SHCore.dll - SHCORE

info
MZ
PE
resources
imports
exports
foremost
version info
signature
hexdump
disasm
log
discuss
donate

filename	SHCore.dll
size	560392 (0x88d08)
md5	19920b416f3274640b3de9a5248f0e74

type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xf0

Rich Header

lib id	version	times used
147	30729	74
207	65501	16
1	0	335
203	65501	7
205	65501	6
206	65501	20
202	65501	1
216	65501	79
201	65501	1
204	65501	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	7
TimeDateStamp	0x54c1b627
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x2102
Magic	0x10b
LinkerVersion	11.0
SizeOfCode	0x79e00
SizeOfInitializedData	0xb600
SizeOfUninitializedData	0x200
AddressOfEntryPoint	0x34d0
BaseOfCode	0x1000
BaseOfData	0x79000
ImageBase	0x10000000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	6.3
ImageVersion	6.3
SubsystemVersion	6.3
Reserved1	0
SizeOfImage	0x8b000
SizeOfHeaders	0x400
CheckSum	0x8dbda
Subsystem	2
DllCharacteristics	0x4140
SizeOfStackReserve	0x40000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C++ v7.0 DLL

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x79d2f	0x79e00	R-X CODE
.data	0x7b000	0x82c	0xa00	RW- IDATA
.idata	0x7c000	0x2074	0x2200	R-- IDATA
.didat	0x7f000	0x16c	0x200	RW- IDATA
.tls	0x80000	9	0	RW- UDATA
.rsrc	0x81000	0x4e8	0x600	R-- IDATA
.reloc	0x82000	0x80d8	0x8200	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0x3664	0xbee
IMPORT	0x7c400	0x2e4
RESOURCE	0x81000	0x4e8
EXCEPTION	0	0
SECURITY	0x85800	0x3508
BASERELOC	0x82000	0x80d8
DEBUG	0x7accc	0x38
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0x49984	0x18
LOAD_CONFIG	0x1000	0x5c
Bound_IAT	0	0
IAT	0x7c000	0x3fc
Delay_IAT	0x7a184	0x1a0
CLR_Header	0	0

TLS

raw start	raw end	index	callbks	zero fill	flags
0x10080000	0x10080008	0x1007b2ac	0x100499a0	0	0x300000

show previews

type	name	size	cp
MUI	#1	200	0
VERSION	#1	880	0

module_name	hint	ord	function_name
msvcrt.dll	1293		memmove
msvcrt.dll	364		_except_handler4_common
msvcrt.dll	424		_ftol2
msvcrt.dll	275		_amsg_exit
msvcrt.dll	1404		wcsncmp
msvcrt.dll	610		_lock
msvcrt.dll	1394		wcschr
msvcrt.dll	490		_initterm
msvcrt.dll	123		__CxxFrameHandler3
msvcrt.dll	159		__dllonexit
msvcrt.dll	1292		memcpy_s
msvcrt.dll	1332		strchr
msvcrt.dll	1006		_vsnwprintf
msvcrt.dll	18		void * __cdecl operator new(unsigned int) ??2@YAPAXI@Z
msvcrt.dll	1291		memcpy
msvcrt.dll	796		_purecall
msvcrt.dll	20		void __cdecl operator delete(void *) ??3@YAXPAX@Z
msvcrt.dll	966		_unlock
msvcrt.dll	1290		memcmp
msvcrt.dll	1409		wcsrchr
msvcrt.dll	1295		memset
msvcrt.dll	1223		free
msvcrt.dll	779		_onexit
msvcrt.dll	113		_XcptFilter
msvcrt.dll	1279		malloc
msvcrt.dll	425		_ftol2_sse
api-ms-win-core-util-l1-1-0.dll	3		EncodePointer
api-ms-win-core-util-l1-1-0.dll	1		DecodePointer
api-ms-win-core-synch-l1-2-0.dll			AcquireSRWLockExclusive
api-ms-win-core-synch-l1-2-0.dll	31		OpenSemaphoreW
api-ms-win-core-synch-l1-2-0.dll	34		ReleaseSRWLockExclusive
api-ms-win-core-synch-l1-2-0.dll	50		WaitForMultipleObjectsEx
api-ms-win-core-synch-l1-2-0.dll	13		DeleteCriticalSection
api-ms-win-core-synch-l1-2-0.dll	27		LeaveCriticalSection
api-ms-win-core-synch-l1-2-0.dll	24		InitializeCriticalSectionEx
api-ms-win-core-synch-l1-2-0.dll	15		EnterCriticalSection
api-ms-win-core-synch-l1-2-0.dll	51		WaitForSingleObject
api-ms-win-core-synch-l1-2-0.dll	39		SetEvent
api-ms-win-core-synch-l1-2-0.dll	47		TryAcquireSRWLockExclusive
api-ms-win-core-synch-l1-2-0.dll	35		ReleaseSRWLockShared
api-ms-win-core-synch-l1-2-0.dll	22		InitializeCriticalSection
api-ms-win-core-synch-l1-2-0.dll	10		CreateMutexW
api-ms-win-core-synch-l1-2-0.dll	33		ReleaseMutex
api-ms-win-core-synch-l1-2-0.dll	43		Sleep
api-ms-win-core-synch-l1-2-0.dll	1		AcquireSRWLockShared
api-ms-win-core-synch-l1-2-0.dll	29		OpenEventW
api-ms-win-core-synch-l1-2-0.dll	25		InitializeSRWLock
api-ms-win-core-synch-l1-2-0.dll	6		CreateEventW
api-ms-win-core-synch-l1-2-0.dll	19		InitOnceExecuteOnce
api-ms-win-core-synch-l1-2-0.dll	52		WaitForSingleObjectEx
api-ms-win-core-synch-l1-2-0.dll	36		ReleaseSemaphore
api-ms-win-core-synch-l1-2-0.dll	5		CreateEventExW
api-ms-win-core-winrt-error-l1-1-1.dll	10		RoOriginateErrorW
api-ms-win-core-winrt-error-l1-1-1.dll	18		SetRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-1.dll			GetRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-1.dll	16		RoTransformError
api-ms-win-core-winrt-error-l1-1-1.dll	9		RoOriginateError
api-ms-win-eventing-provider-l1-1-0.dll	6		EventWrite
api-ms-win-eventing-provider-l1-1-0.dll	5		EventUnregister
api-ms-win-eventing-provider-l1-1-0.dll	3		EventRegister
api-ms-win-core-libraryloader-l1-2-0.dll	1		DisableThreadLibraryCalls
api-ms-win-core-libraryloader-l1-2-0.dll	18		GetModuleHandleW
api-ms-win-core-libraryloader-l1-2-0.dll	14		GetModuleFileNameW
api-ms-win-core-libraryloader-l1-2-0.dll	11		FreeLibraryAndExitThread
api-ms-win-core-libraryloader-l1-2-0.dll	21		LoadLibraryExW
api-ms-win-core-libraryloader-l1-2-0.dll	19		GetProcAddress
api-ms-win-core-libraryloader-l1-2-0.dll	8		FindResourceExW
api-ms-win-core-libraryloader-l1-2-0.dll	22		LoadResource
api-ms-win-core-libraryloader-l1-2-0.dll	10		FreeLibrary
api-ms-win-core-libraryloader-l1-2-0.dll	25		LockResource
api-ms-win-core-libraryloader-l1-2-0.dll	28		SizeofResource
api-ms-win-core-libraryloader-l1-2-0.dll	17		GetModuleHandleExW
api-ms-win-core-profile-l1-1-0.dll			QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-2.dll	70		TlsSetValue
api-ms-win-core-processthreads-l1-1-2.dll	41		OpenProcess
api-ms-win-core-processthreads-l1-1-2.dll	15		GetCurrentThread
api-ms-win-core-processthreads-l1-1-2.dll	28		GetStartupInfoW
api-ms-win-core-processthreads-l1-1-2.dll	11		GetCurrentProcess
api-ms-win-core-processthreads-l1-1-2.dll	44		OpenThreadToken
api-ms-win-core-processthreads-l1-1-2.dll	12		GetCurrentProcessId
api-ms-win-core-processthreads-l1-1-2.dll	42		OpenProcessToken
api-ms-win-core-processthreads-l1-1-2.dll	69		TlsGetValue
api-ms-win-core-processthreads-l1-1-2.dll	22		GetProcessId
api-ms-win-core-processthreads-l1-1-2.dll	67		TlsAlloc
api-ms-win-core-processthreads-l1-1-2.dll	68		TlsFree
api-ms-win-core-processthreads-l1-1-2.dll	5		CreateThread
api-ms-win-core-processthreads-l1-1-2.dll	65		TerminateProcess
api-ms-win-core-processthreads-l1-1-2.dll	16		GetCurrentThreadId
api-ms-win-core-sysinfo-l1-2-1.dll	25		GetVersionExW
api-ms-win-core-sysinfo-l1-2-1.dll	17		GetSystemTimeAsFileTime
api-ms-win-core-sysinfo-l1-2-1.dll	8		GetOsSafeBootMode
api-ms-win-core-sysinfo-l1-2-1.dll	21		GetTickCount
api-ms-win-core-errorhandling-l1-1-1.dll	11		UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll	9		SetLastError
api-ms-win-core-errorhandling-l1-1-1.dll	3		GetLastError
api-ms-win-core-errorhandling-l1-1-1.dll	4		RaiseException
api-ms-win-core-errorhandling-l1-1-1.dll	10		SetUnhandledExceptionFilter
api-ms-win-core-memory-l1-1-2.dll	19		OpenFileMappingW
api-ms-win-core-memory-l1-1-2.dll	28		UnmapViewOfFile
api-ms-win-core-memory-l1-1-2.dll	15		MapViewOfFile
api-ms-win-core-memory-l1-1-2.dll	4		CreateFileMappingW
api-ms-win-core-handle-l1-1-0.dll	1		DuplicateHandle
api-ms-win-core-handle-l1-1-0.dll			CloseHandle
api-ms-win-core-string-l1-1-0.dll	6		MultiByteToWideChar
api-ms-win-core-string-l1-1-0.dll	7		WideCharToMultiByte
api-ms-win-core-processenvironment-l1-2-0.dll			ExpandEnvironmentStringsA
api-ms-win-core-processenvironment-l1-2-0.dll	1		ExpandEnvironmentStringsW
api-ms-win-core-registry-l1-1-0.dll	39		RegSetValueExA
api-ms-win-core-registry-l1-1-0.dll	4		RegDeleteKeyExA
api-ms-win-core-registry-l1-1-0.dll	32		RegQueryValueExA
api-ms-win-core-registry-l1-1-0.dll	2		RegCreateKeyExA
api-ms-win-core-registry-l1-1-0.dll	5		RegDeleteKeyExW
api-ms-win-core-registry-l1-1-0.dll	27		RegOpenKeyExA
api-ms-win-core-registry-l1-1-0.dll			RegCloseKey
api-ms-win-core-registry-l1-1-0.dll	31		RegQueryInfoKeyW
api-ms-win-core-registry-l1-1-0.dll	8		RegDeleteValueA
api-ms-win-core-registry-l1-1-0.dll	3		RegCreateKeyExW
api-ms-win-core-registry-l1-1-0.dll	30		RegQueryInfoKeyA
api-ms-win-core-registry-l1-1-0.dll	33		RegQueryValueExW
api-ms-win-core-registry-l1-1-0.dll	9		RegDeleteValueW
api-ms-win-core-registry-l1-1-0.dll	13		RegEnumValueA
api-ms-win-core-registry-l1-1-0.dll	11		RegEnumKeyExA
api-ms-win-core-registry-l1-1-0.dll	12		RegEnumKeyExW
api-ms-win-core-registry-l1-1-0.dll	28		RegOpenKeyExW
api-ms-win-core-registry-l1-1-0.dll	14		RegEnumValueW
api-ms-win-core-registry-l1-1-0.dll	40		RegSetValueExW
api-ms-win-core-registry-l1-1-0.dll	18		RegGetValueW
api-ms-win-core-threadpool-l1-2-0.dll			CallbackMayRunLong
api-ms-win-core-threadpool-l1-2-0.dll	35		WaitForThreadpoolWaitCallbacks
api-ms-win-core-threadpool-l1-2-0.dll	13		CreateThreadpoolWait
api-ms-win-core-threadpool-l1-2-0.dll	6		CloseThreadpoolTimer
api-ms-win-core-threadpool-l1-2-0.dll	15		DisassociateCurrentThreadFromCallback
api-ms-win-core-threadpool-l1-2-0.dll	7		CloseThreadpoolWait
api-ms-win-core-threadpool-l1-2-0.dll	16		FreeLibraryWhenCallbackReturns
api-ms-win-core-threadpool-l1-2-0.dll	28		SetThreadpoolWait
api-ms-win-core-threadpool-l1-2-0.dll	26		SetThreadpoolTimer
api-ms-win-core-threadpool-l1-2-0.dll	12		CreateThreadpoolTimer
api-ms-win-core-threadpool-l1-2-0.dll	34		WaitForThreadpoolTimerCallbacks
api-ms-win-core-threadpool-l1-2-0.dll	32		TrySubmitThreadpoolCallback
api-ms-win-security-base-l1-2-0.dll	64		GetTokenInformation
api-ms-win-security-base-l1-2-0.dll	21		AdjustTokenPrivileges
api-ms-win-security-base-l1-2-0.dll	27		CheckTokenMembership
api-ms-win-core-file-l1-2-1.dll	38		GetFileInformationByHandle
api-ms-win-core-file-l1-2-1.dll	25		FlushFileBuffers
api-ms-win-core-file-l1-2-1.dll	40		GetFileSizeEx
api-ms-win-core-file-l1-2-1.dll	63		ReadFile
api-ms-win-core-file-l1-2-1.dll	8		DeleteFileW
api-ms-win-core-file-l1-2-1.dll	61		LockFileEx
api-ms-win-core-file-l1-2-1.dll	71		SetFileInformationByHandle
api-ms-win-core-file-l1-2-1.dll	36		GetFileAttributesExW
api-ms-win-core-file-l1-2-1.dll	5		CreateFileW
api-ms-win-core-file-l1-2-1.dll	73		SetFilePointer
api-ms-win-core-file-l1-2-1.dll	37		GetFileAttributesW
api-ms-win-core-file-l1-2-1.dll	78		UnlockFileEx
api-ms-win-core-file-l1-2-1.dll	54		GetVolumeInformationByHandleW
api-ms-win-core-file-l1-2-1.dll	33		GetDriveTypeW
api-ms-win-core-file-l1-2-1.dll	74		SetFilePointerEx
api-ms-win-core-file-l1-2-1.dll	68		SetEndOfFile
api-ms-win-core-file-l1-2-1.dll	79		WriteFile
api-ms-win-core-io-l1-1-1.dll	4		DeviceIoControl
api-ms-win-core-io-l1-1-1.dll	5		GetOverlappedResult
api-ms-win-core-io-l1-1-1.dll	1		CancelIoEx
api-ms-win-core-path-l1-1-0.dll			PathAllocCanonicalize
api-ms-win-core-file-l2-1-1.dll	11		ReplaceFileW
api-ms-win-core-file-l2-1-1.dll	5		GetFileInformationByHandleEx
api-ms-win-core-version-l1-1-0.dll	1		GetFileVersionInfoSizeExW
api-ms-win-core-version-l1-1-0.dll			GetFileVersionInfoExW
api-ms-win-core-version-l1-1-0.dll	3		VerQueryValueW
api-ms-win-core-heap-l1-2-0.dll	6		HeapFree
api-ms-win-core-heap-l1-2-0.dll	9		HeapReAlloc
api-ms-win-core-heap-l1-2-0.dll	2		HeapAlloc
api-ms-win-core-heap-l1-2-0.dll			GetProcessHeap
api-ms-win-core-quirks-l1-1-0.dll	2		QuirkIsEnabled
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	20		PathFileExistsW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	70		PathRemoveFileSpecW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	16		PathCombineW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	81		PathUnExpandEnvStringsA
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	82		PathUnExpandEnvStringsW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	24		PathFindFileNameW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	50		PathIsUNCW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	32		PathGetDriveNumberW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	22		PathFindExtensionW
api-ms-win-core-threadpool-legacy-l1-1-0.dll	4		DeleteTimerQueueTimer
api-ms-win-core-threadpool-legacy-l1-1-0.dll	5		QueueUserWorkItem
api-ms-win-core-threadpool-legacy-l1-1-0.dll	2		CreateTimerQueueTimer
api-ms-win-core-kernel32-legacy-l1-1-1.dll	10		CreateSemaphoreW
api-ms-win-core-kernel32-legacy-l1-1-1.dll	49		MulDiv
api-ms-win-core-kernel32-legacy-l1-1-1.dll	55		RaiseFailFastException
api-ms-win-core-wow64-l1-1-0.dll			IsWow64Process
api-ms-win-core-atoms-l1-1-0.dll	15		GlobalGetAtomNameW
api-ms-win-core-atoms-l1-1-0.dll	11		GlobalDeleteAtom
api-ms-win-core-atoms-l1-1-0.dll	9		GlobalAddAtomExW
api-ms-win-core-heap-obsolete-l1-1-0.dll	10		LocalFree
api-ms-win-core-heap-obsolete-l1-1-0.dll	8		LocalAlloc
api-ms-win-core-heap-obsolete-l1-1-0.dll	12		LocalReAlloc
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	26		StrCmpNICW
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	33		StrDupA
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	34		StrDupW
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll			QISearch
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	58		StrToIntW
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	27		StrCmpNIW
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	18		StrCmpICW
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	14		StrChrW
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	1		SHLoadIndirectString
api-ms-win-core-string-obsolete-l1-1-0.dll	4		lstrcmpiW
ntdll.dll	1190		RtlQueryWnfStateData
ntdll.dll	1354		RtlUnsubscribeWnfNotificationWaitForCompletion
ntdll.dll	1305		RtlSubscribeWnfStateChangeNotification
ntdll.dll	1217		RtlReleaseSRWLockExclusive
ntdll.dll	636		RtlAcquireSRWLockExclusive
ntdll.dll	1134		RtlNtStatusToDosError
ntdll.dll	434		NtQueryInformationProcess
ntdll.dll	252		NtCreateFile
ntdll.dll	461		NtQuerySystemInformation
ntdll.dll	1007		RtlInitUnicodeString
combase.dll		134
api-ms-win-core-apiquery-l1-1-0.dll			ApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1.dll	1		ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-1.dll			DelayLoadFailureHook

ord	entry_va	function_name
1	0x2d050
2	0x168f0	CommandLineToArgvW
3	0x4af20	CreateRandomAccessStreamOnFile
4	0x33250	CreateRandomAccessStreamOverStream
5	0x41940	CreateStreamOverRandomAccessStream
6	0x4310	DllCanUnloadNow
7	0x60570	DllGetActivationFactory
8	0x1cf00	DllGetClassObject
9	0x77ec0	GetCurrentProcessExplicitAppUserModelID
10	0x17490	GetDpiForMonitor
11	0x78620	GetProcessDpiAwareness
12	0x4450	GetProcessReference
13	0xee50	GetScaleFactorForDevice
14	0xef40	GetScaleFactorForMonitor
15	0x18180	IStream_Copy
16	0x17ef0	IStream_Read
17	0x18640	IStream_ReadStr
18	0x17930	IStream_Reset
19	0x18090	IStream_Size
20	0xae20	IStream_Write
21	0x18410	IStream_WriteStr
22	0x1fc10	IUnknown_AtomicRelease
23	0x16710	IUnknown_GetSite
24	0x4640	IUnknown_QueryService
25	0x45d0	IUnknown_Set
26	0x46f0	IUnknown_SetSite
27	0x192a0	IsOS
28	0x1ac90	RegisterScaleChangeEvent
29	0x1ae80	RegisterScaleChangeNotifications
30	0x1af10	RevokeScaleChangeNotifications
31	0x77bd0	SHAnsiToAnsi
32	0xaaf0	SHAnsiToUnicode
33	0x60bf0	SHCopyKeyA
34	0x41e20	SHCopyKeyW
35	0x17da0	SHCreateMemStream
36	0x6ea50	SHCreateStreamOnFileA
37	0xd5b0	SHCreateStreamOnFileEx
38	0xd9e0	SHCreateStreamOnFileW
39	0x14de0	SHCreateThread
40	0x36790	SHCreateThreadRef
41	0x15170	SHCreateThreadWithHandle
42	0x60950	SHDeleteEmptyKeyA
43	0x60af0	SHDeleteEmptyKeyW
44	0x60c60	SHDeleteKeyA
45	0x1a700	SHDeleteKeyW
46	0x609f0	SHDeleteValueA
47	0x18120	SHDeleteValueW
48	0x60cc0	SHEnumKeyExA
49	0x167a0	SHEnumKeyExW
50	0x60cf0	SHEnumValueA
51	0x1f630	SHEnumValueW
52	0x54a0	SHGetThreadRef
53	0xdd40	SHGetValueA
54	0x4e50	SHGetValueW
55	0x6e590	SHOpenRegStream2A
56	0x18cf0	SHOpenRegStream2W
57	0x6e630	SHOpenRegStreamA
58	0x6e660	SHOpenRegStreamW
59	0x60d80	SHQueryInfoKeyA
60	0x167d0	SHQueryInfoKeyW
61	0x60db0	SHQueryValueExA
62	0x4820	SHQueryValueExW
63	0x45200	SHRegDuplicateHKey
64	0x60de0	SHRegGetIntW
65	0x60e50	SHRegGetPathA
66	0x15450	SHRegGetPathW
67	0xdd70	SHRegGetValueA
68	0x5230	SHRegGetValueW
69	0x60e80	SHRegSetPathA
70	0x41b20	SHRegSetPathW
71	0x21350	SHReleaseThreadRef
72	0x36690	SHSetThreadRef
73	0x60a50	SHSetValueA
74	0x14f70	SHSetValueW
75	0x15dc0	SHStrDupA
76	0x4560	SHStrDupW
77	0x5680	SHUnicodeToAnsi
78	0x77d10	SHUnicodeToUnicode
79	0xdc60	SetCurrentProcessExplicitAppUserModelID
80	0x78870	SetProcessDpiAwareness
81	0x174e0	SetProcessReference
82	0x20710	UnregisterScaleChangeEvent
100	0xe580
101	0xd8a0
102	0x194b0
103	0x36c00
104	0xc640
105	0x19510
106	0x1ab50
107	0x6e480
108	0x6e4f0
109	0x1fdc0
110	0x42060
111	0x6e230
115	0x25810
116	0x3a5c0
117	0x688a0
120	0xb520
121	0x1fe30
122	0x17280	SHRegGetValueFromHKCUHKLM
123	0x17420
124	0x60d20
125	0x60d50
126	0x18bc0
127	0xb3b0
130	0x44e0
131	0xc9e0
132	0x605e0
133	0x212c0
140	0x14fe0
141	0x43c0
142	0xab60
143	0xaab0
144	0xc860
145	0xac20
150	0x77c20
151	0xad10
152	0x31e60
153	0x31f10
160	0x77b90
161	0x14eb0
162	0x4bc0
170	0x49d0
171	0x60620
172	0x4950
173	0xadb0
181	0x19df0
182	0xba60
183	0xbb00
184	0x56f0
185	0x784a0
186	0xbd20
187	0xbaa0
190	0x8100
191	0x1f5b0
192	0xaa50
193	0x187d0
200	0xaf30
220	0x785b0
221	0x786a0
222	0x35f80
223	0x786f0
224	0x787e0
225	0x78560
226	0x78650
227	0x78720
228	0x78810
230	0x21ae0
231	0x79190
232	0x211a0
233	0x21830
240	0x13350
241	0x787a0
242	0x31fb0
243	0xf680
244	0xf580
245	0x134f0
246	0x20fa0
250	0x12620
251	0x13c00
252	0x214a0
253	0x79910
254	0x14130
255	0xfd30

module_name	SHCORE.dll
flags	0
timestamp	2015-01-23 02:47:03
version	0.0
ordinal_base	1
nFunctions	255
nNames	82
Names(82)	0x3a88
Functions(255)	0x368c
NameOrdinals(82)	0x3bd0

StringTable 040904B0

CompanyName	Microsoft Corporation
FileDescription	SHCORE
FileVersion	6.3.9600.17666 (winblue_r8.150122-1500)
InternalName	SHCORE
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	SHCORE.dll
ProductName	Microsoft® Windows® Operating System
ProductVersion	6.3.9600.17666

VS_FIXEDFILEINFO

FileVersion	6.3.9600.17666
ProductVersion	6.3.9600.17666
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	0x40004
FileType	2
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows Production PCA 2011

serial: 330000004EA1D80770A9BBE94400000000004E

Certificates (2)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011
        Validity
            Not Before: Jul  1 20:32:01 2014 GMT
            Not After : Oct  1 20:32:01 2015 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:94:3f:1b:2b:08:42:ec:b4:32:ec:8e:e7:76:96:
                    c2:6a:34:df:51:b5:2f:dc:8e:41:a7:f2:7e:50:cb:
                    40:ad:bf:ae:98:93:90:2f:bc:09:2a:7d:9b:bd:e0:
                    56:f8:19:df:75:d7:b7:27:95:5f:d5:36:83:a4:ea:
                    1e:9d:b7:25:61:04:5c:84:56:76:3e:12:b6:3c:47:
                    11:73:91:10:7e:a9:51:12:50:df:ab:f5:e0:24:9c:
                    c4:23:c6:d9:f1:5e:20:a4:c2:29:ff:89:96:40:af:
                    96:39:5b:1f:ca:01:75:a4:02:d6:4b:80:66:6f:2a:
                    f2:cb:a4:e5:b1:8e:3e:d7:88:53:07:de:48:42:b2:
                    51:bb:17:e8:38:9b:3a:87:22:e6:83:f8:73:45:32:
                    8b:48:0e:3d:b7:05:ae:a3:53:08:4e:a5:4a:de:42:
                    aa:9f:b8:af:87:db:55:ea:25:94:a8:97:9b:2b:54:
                    f0:28:8f:fb:61:b7:cc:51:62:cf:68:f6:9a:b1:54:
                    06:a3:78:37:18:52:62:31:32:85:e6:6a:90:aa:c3:
                    d3:7e:2e:8e:37:a4:46:91:e3:d8:45:ff:a5:c1:52:
                    82:89:d0:57:cb:12:dd:2d:39:a9:85:ab:cb:b8:4d:
                    8e:48:47:43:3b:de:15:e2:30:f6:dc:fc:d4:dc:31:
                    14:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                Code Signing, 1.3.6.1.4.1.311.10.3.6
            X509v3 Subject Key Identifier: 
                78:19:3A:D3:1D:92:F7:71:19:B3:50:30:DD:74:4B:36:57:54:EB:B7
            X509v3 Subject Alternative Name: 
                DirName:/OU=MOPR/serialNumber=31612\+3d1bb16c-fc3b-4af0-ad06-16490ddfd255
            X509v3 Authority Key Identifier: 
                A9:29:02:39:8E:16:C4:97:78:CD:90:F9:9E:4F:9A:E1:7C:55:AF:53
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl
            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt
            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        82:07:b0:c7:9e:3b:96:e7:31:7c:d1:aa:c9:ab:45:fb:52:f1:
        a2:c8:47:cd:a4:be:d6:ff:0b:36:65:66:c6:04:69:76:25:78:
        90:a7:92:70:76:56:62:a0:4b:0f:6d:95:8c:1f:bb:a6:88:b7:
        71:7f:77:e1:01:37:10:7f:8c:cd:e9:ce:06:6d:0c:99:e9:fa:
        bf:a3:d6:69:e2:ea:c8:22:a8:1d:86:f6:20:82:8a:01:87:38:
        e2:90:f1:53:70:88:6c:68:9a:f9:39:9f:ad:45:f3:8e:2e:0f:
        d6:e3:1f:cd:f1:b2:95:dd:c0:15:16:4e:75:7e:2c:63:0b:05:
        d1:c1:03:73:5e:45:2e:a9:e3:ca:1b:44:e7:76:27:7a:03:0a:
        a4:73:09:44:99:bd:fa:d5:1e:bc:dc:61:c8:69:41:48:12:3c:
        15:08:11:23:0b:ab:24:f1:fb:3c:a6:4f:01:8a:c3:7d:5c:bb:
        61:17:30:55:b2:0d:d0:7f:bf:89:55:90:96:96:be:8d:e6:08:
        97:95:41:93:2f:d0:25:7f:93:2d:b6:f6:97:5b:4b:c8:2b:d3:
        93:a4:32:a4:ef:01:d8:8f:c9:65:2c:c0:d4:ee:de:46:df:51:
        9d:f8:48:83:53:bf:bf:4d:bc:83:58:ef:c8:dc:32:15:c5:53:
        8e:bb:d0:3e

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:07:76:56:00:00:00:00:00:08
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
        Validity
            Not Before: Oct 19 18:41:42 2011 GMT
            Not After : Oct 19 18:51:42 2026 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:dd:0c:bb:a2:e4:2e:09:e3:e7:c5:f7:96:69:bc:
                    00:21:bd:69:33:33:ef:ad:04:cb:54:80:ee:06:83:
                    bb:c5:20:84:d9:f7:d2:8b:f3:38:b0:ab:a4:ad:2d:
                    7c:62:79:05:ff:e3:4a:3f:04:35:20:70:e3:c4:e7:
                    6b:e0:9c:c0:36:75:e9:8a:31:dd:8d:70:e5:dc:37:
                    b5:74:46:96:28:5b:87:60:23:2c:bf:dc:47:a5:67:
                    f7:51:27:9e:72:eb:07:a6:c9:b9:1e:3b:53:35:7c:
                    e5:d3:ec:27:b9:87:1c:fe:b9:c9:23:09:6f:a8:46:
                    91:c1:6e:96:3c:41:d3:cb:a3:3f:5d:02:6a:4d:ec:
                    69:1f:25:28:5c:36:ff:fd:43:15:0a:94:e0:19:b4:
                    cf:df:c2:12:e2:c2:5b:27:ee:27:78:30:8b:5b:2a:
                    09:6b:22:89:53:60:16:2c:c0:68:1d:53:ba:ec:49:
                    f3:9d:61:8c:85:68:09:73:44:5d:7d:a2:54:2b:dd:
                    79:f7:15:cf:35:5d:6c:1c:2b:5c:ce:bc:9c:23:8b:
                    6f:6e:b5:26:d9:36:13:c3:4f:d6:27:ae:b9:32:3b:
                    41:92:2c:e1:c7:cd:77:e8:aa:54:4e:f7:5c:0b:04:
                    87:65:b4:43:18:a8:b2:e0:6d:19:77:ec:5a:24:fa:
                    48:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            1.3.6.1.4.1.311.21.1: 
                ...
            X509v3 Subject Key Identifier: 
                A9:29:02:39:8E:16:C4:97:78:CD:90:F9:9E:4F:9A:E1:7C:55:AF:53
            1.3.6.1.4.1.311.20.2: 
                .
.S.u.b.C.A
            X509v3 Key Usage: 
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Authority Key Identifier: 
                D5:F6:56:CB:8F:E8:A2:5C:62:68:D1:3D:94:90:5B:D7:CE:9A:18:C4
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        14:fc:7c:71:51:a5:79:c2:6e:b2:ef:39:3e:bc:3c:52:0f:6e:
        2b:3f:10:13:73:fe:a8:68:d0:48:a6:34:4d:8a:96:05:26:ee:
        31:46:90:61:79:d6:ff:38:2e:45:6b:f4:c0:e5:28:b8:da:1d:
        8f:8a:db:09:d7:1a:c7:4c:0a:36:66:6a:8c:ec:1b:d7:04:90:
        a8:18:17:a4:9b:b9:e2:40:32:36:76:c4:c1:5a:c6:bf:e4:04:
        c0:ea:16:d3:ac:c3:68:ef:62:ac:dd:54:6c:50:30:58:a6:eb:
        7c:fe:94:a7:4e:8e:f4:ec:7c:86:73:57:c2:52:21:73:34:5a:
        f3:a3:8a:56:c8:04:da:07:09:ed:f8:8b:e3:ce:f4:7e:8e:ae:
        f0:f6:0b:8a:08:fb:3f:c9:1d:72:7f:53:b8:eb:be:63:e0:e3:
        3d:31:65:b0:81:e5:f2:ac:cd:16:a4:9f:3d:a8:b1:9b:c2:42:
        d0:90:84:5f:54:1d:ff:89:ea:ba:1d:47:90:6f:b0:73:4e:41:
        9f:40:9f:5f:e5:a1:2a:b2:11:91:73:8a:21:28:f0:ce:de:73:
        39:5f:3e:ab:5c:60:ec:df:03:10:a8:d3:09:e9:f4:f6:96:85:
        b6:7f:51:88:66:47:19:8d:a2:b0:12:3d:81:2a:68:05:77:bb:
        91:4c:62:7b:b6:c1:07:c7:ba:7a:87:34:03:0e:4b:62:7a:99:
        e9:ca:fc:ce:4a:37:c9:2d:a4:57:7c:1c:fe:3d:dc:b8:0f:5a:
        fa:d6:c4:b3:02:85:02:3a:ea:b3:d9:6e:e4:69:21:37:de:81:
        d1:f6:75:19:05:67:d3:93:57:5e:29:1b:39:c8:ee:2d:e1:cd:
        e4:45:73:5b:d0:d2:ce:7a:ab:16:19:82:46:58:d0:5e:9d:81:
        b3:67:af:6c:35:f2:bc:e5:3f:24:e2:35:a2:0a:75:06:f6:18:
        56:99:d4:78:2c:d1:05:1b:eb:d0:88:01:9d:aa:10:f1:05:df:
        ba:7e:2c:63:b7:06:9b:23:21:c4:f9:78:6c:e2:58:17:06:36:
        2b:91:12:03:cc:a4:d9:f2:2d:ba:f9:94:9d:40:ed:18:45:f1:
        ce:8a:5c:6b:3e:ab:03:d3:70:18:2a:0a:6a:e0:5f:47:d1:d5:
        63:0a:32:f2:af:d7:36:1f:2a:70:5a:e5:42:59:08:71:4b:57:
        ba:7e:83:81:f0:21:3c:f4:1c:c1:c5:b9:90:93:0e:88:45:93:
        86:e9:b1:20:99:be:98:cb:c5:95:a4:5d:62:d6:a0:63:08:20:
        bd:75:10:77:7d:3d:f3:45:b9:9f:97:9f:cb:57:80:6f:33:a9:
        04:cf:77:a4:62:1c:59:7e

undefined method `first' for #

show previews

offset	size	type	comment
0	546816	DLL	01/23/2015 02:47:03	#
15c1	15	HTM		#
85800	13576	PKCS7	Authenticode Signature	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

everything is OK

SHCore.dll-

MZ Header

Rich Header

DOS stub

PE Header

Packer / Compiler

Sections

Data Directory

TLS

StringTable 040904B0

VS_FIXEDFILEINFO

Signers (1)

Certificates (2)

SHCore.dll
-