filenamesysmon.ocx
size407040 (0x63600)
md548433ffc1be7c854827de53baf0f3c0f
typePE32+ executable (DLL) (GUI) x86-64, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xe8

Rich Header

lib idversiontimes used
261267153
2602671527
259267153
10367
2572671527
256267151
2652671558
255267151
258267151

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x8664
NumberOfSections6
TimeDateStamp0x26458a38
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xf0
Characteristics0x2022
Magic0x20b
LinkerVersion14.15
SizeOfCode0x45e00
SizeOfInitializedData0x22000
SizeOfUninitializedData0
AddressOfEntryPoint0x44690
BaseOfCode0x1000
ImageBase0x180000000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion10.0
ImageVersion10.0
SubsystemVersion10.0
Reserved10
SizeOfImage0x6a000
SizeOfHeaders0x400
CheckSum0x6931e
Subsystem2
DllCharacteristics0x4160
SizeOfStackReserve0x40000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Sections

namevavsizeraw sizeflags
.text0x10000x45d4e0x45e00R-X CODE
.rdata0x470000xfd160xfe00R-- IDATA
.data0x570000x5e300x1400RW- IDATA
.pdata0x5d0000x2e080x3000R-- IDATA
.rsrc0x600000x89900x8a00R-- IDATA
.reloc0x690000x7500x800R-- IDATA DISCARDABLE

Data Directory

typevasize
EXPORT0x548100xa4
IMPORT0x548b40x118
RESOURCE0x600000x8990
EXCEPTION0x5d0000x2e08
SECURITY00
BASERELOC0x690000x750
DEBUG0x4efb00x54
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG0x488b00x108
Bound_IAT00
IAT0x489b80xbd0
Delay_IAT00
CLR_Header00
typenamesizecp
MUI#12960
TYPELIB#1328640
VERSION#19640
MANIFEST#27470
module_namehintordfunction_name
msvcrt.dll75_CxxThrowException
msvcrt.dll1087floor
msvcrt.dll1154log10
msvcrt.dll1170memcpy
msvcrt.dll1174memset
msvcrt.dll656_onexit
msvcrt.dll123__dllonexit
msvcrt.dll833_unlock
msvcrt.dll486_lock
msvcrt.dll47void __cdecl terminate(void)

?terminate@@YAXXZ

msvcrt.dll18public: virtual __cdecl type_info::~type_info(void) __ptr64

??1type_info@@UEAA@XZ

msvcrt.dll381_initterm
msvcrt.dll174_amsg_exit
msvcrt.dll85_XcptFilter
msvcrt.dll1193realloc
msvcrt.dll1281wcschr
msvcrt.dll13public: __cdecl exception::exception(void) __ptr64

??0exception@@QEAA@XZ

msvcrt.dll871_vsnprintf_s
msvcrt.dll91__CxxFrameHandler3
msvcrt.dll12public: __cdecl exception::exception(class exception const & __ptr64) __ptr64

??0exception@@QEAA@AEBV0@@Z

msvcrt.dll17public: virtual __cdecl exception::~exception(void) __ptr64

??1exception@@UEAA@XZ

msvcrt.dll1100free
msvcrt.dll1158malloc
msvcrt.dll1259towlower
msvcrt.dll1030_wtoi64
msvcrt.dll1296wcsrchr
msvcrt.dll1029_wtoi
msvcrt.dll1246swscanf_s
msvcrt.dll1299wcsspn
msvcrt.dll1286wcscspn
msvcrt.dll1236strstr
msvcrt.dll680_resetstkoflw
msvcrt.dll1300wcsstr
msvcrt.dll1302wcstok
msvcrt.dll670_purecall
msvcrt.dll873_vsnwprintf
msvcrt.dll42public: char const * __ptr64 __cdecl type_info::name(void)const __ptr64

?name@type_info@@QEBAPEBDXZ

msvcrt.dll87__C_specific_handler
msvcrt.dll1171memcpy_s
msvcrt.dll1179pow
ATL.DLL41
ATL.DLL30
ntdll.dll747RtlCaptureContext
ntdll.dll1532RtlVirtualUnwind
ntdll.dll1720WinSqmSetDWORD
ntdll.dll1700WinSqmAddToStream
ntdll.dll1716WinSqmIncrementDWORD
ntdll.dll1699WinSqmAddToAverageDWORD
ntdll.dll1235RtlLookupFunctionEntry
KERNEL32.dll134CloseHandle
KERNEL32.dll846HeapAlloc
KERNEL32.dll699GetProcessHeap
KERNEL32.dll853HeapReAlloc
KERNEL32.dll850HeapFree
KERNEL32.dll203CreateFileW
KERNEL32.dll1606lstrcmpiW
KERNEL32.dll2ActivateActCtx
KERNEL32.dll259DeactivateActCtx
KERNEL32.dll967LoadLibraryW
KERNEL32.dll375FindActCtxSectionStringW
KERNEL32.dll176CreateActCtxW
KERNEL32.dll1343SetLastError
KERNEL32.dll634GetModuleFileNameW
KERNEL32.dll637GetModuleHandleExW
KERNEL32.dll1092QueryActCtxW
KERNEL32.dll1051OutputDebugStringA
KERNEL32.dll693GetProcAddress
KERNEL32.dll822GlobalAlloc
KERNEL32.dll833GlobalLock
KERNEL32.dll840GlobalUnlock
KERNEL32.dll716GetProfileIntW
KERNEL32.dll1226ResetEvent
KERNEL32.dll1549WideCharToMultiByte
KERNEL32.dll1010MultiByteToWideChar
KERNEL32.dll242CreateThread
KERNEL32.dll477GetCommandLineW
KERNEL32.dll829GlobalFree
KERNEL32.dll390FindFirstFileW
KERNEL32.dll379FindClose
KERNEL32.dll594GetFileSize
KERNEL32.dll1143ReadFile
KERNEL32.dll1569WriteFile
KERNEL32.dll485GetComputerNameW
KERNEL32.dll552GetDateFormatW
KERNEL32.dll787GetTimeFormatW
KERNEL32.dll368FileTimeToSystemTime
KERNEL32.dll155CompareStringW
KERNEL32.dll1009MulDiv
KERNEL32.dll429FormatMessageW
KERNEL32.dll433FreeLibrary
KERNEL32.dll619GetLocaleInfoW
KERNEL32.dll666GetNumberFormatW
KERNEL32.dll412FindResourceW
KERNEL32.dll970LoadResource
KERNEL32.dll990LockResource
KERNEL32.dll360ExpandEnvironmentStringsW
KERNEL32.dll1303SetCurrentDirectoryW
KERNEL32.dll546GetCurrentThreadId
KERNEL32.dll633GetModuleFileNameA
KERNEL32.dll263DebugBreak
KERNEL32.dll638GetModuleHandleW
KERNEL32.dll898IsDebuggerPresent
KERNEL32.dll1052OutputDebugStringW
KERNEL32.dll1208ReleaseSemaphore
KERNEL32.dll1204ReleaseMutex
KERNEL32.dll1511WaitForSingleObjectEx
KERNEL32.dll1044OpenSemaphoreW
KERNEL32.dll542GetCurrentProcessId
KERNEL32.dll217CreateMutexExW
KERNEL32.dll235CreateSemaphoreExW
KERNEL32.dll804GetVersionExW
KERNEL32.dll1419Sleep
KERNEL32.dll1468UnhandledExceptionFilter
KERNEL32.dll1403SetUnhandledExceptionFilter
KERNEL32.dll541GetCurrentProcess
KERNEL32.dll1434TerminateProcess
KERNEL32.dll1104QueryPerformanceCounter
KERNEL32.dll752GetSystemTimeAsFileTime
KERNEL32.dll1387SetThreadPriority
KERNEL32.dll191CreateEventW
KERNEL32.dll1316SetEvent
KERNEL32.dll782GetTickCount
KERNEL32.dll1510WaitForSingleObject
KERNEL32.dll1430SystemTimeToFileTime
KERNEL32.dll616GetLocalTime
KERNEL32.dll960LeaveCriticalSection
KERNEL32.dll309EnterCriticalSection
KERNEL32.dll871InitializeCriticalSection
KERNEL32.dll273DeleteCriticalSection
KERNEL32.dll615GetLastError
KERNEL32.dll1603lstrcmpW
ADVAPI32.dll652RegOpenKeyExW
ADVAPI32.dll603RegCloseKey
ADVAPI32.dll612RegCreateKeyExW
ADVAPI32.dll289EventRegister
ADVAPI32.dll291EventUnregister
ADVAPI32.dll292EventWrite
ADVAPI32.dll665RegQueryValueExW
USER32.dll77ClientToScreen
USER32.dll400GetParent
USER32.dll167DefWindowProcW
USER32.dll488GetWindowLongW
USER32.dll885SetWindowLongW
USER32.dll450GetSysColor
USER32.dll650MessageBoxW
USER32.dll571IsRectEmpty
USER32.dll91CopyRect
USER32.dll454GetSystemMetrics
USER32.dll343GetFocus
USER32.dll212DrawFrameControl
USER32.dll222DrawTextW
USER32.dll210DrawFocusRect
USER32.dll656MoveWindow
USER32.dll360GetKeyState
USER32.dll760ReleaseCapture
USER32.dll613LoadStringW
USER32.dll209DrawEdge
USER32.dll815SetDlgItemInt
USER32.dll780SendDlgItemMessageW
USER32.dll333GetDlgItemInt
USER32.dll587IsWindowVisible
USER32.dll610LoadMenuW
USER32.dll233EnableMenuItem
USER32.dll449GetSubMenu
USER32.dll930TrackPopupMenu
USER32.dll178DestroyMenu
USER32.dll592LoadAcceleratorsW
USER32.dll555IsChild
USER32.dll583IsWindowEnabled
USER32.dll936TranslateMessage
USER32.dll189DispatchMessageW
USER32.dll934TranslateAcceleratorW
USER32.dll942UnionRect
USER32.dll667OpenClipboard
USER32.dll310GetClipboardData
USER32.dll79CloseClipboard
USER32.dll232EmptyClipboard
USER32.dll801SetClipboardData
USER32.dll920SystemParametersInfoW
USER32.dll239EnableWindow
USER32.dll335GetDlgItemTextW
USER32.dll853SetPropW
USER32.dll432GetPropW
USER32.dll767RemovePropW
USER32.dll106CreateDialogParamW
USER32.dll286GetAncestor
USER32.dll326GetDialogBaseUnits
USER32.dll884SetWindowLongPtrW
USER32.dll559IsDialogMessageW
USER32.dll817SetDlgItemTextW
USER32.dll71CheckRadioButton
USER32.dll279FrameRect
USER32.dll581IsWindow
USER32.dll594LoadBitmapW
USER32.dll444GetScrollPos
USER32.dll858SetScrollRange
USER32.dll445GetScrollRange
USER32.dll777ScrollWindow
USER32.dll857SetScrollPos
USER32.dll962UpdateWindow
USER32.dll560IsDlgButtonChecked
USER32.dll695PtInRect
USER32.dll114CreatePopupMenu
USER32.dll539InsertMenuItemW
USER32.dll638MapWindowPoints
USER32.dll931TrackPopupMenuEx
USER32.dll282GetActiveWindow
USER32.dll590KillTimer
USER32.dll871SetTimer
USER32.dll793SetCapture
USER32.dll544InvalidateRect
USER32.dll887SetWindowPos
USER32.dll543IntersectRect
USER32.dll521InflateRect
USER32.dll267EqualRect
USER32.dll118CreateWindowExW
USER32.dll598LoadCursorW
USER32.dll732RegisterClassW
USER32.dll904ShowWindow
USER32.dll842SetParent
USER32.dll820SetFocus
USER32.dll734RegisterClipboardFormatW
USER32.dll854SetRect
USER32.dll947UnregisterClassW
USER32.dll181DestroyWindow
USER32.dll325GetDesktopWindow
USER32.dll322GetDC
USER32.dll66CheckDlgButton
USER32.dll761ReleaseDC
USER32.dll272FillRect
USER32.dll666OffsetRect
USER32.dll307GetClientRect
USER32.dll479GetWindowDC
USER32.dll332GetDlgItem
USER32.dll821SetForegroundWindow
USER32.dll685PostMessageW
USER32.dll495GetWindowRect
USER32.dll487GetWindowLongPtrW
USER32.dll244EndPaint
USER32.dll17BeginPaint
USER32.dll474GetWindow
USER32.dll805SetCursor
USER32.dll789SendMessageW
USER32.dll855SetRectEmpty
GDI32.dll889SetMapMode
GDI32.dll31CloseMetaFile
GDI32.dll382DeleteMetaFile
GDI32.dll793RectVisible
GDI32.dll914SetWindowOrgEx
GDI32.dll913SetWindowExtEx
GDI32.dll910SetViewportOrgEx
GDI32.dll909SetViewportExtEx
GDI32.dll697GetStockObject
GDI32.dll41CreateBitmap
GDI32.dll79CreatePen
GDI32.dll74CreateMetaFileW
GDI32.dll804RestoreDC
GDI32.dll811SaveDC
GDI32.dll737LPtoDP
GDI32.dll794Rectangle
GDI32.dll78CreatePatternBrush
GDI32.dll49CreateCompatibleDC
GDI32.dll926TextOutW
GDI32.dll720GetTextFaceW
GDI32.dll52CreateDCW
GDI32.dll722GetTextMetricsW
GDI32.dll739LineTo
GDI32.dll757MoveToEx
GDI32.dll380DeleteDC
GDI32.dll860SelectObject
GDI32.dll466ExtTextOutW
GDI32.dll531GdiFlush
GDI32.dll55CreateDIBSection
GDI32.dll714GetTextExtentPoint32W
GDI32.dll905SetTextAlign
GDI32.dll83CreateRectRgn
GDI32.dll34CombineRgn
GDI32.dll907SetTextColor
GDI32.dll858SelectClipRgn
GDI32.dll617GetClipBox
GDI32.dll769PatBlt
GDI32.dll867SetBkColor
GDI32.dll48CreateCompatibleBitmap
GDI32.dll630GetDeviceCaps
GDI32.dll680GetObjectW
GDI32.dll67CreateFontIndirectW
GDI32.dll90CreateSolidBrush
GDI32.dll717GetTextExtentPointW
GDI32.dll383DeleteObject
GDI32.dll786Polyline
GDI32.dll868SetBkMode
ole32.dll473ReleaseStgMedium
ole32.dll171CreateStreamOnHGlobal
ole32.dll524StringFromGUID2
ole32.dll140CoTaskMemFree
ole32.dll168CreateOleAdviseHolder
ole32.dll158CreateBindCtx
ole32.dll442OleRegEnumVerbs
ole32.dll444OleRegGetUserType
ole32.dll443OleRegGetMiscStatus
ole32.dll105CoLockObjectExternal
ole32.dll81CoGetMalloc
ole32.dll160CreateDataAdviseHolder
ole32.dll43CoCreateInstance
ole32.dll195GetRunningObjectTable
ole32.dll161CreateDataCache
ole32.dll472RegisterDragDrop
ole32.dll475RevokeDragDrop
ole32.dll542WriteFmtUserTypeStg
OLEAUT32.dll411
OLEAUT32.dll24
OLEAUT32.dll23
OLEAUT32.dll16
OLEAUT32.dll161
OLEAUT32.dll162
OLEAUT32.dll185
OLEAUT32.dll184
OLEAUT32.dll416
OLEAUT32.dll4
OLEAUT32.dll417
OLEAUT32.dll147
OLEAUT32.dll6
OLEAUT32.dll2
OLEAUT32.dll421
OLEAUT32.dll420
OLEAUT32.dll29
OLEAUT32.dll8
OLEAUT32.dll12
OLEAUT32.dll7
OLEAUT32.dll9
pdh.dll89PdhParseCounterPathW
pdh.dll48PdhGetCounterInfoW
pdh.dll95PdhRemoveCounter
pdh.dll15PdhCalculateCounterFromRawValue
pdh.dll27PdhEnumLogSetNamesW
pdh.dll44PdhExpandWildCardPathHW
pdh.dll16PdhCloseLog
pdh.dll101PdhSetDefaultRealTimeDataSource
pdh.dll21PdhComputeCounterStatistics
pdh.dll72PdhGetRawCounterValue
pdh.dll20PdhCollectQueryDataWithTime
pdh.dll103PdhSetQueryTimeRange
pdh.dll10PdhBindInputDataSourceW
pdh.dll51PdhGetDataSourceTimeRangeH
pdh.dll81PdhMakeCounterPathW
pdh.dll34PdhEnumObjectItemsHW
pdh.dll38PdhEnumObjectsHW
pdh.dll94PdhRelogW
pdh.dll107PdhTranslateLocaleCounterW
pdh.dll105PdhTranslate009CounterW
pdh.dll68PdhGetLogFileTypeW
pdh.dll17PdhCloseQuery
pdh.dll18PdhCollectQueryData
pdh.dll30PdhEnumMachinesHW
pdh.dll86PdhOpenQueryH
pdh.dll3PdhAddCounterW
SHELL32.dll7CommandLineToArgvW
SHELL32.dll40DragQueryFileW
SHELL32.dll36DragFinish
SHELL32.dll35DragAcceptFiles
ODBC32.dll31
ODBC32.dll24
ODBC32.dll157
ODBC32.dll75
pdhui.dll3PdhUiBrowseCountersExHW
ordentry_vafunction_name
10x7d80DllCanUnloadNow
20x7ae0DllGetClassObject
30x56d0DllRegisterServer
40x56d0DllUnregisterServer
module_nameSYSMON.dll
flags0
timestamp1990-05-07 14:46:16
version0.0
ordinal_base1
nFunctions4
nNames4
Names(4)0x54848
Functions(4)0x54838
NameOrdinals(4)0x54858

StringTable 040904B0

CompanyNameMicrosoft Corporation
FileDescriptionSystem Monitor Control
FileVersion10.0.18362.1 (WinBuild.160101.0800)
InternalNameSYSMON.OCX
LegalCopyright© Microsoft Corporation. All rights reserved.
OriginalFilenameSYSMON.OCX
ProductNameMicrosoft® Windows® Operating System
ProductVersion10.0.18362.1
OleSelfRegister

VS_FIXEDFILEINFO

FileVersion10.0.18362.1
ProductVersion10.0.18362.1
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS0x40004
FileType2
FileSubtype0
offsetsizetypecomment
15c115HTM#
4b72811717GIF(0 x 0)#
4e4ed86291BINoverlay data past EOF#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











everything is OK