Import table
advapi32.dll
ReportEventA, RegOpenKeyExA, RegCreateKeyExA, RegDeleteKeyA, SetSecurityDescriptorDacl, GetSecurityDescriptorLength, MakeSelfRelativeSD, InitializeSecurityDescriptor, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, MakeAbsoluteSD, GetSecurityDescriptorControl, RegOpenKeyExW, RegQueryValueExW, RegEnumValueA, SetTokenInformation, CreateProcessAsUserW, LookupAccountSidA, GetTokenInformation, IsValidSid, GetLengthSid, CopySid, OpenThreadToken, ChangeServiceConfigA, StartServiceCtrlDispatcherA, QueryServiceStatus, CreateServiceA, RegisterServiceCtrlHandlerA, ConvertStringSidToSidW, LookupAccountSidW, AdjustTokenPrivileges, LookupPrivilegeValueA, CheckTokenMembership, RegQueryInfoKeyA, ControlService, DeleteService, RegEnumKeyExA, RegQueryInfoKeyW, OpenSCManagerA, OpenServiceA, CloseServiceHandle, SetServiceStatus, RegisterEventSourceA, RegDeleteValueA, DeregisterEventSource, RegSetValueExA, RegQueryValueExA, RegCloseKey, OpenProcessToken
crypt32.dll
CryptVerifyMessageSignature, CertNameToStrA, CertFreeCertificateContext
imagehlp.dll
ImageGetCertificateHeader, ImageGetCertificateData, ImageEnumerateCertificates
kernel32.dll
CreateFileMappingA, UnmapViewOfFile, GetCurrentProcessId, GetWindowsDirectoryA, CreateDirectoryA, ReleaseMutex, CreateMutexA, WaitForMultipleObjects, SuspendThread, ResumeThread, ResetEvent, PulseEvent, InitializeCriticalSection, CompareStringW, SetEndOfFile, CreateFileW, SetStdHandle, WriteConsoleW, LCMapStringW, LoadLibraryW, FlushFileBuffers, ReadFile, SetFilePointer, MapViewOfFileEx, GetACP, CreateFileA, lstrcmpA, GetVersionExA, CreateProcessA, LoadLibraryExW, GetModuleFileNameW, SetLastError, GetExitCodeProcess, GetTickCount, TlsGetValue, InterlockedIncrement, LoadLibraryA, IsBadCodePtr, GetCurrentThread, GetCommandLineA, QueueUserAPC, TerminateThread, TlsAlloc, OutputDebugStringA, LoadLibraryExA, FindResourceA, FreeLibrary, SetEvent, InterlockedDecrement, IsDBCSLeadByte, LocalFree, GetModuleHandleW, GetModuleFileNameA, CreateEventA, CreateThread, Sleep, GetCurrentThreadId, TlsSetValue, WaitForSingleObject, lstrcmpiA, lstrlenA, GetModuleHandleA, GetProcAddress, GetCurrentProcess, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, LeaveCriticalSection, EnterCriticalSection, RaiseException, lstrlenW, WideCharToMultiByte, MultiByteToWideChar, GetConsoleMode, GetConsoleCP, GetTimeZoneInformation, SetEnvironmentVariableA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetStringTypeW, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetLocaleInfoW, IsProcessorFeaturePresent, GetFileType, SetHandleCount, HeapCreate, GetStdHandle, WriteFile, IsValidCodePage, GetOEMCP, GetCPInfo, ExitProcess, TlsFree, TerminateProcess, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, HeapSetInformation, ExitThread, GetSystemTimeAsFileTime, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, DecodePointer, EncodePointer, RtlUnwind, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, SleepEx, CloseHandle, CreateMutexW, GetLastError
ole32.dll
CoInitializeEx, CoTaskMemFree, CoRegisterClassObject, CoRevokeClassObject, CoTaskMemRealloc, CoTaskMemAlloc, CoAddRefServerProcess, CoReleaseServerProcess, CoUninitialize, CoInitializeSecurity, CoResumeClassObjects, ProgIDFromCLSID, StringFromCLSID, CLSIDFromProgID, CLSIDFromString, CoInitialize, CoImpersonateClient, CoCreateInstance, CoRegisterChannelHook, CoRevertToSelf, StringFromGUID2
rpcrt4.dll
UuidCreate, RpcStringFreeA, UuidToStringA
shell32.dll
SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc
shlwapi.dll
PathGetCharTypeW, PathAddBackslashW, PathUnquoteSpacesW, PathUnquoteSpacesA, PathStripPathW, PathStripPathA, PathSkipRootW, PathSkipRootA, PathRemoveFileSpecA, PathRemoveExtensionA, PathIsFileSpecW, PathIsFileSpecA, PathIsDirectoryA, PathIsUNCW, PathIsUNCA, PathFileExistsA, PathAppendW, PathAppendA, PathAddExtensionA, PathIsRelativeW, PathIsRelativeA
user32.dll
LoadStringA, CharNextA, CharUpperA, TranslateMessage, GetFocus, MessageBoxA, DispatchMessageA, GetMessageA, PostThreadMessageA, CharNextW
userenv.dll
CreateEnvironmentBlock, LoadUserProfileA, UnloadUserProfile, ExpandEnvironmentStringsForUserW, DestroyEnvironmentBlock
wintrust.dll
WinVerifyTrust