lumma | LoaderX[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

LoaderX.zip
Size

17.0MB
MD5

e6a995c34bf16ab93c3cabff19166c8b
SHA1

b83b6ec7847e13031ff9f758b1b6339d3fcd77b2
SHA256

b49b89328099bc486bc076e131bd380524bf7efd365629d975a727334fe586e1
SHA512

3abe34df98ad38ed5ba127ae537e31148a85219d4e1ec085b28012af95005ef99d7be45c5ad071714b192ebf1aaee2df144cdcbfb8db05ca9587f134b90087c3
SSDEEP

393216:JMmZnjuJA8Cg4pBeetbsVDoCeSf0sUxlUb4/pKFtz4PquA:aqUA8z4paDleSwdxKDzHuA

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

https://commisionipwn.shop/api

https://stitchmiscpaew.shop/api

https://ignoracndwko.shop/api

https://grassemenwji.shop/api

https://charistmatwio.shop/api

https://basedsymsotp.shop/api

https://complainnykso.shop/api

https://preachstrwnwjw.shop/api

https://glassestacwop.shop/api

Signatures

Lumma family
lumma

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Loader.exe
unpack001/packages/AppXDeploymentExtensions.desktop — копия.dll
unpack001/packages/AppXDeploymentExtensions.desktop.dll
unpack001/packages/AppXDeploymentExtensions.onecore — копия.dll
unpack001/packages/AppXDeploymentExtensions.onecore.dll
unpack001/packages/AppXDeploymentServer — копия.dll
unpack001/packages/AppXDeploymentServer.dll
unpack001/packages/netaapl64 — копия.sys
unpack001/packages/netaapl64.sys

Files

LoaderX.zip
.zip

Password: 2025
Loader.exe
.exe windows:4 windows x86 arch:x86

Password: 2025

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SafetyTips/3036/_metadata/verified_contents.json
SafetyTips/3036/manifest.fingerprint
SafetyTips/3036/manifest.json
SafetyTips/3036/safety_tips.pb
crossas.dll
.dll windows:5 windows x64 arch:x64

Password: 2025

270642aa6474164b0a1497c1ca748de6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02-07-2021 00:00

Not After

10-07-2024 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:db:0b:3c:1b:c0:47:61:20:1a:91:f1:b4:43:e2:a5:f2:34:11:85:77:67:8a:c5:4a:dc:cd:78:b7:12:01:d5
Signer

Actual PE Digest

b1:db:0b:3c:1b:c0:47:61:20:1a:91:f1:b4:43:e2:a5:f2:34:11:85:77:67:8a:c5:4a:dc:cd:78:b7:12:01:d5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Google.Widevine.CDM.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
CompareStringOrdinal
CompareStringW
CreateEventW
CreateFileW
DecodePointer
DeleteCriticalSection
DisableThreadLibraryCalls
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ResetEvent
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

mfplat

MFCreateAsyncResult
MFCreateAttributes
MFInvokeCallback
MFPutWorkItem
MFScheduleWorkItemEx
MFStartup

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull

advapi32

EventRegister
EventSetInformation
EventUnregister
SystemFunction036

ole32

CoCreateFreeThreadedMarshaler
CoCreateInstance
CoGetApartmentType
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
PropVariantClear

propsys

PSCreateMemoryPropertyStore

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

winmm

timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetHandleVerifier

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 108B

.tls
Size: 512B - Virtual size: 385B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 68B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
indexes/1.21.json
manifest.json
msvcp140.dll
packages/AppVEntSubsystemController — копия.dll
.dll windows:10 windows x64 arch:x64

Password: 2025

2a4071d3cc2ae49d2dc443ff80fcde47

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:aa:39:d2:2b:8c:65:23:3e:9b:9d:2e:ef:48:8a:e5:ed:55:c9:21:b2:1c:53:2f:0c:47:2b:ed:c6:d5:3f:37
Signer

Actual PE Digest

11:aa:39:d2:2b:8c:65:23:3e:9b:9d:2e:ef:48:8a:e5:ed:55:c9:21:b2:1c:53:2f:0c:47:2b:ed:c6:d5:3f:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVEntSubsystemController.pdb

Imports

msvcp_win

?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xbad_function_call@std@@YAXXZ
?exceptions@ios_base@std@@QEAAXH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?classic@locale@std@@SAAEBV12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
_Mbrtowc
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
_Wcscoll
?id@?$collate@_W@std@@2V0locale@2@A
_Wcsxfrm
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wcsupr_s
memmove
_o__wsplitpath_s
_o__wtoi
_o_calloc
_o_free
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__std_type_info_compare
strchr
strrchr
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__RTDynamicCast
memcmp
memcpy

fltlib

FilterSendMessage
FilterConnectCommunicationPort

advapi32

EventUnregister
EventSetInformation
EventRegister
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken
DuplicateTokenEx
GetLengthSid
ConvertSidToStringSidW
DuplicateToken
CreateProcessAsUserW
SetThreadToken
OpenProcessToken
IsValidSid
CopySid
SetTokenInformation
EventWriteTransfer
LookupPrivilegeValueW
CheckTokenMembership
InitializeSid
GetSidLengthRequired
GetSidSubAuthority
EqualSid
ImpersonateLoggedOnUser
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegSetValueExW
RevertToSelf
RegDeleteKeyExW
MakeAbsoluteSD
RegSetKeySecurity
AccessCheck
GetAce
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetSecurityDescriptorSacl
MapGenericMask
EnumServicesStatusExW
EnumServicesStatusW
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW
RegUnLoadKeyW
RegLoadKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegSetKeyValueW
RegOpenCurrentUser
RegCreateKeyExW
ConvertStringSidToSidW
RegEnumKeyExW
RegDeleteTreeW
EventActivityIdControl
GetSidSubAuthorityCount
GetSidIdentifierAuthority
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
AddAce
InitializeSecurityDescriptor
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorLength
MakeSelfRelativeSD
SetSecurityDescriptorGroup

kernel32

CreateMutexW
ReleaseMutex
SetThreadPriority
CreateThread
GetTickCount
DebugBreak
GetVolumePathNameW
GetFileAttributesW
CheckNameLegalDOS8Dot3W
ReleaseSemaphore
ReadFile
SetNamedPipeHandleState
PeekNamedPipe
DisconnectNamedPipe
QueueUserWorkItem
GetOverlappedResult
TransactNamedPipe
WaitNamedPipeW
CreateSemaphoreW
FindNextFileW
LoadLibraryA
GetFinalPathNameByHandleW
DeleteFileW
CopyFileW
CreateRemoteThread
GetNativeSystemInfo
GetModuleFileNameA
CreateSemaphoreExW
GetModuleHandleExW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
FormatMessageW
OutputDebugStringW
CloseThreadpoolTimer
WaitForSingleObjectEx
OpenSemaphoreW
SetThreadpoolTimer
CreateThreadpoolTimer
CreateMutexExW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
InitializeCriticalSectionAndSpinCount
VirtualQuery
VirtualProtect
VirtualQueryEx
ReadProcessMemory
VirtualAllocEx
VirtualProtectEx
ResumeThread
SetLastError
WriteProcessMemory
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
lstrcmpiW
GetEnvironmentVariableW
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
AcquireSRWLockShared
ResetEvent
ReleaseSRWLockShared
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockExclusive
CreateEventW
WaitForMultipleObjects
GetExitCodeProcess
IsWow64Process
WideCharToMultiByte
CreateProcessW
GetCurrentProcessId
LocalFree
GetCurrentThread
ProcessIdToSessionId
OpenProcess
WaitForSingleObject
GetCurrentProcess
QueryDosDeviceW
DeleteCriticalSection
RaiseException
CloseHandle
GetLastError
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
DisableThreadLibraryCalls
DuplicateHandle
GetVersionExW
Sleep
FindFirstFileW
SearchPathW
GetLongPathNameW
ExpandEnvironmentStringsW
GetShortPathNameW
FindClose
CreateFileW
GetSystemDirectoryW
VirtualFreeEx
QueryFullProcessImageNameW

ntdll

RtlInitUnicodeString
NtQueryInformationProcess
NtOpenJobObject
RtlNtStatusToDosError

ole32

CoInitializeEx
StringFromCLSID
CoCreateGuid
PropVariantClear
CLSIDFromString
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

rpcrt4

NdrServerCall2
RpcRevertToSelfEx
RpcServerRegisterAuthInfoW
RpcServerListen
RpcRevertToSelf
RpcImpersonateClient
RpcServerRegisterIf2
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcBindingInqAuthClientW

shell32

SHGetKnownFolderPath
ord165

shlwapi

PathMatchSpecW

userenv

ExpandEnvironmentStringsForUserW
UnloadUserProfile

user32

EnumWindows
GetWindowThreadProcessId
PostMessageW

psapi

GetProcessImageFileNameW
EnumProcessModulesEx
GetModuleFileNameExW

appvfilesystemmetadata

ord1

Exports

Exports

Deinitialize
GetComponent
GetVirtualEnvironmentUtils
Initialize

Sections

.text
Size: 820KB - Virtual size: 819KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppVEntSubsystemController.dll
.dll windows:10 windows x64 arch:x64

Password: 2025

2a4071d3cc2ae49d2dc443ff80fcde47

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:aa:39:d2:2b:8c:65:23:3e:9b:9d:2e:ef:48:8a:e5:ed:55:c9:21:b2:1c:53:2f:0c:47:2b:ed:c6:d5:3f:37
Signer

Actual PE Digest

11:aa:39:d2:2b:8c:65:23:3e:9b:9d:2e:ef:48:8a:e5:ed:55:c9:21:b2:1c:53:2f:0c:47:2b:ed:c6:d5:3f:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVEntSubsystemController.pdb

Imports

msvcp_win

?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xbad_function_call@std@@YAXXZ
?exceptions@ios_base@std@@QEAAXH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?classic@locale@std@@SAAEBV12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
_Mbrtowc
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
_Wcscoll
?id@?$collate@_W@std@@2V0locale@2@A
_Wcsxfrm
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wcsupr_s
memmove
_o__wsplitpath_s
_o__wtoi
_o_calloc
_o_free
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__std_type_info_compare
strchr
strrchr
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__RTDynamicCast
memcmp
memcpy

fltlib

FilterSendMessage
FilterConnectCommunicationPort

advapi32

EventUnregister
EventSetInformation
EventRegister
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken
DuplicateTokenEx
GetLengthSid
ConvertSidToStringSidW
DuplicateToken
CreateProcessAsUserW
SetThreadToken
OpenProcessToken
IsValidSid
CopySid
SetTokenInformation
EventWriteTransfer
LookupPrivilegeValueW
CheckTokenMembership
InitializeSid
GetSidLengthRequired
GetSidSubAuthority
EqualSid
ImpersonateLoggedOnUser
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegSetValueExW
RevertToSelf
RegDeleteKeyExW
MakeAbsoluteSD
RegSetKeySecurity
AccessCheck
GetAce
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetSecurityDescriptorSacl
MapGenericMask
EnumServicesStatusExW
EnumServicesStatusW
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW
RegUnLoadKeyW
RegLoadKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegSetKeyValueW
RegOpenCurrentUser
RegCreateKeyExW
ConvertStringSidToSidW
RegEnumKeyExW
RegDeleteTreeW
EventActivityIdControl
GetSidSubAuthorityCount
GetSidIdentifierAuthority
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
AddAce
InitializeSecurityDescriptor
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorLength
MakeSelfRelativeSD
SetSecurityDescriptorGroup

kernel32

CreateMutexW
ReleaseMutex
SetThreadPriority
CreateThread
GetTickCount
DebugBreak
GetVolumePathNameW
GetFileAttributesW
CheckNameLegalDOS8Dot3W
ReleaseSemaphore
ReadFile
SetNamedPipeHandleState
PeekNamedPipe
DisconnectNamedPipe
QueueUserWorkItem
GetOverlappedResult
TransactNamedPipe
WaitNamedPipeW
CreateSemaphoreW
FindNextFileW
LoadLibraryA
GetFinalPathNameByHandleW
DeleteFileW
CopyFileW
CreateRemoteThread
GetNativeSystemInfo
GetModuleFileNameA
CreateSemaphoreExW
GetModuleHandleExW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
FormatMessageW
OutputDebugStringW
CloseThreadpoolTimer
WaitForSingleObjectEx
OpenSemaphoreW
SetThreadpoolTimer
CreateThreadpoolTimer
CreateMutexExW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
InitializeCriticalSectionAndSpinCount
VirtualQuery
VirtualProtect
VirtualQueryEx
ReadProcessMemory
VirtualAllocEx
VirtualProtectEx
ResumeThread
SetLastError
WriteProcessMemory
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
lstrcmpiW
GetEnvironmentVariableW
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
AcquireSRWLockShared
ResetEvent
ReleaseSRWLockShared
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockExclusive
CreateEventW
WaitForMultipleObjects
GetExitCodeProcess
IsWow64Process
WideCharToMultiByte
CreateProcessW
GetCurrentProcessId
LocalFree
GetCurrentThread
ProcessIdToSessionId
OpenProcess
WaitForSingleObject
GetCurrentProcess
QueryDosDeviceW
DeleteCriticalSection
RaiseException
CloseHandle
GetLastError
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
DisableThreadLibraryCalls
DuplicateHandle
GetVersionExW
Sleep
FindFirstFileW
SearchPathW
GetLongPathNameW
ExpandEnvironmentStringsW
GetShortPathNameW
FindClose
CreateFileW
GetSystemDirectoryW
VirtualFreeEx
QueryFullProcessImageNameW

ntdll

RtlInitUnicodeString
NtQueryInformationProcess
NtOpenJobObject
RtlNtStatusToDosError

ole32

CoInitializeEx
StringFromCLSID
CoCreateGuid
PropVariantClear
CLSIDFromString
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

rpcrt4

NdrServerCall2
RpcRevertToSelfEx
RpcServerRegisterAuthInfoW
RpcServerListen
RpcRevertToSelf
RpcImpersonateClient
RpcServerRegisterIf2
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcBindingInqAuthClientW

shell32

SHGetKnownFolderPath
ord165

shlwapi

PathMatchSpecW

userenv

ExpandEnvironmentStringsForUserW
UnloadUserProfile

user32

EnumWindows
GetWindowThreadProcessId
PostMessageW

psapi

GetProcessImageFileNameW
EnumProcessModulesEx
GetModuleFileNameExW

appvfilesystemmetadata

ord1

Exports

Exports

Deinitialize
GetComponent
GetVirtualEnvironmentUtils
Initialize

Sections

.text
Size: 820KB - Virtual size: 819KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppVEntSubsystems64 — копия.dll
.dll windows:10 windows x64 arch:x64

Password: 2025

02676d1be1eb3edd3d0c179765eeba7d

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:92:18:df:a7:d4:2b:73:6a:ad:a3:07:3b:b5:41:f0:04:5a:60:e5:26:f9:84:df:dd:1a:dd:9b:f8:c4:b5:43
Signer

Actual PE Digest

20:92:18:df:a7:d4:2b:73:6a:ad:a3:07:3b:b5:41:f0:04:5a:60:e5:26:f9:84:df:dd:1a:dd:9b:f8:c4:b5:43

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVEntSubsystems.pdb

Imports

ntdll

NtSetSecurityObject
NtReadFile
NtWriteFile
RtlNtStatusToDosError
NtQueryObject
NtQueryKey
NtSetInformationThread
NtRenameKey
NtQuerySecurityObject
NtSetEvent
RtlInitAnsiString
RtlCaptureContext
NtCreateKey
RtlCompareUnicodeString
NtSetValueKey
NtClose
RtlEqualUnicodeString
RtlInitUnicodeString
RtlPcToFileHeader
NtDeleteValueKey
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlCopyUnicodeString
RtlInsertElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlIsGenericTableEmptyAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlIsNameInExpression
RtlPrefixUnicodeString
RtlAllocateHeap
RtlFreeHeap
NtQueryInformationProcess
RtlIntegerToUnicodeString
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
NtDuplicateObject
NtDeleteKey
NtEnumerateKey
NtEnumerateValueKey
NtOpenKey
NtNotifyChangeMultipleKeys
NtFlushKey
NtQueryValueKey

kernel32

GetCurrentProcess
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
FormatMessageW
GetLastError
K32GetModuleInformation
HeapAlloc
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
GetModuleFileNameW
CreateMutexW
WaitForSingleObject
ReleaseMutex
DisableThreadLibraryCalls
CloseHandle
IsDebuggerPresent
CheckRemoteDebuggerPresent
LoadLibraryW
CreateThread
MultiByteToWideChar
InitOnceExecuteOnce
WideCharToMultiByte
GetStringTypeW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
CompareStringEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
HeapReAlloc
GetCurrentThread
GetStdHandle
GetFileType
GetStartupInfoW
RaiseException
InitializeCriticalSectionAndSpinCount
SetLastError
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LoadLibraryExW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
IsValidCodePage
GetACP
GetOEMCP
GetFileSizeEx
SetFilePointerEx
SetStdHandle
WriteFile
GetSystemInfo
GetConsoleMode
FlushFileBuffers
ReadFile
ReadConsoleW
OutputDebugStringW
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateFileW
WriteConsoleW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
InterlockedFlushSList
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
HeapFree
GetModuleFileNameA
VirtualAlloc
ExitThread
EnterCriticalSection
FreeLibraryAndExitThread
FindFirstFileExW
TlsAlloc
HeapDestroy
GetCommandLineW
GetConsoleOutputCP
GetCommandLineA

advapi32

RegCloseKey
EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
VirtualQuery
CreateFileMappingW
VirtualProtect
VirtualFree

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorGroup
CopySid
GetSecurityDescriptorDacl
InitializeSid
GetSecurityDescriptorSacl
MakeSelfRelativeSD
InitializeAcl
MakeAbsoluteSD
DuplicateTokenEx
IsValidSid
SetSecurityDescriptorDacl
GetAclInformation
DuplicateToken
SetSecurityDescriptorOwner
GetTokenInformation
GetSecurityDescriptorLength
GetSidLengthRequired
EqualSid
GetLengthSid
AddAce
GetSidSubAuthority
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
GetSecurityDescriptorControl
GetSecurityDescriptorOwner

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
FindFirstVolumeW
FindVolumeClose
FindNextVolumeW
FindFirstFileW
GetVolumePathNameW
GetFinalPathNameByHandleW
GetFileAttributesW
GetLogicalDriveStringsW
GetShortPathNameW
FindNextFileW
FindClose

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-processthreads-l1-1-0

SuspendThread
SetThreadToken
CreateProcessW
OpenThreadToken
GetProcessId
CreateProcessAsUserW
OpenProcessToken
ResumeThread

userenv

UnloadUserProfile

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-com-l1-1-0

StringFromGUID2
StringFromCLSID
CLSIDFromString
CoMarshalInterface
PropVariantClear
CoTaskMemFree
CoCreateInstance
CoGetTreatAsClass
CoInitializeEx
CoUnmarshalInterface
CreateStreamOnHGlobal
CoUninitialize
CoCreateGuid
CoTaskMemAlloc

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetVersionExW
GetVersion
GetSystemDirectoryW

api-ms-win-core-processthreads-l1-1-1

GetThreadContext
FlushInstructionCache
GetProcessMitigationPolicy
SetThreadContext

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-psapi-l1-1-0

K32GetMappedFileNameW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-file-l1-2-2

FindFirstFileNameW
FindNextFileNameW

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW
UrlCreateFromPathW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegEnumValueW
RegSetValueExW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSemaphore
OpenEventW
CreateMutexExW
AcquireSRWLockShared
InitializeSRWLock
CreateSemaphoreExW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-memory-l1-1-4

QueryVirtualMemoryInformation

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

rpcrt4

RpcServerRegisterIf2
RpcRevertToSelf
RpcServerListen
RpcBindingSetAuthInfoExW
RpcServerRegisterAuthInfoW
UuidCreate
RpcImpersonateClient
RpcBindingFree
NdrServerCall2
RpcServerUnregisterIf
RpcServerUseProtseqEpW
NdrClientCall2
RpcBindingInqAuthClientW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcStringBindingComposeW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-shcore-sysinfo-l1-1-0

GetCurrentProcessExplicitAppUserModelID

api-ms-win-core-handle-l1-1-0

DuplicateHandle

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

user32

PeekMessageW
DispatchMessageW
CallWindowProcW
GetParent
IsWindowVisible
GetWindowLongW
WaitForInputIdle
FindWindowW

gdi32

AddFontResourceExW
CreateScalableFontResourceW

ole32

GetClassFile
CreateFileMoniker
GetRunningObjectTable

shell32

SHCreateItemFromParsingName
SHParseDisplayName
SHGetPathFromIDListW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLangID

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

Exports

Exports

APIExportForDetours
CurrentThreadIsVirtualized
IsProcessHooked
RequestUnhookedFunctionList
VirtualizeCurrentProcess
VirtualizeCurrentThread

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 511KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppVEntSubsystems64.dll
.dll windows:10 windows x64 arch:x64

Password: 2025

02676d1be1eb3edd3d0c179765eeba7d

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:92:18:df:a7:d4:2b:73:6a:ad:a3:07:3b:b5:41:f0:04:5a:60:e5:26:f9:84:df:dd:1a:dd:9b:f8:c4:b5:43
Signer

Actual PE Digest

20:92:18:df:a7:d4:2b:73:6a:ad:a3:07:3b:b5:41:f0:04:5a:60:e5:26:f9:84:df:dd:1a:dd:9b:f8:c4:b5:43

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVEntSubsystems.pdb

Imports

ntdll

NtSetSecurityObject
NtReadFile
NtWriteFile
RtlNtStatusToDosError
NtQueryObject
NtQueryKey
NtSetInformationThread
NtRenameKey
NtQuerySecurityObject
NtSetEvent
RtlInitAnsiString
RtlCaptureContext
NtCreateKey
RtlCompareUnicodeString
NtSetValueKey
NtClose
RtlEqualUnicodeString
RtlInitUnicodeString
RtlPcToFileHeader
NtDeleteValueKey
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlCopyUnicodeString
RtlInsertElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlIsGenericTableEmptyAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlIsNameInExpression
RtlPrefixUnicodeString
RtlAllocateHeap
RtlFreeHeap
NtQueryInformationProcess
RtlIntegerToUnicodeString
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
NtDuplicateObject
NtDeleteKey
NtEnumerateKey
NtEnumerateValueKey
NtOpenKey
NtNotifyChangeMultipleKeys
NtFlushKey
NtQueryValueKey

kernel32

GetCurrentProcess
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
FormatMessageW
GetLastError
K32GetModuleInformation
HeapAlloc
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
GetModuleFileNameW
CreateMutexW
WaitForSingleObject
ReleaseMutex
DisableThreadLibraryCalls
CloseHandle
IsDebuggerPresent
CheckRemoteDebuggerPresent
LoadLibraryW
CreateThread
MultiByteToWideChar
InitOnceExecuteOnce
WideCharToMultiByte
GetStringTypeW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
CompareStringEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
HeapReAlloc
GetCurrentThread
GetStdHandle
GetFileType
GetStartupInfoW
RaiseException
InitializeCriticalSectionAndSpinCount
SetLastError
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LoadLibraryExW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
IsValidCodePage
GetACP
GetOEMCP
GetFileSizeEx
SetFilePointerEx
SetStdHandle
WriteFile
GetSystemInfo
GetConsoleMode
FlushFileBuffers
ReadFile
ReadConsoleW
OutputDebugStringW
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateFileW
WriteConsoleW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
InterlockedFlushSList
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
HeapFree
GetModuleFileNameA
VirtualAlloc
ExitThread
EnterCriticalSection
FreeLibraryAndExitThread
FindFirstFileExW
TlsAlloc
HeapDestroy
GetCommandLineW
GetConsoleOutputCP
GetCommandLineA

advapi32

RegCloseKey
EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
VirtualQuery
CreateFileMappingW
VirtualProtect
VirtualFree

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorGroup
CopySid
GetSecurityDescriptorDacl
InitializeSid
GetSecurityDescriptorSacl
MakeSelfRelativeSD
InitializeAcl
MakeAbsoluteSD
DuplicateTokenEx
IsValidSid
SetSecurityDescriptorDacl
GetAclInformation
DuplicateToken
SetSecurityDescriptorOwner
GetTokenInformation
GetSecurityDescriptorLength
GetSidLengthRequired
EqualSid
GetLengthSid
AddAce
GetSidSubAuthority
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
GetSecurityDescriptorControl
GetSecurityDescriptorOwner

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
FindFirstVolumeW
FindVolumeClose
FindNextVolumeW
FindFirstFileW
GetVolumePathNameW
GetFinalPathNameByHandleW
GetFileAttributesW
GetLogicalDriveStringsW
GetShortPathNameW
FindNextFileW
FindClose

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-processthreads-l1-1-0

SuspendThread
SetThreadToken
CreateProcessW
OpenThreadToken
GetProcessId
CreateProcessAsUserW
OpenProcessToken
ResumeThread

userenv

UnloadUserProfile

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-com-l1-1-0

StringFromGUID2
StringFromCLSID
CLSIDFromString
CoMarshalInterface
PropVariantClear
CoTaskMemFree
CoCreateInstance
CoGetTreatAsClass
CoInitializeEx
CoUnmarshalInterface
CreateStreamOnHGlobal
CoUninitialize
CoCreateGuid
CoTaskMemAlloc

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetVersionExW
GetVersion
GetSystemDirectoryW

api-ms-win-core-processthreads-l1-1-1

GetThreadContext
FlushInstructionCache
GetProcessMitigationPolicy
SetThreadContext

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-psapi-l1-1-0

K32GetMappedFileNameW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-file-l1-2-2

FindFirstFileNameW
FindNextFileNameW

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW
UrlCreateFromPathW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegEnumValueW
RegSetValueExW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSemaphore
OpenEventW
CreateMutexExW
AcquireSRWLockShared
InitializeSRWLock
CreateSemaphoreExW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-memory-l1-1-4

QueryVirtualMemoryInformation

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

rpcrt4

RpcServerRegisterIf2
RpcRevertToSelf
RpcServerListen
RpcBindingSetAuthInfoExW
RpcServerRegisterAuthInfoW
UuidCreate
RpcImpersonateClient
RpcBindingFree
NdrServerCall2
RpcServerUnregisterIf
RpcServerUseProtseqEpW
NdrClientCall2
RpcBindingInqAuthClientW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcStringBindingComposeW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-shcore-sysinfo-l1-1-0

GetCurrentProcessExplicitAppUserModelID

api-ms-win-core-handle-l1-1-0

DuplicateHandle

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

user32

PeekMessageW
DispatchMessageW
CallWindowProcW
GetParent
IsWindowVisible
GetWindowLongW
WaitForInputIdle
FindWindowW

gdi32

AddFontResourceExW
CreateScalableFontResourceW

ole32

GetClassFile
CreateFileMoniker
GetRunningObjectTable

shell32

SHCreateItemFromParsingName
SHParseDisplayName
SHGetPathFromIDListW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLangID

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

Exports

Exports

APIExportForDetours
CurrentThreadIsVirtualized
IsProcessHooked
RequestUnhookedFunctionList
VirtualizeCurrentProcess
VirtualizeCurrentThread

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 511KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppVEntVirtualization — копия.dll
.dll windows:10 windows x64 arch:x64

Password: 2025

fb3bd5b33249e2a3c816008fe21b5515

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:51:b4:b4:af:b5:71:a5:08:19:37:87:08:d1:32:99:24:27:0a:97:07:2d:4e:6b:61:fe:c5:8f:c6:e7:58:4f
Signer

Actual PE Digest

cd:51:b4:b4:af:b5:71:a5:08:19:37:87:08:d1:32:99:24:27:0a:97:07:2d:4e:6b:61:fe:c5:8f:c6:e7:58:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVEntVirtualization.pdb

Imports

msvcp_win

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?exceptions@ios_base@std@@QEAAXH@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
_Wcscoll
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
_Wcsxfrm
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?classic@locale@std@@SAAEBV12@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
_Mbrtowc

api-ms-win-crt-string-l1-1-0

wcsncmp
wcsnlen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
_o__waccess
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wcsupr_s
_o__wsplitpath_s
_o__wtoi
memmove
_o_calloc
_o_fclose
_o_ferror
_o_fopen
_o_fread
_o_free
_o_fwrite
_o_iswalpha
_o_iswdigit
_o_malloc
_o_realloc
_o_strerror
_o_terminate
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wmemcpy_s
__C_specific_handler
_CxxThrowException
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strrchr
__std_terminate
__CxxFrameHandler4
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__ftelli64
_o__fseeki64
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__RTDynamicCast
memcmp
memcpy
__CxxFrameHandler3
strchr
wcschr

fltlib

FilterAttach
FilterInstanceCreate
FilterGetMessage
FilterReplyMessage
FilterSendMessage
FilterConnectCommunicationPort
FilterLoad
FilterInstanceClose

advapi32

RegEnumValueW
DestroyPrivateObjectSecurity
AddAccessAllowedAce
SetPrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
MapGenericMask
AccessCheck
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
ImpersonateSelf
EventSetInformation
RegSaveKeyW
RegUnLoadKeyW
RegLoadKeyW
RegSetKeyValueW
RegRenameKey
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegGetKeySecurity
RegDeleteKeyExW
RegGetValueW
RegEnumKeyExW
RegDeleteTreeW
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
GetSidSubAuthorityCount
SetSecurityDescriptorSacl
LookupAccountSidW
GetSidIdentifierAuthority
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
EventUnregister
RevertToSelf
ImpersonateLoggedOnUser
SetTokenInformation
DuplicateTokenEx
EventActivityIdControl
LookupPrivilegeValueW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
AdjustTokenPrivileges
GetSecurityDescriptorDacl
GetAclInformation
EventWriteTransfer
GetAce
GetSecurityDescriptorGroup
SetNamedSecurityInfoW
GetSecurityDescriptorControl
GetNamedSecurityInfoW
ConvertStringSidToSidW
GetSecurityDescriptorOwner
AddAce
SetThreadToken
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorLength
OpenThreadToken
MakeSelfRelativeSD
MakeAbsoluteSD
EqualSid
GetSidSubAuthority
GetSidLengthRequired
CopySid
InitializeSid
IsValidSid
OpenProcessToken
DuplicateToken
ConvertSidToStringSidW
GetLengthSid
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
EventRegister

kernel32

TlsSetValue
FlushFileBuffers
VirtualProtect
LoadLibraryExA
VirtualQuery
HeapSize
HeapReAlloc
HeapDestroy
TlsFree
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
OpenProcess
GetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CloseHandle
ResetEvent
ReleaseSRWLockShared
LocalFree
AcquireSRWLockShared
WaitForSingleObject
CreateEventW
SetEvent
Wow64DisableWow64FsRedirection
TlsGetValue
GetShortPathNameW
FormatMessageA
AreFileApisANSI
SetFilePointer
CreateDirectoryW
CreateMutexW
DeviceIoControl
ReplaceFileW
Sleep
IsProcessInJob
K32GetModuleFileNameExW
AssignProcessToJobObject
DuplicateHandle
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandleEx
DosDateTimeToFileTime
SetFileInformationByHandle
LocalFileTimeToFileTime
CreateIoCompletionPort
CreateThread
GetSystemInfo
PostQueuedCompletionStatus
WaitForMultipleObjectsEx
GetQueuedCompletionStatus
QueryFullProcessImageNameW
TlsAlloc
GetEnvironmentVariableW
GetNativeSystemInfo
ExpandEnvironmentStringsW
FreeLibrary
GetFinalPathNameByHandleW
GetFullPathNameW
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
MoveFileExW
DeleteFileW
SetFileAttributesW
FindClose
RemoveDirectoryW
WriteFile
FindNextFileW
GetFileSizeEx
FindFirstFileW
ReadFile
DebugBreak
GetProcessHeap
CreateMutexExW
GetProcAddress
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
FormatMessageW
ReleaseMutex
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
QueueUserWorkItem
GetSystemTime
SystemTimeToFileTime
GetLocalTime
GetDriveTypeW
CheckNameLegalDOS8Dot3W
RaiseException
GetCurrentThread
Wow64RevertWow64FsRedirection
GetFileAttributesW
CreateFileW
GetVolumePathNameW

ntdll

RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInitializeSRWLock
RtlRunOnceExecuteOnce
NtMakeTemporaryObject
RtlFreeHeap
NtOpenJobObject
NtCreateJobObject
NtQueryInformationJobObject
RtlInitUnicodeString
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetInformationJobObject
RtlFindNextForwardRunClear
RtlRunOnceBeginInitialize
RtlRunOnceComplete
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlNtStatusToDosError
RtlNumberOfSetBits

ole32

CLSIDFromString
CoUninitialize
CoTaskMemFree
CoInitializeEx
CoCreateGuid
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

psapi

EnumProcessModulesEx
GetModuleFileNameExW

shell32

SHGetKnownFolderPath
SHFileOperationW
ord165
SHCreateItemFromParsingName
SHCreateDirectoryExW

shlwapi

PathFileExistsW

userenv

ExpandEnvironmentStringsForUserW
GetUserProfileDirectoryW
UnloadUserProfile
GetProfileType

container

WcCreateContainer
WcCleanupContainer
WcShutdownAppContainer

appvfilesystemmetadata

ord1

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

Deinitialize
GetComponent
Initialize
InitializeISV

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppVEntVirtualization.dll
.dll windows:10 windows x64 arch:x64

Password: 2025

fb3bd5b33249e2a3c816008fe21b5515

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:51:b4:b4:af:b5:71:a5:08:19:37:87:08:d1:32:99:24:27:0a:97:07:2d:4e:6b:61:fe:c5:8f:c6:e7:58:4f
Signer

Actual PE Digest

cd:51:b4:b4:af:b5:71:a5:08:19:37:87:08:d1:32:99:24:27:0a:97:07:2d:4e:6b:61:fe:c5:8f:c6:e7:58:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVEntVirtualization.pdb

Imports

msvcp_win

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?exceptions@ios_base@std@@QEAAXH@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
_Wcscoll
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
_Wcsxfrm
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?classic@locale@std@@SAAEBV12@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
_Mbrtowc

api-ms-win-crt-string-l1-1-0

wcsncmp
wcsnlen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
_o__waccess
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wcsupr_s
_o__wsplitpath_s
_o__wtoi
memmove
_o_calloc
_o_fclose
_o_ferror
_o_fopen
_o_fread
_o_free
_o_fwrite
_o_iswalpha
_o_iswdigit
_o_malloc
_o_realloc
_o_strerror
_o_terminate
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wmemcpy_s
__C_specific_handler
_CxxThrowException
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strrchr
__std_terminate
__CxxFrameHandler4
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__ftelli64
_o__fseeki64
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__RTDynamicCast
memcmp
memcpy
__CxxFrameHandler3
strchr
wcschr

fltlib

FilterAttach
FilterInstanceCreate
FilterGetMessage
FilterReplyMessage
FilterSendMessage
FilterConnectCommunicationPort
FilterLoad
FilterInstanceClose

advapi32

RegEnumValueW
DestroyPrivateObjectSecurity
AddAccessAllowedAce
SetPrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
MapGenericMask
AccessCheck
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
ImpersonateSelf
EventSetInformation
RegSaveKeyW
RegUnLoadKeyW
RegLoadKeyW
RegSetKeyValueW
RegRenameKey
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegGetKeySecurity
RegDeleteKeyExW
RegGetValueW
RegEnumKeyExW
RegDeleteTreeW
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
GetSidSubAuthorityCount
SetSecurityDescriptorSacl
LookupAccountSidW
GetSidIdentifierAuthority
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
EventUnregister
RevertToSelf
ImpersonateLoggedOnUser
SetTokenInformation
DuplicateTokenEx
EventActivityIdControl
LookupPrivilegeValueW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
AdjustTokenPrivileges
GetSecurityDescriptorDacl
GetAclInformation
EventWriteTransfer
GetAce
GetSecurityDescriptorGroup
SetNamedSecurityInfoW
GetSecurityDescriptorControl
GetNamedSecurityInfoW
ConvertStringSidToSidW
GetSecurityDescriptorOwner
AddAce
SetThreadToken
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorLength
OpenThreadToken
MakeSelfRelativeSD
MakeAbsoluteSD
EqualSid
GetSidSubAuthority
GetSidLengthRequired
CopySid
InitializeSid
IsValidSid
OpenProcessToken
DuplicateToken
ConvertSidToStringSidW
GetLengthSid
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
EventRegister

kernel32

TlsSetValue
FlushFileBuffers
VirtualProtect
LoadLibraryExA
VirtualQuery
HeapSize
HeapReAlloc
HeapDestroy
TlsFree
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
OpenProcess
GetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CloseHandle
ResetEvent
ReleaseSRWLockShared
LocalFree
AcquireSRWLockShared
WaitForSingleObject
CreateEventW
SetEvent
Wow64DisableWow64FsRedirection
TlsGetValue
GetShortPathNameW
FormatMessageA
AreFileApisANSI
SetFilePointer
CreateDirectoryW
CreateMutexW
DeviceIoControl
ReplaceFileW
Sleep
IsProcessInJob
K32GetModuleFileNameExW
AssignProcessToJobObject
DuplicateHandle
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandleEx
DosDateTimeToFileTime
SetFileInformationByHandle
LocalFileTimeToFileTime
CreateIoCompletionPort
CreateThread
GetSystemInfo
PostQueuedCompletionStatus
WaitForMultipleObjectsEx
GetQueuedCompletionStatus
QueryFullProcessImageNameW
TlsAlloc
GetEnvironmentVariableW
GetNativeSystemInfo
ExpandEnvironmentStringsW
FreeLibrary
GetFinalPathNameByHandleW
GetFullPathNameW
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
MoveFileExW
DeleteFileW
SetFileAttributesW
FindClose
RemoveDirectoryW
WriteFile
FindNextFileW
GetFileSizeEx
FindFirstFileW
ReadFile
DebugBreak
GetProcessHeap
CreateMutexExW
GetProcAddress
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
FormatMessageW
ReleaseMutex
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
QueueUserWorkItem
GetSystemTime
SystemTimeToFileTime
GetLocalTime
GetDriveTypeW
CheckNameLegalDOS8Dot3W
RaiseException
GetCurrentThread
Wow64RevertWow64FsRedirection
GetFileAttributesW
CreateFileW
GetVolumePathNameW

ntdll

RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInitializeSRWLock
RtlRunOnceExecuteOnce
NtMakeTemporaryObject
RtlFreeHeap
NtOpenJobObject
NtCreateJobObject
NtQueryInformationJobObject
RtlInitUnicodeString
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetInformationJobObject
RtlFindNextForwardRunClear
RtlRunOnceBeginInitialize
RtlRunOnceComplete
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlNtStatusToDosError
RtlNumberOfSetBits

ole32

CLSIDFromString
CoUninitialize
CoTaskMemFree
CoInitializeEx
CoCreateGuid
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

psapi

EnumProcessModulesEx
GetModuleFileNameExW

shell32

SHGetKnownFolderPath
SHFileOperationW
ord165
SHCreateItemFromParsingName
SHCreateDirectoryExW

shlwapi

PathFileExistsW

userenv

ExpandEnvironmentStringsForUserW
GetUserProfileDirectoryW
UnloadUserProfile
GetProfileType

container

WcCreateContainer
WcCleanupContainer
WcShutdownAppContainer

appvfilesystemmetadata

ord1

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

Deinitialize
GetComponent
Initialize
InitializeISV

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppVIntegration — копия.dll
.dll windows:10 windows x64 arch:x64

2bebf4805492a91911352a368d184c93

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:11:46:b3:ab:08:bc:6d:69:d4:aa:bc:c4:86:83:dd:31:c1:b9:d6:bd:40:a6:b1:a9:0e:65:d2:a9:d3:16:42
Signer

Actual PE Digest

24:11:46:b3:ab:08:bc:6d:69:d4:aa:bc:c4:86:83:dd:31:c1:b9:d6:bd:40:a6:b1:a9:0e:65:d2:a9:d3:16:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVIntegration.pdb

Imports

msvcp_win

?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?classic@locale@std@@SAAEBV12@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
?exceptions@ios_base@std@@QEAAXH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcsxfrm
?id@?$collate@_W@std@@2V0locale@2@A
_Wcscoll
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?uncaught_exception@std@@YA_NXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
_o__ultow_s
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wcsupr_s
memmove
_o__wmakepath_s
_o__wsplitpath_s
_o__wtoi
_o_calloc
_o_free
_o_iswalpha
_o_iswctype
_o_iswdigit
_o_iswspace
_o_malloc
_o_rand
_o_realloc
_o_srand
_o_terminate
_o_towupper
_o_wcscpy_s
__C_specific_handler
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strrchr
__std_terminate
__CxxFrameHandler4
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
strchr
__RTDynamicCast
memcmp
memcpy
__CxxFrameHandler3
wcsstr
wcschr
__std_type_info_compare

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

advapi32

ImpersonateLoggedOnUser
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegGetKeySecurity
AccessCheck
GetAce
EqualSid
MapGenericMask
SetSecurityDescriptorControl
RegSetKeySecurity
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
AddAce
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
CopySid
IsValidSid
GetLengthSid
RegOpenCurrentUser
RegCreateKeyExW
ConvertSidToStringSidW
GetTokenInformation
RegDeleteKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
SetThreadToken
RegOpenKeyExW
RegQueryValueExW
EventActivityIdControl
CreateProcessAsUserW
RegCloseKey
OpenProcessToken
DuplicateToken
OpenThreadToken
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
RevertToSelf

kernel32

HeapDestroy
HeapReAlloc
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
HeapSize
InitializeCriticalSectionAndSpinCount
GetTempPathW
DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
DuplicateHandle
CreateEventW
GetLastError
SetEvent
GetCurrentThread
CloseHandle
DeleteCriticalSection
DebugBreak
RemoveDirectoryW
CloseThreadpoolWork
CloseThreadpool
CreateThreadpool
SetThreadpoolThreadMinimum
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
Sleep
SetThreadpoolThreadMaximum
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
GetExitCodeProcess
CreateThreadpoolWork
RaiseException
CreateProcessW
DeviceIoControl
CreateFileW
LocalFree
ResetEvent
HeapFree
GetVersionExW
HeapAlloc
GetProcAddress
GetProcessHeap
MultiByteToWideChar
SetFileAttributesW
GetTempFileNameW
CopyFileExW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
InitializeSListHead
CopyFileW
GetDriveTypeW
GetModuleFileNameW
GetEnvironmentVariableW
GetShortPathNameW
GetLongPathNameW
SearchPathW
GetCurrentDirectoryW
GetComputerNameExW
LoadLibraryW
LoadLibraryA
GetSystemDirectoryW
WideCharToMultiByte
SetLastError
MoveFileExW
DeleteFileW
GetFileAttributesW
FindClose
GetFinalPathNameByHandleW
FindNextFileW
FindFirstFileW
IsWow64Process
GetSystemWow64DirectoryW
ExpandEnvironmentStringsW
GetNativeSystemInfo

msi

ord160
ord49
ord118
ord96
ord159
ord217
ord8
ord32
ord173

ntdll

NtQueryKey

ole32

CoTaskMemFree
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx
CoCreateGuid
StringFromGUID2

oleaut32

VariantChangeType
VariantClear
SysAllocString
SysFreeString
VariantInit
VariantCopy

rpcrt4

RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcMgmtIsServerListening
RpcBindingFromStringBindingW
RpcMgmtSetCancelTimeout
RpcBindingFree
RpcCancelThread
NdrClientCall2
UuidCreate

shell32

ord165
SHGetFolderPathW
SHGetKnownFolderPath

shlwapi

PathFileExistsW
PathIsUNCW
PathCanonicalizeW
SHCreateStreamOnFileEx
PathFindExtensionW

userenv

ExpandEnvironmentStringsForUserW
GetUserProfileDirectoryW
DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

Deinitialize
GetComponent
Initialize
InitializeISV

Sections

.text
Size: 878KB - Virtual size: 878KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppVIntegration.dll
.dll windows:10 windows x64 arch:x64

2bebf4805492a91911352a368d184c93

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:11:46:b3:ab:08:bc:6d:69:d4:aa:bc:c4:86:83:dd:31:c1:b9:d6:bd:40:a6:b1:a9:0e:65:d2:a9:d3:16:42
Signer

Actual PE Digest

24:11:46:b3:ab:08:bc:6d:69:d4:aa:bc:c4:86:83:dd:31:c1:b9:d6:bd:40:a6:b1:a9:0e:65:d2:a9:d3:16:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVIntegration.pdb

Imports

msvcp_win

?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?classic@locale@std@@SAAEBV12@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
?exceptions@ios_base@std@@QEAAXH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcsxfrm
?id@?$collate@_W@std@@2V0locale@2@A
_Wcscoll
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?uncaught_exception@std@@YA_NXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
_o__ultow_s
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wcsupr_s
memmove
_o__wmakepath_s
_o__wsplitpath_s
_o__wtoi
_o_calloc
_o_free
_o_iswalpha
_o_iswctype
_o_iswdigit
_o_iswspace
_o_malloc
_o_rand
_o_realloc
_o_srand
_o_terminate
_o_towupper
_o_wcscpy_s
__C_specific_handler
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strrchr
__std_terminate
__CxxFrameHandler4
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
strchr
__RTDynamicCast
memcmp
memcpy
__CxxFrameHandler3
wcsstr
wcschr
__std_type_info_compare

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

advapi32

ImpersonateLoggedOnUser
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegGetKeySecurity
AccessCheck
GetAce
EqualSid
MapGenericMask
SetSecurityDescriptorControl
RegSetKeySecurity
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
AddAce
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
CopySid
IsValidSid
GetLengthSid
RegOpenCurrentUser
RegCreateKeyExW
ConvertSidToStringSidW
GetTokenInformation
RegDeleteKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
SetThreadToken
RegOpenKeyExW
RegQueryValueExW
EventActivityIdControl
CreateProcessAsUserW
RegCloseKey
OpenProcessToken
DuplicateToken
OpenThreadToken
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
RevertToSelf

kernel32

HeapDestroy
HeapReAlloc
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
HeapSize
InitializeCriticalSectionAndSpinCount
GetTempPathW
DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
DuplicateHandle
CreateEventW
GetLastError
SetEvent
GetCurrentThread
CloseHandle
DeleteCriticalSection
DebugBreak
RemoveDirectoryW
CloseThreadpoolWork
CloseThreadpool
CreateThreadpool
SetThreadpoolThreadMinimum
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
Sleep
SetThreadpoolThreadMaximum
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
GetExitCodeProcess
CreateThreadpoolWork
RaiseException
CreateProcessW
DeviceIoControl
CreateFileW
LocalFree
ResetEvent
HeapFree
GetVersionExW
HeapAlloc
GetProcAddress
GetProcessHeap
MultiByteToWideChar
SetFileAttributesW
GetTempFileNameW
CopyFileExW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
InitializeSListHead
CopyFileW
GetDriveTypeW
GetModuleFileNameW
GetEnvironmentVariableW
GetShortPathNameW
GetLongPathNameW
SearchPathW
GetCurrentDirectoryW
GetComputerNameExW
LoadLibraryW
LoadLibraryA
GetSystemDirectoryW
WideCharToMultiByte
SetLastError
MoveFileExW
DeleteFileW
GetFileAttributesW
FindClose
GetFinalPathNameByHandleW
FindNextFileW
FindFirstFileW
IsWow64Process
GetSystemWow64DirectoryW
ExpandEnvironmentStringsW
GetNativeSystemInfo

msi

ord160
ord49
ord118
ord96
ord159
ord217
ord8
ord32
ord173

ntdll

NtQueryKey

ole32

CoTaskMemFree
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx
CoCreateGuid
StringFromGUID2

oleaut32

VariantChangeType
VariantClear
SysAllocString
SysFreeString
VariantInit
VariantCopy

rpcrt4

RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcMgmtIsServerListening
RpcBindingFromStringBindingW
RpcMgmtSetCancelTimeout
RpcBindingFree
RpcCancelThread
NdrClientCall2
UuidCreate

shell32

ord165
SHGetFolderPathW
SHGetKnownFolderPath

shlwapi

PathFileExistsW
PathIsUNCW
PathCanonicalizeW
SHCreateStreamOnFileEx
PathFindExtensionW

userenv

ExpandEnvironmentStringsForUserW
GetUserProfileDirectoryW
DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

Deinitialize
GetComponent
Initialize
InitializeISV

Sections

.text
Size: 878KB - Virtual size: 878KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppXDeploymentExtensions.desktop — копия.dll
.dll windows:10 windows x64 arch:x64

f758fe461f8c1db1df5e404a5b12fce4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxDeploymentExtensions.Desktop.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wtoi
memmove
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_toupper
_o_wcscpy_s
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
__std_terminate
__CxxFrameHandler4
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
memcmp
memcpy
wcsrchr
wcschr

api-ms-win-crt-string-l1-1-0

strcmp
memset
wcscmp
memmove_s

appxdeploymentserver

PackageRepositoryAllocate
AppXSetTrustLabelOnPackage
PackageRepositoryFree

staterepository.core

sqlite3_status
sqlite3_expanded_sql
sqlite3_snprintf
sqlite3_profile
sqlite3_trace
sqlite3_config
sqlite3_exec
sqlite3_result_text16
sqlite3_value_int64
sqlite3_free
sqlite3_result_blob
sqlite3_malloc
sqlite3_value_bytes
sqlite3_value_blob
sqlite3_value_int
sqlite3_value_text16
sqlite3_value_type
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_error_code
sqlite3_result_error16
sqlite3_result_error_nomem
sqlite3_user_data
sqlite3_create_function_v2
sqlite3_db_status
sqlite3_busy_timeout
sqlite3_prepare_v2
sqlite3_db_filename
sqlite3_last_insert_rowid
sqlite3_changes
sqlite3_wal_checkpoint_v2
sqlite3_wal_autocheckpoint
sqlite3_db_config
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_extended_errcode
sqlite3_open_v2
sqlite3_close
sqlite3_get_autocommit
sqlite3_next_stmt
sqlite3_step
sqlite3_reset
sqlite3_errmsg
sqlite3_finalize
sqlite3_log
sqlite3_db_handle
sqlite3_sql
sqlite3_stmt_busy
sqlite3_column_type
sqlite3_column_blob
sqlite3_column_text16
sqlite3_column_bytes
sqlite3_column_text
sqlite3_column_int64
sqlite3_errcode
sqlite3_column_int
sqlite3_bind_blob
sqlite3_bind_text16
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_bind_null
sqlite3_clear_bindings

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseMutex
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
AcquireSRWLockExclusive
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
LeaveCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
SetEvent
EnterCriticalSection
CreateMutexExW
InitializeSRWLock
AcquireSRWLockShared
WaitForSingleObject
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
CreateProcessAsUserW
ProcessIdToSessionId
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
SetThreadToken
TlsSetValue
TerminateProcess
TlsGetValue
GetCurrentThreadId
TlsAlloc
OpenThreadToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
FreeLibrary

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl
EventSetInformation
EventProviderEnabled

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsIsStringEmpty
WindowsDeleteStringBuffer
WindowsConcatString
WindowsCreateStringReference
WindowsDuplicateString
WindowsCreateString
WindowsGetStringLen
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsGetStringRawBuffer

oleaut32

SysFreeString
SysAllocString
VariantClear
SysAllocStringLen

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegGetKeySecurity
RegDeleteValueW
RegDeleteKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCopyTreeW
RegCloseKey
RegDeleteTreeW
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegGetValueW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlCaptureStackBackTrace
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemInfo
GetWindowsDirectoryW
GetTickCount
GetVersionExW
GetTickCount64
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
CompareStringEx

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
SetSecurityDescriptorDacl
GetLengthSid
IsValidSid
GetSecurityDescriptorOwner
CopySid
ImpersonateLoggedOnUser
RevertToSelf
EqualSid
CreateWellKnownSid
GetTokenInformation
DuplicateTokenEx
AddAce
GetAclInformation
GetSidSubAuthority
GetSidSubAuthorityCount
DeleteAce
InitializeAcl
AddAccessAllowedAceEx
ImpersonateSelf
GetAce
GetSecurityDescriptorDacl
InitializeSecurityDescriptor

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoGetApartmentType
CoCreateInstance
IIDFromString
CoCreateGuid
StringFromGUID2
CoDisableCallCancellation
CoSetProxyBlanket
CoCancelCall
CoEnableCallCancellation
PropVariantClear
CreateStreamOnHGlobal
CoTaskMemRealloc
StringFromCLSID
CLSIDFromString
CoGetMalloc
CoTaskMemAlloc

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
SetFileAttributesW
GetFileAttributesW
RemoveDirectoryW
DeleteFileW
ReadFile
FindNextFileW
FindFirstFileW
FindClose
GetVolumePathNameW
CreateFileW
GetTempFileNameW
GetFileSize
GetFileSizeEx
CreateDirectoryW
WriteFile

ntdll

RtlPublishWnfStateData
RtlReleaseSRWLockExclusive
RtlEnterCriticalSection
RtlAcquireSRWLockShared
RtlAllocateHeap
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtQueryInformationProcess
RtlNtStatusToDosErrorNoTeb
NtQueryInformationFile
RtlReleaseSRWLockShared
RtlExpandEnvironmentStrings_U
RtlInitUnicodeString
RtlCompareUnicodeString
RtlDowncaseUnicodeString
RtlDetermineDosPathNameType_U
NtAccessCheck
RtlFreeSid
RtlAddAce
NtSetInformationThread
NtQueryInformationThread
RtlValidSid
RtlGetDeviceFamilyInfoEnum
RtlFreeHeap
RtlAcquireSRWLockExclusive
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlEqualUnicodeString
RtlUpcaseUnicodeChar
RtlIsMultiSessionSku
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlLookupElementGenericTableAvl
RtlLeaveCriticalSection
RtlLengthSid
RtlReportException
NtQuerySystemInformation
NtSetInformationVirtualMemory
RtlAllocateAndInitializeSid

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc
GlobalAlloc

api-ms-win-core-path-l1-1-0

PathAllocCanonicalize
PathCchRemoveBackslash
PathCchSkipRoot
PathCchAppend
PathCchCombine

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadWithHandle

api-ms-win-core-file-l1-2-2

FindNextFileNameW
FindFirstFileNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsPrefixW
PathFileExistsW
PathFindFileNameW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
MoveFileExW
CopyFileExW
CreateHardLinkW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptAcquireContextW
CryptCreateHash
CryptHashData

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-security-trustee-l1-1-0

BuildTrusteeWithSidW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-service-management-l1-1-0

CreateServiceW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
DeleteService

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
NotifyServiceStatusChangeW
ChangeServiceConfig2W
SetServiceObjectSecurity

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-shcore-registry-l1-1-0

SHDeleteKeyW
SHSetValueW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-security-lsalookup-l1-1-0

LsaLookupFreeMemory
LsaLookupClose
LsaLookupGetDomainInfo
LsaLookupOpenLocalPolicy

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

combase

ord153

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
RoOriginateError

api-ms-win-core-file-l2-1-2

CopyFileW

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

profapi

ord104

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-eventing-tdh-l1-1-0

TdhGetEventInformation
TdhEnumerateProviderFieldInformation
TdhGetEventMapInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

propsys

PropVariantToStringVectorAlloc
PSCreateMemoryPropertyStore

api-ms-win-core-string-l2-1-0

CharLowerBuffW

Exports

Exports

LoadCategoryNameTable
LoadExtensionRegistrationTable
ShellRefresh

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppXDeploymentExtensions.desktop.dll
.dll windows:10 windows x64 arch:x64

f758fe461f8c1db1df5e404a5b12fce4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxDeploymentExtensions.Desktop.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wtoi
memmove
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_toupper
_o_wcscpy_s
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
__std_terminate
__CxxFrameHandler4
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
memcmp
memcpy
wcsrchr
wcschr

api-ms-win-crt-string-l1-1-0

strcmp
memset
wcscmp
memmove_s

appxdeploymentserver

PackageRepositoryAllocate
AppXSetTrustLabelOnPackage
PackageRepositoryFree

staterepository.core

sqlite3_status
sqlite3_expanded_sql
sqlite3_snprintf
sqlite3_profile
sqlite3_trace
sqlite3_config
sqlite3_exec
sqlite3_result_text16
sqlite3_value_int64
sqlite3_free
sqlite3_result_blob
sqlite3_malloc
sqlite3_value_bytes
sqlite3_value_blob
sqlite3_value_int
sqlite3_value_text16
sqlite3_value_type
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_error_code
sqlite3_result_error16
sqlite3_result_error_nomem
sqlite3_user_data
sqlite3_create_function_v2
sqlite3_db_status
sqlite3_busy_timeout
sqlite3_prepare_v2
sqlite3_db_filename
sqlite3_last_insert_rowid
sqlite3_changes
sqlite3_wal_checkpoint_v2
sqlite3_wal_autocheckpoint
sqlite3_db_config
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_extended_errcode
sqlite3_open_v2
sqlite3_close
sqlite3_get_autocommit
sqlite3_next_stmt
sqlite3_step
sqlite3_reset
sqlite3_errmsg
sqlite3_finalize
sqlite3_log
sqlite3_db_handle
sqlite3_sql
sqlite3_stmt_busy
sqlite3_column_type
sqlite3_column_blob
sqlite3_column_text16
sqlite3_column_bytes
sqlite3_column_text
sqlite3_column_int64
sqlite3_errcode
sqlite3_column_int
sqlite3_bind_blob
sqlite3_bind_text16
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_bind_null
sqlite3_clear_bindings

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseMutex
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
AcquireSRWLockExclusive
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
LeaveCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
SetEvent
EnterCriticalSection
CreateMutexExW
InitializeSRWLock
AcquireSRWLockShared
WaitForSingleObject
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
CreateProcessAsUserW
ProcessIdToSessionId
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
SetThreadToken
TlsSetValue
TerminateProcess
TlsGetValue
GetCurrentThreadId
TlsAlloc
OpenThreadToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
FreeLibrary

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl
EventSetInformation
EventProviderEnabled

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsIsStringEmpty
WindowsDeleteStringBuffer
WindowsConcatString
WindowsCreateStringReference
WindowsDuplicateString
WindowsCreateString
WindowsGetStringLen
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsGetStringRawBuffer

oleaut32

SysFreeString
SysAllocString
VariantClear
SysAllocStringLen

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegGetKeySecurity
RegDeleteValueW
RegDeleteKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCopyTreeW
RegCloseKey
RegDeleteTreeW
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegGetValueW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlCaptureStackBackTrace
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemInfo
GetWindowsDirectoryW
GetTickCount
GetVersionExW
GetTickCount64
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
CompareStringEx

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
SetSecurityDescriptorDacl
GetLengthSid
IsValidSid
GetSecurityDescriptorOwner
CopySid
ImpersonateLoggedOnUser
RevertToSelf
EqualSid
CreateWellKnownSid
GetTokenInformation
DuplicateTokenEx
AddAce
GetAclInformation
GetSidSubAuthority
GetSidSubAuthorityCount
DeleteAce
InitializeAcl
AddAccessAllowedAceEx
ImpersonateSelf
GetAce
GetSecurityDescriptorDacl
InitializeSecurityDescriptor

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoGetApartmentType
CoCreateInstance
IIDFromString
CoCreateGuid
StringFromGUID2
CoDisableCallCancellation
CoSetProxyBlanket
CoCancelCall
CoEnableCallCancellation
PropVariantClear
CreateStreamOnHGlobal
CoTaskMemRealloc
StringFromCLSID
CLSIDFromString
CoGetMalloc
CoTaskMemAlloc

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
SetFileAttributesW
GetFileAttributesW
RemoveDirectoryW
DeleteFileW
ReadFile
FindNextFileW
FindFirstFileW
FindClose
GetVolumePathNameW
CreateFileW
GetTempFileNameW
GetFileSize
GetFileSizeEx
CreateDirectoryW
WriteFile

ntdll

RtlPublishWnfStateData
RtlReleaseSRWLockExclusive
RtlEnterCriticalSection
RtlAcquireSRWLockShared
RtlAllocateHeap
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtQueryInformationProcess
RtlNtStatusToDosErrorNoTeb
NtQueryInformationFile
RtlReleaseSRWLockShared
RtlExpandEnvironmentStrings_U
RtlInitUnicodeString
RtlCompareUnicodeString
RtlDowncaseUnicodeString
RtlDetermineDosPathNameType_U
NtAccessCheck
RtlFreeSid
RtlAddAce
NtSetInformationThread
NtQueryInformationThread
RtlValidSid
RtlGetDeviceFamilyInfoEnum
RtlFreeHeap
RtlAcquireSRWLockExclusive
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlEqualUnicodeString
RtlUpcaseUnicodeChar
RtlIsMultiSessionSku
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlLookupElementGenericTableAvl
RtlLeaveCriticalSection
RtlLengthSid
RtlReportException
NtQuerySystemInformation
NtSetInformationVirtualMemory
RtlAllocateAndInitializeSid

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc
GlobalAlloc

api-ms-win-core-path-l1-1-0

PathAllocCanonicalize
PathCchRemoveBackslash
PathCchSkipRoot
PathCchAppend
PathCchCombine

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadWithHandle

api-ms-win-core-file-l1-2-2

FindNextFileNameW
FindFirstFileNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsPrefixW
PathFileExistsW
PathFindFileNameW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
MoveFileExW
CopyFileExW
CreateHardLinkW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptAcquireContextW
CryptCreateHash
CryptHashData

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-security-trustee-l1-1-0

BuildTrusteeWithSidW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-service-management-l1-1-0

CreateServiceW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
DeleteService

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
NotifyServiceStatusChangeW
ChangeServiceConfig2W
SetServiceObjectSecurity

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-shcore-registry-l1-1-0

SHDeleteKeyW
SHSetValueW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-security-lsalookup-l1-1-0

LsaLookupFreeMemory
LsaLookupClose
LsaLookupGetDomainInfo
LsaLookupOpenLocalPolicy

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

combase

ord153

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
RoOriginateError

api-ms-win-core-file-l2-1-2

CopyFileW

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

profapi

ord104

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-eventing-tdh-l1-1-0

TdhGetEventInformation
TdhEnumerateProviderFieldInformation
TdhGetEventMapInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

propsys

PropVariantToStringVectorAlloc
PSCreateMemoryPropertyStore

api-ms-win-core-string-l2-1-0

CharLowerBuffW

Exports

Exports

LoadCategoryNameTable
LoadExtensionRegistrationTable
ShellRefresh

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppXDeploymentExtensions.onecore — копия.dll
.dll windows:10 windows x64 arch:x64

b7793dd136500b62e93a2df5844861b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxDeploymentExtensions.OneCore.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
_o_free
memmove
_o_malloc
_o_realloc
_o_terminate
_o_toupper
_o_wcscpy_s
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
wcsrchr
wcsstr
wcschr
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
memmove_s
wcscmp
strcmp

shcore

SHSetValueW
ord131
IsOS

appxdeploymentserver

PackageRepositoryAllocate
PackageRepositoryFree
RequestPackageOperationImplementation
GetSessionIdsOwnedByUser

staterepository.core

sqlite3_result_error_nomem
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_int64
sqlite3_result_int
sqlite3_user_data
sqlite3_value_type
sqlite3_value_text16
sqlite3_value_int
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_malloc
sqlite3_result_blob
sqlite3_value_int64
sqlite3_result_text16
sqlite3_prepare_v2
sqlite3_exec
sqlite3_status
sqlite3_last_insert_rowid
sqlite3_changes
sqlite3_wal_checkpoint_v2
sqlite3_wal_autocheckpoint
sqlite3_db_config
sqlite3_create_function_v2
sqlite3_file_control
sqlite3_extended_errcode
sqlite3_open_v2
sqlite3_close
sqlite3_free
sqlite3_expanded_sql
sqlite3_db_filename
sqlite3_snprintf
sqlite3_column_int
sqlite3_bind_blob
sqlite3_db_status
sqlite3_profile
sqlite3_busy_timeout
sqlite3_bind_text16
sqlite3_clear_bindings
sqlite3_trace
sqlite3_bind_int64
sqlite3_config
sqlite3_errcode
sqlite3_bind_int
sqlite3_get_autocommit
sqlite3_next_stmt
sqlite3_step
sqlite3_reset
sqlite3_errmsg
sqlite3_finalize
sqlite3_bind_null
sqlite3_log
sqlite3_db_handle
sqlite3_sql
sqlite3_stmt_busy
sqlite3_column_type
sqlite3_extended_result_codes
sqlite3_column_blob
sqlite3_column_text16
sqlite3_column_bytes
sqlite3_column_text
sqlite3_column_int64

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSemaphore
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
ReleaseMutex
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
SetEvent
ResetEvent
TryAcquireSRWLockExclusive
CreateEventW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
TlsAlloc
SetThreadToken
OpenProcessToken
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentProcess
ProcessIdToSessionId
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
FreeLibrary
LoadLibraryExW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventUnregister
EventProviderEnabled
EventRegister

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteStringBuffer
WindowsPromoteStringBuffer
WindowsCompareStringOrdinal
WindowsPreallocateStringBuffer
WindowsConcatString
WindowsIsStringEmpty
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsGetStringLen
WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegOpenCurrentUser
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegGetValueW
RegOpenKeyExW
RegCreateKeyExW
RegGetKeySecurity
RegLoadAppKeyW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegSetKeySecurity

ntdll

RtlAddProcessTrustLabelAce
RtlDeriveCapabilitySidsFromName
RtlCreateSecurityDescriptor
RtlIsMultiSessionSku
RtlCreateAcl
NtDeleteWnfStateName
NtMapViewOfSection
EtwEventRegister
RtlAllocateAndInitializeSid
EtwEventUnregister
NtUnmapViewOfSection
NtQueryInformationFile
RtlFreeSid
NtClose
RtlSetSaclSecurityDescriptor
RtlAddAce
NtSetInformationVirtualMemory
EtwEventWrite
NtAccessCheck
NtFsControlFile
NtCreateFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlLengthSid
NtCreateSection
RtlAllocateHeap
RtlGetAce
RtlNtStatusToDosErrorNoTeb
RtlReportException
ZwFlushBuffersFileEx
RtlDowncaseUnicodeString
NtSetInformationThread
NtCreateLowBoxToken
NtQueryInformationThread
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtQueryInformationProcess
RtlValidSid
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlFreeUnicodeString
RtlGetDaclSecurityDescriptor
RtlExpandEnvironmentStrings_U
RtlConvertSidToUnicodeString
RtlFreeHeap
RtlDetermineDosPathNameType_U
RtlCopySid
NtQueryInformationToken
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlInitializeGenericTableAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
NtQuerySystemInformation
RtlUpcaseUnicodeChar
RtlEqualUnicodeString
NtSetSecurityObject
RtlExpandEnvironmentStrings

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount64
GetSystemDirectoryW
GetSystemInfo
GetWindowsDirectoryW
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
GetTokenInformation
DeleteAce
CreateWellKnownSid
AdjustTokenPrivileges
IsValidSid
AllocateAndInitializeSid
CreatePrivateObjectSecurityEx
SetSecurityAccessMask
DestroyPrivateObjectSecurity
SetSecurityDescriptorControl
GetSecurityDescriptorOwner
EqualSid
ImpersonateLoggedOnUser
ImpersonateSelf
RevertToSelf
AddAccessAllowedAceEx
GetSidSubAuthority
InitializeAcl
AddAce
GetAce
GetSidSubAuthorityCount
FreeSid
GetSecurityDescriptorDacl
GetAclInformation
IsValidSecurityDescriptor
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
MakeSelfRelativeSD

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountSidW

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
CreateDirectoryW
FindFirstFileW
FindClose
FindNextFileW
SetFileInformationByHandle
DeleteFileW
WriteFile
GetFileAttributesExW
SetFileAttributesW
GetFileSizeEx
GetFileAttributesW
CreateFileW
GetFinalPathNameByHandleW
GetFileInformationByHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringEx
CompareStringW
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoCreateGuid
CoGetApartmentType
StringFromCLSID
CoTaskMemFree
CoSetProxyBlanket
IIDFromString
CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32EnumProcesses

userenv

ord213
ord210
ord212
GetProfileType
GetAppContainerFolderPath
ord218

api-ms-win-core-registry-l2-1-0

RegEnumKeyW
RegDeleteKeyW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathIsFileSpecW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchRemoveFileSpec
PathCchCombine
PathCchRemoveBackslash
PathAllocCanonicalize
PathCchAppend
PathCchSkipRoot

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx
CreateHardLinkW
CopyFileExW

profapi

ord107
ord114
ord103
ord104

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
RoOriginateErrorW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

rpcrt4

RpcStringBindingComposeW
RpcBindingFree
UuidFromStringW
RpcBindingFromStringBindingW
NdrClientCall2
RpcBindingCreateW
RpcBindingBind
RpcExceptionFilter
UuidToStringW
RpcBindingSetAuthInfoExW
RpcStringFreeW
UuidCreate
NdrClientCall3
I_RpcExceptionFilter

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetSecurityInfo

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage2

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-com-private-l1-1-0

CoGetModuleArchitecture

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrRChrW

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-security-lsalookup-l1-1-0

LsaLookupOpenLocalPolicy
LsaLookupGetDomainInfo
LsaLookupFreeMemory
LsaLookupClose

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetTempPathW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-core-processthreads-l1-1-3

GetProcessInformation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord153
ord154

mrmcorer

GetInternalReferenceBlobForManifestValue
ResourceManagerQueueReset
ResourceManagerQueueGetCurrentDepth
ResourceManagerQueueGetMrtCachePathForPackage

api-ms-win-net-isolation-l1-1-0

NetworkIsolationSetupAppContainerBinaries

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

api-ms-win-eventing-tdh-l1-1-0

TdhGetEventInformation
TdhGetEventMapInformation
TdhEnumerateProviderFieldInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntmarta

AccTreeResetNamedSecurityInfo

Exports

Exports

LoadCategoryNameTable
LoadExtensionRegistrationTable
ShellRefresh

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppXDeploymentExtensions.onecore.dll
.dll windows:10 windows x64 arch:x64

b7793dd136500b62e93a2df5844861b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxDeploymentExtensions.OneCore.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
_o_free
memmove
_o_malloc
_o_realloc
_o_terminate
_o_toupper
_o_wcscpy_s
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
wcsrchr
wcsstr
wcschr
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
memmove_s
wcscmp
strcmp

shcore

SHSetValueW
ord131
IsOS

appxdeploymentserver

PackageRepositoryAllocate
PackageRepositoryFree
RequestPackageOperationImplementation
GetSessionIdsOwnedByUser

staterepository.core

sqlite3_result_error_nomem
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_int64
sqlite3_result_int
sqlite3_user_data
sqlite3_value_type
sqlite3_value_text16
sqlite3_value_int
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_malloc
sqlite3_result_blob
sqlite3_value_int64
sqlite3_result_text16
sqlite3_prepare_v2
sqlite3_exec
sqlite3_status
sqlite3_last_insert_rowid
sqlite3_changes
sqlite3_wal_checkpoint_v2
sqlite3_wal_autocheckpoint
sqlite3_db_config
sqlite3_create_function_v2
sqlite3_file_control
sqlite3_extended_errcode
sqlite3_open_v2
sqlite3_close
sqlite3_free
sqlite3_expanded_sql
sqlite3_db_filename
sqlite3_snprintf
sqlite3_column_int
sqlite3_bind_blob
sqlite3_db_status
sqlite3_profile
sqlite3_busy_timeout
sqlite3_bind_text16
sqlite3_clear_bindings
sqlite3_trace
sqlite3_bind_int64
sqlite3_config
sqlite3_errcode
sqlite3_bind_int
sqlite3_get_autocommit
sqlite3_next_stmt
sqlite3_step
sqlite3_reset
sqlite3_errmsg
sqlite3_finalize
sqlite3_bind_null
sqlite3_log
sqlite3_db_handle
sqlite3_sql
sqlite3_stmt_busy
sqlite3_column_type
sqlite3_extended_result_codes
sqlite3_column_blob
sqlite3_column_text16
sqlite3_column_bytes
sqlite3_column_text
sqlite3_column_int64

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSemaphore
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
ReleaseMutex
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
SetEvent
ResetEvent
TryAcquireSRWLockExclusive
CreateEventW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
TlsAlloc
SetThreadToken
OpenProcessToken
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentProcess
ProcessIdToSessionId
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
FreeLibrary
LoadLibraryExW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventUnregister
EventProviderEnabled
EventRegister

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
SysAllocString
VariantInit

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteStringBuffer
WindowsPromoteStringBuffer
WindowsCompareStringOrdinal
WindowsPreallocateStringBuffer
WindowsConcatString
WindowsIsStringEmpty
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsGetStringLen
WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegOpenCurrentUser
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegGetValueW
RegOpenKeyExW
RegCreateKeyExW
RegGetKeySecurity
RegLoadAppKeyW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegSetKeySecurity

ntdll

RtlAddProcessTrustLabelAce
RtlDeriveCapabilitySidsFromName
RtlCreateSecurityDescriptor
RtlIsMultiSessionSku
RtlCreateAcl
NtDeleteWnfStateName
NtMapViewOfSection
EtwEventRegister
RtlAllocateAndInitializeSid
EtwEventUnregister
NtUnmapViewOfSection
NtQueryInformationFile
RtlFreeSid
NtClose
RtlSetSaclSecurityDescriptor
RtlAddAce
NtSetInformationVirtualMemory
EtwEventWrite
NtAccessCheck
NtFsControlFile
NtCreateFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlLengthSid
NtCreateSection
RtlAllocateHeap
RtlGetAce
RtlNtStatusToDosErrorNoTeb
RtlReportException
ZwFlushBuffersFileEx
RtlDowncaseUnicodeString
NtSetInformationThread
NtCreateLowBoxToken
NtQueryInformationThread
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtQueryInformationProcess
RtlValidSid
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlFreeUnicodeString
RtlGetDaclSecurityDescriptor
RtlExpandEnvironmentStrings_U
RtlConvertSidToUnicodeString
RtlFreeHeap
RtlDetermineDosPathNameType_U
RtlCopySid
NtQueryInformationToken
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlInitializeGenericTableAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
NtQuerySystemInformation
RtlUpcaseUnicodeChar
RtlEqualUnicodeString
NtSetSecurityObject
RtlExpandEnvironmentStrings

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount64
GetSystemDirectoryW
GetSystemInfo
GetWindowsDirectoryW
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
GetTokenInformation
DeleteAce
CreateWellKnownSid
AdjustTokenPrivileges
IsValidSid
AllocateAndInitializeSid
CreatePrivateObjectSecurityEx
SetSecurityAccessMask
DestroyPrivateObjectSecurity
SetSecurityDescriptorControl
GetSecurityDescriptorOwner
EqualSid
ImpersonateLoggedOnUser
ImpersonateSelf
RevertToSelf
AddAccessAllowedAceEx
GetSidSubAuthority
InitializeAcl
AddAce
GetAce
GetSidSubAuthorityCount
FreeSid
GetSecurityDescriptorDacl
GetAclInformation
IsValidSecurityDescriptor
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
MakeSelfRelativeSD

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountSidW

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
CreateDirectoryW
FindFirstFileW
FindClose
FindNextFileW
SetFileInformationByHandle
DeleteFileW
WriteFile
GetFileAttributesExW
SetFileAttributesW
GetFileSizeEx
GetFileAttributesW
CreateFileW
GetFinalPathNameByHandleW
GetFileInformationByHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringEx
CompareStringW
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoCreateGuid
CoGetApartmentType
StringFromCLSID
CoTaskMemFree
CoSetProxyBlanket
IIDFromString
CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32EnumProcesses

userenv

ord213
ord210
ord212
GetProfileType
GetAppContainerFolderPath
ord218

api-ms-win-core-registry-l2-1-0

RegEnumKeyW
RegDeleteKeyW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathIsFileSpecW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchRemoveFileSpec
PathCchCombine
PathCchRemoveBackslash
PathAllocCanonicalize
PathCchAppend
PathCchSkipRoot

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx
CreateHardLinkW
CopyFileExW

profapi

ord107
ord114
ord103
ord104

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
RoOriginateErrorW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

rpcrt4

RpcStringBindingComposeW
RpcBindingFree
UuidFromStringW
RpcBindingFromStringBindingW
NdrClientCall2
RpcBindingCreateW
RpcBindingBind
RpcExceptionFilter
UuidToStringW
RpcBindingSetAuthInfoExW
RpcStringFreeW
UuidCreate
NdrClientCall3
I_RpcExceptionFilter

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetSecurityInfo

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage2

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-com-private-l1-1-0

CoGetModuleArchitecture

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrRChrW

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-security-lsalookup-l1-1-0

LsaLookupOpenLocalPolicy
LsaLookupGetDomainInfo
LsaLookupFreeMemory
LsaLookupClose

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetTempPathW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-core-processthreads-l1-1-3

GetProcessInformation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord153
ord154

mrmcorer

GetInternalReferenceBlobForManifestValue
ResourceManagerQueueReset
ResourceManagerQueueGetCurrentDepth
ResourceManagerQueueGetMrtCachePathForPackage

api-ms-win-net-isolation-l1-1-0

NetworkIsolationSetupAppContainerBinaries

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

api-ms-win-eventing-tdh-l1-1-0

TdhGetEventInformation
TdhGetEventMapInformation
TdhEnumerateProviderFieldInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntmarta

AccTreeResetNamedSecurityInfo

Exports

Exports

LoadCategoryNameTable
LoadExtensionRegistrationTable
ShellRefresh

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppXDeploymentServer — копия.dll
.dll windows:10 windows x64 arch:x64

9fe26bd9a4c2fdc391fcba32854390b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxDeploymentServer.pdb

Imports

api-ms-win-crt-string-l1-1-0

strcmp
wcscmp
memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__ui64tow_s
_o__ultow_s
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wtoi
_o_calloc
memmove
_o_free
_o_malloc
_o_qsort
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
wcsstr
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o___std_exception_destroy
_o___std_exception_copy
strchr
wcsrchr
wcschr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

ntdll

RtlDetermineDosPathNameType_U
RtlConvertSidToUnicodeString
RtlLengthSid
NtQueryInformationToken
RtlCopySid
NtSetInformationVirtualMemory
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReportException
NtQuerySystemInformation
RtlInitializeCriticalSection
NtFsControlFile
NtSetInformationFile
RtlExpandEnvironmentStrings
RtlReleaseRelativeName
NtOpenFile
NtQuerySecurityObject
RtlGetAppContainerNamedObjectPath
NtCreateFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDeleteFunctionTable
RtlAddFunctionTable
NtCreateWnfStateName
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtOpenDirectoryObject
RtlDeleteCriticalSection
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
RtlDeleteSecurityObject
NtAccessCheck
RtlCreateAndSetSD
RtlEqualSid
RtlAllocateAndInitializeSid
RtlIsStateSeparationEnabled
RtlQueryPackageClaims
ZwFlushBuffersFileEx
RtlAllocateHeap
RtlDeriveCapabilitySidsFromName
RtlFreeSid
NtUnmapViewOfSection
NtMapViewOfSection
RtlNtStatusToDosErrorNoTeb
NtCreateSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
NtClose
RtlIsGenericTableEmptyAvl
RtlDowncaseUnicodeString
NtDeleteWnfStateName
NtSetInformationThread
NtQueryInformationThread
RtlFreeUnicodeString
NtQueryInformationFile
RtlGetPersistedStateLocation
RtlValidSid
RtlWaitForWnfMetaNotification
RtlSetSaclSecurityDescriptor
NtGetCachedSigningLevel
RtlIsMultiUsersInSessionSku
RtlNtStatusToDosError
RtlNumberGenericTableElementsAvl
RtlPublishWnfStateData
RtlFreeHeap
RtlLookupElementGenericTableAvl
NtCompareSigningLevels
RtlFindAceByType
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitUnicodeString
RtlCompareUnicodeString
RtlInitializeGenericTableAvl
RtlQueryWnfStateData
RtlEnumerateGenericTableWithoutSplayingAvl
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlCreateSecurityDescriptor
RtlWow64IsWowGuestMachineSupported
RtlCreateAcl
RtlInitUnicodeStringEx
NtQueryLicenseValue
RtlEqualUnicodeString
RtlUpcaseUnicodeChar
NtSetSecurityObject
NtQueryInformationProcess
RtlpEnsureBufferSize
RtlAddProcessTrustLabelAce
RtlAddAce
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtPathNameToDosPathName

combase

ord153
GetErrorInfo

staterepository.core

sqlite3_column_type
sqlite3_column_blob
sqlite3_user_data
sqlite3_column_text16
sqlite3_db_handle
sqlite3_create_function_v2
sqlite3_errcode
sqlite3_column_bytes
sqlite3_column_text
sqlite3_column_int64
sqlite3_column_int
sqlite3_bind_blob
sqlite3_result_error_nomem
sqlite3_result_error16
sqlite3_bind_text16
sqlite3_reset
sqlite3_step
sqlite3_result_error_code
sqlite3_initialize
sqlite3_result_int64
sqlite3_sql
sqlite3_close
sqlite3_errmsg
sqlite3_log
sqlite3_shutdown
sqlite3_enable_shared_cache
sqlite3_result_int
sqlite3_config
sqlite3_trace
sqlite3_open_v2
sqlite3_profile
sqlite3_extended_errcode
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_bind_null
sqlite3_next_stmt
sqlite3_clear_bindings
sqlite3_exec
sqlite3_stmt_busy
sqlite3_db_status
sqlite3_busy_timeout
sqlite3_file_control
sqlite3_value_type
sqlite3_value_text16
sqlite3_extended_result_codes
sqlite3_value_int
sqlite3_snprintf
sqlite3_get_autocommit
sqlite3_expanded_sql
sqlite3_status
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_db_filename
sqlite3_value_int64
sqlite3_prepare_v2
sqlite3_db_config
sqlite3_wal_autocheckpoint
sqlite3_finalize
sqlite3_wal_checkpoint_v2
sqlite3_free
sqlite3_changes
sqlite3_value_blob
sqlite3_result_blob
sqlite3_last_insert_rowid
sqlite3_malloc
sqlite3_value_bytes
sqlite3_result_text16

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
WakeByAddressAll
WaitOnAddress

api-ms-win-core-synch-l1-1-0

ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
WaitForSingleObject
ReleaseSRWLockShared
InitializeCriticalSectionEx
CancelWaitableTimer
CreateMutexExW
AcquireSRWLockShared
ResetEvent
LeaveCriticalSection
DeleteCriticalSection
SetEvent
CreateEventExW
InitializeSRWLock
CreateSemaphoreExW
EnterCriticalSection
CreateEventW
OpenEventW
SetWaitableTimer
CreateWaitableTimerExW
ReleaseSemaphore
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl
EventProviderEnabled

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpool
SetThreadpoolThreadMaximum
CloseThreadpoolTimer
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SubmitThreadpoolWork
SetThreadpoolThreadMinimum
CreateThreadpool
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolCleanupGroup
CreateThreadpoolWork
CloseThreadpoolWork
TrySubmitThreadpoolCallback

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
SetThreadToken
GetCurrentThread
OpenThreadToken
OpenThread
SetThreadPriority
ExitProcess
TerminateProcess
GetCurrentProcess
ResumeThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
OpenProcessToken
InitializeProcThreadAttributeList
CreateProcessAsUserW
GetExitCodeProcess
UpdateProcThreadAttribute

api-ms-win-core-localization-l1-2-0

LCMapStringEx
GetSystemPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetVersionExW
GetSystemInfo
GetTickCount
GetTickCount64
GetWindowsDirectoryW
GetSystemDirectoryW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-file-l1-1-0

CreateDirectoryW
RemoveDirectoryW
GetFileTime
GetFileAttributesW
FlushFileBuffers
GetFileAttributesExW
GetVolumeInformationW
GetFileType
FindNextFileW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
GetVolumePathNameW
GetFileSizeEx
CompareFileTime
FindFirstFileW
FindClose
ReadFile
GetFinalPathNameByHandleW
GetVolumeInformationByHandleW
GetDriveTypeW
CreateFileW
SetFileInformationByHandle
GetTempFileNameW
SetFilePointer
DeleteFileW
SetFileAttributesW
FindFirstFileExW
WriteFile

api-ms-win-core-registry-l1-1-0

RegLoadAppKeyW
RegQueryInfoKeyW
RegEnumValueW
RegSetKeySecurity
RegGetKeySecurity
RegOpenCurrentUser
RegOpenUserClassesRoot
RegDeleteKeyExW
RegGetValueW
RegDeleteTreeW
RegFlushKey
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
SetSecurityAccessMask
CreatePrivateObjectSecurityEx
AllocateAndInitializeSid
GetFileSecurityW
AccessCheck
IsValidSecurityDescriptor
AddAccessAllowedAce
GetAce
DestroyPrivateObjectSecurity
GetSecurityDescriptorSacl
FreeSid
CreateRestrictedToken
InitializeAcl
AddAccessAllowedAceEx
DeleteAce
SetTokenInformation
SetSecurityDescriptorControl
CheckTokenMembership
ImpersonateSelf
MakeSelfRelativeSD
SetSecurityDescriptorGroup
GetSidSubAuthority
AdjustTokenPrivileges
DuplicateTokenEx
GetSidSubAuthorityCount
ImpersonateLoggedOnUser
EqualSid
GetSecurityDescriptorOwner
RevertToSelf
IsWellKnownSid
IsValidSid
DuplicateToken
CopySid
GetLengthSid
CreateWellKnownSid
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathStripPathW
PathFileExistsW
PathFindNextComponentW
PathGetDriveNumberW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

rpcrt4

RpcServerUseProtseqW
RpcStringFreeW
RpcServerUseProtseqEpW
UuidToStringW
RpcServerRegisterIf3
RpcServerRegisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcEpUnregister
RpcServerUnregisterIf
UuidFromStringW
UuidCreate
I_RpcExceptionFilter
RpcImpersonateClient
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncCompleteCall
RpcRaiseException
NdrServerCall2
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall
NdrClientCall3
RpcBindingFree
RpcBindingVectorFree
RpcServerInqCallAttributesW
RpcRevertToSelf
RpcBindingBind
RpcBindingCreateW

api-ms-win-core-url-l1-1-0

UrlCreateFromPathW
PathCreateFromUrlW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchCombine
PathAllocCombine
PathAllocCanonicalize
PathCchAppend
PathCchSkipRoot
PathCchRemoveFileSpec

api-ms-win-core-file-l2-1-0

CreateSymbolicLinkW
CreateHardLinkW
MoveFileExW
CopyFileExW
GetFileInformationByHandleEx

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult
CancelIoEx

api-ms-win-core-memory-l1-1-0

VirtualAlloc
UnmapViewOfFile
VirtualProtect
MapViewOfFile
CreateFileMappingW
VirtualFree

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32EnumProcesses

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetTempPathW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountSidW

api-ms-win-core-file-l1-2-2

FindNextFileNameW
FindFirstFileNameW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrRChrW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

mrmdeploy

GetOrCreatePriFileForAvailablePackages

mrmcorer

GetMergedSystemPriEx

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

AddToPurgeList
AppXApplyTrustLabelToFolder
AppXSetTrustLabelOnPackage
CancelDeploymentImplementation
CreateCanonicalPriFileImplementation
CreateWnfStateNameImplementation
EnumPackagesByUserSidInternal
EnumPackagesByUserSidNamePublisherInternal
EnumPackagesByUserSidPackageFamilyNameInternal
EnumProvisionedPackagesInternal
EnumVisibilityByPackageFullNameInternal
FindPackageByUserSidPackageFullNameInternal
GenerateBytecodeForPackageImplementation
GenerateBytecodeForPackagesImplementation
GetApplicability5Implementation
GetApplicabilityImplementation
GetDeploymentError
GetPackageFilesDiskUsageImplementation
GetPackageFilesDiskUsagePerVolumeImplementation
GetSessionIdsOwnedByUser
IsPackageInstalledInternal
MergeSystemResourceFilesImplementation
PackageRepositoryAllocate
PackageRepositoryFree
PackageStatusOperationImplementation
PackageVolumeStatusImplementation
RDSRecoverRequestsImplementation
RepairResourcesPriAclsImplementation
RequestPackageOperationImplementation
ServerSideRequestContentGroupsImplementation
ServiceMain
SetDeploymentError
SetPackageStatusBlockingForUserImplementation
SetPackageStatusBlockingImplementation
StartDeploymentImplementation
SvchostPushServiceGlobals

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 806KB - Virtual size: 806KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppXDeploymentServer.dll
.dll windows:10 windows x64 arch:x64

9fe26bd9a4c2fdc391fcba32854390b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxDeploymentServer.pdb

Imports

api-ms-win-crt-string-l1-1-0

strcmp
wcscmp
memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__ui64tow_s
_o__ultow_s
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wtoi
_o_calloc
memmove
_o_free
_o_malloc
_o_qsort
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
wcsstr
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o___std_exception_destroy
_o___std_exception_copy
strchr
wcsrchr
wcschr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

ntdll

RtlDetermineDosPathNameType_U
RtlConvertSidToUnicodeString
RtlLengthSid
NtQueryInformationToken
RtlCopySid
NtSetInformationVirtualMemory
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReportException
NtQuerySystemInformation
RtlInitializeCriticalSection
NtFsControlFile
NtSetInformationFile
RtlExpandEnvironmentStrings
RtlReleaseRelativeName
NtOpenFile
NtQuerySecurityObject
RtlGetAppContainerNamedObjectPath
NtCreateFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDeleteFunctionTable
RtlAddFunctionTable
NtCreateWnfStateName
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtOpenDirectoryObject
RtlDeleteCriticalSection
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
RtlDeleteSecurityObject
NtAccessCheck
RtlCreateAndSetSD
RtlEqualSid
RtlAllocateAndInitializeSid
RtlIsStateSeparationEnabled
RtlQueryPackageClaims
ZwFlushBuffersFileEx
RtlAllocateHeap
RtlDeriveCapabilitySidsFromName
RtlFreeSid
NtUnmapViewOfSection
NtMapViewOfSection
RtlNtStatusToDosErrorNoTeb
NtCreateSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
NtClose
RtlIsGenericTableEmptyAvl
RtlDowncaseUnicodeString
NtDeleteWnfStateName
NtSetInformationThread
NtQueryInformationThread
RtlFreeUnicodeString
NtQueryInformationFile
RtlGetPersistedStateLocation
RtlValidSid
RtlWaitForWnfMetaNotification
RtlSetSaclSecurityDescriptor
NtGetCachedSigningLevel
RtlIsMultiUsersInSessionSku
RtlNtStatusToDosError
RtlNumberGenericTableElementsAvl
RtlPublishWnfStateData
RtlFreeHeap
RtlLookupElementGenericTableAvl
NtCompareSigningLevels
RtlFindAceByType
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitUnicodeString
RtlCompareUnicodeString
RtlInitializeGenericTableAvl
RtlQueryWnfStateData
RtlEnumerateGenericTableWithoutSplayingAvl
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlCreateSecurityDescriptor
RtlWow64IsWowGuestMachineSupported
RtlCreateAcl
RtlInitUnicodeStringEx
NtQueryLicenseValue
RtlEqualUnicodeString
RtlUpcaseUnicodeChar
NtSetSecurityObject
NtQueryInformationProcess
RtlpEnsureBufferSize
RtlAddProcessTrustLabelAce
RtlAddAce
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtPathNameToDosPathName

combase

ord153
GetErrorInfo

staterepository.core

sqlite3_column_type
sqlite3_column_blob
sqlite3_user_data
sqlite3_column_text16
sqlite3_db_handle
sqlite3_create_function_v2
sqlite3_errcode
sqlite3_column_bytes
sqlite3_column_text
sqlite3_column_int64
sqlite3_column_int
sqlite3_bind_blob
sqlite3_result_error_nomem
sqlite3_result_error16
sqlite3_bind_text16
sqlite3_reset
sqlite3_step
sqlite3_result_error_code
sqlite3_initialize
sqlite3_result_int64
sqlite3_sql
sqlite3_close
sqlite3_errmsg
sqlite3_log
sqlite3_shutdown
sqlite3_enable_shared_cache
sqlite3_result_int
sqlite3_config
sqlite3_trace
sqlite3_open_v2
sqlite3_profile
sqlite3_extended_errcode
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_bind_null
sqlite3_next_stmt
sqlite3_clear_bindings
sqlite3_exec
sqlite3_stmt_busy
sqlite3_db_status
sqlite3_busy_timeout
sqlite3_file_control
sqlite3_value_type
sqlite3_value_text16
sqlite3_extended_result_codes
sqlite3_value_int
sqlite3_snprintf
sqlite3_get_autocommit
sqlite3_expanded_sql
sqlite3_status
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_db_filename
sqlite3_value_int64
sqlite3_prepare_v2
sqlite3_db_config
sqlite3_wal_autocheckpoint
sqlite3_finalize
sqlite3_wal_checkpoint_v2
sqlite3_free
sqlite3_changes
sqlite3_value_blob
sqlite3_result_blob
sqlite3_last_insert_rowid
sqlite3_malloc
sqlite3_value_bytes
sqlite3_result_text16

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
WakeByAddressAll
WaitOnAddress

api-ms-win-core-synch-l1-1-0

ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
WaitForSingleObject
ReleaseSRWLockShared
InitializeCriticalSectionEx
CancelWaitableTimer
CreateMutexExW
AcquireSRWLockShared
ResetEvent
LeaveCriticalSection
DeleteCriticalSection
SetEvent
CreateEventExW
InitializeSRWLock
CreateSemaphoreExW
EnterCriticalSection
CreateEventW
OpenEventW
SetWaitableTimer
CreateWaitableTimerExW
ReleaseSemaphore
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl
EventProviderEnabled

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpool
SetThreadpoolThreadMaximum
CloseThreadpoolTimer
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SubmitThreadpoolWork
SetThreadpoolThreadMinimum
CreateThreadpool
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolCleanupGroup
CreateThreadpoolWork
CloseThreadpoolWork
TrySubmitThreadpoolCallback

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
SetThreadToken
GetCurrentThread
OpenThreadToken
OpenThread
SetThreadPriority
ExitProcess
TerminateProcess
GetCurrentProcess
ResumeThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
OpenProcessToken
InitializeProcThreadAttributeList
CreateProcessAsUserW
GetExitCodeProcess
UpdateProcThreadAttribute

api-ms-win-core-localization-l1-2-0

LCMapStringEx
GetSystemPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetVersionExW
GetSystemInfo
GetTickCount
GetTickCount64
GetWindowsDirectoryW
GetSystemDirectoryW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-file-l1-1-0

CreateDirectoryW
RemoveDirectoryW
GetFileTime
GetFileAttributesW
FlushFileBuffers
GetFileAttributesExW
GetVolumeInformationW
GetFileType
FindNextFileW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
GetVolumePathNameW
GetFileSizeEx
CompareFileTime
FindFirstFileW
FindClose
ReadFile
GetFinalPathNameByHandleW
GetVolumeInformationByHandleW
GetDriveTypeW
CreateFileW
SetFileInformationByHandle
GetTempFileNameW
SetFilePointer
DeleteFileW
SetFileAttributesW
FindFirstFileExW
WriteFile

api-ms-win-core-registry-l1-1-0

RegLoadAppKeyW
RegQueryInfoKeyW
RegEnumValueW
RegSetKeySecurity
RegGetKeySecurity
RegOpenCurrentUser
RegOpenUserClassesRoot
RegDeleteKeyExW
RegGetValueW
RegDeleteTreeW
RegFlushKey
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
SetSecurityAccessMask
CreatePrivateObjectSecurityEx
AllocateAndInitializeSid
GetFileSecurityW
AccessCheck
IsValidSecurityDescriptor
AddAccessAllowedAce
GetAce
DestroyPrivateObjectSecurity
GetSecurityDescriptorSacl
FreeSid
CreateRestrictedToken
InitializeAcl
AddAccessAllowedAceEx
DeleteAce
SetTokenInformation
SetSecurityDescriptorControl
CheckTokenMembership
ImpersonateSelf
MakeSelfRelativeSD
SetSecurityDescriptorGroup
GetSidSubAuthority
AdjustTokenPrivileges
DuplicateTokenEx
GetSidSubAuthorityCount
ImpersonateLoggedOnUser
EqualSid
GetSecurityDescriptorOwner
RevertToSelf
IsWellKnownSid
IsValidSid
DuplicateToken
CopySid
GetLengthSid
CreateWellKnownSid
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathStripPathW
PathFileExistsW
PathFindNextComponentW
PathGetDriveNumberW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

rpcrt4

RpcServerUseProtseqW
RpcStringFreeW
RpcServerUseProtseqEpW
UuidToStringW
RpcServerRegisterIf3
RpcServerRegisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcEpUnregister
RpcServerUnregisterIf
UuidFromStringW
UuidCreate
I_RpcExceptionFilter
RpcImpersonateClient
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncCompleteCall
RpcRaiseException
NdrServerCall2
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall
NdrClientCall3
RpcBindingFree
RpcBindingVectorFree
RpcServerInqCallAttributesW
RpcRevertToSelf
RpcBindingBind
RpcBindingCreateW

api-ms-win-core-url-l1-1-0

UrlCreateFromPathW
PathCreateFromUrlW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchCombine
PathAllocCombine
PathAllocCanonicalize
PathCchAppend
PathCchSkipRoot
PathCchRemoveFileSpec

api-ms-win-core-file-l2-1-0

CreateSymbolicLinkW
CreateHardLinkW
MoveFileExW
CopyFileExW
GetFileInformationByHandleEx

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult
CancelIoEx

api-ms-win-core-memory-l1-1-0

VirtualAlloc
UnmapViewOfFile
VirtualProtect
MapViewOfFile
CreateFileMappingW
VirtualFree

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32EnumProcesses

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetTempPathW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountSidW

api-ms-win-core-file-l1-2-2

FindNextFileNameW
FindFirstFileNameW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrRChrW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

mrmdeploy

GetOrCreatePriFileForAvailablePackages

mrmcorer

GetMergedSystemPriEx

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

AddToPurgeList
AppXApplyTrustLabelToFolder
AppXSetTrustLabelOnPackage
CancelDeploymentImplementation
CreateCanonicalPriFileImplementation
CreateWnfStateNameImplementation
EnumPackagesByUserSidInternal
EnumPackagesByUserSidNamePublisherInternal
EnumPackagesByUserSidPackageFamilyNameInternal
EnumProvisionedPackagesInternal
EnumVisibilityByPackageFullNameInternal
FindPackageByUserSidPackageFullNameInternal
GenerateBytecodeForPackageImplementation
GenerateBytecodeForPackagesImplementation
GetApplicability5Implementation
GetApplicabilityImplementation
GetDeploymentError
GetPackageFilesDiskUsageImplementation
GetPackageFilesDiskUsagePerVolumeImplementation
GetSessionIdsOwnedByUser
IsPackageInstalledInternal
MergeSystemResourceFilesImplementation
PackageRepositoryAllocate
PackageRepositoryFree
PackageStatusOperationImplementation
PackageVolumeStatusImplementation
RDSRecoverRequestsImplementation
RepairResourcesPriAclsImplementation
RequestPackageOperationImplementation
ServerSideRequestContentGroupsImplementation
ServiceMain
SetDeploymentError
SetPackageStatusBlockingForUserImplementation
SetPackageStatusBlockingImplementation
StartDeploymentImplementation
SvchostPushServiceGlobals

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 806KB - Virtual size: 806KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppxPackaging — копия.dll
.dll windows:10 windows x64 arch:x64

3ea4d1f3648ea8af78604006a7198bd1

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:30

Not After

03-03-2021 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:46:93:6e:28:3b:49:15:3a:dc:42:47:08:0b:78:da:fa:85:d8:fd:72:39:ba:a8:9f:76:4c:9a:13:b0:08:28
Signer

Actual PE Digest

b4:46:93:6e:28:3b:49:15:3a:dc:42:47:08:0b:78:da:fa:85:d8:fd:72:39:ba:a8:9f:76:4c:9a:13:b0:08:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxPackaging.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__strnicmp
memmove
_o__wcsicmp
_o__wcsnicmp
_o_free
_o_malloc
_o_qsort
_o_towlower
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_terminate
wcschr
wcsrchr
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__wcslwr
memcmp
wcsstr
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsncmp

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister
EventActivityIdControl

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
GetExitCodeProcess
TlsGetValue
TlsSetValue
CreateProcessW
GetCurrentThread
TlsAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
ReleaseMutex
CreateMutexExW
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObject
CreateEventW
ReleaseSRWLockShared
AcquireSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-libraryloader-l1-1-0

LockResource
LoadLibraryExW
GetModuleHandleExW
FindStringOrdinal
GetModuleHandleW
LoadLibraryExA
GetProcAddress
SizeofResource
LoadResource
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetLocalTime
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlConvertSidToUnicodeString
RtlNtStatusToDosError
RtlSetBits
RtlIsGenericTableEmptyAvl
RtlFreeSid
RtlDowncaseUnicodeString
RtlAllocateAndInitializeSid
RtlFreeUnicodeString
RtlNumberGenericTableElementsAvl
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlSetLastWin32Error
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlReportException
NtQuerySystemInformation
RtlInitializeBitMap
RtlClearAllBits

opcservices

ord16
ord4
ord7
ord8
ord11
ord10
ord12
ord9
ord15

urlmon

CreateUri

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-com-l1-1-0

CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateGuid

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
GetSidSubAuthority
GetSidSubAuthorityCount
RevertToSelf

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
DeleteFileW
CreateFileW
GetFullPathNameW
DeleteFileA

api-ms-win-core-string-l1-1-0

CompareStringEx
CompareStringW
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime
DosDateTimeToFileTime
FindResourceW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SysAllocString
SysFreeString
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
VariantInit
SysStringLen
GetErrorInfo

xmllite

CreateXmlReader

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 793KB - Virtual size: 793KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 638KB - Virtual size: 638KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/AppxPackaging.dll
.dll windows:10 windows x64 arch:x64

3ea4d1f3648ea8af78604006a7198bd1

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:30

Not After

03-03-2021 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:46:93:6e:28:3b:49:15:3a:dc:42:47:08:0b:78:da:fa:85:d8:fd:72:39:ba:a8:9f:76:4c:9a:13:b0:08:28
Signer

Actual PE Digest

b4:46:93:6e:28:3b:49:15:3a:dc:42:47:08:0b:78:da:fa:85:d8:fd:72:39:ba:a8:9f:76:4c:9a:13:b0:08:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxPackaging.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__strnicmp
memmove
_o__wcsicmp
_o__wcsnicmp
_o_free
_o_malloc
_o_qsort
_o_towlower
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_terminate
wcschr
wcsrchr
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__wcslwr
memcmp
wcsstr
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsncmp

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister
EventActivityIdControl

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
GetExitCodeProcess
TlsGetValue
TlsSetValue
CreateProcessW
GetCurrentThread
TlsAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
ReleaseMutex
CreateMutexExW
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObject
CreateEventW
ReleaseSRWLockShared
AcquireSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-libraryloader-l1-1-0

LockResource
LoadLibraryExW
GetModuleHandleExW
FindStringOrdinal
GetModuleHandleW
LoadLibraryExA
GetProcAddress
SizeofResource
LoadResource
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetLocalTime
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlConvertSidToUnicodeString
RtlNtStatusToDosError
RtlSetBits
RtlIsGenericTableEmptyAvl
RtlFreeSid
RtlDowncaseUnicodeString
RtlAllocateAndInitializeSid
RtlFreeUnicodeString
RtlNumberGenericTableElementsAvl
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlSetLastWin32Error
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlReportException
NtQuerySystemInformation
RtlInitializeBitMap
RtlClearAllBits

opcservices

ord16
ord4
ord7
ord8
ord11
ord10
ord12
ord9
ord15

urlmon

CreateUri

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-com-l1-1-0

CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateGuid

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
GetSidSubAuthority
GetSidSubAuthorityCount
RevertToSelf

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
DeleteFileW
CreateFileW
GetFullPathNameW
DeleteFileA

api-ms-win-core-string-l1-1-0

CompareStringEx
CompareStringW
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime
DosDateTimeToFileTime
FindResourceW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SysAllocString
SysFreeString
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
VariantInit
SysStringLen
GetErrorInfo

xmllite

CreateXmlReader

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 793KB - Virtual size: 793KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 638KB - Virtual size: 638KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/WdfCoInstaller01009 — копия.dll
.dll windows:6 windows x64 arch:x64

70497fec79daa5f71de3b34faee686a5

Code Sign

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11-10-2005 21:55

Not After

26-04-2010 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:02:a4:e9:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-04-2009 05:58

Not After

26-04-2010 07:00

Subject

CN=Microsoft Windows Component Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:63:99:fa:ac:b9:fc:49:f3:cf:78:bf:c3:d9:f2:f4:63:e5:01:2e
Signer

Actual PE Digest

05:63:99:fa:ac:b9:fc:49:f3:cf:78:bf:c3:d9:f2:f4:63:e5:01:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WdfCoInstaller01009.pdb

Imports

msvcrt

memset
memcpy
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
_ultow
malloc
_wcsnicmp
free
_wtoi
_wcsicmp
_stricmp
_vsnwprintf

setupapi

SetupDiSetDeviceInstallParamsW
SetupCloseLog
SetupOpenInfFileW
SetupCloseInfFile
CM_Set_DevNode_Problem_Ex
SetupDiGetDeviceInstallParamsW
SetupLogErrorW
SetupOpenLog
SetupDiGetActualSectionToInstallW
SetupFindNextMatchLineW
SetupDiGetSelectedDriverW
SetupGetStringFieldW
SetupPromptReboot
SetupFindFirstLineW
SetupGetLineCountW
SetupDiGetDriverInfoDetailW

kernel32

GetModuleFileNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
LoadLibraryExW
ExpandEnvironmentStringsW
GetFileInformationByHandle
DeleteFileW
CloseHandle
FindNextFileW
RemoveDirectoryW
LockResource
GetLocalTime
FindClose
SetLastError
CreateFileW
FileTimeToSystemTime
TerminateProcess
GetExitCodeProcess
FormatMessageW
SizeofResource
WriteFile
OutputDebugStringW
WaitForSingleObject
CreateDirectoryW
CreateProcessW
LoadResource
FindResourceW
FindFirstFileW
LoadLibraryW
WideCharToMultiByte
FreeLibrary
lstrlenA
LocalFree
GetWindowsDirectoryW
LocalAlloc
GlobalFree
GetProcAddress
GetLastError
VerifyVersionInfoW
GetModuleHandleW
VerSetConditionMask

advapi32

DeleteService
OpenSCManagerW
QueryServiceConfigW
ChangeServiceConfigW
RegFlushKey
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
CloseServiceHandle
QueryServiceStatusEx
RegQueryValueExW
OpenServiceW

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

shell32

CommandLineToArgvW

user32

LoadStringW
IsCharAlphaNumericW
IsCharAlphaW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceInstallEx
WdfPreDeviceRemove

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/WdfCoInstaller01009.dll
.dll windows:6 windows x64 arch:x64

70497fec79daa5f71de3b34faee686a5

Code Sign

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11-10-2005 21:55

Not After

26-04-2010 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:02:a4:e9:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-04-2009 05:58

Not After

26-04-2010 07:00

Subject

CN=Microsoft Windows Component Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:63:99:fa:ac:b9:fc:49:f3:cf:78:bf:c3:d9:f2:f4:63:e5:01:2e
Signer

Actual PE Digest

05:63:99:fa:ac:b9:fc:49:f3:cf:78:bf:c3:d9:f2:f4:63:e5:01:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WdfCoInstaller01009.pdb

Imports

msvcrt

memset
memcpy
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
_ultow
malloc
_wcsnicmp
free
_wtoi
_wcsicmp
_stricmp
_vsnwprintf

setupapi

SetupDiSetDeviceInstallParamsW
SetupCloseLog
SetupOpenInfFileW
SetupCloseInfFile
CM_Set_DevNode_Problem_Ex
SetupDiGetDeviceInstallParamsW
SetupLogErrorW
SetupOpenLog
SetupDiGetActualSectionToInstallW
SetupFindNextMatchLineW
SetupDiGetSelectedDriverW
SetupGetStringFieldW
SetupPromptReboot
SetupFindFirstLineW
SetupGetLineCountW
SetupDiGetDriverInfoDetailW

kernel32

GetModuleFileNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
LoadLibraryExW
ExpandEnvironmentStringsW
GetFileInformationByHandle
DeleteFileW
CloseHandle
FindNextFileW
RemoveDirectoryW
LockResource
GetLocalTime
FindClose
SetLastError
CreateFileW
FileTimeToSystemTime
TerminateProcess
GetExitCodeProcess
FormatMessageW
SizeofResource
WriteFile
OutputDebugStringW
WaitForSingleObject
CreateDirectoryW
CreateProcessW
LoadResource
FindResourceW
FindFirstFileW
LoadLibraryW
WideCharToMultiByte
FreeLibrary
lstrlenA
LocalFree
GetWindowsDirectoryW
LocalAlloc
GlobalFree
GetProcAddress
GetLastError
VerifyVersionInfoW
GetModuleHandleW
VerSetConditionMask

advapi32

DeleteService
OpenSCManagerW
QueryServiceConfigW
ChangeServiceConfigW
RegFlushKey
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
CloseServiceHandle
QueryServiceStatusEx
RegQueryValueExW
OpenServiceW

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

shell32

CommandLineToArgvW

user32

LoadStringW
IsCharAlphaNumericW
IsCharAlphaW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceInstallEx
WdfPreDeviceRemove

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/netaapl64 — копия.sys
.sys windows:6 windows x64 arch:x64

ab32f637d167f07f2c0fd77c247d0f15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\bwa\appleembeddedusbethernetdriverwin-1.8.5\srcroot\netaapl\objfre_win7_amd64\amd64\netaapl64.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
ExFreePoolWithTag
ExAllocatePoolWithTag
MmMapLockedPagesSpecifyCache
ExInterlockedRemoveHeadList
ExInterlockedInsertTailList
IoFreeMdl
KeInitializeEvent
RtlCopyUnicodeString
KeAcquireSpinLockRaiseToDpc
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
KeReleaseSpinLock

ndis.sys

NdisAllocatePacket
NdisAllocatePacketPool
NdisFreeMemory
NdisReadNetworkAddress
NdisCloseConfiguration
NdisInitializeEvent
NdisFreePacketPool
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisAllocateMemoryWithTag
NdisAllocateBuffer
NdisReadConfiguration
NdisFreeBufferPool
NdisGetVersion
NdisMSleep
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisSetEvent
NdisWaitEvent
NdisInitializeWrapper
NdisMSetAttributesEx
NdisTerminateWrapper
NdisMGetDeviceProperty
NdisFreePacket
NdisOpenConfiguration
NdisAllocateBufferPool

usbd.sys

USBD_ParseConfigurationDescriptorEx

wdfldr.sys

WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionUnbind

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/netaapl64.sys
.sys windows:6 windows x64 arch:x64

ab32f637d167f07f2c0fd77c247d0f15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\bwa\appleembeddedusbethernetdriverwin-1.8.5\srcroot\netaapl\objfre_win7_amd64\amd64\netaapl64.pdb

Imports

ntoskrnl.exe

KeBugCheckEx
ExFreePoolWithTag
ExAllocatePoolWithTag
MmMapLockedPagesSpecifyCache
ExInterlockedRemoveHeadList
ExInterlockedInsertTailList
IoFreeMdl
KeInitializeEvent
RtlCopyUnicodeString
KeAcquireSpinLockRaiseToDpc
IoGetDeviceProperty
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
KeReleaseSpinLock

ndis.sys

NdisAllocatePacket
NdisAllocatePacketPool
NdisFreeMemory
NdisReadNetworkAddress
NdisCloseConfiguration
NdisInitializeEvent
NdisFreePacketPool
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisAllocateMemoryWithTag
NdisAllocateBuffer
NdisReadConfiguration
NdisFreeBufferPool
NdisGetVersion
NdisMSleep
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisSetEvent
NdisWaitEvent
NdisInitializeWrapper
NdisMSetAttributesEx
NdisTerminateWrapper
NdisMGetDeviceProperty
NdisFreePacket
NdisOpenConfiguration
NdisAllocateBufferPool

usbd.sys

USBD_ParseConfigurationDescriptorEx

wdfldr.sys

WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionUnbind

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: 2025

Password: 2025

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 33KB - Virtual size: 33KB

.rsrc Size: 1024B - Virtual size: 578B

.reloc Size: 512B - Virtual size: 12B

.bss Size: 315KB - Virtual size: 315KB

Password: 2025

270642aa6474164b0a1497c1ca748de6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

b1:db:0b:3c:1b:c0:47:61:20:1a:91:f1:b4:43:e2:a5:f2:34:11:85:77:67:8a:c5:4a:dc:cd:78:b7:12:01:d5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

mfplat

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

advapi32

ole32

propsys

oleaut32

api-ms-win-core-winrt-l1-1-0

winmm

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 9KB - Virtual size: 27KB

.pdata Size: 28KB - Virtual size: 28KB

.00cfg Size: 512B - Virtual size: 40B

.gxfg Size: 9KB - Virtual size: 9KB

.retplne Size: 512B - Virtual size: 108B

.tls Size: 512B - Virtual size: 385B

.voltbl Size: 512B - Virtual size: 68B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

Password: 2025

2a4071d3cc2ae49d2dc443ff80fcde47

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

11:aa:39:d2:2b:8c:65:23:3e:9b:9d:2e:ef:48:8a:e5:ed:55:c9:21:b2:1c:53:2f:0c:47:2b:ed:c6:d5:3f:37Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 1024B - Virtual size: 578B

.reloc
Size: 512B - Virtual size: 12B

.bss
Size: 315KB - Virtual size: 315KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b1:db:0b:3c:1b:c0:47:61:20:1a:91:f1:b4:43:e2:a5:f2:34:11:85:77:67:8a:c5:4a:dc:cd:78:b7:12:01:d5
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 9KB - Virtual size: 27KB

.pdata
Size: 28KB - Virtual size: 28KB

.00cfg
Size: 512B - Virtual size: 40B

.gxfg
Size: 9KB - Virtual size: 9KB

.retplne
Size: 512B - Virtual size: 108B

.tls
Size: 512B - Virtual size: 385B

.voltbl
Size: 512B - Virtual size: 68B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

11:aa:39:d2:2b:8c:65:23:3e:9b:9d:2e:ef:48:8a:e5:ed:55:c9:21:b2:1c:53:2f:0c:47:2b:ed:c6:d5:3f:37
Signer

.text
Size: 820KB - Virtual size: 819KB

.rdata
Size: 318KB - Virtual size: 317KB

.data
Size: 28KB - Virtual size: 32KB

.pdata
Size: 32KB - Virtual size: 32KB

.detourd
Size: 512B - Virtual size: 24B

.detourc
Size: 8KB - Virtual size: 8KB

.mrdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

11:aa:39:d2:2b:8c:65:23:3e:9b:9d:2e:ef:48:8a:e5:ed:55:c9:21:b2:1c:53:2f:0c:47:2b:ed:c6:d5:3f:37
Signer

.text
Size: 820KB - Virtual size: 819KB

.rdata
Size: 318KB - Virtual size: 317KB

.data
Size: 28KB - Virtual size: 32KB

.pdata
Size: 32KB - Virtual size: 32KB

.detourd
Size: 512B - Virtual size: 24B

.detourc
Size: 8KB - Virtual size: 8KB

.mrdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB