Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2005-Apr-12 02:21:38 |
Detected languages |
English - United States
|
Debug artifacts |
explorer.pdb
|
CompanyName | Microsoft Corporation |
FileDescription | Windows Explorer |
FileVersion | 10.0.17134.1 (WinBuild.160101.0800) |
InternalName | explorer |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | EXPLORER.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 10.0.17134.1 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to MD5 |
Suspicious | The PE is possibly packed. |
Unusual section name found: .imrsiv
Unusual section name found: .didat |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Microsoft Windows
Issuer: Microsoft Windows Production PCA 2011 |
Safe | VirusTotal score: 0/67 (Scanned on 2018-07-14 14:07:12) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 8 |
TimeDateStamp | 2005-Apr-12 02:21:38 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x1dac00 |
SizeOfInitializedData | 0x1de600 |
SizeOfUninitializedData | 0x200 |
AddressOfEntryPoint | 0x00000000000A8150 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | A.0 |
ImageVersion | A.0 |
SubsystemVersion | A.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x3bd000 |
SizeOfHeaders | 0x400 |
Checksum | 0x3cde76 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x80000 |
SizeofStackCommit | 0xe000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
msvcrt.dll |
free
_XcptFilter _amsg_exit _unlock __wgetmainargs malloc memcmp floorf floor _snwprintf_s _lock ?what@exception@@UEBAPEBDXZ ??0exception@@QEAA@AEBQEBDH@Z ??0exception@@QEAA@AEBQEBD@Z memcpy __set_app_type exit _CxxThrowException _cexit wcscpy_s _get_errno _set_errno wcsncmp localtime mktime ceilf ceil bsearch pow difftime time _set_error_mode wcsstr memmove_s _vsnprintf_s ??0exception@@QEAA@AEBV0@@Z ??0exception@@QEAA@XZ ??1exception@@UEAA@XZ memcpy_s memmove _vsnwprintf __setusermatherr __CxxFrameHandler3 wcsncpy_s __dllonexit wcscspn _errno _vsnwprintf_s ?terminate@@YAXXZ iswalnum _onexit __C_specific_handler _wcmdln ??1type_info@@UEAA@XZ realloc _fmode _exit sqrt _initterm _commode memset wcscmp |
---|---|
TWINAPI.dll |
#9
|
api-ms-win-core-job-l2-1-0.dll |
QueryInformationJobObject
CreateJobObjectW SetInformationJobObject AssignProcessToJobObject |
api-ms-win-core-url-l1-1-0.dll |
UrlUnescapeW
HashData |
api-ms-win-core-kernel32-private-l1-1-0.dll |
CheckElevationEnabled
|
api-ms-win-core-registryuserspecific-l1-1-0.dll |
SHRegGetUSValueW
SHRegGetBoolUSValueW |
api-ms-win-core-com-private-l1-1-0.dll |
CoRegisterMessageFilter
|
api-ms-win-core-atoms-l1-1-0.dll |
GlobalGetAtomNameW
|
api-ms-win-core-sidebyside-l1-1-0.dll |
CreateActCtxW
ActivateActCtx ReleaseActCtx DeactivateActCtx |
ntdll.dll |
RtlIsMultiUsersInSessionSku
WinSqmAddToStreamEx swscanf_s WinSqmIsOptedIn NtQueryInformationProcess WinSqmSetDWORD RtlQueryResourcePolicy NtSetThreadExecutionState RtlFreeHeap RtlInitUnicodeString RtlAllocateHeap RtlNtStatusToDosErrorNoTeb NtSetInformationProcess RtlCaptureContext wcsspn wcsrchr wcstol _wcsnicmp NtOpenThreadToken NtClose NtQueryInformationToken NtOpenProcessToken RtlCompareUnicodeString wcschr _itow_s _wtoi _wcsicmp RtlVirtualUnwind RtlLookupFunctionEntry RtlNtStatusToDosError NtQueryWnfStateData RtlPublishWnfStateData NtSetSystemInformation RtlFlushHeaps RtlUnsubscribeWnfNotificationWaitForCompletion RtlSubscribeWnfStateChangeNotification RtlQueryWnfStateData RtlIsMultiSessionSku |
api-ms-win-core-libraryloader-l1-2-0.dll |
GetModuleHandleA
GetProcAddress GetModuleHandleW FreeLibrary LoadResource FreeLibraryAndExitThread LoadLibraryExW FindResourceExW FindStringOrdinal SizeofResource LockResource LoadStringW GetModuleFileNameW GetModuleFileNameA GetModuleHandleExW |
api-ms-win-core-synch-l1-2-0.dll |
SleepConditionVariableSRW
InitOnceComplete Sleep InitOnceExecuteOnce InitOnceBeginInitialize WakeAllConditionVariable |
api-ms-win-core-synch-l1-1-0.dll |
LeaveCriticalSection
ReleaseSRWLockExclusive InitializeCriticalSectionEx ResetEvent CreateMutexW InitializeSRWLock WaitForMultipleObjectsEx ReleaseSemaphore SleepEx DeleteCriticalSection CreateEventExW EnterCriticalSection AcquireSRWLockExclusive CreateMutexExW ReleaseSRWLockShared OpenSemaphoreW CreateSemaphoreExW ReleaseMutex SetEvent TryAcquireSRWLockExclusive WaitForSingleObjectEx OpenEventW TryEnterCriticalSection OpenMutexW InitializeCriticalSection CreateEventW AcquireSRWLockShared WaitForSingleObject |
api-ms-win-core-heap-l1-1-0.dll |
GetProcessHeap
HeapFree HeapAlloc |
api-ms-win-core-errorhandling-l1-1-0.dll |
RaiseException
SetErrorMode UnhandledExceptionFilter SetUnhandledExceptionFilter SetLastError GetLastError |
api-ms-win-core-file-l1-1-0.dll |
FindClose
FindNextFileW FindFirstFileW GetFileAttributesW GetLongPathNameW WriteFile CompareFileTime CreateFileW DeleteFileW |
api-ms-win-eventing-provider-l1-1-0.dll |
EventWriteTransfer
EventRegister EventActivityIdControl EventEnabled EventSetInformation EventWrite EventUnregister |
api-ms-win-core-threadpool-l1-2-0.dll |
FreeLibraryWhenCallbackReturns
CallbackMayRunLong TrySubmitThreadpoolCallback CloseThreadpoolTimer WaitForThreadpoolTimerCallbacks CreateThreadpoolTimer CreateThreadpoolWait SetThreadpoolWait WaitForThreadpoolWaitCallbacks CloseThreadpoolWait SetThreadpoolTimer SubmitThreadpoolWork CreateThreadpoolWork |
api-ms-win-core-processthreads-l1-1-0.dll |
OpenProcessToken
QueueUserAPC GetPriorityClass ResumeThread CreateProcessW GetCurrentThread OpenThreadToken TerminateThread SetPriorityClass GetCurrentProcess ExitProcess GetStartupInfoW CreateThread GetCurrentThreadId GetExitCodeProcess GetProcessId ProcessIdToSessionId OpenThread SetThreadPriority TlsSetValue SetThreadPriorityBoost TerminateProcess TlsAlloc GetThreadPriority TlsGetValue TlsFree SetProcessShutdownParameters GetCurrentProcessId |
api-ms-win-core-localization-l1-2-0.dll |
GetLocaleInfoEx
GetThreadUILanguage GetUserDefaultLangID GetLocaleInfoW FormatMessageW GetCalendarInfoW |
api-ms-win-core-debug-l1-1-0.dll |
DebugBreak
OutputDebugStringW IsDebuggerPresent OutputDebugStringA |
api-ms-win-core-handle-l1-1-0.dll |
CloseHandle
DuplicateHandle |
OLEAUT32.dll |
#2
#16 #24 #15 #23 #277 #150 #6 #9 #8 |
api-ms-win-shcore-thread-l1-1-0.dll |
SetProcessReference
SHSetThreadRef SHCreateThread SHCreateThreadRef SHGetThreadRef |
api-ms-win-core-com-l1-1-0.dll |
CoCreateInstance
CoTaskMemFree CoCancelCall CoDisableCallCancellation CoEnableCallCancellation CoGetCallContext CoRevokeClassObject IIDFromString CoGetStdMarshalEx CoSetProxyBlanket CoTaskMemRealloc CoTaskMemAlloc CoGetMalloc CoReleaseMarshalData CoGetInterfaceAndReleaseStream CoInitializeSecurity CoMarshalInterThreadInterfaceInStream CoUninitialize CoCreateFreeThreadedMarshaler CoFreeUnusedLibraries CLSIDFromString CoCreateGuid StringFromIID CoInitializeEx CoWaitForMultipleHandles CoGetApartmentType PropVariantClear CoRegisterClassObject CreateStreamOnHGlobal StringFromGUID2 |
api-ms-win-core-threadpool-legacy-l1-1-0.dll |
ChangeTimerQueueTimer
UnregisterWaitEx DeleteTimerQueueTimer CreateTimerQueueTimer |
api-ms-win-core-sysinfo-l1-1-0.dll |
GetTickCount
GetLocalTime GetTickCount64 GetVersionExW GetSystemTime GetSystemTimeAsFileTime GetSystemDirectoryW GetWindowsDirectoryW |
api-ms-win-core-synch-l1-2-1.dll |
CreateSemaphoreW
|
api-ms-win-core-com-l1-1-1.dll |
RoGetAgileReference
|
api-ms-win-shcore-sysinfo-l1-1-0.dll |
SetCurrentProcessExplicitAppUserModelID
IsOS |
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll |
StrCmpICA
StrChrW StrToIntW StrChrIW StrCmpICW StrCmpW StrCmpNICW StrCmpNIW StrCmpIW StrStrIW QISearch StrRChrW |
api-ms-win-shcore-obsolete-l1-1-0.dll |
SHStrDupW
|
api-ms-win-core-registry-l1-1-0.dll |
RegCloseKey
RegDeleteValueW RegGetValueW RegQueryInfoKeyW RegEnumValueW RegSetValueExW RegDeleteKeyExW RegOpenKeyExW RegCreateKeyExW RegDeleteTreeW RegEnumKeyExW RegQueryValueExW |
api-ms-win-shcore-comhelpers-l1-1-0.dll |
IUnknown_QueryService
IUnknown_SetSite IUnknown_Set |
api-ms-win-core-heap-l2-1-0.dll |
LocalAlloc
GlobalAlloc LocalReAlloc LocalFree GlobalFree |
api-ms-win-core-processthreads-l1-1-1.dll |
OpenProcess
GetProcessMitigationPolicy |
api-ms-win-core-datetime-l1-1-0.dll |
GetDateFormatW
|
api-ms-win-core-datetime-l1-1-1.dll |
GetTimeFormatEx
GetDateFormatEx |
api-ms-win-core-processenvironment-l1-1-0.dll |
SearchPathW
GetCurrentDirectoryW GetCommandLineW ExpandEnvironmentStringsW |
api-ms-win-core-shlwapi-legacy-l1-1-0.dll |
PathIsFileSpecW
PathRemoveFileSpecW PathParseIconLocationW PathCommonPrefixW PathCombineW PathMatchSpecW PathFileExistsW SHExpandEnvironmentStringsW PathRemoveBlanksW PathFindFileNameW PathGetArgsW PathGetDriveNumberW PathQuoteSpacesW PathIsRelativeW PathFindExtensionW |
api-ms-win-core-winrt-string-l1-1-0.dll |
WindowsDuplicateString
WindowsCreateStringReference WindowsGetStringRawBuffer WindowsCompareStringOrdinal WindowsCreateString WindowsSubstringWithSpecifiedLength WindowsDeleteString |
api-ms-win-core-string-obsolete-l1-1-0.dll |
lstrlenW
lstrcmpiW |
api-ms-win-core-string-l1-1-0.dll |
MultiByteToWideChar
CompareStringW CompareStringOrdinal WideCharToMultiByte |
api-ms-win-shcore-registry-l1-1-0.dll |
SHQueryInfoKeyW
SHSetValueW SHEnumKeyExW SHGetValueW SHRegGetValueW SHDeleteKeyW SHDeleteValueW |
api-ms-win-security-base-l1-1-0.dll |
GetLengthSid
GetAclInformation CopySid DeleteAce CreateWellKnownSid InitializeAcl MakeAbsoluteSD IsValidSid CheckTokenMembership DuplicateToken GetAce GetTokenInformation AddAce EqualSid |
api-ms-win-eventing-classicprovider-l1-1-0.dll |
GetTraceLoggerHandle
GetTraceEnableFlags TraceMessage RegisterTraceGuidsW GetTraceEnableLevel UnregisterTraceGuids |
api-ms-win-core-localization-obsolete-l1-2-0.dll |
GetUserDefaultUILanguage
|
api-ms-win-core-libraryloader-l1-2-1.dll |
FindResourceW
LoadLibraryW |
api-ms-win-core-string-l2-1-1.dll |
SHLoadIndirectString
|
api-ms-win-core-winrt-error-l1-1-0.dll |
SetRestrictedErrorInfo
RoOriginateError |
api-ms-win-core-winrt-error-l1-1-1.dll |
RoGetMatchingRestrictedErrorInfo
|
api-ms-win-core-path-l1-1-0.dll |
PathCchAddExtension
PathCchCombine PathCchAppend |
api-ms-win-shcore-unicodeansi-l1-1-0.dll |
SHAnsiToUnicode
|
api-ms-win-core-heap-obsolete-l1-1-0.dll |
GlobalUnlock
GlobalLock |
api-ms-win-core-psapi-l1-1-0.dll |
QueryFullProcessImageNameW
|
api-ms-win-core-winrt-l1-1-0.dll |
RoGetActivationFactory
RoUninitialize RoInitialize RoActivateInstance |
api-ms-win-core-memory-l1-1-0.dll |
VirtualProtect
VirtualFree CreateFileMappingW MapViewOfFile VirtualAlloc UnmapViewOfFile |
api-ms-win-core-largeinteger-l1-1-0.dll |
MulDiv
|
api-ms-win-shcore-stream-l1-1-0.dll |
SHCreateStreamOnFileW
SHCreateMemStream SHCreateStreamOnFileEx IStream_Write IStream_Reset SHOpenRegStream2W IStream_Read |
api-ms-win-core-file-l1-2-0.dll |
GetTempPathW
|
api-ms-win-shcore-path-l1-1-0.dll |
#170
|
api-ms-win-core-timezone-l1-1-0.dll |
GetDynamicTimeZoneInformation
GetTimeZoneInformation FileTimeToSystemTime SystemTimeToTzSpecificLocalTime SystemTimeToFileTime |
api-ms-win-core-kernel32-legacy-l1-1-0.dll |
GetSystemPowerStatus
GetComputerNameW RegisterWaitForSingleObject |
api-ms-win-core-profile-l1-1-0.dll |
QueryPerformanceCounter
|
api-ms-win-security-lsalookup-l2-1-0.dll |
LookupAccountNameW
|
api-ms-win-shcore-registry-l1-1-1.dll |
SHRegGetValueFromHKCUHKLM
|
api-ms-win-shcore-scaling-l1-1-1.dll |
GetDpiForMonitor
|
api-ms-win-core-sysinfo-l1-2-0.dll |
GetProductInfo
|
api-ms-win-core-errorhandling-l1-1-2.dll |
RaiseFailFastException
|
api-ms-win-core-string-l2-1-0.dll |
CharNextW
CharLowerBuffW |
api-ms-win-core-stringansi-l1-1-0.dll |
CharNextA
|
api-ms-win-power-base-l1-1-0.dll |
GetPwrCapabilities
PowerDeterminePlatformRoleEx CallNtPowerInformation |
api-ms-win-core-apiquery-l1-1-0.dll |
ApiSetQueryApiSetPresence
|
api-ms-win-rtcore-ntuser-synch-l1-1-0.dll |
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx |
api-ms-win-shlwapi-winrt-storage-l1-1-1.dll |
StrRetToStrW
ShellMessageBoxW StrRetToBufW #279 AssocQueryStringW #292 #635 #165 #197 SHCreateWorkerWindowW SHPinDllOfCLSID #509 #24 PathRemoveArgsW #544 #479 #478 IUnknown_GetWindow SHIsChildOrSelf #481 |
api-ms-win-ntuser-sysparams-l1-1-0.dll |
GetMonitorInfoW
GetSystemMetrics SystemParametersInfoW EnumDisplayMonitors EnumDisplayDevicesW |
api-ms-win-ntuser-rectangle-l1-1-0.dll |
SetRectEmpty
IntersectRect CopyRect InflateRect EqualRect SubtractRect SetRect PtInRect UnionRect IsRectEmpty OffsetRect |
api-ms-win-rtcore-ntuser-winevent-l1-1-0.dll |
UnhookWinEvent
NotifyWinEvent SetWinEventHook |
api-ms-win-shell-namespace-l1-1-0.dll |
SHGetIDListFromObject
ILFree SHParseDisplayName ILClone ILIsParent ILRemoveLastID ILIsEqual ILFindLastID SHBindToParent SHCreateItemFromParsingName SHGetNameFromIDList ILCombine ILCloneFirst SHCreateItemFromIDList SHBindToFolderIDListParent ILGetSize SHBindToObject |
api-ms-win-rtcore-ntuser-wmpointer-l1-1-0.dll |
EnableMouseInPointer
GetCurrentInputMessageSource GetPointerInfo GetPointerDevices GetPointerType |
api-ms-win-storage-exports-internal-l1-1-0.dll |
SHGetFolderPathEx
SetThreadFlags SHGetKnownFolderIDList GetThreadFlags |
api-ms-win-rtcore-ntuser-wmpointer-l1-1-2.dll |
SetWindowFeedbackSetting
|
api-ms-win-rtcore-ntuser-clipboard-l1-1-0.dll |
RegisterClipboardFormatW
|
api-ms-win-rtcore-ntuser-private-l1-1-0.dll |
GetWindowBand
CreateWindowInBand |
api-ms-win-rtcore-ntuser-powermanagement-l1-1-0.dll |
RegisterPowerSettingNotification
UnregisterPowerSettingNotification |
PROPSYS.dll |
InitVariantFromGUIDAsString
InitVariantFromResource PropVariantToUInt32 PSCreateMemoryPropertyStore PSPropertyBag_WriteStr PropVariantToStringAlloc PSPropertyBag_WriteDWORD |
api-ms-win-appmodel-runtime-l1-1-0.dll |
GetPackageFullName
GetPackagesByPackageFamily |
api-ms-win-mm-playsound-l1-1-0.dll |
PlaySoundW
|
api-ms-win-shell-changenotify-l1-1-0.dll |
SHChangeNotify
|
api-ms-win-shell-dataobject-l1-1-0.dll |
SHCreateDataObject
|
api-ms-win-rtcore-ntuser-shell-l1-1-0.dll |
GetShellWindow
|
api-ms-win-appmodel-runtime-l1-1-1.dll |
FindPackagesByPackageFamily
ParseApplicationUserModelId GetStagedPackagePathByFullName |
api-ms-onecoreuap-settingsync-status-l1-1-0.dll |
IsRoamingEnabled
IsSettingSyncEnabled |
GDI32.dll |
GetDeviceCaps
CreateRectRgn SetRectRgn GetClipRgn OffsetRgn GetBkColor Rectangle SetStretchBltMode ExcludeClipRect StretchBlt CombineRgn DeleteObject GetObjectW CreateDIBSection DeleteDC CreateCompatibleDC SelectObject GdiAlphaBlend GetViewportOrgEx GetClipBox CreateCompatibleBitmap OffsetWindowOrgEx BitBlt SetBkMode CreateBitmap PatBlt SetTextColor SetTextAlign GetTextMetricsW ExtTextOutW CreateFontIndirectW GetStockObject GetDIBits SetBkColor GetTextExtentPoint32W CreateRectRgnIndirect GetGlyphOutlineW StretchDIBits CreateSolidBrush GdiFlush Polyline CreatePen GetCurrentObject SelectClipRgn GetOutlineTextMetricsW SetViewportOrgEx |
KERNEL32.dll |
RegisterApplicationRestart
IsBadWritePtr |
WININET.dll |
InternetCrackUrlW
|
SHCORE.dll |
#184
SHUnicodeToAnsi #192 #183 #213 #126 #109 #174 #121 #190 #123 #244 #162 #186 #200 #142 #1 #187 |
SHELL32.dll |
#100
#85 #190 ShellExecuteW #89 #743 #907 #134 #22 #850 #95 #885 #172 #723 #680 #200 #245 ShellExecuteExW #899 #188 #201 #206 SHCreateItemInKnownFolder #67 DragQueryFileW SHChangeNotifyRegisterThread #733 #753 #644 #645 SHGetPathFromIDListW #4 SHFileOperationW #711 #2 SHUpdateRecycleBinIcon #60 SHAddToRecentDocs #61 SHEnableServiceObject #54 #254 #91 DuplicateIcon SHGetStockIconInfo #6 Shell_NotifyIconGetRect Shell_NotifyIconW #137 #132 ExtractIconExW #244 #181 #866 #764 SHEvaluateSystemCommandTemplate SHGetLocalizedName #895 #906 SHGetPropertyStoreForWindow #894 SHAppBarMessage #162 #727 #792 #790 Shell_GetCachedImageIndexW #896 |
SHLWAPI.dll |
AssocCreate
#164 PathIsDirectoryW #413 #548 #163 #467 AssocQueryKeyW ChrCmpIW |
UxTheme.dll |
GetBufferedPaintBits
GetThemeFont IsThemeActive #126 BufferedPaintSetAlpha GetThemeMargins GetThemeMetric GetThemePartSize OpenThemeDataForDpi OpenThemeData GetThemeBool GetThemeBackgroundExtent #86 GetThemeInt #98 DrawThemeTextEx IsCompositionActive IsAppThemed GetWindowTheme BufferedPaintUnInit EndBufferedPaint BeginBufferedPaint #122 BufferedPaintInit CloseThemeData DrawThemeParentBackground DrawThemeBackground SetWindowTheme GetThemeColor #120 #106 #104 #118 #121 |
dwmapi.dll |
#138
#141 #139 #114 DwmSetWindowAttribute DwmUnregisterThumbnail DwmIsCompositionEnabled DwmEnableBlurBehindWindow DwmUpdateThumbnailProperties #124 #113 DwmQueryThumbnailSourceSize #140 #159 DwmGetWindowAttribute DwmRegisterThumbnail |
win32u.dll |
NtDCompositionGetFrameStatistics
|
USER32.dll |
LoadMenuW
DrawTextW FillRect DeleteMenu TrackPopupMenuEx SetMenuDefaultItem RemoveMenu EnableMenuItem CheckMenuItem LoadImageW SetGestureConfig SetWindowCompositionAttribute GetDpiForWindow AdjustWindowRect GetLastInputInfo CopyIcon CalculatePopupWindowPosition GetDoubleClickTime ReleaseCapture GetCapture SetCapture TrackMouseEvent #2005 GetSystemMetricsForDpi DrawIconEx DrawTextExW CopyImage GetSysColor GetCaretBlinkTime InjectKeyboardInput MapVirtualKeyExW InjectMouseInput LockWorkStation TileWindows CascadeWindows GetSubMenu HungWindowFromGhostWindow LoadIconW IsIconic GetKeyState ExitWindowsEx EndDialog SendDlgItemMessageW MonitorFromWindow RegisterHotKey UnregisterHotKey GetLastActivePopup SwitchToThisWindow #2574 IsHungAppWindow GetGuiResources GetWindowPlacement MonitorFromRect #2611 TranslateAcceleratorW ChangeWindowMessageFilterEx LoadAcceleratorsW IsWindowUnicode DefWindowProcA SetMenuItemInfoW SetCursor LoadCursorW GetMenuItemCount GetUserObjectInformationW GetThreadDesktop DestroyMenu GetMenuDefaultItem CreatePopupMenu ReleaseDC GetDC AdjustWindowRectEx SetWindowPlacement CreateIconIndirect GetMenuItemInfoW MonitorFromPoint ReplyMessage GetAsyncKeyState ModifyMenuW GetSystemMenu GetSysColorBrush GhostWindowFromHungWindow GetIconInfoExW GetIconInfo GetClassWord GetCursorInfo ShowWindowAsync InsertMenuW BringWindowToTop #2573 SetThreadDesktop EndTask OpenInputDesktop IsTopLevelWindow GetMenuState IsZoomed SetScrollInfo GetScrollInfo SetScrollPos GetMenuStringW InternalGetWindowText GetLayeredWindowAttributes SetLayeredWindowAttributes IsProcessDPIAware SetThreadDpiAwarenessContext GetWindowCompositionAttribute GetClassLongPtrW UpdateLayeredWindow UnregisterClassW #2522 GetMenuInfo SetMenuInfo GetDpiForSystem GetWindowDpiAwarenessContext AreDpiAwarenessContextsEqual CharLowerW IsCharAlphaNumericW GetClassLongW CloseDesktop GetPhysicalCursorPos GetProcessWindowStation UnregisterClassA DestroyIcon |
SspiCli.dll |
GetUserNameExW
|
api-ms-win-security-lsalookup-l1-1-2.dll |
LsaLookupUserAccountType
|
api-ms-win-core-delayload-l1-1-1.dll |
ResolveDelayLoadedAPI
|
api-ms-win-core-delayload-l1-1-0.dll |
DelayLoadFailureHook
|
api-ms-win-core-registry-l1-1-1.dll |
RegDeleteKeyValueW
RegSetKeyValueW |
api-ms-win-core-kernel32-legacy-l1-1-1.dll |
PowerCreateRequest
PowerSetRequest |
api-ms-win-stateseparation-helpers-l1-1-0.dll |
GetPersistedRegistryLocationW
|
USERENV.dll |
DeriveAppContainerSidFromAppContainerName
GetProfileType |
api-ms-win-security-isolatedcontainer-l1-1-0.dll |
IsProcessInIsolatedContainer
|
api-ms-win-core-file-l2-1-2.dll |
CopyFileW
|
api-ms-win-service-management-l2-1-0.dll |
NotifyServiceStatusChangeW
QueryServiceConfigW |
api-ms-win-core-localization-l1-2-3.dll |
GetUserDefaultGeoName
|
api-ms-win-core-kernel32-legacy-l1-1-2.dll |
SetTermsrvAppInstallMode
|
api-ms-win-core-io-l1-1-0.dll |
GetQueuedCompletionStatus
CreateIoCompletionPort |
api-ms-win-shell-shdirectory-l1-1-0.dll |
#292
|
api-ms-win-eventing-controller-l1-1-0.dll |
StopTraceW
EnableTraceEx2 StartTraceW |
RPCRT4.dll |
RpcBindingSetAuthInfoExW
RpcStringFreeW I_RpcExceptionFilter NdrClientCall3 RpcBindingFromStringBindingW UuidFromStringW RpcBindingFree RpcStringBindingComposeW |
api-ms-win-core-biptcltapi-l1-1-6.dll |
BiPtEnumerateWorkItemsForPackageName
BiPtFreeMemory BiPtQueryWorkItem BiPtAssociateApplicationEntryPoint |
WTSAPI32.dll |
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification |
api-ms-win-security-lsalookup-l1-1-1.dll |
EnumerateIdentityProviders
ReleaseIdentityProviderEnumContext GetDefaultIdentityProvider GetIdentityProviderInfoByGUID |
SndVolSSO.DLL (delay-loaded) |
#1
#3 #4 #2 |
Attributes | 0x1 |
---|---|
Name | SndVolSSO.DLL |
ModuleHandle | 0x26bc58 |
DelayImportAddressTable | 0x287118 |
DelayImportNameTable | 0x2604f8 |
BoundDelayImportTable | 0x261850 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 10.0.17134.1 |
ProductVersion | 10.0.17134.1 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | Windows Explorer |
FileVersion (#2) | 10.0.17134.1 (WinBuild.160101.0800) |
InternalName | explorer |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | EXPLORER.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion (#2) | 10.0.17134.1 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2005-Apr-12 02:21:38 |
Version | 0.0 |
SizeofData | 37 |
AddressOfRawData | 0x237690 |
PointerToRawData | 0x235690 |
Referenced File | explorer.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2005-Apr-12 02:21:38 |
Version | 0.0 |
SizeofData | 1912 |
AddressOfRawData | 0x2376b8 |
PointerToRawData | 0x2356b8 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2005-Apr-12 02:21:38 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x140237e30 |
---|---|
EndAddressOfRawData | 0x140237e38 |
AddressOfIndex | 0x14026bc50 |
AddressOfCallbacks | 0x140201120 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x100 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x14026af18 |
GuardCFCheckFunctionPointer | 5370810304 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0xf036b675 |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 240 |
ASM objects (VS2015/2017 runtime 25711) | 3 |
Total imports | 1314 |
Imports (VS2015/2017 runtime 25711) | 31 |
C++ objects (VS2015/2017 runtime 25711) | 15 |
C objects (VS2015/2017 runtime 25711) | 43 |
270 (VS2015/2017 runtime 25711) | 309 |
Resource objects (VS2015/2017 runtime 25711) | 1 |
Linker (VS2015/2017 runtime 25711) | 1 |