Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1990-Feb-17 16:49:49 |
Detected languages |
English - United States
|
Debug artifacts |
explorer.pdb
|
CompanyName | Microsoft Corporation |
FileDescription | Windows Explorer |
FileVersion | 10.0.18362.267 (WinBuild.160101.0800) |
InternalName | explorer |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | EXPLORER.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 10.0.18362.267 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 |
Suspicious | The PE is possibly packed. |
Unusual section name found: .imrsiv
Unusual section name found: .didat |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Microsoft Windows
Issuer: Microsoft Windows Production PCA 2011 |
Safe | VirusTotal score: 0/69 (Scanned on 2019-09-08 09:44:40) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 8 |
TimeDateStamp | 1990-Feb-17 16:49:49 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x245200 |
SizeOfInitializedData | 0x20a400 |
SizeOfUninitializedData | 0x200 |
AddressOfEntryPoint | 0x0000000000098710 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | A.0 |
ImageVersion | A.0 |
SubsystemVersion | A.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x454000 |
SizeOfHeaders | 0x400 |
Checksum | 0x466e11 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x80000 |
SizeofStackCommit | 0xe000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
msvcp_win.dll |
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z ?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z ?width@ios_base@std@@QEAA_J_J@Z ?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ ?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ ?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z ?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ ?flags@ios_base@std@@QEBAHXZ ?width@ios_base@std@@QEBA_JXZ ?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ ?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ ?good@ios_base@std@@QEBA_NXZ ?uncaught_exception@std@@YA_NXZ ?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ ?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ ?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ ?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ ??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ ??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ ?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z ??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z ?_Incref@facet@locale@std@@UEAAXXZ ?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z ?is@?$ctype@G@std@@QEBA_NFG@Z ??1_Locinfo@std@@QEAA@XZ ??1_Lockit@std@@QEAA@XZ ?_Xlength_error@std@@YAXPEBD@Z ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ ??0_Locinfo@std@@QEAA@PEBD@Z ??0_Lockit@std@@QEAA@H@Z ??1facet@locale@std@@MEAA@XZ ??0facet@locale@std@@IEAA@_K@Z ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ ?id@?$ctype@G@std@@2V0locale@2@A ??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z ?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z ?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z ?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ ?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z ?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z ?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z ?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z ?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ ?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ ?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z ?_Xbad_alloc@std@@YAXXZ ?tolower@?$ctype@G@std@@QEBAGG@Z ?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z ?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ _Wcscoll _Wcsxfrm ?id@?$collate@G@std@@2V0locale@2@A ??Bid@locale@std@@QEAA_KXZ |
---|---|
api-ms-win-crt-runtime-l1-1-0.dll |
_initterm_e
_initterm _set_error_mode _c_exit _register_thread_local_exe_atexit_callback |
api-ms-win-crt-time-l1-1-0.dll |
_time64
|
api-ms-win-crt-string-l1-1-0.dll |
wcscmp
wcscspn wcsncmp strncmp memset |
api-ms-win-crt-private-l1-1-0.dll |
_o_iswalnum
_o_malloc _o_memcpy_s _o_pow _o_realloc _o_sqrt _o_terminate _o_toupper _o_wcscpy_s _o_wcsncpy_s _o_wcstol __C_specific_handler _o_free _o__ui64tow_s _o_floor _o_exit memmove _o_ceil _o_bsearch _o__set_new_mode _o__set_fmode _o__set_errno _o__set_app_type _o__seh_filter_exe _o__register_onexit_function _o__recalloc _o__purecall _o__mktime64 _o__wtoi _o__localtime64 _o__wcsnicmp _o__itow_s _o__invalid_parameter_noinfo_noreturn _o__invalid_parameter_noinfo _o__initialize_wide_environment _o__initialize_onexit_table _o__get_wide_winmain_command_line _o__get_errno _o__wcsicmp _o__exit _o__errno _o__difftime64 _o__crt_atexit _o__configure_wide_argv _o__configthreadlocale _o__cexit _o___stdio_common_vswscanf _o___stdio_common_vswprintf _o___stdio_common_vsnwprintf_s _o___stdio_common_vsnprintf_s _o___std_exception_destroy _o___std_exception_copy _o___p__commode wcsstr __std_terminate __CxxFrameHandler3 _CxxThrowException memcmp memcpy |
TWINAPI.dll |
#9
|
api-ms-win-core-job-l2-1-0.dll |
AssignProcessToJobObject
SetInformationJobObject QueryInformationJobObject CreateJobObjectW |
api-ms-win-core-url-l1-1-0.dll |
PathIsURLW
UrlUnescapeW HashData |
api-ms-win-core-kernel32-private-l1-1-0.dll |
CheckElevationEnabled
|
api-ms-win-core-registryuserspecific-l1-1-0.dll |
SHRegGetUSValueW
SHRegGetBoolUSValueW |
api-ms-win-core-com-private-l1-1-0.dll |
CoRegisterMessageFilter
|
api-ms-win-core-atoms-l1-1-0.dll |
GlobalGetAtomNameW
|
api-ms-win-core-sidebyside-l1-1-0.dll |
DeactivateActCtx
ReleaseActCtx ActivateActCtx CreateActCtxW |
ntdll.dll |
RtlUpcaseUnicodeString
RtlCopyUnicodeString RtlRunOnceExecuteOnce RtlUpcaseUnicodeChar RtlGetNativeSystemInformation ZwQueryDirectoryFile RtlpEnsureBufferSize RtlNtPathNameToDosPathName ZwOpenFile ZwEnumerateKey RtlInitUnicodeStringEx RtlAppendUnicodeStringToString ZwCreateFile ZwQueryInformationFile ZwCreateSection ZwQueryInformationProcess ZwSetInformationProcess RtlxAnsiStringToUnicodeSize RtlAnsiStringToUnicodeString ZwUnmapViewOfSection ZwMapViewOfSection LdrResSearchResource RtlVerifyVersionInfo RtlImageDirectoryEntryToData RtlIsStateSeparationEnabled RtlAcquireSRWLockExclusive RtlAcquireSRWLockShared RtlReleaseSRWLockShared RtlReleaseSRWLockExclusive RtlAppendUnicodeToString RtlAllocateHeap RtlReAllocateHeap RtlGetVersion wcsspn wcsrchr NtOpenThreadToken NtClose NtQueryInformationToken NtOpenProcessToken RtlCompareUnicodeString wcschr strchr RtlVirtualUnwind RtlLookupFunctionEntry RtlFreeHeap RtlNtStatusToDosError NtQueryWnfStateData RtlPublishWnfStateData NtSetSystemInformation RtlFlushHeaps RtlUnsubscribeWnfNotificationWaitForCompletion ZwClose RtlSubscribeWnfStateChangeNotification RtlQueryWnfStateData RtlNtStatusToDosErrorNoTeb ZwQuerySystemInformation RtlFreeUnicodeString RtlCaptureContext RtlGetDeviceFamilyInfoEnum NtSetThreadExecutionState NtSetInformationProcess NtQueryInformationProcess VerSetConditionMask RtlQueryResourcePolicy WinSqmSetDWORD WinSqmIsOptedIn WinSqmAddToStreamEx RtlDosPathNameToNtPathName_U_WithStatus RtlIsMultiUsersInSessionSku RtlIsMultiSessionSku RtlInitString ZwOpenKey ZwQueryValueKey RtlInitUnicodeString RtlFormatCurrentUserKeyPath |
api-ms-win-core-libraryloader-l1-2-0.dll |
GetModuleHandleW
GetProcAddress GetModuleHandleExW SizeofResource FreeLibrary LoadStringW GetModuleHandleA LoadLibraryExW FindStringOrdinal LockResource LoadResource FindResourceExW GetModuleFileNameW GetModuleFileNameA |
api-ms-win-core-synch-l1-2-0.dll |
InitOnceBeginInitialize
InitOnceComplete InitOnceExecuteOnce Sleep |
api-ms-win-core-synch-l1-1-0.dll |
WaitForSingleObject
ReleaseSemaphore ReleaseSRWLockShared CreateMutexW CreateMutexExW AcquireSRWLockShared EnterCriticalSection OpenSemaphoreW InitializeCriticalSectionAndSpinCount LeaveCriticalSection InitializeCriticalSectionEx WaitForMultipleObjectsEx SetEvent WaitForSingleObjectEx DeleteCriticalSection ReleaseSRWLockExclusive ResetEvent InitializeSRWLock TryEnterCriticalSection CreateEventExW CreateSemaphoreExW ReleaseMutex SleepEx OpenMutexW OpenEventW AcquireSRWLockExclusive InitializeCriticalSection CreateEventW |
api-ms-win-core-heap-l1-1-0.dll |
HeapFree
GetProcessHeap HeapAlloc |
api-ms-win-core-errorhandling-l1-1-0.dll |
SetErrorMode
RaiseException SetUnhandledExceptionFilter UnhandledExceptionFilter GetLastError SetLastError |
api-ms-win-core-file-l1-1-0.dll |
WriteFile
GetLongPathNameW DeleteFileW FindClose FindNextFileW FindFirstFileW GetFileAttributesW CreateFileW CompareFileTime |
api-ms-win-eventing-provider-l1-1-0.dll |
EventWrite
EventRegister EventSetInformation EventUnregister EventWriteTransfer EventActivityIdControl EventEnabled EventProviderEnabled |
api-ms-win-core-registry-l1-1-0.dll |
RegCloseKey
RegEnumValueW RegEnumKeyExW RegCreateKeyExW RegOpenCurrentUser RegGetValueW RegDeleteTreeW RegQueryValueExW RegDeleteValueW RegSetValueExW RegOpenKeyExW RegDeleteKeyExW RegQueryInfoKeyW |
api-ms-win-core-threadpool-l1-2-0.dll |
CreateThreadpoolWork
CloseThreadpoolWait SubmitThreadpoolWork SetThreadpoolWait CreateThreadpoolWait CreateThreadpoolTimer SetThreadpoolTimer WaitForThreadpoolWaitCallbacks WaitForThreadpoolTimerCallbacks CloseThreadpoolTimer |
api-ms-win-core-processthreads-l1-1-0.dll |
SetThreadPriorityBoost
CreateProcessW QueueUserAPC OpenThread ProcessIdToSessionId GetThreadPriority TerminateProcess SetThreadPriority GetCurrentThreadId GetProcessId GetPriorityClass SetPriorityClass CreateThread OpenProcessToken GetCurrentThread GetStartupInfoW ExitProcess SetProcessShutdownParameters OpenThreadToken GetCurrentProcess GetCurrentProcessId GetExitCodeProcess ResumeThread |
api-ms-win-core-localization-l1-2-0.dll |
GetLocaleInfoW
GetLocaleInfoEx GetUserDefaultLangID GetCalendarInfoW FormatMessageW GetThreadUILanguage |
api-ms-win-core-debug-l1-1-0.dll |
DebugBreak
OutputDebugStringW IsDebuggerPresent |
api-ms-win-core-handle-l1-1-0.dll |
CloseHandle
DuplicateHandle |
OLEAUT32.dll |
#9
#8 #23 #2 #6 #15 #24 #277 #150 #16 |
api-ms-win-shcore-taskpool-l1-1-0.dll |
SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask |
api-ms-win-shcore-sysinfo-l1-1-0.dll |
IsOS
SetCurrentProcessExplicitAppUserModelID |
api-ms-win-core-com-l1-1-0.dll |
CoInitializeSecurity
CoCreateGuid StringFromIID StringFromGUID2 CoRegisterClassObject CoCreateInstance CoRevokeClassObject CoTaskMemFree CLSIDFromString CoReleaseMarshalData CoEnableCallCancellation CoDisableCallCancellation CoTaskMemRealloc CoTaskMemAlloc CoGetMalloc CreateStreamOnHGlobal CoInitializeEx CoUninitialize CoSetProxyBlanket CoGetInterfaceAndReleaseStream PropVariantClear CoWaitForMultipleHandles CoMarshalInterThreadInterfaceInStream CoGetStdMarshalEx CoGetApartmentType CoCreateFreeThreadedMarshaler IIDFromString CoGetCallContext CoFreeUnusedLibraries CoCancelCall |
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll |
StrStrIW
StrRChrW StrCmpW StrCmpICA StrCmpICW StrCmpNICW StrCmpIW StrChrIW StrCmpNIW StrToIntW StrChrW QISearch |
api-ms-win-shcore-obsolete-l1-1-0.dll |
SHStrDupW
CommandLineToArgvW |
api-ms-win-shcore-comhelpers-l1-1-0.dll |
IUnknown_Set
IUnknown_QueryService IUnknown_SetSite IUnknown_GetSite |
api-ms-win-core-heap-l2-1-0.dll |
GlobalAlloc
GlobalFree LocalAlloc LocalFree LocalReAlloc |
api-ms-win-core-processthreads-l1-1-1.dll |
GetProcessMitigationPolicy
IsProcessorFeaturePresent OpenProcess |
api-ms-win-core-datetime-l1-1-0.dll |
GetDateFormatW
|
api-ms-win-core-sysinfo-l1-1-0.dll |
GetSystemTimeAsFileTime
GetTickCount64 GetLocalTime GetSystemTime GetVersionExW GetTickCount GetSystemDirectoryW GetWindowsDirectoryW |
api-ms-win-core-datetime-l1-1-1.dll |
GetTimeFormatEx
GetDateFormatEx |
api-ms-win-core-processenvironment-l1-1-0.dll |
GetCommandLineW
ExpandEnvironmentStringsW GetCurrentDirectoryW SearchPathW |
api-ms-win-core-shlwapi-legacy-l1-1-0.dll |
PathQuoteSpacesW
PathCommonPrefixW SHExpandEnvironmentStringsW PathFileExistsW PathIsFileSpecW PathParseIconLocationW PathFindFileNameW PathRemoveBlanksW PathFindExtensionW PathCombineW PathGetArgsW PathGetDriveNumberW PathRemoveFileSpecW |
api-ms-win-core-winrt-string-l1-1-0.dll |
WindowsCompareStringOrdinal
WindowsSubstringWithSpecifiedLength WindowsCreateStringReference WindowsDeleteString WindowsDuplicateString WindowsGetStringRawBuffer WindowsCreateString |
api-ms-win-shcore-thread-l1-1-0.dll |
SHCreateThreadRef
SHCreateThread SetProcessReference SHSetThreadRef SHGetThreadRef |
api-ms-win-core-string-obsolete-l1-1-0.dll |
lstrlenW
lstrcmpiW |
api-ms-win-core-string-l1-1-0.dll |
CompareStringW
MultiByteToWideChar WideCharToMultiByte CompareStringOrdinal |
api-ms-win-shcore-registry-l1-1-0.dll |
SHDeleteKeyW
SHRegGetValueW SHQueryInfoKeyW SHDeleteValueW SHSetValueW SHGetValueW SHEnumKeyExW |
api-ms-win-security-base-l1-1-0.dll |
IsValidSid
GetLengthSid InitializeAcl GetAce GetAclInformation MakeAbsoluteSD DeleteAce DuplicateToken CheckTokenMembership CreateWellKnownSid EqualSid AddAce SetKernelObjectSecurity CopySid GetTokenInformation |
api-ms-win-eventing-classicprovider-l1-1-0.dll |
UnregisterTraceGuids
RegisterTraceGuidsW TraceMessage GetTraceLoggerHandle GetTraceEnableFlags GetTraceEnableLevel |
api-ms-win-core-localization-obsolete-l1-2-0.dll |
GetUserDefaultUILanguage
|
api-ms-win-core-libraryloader-l1-2-1.dll |
LoadLibraryW
FindResourceW |
api-ms-win-core-string-l2-1-1.dll |
SHLoadIndirectString
|
api-ms-win-core-registry-l1-1-1.dll |
RegSetKeyValueW
|
api-ms-win-core-winrt-l1-1-0.dll |
RoGetActivationFactory
RoActivateInstance RoUninitialize RoInitialize |
api-ms-win-core-com-l1-1-1.dll |
RoGetAgileReference
|
api-ms-win-core-winrt-error-l1-1-0.dll |
RoOriginateError
SetRestrictedErrorInfo |
api-ms-win-core-winrt-error-l1-1-1.dll |
RoGetMatchingRestrictedErrorInfo
|
api-ms-win-core-path-l1-1-0.dll |
PathCchAddExtension
PathCchCombine PathCchAppend PathCchRemoveFileSpec PathAllocCombine |
api-ms-win-shcore-unicodeansi-l1-1-0.dll |
SHAnsiToUnicode
|
api-ms-win-core-heap-obsolete-l1-1-0.dll |
GlobalLock
GlobalUnlock |
api-ms-win-core-processthreads-l1-1-3.dll |
SetProcessInformation
|
api-ms-win-core-memory-l1-1-0.dll |
OpenFileMappingW
MapViewOfFile VirtualProtect VirtualFree CreateFileMappingW VirtualAlloc UnmapViewOfFile |
api-ms-win-core-largeinteger-l1-1-0.dll |
MulDiv
|
api-ms-win-shcore-stream-l1-1-0.dll |
SHCreateMemStream
IStream_Read SHOpenRegStream2W SHCreateStreamOnFileW IStream_Write SHCreateStreamOnFileEx IStream_Reset |
api-ms-win-core-file-l1-2-0.dll |
GetTempPathW
|
api-ms-win-core-psapi-l1-1-0.dll |
QueryFullProcessImageNameW
|
api-ms-win-shcore-path-l1-1-0.dll |
#170
|
api-ms-win-core-threadpool-legacy-l1-1-0.dll |
ChangeTimerQueueTimer
DeleteTimerQueueTimer CreateTimerQueueTimer UnregisterWaitEx |
api-ms-win-core-timezone-l1-1-0.dll |
GetDynamicTimeZoneInformation
GetTimeZoneInformation FileTimeToSystemTime SystemTimeToTzSpecificLocalTime SystemTimeToFileTime |
api-ms-win-core-kernel32-legacy-l1-1-0.dll |
GetSystemPowerStatus
RegisterWaitForSingleObject GetComputerNameW |
api-ms-win-core-profile-l1-1-0.dll |
QueryPerformanceCounter
|
api-ms-win-core-interlocked-l1-1-0.dll |
InitializeSListHead
|
api-ms-win-stateseparation-helpers-l1-1-0.dll |
GetPersistedRegistryLocationW
|
api-ms-win-security-lsalookup-l2-1-0.dll |
LookupAccountNameW
|
api-ms-win-shcore-registry-l1-1-1.dll |
SHRegGetValueFromHKCUHKLM
|
api-ms-win-shcore-scaling-l1-1-1.dll |
#244
GetDpiForMonitor |
api-ms-win-core-sysinfo-l1-2-0.dll |
GetOsSafeBootMode
GetProductInfo |
api-ms-win-core-errorhandling-l1-1-2.dll |
RaiseFailFastException
|
api-ms-win-core-string-l2-1-0.dll |
CharLowerBuffW
CharNextW |
api-ms-win-core-stringansi-l1-1-0.dll |
CharNextA
|
api-ms-win-power-base-l1-1-0.dll |
PowerDeterminePlatformRoleEx
CallNtPowerInformation GetPwrCapabilities |
api-ms-win-core-apiquery-l1-1-0.dll |
ApiSetQueryApiSetPresence
|
api-ms-win-shlwapi-winrt-storage-l1-1-1.dll |
ShellMessageBoxW
#279 #165 #481 #479 #478 SHIsChildOrSelf StrRetToStrW AssocQueryStringW SHPinDllOfCLSID #509 SHCreateWorkerWindowW #635 IUnknown_GetWindow StrRetToBufW PathRemoveArgsW #292 #197 #544 |
api-ms-win-ntuser-sysparams-l1-1-0.dll |
SystemParametersInfoW
EnumDisplayDevicesW EnumDisplayMonitors GetMonitorInfoW GetSystemMetrics |
api-ms-win-ntuser-rectangle-l1-1-0.dll |
PtInRect
IntersectRect OffsetRect IsRectEmpty EqualRect SetRect CopyRect InflateRect UnionRect SubtractRect SetRectEmpty |
api-ms-win-rtcore-ntuser-winevent-l1-1-0.dll |
UnhookWinEvent
SetWinEventHook NotifyWinEvent |
api-ms-win-shell-namespace-l1-1-0.dll |
SHBindToObject
ILIsEqual SHGetNameFromIDList SHCreateItemFromParsingName ILRemoveLastID ILGetSize SHBindToParent SHCreateItemFromIDList SHBindToFolderIDListParent ILFindLastID ILFree ILCloneFirst SHParseDisplayName ILClone ILCombine SHGetIDListFromObject ILIsParent |
dxgi.dll |
DXGIDeclareAdapterRemovalSupport
|
api-ms-win-rtcore-ntuser-wmpointer-l1-1-0.dll |
GetPointerType
GetPointerInfo EnableMouseInPointer GetPointerDevices GetCurrentInputMessageSource |
api-ms-win-storage-exports-internal-l1-1-0.dll |
GetThreadFlags
SHGetFolderPathEx SHGetKnownFolderIDList SetThreadFlags |
api-ms-win-rtcore-ntuser-synch-l1-1-0.dll |
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx |
api-ms-win-appmodel-runtime-l1-1-0.dll |
GetPackagesByPackageFamily
GetPackageFullName |
api-ms-win-rtcore-ntuser-wmpointer-l1-1-2.dll |
SetWindowFeedbackSetting
|
api-ms-win-rtcore-ntuser-clipboard-l1-1-0.dll |
RegisterClipboardFormatW
|
api-ms-win-rtcore-ntuser-private-l1-1-0.dll |
GetWindowBand
CreateWindowInBand |
api-ms-win-rtcore-ntuser-powermanagement-l1-1-0.dll |
UnregisterPowerSettingNotification
RegisterPowerSettingNotification |
PROPSYS.dll |
InitVariantFromGUIDAsString
PSCreateMemoryPropertyStore PropVariantToBoolean PSPropertyBag_WriteDWORD InitVariantFromResource PSPropertyBag_WriteStr PropVariantToUInt32 PSGetPropertyFromPropertyStorage PropVariantToStringAlloc |
api-ms-win-mm-playsound-l1-1-0.dll |
PlaySoundW
|
api-ms-win-shell-changenotify-l1-1-0.dll |
SHChangeNotify
|
api-ms-win-shell-dataobject-l1-1-0.dll |
SHCreateDataObject
|
api-ms-win-appmodel-runtime-l1-1-1.dll |
ParseApplicationUserModelId
FindPackagesByPackageFamily GetStagedPackagePathByFullName |
GDI32.dll |
DeleteDC
StretchBlt ExcludeClipRect SetStretchBltMode Rectangle GetCurrentObject SelectClipRgn GetDeviceCaps CreateRectRgn SetRectRgn OffsetRgn CombineRgn DeleteObject GetObjectW CreateCompatibleDC SelectObject GetClipBox CreateFontIndirectW SetTextColor SetTextAlign GetTextMetricsW ExtTextOutW GetStockObject GetTextExtentPoint32W CreateRectRgnIndirect GetGlyphOutlineW GetOutlineTextMetricsW GetClipRgn |
KERNEL32.dll |
RegisterApplicationRestart
IsBadWritePtr |
WININET.dll |
InternetCrackUrlW
|
SHCORE.dll |
#142
#200 #184 #186 #187 #123 #190 #121 #174 #109 #126 #213 #183 #192 #1 SHUnicodeToAnsi #162 |
SHELL32.dll |
#89
#200 #245 ShellExecuteExW #899 #188 #201 #206 SHCreateItemInKnownFolder #67 DragQueryFileW SHChangeNotifyRegisterThread #733 #753 #644 #645 SHGetPathFromIDListW #4 SHFileOperationW #711 #2 SHUpdateRecycleBinIcon #60 SHAddToRecentDocs #896 #61 SHEnableServiceObject #54 #254 #137 #134 #22 #850 #95 #885 #723 #91 #680 #172 #85 #100 #190 DuplicateIcon Shell_NotifyIconGetRect SHGetStockIconInfo #132 ExtractIconExW #244 #181 #6 #866 #764 SHEvaluateSystemCommandTemplate SHGetLocalizedName ShellExecuteW #895 #743 #907 #43 Shell_GetCachedImageIndexW #790 #792 #727 #162 SHAppBarMessage #894 SHGetPropertyStoreForWindow #193 #906 Shell_NotifyIconW |
SHLWAPI.dll |
PathIsDirectoryW
#413 #548 #163 #164 ChrCmpIW PathIsRelativeW AssocCreate AssocQueryKeyW #467 |
UxTheme.dll |
CloseThemeData
GetThemeFont BufferedPaintInit BeginBufferedPaint DrawThemeBackground DrawThemeParentBackground GetThemeBackgroundExtent GetThemeBool OpenThemeData EndBufferedPaint OpenThemeDataForDpi BufferedPaintUnInit DrawThemeTextEx IsThemeActive GetWindowTheme GetThemeMargins SetWindowTheme GetThemeMetric IsCompositionActive #138 BufferedPaintSetAlpha #126 GetThemePartSize #86 IsAppThemed GetBufferedPaintBits GetThemeColor GetThemeInt |
dwmapi.dll |
DwmEnableBlurBehindWindow
DwmSetWindowAttribute DwmIsCompositionEnabled DwmRegisterThumbnail #139 #113 #141 #140 DwmGetWindowAttribute #159 DwmQueryThumbnailSourceSize #124 DwmUpdateThumbnailProperties DwmUnregisterThumbnail #114 #138 |
USER32.dll |
GetMenuItemInfoW
GetMenuItemCount CreateIconIndirect GetSubMenu LoadMenuW DrawTextW FillRect DeleteMenu TrackPopupMenuEx SetMenuDefaultItem AdjustWindowRectEx GetDC ReleaseDC MonitorFromWindow CreatePopupMenu GetMenuDefaultItem DestroyMenu LoadCursorW SetCursor SetMenuItemInfoW DefWindowProcA IsWindowUnicode LoadAcceleratorsW ChangeWindowMessageFilterEx TranslateAcceleratorW #2611 MonitorFromRect GetWindowPlacement GetGuiResources IsHungAppWindow #2574 SwitchToThisWindow GetLastActivePopup UnregisterHotKey RegisterHotKey SendDlgItemMessageW ModifyMenuW GetSystemMenu GetSysColorBrush GhostWindowFromHungWindow GetIconInfoExW GetIconInfo GetClassWord GetClassLongW UnregisterClassA PostThreadMessageW MonitorFromPoint ReplyMessage EndDialog ExitWindowsEx GetKeyState IsIconic LoadIconW HungWindowFromGhostWindow GetPhysicalCursorPos GetCursorInfo ShowWindowAsync InsertMenuW BringWindowToTop #2573 EndTask IsTopLevelWindow GetMenuState IsZoomed SetScrollInfo GetScrollInfo SetScrollPos GetMenuStringW InternalGetWindowText GetLayeredWindowAttributes SetLayeredWindowAttributes DrawTextExW IsProcessDPIAware SetThreadDpiAwarenessContext GetWindowCompositionAttribute GetWindowProcessHandle GetClassLongPtrW UpdateLayeredWindow #2521 UnregisterClassW #2522 GetMenuInfo SetMenuInfo SetWindowPlacement CascadeWindows TileWindows LockWorkStation InjectMouseInput MapVirtualKeyExW InjectKeyboardInput GetCaretBlinkTime GetSysColor CopyImage DestroyIcon DrawIconEx GetSystemMetricsForDpi #2005 TrackMouseEvent SetCapture GetCapture ReleaseCapture GetDoubleClickTime CalculatePopupWindowPosition GetAsyncKeyState CopyIcon GetLastInputInfo AdjustWindowRect GetDpiForWindow SetWindowCompositionAttribute SetGestureConfig LoadImageW GetDpiForSystem CheckMenuItem EnableMenuItem GetWindowDpiAwarenessContext AreDpiAwarenessContextsEqual CharLowerW IsCharAlphaNumericW RemoveMenu |
SspiCli.dll |
LsaDeregisterLogonProcess
LsaConnectUntrusted LsaFreeReturnBuffer LsaLookupAuthenticationPackage LsaCallAuthenticationPackage GetUserNameExW |
api-ms-win-security-lsalookup-l1-1-2.dll |
LsaLookupUserAccountType
|
api-ms-win-core-delayload-l1-1-1.dll |
ResolveDelayLoadedAPI
|
api-ms-win-core-delayload-l1-1-0.dll |
DelayLoadFailureHook
|
USERENV.dll |
DeriveAppContainerSidFromAppContainerName
GetProfileType |
api-ms-win-core-kernel32-legacy-l1-1-1.dll |
VerifyVersionInfoW
PowerCreateRequest PowerSetRequest |
api-ms-win-security-isolatedcontainer-l1-1-1.dll |
IsProcessInWDAGContainer
|
api-ms-win-core-file-l2-1-2.dll |
CopyFileW
|
api-ms-win-service-management-l2-1-0.dll |
NotifyServiceStatusChangeW
QueryServiceConfigW |
api-ms-win-core-localization-l1-2-3.dll |
GetUserDefaultGeoName
|
api-ms-win-core-kernel32-legacy-l1-1-2.dll |
SetTermsrvAppInstallMode
|
api-ms-win-core-io-l1-1-0.dll |
CreateIoCompletionPort
GetQueuedCompletionStatus |
api-ms-win-shell-shdirectory-l1-1-0.dll |
#292
|
api-ms-win-eventing-controller-l1-1-0.dll |
StartTraceW
StopTraceW EnableTraceEx2 |
RPCRT4.dll |
NdrClientCall3
RpcBindingFree RpcStringFreeW RpcBindingSetAuthInfoExW I_RpcExceptionFilter RpcStringBindingComposeW RpcBindingFromStringBindingW UuidFromStringW |
api-ms-win-core-biptcltapi-l1-1-7.dll |
BiPtAssociateApplicationEntryPoint
BiPtEnumerateWorkItemsForPackageName BiPtQueryWorkItem BiPtFreeMemory |
WTSAPI32.dll |
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification |
api-ms-win-security-lsalookup-l1-1-1.dll |
EnumerateIdentityProviders
GetDefaultIdentityProvider ReleaseIdentityProviderEnumContext GetIdentityProviderInfoByGUID |
api-ms-win-crt-math-l1-1-0.dll |
floorf
ceilf |
SndVolSSO.DLL (delay-loaded) |
#3
#2 #4 #1 |
Attributes | 0x1 |
---|---|
Name | SndVolSSO.DLL |
ModuleHandle | 0x2fcdb0 |
DelayImportAddressTable | 0x31c120 |
DelayImportNameTable | 0x2eece0 |
BoundDelayImportTable | 0x2f04d0 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 10.0.18362.267 |
ProductVersion | 10.0.18362.267 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | Windows Explorer |
FileVersion (#2) | 10.0.18362.267 (WinBuild.160101.0800) |
InternalName | explorer |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | EXPLORER.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion (#2) | 10.0.18362.267 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 1990-Feb-17 16:49:49 |
Version | 0.0 |
SizeofData | 37 |
AddressOfRawData | 0x2c2d20 |
PointerToRawData | 0x2c0320 |
Referenced File | explorer.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 1990-Feb-17 16:49:49 |
Version | 0.0 |
SizeofData | 1872 |
AddressOfRawData | 0x2c2d48 |
PointerToRawData | 0x2c0348 |
Characteristics |
0
|
---|---|
TimeDateStamp | 1990-Feb-17 16:49:49 |
Version | 0.0 |
SizeofData | 36 |
AddressOfRawData | 0x2c3498 |
PointerToRawData | 0x2c0a98 |
StartAddressOfRawData | 0x1402c34e0 |
---|---|
EndAddressOfRawData | 0x1402c34e8 |
AddressOfIndex | 0x1402fcda8 |
AddressOfCallbacks | 0x14027ab58 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x108 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1402fb3b8 |
GuardCFCheckFunctionPointer | 5371308512 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0xc96aec9f |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 252 |
C objects (26715) | 31 |
ASM objects (26715) | 3 |
C++ objects (26715) | 33 |
Total imports | 2435 |
Imports (26715) | 29 |
270 (26715) | 350 |
253 (26715) | 1 |
Resource objects (26715) | 1 |
Linker (26715) | 1 |