Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2086-Oct-07 09:29:37 |
Detected languages |
English - United States
|
Debug artifacts |
explorer.pdb
|
CompanyName | Microsoft Corporation |
FileDescription | Windows Explorer |
FileVersion | 10.0.19041.1202 (WinBuild.160101.0800) |
InternalName | explorer |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | EXPLORER.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 10.0.19041.1202 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 |
Suspicious | The PE is possibly packed. |
Unusual section name found: .imrsiv
Unusual section name found: .didat |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Microsoft Windows
Issuer: Microsoft Windows Production PCA 2011 |
Safe | VirusTotal score: 0/66 (Scanned on 2021-09-20 15:23:08) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 8 |
TimeDateStamp | 2086-Oct-07 09:29:37 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x281200 |
SizeOfInitializedData | 0x216200 |
SizeOfUninitializedData | 0x200 |
AddressOfEntryPoint | 0x00000000000A05A0 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | A.0 |
ImageVersion | A.0 |
SubsystemVersion | A.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x49d000 |
SizeOfHeaders | 0x400 |
Checksum | 0x4a2cc5 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x80000 |
SizeofStackCommit | 0xe000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
msvcp_win.dll |
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z ?__ExceptionPtrDestroy@@YAXPEAX@Z ?__ExceptionPtrCopy@@YAXPEAXPEBX@Z ?__ExceptionPtrCurrentException@@YAXPEAX@Z ?__ExceptionPtrCreate@@YAXPEAX@Z ?__ExceptionPtrRethrow@@YAXPEBX@Z ?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z _Thrd_detach ?_Throw_C_error@std@@YAXH@Z ?_Throw_Cpp_error@std@@YAXH@Z _Thrd_join _Thrd_id _Cnd_do_broadcast_at_thread_exit ?_Xlength_error@std@@YAXPEBD@Z ??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z ?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z ?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ ?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z ?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ ?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z ?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z ?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z ?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z ?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ ?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ ?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z ?_Xbad_alloc@std@@YAXXZ ?tolower@?$ctype@G@std@@QEBAGG@Z ?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z ?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ _Wcscoll ?_Xbad_function_call@std@@YAXXZ ?id@?$collate@G@std@@2V0locale@2@A ??Bid@locale@std@@QEAA_KXZ ?id@?$ctype@G@std@@2V0locale@2@A ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ ??0facet@locale@std@@IEAA@_K@Z ??1facet@locale@std@@MEAA@XZ ??0_Lockit@std@@QEAA@H@Z ??0_Locinfo@std@@QEAA@PEBD@Z ?c_str@?$_Yarn@D@std@@QEBAPEBDXZ ??1_Lockit@std@@QEAA@XZ ??1_Locinfo@std@@QEAA@XZ ?is@?$ctype@G@std@@QEBA_NFG@Z ?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z ?_Incref@facet@locale@std@@UEAAXXZ ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ ??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ ?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z ?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ ??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ ??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ ?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ ?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ ?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ ?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ ?uncaught_exception@std@@YA_NXZ ?good@ios_base@std@@QEBA_NXZ ?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ ?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ ?width@ios_base@std@@QEBA_JXZ ?flags@ios_base@std@@QEBAHXZ ?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ ?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z ?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ ?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ ?width@ios_base@std@@QEAA_J_J@Z ?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z _Mtx_init_in_situ _Mtx_destroy_in_situ _Mtx_unlock _Mtx_lock _Xtime_get_ticks _Wcsxfrm |
---|---|
api-ms-win-crt-runtime-l1-1-0.dll |
_initterm_e
_register_thread_local_exe_atexit_callback _c_exit _set_error_mode _initterm |
api-ms-win-crt-time-l1-1-0.dll |
_time64
|
api-ms-win-crt-string-l1-1-0.dll |
memset
strncmp wcscspn wcsncmp wcscmp |
api-ms-win-crt-private-l1-1-0.dll |
_o_iswalnum
_o_iswspace _o_malloc _o_memcpy_s _o_pow _o_realloc _o_sqrt _o_terminate _o_toupper _o_towlower _o_wcscat_s _o_wcscpy_s _o_wcsncpy_s _o_wcstol __C_specific_handler __CxxFrameHandler3 _o__wtoi memmove _o_free _o__set_new_mode _o__set_fmode _o__set_errno _o__set_app_type _o__seh_filter_exe _o__register_onexit_function _o__recalloc _o__purecall _o__mktime64 _o_floor _o_exit _o_ceil _o__wcsnicmp _o_bsearch _o__wcsicmp _o__localtime64 _o__itow_s _o__invalid_parameter_noinfo_noreturn _o__invalid_parameter_noinfo _o__initialize_wide_environment _o__initialize_onexit_table _o__get_wide_winmain_command_line _o__get_errno _o__exit _o__errno _o__difftime64 _o__crt_atexit _o__configure_wide_argv _o__configthreadlocale _o__cexit _o__beginthreadex _o___stdio_common_vswscanf _o___stdio_common_vswprintf _o___stdio_common_vsnwprintf_s _o___stdio_common_vsnprintf_s _o___std_exception_destroy _o___std_exception_copy _o___p__commode wcsstr __std_terminate __CxxFrameHandler4 _CxxThrowException memcmp memcpy |
AEPIC.dll |
PicFreeFileInfo
PicRetrieveFileInfo |
TWINAPI.dll |
#9
|
api-ms-win-core-job-l2-1-0.dll |
AssignProcessToJobObject
CreateJobObjectW QueryInformationJobObject SetInformationJobObject |
api-ms-win-core-windowserrorreporting-l1-1-3.dll |
RegisterApplicationRestart
|
api-ms-win-core-url-l1-1-0.dll |
UrlUnescapeW
HashData PathIsURLW |
api-ms-win-core-kernel32-private-l1-1-0.dll |
CheckElevationEnabled
CheckElevation |
api-ms-win-core-registryuserspecific-l1-1-0.dll |
SHRegGetBoolUSValueW
SHRegGetUSValueW |
api-ms-win-core-com-private-l1-1-0.dll |
CoRegisterMessageFilter
|
api-ms-win-core-atoms-l1-1-0.dll |
GlobalGetAtomNameW
|
api-ms-win-core-sidebyside-l1-1-0.dll |
ActivateActCtx
DeactivateActCtx CreateActCtxW ReleaseActCtx |
ntdll.dll |
RtlInitString
RtlGetVersion ZwQuerySystemInformation RtlInitUnicodeString RtlUpcaseUnicodeChar RtlGetNativeSystemInformation ZwQueryDirectoryFile RtlpEnsureBufferSize RtlNtPathNameToDosPathName ZwOpenFile ZwEnumerateKey RtlInitUnicodeStringEx RtlFormatCurrentUserKeyPath ZwCreateFile ZwQueryInformationFile ZwCreateSection ZwQueryInformationProcess ZwSetInformationProcess RtlxAnsiStringToUnicodeSize RtlAnsiStringToUnicodeString ZwUnmapViewOfSection ZwMapViewOfSection LdrResSearchResource RtlVerifyVersionInfo RtlImageDirectoryEntryToData RtlReleaseSRWLockShared RtlAcquireSRWLockShared RtlReleaseSRWLockExclusive RtlAcquireSRWLockExclusive wcsspn NtOpenThreadToken NtClose NtQueryInformationToken NtOpenProcessToken RtlCompareUnicodeString RtlFreeHeap RtlAllocateHeap wcschr wcsrchr strchr RtlVirtualUnwind RtlLookupFunctionEntry RtlNtStatusToDosError ZwQueryValueKey RtlPublishWnfStateData NtSetSystemInformation RtlFlushHeaps NtQueryWnfStateData RtlSubscribeWnfStateChangeNotification RtlUnsubscribeWnfNotificationWaitForCompletion ZwOpenKey RtlQueryWnfStateData RtlCaptureContext RtlGetDeviceFamilyInfoEnum NtSetInformationProcess NtQueryInformationProcess ZwClose RtlReAllocateHeap RtlAppendUnicodeToString RtlAppendUnicodeStringToString RtlRunOnceExecuteOnce RtlCopyUnicodeString RtlUpcaseUnicodeString RtlIsStateSeparationEnabled RtlDosPathNameToNtPathName_U_WithStatus RtlNtStatusToDosErrorNoTeb RtlFreeUnicodeString NtSetThreadExecutionState VerSetConditionMask RtlQueryResourcePolicy WinSqmSetDWORD WinSqmIsOptedIn WinSqmAddToStreamEx |
api-ms-win-core-libraryloader-l1-2-0.dll |
GetModuleFileNameW
LoadResource LoadLibraryExW FindStringOrdinal GetProcAddress GetModuleHandleA FindResourceExW LoadStringW GetModuleHandleExW GetModuleHandleW LockResource FreeLibrary GetModuleFileNameA SizeofResource |
api-ms-win-core-synch-l1-2-0.dll |
InitOnceExecuteOnce
InitOnceComplete Sleep InitOnceBeginInitialize |
api-ms-win-core-synch-l1-1-0.dll |
CreateMutexW
OpenMutexW TryEnterCriticalSection TryAcquireSRWLockExclusive SleepEx WaitForMultipleObjectsEx InitializeSRWLock DeleteCriticalSection AcquireSRWLockShared CreateMutexExW ReleaseSRWLockShared OpenSemaphoreW WaitForSingleObjectEx AcquireSRWLockExclusive ReleaseSRWLockExclusive ReleaseMutex WaitForSingleObject InitializeCriticalSectionEx LeaveCriticalSection ResetEvent ReleaseSemaphore EnterCriticalSection CreateSemaphoreExW InitializeCriticalSectionAndSpinCount InitializeCriticalSection OpenEventW SetEvent CreateEventExW CreateEventW |
api-ms-win-core-heap-l1-1-0.dll |
HeapAlloc
GetProcessHeap HeapFree |
api-ms-win-core-errorhandling-l1-1-0.dll |
SetLastError
SetUnhandledExceptionFilter GetLastError RaiseException SetErrorMode UnhandledExceptionFilter |
api-ms-win-core-file-l1-1-0.dll |
FindClose
FindNextFileW FindFirstFileW CompareFileTime GetFileAttributesW GetLongPathNameW CreateFileW WriteFile DeleteFileW |
api-ms-win-eventing-provider-l1-1-0.dll |
EventRegister
EventActivityIdControl EventSetInformation EventEnabled EventWriteTransfer EventUnregister EventProviderEnabled EventWrite |
api-ms-win-core-registry-l1-1-0.dll |
RegQueryValueExW
RegOpenKeyExW RegCreateKeyExW RegCloseKey RegDeleteTreeW RegNotifyChangeKeyValue RegOpenCurrentUser RegEnumKeyExW RegSetValueExW RegGetValueW RegDeleteValueW RegEnumValueW RegQueryInfoKeyW RegDeleteKeyExW |
api-ms-win-core-threadpool-l1-2-0.dll |
WaitForThreadpoolWaitCallbacks
TrySubmitThreadpoolCallback CreateThreadpoolTimer SubmitThreadpoolWork SetThreadpoolTimer CloseThreadpoolTimer SetThreadpoolWait CloseThreadpoolWait CreateThreadpoolWait WaitForThreadpoolTimerCallbacks CreateThreadpoolWork |
api-ms-win-core-processthreads-l1-1-0.dll |
SetPriorityClass
ResumeThread TerminateProcess GetProcessId GetExitCodeProcess GetCurrentProcessId GetThreadPriority GetCurrentProcess OpenThreadToken GetCurrentThread OpenProcessToken OpenThread ProcessIdToSessionId QueueUserAPC SetThreadPriorityBoost CreateProcessW SetThreadPriority CreateThread GetCurrentThreadId GetStartupInfoW ExitProcess SetProcessShutdownParameters GetPriorityClass |
api-ms-win-core-localization-l1-2-0.dll |
GetUserDefaultLocaleName
GetThreadUILanguage GetLocaleInfoEx GetCalendarInfoW GetUserDefaultLangID FormatMessageW GetLocaleInfoW |
api-ms-win-core-debug-l1-1-0.dll |
DebugBreak
IsDebuggerPresent OutputDebugStringW |
api-ms-win-core-handle-l1-1-0.dll |
DuplicateHandle
CloseHandle |
OLEAUT32.dll |
SafeArrayDestroy
SafeArrayAccessData SafeArrayUnaccessData SafeArrayCreate VarUI4FromStr SysAllocStringByteLen VariantClear SysAllocString SysFreeString SysStringLen VariantInit |
api-ms-win-shcore-taskpool-l1-1-0.dll |
SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask |
api-ms-win-shcore-sysinfo-l1-1-0.dll |
SetCurrentProcessExplicitAppUserModelID
IsOS |
api-ms-win-core-com-l1-1-0.dll |
CoWaitForMultipleHandles
CreateStreamOnHGlobal CoGetStdMarshalEx CoGetApartmentType CoCreateInstance CoDisableCallCancellation CoCreateFreeThreadedMarshaler StringFromIID CoInitializeSecurity CoSetProxyBlanket CoFreeUnusedLibraries IIDFromString StringFromGUID2 CoCancelCall CoCreateGuid CoRegisterClassObject CoEnableCallCancellation CoIncrementMTAUsage CoGetObjectContext CoRevokeClassObject PropVariantClear CLSIDFromString CoTaskMemFree CoReleaseMarshalData CoGetInterfaceAndReleaseStream CoMarshalInterThreadInterfaceInStream CoTaskMemRealloc CoGetCallContext CoTaskMemAlloc CoGetMalloc CoUninitialize CoInitializeEx |
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll |
StrCmpNIW
StrRChrW StrStrIW StrCmpNICW StrCmpIW StrChrW StrCmpW StrChrIW StrToIntW StrCmpICW QISearch StrCmpICA |
api-ms-win-shcore-obsolete-l1-1-0.dll |
SHStrDupW
CommandLineToArgvW |
api-ms-win-shcore-comhelpers-l1-1-0.dll |
IUnknown_GetSite
IUnknown_Set IUnknown_SetSite IUnknown_QueryService |
api-ms-win-core-heap-l2-1-0.dll |
LocalFree
GlobalAlloc LocalReAlloc LocalAlloc GlobalFree |
api-ms-win-core-processthreads-l1-1-1.dll |
GetProcessMitigationPolicy
OpenProcess IsProcessorFeaturePresent |
api-ms-win-core-datetime-l1-1-0.dll |
GetDateFormatW
|
api-ms-win-core-sysinfo-l1-1-0.dll |
GetLocalTime
GetSystemTimeAsFileTime GetTickCount GetSystemTime GetSystemDirectoryW GetTickCount64 GetWindowsDirectoryW GetVersionExW |
api-ms-win-core-datetime-l1-1-1.dll |
GetDateFormatEx
GetTimeFormatEx |
api-ms-win-core-processenvironment-l1-1-0.dll |
SearchPathW
GetCommandLineW GetCurrentDirectoryW ExpandEnvironmentStringsW |
api-ms-win-core-shlwapi-legacy-l1-1-0.dll |
PathQuoteSpacesW
PathIsFileSpecW PathRemoveBlanksW PathFileExistsW PathCombineW PathCommonPrefixW PathParseIconLocationW PathGetArgsW PathFindFileNameW PathRemoveFileSpecW SHExpandEnvironmentStringsW PathGetDriveNumberW PathFindExtensionW |
api-ms-win-core-winrt-string-l1-1-0.dll |
WindowsCreateStringReference
WindowsGetStringLen WindowsCompareStringOrdinal WindowsDuplicateString WindowsPreallocateStringBuffer WindowsDeleteString WindowsPromoteStringBuffer WindowsDeleteStringBuffer WindowsSubstringWithSpecifiedLength WindowsGetStringRawBuffer WindowsCreateString |
api-ms-win-core-winrt-l1-1-0.dll |
RoInitialize
RoGetActivationFactory RoUninitialize RoActivateInstance |
api-ms-win-shcore-registry-l1-1-0.dll |
SHGetValueW
SHDeleteKeyW SHRegGetValueW SHQueryInfoKeyW SHSetValueW SHDeleteValueW SHEnumKeyExW |
api-ms-win-core-string-l1-1-0.dll |
CompareStringOrdinal
CompareStringW MultiByteToWideChar WideCharToMultiByte |
api-ms-win-shcore-thread-l1-1-0.dll |
SHCreateThread
SHSetThreadRef SHGetThreadRef SHCreateThreadRef SetProcessReference |
api-ms-win-core-string-obsolete-l1-1-0.dll |
lstrcmpiW
lstrlenW |
api-ms-win-security-base-l1-1-0.dll |
GetLengthSid
IsValidSid GetAclInformation CreateWellKnownSid AddAce GetAce GetTokenInformation MakeAbsoluteSD DuplicateToken InitializeAcl DeleteAce SetKernelObjectSecurity EqualSid CopySid CheckTokenMembership |
api-ms-win-eventing-classicprovider-l1-1-0.dll |
TraceMessage
RegisterTraceGuidsW GetTraceEnableLevel GetTraceEnableFlags GetTraceLoggerHandle UnregisterTraceGuids |
api-ms-win-core-localization-obsolete-l1-2-0.dll |
GetUserDefaultUILanguage
|
api-ms-win-core-libraryloader-l1-2-1.dll |
FindResourceW
LoadLibraryW |
api-ms-win-core-string-l2-1-1.dll |
SHLoadIndirectString
|
api-ms-win-core-errorhandling-l1-1-1.dll |
RemoveVectoredExceptionHandler
|
api-ms-win-core-registry-l1-1-1.dll |
RegDeleteKeyValueW
RegSetKeyValueW |
api-ms-win-core-com-l1-1-1.dll |
RoGetAgileReference
|
api-ms-win-core-winrt-error-l1-1-0.dll |
RoOriginateError
RoTransformError GetRestrictedErrorInfo SetRestrictedErrorInfo RoFailFastWithErrorContext |
api-ms-win-core-winrt-error-l1-1-1.dll |
RoGetMatchingRestrictedErrorInfo
RoOriginateLanguageException |
api-ms-win-core-path-l1-1-0.dll |
PathCchAddExtension
PathCchRemoveFileSpec PathCchCombine PathCchAppend PathAllocCombine |
api-ms-win-shcore-unicodeansi-l1-1-0.dll |
SHAnsiToUnicode
|
api-ms-win-core-heap-obsolete-l1-1-0.dll |
GlobalUnlock
GlobalLock |
api-ms-win-core-processthreads-l1-1-3.dll |
SetThreadDescription
SetProcessInformation |
api-ms-win-core-memory-l1-1-0.dll |
UnmapViewOfFile
CreateFileMappingW VirtualAlloc VirtualFree OpenFileMappingW MapViewOfFile VirtualProtect |
api-ms-win-core-largeinteger-l1-1-0.dll |
MulDiv
|
api-ms-win-shcore-stream-l1-1-0.dll |
IStream_Reset
SHOpenRegStream2W SHCreateStreamOnFileEx SHCreateMemStream IStream_Write SHCreateStreamOnFileW IStream_Read |
api-ms-win-core-file-l1-2-0.dll |
GetTempPathW
|
api-ms-win-core-psapi-l1-1-0.dll |
QueryFullProcessImageNameW
|
api-ms-win-shcore-path-l1-1-0.dll |
#170
|
api-ms-win-core-threadpool-legacy-l1-1-0.dll |
DeleteTimerQueueTimer
UnregisterWaitEx CreateTimerQueueTimer ChangeTimerQueueTimer |
api-ms-win-core-sysinfo-l1-2-0.dll |
GetProductInfo
GetOsSafeBootMode |
api-ms-win-core-localization-l1-2-3.dll |
GetUserDefaultGeoName
|
USERENV.dll |
DeriveAppContainerSidFromAppContainerName
GetProfileType |
api-ms-win-core-timezone-l1-1-0.dll |
GetTimeZoneInformation
GetDynamicTimeZoneInformation SystemTimeToFileTime FileTimeToSystemTime SystemTimeToTzSpecificLocalTime |
api-ms-win-core-kernel32-legacy-l1-1-0.dll |
GetSystemPowerStatus
RegisterWaitForSingleObject GetComputerNameW |
api-ms-win-core-profile-l1-1-0.dll |
QueryPerformanceCounter
|
api-ms-win-core-interlocked-l1-1-0.dll |
InterlockedPushEntrySList
InitializeSListHead |
api-ms-win-stateseparation-helpers-l1-1-0.dll |
GetPersistedRegistryLocationW
|
api-ms-win-security-lsalookup-l2-1-0.dll |
LookupAccountNameW
|
api-ms-win-core-string-l2-1-0.dll |
CharNextW
CharLowerBuffW |
api-ms-win-service-management-l2-1-0.dll |
NotifyServiceStatusChangeW
QueryServiceConfigW |
api-ms-win-core-io-l1-1-0.dll |
CreateIoCompletionPort
GetQueuedCompletionStatus |
api-ms-win-shcore-registry-l1-1-1.dll |
SHRegGetValueFromHKCUHKLM
|
api-ms-win-shcore-scaling-l1-1-1.dll |
#244
GetDpiForMonitor |
api-ms-win-core-errorhandling-l1-1-2.dll |
RaiseFailFastException
|
api-ms-win-core-stringansi-l1-1-0.dll |
CharNextA
|
api-ms-win-power-base-l1-1-0.dll |
GetPwrCapabilities
CallNtPowerInformation PowerDeterminePlatformRoleEx |
api-ms-win-core-apiquery-l1-1-0.dll |
ApiSetQueryApiSetPresence
|
api-ms-win-shlwapi-winrt-storage-l1-1-1.dll |
#544
#197 #292 SHIsChildOrSelf #478 StrRetToStrW #509 SHCreateWorkerWindowW #635 PathRemoveArgsW ShellMessageBoxW #479 #481 StrRetToBufW #165 SHPinDllOfCLSID #279 IUnknown_GetWindow AssocQueryStringW |
api-ms-win-ntuser-sysparams-l1-1-0.dll |
GetDisplayConfigBufferSizes
GetMonitorInfoW QueryDisplayConfig EnumDisplayMonitors SystemParametersInfoW GetSystemMetrics EnumDisplayDevicesW |
api-ms-win-ntuser-rectangle-l1-1-0.dll |
EqualRect
IntersectRect SetRect CopyRect IsRectEmpty PtInRect SetRectEmpty OffsetRect SubtractRect InflateRect UnionRect |
api-ms-win-rtcore-ntuser-winevent-l1-1-0.dll |
SetWinEventHook
UnhookWinEvent NotifyWinEvent |
api-ms-win-shell-namespace-l1-1-0.dll |
SHGetIDListFromObject
SHCreateItemFromParsingName ILClone SHParseDisplayName ILCombine ILCloneFirst ILGetSize ILIsParent ILFree ILRemoveLastID SHBindToParent ILIsEqual SHBindToFolderIDListParent ILFindLastID SHGetNameFromIDList SHBindToObject SHCreateItemFromIDList |
dxgi.dll |
DXGIDeclareAdapterRemovalSupport
|
api-ms-win-rtcore-ntuser-wmpointer-l1-1-0.dll |
GetPointerDevices
GetCurrentInputMessageSource EnableMouseInPointer GetPointerType GetPointerInfo |
api-ms-win-storage-exports-internal-l1-1-0.dll |
GetThreadFlags
SHGetKnownFolderIDList SHGetFolderPathEx SetThreadFlags |
api-ms-win-rtcore-ntuser-synch-l1-1-0.dll |
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects |
api-ms-win-appmodel-runtime-l1-1-0.dll |
GetPackagesByPackageFamily
GetPackageFullName |
api-ms-win-rtcore-ntuser-wmpointer-l1-1-2.dll |
SetWindowFeedbackSetting
|
api-ms-win-rtcore-ntuser-clipboard-l1-1-0.dll |
RegisterClipboardFormatW
|
api-ms-win-rtcore-ntuser-private-l1-1-0.dll |
CreateWindowInBand
GetWindowBand |
api-ms-win-rtcore-ntuser-powermanagement-l1-1-0.dll |
RegisterPowerSettingNotification
UnregisterPowerSettingNotification |
PROPSYS.dll |
InitVariantFromGUIDAsString
PropVariantToStringAlloc PSPropertyBag_WriteDWORD PropVariantToUInt32 PSPropertyBag_WriteStr PropVariantToBoolean PSCreateMemoryPropertyStore PSGetPropertyFromPropertyStorage InitVariantFromResource |
CoreMessaging.dll |
CreateDispatcherQueueController
|
urlmon.dll |
URLOpenBlockingStreamW
|
api-ms-win-shell-changenotify-l1-1-0.dll |
SHChangeNotify
|
api-ms-win-shell-dataobject-l1-1-0.dll |
SHCreateDataObject
|
api-ms-win-appmodel-runtime-l1-1-1.dll |
FindPackagesByPackageFamily
ParseApplicationUserModelId |
WTSAPI32.dll |
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification |
GDI32.dll |
GetClipBox
SelectObject CreateCompatibleDC DeleteDC GetObjectW SetTextColor DeleteObject CombineRgn OffsetRgn SetTextAlign GetTextMetricsW SetRectRgn CreateRectRgn GetDeviceCaps CreateFontIndirectW GetStockObject Rectangle SetStretchBltMode ExcludeClipRect StretchBlt GetTextExtentPoint32W CreateRectRgnIndirect GetGlyphOutlineW GetOutlineTextMetricsW GetClipRgn SelectClipRgn ExtTextOutW GetCurrentObject |
KERNEL32.dll |
IsBadWritePtr
|
RPCRT4.dll |
UuidFromStringW
NdrClientCall3 RpcBindingFree RpcBindingFromStringBindingW RpcStringFreeW RpcBindingSetAuthInfoExW I_RpcExceptionFilter RpcStringBindingComposeW |
WININET.dll |
InternetCrackUrlW
|
SHCORE.dll |
#186
#187 #200 #1 #192 #210 #183 #213 #126 #109 #174 #121 #123 #190 #142 #184 #162 SHUnicodeToAnsi |
SHELL32.dll |
#680
#723 #885 #95 #850 #22 #134 #743 #907 #43 Shell_GetCachedImageIndexW #790 #792 #727 SHAppBarMessage #894 #193 #906 #895 ShellExecuteW SHGetLocalizedName SHGetPropertyStoreForWindow #764 #866 SHEvaluateSystemCommandTemplate #181 #244 ExtractIconExW #132 #137 Shell_NotifyIconW Shell_NotifyIconGetRect #6 SHGetStockIconInfo DuplicateIcon #91 #254 #54 SHEnableServiceObject #61 #896 SHAddToRecentDocs #60 SHUpdateRecycleBinIcon #2 #711 SHFileOperationW #4 SHGetPathFromIDListW #645 #644 #753 #733 SHChangeNotifyRegisterThread DragQueryFileW #67 SHCreateItemInKnownFolder #206 #201 #188 #899 ShellExecuteExW #245 #200 #89 #190 #85 #100 #172 #162 |
SHLWAPI.dll |
#164
PathIsDirectoryW #413 #548 #163 #467 AssocQueryKeyW ChrCmpIW PathIsRelativeW AssocCreate |
UxTheme.dll |
DrawThemeBackground
BeginBufferedPaint GetThemeFont BufferedPaintInit DrawThemeParentBackground EndBufferedPaint DrawThemeTextEx IsCompositionActive GetThemeBackgroundExtent GetThemeBool CloseThemeData OpenThemeData OpenThemeDataForDpi GetThemeMargins #138 BufferedPaintSetAlpha #126 GetThemePartSize IsThemeActive IsAppThemed BufferedPaintUnInit GetBufferedPaintBits GetThemeInt GetThemeColor GetThemeMetric SetWindowTheme GetWindowTheme #86 |
dwmapi.dll |
#139
#138 DwmRegisterThumbnail #141 #140 DwmGetWindowAttribute DwmSetWindowAttribute DwmIsCompositionEnabled #113 #114 #159 DwmQueryThumbnailSourceSize #124 DwmUpdateThumbnailProperties DwmUnregisterThumbnail DwmEnableBlurBehindWindow |
USER32.dll |
ShowWindowAsync
EndTask IsTopLevelWindow GetMenuState SetScrollInfo GetScrollInfo SetScrollPos GetMenuStringW InternalGetWindowText GetLayeredWindowAttributes SetLayeredWindowAttributes DrawTextExW IsProcessDPIAware SetThreadDpiAwarenessContext GetWindowCompositionAttribute GetWindowProcessHandle GetClassLongPtrW UpdateLayeredWindow #2521 GetCursorInfo GetPhysicalCursorPos GetClassLongW GetClassWord GetIconInfo GetIconInfoExW GhostWindowFromHungWindow GetSysColorBrush GetSystemMenu ModifyMenuW GetAsyncKeyState ReplyMessage AdjustWindowRectEx GetDC ReleaseDC MonitorFromWindow IsIconic CreatePopupMenu GetMenuDefaultItem DestroyMenu LoadCursorW SetCursor SetMenuItemInfoW DefWindowProcA IsWindowUnicode LoadAcceleratorsW ChangeWindowMessageFilterEx TranslateAcceleratorW #2611 MonitorFromRect GetGuiResources IsHungAppWindow #2574 SwitchToThisWindow GetLastActivePopup UnregisterHotKey RegisterHotKey InsertMenuW ExitWindowsEx GetKeyState LoadIconW UnregisterClassW HungWindowFromGhostWindow CascadeWindows #2522 GetMenuInfo SetMenuInfo GetDpiForSystem TileWindows GetWindowDpiAwarenessContext AreDpiAwarenessContextsEqual CharLowerW IsCharAlphaNumericW LockWorkStation InjectMouseInput MapVirtualKeyExW InjectKeyboardInput GetCaretBlinkTime GetSysColor MonitorFromPoint CopyImage DestroyIcon DrawIconEx GetSystemMetricsForDpi #2005 UnregisterClassA PostThreadMessageW BringWindowToTop TrackMouseEvent SetCapture GetCapture ReleaseCapture GetDoubleClickTime CalculatePopupWindowPosition CopyIcon GetLastInputInfo AdjustWindowRect GetDpiForWindow SetWindowCompositionAttribute SetGestureConfig EndDialog #2573 LoadImageW CheckMenuItem EnableMenuItem RemoveMenu SetMenuDefaultItem TrackPopupMenuEx DeleteMenu FillRect DrawTextW LoadMenuW GetSubMenu CreateIconIndirect GetMenuItemCount GetMenuItemInfoW SendDlgItemMessageW |
SspiCli.dll |
GetUserNameExW
|
api-ms-win-core-delayload-l1-1-1.dll |
ResolveDelayLoadedAPI
|
api-ms-win-core-delayload-l1-1-0.dll |
DelayLoadFailureHook
|
api-ms-win-core-kernel32-legacy-l1-1-1.dll |
VerifyVersionInfoW
PowerCreateRequest PowerSetRequest |
api-ms-win-security-isolatedcontainer-l1-1-1.dll |
IsProcessInWDAGContainer
|
api-ms-win-core-file-l2-1-2.dll |
CopyFileW
|
api-ms-win-core-kernel32-legacy-l1-1-2.dll |
SetTermsrvAppInstallMode
|
api-ms-win-shell-shdirectory-l1-1-0.dll |
#292
|
api-ms-win-eventing-controller-l1-1-0.dll |
StopTraceW
EnableTraceEx2 StartTraceW |
api-ms-win-appmodel-runtime-l1-1-3.dll |
GetStagedPackagePathByFullName2
|
api-ms-win-core-biptcltapi-l1-1-7.dll |
BiPtFreeMemory
BiPtQueryWorkItem BiPtAssociateApplicationEntryPoint BiPtEnumerateWorkItemsForPackageName |
api-ms-win-crt-math-l1-1-0.dll |
floorf
ceilf |
SndVolSSO.DLL (delay-loaded) |
#1
#3 #4 #2 |
Attributes | 0x1 |
---|---|
Name | SndVolSSO.DLL |
ModuleHandle | 0x336190 |
DelayImportAddressTable | 0x359120 |
DelayImportNameTable | 0x3272e0 |
BoundDelayImportTable | 0x328b78 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 10.0.19041.1202 |
ProductVersion | 10.0.19041.1202 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | Windows Explorer |
FileVersion (#2) | 10.0.19041.1202 (WinBuild.160101.0800) |
InternalName | explorer |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | EXPLORER.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion (#2) | 10.0.19041.1202 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2086-Oct-07 09:29:37 |
Version | 0.0 |
SizeofData | 37 |
AddressOfRawData | 0x2fd500 |
PointerToRawData | 0x2fab00 |
Referenced File | explorer.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2086-Oct-07 09:29:37 |
Version | 0.0 |
SizeofData | 1932 |
AddressOfRawData | 0x2fd528 |
PointerToRawData | 0x2fab28 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2086-Oct-07 09:29:37 |
Version | 0.0 |
SizeofData | 36 |
AddressOfRawData | 0x2fdcb4 |
PointerToRawData | 0x2fb2b4 |
StartAddressOfRawData | 0x1402fdcf8 |
---|---|
EndAddressOfRawData | 0x1402fdd00 |
AddressOfIndex | 0x140336188 |
AddressOfCallbacks | 0x1402b7b58 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x118 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140334948 |
GuardCFCheckFunctionPointer | 5371558288 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0x5ad031fc |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 254 |
C objects (27412) | 31 |
ASM objects (27412) | 3 |
Total imports | 2476 |
Imports (27412) | 31 |
269 (27412) | 368 |
C++ objects (27412) | 35 |
253 (27412) | 1 |
Resource objects (27412) | 1 |
Linker (27412) | 1 |