babbleloader | XmS[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

XmS.rar
Size

18.7MB
MD5

28dc30f2e79db47b9ac7c978b5e2b90f
SHA1

850f29689f9afe170e204e24b5bc9caa517d4efd
SHA256

c09fc91505605c78df87ecfb27233d9f34acca79dc3555683755cabe65f497e5
SHA512

00a3ac46a48af625b0e4c9f41e1f24068059168802eb7c86ec90c8276d53083d20ef132e568150640c6f3f8b130d213659e5f10b3dcc64435969a032e3a2dcb0
SSDEEP

393216:rjXHYBQorHnPWC7KXkXNxn954tzE4LiZn4ow6XSiB0h7rhr/KD9oqUsKW:rDH3YH7OENx9549E4LiZn4ow6XzBknhS

Score

10^/10

babbleloader

Malware Config

Signatures

Babbleloader family
babbleloader

Detects BabbleLoader Payload 1 IoCs

resource	yara_rule
static1/unpack001/RUN.exe	family_babbleloader

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DICTS/mshwchtrIME.dll
unpack001/RUN.exe
unpack001/mscorlib/SettingsHandlers_InputPersonalization.dll
unpack001/mscorlib/SettingsHandlers_ManagePhone.dll
unpack001/mscorlib/SettingsHandlers_WorkAccess.dll
unpack001/mscorlib/SettingsHandlers_nt.dll
unpack001/mshwkorrIME.dll
unpack001/twain_32.dll
unpack001/wrpintapi.dll

Files

XmS.rar
.rar

Password: 2024
0FC343C0.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

482ab440211976ea17ec54e3ce97e53d

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:06:22:26:1f:ee:f9:26:5d:26:d2:90:b9:f6:6b:3e:d3:12:9f:16:11:0e:8c:d6:25:ac:11:4b:c4:d6:bd:f9
Signer

Actual PE Digest

3e:06:22:26:1f:ee:f9:26:5d:26:d2:90:b9:f6:6b:3e:d3:12:9f:16:11:0e:8c:d6:25:ac:11:4b:c4:d6:bd:f9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

imm32.pdb

Imports

user32

GetKeyboardLayout
IsWindow
SendMessageW
WCSToMBEx
PostMessageA
PostMessageW
SendMessageA
GetWindowThreadProcessId
GetKeyboardLayoutList
GetClassInfoW
LoadKeyboardLayoutW
GetFocus
GetActiveWindow
User32InitializeImmEntryTable
CharUpperW
UnloadKeyboardLayout
ord2521
LoadBitmapW
SetWindowLongPtrW
GetClientRect
GetDC
ReleaseDC
GetWindowLongPtrW
GetWindow
DrawTextExW
GetSystemMetrics
GetWindowRect
SetCapture
MessageBeep
SetCursor
LoadCursorW
GetCursorPos
ScreenToClient
ReleaseCapture
SetWindowPos
keybd_event
BeginPaint
EndPaint
DefWindowProcW
InvalidateRect
DrawEdge
GetCapture
GetParent
GetClassInfoExW
LoadIconW
RegisterClassExW
SystemParametersInfoW
MonitorFromWindow
GetMonitorInfoW
MapVirtualKeyW
CreateWindowExW
ShowWindow
UpdateWindow
DestroyWindow
GetKeyboardState
ToUnicode
ToAsciiEx
ClientToScreen
MapWindowPoints
GetForegroundWindow
IsWindowUnicode
CharNextA
CharNextW
GetDesktopWindow
SendMessageTimeoutW

ntdll

RtlDllShutdownInProgress
RtlUnicodeStringToInteger
RtlUnicodeToMultiByteSize
RtlVirtualUnwind
RtlCaptureContext
RtlIntegerToUnicodeString
memcpy
memcmp
memset
RtlInitializeCriticalSection
__C_specific_handler
wcstol
RtlEnterCriticalSection
RtlLeaveCriticalSection
_vsnwprintf
_wcsicmp
RtlIsThreadWithinLoaderCallout
RtlLookupFunctionEntry
RtlSetLastWin32Error
NtQuerySystemInformation
RtlDeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
TerminateProcess
CreateThread
GetCurrentProcess

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalLock
GlobalAlloc
LocalUnlock
LocalAlloc
LocalReAlloc

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
IsDBCSLeadByteEx
GetThreadLocale
GetACP
GetSystemDefaultLCID
IsDBCSLeadByte

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleHandleExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-file-l1-1-0

GetFullPathNameW
CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-security-base-l1-1-0

FreeSid
CheckTokenMembership
AllocateAndInitializeSid

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

OpenFile

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpW
lstrlenW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalUnlock
GlobalLock
LocalFlags
LocalSize

api-ms-win-core-privateprofile-l1-1-0

GetProfileIntW

api-ms-win-core-appcompat-l1-1-0

BaseCheckAppcompatCache

win32u

NtUserSetAppImeLevel
NtUserGetAppImeLevel
NtUserGetImeInfoEx
NtUserUpdateInputContext
NtUserDisableThreadIme
NtUserSetThreadLayoutHandles
NtUserSetImeInfoEx
NtUserGetImeHotKey
NtUserBuildHimcList
NtUserQueryInputContext
NtUserNotifyIMEStatus
NtUserQueryWindow
NtUserAssociateInputContext
NtUserCallOneParam
NtUserValidateHandleSecure
NtUserGetThreadState
NtUserCreateInputContext
NtUserDestroyInputContext

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CtfImmAppCompatEnableIMEonProtectedCode
CtfImmCoUninitialize
CtfImmDispatchDefImeMessage
CtfImmEnterCoInitCountSkipMode
CtfImmGenerateMessage
CtfImmGetCompatibleKeyboardLayout
CtfImmGetGlobalIMEStatus
CtfImmGetGuidAtom
CtfImmGetIMEFileName
CtfImmGetTMAEFlags
CtfImmHideToolbarWnd
CtfImmIsCiceroEnabled
CtfImmIsCiceroStartedInThread
CtfImmIsComStartedInThread
CtfImmIsGuidMapEnable
CtfImmIsTextFrameServiceDisabled
CtfImmLastEnabledWndDestroy
CtfImmLeaveCoInitCountSkipMode
CtfImmNotify
CtfImmRestoreToolbarWnd
CtfImmSetAppCompatFlags
CtfImmSetCiceroStartInThread
CtfImmSetDefaultRemoteKeyboardLayout
CtfImmTIMActivate
GetKeyboardLayoutCP
ImmActivateLayout
ImmAssociateContext
ImmAssociateContextEx
ImmCallImeConsoleIME
ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmDisableIme
ImmDisableLegacyIME
ImmDisableTextFrameService
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmFreeLayout
ImmGenerateMessage
ImmGetAppCompatFlags
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmGetImeInfoEx
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmIMPGetIMEA
ImmIMPGetIMEW
ImmIMPQueryIMEA
ImmIMPQueryIMEW
ImmIMPSetIMEA
ImmIMPSetIMEW
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLoadIME
ImmLoadLayout
ImmLockClientImc
ImmLockIMC
ImmLockIMCC
ImmLockImeDpi
ImmNotifyIME
ImmProcessKey
ImmPutImeMenuItemsIntoMappedFile
ImmReSizeIMCC
ImmRegisterClient
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSendIMEMessageExA
ImmSendIMEMessageExW
ImmSetActiveContext
ImmSetActiveContextConsoleIME
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmSystemHandler
ImmTranslateMessage
ImmUnlockClientImc
ImmUnlockIMC
ImmUnlockIMCC
ImmUnlockImeDpi
ImmUnregisterWordA
ImmUnregisterWordW
ImmWINNLSEnableIME
ImmWINNLSGetEnableStatus
ImmWINNLSGetIMEHotkey

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
B7091C83.dll
.dll windows:5 windows x86 arch:x86

Password: 2024

d811d71710ad58776155b7a8da1fa9db

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:8d:45:d8:09:2f:ce:7d:83:51:fc:ac:cc:cb:5c:35
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

06/01/2023, 00:00

Not After

05/01/2026, 23:59

Subject

CN=SoftEther Corporation,O=SoftEther Corporation,ST=Ibaraki,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:8d:45:d8:09:2f:ce:7d:83:51:fc:ac:cc:cb:5c:35
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

06/01/2023, 00:00

Not After

05/01/2026, 23:59

Subject

CN=SoftEther Corporation,O=SoftEther Corporation,ST=Ibaraki,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:2c:73:70:89:f7:1d:34:a8:2c:2c:64:43:2e:d5:02:3b:da:7d:bb:77:d3:65:05:c0:83:20:24:4f:76:09:5b
Signer

Actual PE Digest

fd:2c:73:70:89:f7:1d:34:a8:2c:2c:64:43:2e:d5:02:3b:da:7d:bb:77:d3:65:05:c0:83:20:24:4f:76:09:5b

Digest Algorithm

sha256

PE Digest Matches

true

d8:43:8b:ae:65:fd:2d:6c:1d:2f:59:c9:07:da:65:04:8c:ae:aa:c1
Signer

Actual PE Digest

d8:43:8b:ae:65:fd:2d:6c:1d:2f:59:c9:07:da:65:04:8c:ae:aa:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\tmp\softether_build_dir\Main\DebugFiles\pdb\Win32_Release\PenCore.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CbsMsg.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

3a6fd3b46b76f3ce7178b2e11f50b05a

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:75:de:d0:b9:ac:94:38:c0:57:50:1c:5a:8a:d4:3b:fd:45:7a:05:ac:78:a3:da:a2:7c:5d:64:c8:c1:bc:c7
Signer

Actual PE Digest

3d:75:de:d0:b9:ac:94:38:c0:57:50:1c:5a:8a:d4:3b:fd:45:7a:05:ac:78:a3:da:a2:7c:5d:64:c8:c1:bc:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cbsmsg.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DICTS/mshwchtrIME.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PresentationCore/PresentationCore.dll
.dll windows:6 windows x86 arch:x86

Password: 2024

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:09

Not After

14/11/2024, 19:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:ca:31:93:6d:5d:76:77:e4:ac:c1:b2:59:02:02:22:99:b2:21:9f:8e:88:f6:b1:3f:c3:00:49:2c:3b:b2:66
Signer

Actual PE Digest

4f:ca:31:93:6d:5d:76:77:e4:ac:c1:b2:59:02:02:22:99:b2:21:9f:8e:88:f6:b1:3f:c3:00:49:2c:3b:b2:66

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PresentationCore.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PresentationCore/System.Data.dll
.dll windows:6 windows x86 arch:x86

Password: 2024

025065f1f653f3ecea3431275b0ac9ea

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b2:73:10:01:aa:6c:8c:0d:ec:b0:3b:a2:6d:7f:b0:35:83:6e:4b:4f:45:7c:4a:c6:b5:ed:80:35:d7:c0:de:d5
Signer

Actual PE Digest

b2:73:10:01:aa:6c:8c:0d:ec:b0:3b:a2:6d:7f:b0:35:83:6e:4b:4f:45:7c:4a:c6:b5:ed:80:35:d7:c0:de:d5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Data.pdb

Imports

advapi32

IsTokenRestricted
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
CryptDestroyKey
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCloseKey
RevertToSelf
RegQueryValueExW
ImpersonateNamedPipeClient

kernel32

GetDriveTypeW
GetFullPathNameW
OutputDebugStringW
VirtualQuery
GetModuleFileNameW
LoadLibraryW
lstrcpynW
lstrlenW
SystemTimeToFileTime
GlobalAlloc
Sleep
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
CreateSemaphoreA
GetLastError
SetLastError
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
ExpandEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
VerSetConditionMask
SearchPathW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
CreateEventW
WaitForMultipleObjects
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
CreateThread
GetTickCount
GetSystemDirectoryA
GetVersionExW
LoadLibraryA
GetComputerNameW
VerifyVersionInfoW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CompareStringW
CompareStringA
LCMapStringW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageA
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
CreateFileW
ReadFile
WriteFile
DisconnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
WaitNamedPipeW
GetOverlappedResult
SetFileCompletionNotificationModes
SetHandleInformation
CreateSemaphoreW
LCMapStringA
LCMapStringEx
CreateIoCompletionPort

vcruntime140_clr0400

_purecall
__std_type_info_destroy_list
strchr
wcschr
__current_exception_context
__current_exception
memcpy
__CxxFrameHandler3
memcmp
__FrameUnwindFilter
_except_handler4_common
__std_terminate
memmove
memset

ucrtbase_clr0400

__stdio_common_vsprintf
terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
free
_initterm_e
_atoi_l
_wcsnicmp_l
srand
atoi
_wdupenv_s
strncmp
_stricmp
_wcsicmp
_initterm
malloc
_callnewh
_wtoi_l
_wtoi
_wcsnicmp
wcsncmp
wcsncpy_s
wmemmove_s
__stdio_common_vswprintf
_wcsicmp_l
_errno
abort
_invalid_parameter_noinfo
_time64
wcsspn

ws2_32

WSAPoll
GetNameInfoW
__WSAFDIsSet
closesocket
htonl
htons
recv
select
sendto
setsockopt
socket
WSAStartup
WSACleanup
WSAGetLastError
WSAStringToAddressA
GetAddrInfoW
FreeAddrInfoW
bind
connect
getpeername
getsockname
ntohs
shutdown
WSAEnumProtocolsW
WSAIoctl
WSARecv
WSASend
WSAStringToAddressW

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

user32

CharNextW
CharNextExA
CharNextA

rpcrt4

UuidCreate

ole32

CoUninitialize
CoInitializeEx

mscoree

_CorDllMain

Exports

Exports

DllBidScopeEnterCW
DllBidTraceCW
_DllBidAssert@12
_DllBidCtlProc@24
_DllBidEnabledW@16
_DllBidEntryPoint@36
_DllBidFinalize@0
_DllBidIndent@8
_DllBidInitialize@0
_DllBidPutStrW@16
_DllBidScopeLeave@16
_DllBidSnap@16
_DllBidTouch@20

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sdbid
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RUN.exe
.exe windows:6 windows x64 arch:x64

Password: 2024

ae18b2b09a857feb4b3390408f106da3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindFirstVolumeW
FindNextVolumeW
FlushFileBuffers
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileAttributesW
GetFileSizeEx
GetLogicalDrives
GetLogicalDriveStringsW
GetShortPathNameW
GetVolumePathNameW
LockFileEx
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SetFileValidData
UnlockFile
WriteFile
GetQueuedCompletionStatus
CancelIo
SleepEx
GetProcessTimes
GetCurrentProcess
ExitProcess
SwitchToThread
GetCurrentThreadId
SetThreadPriority
SetThreadPriorityBoost
ExitThread
GetExitCodeThread
SuspendThread
ResumeThread
SetProcessShutdownParameters
GetStartupInfoW
GetProcessHandleCount
SetProcessPriorityBoost
GetThreadIOPendingFlag
SetThreadIdealProcessor
GetProcessShutdownParameters
SetProcessWorkingSetSize
QueueUserWorkItem
QueryInformationJobObject
SetProcessAffinityMask
SwitchToFiber
ConvertThreadToFiber
SetThreadAffinityMask
SetFileShortNameW
PrepareTape
SetTapeParameters
lstrcpynW
BackupSeek
CheckNameLegalDOS8Dot3W
MoveFileWithProgressW
SetVolumeLabelW
FindNextVolumeMountPointW
GetNumaProcessorNode
GetNumaAvailableMemoryNode
CompareStringW
GetStringTypeW
IsValidCodePage
GetCPInfo
FindFirstFileExW
GetLocaleInfoW
SetLocaleInfoW
IsValidLanguageGroup
EnumSystemGeoID
GetUserGeoID
SetUserGeoID
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetThreadLocale
SetThreadLocale
GetUserDefaultLangID
GetUserDefaultLCID
GetStringTypeA
EnumUILanguagesW
SetConsoleMode
ReadConsoleInputW
PeekConsoleInputW
WriteConsoleW
SetConsoleCtrlHandler
SetConsoleActiveScreenBuffer
SetConsoleCP
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
SetConsoleWindowInfo
WriteConsoleOutputCharacterW
WriteConsoleOutputAttribute
ReadConsoleOutputCharacterW
ScrollConsoleScreenBufferW
ReadConsoleOutputW
GetNumberOfConsoleMouseButtons
GetConsoleFontSize
GetConsoleSelectionInfo
GetConsoleProcessList
CloseHandle
CreateFileW
GetConsoleMode
GetConsoleOutputCP
HeapReAlloc
HeapSize
GetProcessHeap
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
FindFirstFileW
FindClose
DefineDosDeviceW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetEnvironmentVariableW
LCMapStringW
GetModuleHandleA
FindNextFileW
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
GetModuleFileNameW
TerminateProcess
GetModuleHandleExW
HeapAlloc

winspool.drv

SetPrinterDataExW
ResetPrinterW
ConnectToPrinterDlg
SetPortW
ConfigurePortW
EnumFormsW
SetFormW
GetFormW
EnumPrintersW
SetPrinterDataW
EnumPrinterKeyW
EnumPrinterDataExW
EnumPrinterDataW
GetPrinterDataExW
GetPrinterDataW
FlushPrinter
GetPrinterW
SetPrinterW
EnumJobsW
GetJobW
SetJobW

version

VerInstallFileW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerFindFileW

comctl32

ord412
ord410
ord14
ord15
ord13
PropertySheetW
ord413

dxgi

CreateDXGIFactory

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscorlib/SettingsHandlers_InputPersonalization.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

b1ed2f734ce31b7a7587324d68b842c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_InputPersonalization.pdb

Imports

msvcrt

realloc
strcspn
__ExceptionPtrDestroy
_purecall
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
__ExceptionPtrCurrentException
__ExceptionPtrRethrow
??0bad_cast@@QEAA@AEBV0@@Z
localeconv
_vsnprintf_s
memmove_s
sprintf_s
fputc
fflush
fclose
fgetc
fwrite
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
_wcsicmp
_errno
_callnewh
setlocale
_CxxThrowException
memcpy
memmove
__uncaught_exception
??0bad_cast@@QEAA@PEBD@Z
__ExceptionPtrCopy
??1bad_cast@@UEAA@XZ
___lc_codepage_func
calloc
___mb_cur_max_func
_ismbblead
_wcsdup
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
fseek
_wfsopen
islower
abort
memset
memcmp
??1type_info@@UEAA@XZ
isupper
__CxxFrameHandler3
__ExceptionPtrCreate
memcpy_s
_onexit
__dllonexit
_unlock
_vsnwprintf
___lc_handle_func
_lock
?terminate@@YAXXZ
??_V@YAXPEAX@Z
__C_specific_handler
_initterm
malloc
__pctype_func
free
_amsg_exit
_XcptFilter
bsearch_s
??3@YAXPEAX@Z

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExA
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsDuplicateString
WindowsGetStringRawBuffer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
LeaveCriticalSection
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
ResetEvent
AcquireSRWLockShared
ReleaseSemaphore
InitializeSRWLock
ReleaseSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
CreateMutexExW
InitializeCriticalSectionEx
DeleteCriticalSection
CreateEventW
CreateEventExW
SetEvent
OpenSemaphoreW
SleepEx
CreateSemaphoreExW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep
InitOnceComplete
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
OpenThreadToken
CreateThread
GetCurrentThread
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-security-base-l1-1-0

RevertToSelf
IsValidSid
ImpersonateLoggedOnUser
GetTokenInformation

api-ms-win-core-file-l1-1-0

CreateFileW
FindClose
GetFileAttributesW
FindNextFileW
GetDriveTypeW
WriteFile
ReadFile
CreateDirectoryW
GetFileSizeEx
FindFirstFileExW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolTimer

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoWaitForMultipleHandles
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
CoDecrementMTAUsage
CoIncrementMTAUsage

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-localization-l1-2-0

FormatMessageW
LocaleNameToLCID

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsPrefixW
PathFileExistsW
PathIsUNCW
PathAppendW
PathGetDriveNumberW
PathFindNextComponentW
PathCombineW

ntdll

RtlIsMultiSessionSku

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

profapi

ord104

Exports

Exports

GetSetting

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscorlib/SettingsHandlers_ManagePhone.dll
.dll windows:10 windows x64 arch:x64

d0cb94157f279cdb57d7e3c1d820c74a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_ManagePhone.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o_bsearch_s
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcsncpy_s
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
_CxxThrowException
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscspn

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringLen
WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsCreateString
WindowsPromoteStringBuffer
WindowsDeleteStringBuffer
WindowsPreallocateStringBuffer
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

kernel32

InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateSemaphoreExW
LeaveCriticalSection
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
SetLastError
ReleaseMutex
GetPackagesByPackageFamily
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
CloseThreadpoolTimer
VerifyVersionInfoW
VerSetConditionMask
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
DebugBreak
GetModuleFileNameA
CreateEventExW
ExpandEnvironmentStringsW
WaitForSingleObjectEx
HeapAlloc
GetProcessHeap
HeapFree
FindStringOrdinal
CreateMutexExW
FreeLibrary
FindResourceExW
LoadResource
LockResource
GetProcAddress
AcquireSRWLockExclusive
QueueUserWorkItem
GetModuleHandleExW
GetCurrentThread
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
OutputDebugStringW
CompareStringA
CloseHandle
DeleteCriticalSection
ResetEvent
RaiseException
CreateThreadpoolTimer
CreateThread
InitOnceComplete
InitializeSRWLock
InitOnceBeginInitialize
SetEvent
CreateEventW
EnterCriticalSection

advapi32

RegSetValueExW
RegGetValueW
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
OpenThreadToken
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
EventActivityIdControl
RegNotifyChangeKeyValue
RegSetKeyValueW

ole32

CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoDecrementMTAUsage
CoInitializeEx
CoUninitialize
CoIncrementMTAUsage
CoTaskMemFree
CoTaskMemAlloc
CoGetMalloc
CoTaskMemRealloc
CoCreateInstance
CoGetClassObject

shlwapi

SHStrDupW
ord16

secur32

GetUserNameExW

msvcp_win

?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?_Incref@facet@locale@std@@UEAAXXZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Xlength_error@std@@YAXPEBD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
RoOriginateLanguageException
IsErrorPropagationEnabled

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

shcore

ord190

oleaut32

SysFreeString
SysStringLen

api-ms-win-core-com-l1-1-0

CoGetObjectContext

api-ms-win-core-com-l1-1-1

RoGetAgileReference

Exports

Exports

GetSetting

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscorlib/SettingsHandlers_WorkAccess.dll
.dll windows:10 windows x64 arch:x64

f0058412f3431590bb1827e4300affd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_WorkAccess.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsnicmp
memmove
_o_bsearch_s
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wmemcpy_s
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
strchr
wcsrchr
wcschr
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsnlen

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LockResource
SizeofResource
FreeLibrary
LoadLibraryExW
GetModuleHandleW
FindResourceExW
LoadResource
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LeaveCriticalSection
CreateMutexExW
EnterCriticalSection
WaitForSingleObjectEx
WaitForMultipleObjectsEx
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseMutex
CreateEventExW
WaitForSingleObject
SetEvent
ReleaseSemaphore
OpenSemaphoreW
DeleteCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionEx
InitializeSRWLock
ResetEvent
CreateEventW
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
GetProcessHeap
HeapSize
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
CreateThread
GetCurrentThreadId
GetExitCodeProcess
GetProcessId
OpenProcessToken
OpenThreadToken
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventProviderEnabled
EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventUnregister

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString
WindowsConcatString
WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsDuplicateString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlGetDeviceFamilyInfoEnum
RtlIsStateSeparationEnabled
RtlIsMultiSessionSku
NtQueryInformationToken

netapi32

NetApiBufferFree
NetGetJoinInformation
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

mdmdiagnostics

ord2

dmiso8601utils

ISO8601StringToSystemTime

omadmapi

ord90
ord89
ord34
ord38
ord47
ord56
ord23
ord39
ord86

dmenrollengine

GetEnrollmentPartnerOpaqueID
ord10
GetRecoveryInitiatedByServer
GetEnrollmentState
GetEnrollmentLinkedEnrollmentId
GetEnrollmentDiscoveryService
GetIsRecoveryAllowed
ord5
GetEnrollmentAadResourceUrl
GetEnrollmentUPN

dynamoapi

DynamoCheckIfAreaIsDynamicallyManaged

policymanager

PolicyManager_GetPolicyInt
EnterprisePolicyManagerStore_GetAllProviderIds
EnterprisePolicyManagerStore_GetAllProviderContextSidAreas

dmcmnutils

DmGetAadEnrollmentResource
CopyString

authbroker

AuthBrokerCreateClientContext
AuthBrokerSetThreadClientContext

msvcp_win

_Wcsxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?id@?$collate@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
_Wcscoll
??0_Lockit@std@@QEAA@H@Z
?id@?$ctype@G@std@@2V0locale@2@A
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

dsreg

DsrFreeJoinInfo
DsrGetJoinInfo
DsrIsDeviceJoined

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize
RoActivateInstance

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

oleaut32

VariantInit
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VariantClear

api-ms-win-security-base-l1-1-0

IsValidSid
CopySid
CreateWellKnownSid
CheckTokenMembership
DuplicateToken
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
GetLengthSid

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-url-l1-1-0

UrlUnescapeW
UrlEscapeW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOnFile

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

rpcrt4

UuidFromStringW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSetting

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscorlib/SettingsHandlers_nt.dll
.dll windows:10 windows x64 arch:x64

7ae06e70115094afbbb6316378531a7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_nt.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
strncmp
wcscspn
wcsspn
wcscmp
memmove_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__wtoi
_o__wtoi64
_o_bsearch
_o_bsearch_s
_o_calloc
_o_free
_o_iswdigit
_o_iswspace
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_terminate
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
memmove
_CxxThrowException
_o__wcsnicmp
_o__wcslwr_s
_o__wcsicmp
_o__set_errno
_o__seh_filter_dll
_o__register_onexit_function
_o__recalloc
_o__purecall
_o__ltow_s
_o__itow_s
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler4
memcmp
memcpy
_o_iswctype
_o_wcstombs_s
__CxxFrameHandler3
wcsrchr
strchr
wcschr
wcsstr
__std_type_info_compare

combase

NdrCStdStubBuffer_Release

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
UnregisterWait
GetComputerNameW
LoadLibraryW

rpcrt4

CStdStubBuffer_Connect
UuidCreate
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
NdrDllCanUnloadNow
NdrDllGetClassObject

api-ms-win-core-string-l1-1-0

CompareStringEx
GetStringTypeExW
WideCharToMultiByte
CompareStringW
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer
EventActivityIdControl
EventProviderEnabled
EventSetInformation

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetCalendarInfoEx
SetUserGeoID
GetUserDefaultLocaleName
LocaleNameToLCID
GetUserPreferredUILanguages
FormatMessageW
EnumSystemGeoID
GetUserGeoID
SetLocaleInfoW
GetGeoInfoW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
TerminateProcess
CreateThread
GetCurrentThreadId
GetCurrentThread
GetExitCodeProcess
GetProcessId
GetCurrentProcess
OpenThreadToken

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapDestroy
HeapSize
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadResource
LoadLibraryExW
SizeofResource
GetModuleHandleW
FindResourceExW
FindStringOrdinal
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
LockResource

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
AcquireSRWLockShared
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
AcquireSRWLockExclusive
InitializeCriticalSectionEx
ReleaseSemaphore
WaitForSingleObjectEx
ResetEvent
TryEnterCriticalSection
InitializeCriticalSection
WaitForMultipleObjectsEx
CreateEventW
InitializeSRWLock
CreateEventExW
CreateSemaphoreExW
ReleaseSRWLockShared
CreateMutexExW
SetEvent
ReleaseMutex
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount

api-ms-win-core-com-l1-1-0

CoGetMalloc
CoCreateFreeThreadedMarshaler
CoIncrementMTAUsage
CoUninitialize
CoDecrementMTAUsage
CoWaitForMultipleHandles
CoSetProxyBlanket
IIDFromString
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
StringFromIID
PropVariantCopy
CoCreateInstance
StringFromCLSID
CoTaskMemRealloc
CoGetApartmentType
PropVariantClear
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoGetCallContext
CoGetStdMarshalEx
CoReleaseMarshalData

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegLoadMUIStringW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegGetValueW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegCloseKey
RegEnumValueW

oleaut32

LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayGetUBound
LPSAFEARRAY_UserMarshal
SafeArrayDestroy
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantChangeType
SysAllocString
SysFreeString
VarUI4FromStr
VarBstrCat
LPSAFEARRAY_UserSize64
SafeArrayGetLBound
SysAllocStringLen
VarBstrCmp

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
GetRestrictedErrorInfo
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetLocalTime
GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetTickCount64
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-misc-l1-1-0

lstrcmpiW

api-ms-win-core-sidebyside-l1-1-0

FindActCtxSectionStringW
CreateActCtxW
QueryActCtxW
ActivateActCtx
DeactivateActCtx

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoOriginateLanguageException
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CloseThreadpoolTimer
SubmitThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
SetThreadpoolWait

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
ImpersonateLoggedOnUser
DuplicateToken
AllocateAndInitializeSid
RevertToSelf
GetTokenInformation
DestroyPrivateObjectSecurity
CreateWellKnownSid
EqualSid
CopySid
GetLengthSid
IsValidSid

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
CreateFileW
FindFirstFileExW
FindNextFileW
FindFirstFileW
FindClose
GetFileAttributesW
WriteFile
CreateDirectoryW
DeleteFileW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetOsSafeBootMode
VerSetConditionMask
GetProductInfo

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetModuleFileNameExW
K32GetProcessImageFileNameW

api-ms-win-core-localization-l2-1-0

EnumCalendarInfoExEx
EnumTimeFormatsEx

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountSidW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient8
ObjectStublessClient5
ObjectStublessClient10
ObjectStublessClient6
ObjectStublessClient7
ObjectStublessClient11
ObjectStublessClient3
ObjectStublessClient9
ObjectStublessClient4

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIW
QISearch
StrPBrkW
StrChrW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetBoolUSValueW
SHRegQueryUSValueW
SHRegWriteUSValueW
SHRegSetUSValueW
SHRegCloseUSKey
SHRegGetUSValueW
SHRegCreateUSKeyW
SHRegEnumUSKeyW
SHRegOpenUSKeyW

api-ms-win-core-localization-private-l1-1-0

NlsCheckPolicy

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

api-ms-win-core-shlwapi-legacy-l1-1-0

PathCommonPrefixW
PathRemoveExtensionW
PathFindFileNameW
SHExpandEnvironmentStringsW
PathFindExtensionW
PathFileExistsW

api-ms-win-core-registry-l2-1-0

RegQueryValueW
RegOpenKeyW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW
GetFirmwareType

api-ms-win-core-timezone-private-l1-1-0

IsTimeZoneRedirectionEnabled

user32

ord2521
SetPropW
GetPropW
DestroyMenu
GetMenuDefaultItem
CreatePopupMenu
GetKeyState
SendInput
UnregisterClassA
GetProcessDefaultLayout
GetWindowRect
SystemParametersInfoW
SendNotifyMessageW
SendMessageW
GetSysColor
PostMessageW
GetKeyboardLayout
MapVirtualKeyExW
GetWindowThreadProcessId
EnumWindows
GetForegroundWindow
GetSystemMetrics
ord2517
DispatchMessageW
GetWindowLongPtrW
LoadCursorW
SetCursor
TranslateMessage
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
FindWindowW
IsWindow
DestroyIcon
LoadImageW
FindWindowExW
CopyIcon
AllowSetForegroundWindow
MonitorFromRect
GetMonitorInfoW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
SetWindowLongPtrW
GetMessageW
DestroyWindow
UnregisterClassW
SetDesktopColorTransform
DefWindowProcW
CharUpperBuffW
GetUserObjectInformationW
GetShellWindow
GetActiveWindow
GetProcessWindowStation
EnumDesktopsW
CloseDesktop
EnumDesktopWindows
SetThreadDesktop
GetThreadDesktop
OpenDesktopW
GhostWindowFromHungWindow
IsWindowVisible
GetWindowLongW
GetWindow
GetClassNameW
InflateRect
ord2544

shlwapi

ord176
StrFormatByteSizeEx
ord629
ord214
ord568
ord174
ord560
ord213
ord12
SHDeleteValueW
SHRegGetValueW
ord199
ord433
SHGetThreadRef
ord548
ord630
ord618
ord544
ord154
ord437
SHSetValueW
SHGetValueW
SHDeleteKeyW
ord16
ord260
ord487
StrToIntW
PathIsRelativeW
PathMatchSpecExW
StrStrIW
ord158
StrChrIW
ord212
PathIsNetworkPathW
SHStrDupA
ord270

shell32

SHGetIDListFromObject
ord923
ord644
ord27
SHCreateShellItem
SHGetNameFromIDList
ord645
ord18
ord916
ord924
SHGetKnownFolderIDList
ord846
SHBindToFolderIDListParentEx
ord2
SHCreateItemInKnownFolder
ord921
ord901
SHCreateShellItemArrayFromIDLists
ord850
SHGetKnownFolderItem
ord155
SHGetKnownFolderPath
SHCreateItemFromParsingName
ord100
ord4
SHChangeNotify
ShellExecuteExW
SHGetFolderPathEx
ord165

shcore

ord233
ord232
ord230
SHTaskPoolQueueTask
ord241
CreateStreamOverRandomAccessStream
ord145
ord244

kernel32

OpenJobObjectW
OpenMutexW
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
K32GetModuleBaseNameW
IsProcessInJob
K32EnumProcesses
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OOBEComplete
SearchPathW
SetDynamicTimeZoneInformation
GetTimeZoneInformation
GetDynamicTimeZoneInformation
HeapReAlloc
K32EnumProcessModules
GlobalFree
CreateMutexW
LCMapStringW
FindNLSString
CeipIsOptedIn
FindPackagesByPackageFamily
OpenEventW
CloseThreadpoolWork
RegDeleteTreeW
ProcessIdToSessionId
lstrcmpW
GlobalAlloc
CompareFileTime
GetFileAttributesExW
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformationForYear
RegSetKeySecurity
RegDeleteKeyExW
LocalReAlloc
GetSystemPreferredUILanguages
ResolveLocaleName
GetSystemDefaultLCID

api-ms-win-appmodel-runtime-l1-1-0

OpenPackageInfoByFullName
ClosePackageInfo
GetPackageInfo

policymanager

PolicyManager_GetPolicy
PolicyManager_GetPolicyString
PolicyManager_FreeStringValue
PolicyManager_GetPolicyInt
PolicyManager_IsPolicySetByMobileDeviceManager

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Xbad_alloc@std@@YAXXZ
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Wcscoll
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
_Wcsxfrm
_Mtx_destroy_in_situ
?__ExceptionPtrRethrow@@YAXPEBX@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?id@?$collate@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
_Mtx_lock
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
_Mtx_unlock
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
_Cnd_init_in_situ
?is@?$ctype@G@std@@QEBA_NFG@Z
_Cnd_destroy_in_situ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
??1facet@locale@std@@MEAA@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
??0facet@locale@std@@IEAA@_K@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
_Cnd_broadcast
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
_Cnd_wait
?_Xlength_error@std@@YAXPEBD@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ

appxdeploymentclient

ord23
ord25
ord24

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchCombine

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-service-management-l2-1-0

QueryServiceConfigW

api-ms-win-core-memory-l1-1-0

VirtualQuery

winhttp

WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpDetectAutoProxyConfigUrl
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpSetOption
WinHttpOpen
WinHttpCrackUrl
WinHttpConnect

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

RtlIsMultiSessionSku
RtlPublishWnfStateData
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlAcquireSRWLockExclusive
WinSqmAddToStreamEx
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
WinSqmSetDWORD
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIpv4AddressToStringExW
RtlReleaseSRWLockShared
NtQueryInformationToken
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
WinSqmAddToStream
RtlInitUnicodeString
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlNtStatusToDosError
RtlAllocateWnfSerializationGroup
RtlQueryWnfStateData
WinSqmIncrementDWORD
WinSqmIsOptedIn
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
RtlGetDeviceFamilyInfoEnum
RtlGetVersion
RtlIpv6AddressToStringExW
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
RtlFreeHeap

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

SHPinDllOfCLSID
ord317
ord448

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

api-ms-win-appmodel-runtime-internal-l1-1-0

GetPackageContext
GetPackagePropertyString

api-ms-win-appmodel-state-l1-2-0

GetSystemAppDataKey
OpenStateExplicit
CloseState

api-ms-win-shcore-thread-l1-1-0

GetProcessReference

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_GetSite

sppc

SLpIsCurrentInstalledProductKeyDefaultKey

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

errordetailscore

FreeErrorDetails
GetErrorDetailsWithContext

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetProxyDllInfo
GetSetting

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 946KB - Virtual size: 945KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscorlib/v4.0_4.0.0.0__b77a5c561934e089/mscorlib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:ae:2d:35:51:c8:53:8f:55:1d:00:00:00:00:03:ae
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:08

Not After

14/11/2024, 19:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:22:da:ba:2a:45:f6:ee:b0:ab:f7:44:e4:ba:81:a4:3a:fe:6f:d4:8f:d7:62:7f:6b:92:31:10:a2:28:4b:97
Signer

Actual PE Digest

90:22:da:ba:2a:45:f6:ee:b0:ab:f7:44:e4:ba:81:a4:3a:fe:6f:d4:8f:d7:62:7f:6b:92:31:10:a2:28:4b:97

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mscorlib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 487KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mscorlib/v4.0_4.0.0.0__b77a5c561934e089/normidna.nlp
mscorlib/v4.0_4.0.0.0__b77a5c561934e089/normnfc.nlp
mscorlib/v4.0_4.0.0.0__b77a5c561934e089/normnfd.nlp
mscorlib/v4.0_4.0.0.0__b77a5c561934e089/normnfkc.nlp
mscorlib/v4.0_4.0.0.0__b77a5c561934e089/normnfkd.nlp
mshwkorrIME.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
twain_32.dll
.dll windows:10 windows x86 arch:x86

316cd668ed705c998eae8d3bd7bd168f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

twain_32.pdb

Imports

msvcrt

_chdir
strcpy_s
_getcwd
_errno
_strcmpi
_chdrive
strcat_s
sprintf_s
strncpy_s
_snprintf_s
_purecall
_ltoa
atol
free
_strnicmp
_vsnwprintf
memcpy_s
remove
_read
_close
_write
_lseek
_sopen
_locking
_vsnprintf
strncmp
_XcptFilter
_amsg_exit
_initterm
_lock
malloc
_getdrive
_unlock
__dllonexit
_onexit
_except_handler4_common
memcpy
memset

kernel32

SetLastError
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetTempPathA
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
HeapAlloc
PowerClearRequest
OpenSemaphoreW
WaitForSingleObjectEx
InitOnceComplete
OutputDebugStringW
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
HeapFree
CreateSemaphoreExW
InitOnceBeginInitialize
PowerSetRequest
GetModuleFileNameA
WriteProfileStringA
GetCurrentProcess
lstrcmpiA
MultiByteToWideChar
lstrlenA
GlobalSize
GetVersion
GetLastError
GlobalFlags
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
PowerCreateRequest
CloseHandle
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
GetWindowsDirectoryA
GetProcAddress
FreeLibrary
GetProfileStringA
GlobalHandle
OpenFile

user32

RegisterWindowMessageA
LoadStringA
SendMessageA
FindWindowA
PeekMessageA
DdeCmpStringHandles
DdeConnect
DdeQueryConvInfo
DdeClientTransaction
DdeDisconnect
DdeGetData
DdeGetLastError
DdeCreateStringHandleA
DdeCreateDataHandle
DdeUninitialize
DdeInitializeA
DdeFreeStringHandle
DispatchMessageA
TranslateMessage
UnhookWindowsHook
CallNextHookEx
EndDialog
DialogBoxParamA
SetFocus
SendDlgItemMessageA
SetWindowsHookA
GetDlgItem
EnableWindow
PostMessageA
IsWindow
CharUpperA

apphelp

ApphelpCheckExe

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

Exports

Exports

AboutDlgProc
ChooseDlgProc
DSM_Entry
InfoHook
WGDlgProc

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wrpintapi.dll
.dll windows:10 windows x64 arch:x64

88d112d340f48a8e711dbb236eff1b92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wrpintapi.pdb

Imports

msvcrt

_amsg_exit
free
malloc
_initterm
__C_specific_handler
_XcptFilter
memcmp

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
Sleep
QueryPerformanceCounter

rpcrt4

CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_AddRef
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
IUnknown_Release_Proxy
NdrOleAllocate

combase

ord2
ord3

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

482ab440211976ea17ec54e3ce97e53d

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

3e:06:22:26:1f:ee:f9:26:5d:26:d2:90:b9:f6:6b:3e:d3:12:9f:16:11:0e:8c:d6:25:ac:11:4b:c4:d6:bd:f9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

ntdll

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-appcompat-l1-1-0

win32u

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 5KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 504B

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 228B

Password: 2024

d811d71710ad58776155b7a8da1fa9db

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

f1:8d:45:d8:09:2f:ce:7d:83:51:fc:ac:cc:cb:5c:35Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

3e:06:22:26:1f:ee:f9:26:5d:26:d2:90:b9:f6:6b:3e:d3:12:9f:16:11:0e:8c:d6:25:ac:11:4b:c4:d6:bd:f9
Signer

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 504B

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 228B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

f1:8d:45:d8:09:2f:ce:7d:83:51:fc:ac:cc:cb:5c:35
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

f1:8d:45:d8:09:2f:ce:7d:83:51:fc:ac:cc:cb:5c:35
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

fd:2c:73:70:89:f7:1d:34:a8:2c:2c:64:43:2e:d5:02:3b:da:7d:bb:77:d3:65:05:c0:83:20:24:4f:76:09:5b
Signer

d8:43:8b:ae:65:fd:2d:6c:1d:2f:59:c9:07:da:65:04:8c:ae:aa:c1
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 5.2MB - Virtual size: 5.2MB

.reloc
Size: 16KB - Virtual size: 16KB

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

3d:75:de:d0:b9:ac:94:38:c0:57:50:1c:5a:8a:d4:3b:fd:45:7a:05:ac:78:a3:da:a2:7c:5d:64:c8:c1:bc:c7
Signer

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 312B

.pdata
Size: 512B - Virtual size: 396B

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 512B - Virtual size: 28B

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 7.0MB - Virtual size: 7.0MB