Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2013-Aug-22 10:19:59 |
Detected languages |
English - United States
|
Debug artifacts |
aaedge.pdb
|
CompanyName | Microsoft Corporation |
FileDescription | Anywhere Access Edge |
FileVersion | 6.3.9600.16384 (winblue_rtm.130821-1623) |
InternalName | aaedge.dll |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | aaedge.dll |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 6.3.9600.16384 |
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/65 (Scanned on 2017-11-13 17:06:55) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2013-Aug-22 10:19:59 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 11.3 |
SizeOfCode | 0x96e00 |
SizeOfInitializedData | 0xd400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00000000000902F4 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x180000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.3 |
ImageVersion | 6.3 |
SubsystemVersion | 6.3 |
Win32VersionValue | 0 |
SizeOfImage | 0xa8000 |
SizeOfHeaders | 0x400 |
Checksum | 0xaa30b |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x40000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
msvcrt.dll |
memcpy_s
wcstok wcsstr ?terminate@@YAXXZ wcschr _itow _ui64tow _wtoi wcsrchr _stricmp _beginthreadex memset memcpy memcmp _wcsicmp strchr wcstok_s swscanf_s _ultow vswprintf_s memmove_s ??0exception@@QEAA@XZ ldiv ??0exception@@QEAA@AEBQEBD@Z _aligned_malloc _aligned_free _ui64tow_s wcsncat_s wcsncpy_s _purecall memmove wcscpy_s strncmp _vsnprintf _strcmpi _strnicmp atoi wcsncmp __CxxFrameHandler3 ??1type_info@@UEAA@XZ _onexit __dllonexit _unlock _lock __C_specific_handler _initterm _amsg_exit _XcptFilter _CxxThrowException _callnewh ?what@exception@@UEBAPEBDXZ ??1exception@@UEAA@XZ ??0exception@@QEAA@AEBV0@@Z ??0exception@@QEAA@AEBQEBDH@Z malloc free _vsnwprintf calloc wcscmp |
---|---|
WS2_32.dll |
WSASocketW
#8 #9 #14 WSAAddressToStringW #116 #111 #115 #21 #2 #3 FreeAddrInfoW GetAddrInfoW GetNameInfoW WSAStringToAddressW InetNtopW WSAIoctl |
KERNEL32.dll |
VerSetConditionMask
LoadLibraryExW TerminateProcess UnhandledExceptionFilter RtlVirtualUnwind RtlLookupFunctionEntry ResetEvent EnterCriticalSection GetModuleFileNameW LeaveCriticalSection InitializeCriticalSection GetProcessHeap GetModuleHandleExW HeapFree LocalReAlloc CreateTimerQueue DeleteTimerQueueEx SystemTimeToTzSpecificLocalTime CompareFileTime GetFileAttributesExW ReadFile InitializeSListHead InitializeSRWLock InterlockedPopEntrySList InterlockedFlushSList AcquireSRWLockShared ReleaseSRWLockShared AcquireSRWLockExclusive ReleaseSRWLockExclusive InterlockedPushEntrySList CreateThreadpoolIo StartThreadpoolIo HeapAlloc WaitForThreadpoolIoCallbacks CloseThreadpoolIo RtlCaptureContext GetTickCount GetSystemTimeAsFileTime GetCurrentThreadId WaitForSingleObject QueryPerformanceCounter Sleep UnregisterWait SetEvent CloseHandle SetLastError GetCurrentProcess CreateEventW GetCurrentThread GetSystemTime SystemTimeToFileTime OutputDebugStringA PostQueuedCompletionStatus ExpandEnvironmentStringsW CreateTimerQueueTimer DeleteTimerQueueTimer RegisterWaitForSingleObject UnregisterWaitEx CreateIoCompletionPort GetQueuedCompletionStatus IsBadWritePtr SetWaitableTimer CreateWaitableTimerW GetVersionExW GetComputerNameExW DeleteFileW ChangeTimerQueueTimer MoveFileW FindFirstFileW FindNextFileW FindClose GetFileAttributesW CreateDirectoryW GetLastError SetUnhandledExceptionFilter GetModuleHandleExA GetProcAddress FreeLibrary DisableThreadLibraryCalls TryEnterCriticalSection GetComputerNameW WideCharToMultiByte LoadLibraryW CreateFileW SwitchToThread GetTickCount64 CreateThread DeleteCriticalSection GetSystemInfo GetCurrentProcessId LocalAlloc GetModuleHandleW lstrcmpiW LocalFree WaitForMultipleObjects CancelThreadpoolIo MultiByteToWideChar |
ADVAPI32.dll |
ConvertSidToStringSidW
LookupAccountNameW PerfStopProvider PerfStartProvider PerfSetCounterSetInfo PerfCreateInstance PerfSetCounterRefValue EventUnregister EventWrite EventRegister RegNotifyChangeKeyValue RegDeleteKeyW RegQueryInfoKeyW DuplicateToken IsValidSid RegGetValueW RegEnumValueW RegEnumKeyExW RegSetValueExW RegCreateKeyExW LookupAccountSidW EqualSid GetTokenInformation OpenThreadToken CheckTokenMembership CreateWellKnownSid ControlTraceW StartTraceW RegDeleteValueW EnableTraceEx2 CopySid GetLengthSid DuplicateTokenEx CryptReleaseContext IsTextUnicode RegCloseKey RegOpenKeyExW RegQueryValueExW EventActivityIdControl OpenProcessToken SetServiceStatus RegisterServiceCtrlHandlerW TraceMessage UnregisterTraceGuids RegisterTraceGuidsW GetTraceEnableFlags GetTraceEnableLevel GetTraceLoggerHandle |
OLEAUT32.dll |
#6
#9 #4 #2 #7 #23 #24 #149 #8 #150 |
AUTHZ.dll |
AuthzFreeResourceManager
AuthzFreeContext AuthzGetInformationFromContext AuthzInitializeContextFromSid AuthzInitializeResourceManager |
ntdll.dll |
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW RtlVerifyVersionInfo RtlGetLastNtStatus NtDuplicateObject WinSqmSetDWORD |
Secur32.dll |
GetComputerObjectNameW
FreeCredentialsHandle SetContextAttributesW InitializeSecurityContextW InitSecurityInterfaceW QuerySecurityPackageInfoW QueryContextAttributesW EncryptMessage FreeContextBuffer AcquireCredentialsHandleW DecryptMessage GetUserNameExW AcceptSecurityContext DeleteSecurityContext |
ole32.dll |
IIDFromString
CoInitializeEx StringFromGUID2 CLSIDFromString CoCreateInstance CoInitialize CoUninitialize CoCreateGuid |
CRYPT32.dll |
CertCloseStore
CertFindCertificateInStore CertOpenStore CryptAcquireCertificatePrivateKey CertGetCertificateContextProperty CryptStringToBinaryA CertFreeCertificateContext CryptSignMessage CryptVerifyMessageSignature CertGetEnhancedKeyUsage CertGetCertificateChain CertFreeCertificateChain CryptDecryptMessage CryptBinaryToStringW |
NETAPI32.dll |
DsRoleFreeMemory
DsGetDcNameW NetApiBufferFree DsRoleGetPrimaryDomainInformation |
SLC.dll |
SLRegisterWindowsEvent
|
VSSAPI.DLL |
CreateWriter
|
SHLWAPI.dll |
PathFindFileNameW
|
ACTIVEDS.dll |
#9
#17 #13 #6 #4 #15 #3 #18 #5 |
WLDAP32.dll |
#73
#170 #41 #26 #79 #14 #16 #18 #46 #142 #210 |
ualapi.dll |
UalStop
UalInstrument UalStart UalRegisterProduct |
RPCRT4.dll |
I_RpcAsyncSetHandle
RpcRevertToSelf RpcAsyncInitializeHandle RpcServerInqCallAttributesW I_RpcGetBuffer RpcServerSubscribeForNotification RpcServerUnsubscribeForNotification RpcMgmtWaitServerListen I_RpcReallocPipeBuffer I_RpcSend RpcImpersonateClient RpcServerUnregisterIfEx RpcAsyncAbortCall RpcSsContextLockExclusive RpcBindingInqAuthClientW NdrAsyncServerCall RpcServerTestCancel NdrServerCall2 NdrServerCallAll RpcAsyncCompleteCall I_RpcExceptionFilter NDRSContextUnmarshall2 NDRSContextMarshall2 RpcBindingSetOption RpcBindingVectorFree RpcMgmtStopServerListening RpcRaiseException RpcCertGeneratePrincipalNameW RpcStringFreeW RpcServerRegisterAuthInfoW RpcServerInqDefaultPrincNameW RpcServerRegisterIfEx I_RpcServerUseProtseqEp2W RpcServerUseProtseqEpExW RpcServerListen RpcEpRegisterW RpcBindingFree RpcStringBindingParseW RpcBindingToStringBindingW RpcBindingServerFromClient RpcFreeAuthorizationContext RpcServerInqBindings RpcGetAuthorizationContextForClient |
HTTPAPI.dll |
HttpQueryServiceConfiguration
HttpWaitForDisconnect HttpCancelHttpRequest HttpSendHttpResponse HttpTerminate HttpCloseServerSession HttpCloseRequestQueue HttpShutdownRequestQueue HttpCloseUrlGroup HttpRemoveUrlFromUrlGroup HttpReceiveRequestEntityBody HttpSendResponseEntityBody HttpReceiveHttpRequest HttpSetUrlGroupProperty HttpCreateRequestQueue HttpAddUrlToUrlGroup HttpCreateUrlGroup HttpSetServerSessionProperty HttpCreateServerSession HttpInitialize |
Ordinal | 1 |
---|---|
Address | 0x15ce0 |
Ordinal | 2 |
---|---|
Address | 0x15d08 |
Ordinal | 3 |
---|---|
Address | 0x15d14 |
Ordinal | 4 |
---|---|
Address | 0x15c9c |
Ordinal | 5 |
---|---|
Address | 0x15d30 |
Ordinal | 6 |
---|---|
Address | 0x15d3c |
Ordinal | 7 |
---|---|
Address | 0x161a4 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 6.3.9600.16384 |
ProductVersion | 6.3.9600.16384 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | Anywhere Access Edge |
FileVersion (#2) | 6.3.9600.16384 (winblue_rtm.130821-1623) |
InternalName | aaedge.dll |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | aaedge.dll |
ProductName | Microsoft® Windows® Operating System |
ProductVersion (#2) | 6.3.9600.16384 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2013-Aug-22 10:19:59 |
Version | 0.0 |
SizeofData | 35 |
AddressOfRawData | 0x15964 |
PointerToRawData | 0x14d64 |
Referenced File | aaedge.pdb |
Size | 0x94 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x180098008 |
XOR Key | 0x77de43d1 |
---|---|
Unmarked objects | 0 |
C objects (65501) | 16 |
ASM objects (65501) | 2 |
Total imports | 447 |
Imports (65501) | 45 |
C++ objects (65501) | 7 |
Exports (65501) | 1 |
211 (65501) | 113 |
Resource objects (65501) | 1 |
Linker (65501) | 1 |