Overview
overview
10Static
static
3Imperium.exe
windows7-x64
10Imperium.exe
windows10-2004-x64
10advpack.dll
windows10-2004-x64
1aeevts.dll
windows10-2004-x64
1aeinv.dll
windows10-2004-x64
1aeinvext.dll
windows10-2004-x64
1aemarebackup.dll
windows10-2004-x64
1aepic.dll
windows10-2004-x64
1agentactiv...me.dll
windows10-2004-x64
1Static task
static1
Behavioral task
behavioral1
Sample
Imperium.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Imperium.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
advpack.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
aeevts.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
aeinv.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
aeinvext.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
aemarebackup.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
aepic.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
agentactivationruntime.dll
Resource
win10v2004-20241007-en
General
-
Target
c859cc3c802763f048ca2be4419e2696b183818ff5dbd80aa455c91208a278c4
-
Size
2.5MB
-
MD5
b92517f43a1d4008515c9f91d055d26f
-
SHA1
fc6e24810f86356e74df241d92b9f03aeaebcf93
-
SHA256
c859cc3c802763f048ca2be4419e2696b183818ff5dbd80aa455c91208a278c4
-
SHA512
29236146075de6215bb425c6e1e162930eaf99d215a0eecd7ae304ca7ea8314b0eb44a940edd382bcf306e5c3fda699ec720dd905390e118d86840f90323cadb
-
SSDEEP
49152:mv0ZGMGEClXTCWYECZVu5Cx7L0V3dyyR4XKo+CsXghlKiA2k0kET1xxsn4:mvCXTAnJdiX23FOaY4ivk0kE1xxT
Malware Config
Signatures
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource unpack001/Imperium.exe unpack001/advpack.dll unpack001/aeevts.dll unpack001/agentactivationruntime.dll
Files
-
c859cc3c802763f048ca2be4419e2696b183818ff5dbd80aa455c91208a278c4.zip
-
Imperium.exe.exe windows:5 windows x86 arch:x86
bf5a4aa99e5b160f8521cadd6bfe73b8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
ole32
OleInitialize
oleaut32
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString
Sections
.text Size: 102KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 759KB - Virtual size: 759KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
PASSWORD.txt
-
advpack.dll.dll windows:10 windows x64 arch:x64
9f54aec8ee18f83bbe291a2f6d33e648
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
advpack.pdb
Imports
msvcrt
__C_specific_handler
_lock
_unlock
_setjmp
__dllonexit
_onexit
wcspbrk
iswalpha
wcschr
wcsncmp
memmove
_initterm
malloc
free
_amsg_exit
_XcptFilter
_ultow_s
longjmp
_wtoi
memcpy_s
_wtol
_vsnwprintf
_vsnprintf
memset
user32
ExitWindowsEx
IsWindow
SendDlgItemMessageW
PeekMessageW
CharNextW
SystemParametersInfoW
CharPrevW
MessageBeep
MessageBoxW
DialogBoxParamW
GetDesktopWindow
SetWindowTextW
CharNextA
DestroyWindow
UpdateWindow
ShowWindow
SetDlgItemTextW
EndDialog
EnableWindow
GetDlgItem
GetDlgItemTextW
SendMessageW
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
OemToCharA
CharUpperW
MsgWaitForMultipleObjects
DispatchMessageW
GetSystemMetrics
CreateDialogParamW
LoadStringW
gdi32
GetStockObject
DeleteObject
GetDeviceCaps
CreateFontIndirectW
kernel32
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetModuleFileNameA
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
ReleaseMutex
OutputDebugStringW
MulDiv
GetDiskFreeSpaceW
EnumResourceLanguagesW
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
WaitForSingleObjectEx
OpenSemaphoreW
HeapFree
GetLastError
LocalFree
GetDriveTypeW
GetEnvironmentVariableW
GetTempPath2W
GetWindowsDirectoryW
GetTempFileNameW
FindResourceW
SizeofResource
LockResource
LoadResource
WritePrivateProfileStringW
CreateFileW
WriteFile
CloseHandle
LocalAlloc
SetFilePointer
GetModuleFileNameW
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
LocalReAlloc
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetFullPathNameW
GetFileAttributesW
CompareStringW
FormatMessageW
GetPrivateProfileIntW
GetCurrentProcess
SearchPathW
GetPrivateProfileStringW
lstrcmpW
FreeLibrary
GetVersionExW
lstrcmpiW
LoadLibraryExW
GetProcAddress
GetShortPathNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetFileSize
GetVolumeInformationW
CreateDirectoryW
SetFileAttributesW
CreateProcessW
CopyFileW
GetPrivateProfileSectionW
LoadLibraryW
CreateFileMappingW
MapViewOfFileEx
SetLastError
UnmapViewOfFile
MoveFileExW
MoveFileW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetSystemInfo
GetCurrentProcessId
GetProcessHeap
GetLocalTime
HeapAlloc
lstrcmpiA
GetProfileStringW
WritePrivateProfileSectionW
GetFileTime
ReadFile
SetFileTime
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
CreateMutexExW
advapi32
AllocateAndInitializeSid
RegUnLoadKeyW
RegLoadKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
OpenProcessToken
RegSaveKeyW
RegFlushKey
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueW
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyW
GetTokenInformation
RegDeleteKeyW
EqualSid
FreeSid
RegQueryInfoKeyW
ole32
OleInitialize
OleUninitialize
CoTaskMemFree
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
setupapi
SetupOpenInfFileW
SetupOpenAppendInfFileW
SetupInstallFromInfSectionW
SetupDefaultQueueCallbackW
SetupCloseFileQueue
SetupCommitFileQueueW
SetupCloseInfFile
SetupTermDefaultQueueCallback
SetupQueueCopyW
SetupOpenFileQueue
SetupGetStringFieldW
SetupFindNextLine
SetupFindFirstLineW
SetupGetLineTextW
SetupSetDirectoryIdW
SetupInitDefaultQueueCallbackEx
shlwapi
StrChrW
ord215
ord217
StrStrIW
StrRChrW
PathRemoveFileSpecW
PathFileExistsW
PathBuildRootW
PathCombineW
PathAddBackslashW
Exports
Exports
AddDelBackupEntry
AddDelBackupEntryA
AddDelBackupEntryW
AdvInstallFile
AdvInstallFileA
AdvInstallFileW
CloseINFEngine
DelNode
DelNodeA
DelNodeRunDLL32
DelNodeRunDLL32A
DelNodeRunDLL32W
DelNodeW
DoInfInstall
DoInfInstallA
DoInfInstallW
ExecuteCab
ExecuteCabA
ExecuteCabW
ExtractFiles
ExtractFilesA
ExtractFilesW
FileSaveMarkNotExist
FileSaveMarkNotExistA
FileSaveMarkNotExistW
FileSaveRestore
FileSaveRestoreA
FileSaveRestoreOnINF
FileSaveRestoreOnINFA
FileSaveRestoreOnINFW
FileSaveRestoreW
GetVersionFromFile
GetVersionFromFileA
GetVersionFromFileEx
GetVersionFromFileExA
GetVersionFromFileExW
GetVersionFromFileW
IsNTAdmin
LaunchINFSection
LaunchINFSectionA
LaunchINFSectionEx
LaunchINFSectionExA
LaunchINFSectionExW
LaunchINFSectionW
NeedReboot
NeedRebootInit
OpenINFEngine
OpenINFEngineA
OpenINFEngineW
RebootCheckOnInstall
RebootCheckOnInstallA
RebootCheckOnInstallW
RegInstall
RegInstallA
RegInstallW
RegRestoreAll
RegRestoreAllA
RegRestoreAllW
RegSaveRestore
RegSaveRestoreA
RegSaveRestoreOnINF
RegSaveRestoreOnINFA
RegSaveRestoreOnINFW
RegSaveRestoreW
RegisterOCX
RegisterOCXW
RunSetupCommand
RunSetupCommandA
RunSetupCommandW
SetPerUserSecValues
SetPerUserSecValuesA
SetPerUserSecValuesW
TranslateInfString
TranslateInfStringA
TranslateInfStringEx
TranslateInfStringExA
TranslateInfStringExW
TranslateInfStringW
UserInstStubWrapper
UserInstStubWrapperA
UserInstStubWrapperW
UserUnInstStubWrapper
UserUnInstStubWrapperA
UserUnInstStubWrapperW
Sections
.text Size: 116KB - Virtual size: 115KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 196B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
aeevts.dll.dll windows:10 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.rdata Size: 4KB - Virtual size: 256B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 32KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
aeinv.dll.dll windows:10 windows x64 arch:x64
54e9f77a6459c60a424282fc4e52dba5
Code Sign
33:00:00:04:a8:82:e6:b8:ac:1c:5d:5f:f0:00:00:00:00:04:a8Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12-09-2024 20:04Not After11-09-2025 20:04SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
bf:59:f4:7f:5f:b7:68:63:f3:21:96:d7:af:62:ec:35:71:c4:24:f3:8f:af:93:93:1d:4c:5e:86:61:3e:91:f1Signer
Actual PE Digestbf:59:f4:7f:5f:b7:68:63:f3:21:96:d7:af:62:ec:35:71:c4:24:f3:8f:af:93:93:1d:4c:5e:86:61:3e:91:f1Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
aeinv.pdb
Imports
msvcrt
islower
_wcsdup
__crtCompareStringW
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
abort
memset
wcsspn
iswspace
ungetwc
ungetc
fgetwc
fgetc
memcmp
towlower
_wtoi
iswdigit
wcsncmp
strncmp
toupper
wcsrchr
wcstoul
_wsplitpath_s
wcspbrk
___lc_collate_cp_func
wcschr
strcpy_s
_wcslwr
wcscat_s
__uncaught_exception
calloc
isupper
__pctype_func
setlocale
_wfsopen
fseek
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
memmove_s
iswprint
fputc
isdigit
towupper
wcstok_s
realloc
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
fclose
fwrite
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
__mb_cur_max
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
_vsnwprintf_s
_vscwprintf
iswalpha
tolower
_wtoi64
iswcntrl
??0exception@@QEAA@AEBQEBD@Z
_wcsnicmp
_vsnprintf
wcsstr
?what@exception@@UEBAPEBDXZ
_wcsicmp
wcscpy_s
strchr
_set_errno
strtol
_errno
strncpy_s
sprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
fputwc
__CxxFrameHandler3
wcscmp
ntdll
ZwOpenKey
LdrResSearchResource
ZwQueryInformationFile
ZwOpenFile
ZwQueryValueKey
RtlFormatCurrentUserKeyPath
ZwMapViewOfSection
RtlInitUnicodeStringEx
ZwSetInformationProcess
ZwQueryDirectoryFile
RtlVerifyVersionInfo
RtlGetFullPathName_UEx
RtlSecondsSince1970ToTime
RtlGetNativeSystemInformation
RtlpEnsureBufferSize
ZwQueryInformationProcess
RtlxAnsiStringToUnicodeSize
RtlFreeUnicodeString
ZwCreateSection
RtlUpcaseUnicodeString
RtlUpcaseUnicodeChar
RtlTimeToTimeFields
ZwCreateFile
RtlAppendUnicodeToString
RtlNtPathNameToDosPathName
RtlAppendUnicodeStringToString
ZwUnmapViewOfSection
EtwTraceMessage
RtlComputeCrc32
RtlCompareMemory
ZwQuerySystemInformation
RtlAnsiStringToUnicodeString
ZwClose
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
ZwEnumerateKey
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
RtlDosPathNameToNtPathName_U_WithStatus
ZwEnumerateValueKey
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventWriteNoRegistration
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlFreeSid
WinSqmIsOptedInEx
VerSetConditionMask
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
RtlGetVersion
advapi32
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
TraceEvent
CryptCreateHash
EventUnregister
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
EventWriteTransfer
RegGetValueW
EventRegister
RegLoadAppKeyW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetKeyValueW
RegDeleteKeyValueW
GetTokenInformation
RegCloseKey
ConvertSidToStringSidW
OpenThreadToken
OpenProcessToken
kernel32
WriteFile
ExpandEnvironmentStringsW
InitializeSRWLock
TryAcquireSRWLockExclusive
RaiseException
GetCommandLineW
DeviceIoControl
GetVolumeInformationByHandleW
InitOnceExecuteOnce
GetFullPathNameW
OutputDebugStringA
GetModuleFileNameW
CreateFileW
GetSystemInfo
GetModuleHandleExA
GetLocalTime
DebugBreak
WaitNamedPipeW
FindFirstFileW
FindNextFileW
SetNamedPipeHandleState
HeapFree
SetLastError
GetModuleHandleExW
WaitForThreadpoolTimerCallbacks
GetCurrentThreadId
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
CloseThreadpoolTimer
AcquireSRWLockExclusive
SetThreadpoolTimer
ReleaseSRWLockShared
HeapAlloc
GetProcAddress
AcquireSRWLockShared
GetProcessHeap
GetModuleHandleW
GetLongPathNameW
WideCharToMultiByte
GetTickCount
QueryThreadCycleTime
GetCurrentThread
Sleep
VerifyVersionInfoW
LoadLibraryW
LoadLibraryExW
CloseHandle
UnmapViewOfFile
ReleaseMutex
SetEvent
WaitForSingleObject
SetWaitableTimer
ReleaseSemaphore
WaitForMultipleObjects
LocalFree
CreateWaitableTimerW
OpenWaitableTimerW
CreateSemaphoreW
CreateEventW
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
LocaleNameToLCID
FileTimeToSystemTime
LocalAlloc
GetSystemDirectoryW
GetFileAttributesW
SignalObjectAndWait
HeapReAlloc
OutputDebugStringW
IsDebuggerPresent
WaitForSingleObjectEx
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
CreateMutexExW
CreateMutexW
GetCurrentDirectoryW
InitializeCriticalSection
GetFileTime
K32EnumProcesses
OpenProcess
QueryFullProcessImageNameW
RegisterWaitForSingleObject
UnregisterWait
QueryUnbiasedInterruptTime
GetSystemPowerStatus
GetCurrentProcess
GetProcessTimes
K32GetProcessMemoryInfo
CreateThreadpoolTimer
CreateThread
CreateEventExW
DeleteCriticalSection
InitializeCriticalSectionEx
GetModuleFileNameA
CreateSemaphoreExW
OpenSemaphoreW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
LoadLibraryExA
DelayLoadFailureHook
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
WakeAllConditionVariable
SleepConditionVariableSRW
FindClose
FreeLibrary
CreateActCtxW
QueryActCtxW
ReleaseActCtx
GetLogicalDriveStringsW
QueryDosDeviceW
GetEnvironmentStringsW
FreeEnvironmentStringsW
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
oleaut32
VariantCopy
SysFreeString
SysStringLen
VariantClear
VariantChangeType
SysAllocString
VariantInit
rpcrt4
UuidCreate
msi
ord8
ord141
ord32
ord159
ord166
ord115
ord92
ord113
ord118
ord248
ord160
ord294
shlwapi
ord487
SHCreateStreamOnFileEx
PathCommonPrefixW
PathFindFileNameW
PathFileExistsW
PathUnExpandEnvStringsW
PathIsNetworkPathW
Exports
Exports
CreateAppxPackageInventory
CreateAppxPackageInventoryExtracted
CreateSoftwareInventory
GetAppInfo
GetAppInfo2
GetAppInventory
GetApplicationKBsTC2
GetCachedAppInventory
GetDetailedAppInventory
GetDetailedAppInventoryFile
GetDetailedAppInventoryOrphanFile
UpdateSoftwareInventoryW
UpdateSoftwareInventoryWTCEx
Sections
.text Size: 780KB - Virtual size: 779KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 308KB - Virtual size: 306KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 280B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
aeinvext.dll.dll windows:10 windows x64 arch:x64
bf8af2c82e732beed41735a4c5bbd996
Code Sign
33:00:00:04:a8:82:e6:b8:ac:1c:5d:5f:f0:00:00:00:00:04:a8Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12-09-2024 20:04Not After11-09-2025 20:04SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
b8:e8:50:d1:ed:6a:80:d0:10:2b:54:ce:43:b4:de:ed:0f:20:77:bc:70:e8:e2:d8:b8:3c:be:18:4d:0d:b2:a8Signer
Actual PE Digestb8:e8:50:d1:ed:6a:80:d0:10:2b:54:ce:43:b4:de:ed:0f:20:77:bc:70:e8:e2:d8:b8:3c:be:18:4d:0d:b2:a8Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
aeinvext.pdb
Imports
msvcp_win
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_strcpy_s
_o_wcscat_s
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
wcschr
wcsstr
strchr
wcsrchr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
api-ms-win-crt-string-l1-1-0
memset
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameA
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleExA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
api-ms-win-core-synch-l1-1-0
EnterCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
CreateMutexExW
DeleteCriticalSection
ReleaseMutex
CreateEventW
WaitForSingleObject
ResetEvent
ReleaseSemaphore
SetEvent
LeaveCriticalSection
CreateSemaphoreExW
OpenSemaphoreW
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
ntdll
RtlReAllocateHeap
RtlEqualString
RtlAppendUnicodeToString
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlDeleteCriticalSection
RtlGetNativeSystemInformation
RtlInitUnicodeStringEx
RtlEnterCriticalSection
ZwQuerySystemInformation
ZwQueryValueKey
RtlAppendUnicodeStringToString
RtlInitAnsiString
ZwOpenKey
RtlMultiByteToUnicodeN
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
ZwEnumerateKey
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
ZwClose
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
api-ms-win-security-base-l1-1-0
RevertToSelf
GetTokenInformation
ImpersonateLoggedOnUser
api-ms-win-core-sysinfo-l2-1-0
GetUserNameW
api-ms-win-core-sysinfo-l1-1-0
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetLocalTime
api-ms-win-core-psapi-l1-1-0
QueryFullProcessImageNameW
K32EnumProcesses
api-ms-win-core-processthreads-l1-1-1
OpenProcess
IsProcessorFeaturePresent
api-ms-win-core-com-l1-1-0
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-namedpipe-l1-1-0
WaitNamedPipeW
SetNamedPipeHandleState
api-ms-win-core-file-l1-1-0
WriteFile
CreateFileW
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventUnregister
EventRegister
oleaut32
SysAllocString
GetErrorInfo
SetErrorInfo
SysStringLen
SysFreeString
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
Exports
Exports
GetSparkId
Sections
.text Size: 76KB - Virtual size: 74KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 380B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
aemarebackup.dll.dll windows:10 windows x64 arch:x64
a12bc75e1888b8d0ab7f486031c78609
Code Sign
33:00:00:04:a8:82:e6:b8:ac:1c:5d:5f:f0:00:00:00:00:04:a8Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12-09-2024 20:04Not After11-09-2025 20:04SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e6:6e:9f:59:18:09:1f:67:52:db:e3:ae:81:39:c8:c6:13:20:46:e3:28:df:34:46:2f:24:88:0b:8a:bf:69:ddSigner
Actual PE Digeste6:6e:9f:59:18:09:1f:67:52:db:e3:ae:81:39:c8:c6:13:20:46:e3:28:df:34:46:2f:24:88:0b:8a:bf:69:ddDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
AeMareBackup.pdb
Imports
msvcrt
memcpy
_W_Getdays
__crtLCMapStringA
_wsetlocale
strncmp
_W_Getmonths
memmove
__uncaught_exception
__crtCompareStringA
__crtCompareStringW
wcsrchr
strcpy_s
wcscat_s
_vsnprintf
realloc
??0exception@@QEAA@AEBQEBDH@Z
_W_Gettnames
_Getmonths
wcscmp
__CxxFrameHandler3
iswalpha
islower
iswcntrl
iswspace
_wcsnicmp
_wcslwr
_wtoi64
setlocale
___mb_cur_max_func
_Wcsftime
_Strftime
tolower
wcsncmp
_wcsdup
wcstol
__crtLCMapStringW
___lc_handle_func
___lc_codepage_func
fgetc
memcmp
___lc_collate_cp_func
_errno
swprintf_s
strcspn
memset
_vscwprintf
localeconv
fwrite
fgetpos
fgetwc
_fseeki64
ldexp
wcstoul
_CxxThrowException
fsetpos
setvbuf
fflush
isspace
__mb_cur_max
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
_Gettnames
sprintf_s
wcscpy_s
fclose
localtime
strftime
time
??0exception@@QEAA@AEBQEBD@Z
_wsplitpath_s
wcsstr
??1type_info@@UEAA@XZ
wcschr
towlower
_Getdays
_wfopen_s
_onexit
_wfsopen
__dllonexit
fseek
_unlock
_lock
_initterm
malloc
fwprintf_s
free
_amsg_exit
_wcsicmp
?what@exception@@UEBAPEBDXZ
ungetwc
_XcptFilter
ungetc
__C_specific_handler
?terminate@@YAXXZ
_vsnwprintf_s
isdigit
isalnum
memchr
_wtoi
memmove_s
calloc
isupper
??0exception@@QEAA@AEBV0@@Z
__pctype_func
strchr
fputwc
_ismbblead
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
abort
__CxxFrameHandler4
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExA
GetModuleFileNameA
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
ntdll
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwQueryInformationFile
LdrResSearchResource
ZwOpenKey
RtlVerifyVersionInfo
RtlSecondsSince1970ToTime
RtlGetNativeSystemInformation
RtlxAnsiStringToUnicodeSize
RtlFreeUnicodeString
ZwCreateSection
EtwTraceMessage
RtlDosPathNameToNtPathName_U_WithStatus
RtlUpcaseUnicodeChar
RtlTimeToTimeFields
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlAnsiStringToUnicodeString
ZwClose
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlLeaveCriticalSection
RtlInitializeCriticalSection
ZwEnumerateKey
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlDeleteCriticalSection
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlFreeSid
ZwMapViewOfSection
LdrGetProcedureAddress
LdrGetDllHandle
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlInitUnicodeString
NtClose
NtQueryInformationFile
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
NtCreateFile
RtlInitString
WinSqmIsOptedInEx
api-ms-win-core-synch-l1-1-0
InitializeCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
CreateMutexW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
CreateEventW
SetWaitableTimer
CreateEventExW
SetEvent
LeaveCriticalSection
ReleaseSemaphore
InitializeSRWLock
TryAcquireSRWLockExclusive
EnterCriticalSection
CreateSemaphoreExW
DeleteCriticalSection
OpenWaitableTimerW
api-ms-win-core-heap-l1-1-0
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
api-ms-win-core-registry-l1-1-0
RegQueryValueExW
RegQueryInfoKeyW
RegLoadAppKeyW
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
RegGetValueW
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
CreateThread
api-ms-win-core-localization-l1-2-0
GetLocaleInfoW
FormatMessageW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA
DebugBreak
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-string-l1-1-0
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
api-ms-win-core-synch-l1-2-0
WakeAllConditionVariable
SleepConditionVariableSRW
SignalObjectAndWait
Sleep
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime
GetSystemDirectoryW
ole32
PropVariantClear
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemAlloc
aepic
ord101
ord107
ord109
ord106
ord100
ord102
ord104
ord105
ord103
ord108
psapi
GetDeviceDriverBaseNameW
EnumDeviceDrivers
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-sysinfo-l1-2-0
VerSetConditionMask
rpcrt4
UuidCreate
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
CreateWaitableTimerW
CreateSemaphoreW
api-ms-win-core-memory-l1-1-0
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-security-base-l1-1-0
IsWellKnownSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
api-ms-win-security-provider-l1-1-0
SetEntriesInAclW
api-ms-win-core-version-l1-1-0
VerQueryValueW
api-ms-win-core-version-l1-1-1
GetFileVersionInfoSizeW
GetFileVersionInfoW
api-ms-win-core-file-l1-1-0
CreateFileW
GetFileAttributesW
QueryDosDeviceW
GetLogicalDriveStringsW
GetFileAttributesExW
WriteFile
GetVolumeInformationByHandleW
GetLongPathNameW
CompareFileTime
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetCommandLineW
api-ms-win-core-registry-l1-1-1
RegSetKeyValueW
api-ms-win-security-sddl-l1-1-0
ConvertStringSidToSidW
api-ms-win-core-winrt-l1-1-0
RoInitialize
RoUninitialize
api-ms-win-core-path-l1-1-0
PathCchCanonicalizeEx
PathCchRemoveFileSpec
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-shlwapi-legacy-l1-1-0
PathUnExpandEnvStringsW
PathFileExistsW
api-ms-win-shcore-path-l1-1-0
ord170
api-ms-win-core-commandlinetoargv-l1-1-0
CommandLineToArgvW
api-ms-win-core-namedpipe-l1-1-0
WaitNamedPipeW
SetNamedPipeHandleState
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-security-cryptoapi-l1-1-0
CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
api-ms-win-core-sidebyside-l1-1-0
CreateActCtxW
ReleaseActCtx
QueryActCtxW
api-ms-win-eventing-classicprovider-l1-1-0
TraceEvent
Exports
Exports
BackupMareDataTC2
Sections
.text Size: 644KB - Virtual size: 643KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 156KB - Virtual size: 152KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 28KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
aepic.dll.dll windows:10 windows x64 arch:x64
12066b57b608f43e6ee2eb47d5ab9216
Code Sign
33:00:00:04:a7:04:3e:e4:22:c8:34:fa:fc:00:00:00:00:04:a7Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12-09-2024 20:04Not After11-09-2025 20:04SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1b:10:c1:2a:82:1b:7d:c9:48:37:ca:9d:80:cc:a9:3b:1b:14:3e:df:f1:3b:a9:9f:2b:22:d4:e3:ba:83:10:cdSigner
Actual PE Digest1b:10:c1:2a:82:1b:7d:c9:48:37:ca:9d:80:cc:a9:3b:1b:14:3e:df:f1:3b:a9:9f:2b:22:d4:e3:ba:83:10:cdDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
aepic.pdb
Imports
msvcp_win
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?eof@ios_base@std@@QEBA_NXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?id@?$collate@G@std@@2V0locale@2@A
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-crt-runtime-l1-1-0
_initterm
_initterm_e
api-ms-win-crt-private-l1-1-0
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__unlock_file
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
memmove
_o__wsplitpath_s
_o__wtoi
_o__wtoi64
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_iswalpha
_o_iswcntrl
_o_iswspace
_o_rand
_o_realloc
_o_setvbuf
_o_srand
_o_strcpy_s
_o_strncpy_s
_o_strtol
_o_terminate
_o_tolower
_o_towlower
_o_ungetc
_o_ungetwc
_o_wcscat_s
_o_wcscpy_s
_o_wcstoul
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
__C_specific_handler
wcsstr
wcschr
_o__fseeki64
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
strchr
wcsrchr
__std_terminate
__CxxFrameHandler4
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
memcmp
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcpy
api-ms-win-crt-string-l1-1-0
strncmp
memset
wcscmp
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
ZwClose
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
ZwOpenKey
ZwEnumerateKey
RtlInitUnicodeStringEx
ZwQueryValueKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
RtlSecondsSince1970ToTime
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUpcaseUnicodeChar
RtlDeleteCriticalSection
RtlEqualString
RtlEnterCriticalSection
RtlMultiByteToUnicodeN
RtlInitializeCriticalSection
RtlLeaveCriticalSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlGetNativeSystemInformation
RtlFreeHeap
RtlAllocateHeap
ZwQuerySystemInformation
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
WinSqmIsOptedInEx
ZwUnmapViewOfSection
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlFreeSid
VerSetConditionMask
ZwMapViewOfSection
RtlTimeToTimeFields
LdrResSearchResource
RtlVerifyVersionInfo
EtwTraceMessage
RtlAdjustPrivilege
RtlReAllocateHeap
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameA
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
GetModuleHandleExA
api-ms-win-core-synch-l1-1-0
SleepEx
InitializeSRWLock
CreateEventExW
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateSemaphoreExW
EnterCriticalSection
TryAcquireSRWLockExclusive
CreateMutexW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
InitializeCriticalSection
CreateEventW
ReleaseMutex
OpenWaitableTimerW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetWaitableTimer
SetEvent
ReleaseSemaphore
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
api-ms-win-core-heap-l1-1-0
HeapFree
GetProcessHeap
HeapReAlloc
HeapAlloc
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
api-ms-win-core-processthreads-l1-1-0
CreateThread
OpenProcessToken
OpenThreadToken
GetCurrentThreadId
GetProcessTimes
GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
TerminateProcess
api-ms-win-core-localization-l1-2-0
LocaleNameToLCID
FormatMessageW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
api-ms-win-core-winrt-string-l1-1-0
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
api-ms-win-core-winrt-l1-1-0
RoActivateInstance
RoInitialize
RoGetActivationFactory
RoUninitialize
api-ms-win-core-memory-l1-1-0
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
CreateWaitableTimerW
CreateSemaphoreW
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-security-base-l1-1-0
GetTokenInformation
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
DuplicateTokenEx
InitializeSecurityDescriptor
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-sysinfo-l1-1-0
GetSystemInfo
GetSystemDirectoryW
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
api-ms-win-core-registry-l1-1-0
RegDeleteTreeW
RegSaveKeyExW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyExW
RegLoadAppKeyW
RegQueryInfoKeyW
RegSetKeySecurity
RegGetValueW
RegOpenKeyExW
RegUnLoadKeyW
RegLoadKeyW
api-ms-win-core-version-l1-1-0
VerQueryValueW
api-ms-win-core-version-l1-1-1
GetFileVersionInfoW
GetFileVersionInfoSizeW
api-ms-win-core-file-l1-1-0
FindClose
FindNextFileW
WriteFile
CreateFileW
GetLongPathNameW
GetFileAttributesW
GetVolumeInformationByHandleW
QueryDosDeviceW
GetLogicalDriveStringsW
FindFirstFileW
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceBeginInitialize
InitOnceComplete
SignalObjectAndWait
InitOnceExecuteOnce
api-ms-win-core-realtime-l1-1-0
QueryUnbiasedInterruptTime
QueryThreadCycleTime
api-ms-win-core-winrt-error-l1-1-0
RoTransformError
RoOriginateError
GetRestrictedErrorInfo
RoOriginateErrorW
SetRestrictedErrorInfo
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-com-l1-1-0
CoUninitialize
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoTaskMemAlloc
CoGetCallContext
CoInitializeEx
api-ms-win-core-com-l1-1-1
RoGetAgileReference
api-ms-win-core-winrt-error-l1-1-1
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
OpenProcess
api-ms-win-service-management-l1-1-0
CloseServiceHandle
StartServiceW
OpenSCManagerW
OpenServiceW
api-ms-win-service-winsvc-l1-1-0
QueryServiceStatus
api-ms-win-service-management-l2-1-0
NotifyServiceStatusChangeW
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-namedpipe-l1-1-0
WaitNamedPipeW
SetNamedPipeHandleState
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
GetCommandLineW
GetCurrentDirectoryW
api-ms-win-core-registry-l1-1-1
RegDeleteKeyValueW
RegSetKeyValueW
api-ms-win-core-file-l2-1-0
MoveFileExW
api-ms-win-core-path-l1-1-0
PathAllocCombine
PathCchCanonicalizeEx
PathCchRemoveFileSpec
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-shlwapi-legacy-l1-1-0
PathUnExpandEnvStringsW
PathFileExistsW
api-ms-win-core-commandlinetoargv-l1-1-0
CommandLineToArgvW
api-ms-win-core-psapi-l1-1-0
K32GetProcessMemoryInfo
api-ms-win-core-featurestaging-l1-1-0
SubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-string-l2-1-1
SHLoadIndirectString
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-eventing-classicprovider-l1-1-0
TraceEvent
api-ms-win-core-sidebyside-l1-1-0
QueryActCtxW
CreateActCtxW
ReleaseActCtx
Exports
Exports
DllCanUnloadNow
DllGetActivationFactory
GetAppInventoryCore
GetPrivacyLevel
PicAmiClose
PicAmiInitialize
PicFreeFileInfo
PicRetrieveFileInfo
PicRetrieveFileInfoAppx
PicRetrieveFileLastRunTime
PicUpdateFileLastRunTime
UpdateSoftwareInventoryTC2
Sections
.text Size: 428KB - Virtual size: 427KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 124KB - Virtual size: 121KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 320B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
agentactivationruntime.dll.dll windows:10 windows x64 arch:x64
c3ee4264e46ffd3967a8326990f1f38a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
agentactivationruntime.pdb
Imports
msvcp_win
_Mtx_destroy_in_situ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
_Cnd_broadcast
_Thrd_detach
?_Xbad_function_call@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Cnd_timedwait
_Mtx_current_owns
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
_Query_perf_frequency
_Cnd_destroy_in_situ
_Thrd_join
_Thrd_id
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_init_in_situ
_Cnd_signal
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
?_Throw_Cpp_error@std@@YAXH@Z
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o___stdio_common_vsprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o__beginthreadex
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o___std_exception_copy
_o__register_onexit_function
_o__seh_filter_dll
__RTDynamicCast
_o__wfopen
_o__wgetenv
_o_ceilf
_o_cos
_o_cosf
_o_expf
_o_fclose
_o_fread
_o_free
_o_fseek
_o_ftell
_o_logf
_o_malloc
_o_rewind
_o_sin
_o_sinf
_o_sqrt
_o_terminate
_o_toupper
_o_towlower
_o_wcstol
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___acrt_iob_func
__RTtypeid
__std_terminate
__std_type_info_compare
__CxxFrameHandler4
_o___std_exception_destroy
memchr
memcmp
memmove
memcpy
strchr
strrchr
api-ms-win-crt-string-l1-1-0
memset
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExW
LoadLibraryExA
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetProcAddress
api-ms-win-core-synch-l1-1-0
WaitForSingleObjectEx
AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
OpenSemaphoreW
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
CreateSemaphoreExW
ResetEvent
CreateEventW
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
api-ms-win-core-threadpool-l1-2-0
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
OutputDebugStringW
DebugBreak
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
WideCharToMultiByte
api-ms-win-core-file-l1-1-0
FindFirstFileW
GetFileSizeEx
ReadFile
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
QueryPerformanceFrequency
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
agentactivationruntimewindows
?GetAgentActivationRuntimePalComponentFactory@@YAPEAVIAgentActivationRuntimePalComponentFactory@VoiceAgentServices@Microsoft@@XZ
api-ms-win-core-path-l1-1-0
PathCchRemoveFileSpec
PathCchAddBackslash
api-ms-win-core-file-l1-2-0
CreateFile2
api-ms-win-core-libraryloader-l2-1-0
LoadPackagedLibrary
api-ms-win-appmodel-runtime-l1-1-0
GetPackageFamilyName
Exports
Exports
?CreateAgentActivationRuntime@@YA?AV?$shared_ptr@VIAgentActivationRuntime@VoiceAgentServices@Microsoft@@@std@@XZ
?GetAgentActivationRuntime@@YA?AV?$shared_ptr@VIAgentActivationRuntime@VoiceAgentServices@Microsoft@@@std@@XZ
?GetLoggerInstance@@YAAEAVLogger@VoiceAgentServices@Microsoft@@XZ
?ReleaseAgentActivationRuntime@@YAXXZ
Sections
.text Size: 724KB - Virtual size: 721KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 208KB - Virtual size: 205KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 32KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ