__install__v[.]4[.]0[.]5_x64__[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

__install__v.4.0.5_x64__.zip
Size

49.3MB
MD5

10558319c2712f90607a40b7496a9be5
SHA1

09a1ad9c5b05aee01df7d26e3c478efabc39f312
SHA256

097152ca9a6792d418bff3e7a782f443a582b22a027bb259ddbba01235a37848
SHA512

cbb2b6ecf23eedaf55eec2b4e5c612bb52cc8697ce9c3e8e7080ce8dc3e8ea76e86d3d97773794fc82fd109d2b07b7faf04b46bd941612557f361675e17fbf0c
SSDEEP

1572864:WhJp+AkxOx6mkMspNbawUPlE6vJ4H7Yf7EhHfB7dHBr:WhV+M6mk5pshPlE6viH7YQ5fB/

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Engines/spsreng.dll
unpack001/Engines/spsrx.dll
unpack001/Engines/srloc.dll
unpack001/setup/FXSOCM.dll
unpack001/setup/cmmigr.dll
unpack001/setup/comsetup.dll
unpack001/setup/tssysprep.dll
unpack001/wbem/WMIPJOBJ.dll
unpack001/wbem/WMIPSESS.dll
unpack001/wbem/WMIsvc.dll
unpack001/wbem/wmitimep.dll
unpack001/wbem/wmiutils.dll

Files

__install__v.4.0.5_x64__.zip
.zip
Dism/AppxProvider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

2e13c2bc4f0c9ed9f72b86e3c4cff318

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:1c:1d:cd:3d:ac:b4:a1:f3:e7:37:e8:fd:fe:5b:54:98:93:fe:d6:65:a1:29:1b:16:d6:a8:76:7f:ea:09:45
Signer

Actual PE Digest

14:1c:1d:cd:3d:ac:b4:a1:f3:e7:37:e8:fd:fe:5b:54:98:93:fe:d6:65:a1:29:1b:16:d6:a8:76:7f:ea:09:45

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

AppxProvider.pdb

Imports

msvcrt

wcsrchr
_wcsnicmp
wcschr
wcstok_s
towupper
__CxxFrameHandler3
__RTDynamicCast
memcmp
_onexit
__dllonexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_unlock
_lock
malloc
memmove_s
_purecall
vswprintf_s
_vscwprintf
_wcsicmp
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
memset

ntdll

RtlNtStatusToDosError
NtSetInformationFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareUnicodeString
RtlInitUnicodeString
RtlAllocateAndInitializeSid
RtlEqualSid
RtlFindAceByType
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlFreeSid
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlNumberGenericTableElementsAvl

advapi32

GetSecurityInfo
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
OpenProcessToken
RegQueryValueExW
EventWriteTransfer
RegEnumValueW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
EventUnregister
EventRegister
AdjustTokenPrivileges
RegSetKeyValueW

kernel32

MapViewOfFile
CreateFileMappingW
GetVersionExW
SearchPathW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
FindClose
GetFileAttributesW
GetFileInformationByHandleEx
DeviceIoControl
GetTempPathW
SetFileInformationByHandle
CopyFileExW
GetLongPathNameW
GetFinalPathNameByHandleW
GetCurrentDirectoryW
WaitForSingleObject
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateThreadpoolTimer
CreateSemaphoreExW
ReleaseSemaphore
OpenSemaphoreW
ReleaseMutex
UnmapViewOfFile
UnhandledExceptionFilter
HeapFree
GetCurrentThreadId
FormatMessageW
HeapAlloc
GetProcessHeap
DisableThreadLibraryCalls
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
GetLastError
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError
OutputDebugStringW
IsDebuggerPresent
CloseHandle
CompareStringOrdinal
MultiByteToWideChar
GetCurrentProcessId
SetThreadUILanguage
CopyFileW
SetFileAttributesW
CreateEventW
FindFirstFileW
FindNextFileW
DeleteFileW
CreateHardLinkW
CreateFileW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetCurrentProcess
TerminateProcess
DebugBreak
LocalFree
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemInfo
VirtualQuery
HeapSize
HeapReAlloc
HeapDestroy
CompareStringW
Sleep
InitializeCriticalSectionEx
CreateMutexExW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
GetModuleFileNameA
WaitForSingleObjectEx

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoCreateGuid
ProgIDFromCLSID
StringFromGUID2
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CLSIDFromString

shlwapi

SHCreateStreamOnFileW

user32

CharLowerBuffW
CharNextW
LoadStringW
UnregisterClassA

oleaut32

SysFreeString
UnRegisterTypeLi
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
VariantClear
GetErrorInfo
SetErrorInfo
CreateErrorInfo

ext-ms-win-session-winsta-l1-1-0

WinStationGetTermSrvCountersValue

api-ms-win-core-path-l1-1-0

PathAllocCanonicalize

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dism/AssocProvider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

e1921d401583d0d512d1a8ec5d16429d

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-02-2023 00:05

Not After

01-02-2024 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:a9:89:3e:54:6d:6f:75:5c:91:6f:ac:bb:dd:61:33:17:ae:ce:0d:c6:49:51:5a:d3:7d:08:6a:05:56:28:d6
Signer

Actual PE Digest

cf:a9:89:3e:54:6d:6f:75:5c:91:6f:ac:bb:dd:61:33:17:ae:ce:0d:c6:49:51:5a:d3:7d:08:6a:05:56:28:d6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

AssocProvider.pdb

Imports

msvcrt

vswprintf_s
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
_purecall
_vscwprintf
_vsnwprintf
wcsncpy_s
wcscat_s
free
malloc
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
__CxxFrameHandler3
_onexit
??1type_info@@UEAA@XZ
memcmp
??0exception@@QEAA@XZ
wcscpy_s
__C_specific_handler
__RTDynamicCast
memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

kernel32

FreeLibrary
GetVersionExW
SearchPathW
SetLastError
UnmapViewOfFile
LocalFree
LockResource
LoadResource
FindResourceExW
FormatMessageW
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
HeapDestroy
MapViewOfFile
CreateFileMappingW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetThreadUILanguage
MultiByteToWideChar
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
GetFileSizeEx
ReadFile
CloseHandle
CopyFileW
DeleteFileW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW

user32

UnregisterClassA
CharLowerBuffW
LoadStringW
CharNextW

ole32

CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2

oleaut32

SysStringLen
SysFreeString
LoadRegTypeLi
VarBstrCmp
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysAllocStringLen
VariantClear
SysAllocStringByteLen
UnRegisterTypeLi
SysStringByteLen
RegisterTypeLi
LoadTypeLi
SysAllocString

shell32

SHCreateAssociationRegistration

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dism/FolderProvider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

7191a261b3387fac5d34de51cc114558

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-02-2023 00:05

Not After

01-02-2024 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:80:c2:2c:12:08:b8:ec:12:18:36:23:4f:f9:81:ae:ed:65:90:87:1d:ea:2d:12:89:14:da:1b:16:fc:31:33
Signer

Actual PE Digest

a6:80:c2:2c:12:08:b8:ec:12:18:36:23:4f:f9:81:ae:ed:65:90:87:1d:ea:2d:12:89:14:da:1b:16:fc:31:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

FolderProvider.pdb

Imports

msvcrt

wcschr
_wcsnicmp
__CxxFrameHandler3
memcmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
memmove_s
memcpy_s
_purecall
vswprintf_s
_vscwprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

kernel32

SetLastError
GetFileAttributesW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetFullPathNameW

ole32

StringFromGUID2
CoCreateInstance

user32

CharNextW

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
UnRegisterTypeLi
SysAllocStringByteLen
LoadRegTypeLi
SysAllocStringLen
SysFreeString
SysStringByteLen

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dism/IBSProvider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

87b4267c346bd6c6b1f46f0e9977dc3f

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-02-2023 00:05

Not After

01-02-2024 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:73:5a:23:bf:1a:58:89:95:95:90:3b:19:ea:e0:5e:84:58:61:c9:f6:15:ea:0f:f7:95:af:b0:f3:b0:c3:f1
Signer

Actual PE Digest

80:73:5a:23:bf:1a:58:89:95:95:90:3b:19:ea:e0:5e:84:58:61:c9:f6:15:ea:0f:f7:95:af:b0:f3:b0:c3:f1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

IBSProvider.pdb

Imports

msvcrt

malloc
memmove_s
memcpy_s
_purecall
??0exception@@QEAA@AEBQEBDH@Z
_lock
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
??0exception@@QEAA@AEBV0@@Z
?terminate@@YAXXZ
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
vswprintf_s
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memcmp
_vscwprintf
__CxxFrameHandler3
_vsnwprintf

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateHeap
RtlFreeHeap

kernel32

DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount

advapi32

RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

user32

UnregisterClassA
CharNextW

ole32

CoCreateInstance
StringFromGUID2

oleaut32

LoadRegTypeLi
SysAllocStringLen
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dism/LogProvider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b14bbc4788378a545c762a1ad1f74dcf

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-02-2023 00:05

Not After

01-02-2024 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:ba:82:81:21:10:18:f7:bf:c3:49:43:3f:5e:5e:94:b7:f8:84:57:0f:a9:50:69:78:a1:23:88:55:7e:88:e1
Signer

Actual PE Digest

ba:ba:82:81:21:10:18:f7:bf:c3:49:43:3f:5e:5e:94:b7:f8:84:57:0f:a9:50:69:78:a1:23:88:55:7e:88:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

LogProvider.pdb

Imports

msvcrt

?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_lock
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
calloc
memmove_s
memcpy_s
_purecall
vswprintf_s
_vscwprintf
_vsnprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memcmp
wcschr
_wcsnicmp
_CxxThrowException
__CxxFrameHandler3
vsprintf_s
_vscprintf
_vsnwprintf
memset

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

oleaut32

CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
SysAllocStringLen

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

kernel32

FreeLibrary
SetLastError
GetFileAttributesW
GetFullPathNameW
GetVersionExW
SearchPathW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetThreadUILanguage
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
HeapAlloc
GetProcessHeap
OutputDebugStringA
HeapFree
CreateDirectoryW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapDestroy
GetSystemWindowsDirectoryW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
CloseHandle
FormatMessageW
LocalFree

ole32

CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2

user32

CharNextW
LoadStringW

wdscore

WdsGenericSetupLogInit
CurrentIP
WdsSetupLogDestroy
WdsSetupLogMessageA
ConstructPartialMsgVA
WdsGetSetupLog

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dism/MsiProvider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

ee2bd2ee64b2c570536995a9ee0daf2e

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-02-2023 00:05

Not After

01-02-2024 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:f2:63:18:2e:5e:42:8b:27:9a:ef:eb:27:1d:12:11:ff:a2:dd:7c:97:24:1c:1c:b4:ee:f9:dc:8b:47:87:1f
Signer

Actual PE Digest

79:f2:63:18:2e:5e:42:8b:27:9a:ef:eb:27:1d:12:11:ff:a2:dd:7c:97:24:1c:1c:b4:ee:f9:dc:8b:47:87:1f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

MsiProvider.pdb

Imports

msvcrt

wcsrchr
_vscwprintf
memcpy_s
vswprintf_s
wcsncpy_s
wcscat_s
_purecall
wcscpy_s
__C_specific_handler
memmove_s
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
malloc
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
wcsstr
_wcslwr_s
_wcsnicmp
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memset
memcpy
memcmp
__RTDynamicCast
towupper
??0exception@@QEAA@XZ
wcschr
free
__CxxFrameHandler3
_vsnwprintf
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlFreeHeap
RtlAllocateHeap

kernel32

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetVersionExW
SearchPathW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleExW
SetThreadUILanguage
CompareStringW
GetFullPathNameW
FreeLibrary
CopyFileW
LoadLibraryW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FormatMessageW
LocalFree
GetFileAttributesW
CreateFileW
CloseHandle
SetLastError

advapi32

RegQueryInfoKeyW
RegCloseKey
RegLoadKeyW
RegUnLoadKeyW
RegFlushKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW

user32

CharNextW
UnregisterClassA
LoadStringW
CharLowerBuffW

ole32

CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2

oleaut32

UnRegisterTypeLi
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
SysAllocStringLen
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
VariantClear
CreateErrorInfo
SetErrorInfo
SysFreeString

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dism/OfflineSetupProvider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

5e14c5f70826fbb5007113b4d0e7e990

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-02-2023 00:05

Not After

01-02-2024 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:5f:73:37:f8:93:03:7e:8b:5b:70:b2:ca:60:94:01:06:5c:fb:46:72:03:26:d2:bd:45:64:83:43:b2:71:1e
Signer

Actual PE Digest

01:5f:73:37:f8:93:03:7e:8b:5b:70:b2:ca:60:94:01:06:5c:fb:46:72:03:26:d2:bd:45:64:83:43:b2:71:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

OfflineSetupProvider.pdb

Imports

msvcrt

towupper
_vsnwprintf
__RTDynamicCast
memcmp
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@XZ
memmove_s
wcschr
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
memcpy_s
_purecall
vswprintf_s
_vscwprintf
malloc
_stricmp
_wcsicmp
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
memset

advapi32

RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
ConvertStringSidToSidW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyValueW
RegDeleteTreeW
RegDeleteValueW
RegGetValueW

kernel32

SearchPathW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
MultiByteToWideChar
OutputDebugStringW
CompareStringOrdinal
FreeLibrary
LocalFree
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
SetLastError
LoadResource
FindResourceExW
GetVersionExW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
LocalAlloc
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemInfo
VirtualQuery
CreateFileW
CloseHandle
SetThreadUILanguage

ole32

CoCreateInstance
StringFromGUID2

shlwapi

ord158

user32

CharLowerBuffW
CharNextW

oleaut32

LoadRegTypeLi
SysAllocStringLen
VariantClear
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysFreeString

ntdll

NtDeviceIoControlFile
NtClose
NtOpenFile
RtlNtStatusToDosError
RtlAllocateHeap
RtlFreeHeap
NtOpenProcessToken
NtDuplicateToken
NtAdjustPrivilegesToken
NtSetInformationThread
RtlGUIDFromString
RtlInitUnicodeString

dnsapi

DnsValidateName_W

Exports

Exports

DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Engines/spsreng.dll
.dll regsvr32 windows:10 windows x64 arch:x64

85ca5e894a94fccd6b54c5abed4ff89f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

spsreng.pdb

Imports

kernel32

InitializeCriticalSection
CreateMutexW
OpenMutexW
LocalFree
GetCurrentProcess
DeleteCriticalSection
HeapDestroy
HeapWalk
GetCPInfo
HeapSetInformation
HeapCreate
FreeLibrary
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetVersionExW
MulDiv
WaitForSingleObject
SetEvent
GetTickCount
ReleaseMutex
LoadLibraryExW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
DisableThreadLibraryCalls
WideCharToMultiByte
GetCommandLineA
FlsSetValue
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
RtlUnwindEx
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
EncodePointer
DecodePointer
FlsAlloc
FlsGetValue
FlsFree
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteFileW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringA
IsValidCodePage
GetACP
GetOEMCP
RtlUnwind
WriteFile
HeapReAlloc
HeapSize
Sleep
GetConsoleCP
GetConsoleMode
SetFilePointer
GetLocaleInfoA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesA
GetStringTypeW
LCMapStringW
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
ReadConsoleW
GetFullPathNameW
VirtualFree
WaitForMultipleObjects
GetFileSize
MoveFileW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateEventW
ResetEvent
SetThreadPriority
ResumeThread
FlushViewOfFile
GetVersion
ReadFileEx
RemoveDirectoryW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
SleepEx
RtlPcToFileHeader
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ExitThread
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesW
SetFileAttributesW
CopyFileW
SetLastError
CloseHandle
ReadFile
GetLastError
CreateFileW
HeapAlloc
GetModuleFileNameA
HeapFree

user32

CharLowerBuffW
PostMessageW
CharUpperW
CharNextW
UnregisterClassA
CharUpperBuffW
IsCharLowerW
IsCharUpperW

advapi32

RegQueryInfoKeyW
RegCloseKey
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
StringFromCLSID
CoCreateInstance
CoTaskMemRealloc
CoCreateGuid

oleaut32

VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 787KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Engines/spsrx.dll
.dll regsvr32 windows:10 windows x64 arch:x64

623052070b7eb1d9cebfa38f9eb93fca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

spsrx.pdb

Imports

kernel32

LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DisableThreadLibraryCalls
SetLastError
WideCharToMultiByte
GetCommandLineA
FlsSetValue
GetVersionExW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
EncodePointer
DecodePointer
FlsAlloc
FlsGetValue
FlsFree
FreeLibrary
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
HeapCreate
HeapDestroy
HeapSetInformation
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringA
WriteFile
HeapReAlloc
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
Sleep
GetStringTypeW
LCMapStringW
GetVersion
HeapWalk
GetProcAddress
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapAlloc
HeapFree

user32

UnregisterClassA
CharNextW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Engines/srloc.dll
.dll regsvr32 windows:10 windows x64 arch:x64

d83c436f2c45db50cdd9841f0ed5cf06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

srloc.pdb

Imports

kernel32

RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
WideCharToMultiByte
GetCommandLineA
FlsSetValue
GetVersionExW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
EncodePointer
DecodePointer
SetLastError
FlsAlloc
FlsGetValue
FlsFree
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
HeapCreate
HeapDestroy
GetModuleHandleW
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringA
WriteFile
HeapReAlloc
HeapSize
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesA
GetStringTypeW
LCMapStringW
GetLocaleInfoW
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReadFileEx
VirtualFree
MapViewOfFile
LoadLibraryExW
GetProcAddress
FreeLibrary
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapAlloc
CreateFileMappingW
UnmapViewOfFile
lstrcmpiW
HeapSetInformation
HeapFree
GetProcessHeap
SetEndOfFile
WriteConsoleW
RtlPcToFileHeader
SetFilePointer
FlushFileBuffers
RtlUnwind
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetStdHandle
GetVersion
HeapWalk
CreateFileW
CloseHandle
GetFileSize
ReadFile
ExpandEnvironmentStringsW
LoadLibraryW

user32

UnregisterClassA
CharNextW
CharLowerBuffW
IsCharLowerW
CharUpperBuffW
IsCharUpperW
GetKeyboardLayoutList
CharLowerW

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

oleaut32

SysStringLen
VarUI4FromStr
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysFreeString

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CLSIDFromProgID
StringFromCLSID

imm32

ImmEnumRegisterWordW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__app__v.4.0.5__x64_.msi
.msi
setup/FXSOCM.dll
.dll regsvr32 windows:10 windows x64 arch:x64

db0ba767c41bba75a59ed33ed0eeda3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FXSOCM.pdb

Imports

msvcrt

_XcptFilter
_amsg_exit
_initterm
free
_callnewh
memset
malloc
memcmp
__C_specific_handler
_vsnwprintf
_wsplitpath_s
wcscmp

atl

ord57
ord30
ord58
ord18
ord16
ord23
ord32
ord15
ord21

advapi32

RegSetValueExW
RegQueryValueExW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegOpenKeyExW
RegCloseKey
OpenServiceW
StartServiceW

kernel32

GetModuleFileNameW
DisableThreadLibraryCalls
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
HeapFree
HeapAlloc
GetProcessHeap
OutputDebugStringW
HeapDestroy

shell32

SHChangeNotify
SHGetSpecialFolderLocation
SHGetMalloc

user32

GetLastActivePopup
GetWindow
MessageBoxW
GetGUIThreadInfo
GetParent
LoadStringW

winspool.drv

OpenPrinterW
SetPrinterW
GetPrinterW
AddPrinterW
ClosePrinter
EnumPrintersW

oleaut32

SysStringLen
SysFreeString
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FaxModemCoClassInstaller
SecureFaxServiceDirectories

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/cmmigr.dll
.dll regsvr32 windows:10 windows x64 arch:x64

8b7086ef6b16c2350dffe679922b2ebc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

cmmigr.pdb

Imports

msvcrt

?what@exception@@UEBAPEBDXZ
_amsg_exit
_initterm
_errno
realloc
_lock
_unlock
__dllonexit
_callnewh
??1type_info@@UEAA@XZ
memcpy
_CxxThrowException
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
wcscat_s
_purecall
_vsnwprintf
memmove_s
memcpy_s
malloc
wcsncpy_s
wcscpy_s
free
_XcptFilter
memcmp
_onexit
__C_specific_handler
_vsnprintf
wcschr
memset

cmutil

CmFree
CmMalloc

kernel32

SetFileShortNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
CloseHandle
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
DeleteCriticalSection
RaiseException
GetModuleHandleW
GetLastError
GetModuleFileNameW
lstrcmpiW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcAddress
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
LocalFree
CreateDirectoryW
lstrlenW
CopyFileW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
GetPrivateProfileIntW
LocalAlloc
InitializeCriticalSection
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
CreateFileW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
lstrlenA
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

user32

CharPrevW
CharNextW
UnregisterClassA

ole32

StringFromCLSID
CoTaskMemFree
StringFromGUID2
CoCreateInstance

oleaut32

VarUI4FromStr
SysStringByteLen
SysAllocString
SysStringLen
GetErrorInfo
VariantClear
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysAllocStringByteLen
SysFreeString

advapi32

RegEnumValueW
AdjustTokenPrivileges
GetSecurityInfo
RegDeleteKeyW
RegEnumKeyW
RegQueryInfoKeyW
LookupPrivilegeValueW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken

shell32

SHFileOperationW
SHGetFileInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/comsetup.dll
.dll windows:10 windows x64 arch:x64

a695b01fa31de5822be17a3a223a1bd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

comsetup.pdb

Imports

msvcrt

_unlock
_lock
??1type_info@@UEAA@XZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_onexit
wcsrchr
_wtol
_wcsnicmp
wcstombs
wcstok
_wtoi64
_purecall
_wtoi
iswspace
_wcsdup
swscanf
_waccess
malloc
atoi
free
wcsstr
wcschr
_wcsicmp
_local_unwind
_CxxThrowException
towlower
_vsnwprintf
strtok
?terminate@@YAXXZ
memcpy
__dllonexit
_itow
exit
__C_specific_handler
memset

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW
LookupAccountSidW
LookupPrivilegeValueW

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoCreateInstanceEx
CoTaskMemAlloc
CLSIDFromString
CoUninitialize
CoCreateInstance
ProgIDFromCLSID
CoTaskMemFree
StringFromGUID2
StringFromCLSID
CoInitializeEx
CoTaskMemRealloc
CoGetObjectContext

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegUnLoadKeyW
RegLoadKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceConfigW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

SetFileAttributesW
DeleteFileW
WriteFile
FindClose
GetFileSize
GetFileAttributesW
FindFirstFileW
CreateDirectoryW
FindNextFileW
SetFilePointer
GetTempFileNameW
CreateFileW

api-ms-win-core-libraryloader-l1-2-0

LoadResource
FindResourceExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
LockResource
LoadLibraryExW
FreeLibrary
LoadStringW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
OpenProcessToken
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetCurrentThreadId
CreateProcessW
GetCurrentProcessId
SetThreadStackGuarantee

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
AdjustTokenPrivileges
GetSecurityDescriptorDacl
GetTokenInformation

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-memory-l1-1-0

VirtualProtect
OpenFileMappingW
UnmapViewOfFile
VirtualQuery
VirtualAlloc
MapViewOfFile

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetComputerNameExW
GetLocalTime
GetTickCount
GetWindowsDirectoryW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-com-private-l1-1-0

CoGetModuleType
UpdateDCOMSettings

kernel32

GetPrivateProfileSectionW
WritePrivateProfileSectionW
WritePrivateProfileStringW

advapi32

DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegEnumKeyW
RegDeleteKeyW
SetNamedSecurityInfoW

setupapi

SetupCloseInfFile
SetupOpenInfFileW
SetupGetLineTextW
SetupOpenLog
SetupFindNextLine
SetupCloseLog
SetupFindNextMatchLineW
SetupFindFirstLineW
SetupGetTargetPathW

ntdll

RtlAllocateHeap
RtlImageNtHeader
RtlFreeHeap

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ComPlusCompleteCbbSetup
ComPlusGetWebApplicationServerRole
ComPlusSetWebApplicationServerRole
InstallOnReboot
RunComPlusSetWebApplicationServerRoleW
SetupPrintLog
UpgradeDSSchema

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/msdtcstp.dll
.dll regsvr32 windows:10 windows x64 arch:x64

c2d23549681c11df230ce3afa9835d1d

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:c4:0e:a4:4e:50:58:c9:3d:13:af:d9:e4:d3:29:e0:e9:63:2d:88:ba:db:e1:a4:8c:af:3e:cd:16:0f:c6:9c
Signer

Actual PE Digest

50:c4:0e:a4:4e:50:58:c9:3d:13:af:d9:e4:d3:29:e0:e9:63:2d:88:ba:db:e1:a4:8c:af:3e:cd:16:0f:c6:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msdtcstp.pdb

Imports

msvcrt

memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_stricmp
_wcsicmp
fwprintf
fprintf
fclose
fflush
fopen
wcsrchr
_waccess
wcscpy_s
_ultow
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
strchr
_wfopen
??1type_info@@UEAA@XZ
_CxxThrowException
_local_unwind
memcmp
memcpy
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
__C_specific_handler
_vsnwprintf
__CxxFrameHandler3
memset

atl

ord23
ord32
ord57
ord18
ord58
ord15
ord16
ord21
ord30

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlReportException
RtlNtStatusToDosError
RtlImageNtHeader
VerSetConditionMask
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
VerifyVersionInfoW
CopyFileW
FreeLibrary
GetProcAddress
GetLastError
GetVersionExW
DisableThreadLibraryCalls
DeleteCriticalSection
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue
GetCommandLineA
UnregisterWaitEx
TlsFree
TlsAlloc
GetExitCodeProcess
CreateProcessW
LoadResource
FindResourceExW
DeleteFileW
LockResource
SetFileAttributesW
FindClose
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemWindowsDirectoryA
GetLocalTime
GetFullPathNameW
CreateFileW
QueueUserWorkItem
OutputDebugStringW
SetEvent
WaitForSingleObjectEx
CloseHandle
ResetEvent
QueryFullProcessImageNameW
DebugBreak
CreateEventA
LocalAlloc
LocalFree
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
ReleaseMutex
FormatMessageW
ReleaseSRWLockExclusive
CloseThreadpoolTimer
AcquireSRWLockExclusive
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
CreateMutexExW
AcquireSRWLockShared
GetProcessHeap
GetModuleHandleW
IsDebuggerPresent
CreateDirectoryW
MultiByteToWideChar

oleaut32

LoadRegTypeLi
SysFreeString
SysStringLen

version

VerQueryValueW

advapi32

ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExW
RegQueryValueExA
RegCloseKey
OpenProcessToken
GetTokenInformation

user32

LoadStringW

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoGetObjectContext
CoTaskMemAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/pbkmigr.dll
.dll regsvr32 windows:10 windows x64 arch:x64

06752a97e264a8df1d95deb615745d81

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-02-2023 00:05

Not After

01-02-2024 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:eb:6a:30:7b:aa:00:2e:85:6a:18:80:32:e3:16:24:6a:7d:5e:65:25:45:63:0a:c2:4c:b5:9e:f8:63:d5:1f
Signer

Actual PE Digest

9b:eb:6a:30:7b:aa:00:2e:85:6a:18:80:32:e3:16:24:6a:7d:5e:65:25:45:63:0a:c2:4c:b5:9e:f8:63:d5:1f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

pbkmigr.pdb

Imports

msvcrt

_onexit
__dllonexit
_unlock
_lock
realloc
??1type_info@@UEAA@XZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
wprintf
wcscat_s
memcmp
__C_specific_handler
_purecall
_wcsicmp
_vsnwprintf
memmove_s
memcpy_s
malloc
wcsncpy_s
wcscpy_s
free
_errno
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

CloseHandle
VirtualQuery
FreeLibrary
ExpandEnvironmentStringsW
DeleteCriticalSection
RaiseException
GetModuleHandleW
GetLastError
GetModuleFileNameW
lstrcmpiW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcAddress
LoadLibraryExW
LeaveCriticalSection
GetEnvironmentVariableW
GlobalAlloc
GlobalFree
InitializeCriticalSection
GetThreadLocale
SetThreadLocale
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
LocalFree
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetSystemInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
CreateFileW
GetSystemDirectoryW
SetFileShortNameW
EnterCriticalSection

user32

CharNextW
UnregisterClassA

advapi32

OpenProcessToken
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

SHFileOperationW
SHGetFileInfoW

rasapi32

RasSetAutoTriggerProfile
GetAutoTriggerProfileInfo
RasSetSubEntryPropertiesW
RasSetCustomAuthDataW
RasGetCustomAuthDataW
RasEnumEntriesW
RasGetEntryPropertiesW
RasSetEntryPropertiesW
RasGetSubEntryPropertiesW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/tssysprep.dll
.dll windows:10 windows x64 arch:x64

ead979c0e40046289778e8c1af96bfaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

TSSysprep.pdb

Imports

msvcrt

_snwprintf_s
??3@YAXPEAX@Z
_vsnwprintf_s
??1type_info@@UEAA@XZ
_callnewh
_purecall
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
??_V@YAXPEAX@Z
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
??0exception@@QEAA@AEBV0@@Z
__CxxFrameHandler3
memset

wdscore

CurrentIP
WdsSetupLogMessageW
ConstructPartialMsgVW

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

kernel32

GetSystemFirmwareTable
GetLastError
Sleep
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
WideCharToMultiByte
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LocalFree
SetLastError
GetVersionExA
OutputDebugStringW
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
RaiseException
WriteFile
SetFilePointer
CreateFileW
GetVersionExW

crypt32

CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertDeleteCertificateFromStore

shlwapi

SHGetValueW
SHDeleteKeyW
SHDeleteValueW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

advapi32

GetSecurityDescriptorSacl
GetAclInformation
GetAce
EqualSid
DeleteAce
InitializeSecurityDescriptor
SetSecurityDescriptorControl
RegDeleteKeyW
RegEnumKeyExW
GetSecurityDescriptorLength
RegQueryInfoKeyW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
MakeSelfRelativeSD
RegQueryValueExW
AddAccessAllowedAce
IsValidAcl
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
FreeSid
OpenProcessToken
IsValidSecurityDescriptor
AddAce
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
AllocateAndInitializeSid
SetSecurityDescriptorOwner
RegDeleteValueW

oleaut32

SysFreeString
SafeArrayUnlock
SafeArrayGetUBound
VariantInit
SafeArrayDestroy
SafeArrayRedim
VariantClear
SafeArrayAccessData
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayLock
SysAllocString
SafeArrayGetVartype
SafeArrayCopy
SafeArrayGetLBound

cryptbase

SystemFunction036

Exports

Exports

AppsrvSysPrepGeneralize
AppsrvSysPrepSpecializeOffline
AppsrvSysPrepSpecializeOnline
CBrokerSysPrepGeneralize
CBrokerSysPrepSpecializeOffline
CBrokerSysPrepSpecializeOnline
LSMSysPrepBackup
LSMSysPrepRestoreOffline
LSMSysPrepRestoreOnline
RCMSysPrepGeneralize
RdpSysPrepGeneralize
RdpSysPrepRestoreOffline
RdpSysPrepRestoreOnline

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbem/WMIPJOBJ.dll
.dll regsvr32 windows:10 windows x64 arch:x64

98892e6defc71c05cb5245b08941c4c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WMIPJOBJ.pdb

Imports

msvcrt

??_V@YAXPEAX@Z
wcschr
__CxxFrameHandler3
_wcslwr
towupper
wcsrchr
_wcsicmp
_ultow_s
_ui64tow_s
_i64tow_s
_onexit
__dllonexit
_unlock
_lock
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
free
_amsg_exit
iswupper
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_vsnwprintf
_purecall
_callnewh
malloc
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

framedynos

??0CHString@@QEAA@XZ
??1CHString@@QEAA@XZ
?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?MakeLower@CHString@@QEAAXXZ
?Init@CFrameworkQuery@@QEAAJPEAUParsedObjectPath@@PEAUIWbemContext@@PEBGAEAVCHString@@@Z
??1CFrameworkQueryEx@@QEAA@XZ
??0CFrameworkQueryEx@@QEAA@XZ
?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z
??1CObjectPathParser@@QEAA@XZ
??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAV?$vector@V_bstr_t@@V?$allocator@V_bstr_t@@@std@@@std@@@Z
?Init@CFrameworkQuery@@QEAAJQEAG0JAEAVCHString@@@Z
??1CFrameworkQuery@@QEAA@XZ
??0CFrameworkQuery@@QEAA@XZ
??4CHString@@QEAAAEBV0@PEBG@Z
?IsPropertyRequired@CFrameworkQuery@@QEAA_NPEBG@Z
??0CHStringArray@@QEAA@XZ
??1CHStringArray@@QEAA@XZ
?Add@CHStringArray@@QEAAHPEBG@Z
?ReleaseBuffer@CHString@@QEAAXH@Z

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SafeArrayCreate
VariantCopy
SysAllocString
VariantClear
VariantInit
SafeArrayPutElement
SysFreeString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameW
FreeLibrary

api-ms-win-security-base-l1-1-0

IsValidSid
GetTokenInformation
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
OpenThreadToken
TerminateThread

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

api-ms-win-core-com-l1-1-0

CoGetCallContext
CoTaskMemFree
StringFromCLSID

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

api-ms-win-core-job-l2-1-0

QueryInformationJobObject
OpenJobObjectW

advapi32

RegDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbem/WMIPSESS.dll
.dll regsvr32 windows:10 windows x64 arch:x64

2da3b341f56e5d5d0381403b02b8df06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WMIPSESS.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
__CxxFrameHandler3
free
_amsg_exit
_XcptFilter
_purecall
??_V@YAXPEAX@Z
_wcsicmp
??3@YAXPEAX@Z
malloc
_CxxThrowException

srvcli

NetSessionDel
NetShareEnum
NetConnectionEnum
NetSessionEnum

netutils

NetApiBufferFree

oleaut32

VariantInit
SysAllocString
VariantClear
VariantChangeType

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

framedynos

??ACHPtrArray@@QEAAAEAPEAXH@Z
?EndWrite@CThreadBase@@QEAAXXZ
??0CHPtrArray@@QEAA@XZ
??1CThreadBase@@UEAA@XZ
?FindOneOf@CHString@@QEBAHPEBG@Z
?Left@CHString@@QEBA?AV1@H@Z
?Add@CHPtrArray@@QEAAHPEAX@Z
?BeginWrite@CThreadBase@@QEAAHK@Z
??YCHString@@QEAAAEBV0@G@Z
?BeginRead@CThreadBase@@QEAAHK@Z
?GetSize@CHPtrArray@@QEBAHXZ
?RemoveAll@CHPtrArray@@QEAAXXZ
?LocalLogMessage@ProviderLog@@QEAAXPEBGHW4LogLevel@1@0ZZ
?captainsLog@@3VProviderLog@@A
?LocalLogMessage@ProviderLog@@QEAAXPEBG0HW4LogLevel@1@@Z
??0CHString@@QEAA@PEBD@Z
??1CHString@@QEAA@XZ
??YCHString@@QEAAAEBV0@PEBG@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
?Add@CHStringArray@@QEAAHPEBG@Z
?GetAt@CHPtrArray@@QEBAPEAXH@Z
??4CHString@@QEAAAEBV0@PEBG@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?GetLength@CHString@@QEBAHXZ
??0CHStringArray@@QEAA@XZ
??1CHStringArray@@QEAA@XZ
?GetAt@CHStringArray@@QEBA?AVCHString@@H@Z
??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z
??1CObjectPathParser@@QEAA@XZ
?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z
??1ParsedObjectPath@@QEAA@XZ
??0ParsedObjectPath@@QEAA@XZ
??1CHPtrArray@@QEAA@XZ
?AddKeyRef@ParsedObjectPath@@QEAAHPEBGPEBUtagVARIANT@@@Z
?Unparse@CObjectPathParser@@SAHPEAUParsedObjectPath@@PEAPEAG@Z
??0Provider@@QEAA@PEBG0@Z
??1Provider@@UEAA@XZ
?GetCHString@CInstance@@QEBA_NPEBGAEAVCHString@@@Z
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAVCHStringArray@@@Z
?CreateNewInstance@Provider@@IEAAPEAVCInstance@@PEAVMethodContext@@@Z
?Empty@CHString@@QEAAXXZ
?Format@CHString@@QEAAXPEBGZZ
?SetCHString@CInstance@@QEAA_NPEBGAEBVCHString@@@Z
?SetWORD@CInstance@@QEAA_NPEBGG@Z
?SetDWORD@CInstance@@QEAA_NPEBGK@Z
?IsPropertyRequired@CFrameworkQuery@@QEAA_NPEBG@Z
?AddRef@CInstance@@QEAAJXZ
?Release@CInstance@@QEAAJXZ
?OnFinalRelease@CThreadBase@@MEAAXXZ
?PutInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?ExecMethod@Provider@@MEAAJAEBVCInstance@@QEAGPEAV2@2J@Z
?GetObject@Provider@@MEAAJPEAVCInstance@@J@Z
?Flush@Provider@@MEAAXXZ
?ValidateEnumerationFlags@Provider@@MEAAJJ@Z
?ValidateGetObjFlags@Provider@@MEAAJJ@Z
?ValidateMethodFlags@Provider@@MEAAJJ@Z
?ValidateQueryFlags@Provider@@MEAAJJ@Z
?ValidateDeletionFlags@Provider@@MEAAJJ@Z
?ValidatePutInstanceFlags@Provider@@MEAAJJ@Z
?SetCharSplat@CInstance@@QEAA_NPEBG0@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
?Mid@CHString@@QEBA?AV1@HH@Z
?Right@CHString@@QEBA?AV1@H@Z
?DeleteInstance@Provider@@MEAAJAEBVCInstance@@J@Z
??0CHString@@QEAA@PEBG@Z
?SetCHString@CInstance@@QEAA_NPEBG0@Z
?ExecQuery@Provider@@MEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z
?RemoveAt@CHStringArray@@QEAAXHH@Z
?EndRead@CThreadBase@@QEAAXXZ
?GetMethodContext@CInstance@@QEBAPEAVMethodContext@@XZ
?GetLocalInstancePath@Provider@@IEAA_NPEBVCInstance@@AEAVCHString@@@Z
??H@YA?AVCHString@@AEBV0@0@Z
??H@YA?AVCHString@@AEBV0@G@Z
?SetClassName@ParsedObjectPath@@QEAAHPEBG@Z
??H@YA?AVCHString@@PEBGAEBV0@@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
?GetDWORD@CInstance@@QEBA_NPEBGAEAK@Z
?IsDerivedFrom@CWbemProviderGlue@@SA_NPEBG0PEAVMethodContext@@0@Z
??0CHString@@QEAA@XZ
?Commit@CInstance@@QEAAJXZ
?Create@CWbemGlueFactory@@SAPEAV1@PEAJ@Z
?Destroy@CWbemGlueFactory@@QEAAXXZ
?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?initFailed@Provider@@SAHXZ
?GetVariant@CInstance@@QEBA_NPEBGAEAUtagVARIANT@@@Z
??ACHStringArray@@QEBA?AVCHString@@H@Z
?SetAt@CHString@@QEAAXHG@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?GetInstancesByQuery@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@AEAVCHStringArray@@@Z
?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z
?RemoveAll@CHStringArray@@QEAAXXZ
??0CThreadBase@@QEAA@W4THREAD_SAFETY_MECHANISM@0@@Z

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
DisableThreadLibraryCalls

api-ms-win-core-com-l1-1-0

StringFromGUID2

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbem/WMIsvc.dll
.dll regsvr32 windows:10 windows x64 arch:x64

a8071c8826423a68255af6e367b0795d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WMIsvc.pdb

Imports

msvcrt

_ui64tow_s
_vsnwprintf
atoi
_XcptFilter
_lock
malloc
_initterm
__C_specific_handler
_unlock
__CxxFrameHandler3
__dllonexit
_amsg_exit
free
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_purecall
memmove
memcpy
_CxxThrowException
memset
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
wcschr
_wtoi64
_wtol
wcsrchr
wcstok
_wtoi
_wcsicmp

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateEventW
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
EnterCriticalSection
ReleaseMutex
LeaveCriticalSection
CreateMutexW

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
FreeLibrary
GetProcAddress
LoadLibraryExW
LockResource
DisableThreadLibraryCalls
FindResourceExW
GetModuleHandleExW
LoadResource
LoadStringW
FreeResource

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueW
RegDeleteKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetCurrentThread
OpenThreadToken
GetThreadPriority
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
SetProcessShutdownParameters
GetCurrentThreadId
CreateProcessW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetWindowsDirectoryW
GetSystemDirectoryW
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileTime
GetFileType
FindClose
FindFirstChangeNotificationW
FindNextFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
GetFullPathNameW
WriteFile
CreateFileW
FileTimeToLocalFileTime
FindNextChangeNotification
RemoveDirectoryW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l2-1-0

CopyFileExW
MoveFileExW

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
AccessCheck
GetFileSecurityW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureStackBackTrace

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwTraceMessage

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

wbemcomn

?Deserialize@C9XAce@@UEAA_NPEAE@Z
?QueryInterface@CUnk@@UEAAJAEBU_GUID@@PEAPEAX@Z
?AddRef@CUnk@@UEAAKXZ
?Release@CUnk@@UEAAKXZ
?Initialize@CUnk@@UEAAHXZ
??0CInsertionString@@QEAA@VCHex@@@Z
??0Registry@@QEAA@PEBGK@Z
??1Registry@@QEAA@XZ
?GetStr@Registry@@QEAAHPEBGPEAPEAG@Z
?SetStr@Registry@@QEAAHPEBG0@Z
?GetPersistentCfgValue@CPersistentConfig@@QEAAHKAEAK@Z
?GetDWORDStr@Registry@@QEAAHPEBGPEAK@Z
??0Registry@@QEAA@PEAUHKEY__@@KPEBG@Z
?GetDWORD@Registry@@QEAAHPEBGPEAK@Z
??0Registry@@QEAA@PEAUHKEY__@@KKPEBG@Z
?SetDWORD@Registry@@QEAAHPEBGK@Z
?GetMultiStr@Registry@@QEAAPEAGPEBGAEAK@Z
?SetMultiStr@Registry@@QEAAHPEBGPEAGK@Z
TestDirExistAndCreateWithSDIfNotThere
IsPrivilegePresent
??0CStaticCritSec@@QEAA@XZ
??1CStaticCritSec@@QEAA@XZ
??0CInsertionString@@QEAA@J@Z
EnableAllPrivileges
?SetPersistentCfgValue@CPersistentConfig@@QEAAHKK@Z
?GetBinary@Registry@@QEAAHPEBGPEAPEAEPEAK@Z
??0CNtSid@@QEAA@PEAX@Z
??1CNtSid@@QEAA@XZ
??1CNtAcl@@QEAA@XZ
??0CNtAce@@QEAA@KKKAEAVCNtSid@@@Z
?AddAce@CNtAcl@@QEAAHPEAVCNtAce@@@Z
??0CNtSecurityDescriptor@@QEAA@XZ
??1CNtSecurityDescriptor@@QEAA@XZ
?SetDacl@CNtSecurityDescriptor@@QEAAHPEAVCNtAcl@@@Z
?SetOwner@CNtSecurityDescriptor@@QEAAHPEAVCNtSid@@@Z
?SetGroup@CNtSecurityDescriptor@@QEAAHPEAVCNtSid@@@Z
?SetBinary@Registry@@QEAAHPEBGPEAEK@Z
?GetSize@CNtSecurityDescriptor@@QEAAKXZ
?Enter@CStaticCritSec@@QEAAXXZ
?Leave@CStaticCritSec@@QEAAXXZ
GetWMIADAPCmdLine
DebugTrace
?Mrci1Decompress@CBaseMrciCompression@@QEAAIPEAEI0I@Z
?FindStr@CWStringArray@@QEAAHPEBGH@Z
?RemoveAt@CWStringArray@@QEAAHH@Z
?Add@CWStringArray@@QEAAHPEBG@Z
ErrorTrace
LoggingLevelEnabled
??ACFlexArray@@QEAAAEAPEAXH@Z
?GetSerializedSize@C9XAce@@UEAAKXZ
?Start@CTraceSessionControl@@SAKPEBU_GUID@@PEAVCWMITraceSettings@@@Z
?Deserialize@CNtAce@@UEAA_NPEAE@Z
?ReadFromRegistry@CWMITraceSettings@@QEAAKPEBG@Z
??0CWMITraceSettings@@QEAA@XZ
?HasToBeEnabled@CTraceSessionControl@@QEAA_NXZ
?Initialize@CTraceSessionControl@@QEAAKPEBG@Z
WbemSetMachineShutdown
??1CEventLog@@QEAA@XZ
?Close@CEventLog@@QEAAHXZ
?Report@CEventLog@@QEAAHGAEBU_EVENT_DESCRIPTOR@@VCInsertionString@@111111111@Z
?Open@CEventLog@@QEAAHXZ
SetWMITraceSession
GetWMITraceSession
?Write@CMemoryLog@@QEAAXJ@Z
GetMemLogObject
?SetLogingEnabled@CMemoryLog@@QEAAX_N@Z
?anyFailure@CStaticCritSec@@SAHXZ
??0CEventLog@@QEAA@PEBGAEBU_GUID@@K@Z
??0CWStringArray@@QEAA@AEAV0@@Z
??1CWStringArray@@QEAA@XZ
??0WString@@QEAA@PEBD@Z
??0WString@@QEAA@PEBG@Z
??0WString@@QEAA@XZ
?RemainsUntil@CWbemTime@@QEBA?AVCWbemInterval@@AEBV1@@Z
?DeleteString@WString@@AEAAXPEAG@Z
??0CFlexQueue@@QEAA@H@Z
?SetUnknown@CVar@@QEAAXPEAUIUnknown@@@Z
?SetSafeArray@CVar@@QEAAXHPEAUtagSAFEARRAY@@@Z
?SetVariant@CVar@@QEAAHPEAUtagVARIANT@@H@Z
?SetVarVector@CVar@@QEAAXPEAVCVarVector@@H@Z
?SetBlob@CVar@@QEAAXPEAUtagBLOB@@H@Z
?SetClsId@CVar@@QEAAXPEAU_GUID@@H@Z
?SetBSTR@CVar@@QEAAHPEAG@Z
?SetBSTR@CVar@@QEAAHVauto_bstr@@@Z
?SetLPWSTR@CVar@@QEAAHPEAGH@Z
?SetLPSTR@CVar@@QEAAHPEADH@Z
?Init@CVar@@AEAAXXZ
?AddScalar@CSafeArray@@AEAAHTSA_ArrayScalar@@@Z
?SetScalarAt@CSafeArray@@AEAAHHTSA_ArrayScalar@@@Z
?GetScalarAt@CSafeArray@@AEAA?ATSA_ArrayScalar@@H@Z
??1CUnk@@UEAA@XZ
??0CUnk@@QEAA@PEAVCLifeControl@@PEAUIUnknown@@@Z
WMIControlCallback
??0CWStringArray@@QEAA@HH@Z
?Compress@CFlexArray@@QEAAXXZ
??ACFlexArray@@QEBAPEAXH@Z
??0CFlexArray@@QEAA@HH@Z
?InsertAt@CFlexArray@@QEAAHHPEAX@Z
?Leave@CWbemCriticalSection@@QEAAXXZ
?Enter@CWbemCriticalSection@@QEAAHK@Z
??1CHaltable@@UEAA@XZ
BreakOnDbgAndRenterLoop
_ThrowMemoryException_
??0CNtAcl@@QEAA@K@Z
??1C9XAce@@UEAA@XZ
??1CNtAce@@UEAA@XZ
?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z
?WbemMemReAlloc@CWin32DefaultArena@@SAPEAXPEAX_K@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z
?Serialize@C9XAce@@UEAA_NPEAE_K@Z
?Serialize@CNtAce@@UEAA_NPEAE_K@Z
?GetSerializedSize@CNtAce@@UEAAKXZ
?GetAccessMask@CNtAce@@UEAAKXZ
?GetFlags@CNtAce@@UEAAHXZ
?SetDefaultValues@CWMITraceSettings@@QEAAKXZ
?GetType@CNtAce@@UEAAHXZ
??4WString@@QEAAAEAV0@AEBV0@@Z

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??0C9XAce@@QEAA@AEBV0@@Z
??0C9XAce@@QEAA@XZ
??0CArena@@QEAA@$$QEAV0@@Z
??0CArena@@QEAA@AEBV0@@Z
??0CArena@@QEAA@XZ
??0CBaseAce@@QEAA@AEBV0@@Z
??0CBaseAce@@QEAA@XZ
??0CCheckedInCritSec@@QEAA@PEAVCCritSec@@@Z
??0CCircularQueue@@QEAA@XZ
??0CContainerControl@@QEAA@$$QEAV0@@Z
??0CContainerControl@@QEAA@AEBV0@@Z
??0CContainerControl@@QEAA@PEAUIUnknown@@@Z
??0CCritSec@@QEAA@XZ
??0CEnterWbemCriticalSection@@QEAA@PEAVCWbemCriticalSection@@K@Z
??0CEventLog@@QEAA@AEBV0@@Z
??0CEventLogRecord@@QEAA@AEAV0@@Z
??0CHaltable@@QEAA@AEBV0@@Z
??0CHex@@QEAA@J@Z
??0CInCritSec@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??0CInsertionString@@QEAA@$$QEAV0@@Z
??0CInsertionString@@QEAA@AEBV0@@Z
??0CInsertionString@@QEAA@PEBD@Z
??0CInsertionString@@QEAA@PEBG@Z
??0CInsertionString@@QEAA@XZ
??0CLifeControl@@QEAA@$$QEAV0@@Z
??0CLifeControl@@QEAA@AEBV0@@Z
??0CLifeControl@@QEAA@XZ
??0CNtAce@@QEAA@XZ
??0CNtSid@@QEAA@XZ
??0CTraceSessionControl@@QEAA@XZ
??0CUnk@@QEAA@AEBV0@@Z
??0CUnkInternal@@QEAA@AEBV0@@Z
??0CUnkInternal@@QEAA@PEAVCLifeControl@@@Z
??0CVar@@QEAA@D@Z
??0CVar@@QEAA@E@Z
??0CVar@@QEAA@F@Z
??0CVar@@QEAA@FH@Z
??0CVar@@QEAA@G@Z
??0CVar@@QEAA@HPEAG@Z
??0CVar@@QEAA@HPEAUtagSAFEARRAY@@@Z
??0CVar@@QEAA@HVauto_bstr@@@Z
??0CVar@@QEAA@J@Z
??0CVar@@QEAA@K@Z
??0CVar@@QEAA@M@Z
??0CVar@@QEAA@N@Z
??0CVar@@QEAA@PEADH@Z
??0CVar@@QEAA@PEAGH@Z
??0CVar@@QEAA@PEAU_FILETIME@@@Z
??0CVar@@QEAA@PEAU_GUID@@H@Z
??0CVar@@QEAA@PEAUtagBLOB@@H@Z
??0CVar@@QEAA@PEAUtagVARIANT@@@Z
??0CVar@@QEAA@PEAVCVarVector@@H@Z
??0CVar@@QEAA@XZ
??0CWbemInterval@@IEAA@K@Z
??0CWbemInterval@@QEAA@XZ
??0CWbemTime@@IEAA@_J@Z
??0CWbemTime@@QEAA@AEBV0@@Z
??0CWbemTime@@QEAA@XZ
??0CWin32DefaultArena@@QEAA@AEBV0@@Z
??0CWin32DefaultArena@@QEAA@XZ
??0WString@@QEAA@AEBV0@@Z
??1CBaseAce@@UEAA@XZ
??1CCheckedInCritSec@@QEAA@XZ
??1CCritSec@@QEAA@XZ
??1CEnterWbemCriticalSection@@QEAA@XZ
??1CEventLogRecord@@QEAA@XZ
??1CInCritSec@@QEAA@XZ
??1CInsertionString@@QEAA@XZ
??1CUnkInternal@@UEAA@XZ
??1CWin32DefaultArena@@QEAA@XZ
??1WString@@QEAA@XZ
??4C9XAce@@QEAAAEAV0@AEBV0@@Z
??4CArena@@QEAAAEAV0@$$QEAV0@@Z
??4CArena@@QEAAAEAV0@AEBV0@@Z
??4CBaseAce@@QEAAAEAV0@AEBV0@@Z
??4CCheckedInCritSec@@QEAAAEAV0@AEBV0@@Z
??4CCircularQueue@@QEAAAEAV0@$$QEAV0@@Z
??4CCircularQueue@@QEAAAEAV0@AEBV0@@Z
??4CContainerControl@@QEAAAEAV0@$$QEAV0@@Z
??4CContainerControl@@QEAAAEAV0@AEBV0@@Z
??4CCritSec@@QEAAAEAV0@AEBV0@@Z
??4CEnterWbemCriticalSection@@QEAAAEAV0@AEBV0@@Z
??4CFlexQueue@@QEAAAEAV0@AEBV0@@Z
??4CHaltable@@QEAAAEAV0@AEBV0@@Z
??4CHex@@QEAAAEAV0@$$QEAV0@@Z
??4CHex@@QEAAAEAV0@AEBV0@@Z
??4CInCritSec@@QEAAAEAV0@AEBV0@@Z
??4CInsertionString@@QEAAAEAV0@$$QEAV0@@Z
??4CInsertionString@@QEAAAEAV0@AEBV0@@Z
??4CLifeControl@@QEAAAEAV0@$$QEAV0@@Z
??4CLifeControl@@QEAAAEAV0@AEBV0@@Z
??4CMemoryLog@@QEAAAEAV0@$$QEAV0@@Z
??4CMemoryLog@@QEAAAEAV0@AEBV0@@Z
??4CNtSecurity@@QEAAAEAV0@$$QEAV0@@Z
??4CNtSecurity@@QEAAAEAV0@AEBV0@@Z
??4CPersistentConfig@@QEAAAEAV0@$$QEAV0@@Z
??4CPersistentConfig@@QEAAAEAV0@AEBV0@@Z
??4CSmallArrayBlob@@QEAAAEAV0@$$QEAV0@@Z
??4CSmallArrayBlob@@QEAAAEAV0@AEBV0@@Z
??4CStaticCritSec@@QEAAAEAV0@AEBV0@@Z
??4CTraceSessionControl@@QEAAAEAV0@$$QEAV0@@Z
??4CTraceSessionControl@@QEAAAEAV0@AEBV0@@Z
??4CUnk@@QEAAAEAV0@AEBV0@@Z
??4CUnkInternal@@QEAAAEAV0@AEBV0@@Z
??4CWMITraceSettings@@QEAAAEAV0@$$QEAV0@@Z
??4CWMITraceSettings@@QEAAAEAV0@AEBV0@@Z
??4CWbemCriticalSection@@QEAAAEAV0@AEBV0@@Z
??4CWbemInterval@@QEAAAEAV0@$$QEAV0@@Z
??4CWbemInterval@@QEAAAEAV0@AEBV0@@Z
??4CWbemTime@@QEAAXAEBV0@@Z
??4CWbemTimeSpan@@QEAAAEAV0@$$QEAV0@@Z
??4CWbemTimeSpan@@QEAAAEAV0@AEBV0@@Z
??4CWin32DefaultArena@@QEAAAEAV0@AEBV0@@Z
??4MD5@@QEAAAEAV0@$$QEAV0@@Z
??4MD5@@QEAAAEAV0@AEBV0@@Z
??4Registry@@QEAAAEAV0@AEBV0@@Z
??ACSmallArrayBlob@@QEBAPEAXH@Z
??ACWStringArray@@QEBAPEAGH@Z
??BCHex@@QEAAJXZ
??BCVar@@QEAA?AU_FILETIME@@XZ
??BCVar@@QEAADXZ
??BCVar@@QEAAEXZ
??BCVar@@QEAAFXZ
??BCVar@@QEAAGXZ
??BCVar@@QEAAJXZ
??BCVar@@QEAAKXZ
??BCVar@@QEAAMXZ
??BCVar@@QEAANXZ
??BCVar@@QEAAPEADXZ
??BCVar@@QEAAPEAGXZ
??BCVar@@QEAAPEAU_GUID@@XZ
??BCVar@@QEAAPEAUtagBLOB@@XZ
??BCVar@@QEAAPEAVCVarVector@@XZ
??BWString@@QEAAPEAGXZ
??BWString@@QEBAPEBGXZ
??DCWbemInterval@@QEBA?AV0@N@Z
??GCWbemTime@@QEBA?AVCWbemInterval@@AEBV0@@Z
??HCWbemInterval@@QEBA?AV0@V0@@Z
??MCWbemInterval@@QEAAHV0@@Z
??MCWbemTime@@QEBAHAEBV0@@Z
??MWString@@QEBAHPEBG@Z
??NCWbemTime@@QEBAHAEBV0@@Z
??NWString@@QEBAHPEBG@Z
??OCWbemInterval@@QEAAHV0@@Z
??OCWbemTime@@QEBAHAEBV0@@Z
??OWString@@QEBAHPEBG@Z
??PCWbemTime@@QEBAHAEBV0@@Z
??PWString@@QEBAHPEBG@Z
??YCWbemInterval@@QEAAXV0@@Z
??_7C9XAce@@6B@
??_7CArena@@6B@
??_7CBaseAce@@6B@
??_7CContainerControl@@6B@
??_7CHaltable@@6B@
??_7CLifeControl@@6B@
??_7CNtAce@@6B@
??_7CUnk@@6B@
??_7CUnkInternal@@6B@
??_7CWin32DefaultArena@@6B@
??_FCEventLog@@QEAAXXZ
??_FCFlexArray@@QEAAXXZ
??_FCFlexQueue@@QEAAXXZ
??_FCNtAcl@@QEAAXXZ
??_FCUnk@@QEAAXXZ
??_FCWStringArray@@QEAAXXZ
?Access@CSafeArray@@QEAAJPEAPEAX@Z
?Add@CFlexArray@@QEAAHPEAX@Z
?AddBool@CSafeArray@@QEAAHF@Z
?AddByte@CSafeArray@@QEAAHE@Z
?AddDouble@CSafeArray@@QEAAHN@Z
?AddFloat@CSafeArray@@QEAAHM@Z
?AddLong@CSafeArray@@QEAAHJ@Z
?AddRef@CContainerControl@@UEAAXPEAUIUnknown@@@Z
?AddRef@CUnkInternal@@UEAAKXZ
?AddShort@CSafeArray@@QEAAHF@Z
?Alloc@CWin32DefaultArena@@UEAAPEAX_K@Z
?BindPtr@WString@@QEAAXPEAG@Z
?CanDelete@CVar@@QEAAHXZ
?Compress@CWStringArray@@QEAAXXZ
?DecrementIndex@CFlexQueue@@IEAAXAEAH@Z
?ElementSize@CSafeArray@@QEAAHXZ
?Enter@CCheckedInCritSec@@QEAAXXZ
?Enter@CCritSec@@QEAAXXZ
?Equal@WString@@QEBAHPEBG@Z
?EqualNoCase@WString@@QEBAHPEBG@Z
?Free@CWin32DefaultArena@@UEAAHPEAX@Z
?Get100nss@CWbemTime@@QEBA_JXZ
?GetAccessMask@C9XAce@@UEAAKXZ
?GetAreaFlags@CWMITraceSettings@@QEAAKXZ
?GetArray@CSafeArray@@QEAAPEAUtagSAFEARRAY@@XZ
?GetArrayPtr@CFlexArray@@QEAAPEAPEAXXZ
?GetArrayPtr@CFlexArray@@QEBAPEBQEAXXZ
?GetArrayPtr@CSmallArrayBlob@@QEAAPEAPEAXXZ
?GetArrayPtr@CSmallArrayBlob@@QEBAPEBQEAXXZ
?GetArrayPtr@CWStringArray@@QEAAPEAPEBGXZ
?GetAt@CSmallArrayBlob@@QEBAPEAXH@Z
?GetAt@CWStringArray@@QEBAPEAGH@Z
?GetBlob@CVar@@QEAAPEAUtagBLOB@@XZ
?GetBool@CVar@@QEAAFXZ
?GetBoolAt@CSafeArray@@QEAAFH@Z
?GetByte@CVar@@QEAAEXZ
?GetByteAt@CSafeArray@@QEAAEH@Z
?GetChar@CVar@@QEAADXZ
?GetClsId@CVar@@QEAAPEAU_GUID@@XZ
?GetCreationTime@CEventLogRecord@@QEAA?AVCWbemTime@@XZ
?GetDWORD@CVar@@QEAAKXZ
?GetDispatch@CVar@@QEAAPEAUIDispatch@@XZ
?GetDouble@CVar@@QEAANXZ
?GetDoubleAt@CSafeArray@@QEAANH@Z
?GetEmbeddedObject@CVar@@QEAAPEAUIUnknown@@XZ
?GetEventTraceProperties@CWMITraceSettings@@QEAAPEAU_EVENT_TRACE_PROPERTIES@@XZ
?GetFileTime@CVar@@QEAA?AU_FILETIME@@XZ
?GetFlags@C9XAce@@UEAAHXZ
?GetFloat@CVar@@QEAAMXZ
?GetFloatAt@CSafeArray@@QEAAMH@Z
?GetInfinity@CWbemInterval@@SA?AV1@XZ
?GetInfinity@CWbemTime@@SA?AV1@XZ
?GetInnerUnknown@CUnk@@QEAAPEAUIUnknown@@XZ
?GetLPSTR@CVar@@QEAAPEADXZ
?GetLPWSTR@CVar@@QEAAPEAGXZ
?GetLastError@Registry@@QEAAJXZ
?GetLockCount@CWbemCriticalSection@@QEAAJXZ
?GetLong@CVar@@QEAAJXZ
?GetLongAt@CSafeArray@@QEAAJH@Z
?GetMilliseconds@CWbemInterval@@QEBAKXZ
?GetNumStrings@CEventLogRecord@@QEAAGXZ
?GetOwningThreadId@CWbemCriticalSection@@QEAAKXZ
?GetPtr@CNtAce@@QEAAPEAU_ACCESS_ALLOWED_ACE@@XZ
?GetPtr@CNtAcl@@QEAAPEAU_ACL@@XZ
?GetPtr@CNtSecurityDescriptor@@QEAAPEAXXZ
?GetPtr@CNtSid@@QEAAPEAXXZ
?GetQueueSize@CFlexQueue@@QEBAHXZ
?GetRawData@CVar@@QEAAPEAXXZ
?GetRecursionCount@CWbemCriticalSection@@QEAAJXZ
?GetSeconds@CWbemInterval@@QEBAKXZ
?GetSessionName@CWMITraceSettings@@QEAAPEAGXZ
?GetShort@CVar@@QEAAFXZ
?GetShortAt@CSafeArray@@QEAAFH@Z
?GetSize@CNtAce@@QEAAKXZ
?GetStatus@C9XAce@@UEAAKXZ
?GetStatus@CNtAce@@UEAAKXZ
?GetStatus@CNtAcl@@QEAAKXZ
?GetStatus@CNtSecurityDescriptor@@QEAAKXZ
?GetStatus@CNtSid@@QEAAKXZ
?GetString@CInsertionString@@QEAAPEBGXZ
?GetStringPointerByRef@WString@@QEBAAEBQEBGXZ
?GetTraceLevel@CWMITraceSettings@@QEAAEXZ
?GetType@C9XAce@@UEAAHXZ
?GetType@CSafeArray@@QEAAHXZ
?GetType@CVar@@QEAAHXZ
?GetType@CVarVector@@QEAAHXZ
?GetUnknown@CUnk@@QEAAPEAUIUnknown@@XZ
?GetUnknown@CUnkInternal@@QEAAPEAUIUnknown@@XZ
?GetUnknown@CVar@@QEAAPEAUIUnknown@@XZ
?GetVarVector@CVar@@QEAAPEAVCVarVector@@XZ
?GetWord@CVar@@QEAAGXZ
?GetZero@CWbemTime@@SA?AV1@XZ
?IncrementIndex@CFlexQueue@@IEAAXAEAH@Z
?InternalAddRef@CUnkInternal@@QEAAKXZ
?InternalQueryInterface@CUnkInternal@@QEAAJAEBU_GUID@@PEAPEAX@Z
?InternalRelease@CUnkInternal@@QEAAKXZ
?IsEmpty@CInsertionString@@QEAAHXZ
?IsEnabled@CTraceSessionControl@@QEAA_NXZ
?IsEntered@CCheckedInCritSec@@QEAAHXZ
?IsEntered@CEnterWbemCriticalSection@@QEAAHXZ
?IsFinite@CWbemInterval@@QEBAHXZ
?IsFinite@CWbemTime@@QEBAHXZ
?IsNull@CVar@@QEAAHXZ
?IsOptimized@CVarVector@@QEAAHXZ
?IsUser@CNtSid@@QEAA_NXZ
?IsValid@CNtAcl@@QEAAHXZ
?IsValid@CNtSecurityDescriptor@@QEAAHXZ
?IsValid@CNtSid@@QEAAHXZ
?IsZero@CWbemInterval@@QEBAHXZ
?IsZero@CWbemTime@@QEBAHXZ
?Leave@CCheckedInCritSec@@QEAAXXZ
?Leave@CCritSec@@QEAAXXZ
?Length@WString@@QEBAHXZ
?ObjectCreated@CContainerControl@@UEAAHPEAUIUnknown@@@Z
?ObjectDestroyed@CContainerControl@@UEAAXPEAUIUnknown@@@Z
?OnInitialize@CUnk@@UEAAHXZ
?QueryInterface@CUnkInternal@@UEAAJAEBU_GUID@@PEAPEAX@Z
?Realloc@CWin32DefaultArena@@UEAAPEAXPEAX_K@Z
?Release@CContainerControl@@UEAAXPEAUIUnknown@@@Z
?Release@CUnkInternal@@UEAAKXZ
?Set100nss@CWbemTime@@QEAAX_J@Z
?SetAreaFlags@CWMITraceSettings@@QEAAXK@Z
?SetAsNull@CVar@@QEAAXXZ
?SetBool@CVar@@QEAAXF@Z
?SetBoolAt@CSafeArray@@QEAAHHF@Z
?SetByte@CVar@@QEAAXE@Z
?SetByteAt@CSafeArray@@QEAAHHE@Z
?SetCanDelete@CVar@@QEAAXH@Z
?SetChar@CVar@@QEAAXD@Z
?SetDWORD@CVar@@QEAAXK@Z
?SetDestructorPolicy@CSafeArray@@QEAAXH@Z
?SetDouble@CVar@@QEAAXN@Z
?SetDoubleAt@CSafeArray@@QEAAHHN@Z
?SetEmbeddedObject@CVar@@QEAAXPEAUIUnknown@@@Z
?SetFileTime@CVar@@QEAAXPEAU_FILETIME@@@Z
?SetFlags@C9XAce@@UEAAXJ@Z
?SetFlags@CNtAce@@UEAAXJ@Z
?SetFloat@CVar@@QEAAXM@Z
?SetFloatAt@CSafeArray@@QEAAHHM@Z
?SetGrowGranularity@CSafeArray@@QEAAXH@Z
?SetLong@CVar@@QEAAXJ@Z
?SetLongAt@CSafeArray@@QEAAHHJ@Z
?SetMilliseconds@CWbemInterval@@QEAAXK@Z
?SetRawArrayMaxElement@CSafeArray@@QEAAXH@Z
?SetShort@CVar@@QEAAXF@Z
?SetShortAt@CSafeArray@@QEAAHHF@Z
?SetSize@CFlexArray@@QEAAXH@Z
?SetTraceLevel@CWMITraceSettings@@QEAAXE@Z
?SetWord@CVar@@QEAAXG@Z
?Size@CFlexArray@@QEBAHXZ
?Size@CSafeArray@@QEAAHXZ
?Size@CSmallArrayBlob@@QEBAHXZ
?Size@CWStringArray@@QEBAHXZ
?Status@CSafeArray@@QEAAHXZ
?Status@CVar@@QEAAHXZ
?Status@CVarVector@@QEAAHXZ
?Unaccess@CSafeArray@@QEAAJXZ
?Unqueue@CFlexQueue@@QEAAPEAXXZ
?WbemSysFreeString@CWin32DefaultArena@@SAXPEAG@Z
?isValid@CHaltable@@QEAA_NXZ
DllRegisterServer
DllUnregisterServer
DredgeRA
GetSystemEventsForShutdown
IsImproperShutdownDetected
IsShutDown
MoveToAlone
MoveToShared
ServiceMain

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbem/wmitimep.dll
.dll regsvr32 windows:10 windows x64 arch:x64

1147af12522c0e6dfc7b8cc9bf475447

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wmitimep.pdb

Imports

msvcrt

__dllonexit
_onexit
_CxxThrowException
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memset
_initterm
malloc
free
memcpy
_amsg_exit
_XcptFilter
_vsnwprintf
__C_specific_handler
_purecall
__CxxFrameHandler3
sscanf_s
atol
_vsnprintf
iswspace

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc

api-ms-win-core-localization-l1-2-0

LCMapStringW

oleaut32

SysAllocString
VariantInit
VariantClear
VariantChangeType

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
InitializeCriticalSection

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
LocalFileTimeToFileTime

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTime
GetVersion
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
CreateThread
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-debug-l1-1-0

DebugBreak

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoInitializeEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

wbemcomn

??0QL1_Parser@@QEAA@PEAVCGenLexSource@@@Z
??1QL1_Parser@@UEAA@XZ
?Parse@QL1_Parser@@QEAAHPEAPEAUQL_LEVEL_1_RPN_EXPRESSION@@@Z
??1QL_LEVEL_1_RPN_EXPRESSION@@QEAA@XZ
?Remove@CTimerGenerator@@QEAAJPEAVCInstructionTest@@@Z
?Set@CTimerGenerator@@QEAAJPEAVCTimerInstruction@@VCWbemTime@@@Z
??0CTimerGenerator@@QEAA@XZ
??1CTimerGenerator@@UEAA@XZ
?Write@CMemoryLog@@QEAAXJ@Z
GetMemLogObject
??1CIdentityTest@@QEAA@XZ
??0CIdentityTest@@QEAA@PEAVCTimerInstruction@@@Z
?MarkForRemoval@CTimerInstruction@@UEAAJXZ
??1CTimerInstruction@@UEAA@XZ
??1CInCritSec@@QEAA@XZ
??0CInCritSec@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1CCritSec@@QEAA@XZ
??0CCritSec@@QEAA@XZ
??0CStaticCritSec@@QEAA@XZ
??1CStaticCritSec@@QEAA@XZ
?anyFailure@CStaticCritSec@@SAHXZ
?InternalRelease@CUnkInternal@@QEAAKXZ
??0CUnkInternal@@QEAA@PEAVCLifeControl@@@Z
??1CUnkInternal@@UEAA@XZ
?QueryInterface@CUnkInternal@@UEAAJAEBU_GUID@@PEAPEAX@Z
?AddRef@CUnkInternal@@UEAAKXZ
?Release@CUnkInternal@@UEAAKXZ
?Add@CFlexArray@@QEAAHPEAX@Z
??ACFlexArray@@QEAAAEAPEAXH@Z
??0QL_LEVEL_1_TOKEN@@QEAA@AEBU0@@Z
??1QL_LEVEL_1_TOKEN@@QEAA@XZ
?Empty@CFlexArray@@QEAAXXZ
?SetAt@CFlexArray@@QEAAXHPEAX@Z
??1CFlexArray@@QEAA@XZ
?GetAt@CFlexArray@@QEBAPEAXH@Z
?GetStringAt@CPropertyName@@QEBAPEBGJ@Z
?WbemHeapInitialize@CWin32DefaultArena@@SAHPEAX@Z
?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z
??0CFlexArray@@QEAA@HH@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbem/wmiutils.dll
.dll regsvr32 windows:10 windows x64 arch:x64

0d31e6d27b954ad879cb4df742982f1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wmiutils.pdb

Imports

msvcrt

_initterm
_lock
_unlock
_XcptFilter
_purecall
??1type_info@@UEAA@XZ
malloc
free
swscanf
printf
__dllonexit
memcpy
__CxxFrameHandler3
_amsg_exit
_CxxThrowException
iswspace
wcschr
_ui64tow_s
_i64tow_s
sscanf_s
wcstombs
_wtoi64
__C_specific_handler
_vsnwprintf
_onexit
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
LoadStringW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyExW

oleaut32

SysFreeString
SysAllocString
VariantChangeType
VariantClear
VariantInit
VariantChangeTypeEx

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-localization-l1-2-0

LCMapStringW
FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

wbemcomn

ReadUI64
?Empty@CWStringArray@@QEAAXXZ
?Add@CWStringArray@@QEAAHPEBG@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z
?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z
ReadI64
??0CWStringArray@@QEAA@HH@Z
??1CStaticCritSec@@QEAA@XZ
??0CStaticCritSec@@QEAA@XZ
?GetAt@CFlexArray@@QEBAPEAXH@Z
?Empty@CFlexArray@@QEAAXXZ
?RemoveAt@CFlexArray@@QEAAHH@Z
??ACFlexArray@@QEAAAEAPEAXH@Z
??1CFlexArray@@QEAA@XZ
??0CFlexArray@@QEAA@HH@Z
?InsertAt@CFlexArray@@QEAAHHPEAX@Z
BreakOnDbgAndRenterLoop
?anyFailure@CStaticCritSec@@SAHXZ
??1CWStringArray@@QEAA@XZ

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e13c2bc4f0c9ed9f72b86e3c4cff318

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

14:1c:1d:cd:3d:ac:b4:a1:f3:e7:37:e8:fd:fe:5b:54:98:93:fe:d6:65:a1:29:1b:16:d6:a8:76:7f:ea:09:45Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

kernel32

ole32

shlwapi

user32

oleaut32

ext-ms-win-session-winsta-l1-1-0

api-ms-win-core-path-l1-1-0

bcrypt

api-ms-win-core-winrt-l1-1-0

Exports

Exports

Sections

.text Size: 323KB - Virtual size: 322KB

.rdata Size: 187KB - Virtual size: 187KB

.data Size: 16KB - Virtual size: 18KB

.pdata Size: 11KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 288B

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 2KB - Virtual size: 2KB

e1921d401583d0d512d1a8ec5d16429d

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

cf:a9:89:3e:54:6d:6f:75:5c:91:6f:ac:bb:dd:61:33:17:ae:ce:0d:c6:49:51:5a:d3:7d:08:6a:05:56:28:d6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

user32

ole32

oleaut32

shell32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 9KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 908B

7191a261b3387fac5d34de51cc114558

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

a6:80:c2:2c:12:08:b8:ec:12:18:36:23:4f:f9:81:ae:ed:65:90:87:1d:ea:2d:12:89:14:da:1b:16:fc:31:33Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

14:1c:1d:cd:3d:ac:b4:a1:f3:e7:37:e8:fd:fe:5b:54:98:93:fe:d6:65:a1:29:1b:16:d6:a8:76:7f:ea:09:45
Signer

.text
Size: 323KB - Virtual size: 322KB

.rdata
Size: 187KB - Virtual size: 187KB

.data
Size: 16KB - Virtual size: 18KB

.pdata
Size: 11KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 288B

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 2KB - Virtual size: 2KB

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

cf:a9:89:3e:54:6d:6f:75:5c:91:6f:ac:bb:dd:61:33:17:ae:ce:0d:c6:49:51:5a:d3:7d:08:6a:05:56:28:d6
Signer

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 9KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 908B

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

a6:80:c2:2c:12:08:b8:ec:12:18:36:23:4f:f9:81:ae:ed:65:90:87:1d:ea:2d:12:89:14:da:1b:16:fc:31:33
Signer

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 464B

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

80:73:5a:23:bf:1a:58:89:95:95:90:3b:19:ea:e0:5e:84:58:61:c9:f6:15:ea:0f:f7:95:af:b0:f3:b0:c3:f1
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 604B

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

ba:ba:82:81:21:10:18:f7:bf:c3:49:43:3f:5e:5e:94:b7:f8:84:57:0f:a9:50:69:78:a1:23:88:55:7e:88:e1
Signer

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 3KB