[
{
"dll_name": "kernel32",
"basic_info": {
"target_arch": "X86_64",
"subsystem": "Console",
"entry_point": 188704,
"image_base": 6442450944,
"section_count": 8,
"file_size": 836144
},
"export_count": 1692,
"import_count": 1273,
"section_count": 8,
"sample_exports": [
"AcquireSRWLockExclusive",
"AcquireSRWLockShared",
"ActivateActCtx",
"ActivateActCtxWorker",
"ActivatePackageVirtualizationContext",
"AddAtomA",
"AddAtomW",
"AddConsoleAliasA",
"AddConsoleAliasW",
"AddDllDirectory",
"AddIntegrityLabelToBoundaryDescriptor",
"AddLocalAlternateComputerNameA",
"AddLocalAlternateComputerNameW",
"AddRefActCtx",
"AddRefActCtxWorker",
"AddResourceAttributeAce",
"AddSIDToBoundaryDescriptor",
"AddScopedPolicyIDAce",
"AddSecureMemoryCacheCallback",
"AddVectoredContinueHandler"
],
"sample_imports": [
"RtlCompareMemory",
"RtlRaiseException",
"RtlDeleteFunctionTable",
"RtlUnwindEx",
"RtlInstallFunctionTableCallback",
"RtlCaptureContext",
"RtlAddFunctionTable",
"RtlVirtualUnwind",
"RtlPcToFileHeader",
"RtlUnwind",
"RtlRestoreContext",
"RtlLookupFunctionEntry",
"RtlVirtualUnwind2",
"RtlUnicodeStringToInteger",
"RtlGetUILanguageInfo",
"EtwEventEnabled",
"RtlpConvertLCIDsToCultureNames",
"NtEnumerateKey",
"RtlIntegerToUnicodeString",
"RtlTimeToTimeFields"
],
"section_names": [
".text",
"fothk",
".rdata",
".data",
".pdata",
".didat",
".rsrc",
".reloc"
],
"analysis_success": true
},
{
"dll_name": "user32",
"basic_info": {
"target_arch": "X86_64",
"subsystem": "Windows",
"entry_point": 341552,
"image_base": 6442450944,
"section_count": 8,
"file_size": 1873232
},
"export_count": 1041,
"import_count": 1117,
"section_count": 8,
"sample_exports": [
"ActivateKeyboardLayout",
"AddClipboardFormatListener",
"AddVisualIdentifier",
"AdjustWindowRect",
"AdjustWindowRectEx",
"AdjustWindowRectExForDpi",
"AlignRects",
"AllowForegroundActivation",
"AllowSetForegroundWindow",
"AnimateWindow",
"AnyPopup",
"AppendMenuA",
"AppendMenuW",
"ApplyWindowAction",
"AreDpiAwarenessContextsEqual",
"ArrangeIconicWindows",
"AttachThreadInput",
"BeginDeferWindowPos",
"BeginPaint",
"BlockInput"
],
"sample_imports": [
"NtUserToUnicodeEx",
"NtUserLoadKeyboardLayoutEx",
"NtUserUpdatePerUserImmEnabling",
"NtUserSetWatermarkStrings",
"NtUserUpdatePerUserSystemParameters",
"NtUserEvent",
"NtUserConvertMemHandle",
"NtUserCreateLocalMemHandle",
"NtUserSetWindowsHookEx",
"NtUserSetWinEventHook",
"NtUserNotifyWinEvent",
"NtUserRegisterUserApiHook",
"NtUserDoInitMessagePumpHook",
"NtUserDoUninitMessagePumpHook",
"NtUserDrawCaption",
"NtUserGetAsyncKeyState",
"NtUserGetKeyState",
"NtUserOpenClipboard",
"NtUserPeekMessage",
"NtUserSetWindowLong"
],
"section_names": [
".text",
"fothk",
".rdata",
".data",
".pdata",
".didat",
".rsrc",
".reloc"
],
"analysis_success": true
},
{
"dll_name": "ntdll",
"basic_info": {
"target_arch": "X86_64",
"subsystem": "Console",
"entry_point": 0,
"image_base": 6442450944,
"section_count": 15,
"file_size": 2522000
},
"export_count": 2516,
"import_count": 0,
"section_count": 15,
"sample_exports": [
"A_SHAFinal",
"A_SHAInit",
"A_SHAUpdate",
"AlpcAdjustCompletionListConcurrencyCount",
"AlpcFreeCompletionListMessage",
"AlpcGetCompletionListLastMessageInformation",
"AlpcGetCompletionListMessageAttributes",
"AlpcGetHeaderSize",
"AlpcGetMessageAttribute",
"AlpcGetMessageFromCompletionList",
"AlpcGetOutstandingCompletionListMessageCount",
"AlpcInitializeMessageAttribute",
"AlpcMaxAllowedMessageLength",
"AlpcRegisterCompletionList",
"AlpcRegisterCompletionListWorkerThread",
"AlpcRundownCompletionList",
"AlpcUnregisterCompletionList",
"AlpcUnregisterCompletionListWorkerThread",
"ApiSetGetImplementationHost",
"ApiSetQueryApiSetPresence"
],
"sample_imports": [],
"section_names": [
".text",
"SCPCFG",
"SCPCFGFP",
"SCPCFGNP",
"SCPCFGES",
"RT",
"PAGE",
"fothk",
".rdata",
".data",
".pdata",
".mrdata",
".00cfg",
".rsrc",
".reloc"
],
"analysis_success": true
},
{
"dll_name": "advapi32",
"basic_info": {
"target_arch": "X86_64",
"subsystem": "Console",
"entry_point": 135568,
"image_base": 6442450944,
"section_count": 8,
"file_size": 745240
},
"export_count": 851,
"import_count": 638,
"section_count": 8,
"sample_exports": [
"A_SHAFinal",
"A_SHAInit",
"A_SHAUpdate",
"AbortSystemShutdownA",
"AbortSystemShutdownW",
"AccessCheck",
"AccessCheckAndAuditAlarmA",
"AccessCheckAndAuditAlarmW",
"AccessCheckByType",
"AccessCheckByTypeAndAuditAlarmA",
"AccessCheckByTypeAndAuditAlarmW",
"AccessCheckByTypeResultList",
"AccessCheckByTypeResultListAndAuditAlarmA",
"AccessCheckByTypeResultListAndAuditAlarmByHandleA",
"AccessCheckByTypeResultListAndAuditAlarmByHandleW",
"AccessCheckByTypeResultListAndAuditAlarmW",
"AddAccessAllowedAce",
"AddAccessAllowedAceEx",
"AddAccessAllowedObjectAce",
"AddAccessDeniedAce"
],
"sample_imports": [
"wcscpy_s",
"wcscat_s",
"swprintf_s",
"_wcsicmp",
"_wcsnicmp",
"tolower",
"strstr",
"strchr",
"_ultow_s",
"iswctype",
"wcstoul",
"_wcstoui64",
"_wcstoi64",
"wcsstr",
"wcstok_s",
"_errno",
"_ui64tow_s",
"_i64tow_s",
"_stricmp",
"wcsnlen"
],
"section_names": [
".text",
"fothk",
".rdata",
".data",
".pdata",
".didat",
".rsrc",
".reloc"
],
"analysis_success": true
},
{
"dll_name": "ole32",
"basic_info": {
"target_arch": "X86_64",
"subsystem": "Console",
"entry_point": 287424,
"image_base": 6442450944,
"section_count": 8,
"file_size": 1683160
},
"export_count": 549,
"import_count": 559,
"section_count": 8,
"sample_exports": [
"BindMoniker",
"CLIPFORMAT_UserFree",
"CLIPFORMAT_UserFree64",
"CLIPFORMAT_UserFreeExt",
"CLIPFORMAT_UserMarshal",
"CLIPFORMAT_UserMarshal64",
"CLIPFORMAT_UserMarshalExt",
"CLIPFORMAT_UserSize",
"CLIPFORMAT_UserSize64",
"CLIPFORMAT_UserSizeExt",
"CLIPFORMAT_UserUnmarshal",
"CLIPFORMAT_UserUnmarshal64",
"CLIPFORMAT_UserUnmarshalExt",
"CLSIDFromOle1Class",
"CLSIDFromProgID",
"CLSIDFromProgIDEx",
"CLSIDFromString",
"CStdAsyncStubBuffer2_Connect",
"CStdAsyncStubBuffer2_Disconnect",
"CStdAsyncStubBuffer2_Release"
],
"sample_imports": [
"_Query_perf_frequency",
"_Query_perf_counter",
"_Mtx_destroy_in_situ",
"_Mtx_init_in_situ",
"_Mtx_lock",
"_Mtx_unlock",
"?_Throw_Cpp_error↯std↯↯YAXH↯Z",
"strcspn",
"wcsncmp",
"strcmp",
"wcscmp",
"memset",
"_initterm",
"_initterm_e",
"_o__purecall",
"_o__register_onexit_function",
"_o__resetstkoflw",
"_o__seh_filter_dll",
"_o__wcsicmp",
"_o__wcslwr"
],
"section_names": [
".text",
"fothk",
".rdata",
".data",
".pdata",
".didat",
".rsrc",
".reloc"
],
"analysis_success": true
},
{
"dll_name": "shell32",
"basic_info": {
"target_arch": "X86_64",
"subsystem": "Windows",
"entry_point": 2051808,
"image_base": 6442450944,
"section_count": 8,
"file_size": 7728376
},
"export_count": 478,
"import_count": 1085,
"section_count": 8,
"sample_exports": [
"AppCompat_RunDLLW",
"AssocCreateForClasses",
"AssocElemCreateForKey",
"AssocGetDetailsOfPropKey",
"CDefFolderMenu_Create2",
"CIDLData_CreateFromIDArray",
"CStorageItem_GetValidatedStorageItemObject",
"CallFileCopyHook",
"CheckEscapesW",
"CommandLineToArgvW",
"Control_RunDLL",
"Control_RunDLLA",
"Control_RunDLLAsUserW",
"Control_RunDLLW",
"CreateStorageItemFromPath_FullTrustCaller",
"CreateStorageItemFromPath_FullTrustCaller_ForPackage",
"CreateStorageItemFromPath_PartialTrustCaller",
"CreateStorageItemFromShellItem_FullTrustCaller",
"CreateStorageItemFromShellItem_FullTrustCaller_ForPackage",
"CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle"
],
"sample_imports": [
"?_Throw_Cpp_error↯std↯↯YAXH↯Z",
"_Thrd_join",
"?tellp↯?$basic_ostream↯GU?$char_traits↯G↯std↯↯↯std↯↯QEAA?AV?$fpos↯U_Mbstatet↯↯↯2↯XZ",
"??0?$basic_ostream↯GU?$char_traits↯G↯std↯↯↯std↯↯QEAA↯PEAV?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯1↯_N↯Z",
"??0?$basic_ios↯GU?$char_traits↯G↯std↯↯↯std↯↯IEAA↯XZ",
"?setp↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯IEAAXPEAG00↯Z",
"?epptr↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯IEBAPEAGXZ",
"?setg↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯IEAAXPEAG00↯Z",
"?egptr↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯IEBAPEAGXZ",
"?eback↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯IEBAPEAGXZ",
"?setp↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯IEAAXPEAG0↯Z",
"??0?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯IEAA↯XZ",
"?pbase↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯IEBAPEAGXZ",
"?imbue↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯MEAAXAEBVlocale↯2↯↯Z",
"?setbuf↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯MEAAPEAV12↯PEAG_J↯Z",
"?xsgetn↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯MEAA_JPEAG_J↯Z",
"?showmanyc↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯MEAA_JXZ",
"?xsputn↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯MEAA_JPEBG_J↯Z",
"?sputn↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯QEAA_JPEBG_J↯Z",
"?uflow↯?$basic_streambuf↯GU?$char_traits↯G↯std↯↯↯std↯↯MEAAGXZ"
],
"section_names": [
".text",
"fothk",
".rdata",
".data",
".pdata",
".didat",
".rsrc",
".reloc"
],
"analysis_success": true
},
{
"dll_name": "comctl32",
"basic_info": {
"target_arch": "X86_64",
"subsystem": "Windows",
"entry_point": 6000,
"image_base": 6442450944,
"section_count": 7,
"file_size": 738688
},
"export_count": 119,
"import_count": 409,
"section_count": 7,
"sample_exports": [
"AddMRUStringW",
"CreateMRUListW",
"CreateMappedBitmap",
"CreatePropertySheetPage",
"CreatePropertySheetPageA",
"CreatePropertySheetPageW",
"CreateStatusWindow",
"CreateStatusWindowA",
"CreateStatusWindowW",
"CreateToolbar",
"CreateToolbarEx",
"CreateUpDownControl",
"DPA_Clone",
"DPA_Create",
"DPA_CreateEx",
"DPA_DeleteAllPtrs",
"DPA_DeletePtr",
"DPA_Destroy",
"DPA_DestroyCallback",
"DPA_EnumCallback"
],
"sample_imports": [
"RtlVirtualUnwind",
"RtlUnwindEx",
"RtlLookupFunctionEntry",
"NtQueryInformationProcess",
"RtlCaptureContext",
"AllocateAndInitializeSid",
"RegQueryValueExA",
"RegOpenKeyExA",
"RegCreateKeyW",
"RegQueryValueW",
"RegCreateKeyExW",
"RegQueryValueExW",
"RegCloseKey",
"RegSetValueExW",
"OpenProcessToken",
"RegOpenCurrentUser",
"CheckTokenMembership",
"FreeSid",
"RegOpenKeyExW",
"SetPixelV"
],
"section_names": [
".text",
"fothk",
".rdata",
".data",
".pdata",
".rsrc",
".reloc"
],
"analysis_success": true
},
{
"dll_name": "gdi32",
"basic_info": {
"target_arch": "X86_64",
"subsystem": "Console",
"entry_point": 24272,
"image_base": 6442450944,
"section_count": 8,
"file_size": 187392
},
"export_count": 993,
"import_count": 163,
"section_count": 8,
"sample_exports": [
"AbortDoc",
"AbortPath",
"AddFontMemResourceEx",
"AddFontResourceA",
"AddFontResourceExA",
"AddFontResourceExW",
"AddFontResourceTracking",
"AddFontResourceW",
"AngleArc",
"AnimatePalette",
"AnyLinkedFonts",
"Arc",
"ArcTo",
"BRUSHOBJ_hGetColorTransform",
"BRUSHOBJ_pvAllocRbrush",
"BRUSHOBJ_pvGetRbrush",
"BRUSHOBJ_ulGetBrushColor",
"BeginGdiRendering",
"BeginPath",
"BitBlt"
],
"sample_imports": [
"RtlLookupFunctionEntry",
"RtlCaptureContext",
"RtlInitUnicodeString",
"_wcsicmp",
"_wcsnicmp",
"RtlFreeHeap",
"RtlVirtualUnwind",
"memset",
"GetProcAddress",
"GetModuleHandleW",
"DisableThreadLibraryCalls",
"GetModuleHandleA",
"GetModuleHandleExA",
"GetProcessMitigationPolicy",
"GetCurrentProcessId",
"GetCurrentThreadId",
"GetCurrentProcess",
"TerminateProcess",
"LocalFree",
"InitOnceExecuteOnce"
],
"section_names": [
".text",
"fothk",
".rdata",
".data",
".pdata",
".didat",
".rsrc",
".reloc"
],
"analysis_success": true
},
{
"dll_name": "ws2_32",
"basic_info": {
"target_arch": "X86_64",
"subsystem": "Console",
"entry_point": 200000,
"image_base": 6442450944,
"section_count": 9,
"file_size": 489040
},
"export_count": 196,
"import_count": 236,
"section_count": 9,
"sample_exports": [
"FreeAddrInfoEx",
"FreeAddrInfoExW",
"FreeAddrInfoW",
"GetAddrInfoExA",
"GetAddrInfoExCancel",
"GetAddrInfoExOverlappedResult",
"GetAddrInfoExW",
"GetAddrInfoW",
"GetHostNameW",
"GetNameInfoW",
"InetNtopW",
"InetPtonW",
"ProcessSocketNotifications",
"SetAddrInfoExA",
"SetAddrInfoExW",
"WEP",
"WPUCompleteOverlappedRequest",
"WPUGetProviderPathEx",
"WSAAccept",
"WSAAddressToStringA"
],
"sample_imports": [
"memset",
"strcmp",
"__isascii",
"wcsncmp",
"_initterm_e",
"_initterm",
"_o__initialize_narrow_environment",
"_o__initialize_onexit_table",
"_o__invalid_parameter_noinfo",
"_o__register_onexit_function",
"_o__seh_filter_dll",
"_o__stricmp",
"_o__configure_narrow_argv",
"memcpy",
"_o__wcsicmp",
"_o__wcsnicmp",
"_o_atoi",
"_o_exit",
"_o_isspace",
"_o_strcpy_s"
],
"section_names": [
".text",
"_wpp_sf",
"fothk",
".rdata",
".data",
".pdata",
".didat",
".rsrc",
".reloc"
],
"analysis_success": true
},
{
"dll_name": "msvcrt",
"basic_info": {
"target_arch": "X86_64",
"subsystem": "Windows",
"entry_point": 31248,
"image_base": 6442450944,
"section_count": 7,
"file_size": 699792
},
"export_count": 1330,
"import_count": 155,
"section_count": 7,
"sample_exports": [
"??0__non_rtti_object↯↯QEAA↯AEBV0↯↯Z",
"??0__non_rtti_object↯↯QEAA↯PEBD↯Z",
"??0bad_cast↯↯AAE↯PBQBD↯Z",
"??0bad_cast↯↯AEAA↯PEBQEBD↯Z",
"??0bad_cast↯↯QAE↯ABQBD↯Z",
"??0bad_cast↯↯QEAA↯AEBQEBD↯Z",
"??0bad_cast↯↯QEAA↯AEBV0↯↯Z",
"??0bad_cast↯↯QEAA↯PEBD↯Z",
"??0bad_typeid↯↯QEAA↯AEBV0↯↯Z",
"??0bad_typeid↯↯QEAA↯PEBD↯Z",
"??0exception↯↯QEAA↯AEBQEBD↯Z",
"??0exception↯↯QEAA↯AEBQEBDH↯Z",
"??0exception↯↯QEAA↯AEBV0↯↯Z",
"??0exception↯↯QEAA↯XZ",
"??1__non_rtti_object↯↯UEAA↯XZ",
"??1bad_cast↯↯UEAA↯XZ",
"??1bad_typeid↯↯UEAA↯XZ",
"??1exception↯↯UEAA↯XZ",
"??1type_info↯↯UEAA↯XZ",
"??2↯YAPEAX_K↯Z"
],
"sample_imports": [
"RtlLookupFunctionEntry",
"RtlUnwind",
"RtlVirtualUnwind",
"RtlCaptureContext",
"RtlUnwindEx",
"RtlPcToFileHeader",
"ReadConsoleInputA",
"ReadConsoleInputW",
"SetConsoleCtrlHandler",
"GetConsoleMode",
"SetConsoleMode",
"ReadConsoleW",
"WriteConsoleW",
"GetNumberOfConsoleInputEvents",
"GetConsoleCP",
"PeekConsoleInputA",
"GetTimeFormatW",
"GetTimeFormatA",
"GetDateFormatA",
"GetDateFormatW"
],
"section_names": [
".text",
"fothk",
".rdata",
".data",
".pdata",
".rsrc",
".reloc"
],
"analysis_success": true
}
]