcNs4.dll
.dll windows:10 windows x64 arch:x64

e06944c518403f775c9c3d3b5156ca77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

RpcNs4.pdb

Imports

ntdll

RtlIntegerToUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DbgPrint
WinSqmIncrementDWORD
WinSqmIsOptedIn
DbgPrintEx

advapi32

DeregisterEventSource
ReportEventW
RegisterEventSourceW

kernel32

TerminateProcess
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCommandLineW
GetLastError
GetCurrentProcessId
QueryPerformanceCounter

Exports

Exports

I_RpcNsGetBuffer
I_RpcNsNegotiateTransferSyntax
I_RpcNsRaiseException
I_RpcNsSendReceive
I_RpcReBindBuffer
RpcIfIdVectorFree
RpcNsBindingExportA
RpcNsBindingExportPnPA
RpcNsBindingExportPnPW
RpcNsBindingExportW
RpcNsBindingImportBeginA
RpcNsBindingImportBeginW
RpcNsBindingImportDone
RpcNsBindingImportNext
RpcNsBindingLookupBeginA
RpcNsBindingLookupBeginW
RpcNsBindingLookupDone
RpcNsBindingLookupNext
RpcNsBindingSelect
RpcNsBindingUnexportA
RpcNsBindingUnexportPnPA
RpcNsBindingUnexportPnPW
RpcNsBindingUnexportW
RpcNsEntryExpandNameA
RpcNsEntryExpandNameW
RpcNsEntryObjectInqBeginA
RpcNsEntryObjectInqBeginW
RpcNsEntryObjectInqDone
RpcNsEntryObjectInqNext
RpcNsGroupDeleteA
RpcNsGroupDeleteW
RpcNsGroupMbrAddA
RpcNsGroupMbrAddW
RpcNsGroupMbrInqBeginA
RpcNsGroupMbrInqBeginW
RpcNsGroupMbrInqDone
RpcNsGroupMbrInqNextA
RpcNsGroupMbrInqNextW
RpcNsGroupMbrRemoveA
RpcNsGroupMbrRemoveW
RpcNsMgmtBindingUnexportA
RpcNsMgmtBindingUnexportW
RpcNsMgmtEntryCreateA
RpcNsMgmtEntryCreateW
RpcNsMgmtEntryDeleteA
RpcNsMgmtEntryDeleteW
RpcNsMgmtEntryInqIfIdsA
RpcNsMgmtEntryInqIfIdsW
RpcNsMgmtHandleSetExpAge
RpcNsMgmtInqExpAge
RpcNsMgmtSetExpAge
RpcNsProfileDeleteA
RpcNsProfileDeleteW
RpcNsProfileEltAddA
RpcNsProfileEltAddW
RpcNsProfileEltInqBeginA
RpcNsProfileEltInqBeginW
RpcNsProfileEltInqDone
RpcNsProfileEltInqNextA
RpcNsProfileEltInqNextW
RpcNsProfileEltRemoveA
RpcNsProfileEltRemoveW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfis/efsadu.dll
.dll windows:10 windows x64 arch:x64

22108691ed39e78a38deaea0fac66aa4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

efsadu.pdb

Imports

mfc42u

ord6351
ord4721
ord5245
ord287
ord2906
ord2517
ord5077
ord1442
ord6614
ord6328
ord4609
ord4473
ord4257
ord2975
ord5887
ord2661
ord6632
ord4548
ord6385
ord3761
ord4771
ord5702
ord4365
ord1777
ord6437
ord5406
ord5687
ord6886
ord2629
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord4557
ord1577
ord1463
ord2329
ord1126
ord1040
ord626
ord912
ord3806
ord3501
ord4747
ord2593
ord822
ord665
ord6440
ord1067
ord3743
ord4988
ord3535
ord5699
ord2586
ord852
ord337
ord6813
ord4836
ord2140
ord2457
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord5683
ord1736
ord5484
ord3933
ord2412
ord3468
ord3417
ord5722
ord5724
ord6814
ord4368
ord2060
ord2670
ord4789
ord5065
ord5730
ord5711
ord5229
ord4017
ord6053
ord3049
ord3243
ord5712
ord4694
ord3362
ord4815
ord3231
ord3366
ord3052
ord6812
ord3166
ord5586
ord3046
ord4082
ord2399
ord4083
ord5663
ord4077
ord3164
ord4371
ord4983
ord4741
ord4770
ord3916
ord2752
ord1491
ord1778
ord1063
ord659
ord4598
ord4752
ord6887

msvcrt

memmove
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
??1exception@@UEAA@XZ
??1type_info@@UEAA@XZ
strcmp
memset
_onexit
__dllonexit
_unlock
_CxxThrowException
_initterm
_amsg_exit
_XcptFilter
_wcsicmp
_ltow_s
free
malloc
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memcmp
_lock
_wcsnicmp
wcsncmp
toupper
??0exception@@QEAA@XZ
memcpy
__CxxFrameHandler3

shell32

SHChangeNotifySuspendResume
ord190
Shell_NotifyIconW
ord155
SHCreateItemFromParsingName
SHGetFolderPathW

shlwapi

ord278
StrDupW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadStringW
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateMutexExW
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockExclusive
WaitForSingleObject
OpenSemaphoreW
OpenEventW
ReleaseSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateThread
GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
IdnToAscii
FormatMessageW
GetUserPreferredUILanguages

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

crypt32

CertGetNameStringW
CertFindExtension
CertAddCertificateLinkToStore
CryptEncodeObjectEx
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptStringToBinaryW
CertGetEnhancedKeyUsage
CertVerifyTimeValidity
CertSetCertificateContextProperty
CertFreeCertificateContext
CryptBinaryToStringW
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CryptDecodeObject
CertCreateCertificateContext
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore

api-ms-win-security-credentials-l1-1-0

CredMarshalCredentialW
CredFree

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

oleaut32

SysAllocString
SysStringByteLen
SysFreeString

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

rpcrt4

RpcStringFreeW
UuidCreateNil
UuidToStringW
UuidCreate
UuidFromStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l1-1-0

FindClose
FindNextFileW
GetFullPathNameW
FindFirstFileExW
GetFileAttributesW

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
GetCurrentDirectoryW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventProviderEnabled
EventRegister
EventUnregister
EventWrite
EventEnabled

api-ms-win-security-base-l1-1-0

GetTokenInformation
CheckTokenMembership
GetLengthSid
CopySid
EqualSid

wldap32

ord18
ord26
ord140
ord41
ord13
ord224
ord170
ord73
ord16
ord208

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

userenv

RefreshPolicy

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

efsutil

EfsUtilGetUserKey
EfsUtilGetCertContextFromCertHash
EfsUtilSetSmartcardPin
EfsUtilApplyGroupPolicy
EfsUtilCreateSelfSignedCertificate
EfsUtilGetCurrentUserInformation
EfsUtilCheckCurrentKeyCapabilities
EfsUtilSmartcardCredsNeededError
EfsUtilGetSmartcardProviderName
EfsUtilReleaseUserKey
EfsUtilGetCurrentKey

vaultcli

VaultFree
VaultOpenVault
VaultGetItem
VaultCloseVault

advapi32

SetUserFileEncryptionKeyEx
CryptSetProvParam
QueryUsersOnEncryptedFile
UsePinForEncryptedFilesW
RegGetValueW
LsaClose
LsaFreeMemory
LsaLookupSids
EventWriteTransfer
ConvertStringSidToSidW
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
AddUsersToEncryptedFile
RemoveUsersFromEncryptedFile
LsaOpenPolicy
EncryptFileW

credui

CredUIPromptForWindowsCredentialsW
CredUnPackAuthenticationBufferW
CredPackAuthenticationBufferW

cryptui

CryptUIDlgSelectCertificateW
CryptUIWizExport

feclient

EfsClientGetKeyInfo
EfsClientFreeKeyInfo
EfsClientFreeProtectorList
EfsClientQueryProtectors

kernel32

DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
LoadLibraryExW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetComputerNameW
QueryActCtxW
CreateActCtxW

ntdll

RtlNtStatusToDosError
RtlAllocateAndInitializeSid
RtlFreeSid
NtQueryInformationToken

ole32

CoInitialize

urlmon

CreateUri

user32

EnableWindow
DispatchMessageW
SetTimer
LoadIconW
DefWindowProcW
PostQuitMessage
MessageBoxW
GetClientRect
SendMessageW
PostMessageW
DestroyWindow
TranslateMessage
GetMessageW
KillTimer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AddUserToObjectW
BackCurrentEfsCert
EfsDetail
EfsUIUtilCheckScardStatus
EfsUIUtilCreateSelfSignedCertificate
EfsUIUtilEncryptMyDocuments
EfsUIUtilEnrollEfsCertificate
EfsUIUtilEnrollEfsCertificateEx
EfsUIUtilInstallDra
EfsUIUtilKeyBackup
EfsUIUtilPromptForPin
EfsUIUtilPromptForPinDialog
EfsUIUtilSelectCard
EfsUIUtilShowBalloonAndWait

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfis/hotplug.dll
.dll windows:10 windows x64 arch:x64

3341bc2ede2baeeaf8f8cfa9cad95970

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

HOTPLUG.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
__C_specific_handler
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
wcschr
_callnewh
_vsnwprintf
?what@exception@@UEBAPEBDXZ
memset

ntdll

NtClose
NtOpenThreadToken
NtOpenProcessToken
NtQueryInformationToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

GetLastError
GetModuleHandleW
lstrcmpiW
WaitNamedPipeW
GetModuleHandleExW
FreeLibraryAndExitThread
GetExitCodeThread
Sleep
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FormatMessageW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetVolumeNameForVolumeMountPointW
LoadLibraryW
lstrcmpW
LocalFree
LocalAlloc
ReadFile
GetProcAddress
CreateFileW
GetCurrentProcess
CloseHandle
DisableThreadLibraryCalls
ResolveDelayLoadedAPI
SetEvent
CreateEventW
WaitForSingleObject
TerminateProcess
FreeLibrary
DelayLoadFailureHook
OpenEventW

advapi32

RegQueryValueExW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
RegCloseKey
GetTokenInformation
GetServiceDisplayNameW
RegCreateKeyW
LookupPrivilegeValueW
OpenProcessToken

user32

GetClassInfoW
ShowWindow
GetWindowLongPtrW
EndDialog
ScreenToClient
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
PostMessageW
GetMessagePos
DefWindowProcW
SetProcessDPIAware
FindWindowW
TranslateMessage
PeekMessageW
IsWindow
MsgWaitForMultipleObjects
GetMessageW
ReleaseDC
InvalidateRect
LoadImageW
GetProcessDefaultLayout
GetDC
GetWindow
PostQuitMessage
IsDialogMessageW
MessageBoxW
GetParent
DialogBoxParamW
EnableWindow
LoadStringW
SendMessageW
GetSystemMetrics
CheckDlgButton
SetDlgItemTextW
RegisterClassW
GetSysColor
IsDlgButtonChecked
LoadIconW
LoadCursorW
SetCursor
GetDlgItem
DispatchMessageW
KillTimer
DestroyIcon
SetTimer

gdi32

GetDeviceCaps

comctl32

ImageList_Destroy
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Remove
ImageList_GetImageCount
ImageList_SetOverlayImage
ImageList_Create

cfgmgr32

CM_Locate_DevNodeW
CM_Request_Device_Eject_ExW
CM_Is_Dock_Station_Present
CM_Get_Parent_Ex
CM_Get_Device_Interface_List_SizeW
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_Property_ExW
CM_Get_DevNode_Status_Ex
CM_Get_Device_ID_List_ExW
CM_Get_Device_ID_List_Size_ExW
CM_Get_Device_ID_ExW
CM_Locate_DevNode_ExW
CM_Get_Child_Ex
CM_Open_DevNode_Key_Ex
CM_Get_Sibling_Ex
CM_Get_Device_Interface_ListW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiLoadDeviceIcon
SetupDiOpenDeviceInfoW
pSetupGuidFromString

shell32

ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

shlwapi

StrChrW
ord219

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx

Exports

Exports

CPlApplet
DllGetClassObject
HotPlugChildWithInvalidIdW
HotPlugDriverBlockedW
HotPlugEjectDevice
HotPlugEjectDeviceEx
HotPlugEjectVetoedW
HotPlugHibernateVetoedW
HotPlugRemovalVetoedW
HotPlugSafeRemovalDriveNotificationW
HotPlugSafeRemovalNotificationW
HotPlugStandbyVetoedW
HotPlugWarmEjectVetoedW

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtxclu/imapi.dll
.dll regsvr32 windows:10 windows x64 arch:x64

9def3e189009b6ddc4ab75d0e8190ac6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

imapi.pdb

Imports

msvcrt

_CxxThrowException
__RTDynamicCast
memcmp
memcpy
memset
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
_callnewh
_wremove
_vsnwprintf
wcscat_s
wcscpy_s
wcsstr
wcsncpy_s
malloc
free
_purecall
memcpy_s
__CxxFrameHandler3
__C_specific_handler
wcscmp

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

user32

UnregisterClassA
CharNextW

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegQueryValueExW
TraceMessage
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW

ole32

CoTaskMemFree
CoTaskMemAlloc
PropVariantClear
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemRealloc
CoCreateInstance

oleaut32

LoadRegTypeLi
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
DispCallFunc
VariantClear
LoadTypeLi
SafeArrayDestroy
SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr
SystemTimeToVariantTime
VariantInit

shlwapi

SHCreateStreamOnFileEx

kernel32

GetTempFileNameW
GetVolumeInformationW
CreateMutexW
SetEvent
LocalFree
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
ResetEvent
ReleaseMutex
SizeofResource
FileTimeToSystemTime
GlobalFree
GlobalAlloc
GetDateFormatW
InitializeCriticalSectionAndSpinCount
CreateEventW
CloseHandle
DisableThreadLibraryCalls
WaitForSingleObject
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
LoadResource
FindResourceExW
RaiseException
GetLastError
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
GetTempPathW
LocalAlloc
WideCharToMultiByte

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtxclu/itircl.dll
.dll regsvr32 windows:10 windows x64 arch:x64

380ae0a373c6ac6b63d2802c179548cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

itircl.pdb

Imports

msvcrt

memmove
_initterm
_amsg_exit
__CxxFrameHandler3
memcpy
memcmp
_XcptFilter
_callnewh
malloc
_vsnprintf
strncmp
free
_purecall
__C_specific_handler
?terminate@@YAXXZ
memset

kernel32

DeleteFileA
UnmapViewOfFile
VirtualFree
GlobalSize
GetCurrentDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
VirtualProtect
VirtualAlloc
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
GetLastError
DisableThreadLibraryCalls
GetSystemInfo
HeapDestroy
WideCharToMultiByte
lstrcmpiA
VirtualQuery
GlobalReAlloc
CompareStringW
GetACP
CompareStringA
GetUserDefaultLCID
GetVersionExA
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
lstrlenA
GetFullPathNameA
LocalLock
LocalAlloc
LocalFree
LocalUnlock
GetProcAddress
GetTempFileNameA
GetTempPathA
OpenFile
SetFilePointer
OutputDebugStringA
WriteFile
ReadFile
MapViewOfFile
GlobalFlags
CreateFileA
CloseHandle
GlobalHandle
CreateFileMappingA
GetFileSize

user32

CharUpperA
CharNextA
LoadStringA

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA

ole32

ReadClassStm
WriteClassStm
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoGetClassObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtxclu/mtxclu.dll
.dll windows:10 windows x64 arch:x64

d21ac5e21e55f5b9ee93d732d6cbb672

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mtxclu.pdb

Imports

ntdll

RtlFreeHeap
RtlImageNtHeader
RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCreateServiceSid
RtlReportException
RtlCaptureContext
RtlNtStatusToDosError
RtlInitUnicodeString

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegFlushKey
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoGetObjectContext

api-ms-win-service-management-l1-1-0

DeleteService
CreateServiceW
OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

rpcrt4

UuidFromStringW
UuidToStringW
RpcStringFreeW
UuidCreate
UuidFromStringA
UuidToStringA
RpcStringFreeA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-service-winsvc-l1-1-0

StartServiceA
ControlService
QueryServiceStatus
OpenSCManagerA

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
FindFirstFileW
CreateFileW
FindClose
SetFileAttributesW
GetFullPathNameW
FindNextFileW
DeleteFileW
CreateDirectoryW
GetFileAttributesW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorControl
GetSecurityDescriptorSacl
MakeSelfRelativeSD
AdjustTokenPrivileges
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetTokenInformation
MakeAbsoluteSD
DuplicateTokenEx
GetSecurityDescriptorLength
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
InitializeSecurityDescriptor
FreeSid
AddAce
IsWellKnownSid
SetSecurityDescriptorDacl
CopySid
GetAclInformation
GetSidLengthRequired
AllocateAndInitializeSid
EqualSid
GetAce
GetSecurityDescriptorDacl

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
ChangeServiceConfig2W
QueryServiceStatusEx
QueryServiceConfigW

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineA

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetComputerNameExW
GetSystemWindowsDirectoryA
GetSystemInfo
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleFileNameW
DisableThreadLibraryCalls
LoadStringW
LockResource
GetModuleHandleW
LoadLibraryExA
GetProcAddress
GetModuleHandleExA
FindResourceExW
FreeLibrary
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

SetThreadStackGuarantee
CreateProcessW
TerminateProcess
TlsFree
GetCurrentProcess
SetThreadToken
GetExitCodeProcess
GetCurrentThreadId
TlsSetValue
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcessId
TlsAlloc
TlsGetValue

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateSemaphoreExW
CreateEventW
DeleteCriticalSection
WaitForSingleObject
CreateEventA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ResetEvent
InitializeCriticalSection
WaitForSingleObjectEx
EnterCriticalSection
SetEvent

ws2_32

WSAGetLastError
FreeAddrInfoW
GetAddrInfoW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

bcrypt

BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptExportKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptDestroyKey

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

cryptsp

CryptGenKey
CryptReleaseContext
CryptGetUserKey
CryptDecrypt
CryptImportKey
CryptExportKey
CryptDestroyKey
CryptEncrypt
CryptAcquireContextW
CryptSetProvParam

api-ms-win-security-lsapolicy-l1-1-0

LsaClose

advapi32

DeregisterEventSource
LookupPrivilegeValueA
RegEnumKeyA
RegEnumKeyW
RegDeleteKeyA
RegDeleteKeyW
RegisterEventSourceW
ReportEventW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
EnumServicesStatusExA
RegConnectRegistryW

kernel32

UnregisterWaitEx
QueueUserWorkItem

msvcrt

_initterm
_callnewh
malloc
_waccess
_wfopen
strchr
fopen
fflush
fclose
fprintf
fwprintf
_vsnprintf
wcsrchr
mbstowcs
_purecall
_stricmp
_wcsnicmp
wcstombs
_ltoa
_ltow
atol
_wtol
iswalpha
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_XcptFilter
_amsg_exit
wcscpy_s
??1type_info@@UEAA@XZ
_wcsicmp
_onexit
_ultow
_local_unwind
memcmp
memset
__dllonexit
__CxxFrameHandler3
_vsnwprintf
_unlock
_lock
_wcsdup
?terminate@@YAXXZ
wcschr
__C_specific_handler
free
wcscmp

clusapi

ClusterResourceTypeEnum
GetClusterResourceKey
CloseCluster
CloseClusterResource
ClusterRegOpenKey
GetClusterResourceNetworkName
ClusterRegCloseKey
GetClusterResourceState
ClusterRegDeleteValue
OpenClusterResourceEx
ClusterRegEnumKey
ClusterRegQueryValue
OfflineClusterResource
ClusterRegSetValue
ClusterRegCreateKey
ClusterRegDeleteKey
ClusterGroupEnum
ClusterControl
OpenClusterGroupEx
OnlineClusterResource
ClusterResourceControl
ClusterResourceTypeControl
ClusterRegQueryInfoKey
ClusterResourceTypeGetEnumCount
GetClusterKey
ClusterGroupOpenEnum
ClusterRegEnumValue
ClusterResourceTypeOpenEnum
CloseClusterGroup
ClusterResourceTypeCloseEnum
OpenClusterEx
CreateClusterNotifyPort
GetClusterNotify
GetClusterResourceTypeKey
ClusterGroupCloseEnum
ClusterGetEnumCount
GetNodeClusterState
ClusterOpenEnum
ClusterEnum
ClusterCloseEnum

resutils

ResUtilEnumResourcesEx
ResUtilGetResourceDependencyByName
ResUtilPropertyListFromParameterBlock
ResUtilSetPropertyTable
ResUtilGetProperties
ResUtilGetResourceDependencyByClass
ResUtilDupParameterBlock
ResUtilSetPropertyParameterBlock
ClusWorkerTerminate
ResUtilVerifyPropertyTable
ResUtilEnumProperties
ResUtilFindSzProperty
ResUtilTerminateServiceProcessFromResDll
ClusWorkerCheckTerminate
ResUtilFindBinaryProperty
ResUtilGetPropertiesToParameterBlock
ClusWorkerCreate

msdtcprx

CreateLegacyTmInstance
CreateTmInstanceForRemoteAdmin
CreateLocalTmInstance
CreateRemoteProxyTmInstance

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualProtect

Exports

Exports

FailedClusterAPIToEventLog
MtxCluBringOnlineDTCW
MtxCluClearClusterTmMappings
MtxCluCreateClusterProxyTmInstance
MtxCluCreateClusterTmInstance
MtxCluCreateTmInstanceForVirtualServer
MtxCluEnumerateClusterTmMappings
MtxCluEnumerateDtcResources
MtxCluEnumerateDtcResourcesEx
MtxCluGetActiveClusterNode
MtxCluGetClusterResourceIdFromName
MtxCluGetComputerNameW
MtxCluGetDTCResourceForResource
MtxCluGetDTCStatusW
MtxCluGetDTCVirtualServerNameW
MtxCluGetDefaultClusterResource
MtxCluGetDefaultClusterResourceNonAdmin
MtxCluGetDtcDiskResourceDrive
MtxCluGetNameFromResourceIdString
MtxCluGetNameFromResourceIdStringNonAdmin
MtxCluGetResourceId
MtxCluGetResourceIdStringFromName
MtxCluGetSecurityRegValue
MtxCluGetTmResource
MtxCluGetVirtualServerToken
MtxCluIsClusterPresent
MtxCluIsClusterPresentExW
MtxCluIsNetworkNameInLocalClusterW
MtxCluIsSameClusterW
MtxCluIsSameNodeW
MtxCluRemoveClusterTmMappingByName
MtxCluSetClusterTmMapping
MtxCluSetDefaultClusterResource
MtxCluSetSecurityRegValue
MtxCluTakeOfflineDTCW
MtxCluVerifyLogPathInDependantDiskResource
MtxCluVerifyLogPathIsValidCSV
Startup

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtxclu/nlhtml.dll
.dll regsvr32 windows:10 windows x64 arch:x64

c8e3f082cd2a7e37deae3dec52d0a7da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

nlhtml.pdb

Imports

msvcrt

wcsncmp
_wtoi
wcsrchr
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
malloc
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memset
iswalpha
_wcsupr
memmove
memcpy
_wtol
_CxxThrowException
iswdigit
wcschr
_wcsicmp
towupper
wcstoul
bsearch
_wcsnicmp
_purecall
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
_wcslwr_s
iswspace
??0exception@@QEAA@XZ
realloc
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler3
wcscmp

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FindResourceExW
LoadResource
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExW
FreeLibrary

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetSystemDefaultLCID
IsDBCSLeadByteEx
GetCPInfo
IsValidCodePage
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString
VarR8FromStr

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetSystemTime
GetSystemTimeAsFileTime
GetVersionExA

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
FlushViewOfFile
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-file-l1-1-0

SetEndOfFile
CreateFileW
GetFileSize
SetFilePointer

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
oobe/odbccp32.dll
.dll windows:10 windows x64 arch:x64

fe885f5a943cd6b641fc3f522dbc532c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ODBCCP32.pdb

Imports

msvcrt

_initterm
_amsg_exit
_XcptFilter
iswctype
wcstol
_ltow_s
wcschr
__C_specific_handler
_wfullpath
memcpy
memcmp
_close
_wopen
wcsrchr
_snwprintf_s
malloc
free
_errno
calloc
_waccess
_vsnwprintf
_wstat
_wcsnicmp
_wcsicmp
fwprintf
_wfopen
_wmakepath_s
_wsplitpath_s
fclose
memset

user32

IsDlgButtonChecked
LoadIconA
CharUpperBuffW
CheckDlgButton
LoadBitmapA
GetParent
SetWindowTextW
GetDesktopWindow
MoveWindow
LoadStringW
ReleaseDC
GetDC
GetActiveWindow
EndDialog
PostMessageA
SetFocus
OffsetRect
PostMessageW
ShowWindow
DialogBoxParamW
SetWindowLongPtrW
IsWindow
GetWindowTextW
EnableWindow
SendMessageA
SetWindowLongPtrA
GetWindowLongPtrA
GetWindowLongPtrW
LoadCursorA
SetCursor
GetDlgItem
MessageBoxW
GetWindowRect
SendMessageW
GetSystemMetrics

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

CreateFileW
GetTempFileNameW
ExpandEnvironmentStringsA
LoadLibraryExA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
CloseHandle
GetThreadLocale
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTempPathW
GetModuleHandleW
FormatMessageW
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
GetProfileStringW
VerLanguageNameW
SetThreadErrorMode
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetLastError
MultiByteToWideChar
GetSystemDirectoryW
FindClose
GetModuleFileNameW
FindNextFileW
FindFirstFileW
CreateDirectoryW
DeleteFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
GetProcAddress
LoadLibraryExW
DelayLoadFailureHook

advapi32

RegCreateKeyExW
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegGetValueW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

ODBCCPlApplet
SQLConfigDataSource
SQLConfigDataSourceW
SQLConfigDriver
SQLConfigDriverW
SQLCreateDataSource
SQLCreateDataSourceEx
SQLCreateDataSourceExW
SQLCreateDataSourceW
SQLGetAvailableDrivers
SQLGetAvailableDriversW
SQLGetConfigMode
SQLGetInstalledDrivers
SQLGetInstalledDriversW
SQLGetPrivateProfileString
SQLGetPrivateProfileStringW
SQLGetTranslator
SQLGetTranslatorW
SQLInstallDriver
SQLInstallDriverEx
SQLInstallDriverExW
SQLInstallDriverManager
SQLInstallDriverManagerW
SQLInstallDriverW
SQLInstallODBC
SQLInstallODBCW
SQLInstallTranslator
SQLInstallTranslatorEx
SQLInstallTranslatorExW
SQLInstallTranslatorW
SQLInstallerError
SQLInstallerErrorW
SQLLoadDataSourcesListBox
SQLLoadDriverListBox
SQLManageDataSources
SQLPostInstallerError
SQLPostInstallerErrorW
SQLReadFileDSN
SQLReadFileDSNW
SQLRemoveDSNFromIni
SQLRemoveDSNFromIniW
SQLRemoveDefaultDataSource
SQLRemoveDriver
SQLRemoveDriverManager
SQLRemoveDriverW
SQLRemoveTranslator
SQLRemoveTranslatorW
SQLSetConfigMode
SQLValidDSN
SQLValidDSNW
SQLWriteDSNToIni
SQLWriteDSNToIniW
SQLWriteFileDSN
SQLWriteFileDSNW
SQLWritePrivateProfileString
SQLWritePrivateProfileStringW
SelectTransDlg

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
oobe/odbccr32.dll
.dll windows:10 windows x64 arch:x64

c944256fda7e37ec9d0d0f169a87205f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ODBCCR32.pdb

Imports

mfc42

ord4092
ord3543
ord3055
ord3175
ord3061
ord3375
ord3240
ord4824
ord3371
ord3252
ord3058
ord6060
ord5718
ord5737
ord5074
ord4378
ord5731
ord5729
ord3477
ord2426
ord5624
ord1392
ord4201
ord6078
ord2527
ord4093
ord4845
ord6819
ord4385
ord1842
ord2422
ord1873
ord1082
ord1596
ord1484
ord1597
ord812
ord288
ord1498
ord1562
ord355
ord1588
ord1421
ord287
ord1594
ord1551
ord1564
ord1469
ord4087
ord3173
ord4381
ord4992
ord4779
ord3926
ord6097
ord1063
ord659
ord370
ord1573
ord5993
ord5912
ord1572
ord1585
ord286
ord1883
ord367
ord3840
ord3230
ord2571

msvcrt

_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_vsnprintf
_stricmp
_strnicmp
__CxxFrameHandler3
memcpy
__C_specific_handler
_CxxThrowException
memset

user32

IsCharAlphaA
MessageBoxW

odbc32

CursorLibLockStmt
ord8
ord6
ord11
ord68
CursorLibLockDbc
ord62
ord19
ord12
ord48
ord49
ord16
ord24
ord3
ord51
ord13
ord43
ord18
ord63
ord72
ord26
ord64
ord20
ord4
ord31
CursorLibLockDesc
CursorLibTransact
ord45
ord61
ord46
ord39
ord50
ord76
ord34
ValidateErrorQueue
PostODBCError
PostODBCComponentError
VRetrieveDriverErrorsRowCol
ord28
ord17
VFreeErrors
LockHandle
ord38
ord73
ord74
ord33
SearchStatusCode

kernel32

VirtualFree
VirtualAlloc
GetTempPathA
GetTempFileNameA
LoadLibraryExW
FreeLibrary
LocalAlloc
LocalFree
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount

Exports

Exports

ReleaseCLStmtResources
SQLBindCol
SQLBindParameter
SQLBulkOperations
SQLCancel
SQLCloseCursor
SQLEndTran
SQLExecDirect
SQLExecute
SQLExtendedFetch
SQLFetch
SQLFetchScroll
SQLFreeHandle
SQLFreeStmt
SQLGetData
SQLGetDescField
SQLGetDescRec
SQLGetInfo
SQLGetStmtAttr
SQLGetStmtOption
SQLMoreResults
SQLNativeSql
SQLNumParams
SQLParamData
SQLParamOptions
SQLPrepare
SQLPutData
SQLRowCount
SQLSetConnectAttr
SQLSetConnectOption
SQLSetDescField
SQLSetDescRec
SQLSetPos
SQLSetScrollOptions
SQLSetStmtAttr
SQLSetStmtOption
SQLTransact

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
oobe/odbccu32.dll
.dll windows:10 windows x64 arch:x64

0b1d8196131baafe4edac9b8dd2d8068

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ODBCCU32.pdb

Imports

mfc42u

ord4082
ord3534
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord6053
ord5711
ord5730
ord5065
ord4368
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord4083
ord4836
ord6813
ord4375
ord1828
ord2408
ord1859
ord1082
ord288
ord812
ord1544
ord287
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord1463
ord4077
ord3164
ord4371
ord4983
ord4770
ord3916
ord6090
ord1063
ord659
ord370
ord1562
ord5986
ord5905
ord1561
ord1574
ord286
ord1869
ord367
ord3830
ord3221
ord2559

msvcrt

_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_vsnwprintf
_wcsicmp
_wcsnicmp
__CxxFrameHandler3
memcpy
__C_specific_handler
_CxxThrowException
memset

user32

IsCharAlphaW
MessageBoxW

odbc32

CursorLibLockStmt
ord108
ord106
ord111
ord68
CursorLibLockDbc
ord162
ord119
ord12
ord48
ord49
ord16
ord24
ord3
ord51
ord13
ord43
ord18
ord63
ord72
ord26
ord64
ord20
ord4
ord31
CursorLibLockDesc
CursorLibTransact
ord145
ord61
ord46
ord139
ord150
ord176
ord134
ValidateErrorQueue
PostODBCError
PostODBCComponentError
VRetrieveDriverErrorsRowCol
ord28
ord117
VFreeErrors
LockHandle
ord138
ord173
ord74
ord133
SearchStatusCode

kernel32

VirtualFree
VirtualAlloc
GetTempPathW
GetTempFileNameW
LoadLibraryExW
FreeLibrary
LocalAlloc
LocalFree
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount

Exports

Exports

ReleaseCLStmtResources
SQLBindCol
SQLBindParameter
SQLBulkOperations
SQLCancel
SQLCloseCursor
SQLEndTran
SQLExecDirect
SQLExecute
SQLExtendedFetch
SQLFetch
SQLFetchScroll
SQLFreeHandle
SQLFreeStmt
SQLGetData
SQLGetDescField
SQLGetDescRec
SQLGetInfo
SQLGetStmtAttr
SQLGetStmtOption
SQLMoreResults
SQLNativeSql
SQLNumParams
SQLParamData
SQLParamOptions
SQLPrepare
SQLPutData
SQLRowCount
SQLSetConnectAttr
SQLSetConnectOption
SQLSetDescField
SQLSetDescRec
SQLSetPos
SQLSetScrollOptions
SQLSetStmtAttr
SQLSetStmtOption
SQLTransact

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
oobe/odbcint.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
oobe/odbctrac.dll
.dll windows:10 windows x64 arch:x64

e9f729240caf88971625c56b1532b097

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ODBCTRAC.pdb

Imports

msvcrt

memset
_initterm
_amsg_exit
_XcptFilter
_snwprintf_s
_splitpath_s
strerror
free
_stricmp
_errno
fwrite
_fullpath
_fsopen
_heapmin
_vsnprintf
fclose
fflush
_wfsopen
isprint
__C_specific_handler
malloc

odbc32

ord36

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
_vsnwprintf_s

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
LoadLibraryExW
FreeLibrary
DeleteCriticalSection
GetProcAddress
GetSystemInfo
DisableThreadLibraryCalls
InitializeCriticalSection
GetModuleFileNameW
WideCharToMultiByte
GetCurrentProcessId
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
LeaveCriticalSection
IsDBCSLeadByteEx
EnterCriticalSection
GetTickCount
LoadLibraryA

user32

MessageBoxW

Exports

Exports

TraceCloseLogFile
TraceOpenLogFile
TraceReturn
TraceSQLAllocConnect
TraceSQLAllocEnv
TraceSQLAllocHandle
TraceSQLAllocHandleStd
TraceSQLAllocHandleStdW
TraceSQLAllocStmt
TraceSQLBindCol
TraceSQLBindParam
TraceSQLBindParameter
TraceSQLBrowseConnect
TraceSQLBrowseConnectW
TraceSQLBulkOperations
TraceSQLCancel
TraceSQLCancelHandle
TraceSQLCloseCursor
TraceSQLColAttribute
TraceSQLColAttributeW
TraceSQLColAttributes
TraceSQLColAttributesW
TraceSQLColumnPrivileges
TraceSQLColumnPrivilegesW
TraceSQLColumns
TraceSQLColumnsW
TraceSQLCompleteAsync
TraceSQLCompleteAsyncW
TraceSQLConnect
TraceSQLConnectW
TraceSQLCopyDesc
TraceSQLDataSources
TraceSQLDataSourcesW
TraceSQLDescribeCol
TraceSQLDescribeColW
TraceSQLDescribeParam
TraceSQLDisconnect
TraceSQLDriverConnect
TraceSQLDriverConnectW
TraceSQLDrivers
TraceSQLDriversW
TraceSQLEndTran
TraceSQLError
TraceSQLErrorW
TraceSQLExecDirect
TraceSQLExecDirectW
TraceSQLExecute
TraceSQLExtendedFetch
TraceSQLFetch
TraceSQLFetchScroll
TraceSQLForeignKeys
TraceSQLForeignKeysW
TraceSQLFreeConnect
TraceSQLFreeEnv
TraceSQLFreeHandle
TraceSQLFreeStmt
TraceSQLGetConnectAttr
TraceSQLGetConnectAttrW
TraceSQLGetConnectOption
TraceSQLGetConnectOptionW
TraceSQLGetCursorName
TraceSQLGetCursorNameW
TraceSQLGetData
TraceSQLGetDescField
TraceSQLGetDescFieldW
TraceSQLGetDescRec
TraceSQLGetDescRecW
TraceSQLGetDiagField
TraceSQLGetDiagFieldW
TraceSQLGetDiagRec
TraceSQLGetDiagRecW
TraceSQLGetEnvAttr
TraceSQLGetFunctions
TraceSQLGetInfo
TraceSQLGetInfoW
TraceSQLGetStmtAttr
TraceSQLGetStmtAttrW
TraceSQLGetStmtOption
TraceSQLGetTypeInfo
TraceSQLGetTypeInfoW
TraceSQLMoreResults
TraceSQLNativeSql
TraceSQLNativeSqlW
TraceSQLNumParams
TraceSQLNumResultCols
TraceSQLParamData
TraceSQLParamOptions
TraceSQLPrepare
TraceSQLPrepareW
TraceSQLPrimaryKeys
TraceSQLPrimaryKeysW
TraceSQLProcedureColumns
TraceSQLProcedureColumnsW
TraceSQLProcedures
TraceSQLProceduresW
TraceSQLPutData
TraceSQLRowCount
TraceSQLSetConnectAttr
TraceSQLSetConnectAttrW
TraceSQLSetConnectOption
TraceSQLSetConnectOptionW
TraceSQLSetCursorName
TraceSQLSetCursorNameW
TraceSQLSetDescField
TraceSQLSetDescFieldW
TraceSQLSetDescRec
TraceSQLSetEnvAttr
TraceSQLSetParam
TraceSQLSetPos
TraceSQLSetScrollOptions
TraceSQLSetStmtAttr
TraceSQLSetStmtAttrW
TraceSQLSetStmtOption
TraceSQLSpecialColumns
TraceSQLSpecialColumnsW
TraceSQLStatistics
TraceSQLStatisticsW
TraceSQLTablePrivileges
TraceSQLTablePrivilegesW
TraceSQLTables
TraceSQLTablesW
TraceSQLTransact
TraceVSControl
TraceVersion

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v.1.5.4__x64__.msi
.msi

Sharing

General

Malware Config

Signatures

Files

045d5fcdf29e1bd670205872ddd84e75

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

advapi32

kernel32

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

5c91ca46803767598306d8004367b675

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-security-capability-l1-1-0

advapi32

kernel32

ktmw32

api-ms-win-core-winrt-error-l1-1-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

msvcp_win

api-ms-win-core-winrt-l1-1-0

oleaut32

api-ms-win-core-winrt-error-l1-1-1

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

5fee61a2496e6d30478467592dd1e320

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

win32u

Exports

Exports

Sections

.data Size: 5KB - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 106B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 144B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 24B