SRTWARE LOADER[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

SRTWARE LOADER.zip
Size

2.0MB
MD5

4c7a5f378bb2c7828afac7e6ded2da3e
SHA1

5dceb0f41c0642460baf963c3e5ca2a5c1a43305
SHA256

b5f49743e9537684fc2980a4082f8f69a541d961136fa8177f08c673fc064b40
SHA512

983ef330203600268592bdfabb83f4591700b244e9e70974c04933c1fb598ce01afeb6e05e1f3d52803721ec43c43d0646ce7f8631e547ba408f53daa8689376
SSDEEP

49152:lUhTQ0+GZm8e8xVuqBQhFGFXreXyvBYDuDPgyCViF:Cd+GZv7xVRBQmpreXySDuf

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/resources/rasplap.dll
unpack001/resources/rasppp.dll
unpack001/resources/rastapi.dll
unpack001/resources/rastls.dll
unpack001/resources/rastlsext.dll
unpack001/resources/rdbui.dll
unpack001/resources/rdpcfgex.dll
unpack001/srtware loader.exe

Files

SRTWARE LOADER.zip
.zip

Password: srtware
resources/d3d9.bin
resources/rasplap.dll
.dll windows:10 windows x64 arch:x64

Password: srtware

66ac737d2c5b05f68c80cf237e48d28a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rasplap.pdb

Imports

msvcrt

_vsnprintf
__CxxFrameHandler3
_strnicmp
_vsnwprintf
memcpy_s
strtoul
_ltoa
calloc
strchr
wcsstr
strrchr
_local_unwind
memcmp
memcpy
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
malloc
_wcsicmp
wcschr
qsort
_wtol
_wcsnicmp
atol
_mbscspn
wcsnlen
_ultoa_s
memset

ntdll

NtQueryInformationToken
RtlInitString
RtlNtStatusToDosError
DbgPrint
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

advapi32

OpenThreadToken
OpenProcessToken
AdjustTokenPrivileges
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RevertToSelf
ImpersonateLoggedOnUser
CheckTokenMembership
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
EventWriteTransfer
SetSecurityDescriptorOwner
AllocateAndInitializeSid
SetNamedSecurityInfoW
FreeSid
InitializeSecurityDescriptor
InitializeAcl
CredProtectW
CredIsProtectedW
CryptReleaseContext
CryptGetProvParam
CryptAcquireContextW
CryptGetKeyParam
CryptGetUserKey
CryptDestroyKey
GetTokenInformation
RegConnectRegistryW
GetLengthSid
AddAccessAllowedAce
SetSecurityDescriptorGroup
TraceMessage

user32

CharNextW
CharPrevW
LoadBitmapW
GetSystemMetrics

rtutils

TraceDeregisterExA
TraceRegisterExA
TracePrintfExA

kernel32

CompareStringW
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
Sleep
GetLastError
CloseHandle
CreateThread
LocalFree
GetComputerNameW
GetProcAddress
FreeLibrary
LoadLibraryExW
WaitForSingleObject
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InitializeCriticalSectionAndSpinCount
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
HeapFree
lstrlenW
HeapAlloc
GetProcessHeap
WideCharToMultiByte
CompareFileTime
FindFirstFileW
RegQueryValueExW
GetFullPathNameW
FindNextFileW
RegDeleteValueW
RegOpenKeyExW
CreateMutexW
lstrlenA
FindClose
ReleaseMutex
GetSystemDirectoryW
CompareStringA
GetCurrentThread
GlobalAlloc
GlobalFree
OpenMutexW
lstrcmpW
GlobalReAlloc
GetFinalPathNameByHandleW
CreateFileW
GetFileInformationByHandle
CopyFileW
SetFileInformationByHandle
RegCreateKeyExW
DeleteFileW
RegDeleteKeyExW
InitializeCriticalSection
SystemTimeToFileTime
GetSystemTime
GetSystemWindowsDirectoryW
lstrcmpiW
GetModuleHandleExW
CreateDirectoryW
LockResource
LoadResource
FindResourceW
RegEnumKeyExW
GetProductInfo
GetVersionExW
RegSetValueExW
DeleteCriticalSection
DelayLoadFailureHook
GetFileType
ReadFile
WriteFile
ResolveDelayLoadedAPI

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

rpcrt4

UuidCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/rasppp.dll
.dll windows:10 windows x64 arch:x64

Password: srtware

bbfeab030a9e516b0728f60d6f741d82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rasppp.pdb

Imports

msvcrt

_XcptFilter
memcmp
atol
_ltoa
wcschr
atoi
memcpy_s
mbstowcs
strtok
_itoa_s
isdigit
__C_specific_handler
_initterm
_stricmp
_vsnprintf
iswctype
_vsnwprintf
strstr
rand
time
srand
_amsg_exit
free
memcpy
malloc
wcsstr
_wcslwr
_wcsicmp
_strnicmp
strchr
memset

ntdll

RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv6StringToAddressA
RtlTimeToSecondsSince1970
RtlLocalTimeToSystemTime
RtlTimeFieldsToTime
RtlGetVersion
RtlGetNtProductType
RtlNtStatusToDosError
RtlQueueWorkItem
RtlInitUnicodeString

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
HeapDestroy
HeapCreate

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateEventA
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjectsEx

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegOpenKeyExW
RegSetValueExW
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegNotifyChangeKeyValue
RegQueryValueExW
RegQueryInfoKeyA
RegDeleteValueW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
ExitThread
CreateThread

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryA
GetSystemTime
GetLocalTime
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

ws2_32

inet_addr
htonl
ntohl

rpcrt4

UuidCreate

netutils

NetApiBufferFree

wkscli

NetWkstaTransportEnum

crypt32

CryptProtectData
CryptUnprotectData

dnsapi

DnsSetConfigDword

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameA

api-ms-win-core-registry-l2-1-0

RegCreateKeyW
RegOpenKeyA

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA

cryptsp

CryptAcquireContextA
CryptReleaseContext
CryptGenRandom

rasapi32

RasSetEapUserDataAEx

rtutils

TraceDeregisterA
TraceRegisterExA
LogEventW
TraceVprintfExA
RouterLogEventA
RouterLogEventStringA
RouterLogDeregisterA
RouterLogEventW
RouterLogRegisterA
TraceDeregisterExA

eappcfg

EapHostPeerFreeErrorMemory
EapHostPeerQueryUIBlobFromInteractiveUIInputFields
EapHostPeerGetMethods
EapHostPeerFreeMemory
EapHostPeerQueryInteractiveUIInputFields
EapHostPeerQueryUserBlobFromCredentialInputFields

eappprxy

EapHostPeerBeginSession
EapHostPeerClearConnection
EapHostPeerEndSession
EapHostPeerProcessReceivedPacket
EapHostPeerGetResult
EapHostPeerSetResponseAttributes
EapHostPeerGetSendPacket
EapHostPeerGetUIContext
EapHostPeerGetResponseAttributes
EapHostPeerSetUIContext
EapHostPeerFreeEapError

rasman

RasBundleGetPort
RasPortGetStatisticsEx
RasDeAllocateRoute
RasPortGetBundle
RasProtocolStarted
RasCompressionSetInfo
RasInitializeNoWait
RasGetBuffer
RasSetConnectionUserData
RasActivateRoute
RasPortGetProtocolCompression
RasGetTimeSinceLastActivity
RasCompressionGetInfo
RasGetInfo
RasPortCancelReceive
RasPortSetProtocolCompression
RasFreeBuffer
RasGetConnectInfo
RasAllocateRoute
RasFreeInterfaceLuidIndex
RasPortSend
RasSendProtocolResultToRasman
RasGetPortUserData
RasUpdateDefaultRouteSettings
RasPortBundle
RasSetEapInfo
RasPortConnectComplete
RasPortDisconnect
RasPortClose
RasProtocolStart
RasPortSetFraming
RasAllocInterfaceLuidIndex
RasGetFramingCapabilities
RasPortSetFramingEx

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

iphlpapi

GetIpForwardTable
DeleteIpForwardEntry
SetIpForwardEntry
GetIpAddrTable
GetPerAdapterInfo
SetCurrentThreadCompartmentId
ConvertIpv4MaskToLength
GetAdaptersInfo
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid
GetCurrentThreadCompartmentId

api-ms-win-security-lsapolicy-l1-1-0

LsaRetrievePrivateData
LsaClose
LsaOpenPolicy
LsaFreeMemory

nsi

NsiGetParameter
NsiSetAllParametersEx
NsiGetAllParametersEx
NsiGetParameterEx

dhcpcsvc

DhcpRequestParams

Exports

Exports

InitializeProtocolEngine
InitializeServerProtocolEngine
PppStop
RasCpEnumProtocolIds
RasCpGetInfo
SendMessageToProtocolEngine
UninitializeProtocolEngine
UninitializeServerProtocolEngine

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/rastapi.dll
.dll windows:10 windows x64 arch:x64

Password: srtware

6ca60bdf616193713803642d29f451ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rastapi.pdb

Imports

msvcrt

memmove
memcpy
__C_specific_handler
mbstowcs_s
wcstoul
_initterm
_amsg_exit
_XcptFilter
malloc
atol
atoi
_wcsicmp
free
_strcmpi
wcsstr
_ltoa
strstr
strlen
_stricmp
_vsnprintf
_vsnwprintf
memset
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-service-winsvc-l1-1-0

NotifyServiceStatusChangeA
OpenSCManagerA
QueryServiceStatus
OpenServiceA
StartServiceA
ChangeServiceConfigA

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExA

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA

api-ms-win-core-synch-l1-1-0

CreateEventA
EnterCriticalSection
SetEvent
WaitForSingleObjectEx
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexA
DeleteCriticalSection
LeaveCriticalSection

api-ms-win-core-io-l1-1-0

GetOverlappedResult
GetQueuedCompletionStatus
DeviceIoControl
PostQueuedCompletionStatus
CreateIoCompletionPort

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
ExitThread
GetCurrentProcess
TerminateProcess
CreateThread
TerminateThread
GetCurrentThreadId
CreateProcessA

api-ms-win-service-management-l1-1-0

CloseServiceHandle

api-ms-win-core-file-l1-1-0

CreateFileA
CreateFileW
DefineDosDeviceW
ReadFile
WriteFile

api-ms-win-core-com-l1-1-0

StringFromGUID2

api-ms-win-core-comm-l1-1-0

GetCommState
SetCommTimeouts
PurgeComm
SetCommState
SetupComm

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

rtutils

TraceRegisterExA
TraceDeregisterA
TracePrintfExA
TracePrintfA
TraceVprintfExA

devobj

DevObjEnumDeviceInterfaces
DevObjDestroyDeviceInfoList
DevObjGetClassDevs
DevObjCreateDeviceInfoList
DevObjGetDeviceInterfaceDetail

api-ms-win-devices-config-l1-1-1

CM_Open_DevNode_Key
CM_Locate_DevNodeW
CM_MapCrToWin32Err
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-localization-l1-2-0

GetACP

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

Exports

Exports

AddPorts
CheckRasmanDependency
DeviceConnect
DeviceDone
DeviceEnum
DeviceGetDevConfig
DeviceGetDevConfigEx
DeviceGetInfo
DeviceListen
DeviceSetDevConfig
DeviceSetInfo
DeviceWork
EnableDeviceForDialIn
GetConnectInfo
GetZeroDeviceInfo
InitializeDriverIoControl
PortChangeCallback
PortClearStatistics
PortClose
PortCompressionSetInfo
PortConnect
PortDisconnect
PortEnum
PortGetIOHandle
PortGetInfo
PortGetPortState
PortGetStatistics
PortInit
PortOpen
PortOpenExternal
PortReceive
PortReceiveComplete
PortSend
PortSetFraming
PortSetInfo
PortSetIoCompletionPort
PortTestSignalState
RasTapiIsPulseDial
RastapiGetCalledID
RastapiSetCalledID
RefreshDevices
RemovePort
SetCommSettings
UnloadRastapiDll
UpdateTapiService

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/rastls.dll
.dll windows:10 windows x64 arch:x64

Password: srtware

d5e05d33b3463b32fb99f57c0a6a2d0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rastls.pdb

Imports

msvcrt

_CxxThrowException
wcsncat_s
memcmp
sprintf_s
sscanf_s
strncpy_s
memcpy
memmove
memset
strcmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
strchr
_lock
__C_specific_handler
_initterm
malloc
_amsg_exit
strcat_s
strncat_s
_XcptFilter
free
_vsnwprintf
strcpy_s
_wtol
_callnewh
strnlen
_purecall
_ltow
wcscspn
_errno
_snwprintf_s
asctime
wcsnlen
__CxxFrameHandler3
wcsncpy_s
localtime
time
wcsstr
wcschr
swprintf_s
wcstok
_wcslwr
wcscat_s
wcscpy_s
_wcsicmp
memcpy_s
wcscmp

ntdll

NtQueryWnfStateData
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlRunDecodeUnicodeString
WinSqmAddToStream

crypt32

CertOpenStore
CertGetNameStringW
CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertFreeCertificateChain
CryptProtectData
CertSetCertificateContextProperty
CertVerifyCertificateChainPolicy
CertCloseStore
CryptBinaryToStringW
CertNameToStrW
CertCreateCertificateContext
CertCompareCertificateName
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertFindChainInStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CryptEnumOIDInfo
CertControlStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CryptDecodeObject
CryptDecodeObjectEx
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertFreeCertificateChainList
CertCreateCertificateChainEngine
CertGetPublicKeyLength
CertVerifyTimeValidity
CryptAcquireCertificatePrivateKey
CertSelectCertificateChains
CryptUnprotectData
CertFindExtension

api-ms-win-security-credentials-l1-1-0

CredDeleteW
CredWriteA
CredUnprotectW
CredProtectW
CredIsProtectedW
CredMarshalCredentialW
CredFree
CredWriteW

api-ms-win-core-registry-l1-1-0

RegLoadMUIStringW
RegLoadKeyW
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExW
RegGetValueW
RegCloseKey
RegUnLoadKeyW
RegQueryValueExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
ReleaseMutex
OpenSemaphoreW
InitializeCriticalSectionEx
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreExW
AcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateProcess
SetThreadToken
GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
GetTokenInformation
CheckTokenMembership
RevertToSelf

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableFlags

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
LoadStringW
FreeLibrary

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemTime
GetTickCount

wkscli

NetGetJoinInformation

api-ms-win-core-file-l1-1-0

CreateFileW
FileTimeToLocalFileTime
CompareFileTime

api-ms-win-core-synch-l1-2-0

Sleep

netutils

NetApiBufferFree

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoGetClassObject
CoCreateInstance
CoRevertToSelf
CoImpersonateClient

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-security-activedirectoryclient-l1-1-0

DsFreeNameResultW
DsUnBindW
DsCrackNamesW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-psapi-ansi-l1-1-0

K32GetModuleBaseNameA

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW

Exports

Exports

EapTls_SaveUserCredentials
RasEapCreateConnectionProperties
RasEapCreateConnectionProperties2
RasEapCreateConnectionPropertiesXml
RasEapCreateMethodConfiguration
RasEapCreateUserProperties
RasEapCreateUserProperties2
RasEapFreeMemory
RasEapGetConfigBlobAndUserBlob
RasEapGetCredentials
RasEapGetIdentity
RasEapGetIdentityPageGuid
RasEapGetInfo
RasEapGetMethodProperties
RasEapGetNextPageGuid
RasEapInvokeConfigUI
RasEapInvokeInteractiveUI
RasEapQueryCredentialInputFields
RasEapQueryInteractiveUIInputFields
RasEapQueryUIBlobFromInteractiveUIInputFields
RasEapQueryUserBlobFromCredentialInputFields
RasEapSetRetryFlag
RasEapUpdateServerConfig

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/rastlsext.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: srtware

07d0eb6d3e67b3c9a519054269167516

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rastlsext.pdb

Imports

msvcrt

_onexit
__C_specific_handler
__RTDynamicCast
_unlock
wcscat_s
_purecall
free
malloc
_wtol
wcscspn
?terminate@@YAXXZ
_wcsicmp
_vsnwprintf
_CxxThrowException
memcpy_s
_callnewh
swprintf_s
__CxxFrameHandler3
wcschr
strncpy_s
_lock
_XcptFilter
_amsg_exit
_initterm
??1type_info@@UEAA@XZ
_errno
__dllonexit
realloc
strcmp
memset
memmove
sscanf_s
memcpy
wcsncpy_s
wcsncat_s
wcscpy_s
memcmp
wcscmp

ntdll

WinSqmAddToStream
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter

crypt32

CryptDecodeObjectEx
CertSetCertificateContextProperty
CertFindChainInStore
CertDeleteCertificateFromStore
CertCreateCertificateContext
CryptEnumOIDInfo
CertFindExtension
CertVerifySubjectCertificateContext
CertCompareCertificateName
CertGetNameStringW
CertFreeCertificateChain
CertEnumCertificatesInStore
CertFreeCertificateChainList
CertVerifyTimeValidity
CertGetCertificateChain
CertSelectCertificateChains
CertGetEnhancedKeyUsage
CryptDecodeObject
CryptProtectData
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CryptAcquireCertificatePrivateKey
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadLibraryExW
FreeLibrary
GetModuleHandleW
LockResource
GetProcAddress
SizeofResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateEventW
DeleteCriticalSection
SetEvent
CreateSemaphoreExW
ReleaseSemaphore
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseMutex
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
EnterCriticalSection
AcquireSRWLockExclusive

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemRealloc
CLSIDFromString
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CoGetClassObject

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegLoadMUIStringW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
CreateThread
GetCurrentProcessId

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW
GetSystemTime

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

rtutils

TraceRegisterExA
TraceDumpExA
TraceDeregisterExA

api-ms-win-security-credentials-l1-1-0

CredFree
CredMarshalCredentialW

ncrypt

NCryptOpenStorageProvider
NCryptGetProperty
NCryptFreeObject
NCryptSetProperty
NCryptFreeBuffer
NCryptEnumKeys
NCryptOpenKey

api-ms-win-core-file-l1-1-0

CreateFileW
FileTimeToLocalFileTime
CompareFileTime

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

sspicli

FreeCredentialsHandle

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l2-1-0

RegConnectRegistryW

api-ms-win-core-psapi-ansi-l1-1-0

K32GetModuleBaseNameA

cryptsp

CryptDestroyKey
CryptGetProvParam
CryptGetUserKey
CryptGetKeyParam
CryptAcquireContextW
CryptReleaseContext

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RasTlsExt_FreeMemory
RasTlsExt_GetConfigCacheOnlyCertValidation
RasTlsExt_GetConfigForceNotDomainJoined
RasTlsExt_GetPinUserBlob
RasTlsExt_GetServerCertDetails
RasTlsExt_PackUserBlob
RasTlsExt_SelectCertificate
RasTlsExt_ShowHelp
RasTlsExt_UnpackUserBlob
RasTlsExt_ValidateServer
RasTlsExt_ValidateServerDialogProc

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/rdbui.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: srtware

fa7f9ba341c183d634dfd2e90c2b8665

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rdbui.pdb

Imports

msvcrt

_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
_vsnprintf
isprint
iswascii
_wcsnicmp
wcschr
wcsstr
strnlen
strchr
strstr
_wfopen
fprintf
qsort
_wcsupr
_XcptFilter
fclose
srand
_amsg_exit
bsearch
wcsnlen
_initterm
free
wcscat_s
_wcsupr_s
wcsncmp
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
__CxxFrameHandler3
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
malloc
_lock
_unlock
__dllonexit
_onexit
__iob_func
powf
memset
_strupr
wcscpy_s
_purecall
memmove
memcpy
_wcsicmp
_vsnwprintf
fopen
memcpy_s
_errno
wcstok
memcmp
log
__C_specific_handler
memmove_s
exp
_wtof
_wtoi
sqrt

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory
RtlRandom
RtlInitUnicodeStringEx
RtlFreeUnicodeString
NtQueryInformationThread
RtlDecompressBufferEx
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
NtSetInformationThread
NtQueryInformationProcess
RtlQueryPackageIdentity
NtQueryVirtualMemory
NtSetInformationProcess
NtQueryValueKey
NtCreateKey
RtlDosPathNameToNtPathName_U
RtlRandomEx
RtlFindClearBitsAndSet
RtlInitializeBitMap
RtlClearBits
NtAllocateVirtualMemory
NtFreeVirtualMemory
RtlVirtualUnwind
NtSetInformationFile
NtOpenFile
NtCreateFile
NtQueryObject
NtQueryVolumeInformationFile
RtlAreBitsClear
RtlRaiseException
RtlFindClearBits
RtlSetAllBits
RtlFindSetBits
RtlInterlockedSetBitRun
RtlAreBitsSet
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
RtlNumberOfSetBits
RtlSetBits
RtlTestBit
RtlClearAllBits
RtlNumberOfSetBitsInRange
RtlNtStatusToDosError
RtlComputeCrc32
RtlGetVersion
NtClose
RtlImageNtHeader
NtDeviceIoControlFile
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlAcquireSRWLockExclusive
NtPowerInformation
RtlReleaseSRWLockExclusive
RtlInitUnicodeString
NtSetSystemInformation
RtlUpcaseUnicodeString
RtlUpcaseUnicodeChar
NtOpenEvent
NtOpenKey
NtQuerySystemInformation
RtlInitializeSRWLock
NtReadFile

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
DisableThreadLibraryCalls
SizeofResource
GetModuleHandleW
LoadStringW
GetProcAddress
LoadResource
LockResource

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapDestroy
HeapCreate

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSection
CreateWaitableTimerExW
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
CreateEventW
CreateMutexExW
CreateSemaphoreExW
InitializeCriticalSectionEx
AcquireSRWLockShared
SetEvent
ResetEvent
DeleteCriticalSection
ReleaseSRWLockShared

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
GetCurrentThread
CreateThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetCurrentProcessId
OpenThread
TerminateProcess
ResumeThread
OpenThreadToken

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime

api-ms-win-core-registry-l1-1-0

RegCopyTreeW
RegGetValueW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-security-base-l1-1-0

CopySid
FreeSid
IsValidSid
GetTokenInformation
AllocateAndInitializeSid
RevertToSelf
AdjustTokenPrivileges
AddAccessAllowedAceEx
GetLengthSid
EqualSid
InitializeAcl
ImpersonateSelf

api-ms-win-core-file-l1-1-0

CreateFileW
SetFileInformationByHandle
FindNextFileW
DeleteFileW
WriteFile
FileTimeToLocalFileTime
CompareFileTime
ReadFile
GetFileTime
FindFirstFileExW
SetEndOfFile
SetFilePointerEx
GetFinalPathNameByHandleW
GetFileSizeEx
FindClose
GetFileSize
FindFirstFileW

api-ms-win-core-memory-l1-1-0

VirtualFree
FlushViewOfFile
MapViewOfFile
UnmapViewOfFile
VirtualProtect
VirtualAlloc
CreateFileMappingW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventEnabled
EventRegister
EventWriteTransfer
EventWrite

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-eventing-controller-l1-1-0

ControlTraceW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceEvent
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcStringFreeW
NdrClientCall3

api-ms-win-eventing-consumer-l1-1-0

CloseTrace
ProcessTrace
OpenTraceW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
WTSGetActiveConsoleSessionId

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
FindActCtxSectionStringW
CreateActCtxW
ActivateActCtx
QueryActCtxW

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadRef

umpdc

PdcActivationClientRegister
PdcActivationClientUnregister

powrprof

PowerSettingRegisterNotificationEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RDBMgmtLaunchPropertiesW

Sections

.text
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 431B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/rdp4vs.dll
.dll windows:10 windows x64 arch:x64

Password: srtware

f4d1dba1b86db83b7a47070758a87b4d

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-02-2023 00:05

Not After

01-02-2024 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b0:8c:e0:11:66:5d:22:e0:f0:e6:c2:63:f8:b4:1a:5e:34:80:f8:fa:d6:9b:5e:eb:c6:b8:84:e8:15:d3:d4:af
Signer

Actual PE Digest

b0:8c:e0:11:66:5d:22:e0:f0:e6:c2:63:f8:b4:1a:5e:34:80:f8:fa:d6:9b:5e:eb:c6:b8:84:e8:15:d3:d4:af

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rdp4vs.pdb

Imports

msvcrt

swprintf_s
_wcsicmp
wcsstr
_create_locale
_iswdigit_l
memmove
_free_locale
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
setlocale
__pctype_func
___lc_handle_func
___lc_codepage_func
calloc
___mb_cur_max_func
_errno
_ismbblead
__uncaught_exception
abort
memset
_wcsdup
memcpy
__crtLCMapStringW
_wsetlocale
?terminate@@YAXXZ
__CxxFrameHandler3
_CxxThrowException
_aligned_malloc
??_V@YAXPEAX@Z
_aligned_free
wcscpy_s
malloc
??3@YAXPEAX@Z
_callnewh
_purecall
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
_XcptFilter
_amsg_exit
free
_initterm
__C_specific_handler
_lock
??1type_info@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_onexit
__dllonexit
_wcstoul_l
_unlock
wcscmp

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExA
GetProcAddress

oleaut32

SysFreeString
VariantInit
SysAllocStringByteLen
VariantClear

crypt32

CryptStringToBinaryW
CryptImportPublicKeyInfoEx2
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateContext

ws2_32

closesocket
WSADuplicateSocketW
WSASocketW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

rdpbase

PAL_System_CritSecTerminate
PAL_System_CritSecEnter
MemMoveReverseAligned_SSE
GetSupportedSSELevel_SSE
PAL_System_AtomicIncrement
PAL_System_AtomicDecrement
PAL_System_CritSecLeave
PAL_System_CritSecInit
RDPENCGDIHLP_ValidatePointerParams
RDPENCGDIHLP_FlipBitmapBitsInPlace
DrawIconToPixelMap
RDPENCHLPWSErr2Hr
MemCopyAligned_SSE
RDPBASE_CreateInstance

rdpserverbase

CUpdateContext_CreateInstance
CUpdateDataAccumulator_CreateInstance
RDPSERVERBASE_CreateInstance

bcrypt

BCryptCreateHash
BCryptGetProperty
BCryptFinishHash
BCryptVerifySignature
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptDestroyHash
BCryptHashData

api-ms-win-core-url-l1-1-0

UrlUnescapeW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

Exports

Exports

RDP4VS_CreateInstance

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/rdpbase.dll
.dll windows:10 windows x64 arch:x64

Password: srtware

9c2f6769cb4fb7aa1bd51d1a11861c6d

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:6e:1b:61:09:57:b2:88:c9:1a:e2:5e:1e:4c:60:d1:09:ab:c1:cd:fd:d3:9c:11:0f:6e:8e:b1:5e:b1:d7:d1
Signer

Actual PE Digest

81:6e:1b:61:09:57:b2:88:c9:1a:e2:5e:1e:4c:60:d1:09:ab:c1:cd:fd:d3:9c:11:0f:6e:8e:b1:5e:b1:d7:d1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rdpbase.pdb

Imports

msvcrt

memcpy_s
_aligned_free
_aligned_malloc
_wcsicmp
sprintf_s
__RTDynamicCast
memcmp
memcpy
memmove
memset
??1type_info@@UEAA@XZ
__CxxFrameHandler3
_vsnwprintf
wcstok_s
_itoa_s
_purecall
_wcsnicmp
wcschr
_vsnprintf
realloc
_wfopen_s
fwrite
fclose
printf
rand_s
_snwprintf_s
sqrt
_onexit
__dllonexit
_unlock
wcsnlen
?terminate@@YAXXZ
_ltow_s
wcsrchr
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
malloc
memmove_s
wcscmp

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FreeLibraryAndExitThread
DisableThreadLibraryCalls
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleA
FreeLibrary
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep
WakeConditionVariable
SleepConditionVariableCS
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
SwitchToThread
OpenThread
TlsFree
CreateThread
TlsSetValue
OpenThreadToken
ProcessIdToSessionId
GetExitCodeThread
OpenProcessToken
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsAlloc
TlsGetValue
SetThreadPriority

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetVersion
GetVersionExW
GetLocalTime
GetSystemTime
GetTickCount
GetSystemInfo
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter

ws2_32

WSAGetLastError
GetNameInfoW
ntohs
WSAEnumNetworkEvents
ntohl
htonl
WSALookupServiceNextW
WSALookupServiceEnd
WSANSPIoctl
WSALookupServiceBeginW
getsockname
WSARecv
shutdown
getsockopt
accept
recv
htons
connect
getpeername
WSAStartup
WSACleanup
socket
closesocket
WSASend
send
select
WSAStringToAddressW
WSASocketW
WSAEventSelect
listen
bind
setsockopt
WSAAddressToStringW
WSAIoctl
GetAddrInfoW
FreeAddrInfoW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegGetValueW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
VerSetConditionMask

oleaut32

SysFreeString
VariantChangeType
SysAllocString
VariantClear
VariantCopy
VariantInit
VarBstrCat
SysAllocStringLen
SysStringLen
SysAllocStringByteLen

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

sspicli

InitSecurityInterfaceW
SetContextAttributesW
FreeCredentialsHandle
DecryptMessage
QueryContextAttributesW
LogonUserExExW
AcquireCredentialsHandleW
InitializeSecurityContextW
AcceptSecurityContext
QuerySecurityPackageInfoW
SeciAllocateAndSetIPAddress
SeciFreeCallContext
FreeContextBuffer
LsaLogonUser
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
DeleteSecurityContext
EncryptMessage
LsaCallAuthenticationPackage

crypt32

CertGetNameStringW
CryptAcquireCertificatePrivateKey
CertGetCertificateContextProperty
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CryptStringToBinaryW
CryptUnprotectData
CryptProtectMemory
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventActivityIdControl
EventUnregister

api-ms-win-core-synch-l1-1-0

CreateWaitableTimerExW
OpenEventW
InitializeCriticalSection
SetWaitableTimer
CreateMutexExW
OpenSemaphoreW
LeaveCriticalSection
CancelWaitableTimer
CreateSemaphoreExW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
ResetEvent
SetEvent
ReleaseMutex
WaitForSingleObject
ReleaseSRWLockShared
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
CreateEventW
ReleaseSemaphore
TryEnterCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
InitializeSRWLock
AcquireSRWLockShared
AcquireSRWLockExclusive
DeleteCriticalSection

api-ms-win-core-memory-l1-1-0

VirtualFree
MapViewOfFileEx
UnmapViewOfFile
VirtualAlloc
CreateFileMappingW

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
StartThreadpoolIo
CloseThreadpoolIo
CancelThreadpoolIo
CloseThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolIo
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
WaitForThreadpoolIoCallbacks

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

CreateFileW
WriteFile
ReadFile

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
CreateWaitableTimerW
WaitForMultipleObjects

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
DuplicateToken
GetTokenInformation
GetLengthSid
InitializeSecurityDescriptor
FreeSid
MakeSelfRelativeSD
GetSecurityDescriptorLength
CopySid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl

iphlpapi

CreateSortedAddressPairs
FreeMibTable

api-ms-win-core-com-l1-1-0

CoCreateInstance
CLSIDFromString
StringFromGUID2
IIDFromString
CoCreateGuid

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-namedpipe-l1-1-0

DisconnectNamedPipe
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-security-credentials-l1-1-0

CredUnprotectW
CredProtectW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-util-l1-1-0

Beep

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
GetTimeZoneInformation

cryptbase

SystemFunction036

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptGenerateKeyPair
BCryptGetFipsAlgorithmMode
BCryptCreateHash
BCryptExportKey
BCryptGenerateSymmetricKey
BCryptImportKeyPair
BCryptImportKey
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptFinalizeKeyPair
BCryptDestroyKey
BCryptEncrypt
BCryptDecrypt

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

authz

AuthziSourceAudit

cryptsp

CryptDecrypt
CryptAcquireContextW
CryptGetUserKey
CryptDestroyKey
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptGenRandom

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
GetComputerNameW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-processtopology-obsolete-l1-1-0

SetThreadAffinityMask

ntdll

RtlGetLastNtStatus
RtlVerifyVersionInfo
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW

ncrypt

NCryptDecrypt
NCryptFreeObject
NCryptIsKeyHandle

Exports

Exports

??0CRDPCache@@QEAA@XZ
??0CRDPENCONResolver@@QEAA@XZ
??0NSCodecDecompressor@@QEAA@_N@Z
??0PipeETWEvents@@QEAA@XZ
??0RdpEncodeBuffer@@QEAA@PEAVITSObjectPool@@@Z
??0RdpGfxProtocolBaseDecoder@@IEAA@XZ
??0SSECBCHash2@@QEAA@XZ
??1CRDPCache@@UEAA@XZ
??1CRDPENCONResolver@@QEAA@XZ
??1Evict@@QEAA@XZ
??1RdpGfxProtocolBaseDecoder@@IEAA@XZ
?AddConnection@CRDPENCONResolver@@QEAAJPEAGKH@Z
?AddPortMapping@CRDPENCConnectorStringSerializer@@UEAAJPEAGK@Z
?AlphaCompressor__CreateInstance@@YAJPEAPEAUIRdpImageCompressor@@@Z
?ClearCache@CRDPCache@@UEAAJXZ
?Compress@NSCodecCompressor@@QEAA_NAEBVPixelMap@@_NPEAEIAEAI@Z
?CompressRdp8__CreateInstance@@YAJPEAPEAVIRdpPipeCompress@@I@Z
?CreateInstance@CRDPENCONPort@@SAJPEAUaddrinfo@@HPEAXPEAPEAV1@@Z
?CreateInstance@CRdpGfxCapsSet@@SAJPEAXKPEAPEAUIRdpGfxCapsSet@@@Z
?CreateInstance@Evict@@SAJKKKKKPEAPEAV1@@Z
?CreateInstance@HashTable@@SAJKKPEAPEAUIHashBucket@@@Z
?CreateInstance@NSCodecCompressor@@SA_N_N00EAEAV?$TCntPtr@VNSCodecCompressor@@@@@Z
?CreateInstance@PlanarCompressor@@SAJGGEHHHPEAPEAUIRdpImageCompressor@@@Z
?CreateInstance@RdpEncodeBuffer@@SAJPEAVRdpEncodeBufferPool@@KPEAPEAV1@@Z
?Decompress@NSCodecDecompressor@@QEAA_NPEBEIAEAVPixelMap@@@Z
?DecompressRdp8__CreateInstance@@YAJPEAPEAVIRdpPipeDecompress@@@Z
?Enable@PipeETWEvents@@UEAAJKK@Z
?EvictEntry@Evict@@QEAAPEAU_SCORE_ENTRY@@XZ
?FakeSleep@PipelineClock@@QEAAX_K@Z
?GetFreeEntry@Evict@@QEAAPEAU_SCORE_ENTRY@@XZ
?GetInstance@PipelineClock@@SAAEAV1@XZ
?GetMillisecondCount64@PipelineClock@@QEAA_KXZ
?GetMillisecondCount@PipelineClock@@QEAAIXZ
?GetNext@CRDPENCONIPHelper@@QEAAPEAU_SOCKET_ADDRESS@@XZ
?GetNext@CRDPENCONResolver@@QEAAHPEAPEAUsockaddr@@PEA_K@Z
?GetPortMapping@CRDPENCConnectorStringDeserializer@@QEAAJKPEAPEAGPEAK@Z
?GetTickCount@PipelineClock@@QEAAIXZ
?GetTimeHNS@PipelineClock@@QEAA_JXZ
?HintCoconet__CreateInstance@@YAJPEAPEAVIRdpPipeCompressHintProvider@@@Z
?Initialize@CRDPENCONIPHelper@@QEAAJKHPEAG@Z
?Initialize@PipeETWEvents@@UEAAJPEAUIUnknown@@@Z
?InitializeInstance@CRDPENCConnectorStringSerializer@@UEAAJXZ
?InsertEntry@Evict@@QEAAXPEAU_SCORE_ENTRY@@K@Z
?IsSupportedVersion@CRdpGfxCaps@@SAHK@Z
?IsTestMode@PipelineClock@@QEAA_NXZ
?NSRunLengthDecode@@YAKPEBEKPEAEK@Z
?PAL_System_Win32_IsRunningInAppContainer@@YAHXZ
?ParkEntry@Evict@@QEAAXPEAU_SCORE_ENTRY@@@Z
?ProcessAlignedData_AVX@SSECBCHash2@@AEAAXPEBIIII@Z
?ProcessAlignedData_SSE2@SSECBCHash2@@AEAAXPEBIIII@Z
?ProcessAlignedData_SSE41@SSECBCHash2@@AEAAXPEBIIII@Z
?ProcessUnalignedData_REG@SSECBCHash2@@AEAAXPEBIIII@Z
?PromoteEntry@Evict@@QEAAXKK@Z
?RdpGfxProtocolServerEncoder_CreateInstance@@YAJPEAVIRdpEncoderIO@@PEAPEAVIRdpPipeProtocolEncoderEx@@@Z
?RdpPerfLoggerStaticInitialize@@YAXXZ
?RdpPerfLoggerStaticTerminate@@YAXXZ
?Reset@CRDPCache@@UEAAJI@Z
?SearchCache@CRDPCache@@UEAAJIIPEAPEAUIUnknown@@PEAI@Z
?SetCacheEntry@CRDPCache@@UEAAJIIPEAUIUnknown@@PEAI@Z
?SetConnectorId@CRDPENCConnectorStringSerializer@@UEAAJK@Z
?SetDecodeBuffer@RdpGfxProtocolBaseDecoder@@IEAAXPEBEI@Z
?SetSessionId@CRDPENCConnectorStringSerializer@@UEAAJI@Z
?SortAddresses@CRDPENCONResolver@@QEAAJXZ
?StartEnum@CRDPENCONIPHelper@@QEAAHXZ
?StartEnum@CRDPENCONResolver@@QEAAIXZ
?Terminate@CRDPENCONIPHelper@@QEAAJXZ
?UnevictEntry@Evict@@QEAAXPEAU_SCORE_ENTRY@@@Z
?UpdateKeys@SSECBCHash2@@AEBAXXZ
?XMLDeserialize@CRDPENCConnectorStringDeserializer@@QEAAJPEAG@Z
?XMLSerialize@CRDPENCConnectorStringSerializer@@UEAAJPEAPEAG@Z
?XObjectId_RdpXHttpSession_CreateObject@@YA?AW4_XResult32@@PEAURdpXInterface@@IW4_XInterfaceId32@@PEAPEAX@Z
?XObjectId_RdpXInterfaceUriComponents_CreateObject@@YA?AW4_XResult32@@PEAURdpXInterface@@IW4_XInterfaceId32@@PEAPEAX@Z
?XObjectId_RdpXSecFilterServer_CreateObject@@YA?AW4_XResult32@@PEAURdpXInterface@@IW4_XInterfaceId32@@PEAPEAX@Z
ApplyLuminanceFilter
ApplySobelFilterOnLum
BitmapCombinePlanes
CAPAPI_AddCapSet
CAPAPI_GetCapSet
CAPAPI_InitializeCombinedCaps
CAPAPI_MergeCombinedCaps
CRDPBitmapRecorder_CreateInstance
CRDPCacCodecEncoder_CreateInstance
CRDPCacCodec_CreateInstance
CRDPCacVideoCodecForHardwareClient_CreateInstance
CRDPCacVideoCodec_CreateInstance
CRDPCaps_CreateInstance
CRDPENCGfxEncoder_CreateInstance
CRDPNsCodec_CreateInstance
CRDPPlanarCompressor_CreateInstance
CRdpFIPSEncryption_CreateInstance
DecryptData
DecryptDataEx
DrawBox
DrawHLine
DrawIconToPixelMap
DrawVLine
EncryptClientRandom
EncryptData
ExpandRectForSSE
GetSupportedSSELevel_SSE
GridBA_CreateInstance
MakeSessionKeys
MemCopyAligned_SSE
MemEqual
MemMoveReverseAligned_SSE
PAL_System_AtomicCompareAndExchange
PAL_System_AtomicCompareAndExchangePointer
PAL_System_AtomicDecrement
PAL_System_AtomicExchange
PAL_System_AtomicExchangeAdd
PAL_System_AtomicExchangePointer
PAL_System_AtomicIncrement
PAL_System_Beep
PAL_System_CondAlloc
PAL_System_CondReset
PAL_System_CondSignal
PAL_System_CondWait
PAL_System_ConvertToAndFromWideChar
PAL_System_CreateGuid
PAL_System_CredProtect
PAL_System_CredUnprotect
PAL_System_CritSecEnter
PAL_System_CritSecInit
PAL_System_CritSecIsLockedByCurrentThread
PAL_System_CritSecLeave
PAL_System_CritSecTerminate
PAL_System_CritSecTryEnter
PAL_System_CryptDecryptLegacy
PAL_System_CryptEncrypt
PAL_System_CryptFree
PAL_System_CryptZeroMemory
PAL_System_DebugBreak
PAL_System_DebugOutput
PAL_System_GetComputerName
PAL_System_GetFIPSAlgorithmEnabled
PAL_System_GetLocalSessionId
PAL_System_GetModuleFilename
PAL_System_GetNetworkStatus
PAL_System_GetNumberOfProcessors
PAL_System_GetWindowsProductId
PAL_System_HandleFree
PAL_System_MemAlloc
PAL_System_MemFree
PAL_System_NetworkMonitorInit
PAL_System_NetworkMonitorNotification
PAL_System_NetworkMonitorTerminate
PAL_System_SecureZeroMemory
PAL_System_SemaphoreAcquire
PAL_System_SemaphoreAlloc
PAL_System_SemaphoreRelease
PAL_System_SingleCondWait
PAL_System_Sleep
PAL_System_SwitchToThread
PAL_System_ThreadGetId
PAL_System_TimeGetCurrent
PAL_System_TimeGetDynamicTimeZoneInformation
PAL_System_TimeGetTickCount
PAL_System_TimeGetTickCount64
PAL_System_TimeGetTimeZoneInformation
PAL_System_TimerCancel
PAL_System_TimerDelete
PAL_System_TimerInit
PAL_System_TimerIsSet
PAL_System_TimerSet
PAL_System_WideCharToUnicode16
RDPAPI_GetGenericCounter
RDPAPI_GetGlobalObject
RDPAPI_GetLongCounter
RDPBASE_CreateInstance
RDPCompress
RDPCompressEx
RDPCompress_GetContextSize
RDPCompress_InitRecvContext
RDPCompress_InitSendContext
RDPDeCompress_GetContextSize
RDPDecompress
RDPENCDirectConnector_CreateInstance
RDPENCGDIHLP_FlipBitmapBits
RDPENCGDIHLP_FlipBitmapBitsInPlace
RDPENCGDIHLP_ValidatePointerParams
RDPENCHLPREG_ReadValueDWORD
RDPENCHLPWSErr2Hr
RDPENCHLPWS_GetIPFromAddr
RDPENCHLPWS_GetPortFromAddr
RDPENCHLP_GetInputDesktopName
RDPENCHLP_IsGreaterThanOrEqWin8
RDPENCHLP_IsSessionActive
RDPENCHLP_IsSessionRemote
RDPENCHLP_TraceWindowInfo
RDPENCORE_AddGlobalObject
RDPServerStackDiagnostics_LogCheckpoint
RDPServerStackDiagnostics_LogDisconnect
RDPServerStackDiagnostics_LogFailure
RDPServerStackDiagnostics_Register
RDPServerStackDiagnostics_Unregister
RDPWSStreamConnector_CreateInstance
RDP_HMACMD5Final
RDP_HMACMD5Init
RDP_HMACMD5Update
RDP_MD5Final
RDP_MD5Init
RDP_MD5Update
RDP_RC4
RDP_RC4AllocKey
RDP_RC4FreeKey
RDP_RC4SetKey
RDP_RC4ZeroKey
RDP_RsaBCryptDecryptPrivate
RDP_RsaBCryptGenerateRsaKeyPair
RDP_RsaBCryptPubKeyToBSafePubKey
RDP_RsaBSafeEncPublic
RDP_RsaGetPublicKeyDataLength
RDP_RsaGetPublicKeyLength
RDP_SHAFinal
RDP_SHAInit
RDP_SHAUpdate
RdpIntersectRect
RdpTiledSurface_CreateInstance
RdpUnionRect
RdpX_AtomicDecrement32
RdpX_AtomicIncrement32
RdpX_DateTime_GetHighResolutionTimeSinceReboot
RdpX_DebugBreak
RdpX_GetActivityIdPrefix
RdpX_Threading_CreateCriticalSection
RgnlibBA_CreateInstance
SaveImageToFile
SubtractRects
TRC_TraceBufferW
TSAlloc
TSCreateBaseServices
TSCreateCoreEvents
TSCreatePlatform
TSDbgAssertThread
TSFree
TSRNG_GenerateRandomBits
TsAddRectsToRegion
TsCreateRegion
TsDestroyRegion
TsGetRegionBoundingBox
TsGetRegionRectCount
TsGetRegionRects
TsSetRegionFromRects
UnpackServerCert
UpdateSessionKey
ValidateServerCert

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/rdpcfgex.dll
.dll windows:10 windows x64 arch:x64

189c9143f0eb23ab55e183ed93c10f5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rdpcfgex.pdb

Imports

msvcrt

_initterm
malloc
free
_amsg_exit
_XcptFilter
__C_specific_handler

kernel32

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter

user32

LoadStringW

ntdll

memset

Exports

Exports

ExGetCfgVersionInfo
ExtEncryptionLevels
ExtEnd
ExtGetCapabilities
ExtGetEncryptionLevelAndDescrEx
ExtGetEncryptionLevelDescr
ExtGetSecurityLayerDescrString
ExtGetSecurityLayerName
ExtSecurityLayers
ExtStart

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srtware loader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

srtware.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: srtware

Password: srtware

66ac737d2c5b05f68c80cf237e48d28a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

user32

rtutils

kernel32

api-ms-win-security-sddl-l1-1-0

rpcrt4

Exports

Exports

Sections

.text Size: 181KB - Virtual size: 180KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 512B - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 368B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 204B

Password: srtware

bbfeab030a9e516b0728f60d6f741d82

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-heap-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-1

dsrole

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

ws2_32

rpcrt4

netutils

wkscli

crypt32

dnsapi

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-string-obsolete-l1-1-0

cryptsp

rasapi32

rtutils

eappcfg

eappprxy

rasman

api-ms-win-eventing-classicprovider-l1-1-0

iphlpapi

api-ms-win-security-lsapolicy-l1-1-0

nsi

dhcpcsvc

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 224KB

.text
Size: 181KB - Virtual size: 180KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 512B - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 368B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 204B

.text
Size: 224KB - Virtual size: 224KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 1024B - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 512B - Virtual size: 224B

.text
Size: 166KB - Virtual size: 166KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 224B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 352B