advapi32.dll

  • File Path: C:\Windows\SysWOW64\advapi32.dll
  • Description: Advanced Windows 32 Base API

Hashes

Type Hash
MD5 069699987DC9DDD30D165C6E13689D8B
SHA1 1E2E560E7D0668F46F30E0DC25A025B66DC48C28
SHA256 782CD5317F8E91975CFC435262E774CF2927E0B720172262EE3664EACB3A6907
SHA384 8C8D79B60474A722A537FB0CE27CF919BFFD0FDA93F48EFF6FDB9574A880B363039841BA6B5AF7D70815F3C1FB26D429
SHA512 E3BF5FBB218D88E78B63768B5B8908D9078ADD07ABDB5398DEA35278656CF28C436BAFCA93AADAB4AFFFD687C35E867048BFEC34DCC6FA32B57A88BF946337BB
SSDEEP 12288:pizeZzsdKNTNw/Bvd2lWlRsNv8MGuwzWFRHRfJ6r9+nF5z:pigzRNTNw15RsNZGuwzWFRHRfJ6r9kV
IMP E8A9A7ACDAED089A881BF2AC3A9D3F35
PESHA1 260551CB3B1A86ABDF142F9F4C1F4B9967107859
PE256 7C7F9FC72A9782E48B6E39090E5C7D5B72B21482CCE666B50A8EAA1A4929F5CB

DLL Exports:

Function Name Ordinal Type
PerfStopProvider 1573 Exported Function
PerfStartProviderEx 1572 Exported Function
PerfStartProvider 1571 Exported Function
PrivilegedServiceAuditAlarmW 1576 Exported Function
PrivilegedServiceAuditAlarmA 1575 Exported Function
PrivilegeCheck 1574 Exported Function
PerfSetULongLongCounterValue 1570 Exported Function
PerfRegSetValue 1566 Exported Function
PerfRegQueryValue 1565 Exported Function
PerfRegQueryInfoKey 1564 Exported Function
PerfSetULongCounterValue 1569 Exported Function
PerfSetCounterSetInfo 1568 Exported Function
PerfSetCounterRefValue 1567 Exported Function
QueryServiceConfig2W 1586 Exported Function
QueryServiceConfig2A 1585 Exported Function
QuerySecurityAccessMask 1584 Exported Function
QueryServiceDynamicInformation 1589 Exported Function
QueryServiceConfigW 1588 Exported Function
QueryServiceConfigA 1587 Exported Function
QueryRecoveryAgentsOnEncryptedFile 1583 Exported Function
ProcessTrace 1579 Exported Function
ProcessIdleTasksW 1578 Exported Function
ProcessIdleTasks 1577 Exported Function
QueryLocalUserServiceName 1582 Exported Function
QueryAllTracesW 1581 Exported Function
QueryAllTracesA 1580 Exported Function
PerfRegEnumValue 1563 Exported Function
PerfCloseQueryHandle 1546 Exported Function
PerfAddCounters 1545 Exported Function
OperationStart 1544 Exported Function
PerfDecrementULongLongCounterValue 1549 Exported Function
PerfDecrementULongCounterValue 1548 Exported Function
PerfCreateInstance 1547 Exported Function
OperationEnd 1543 Exported Function
OpenThreadToken 1539 Exported Function
OpenServiceW 1538 Exported Function
OpenServiceA 1537 Exported Function
OpenTraceW 1542 Exported Function
OpenTraceA 1541 Exported Function
OpenThreadWaitChainSession 1540 Exported Function
PerfQueryCounterSetRegistrationInfo 1559 Exported Function
PerfQueryCounterInfo 1558 Exported Function
PerfQueryCounterData 1557 Exported Function
PerfRegEnumKey 1562 Exported Function
PerfRegCloseKey 1561 Exported Function
PerfQueryInstance 1560 Exported Function
PerfOpenQueryHandle 1556 Exported Function
PerfEnumerateCounterSet 1552 Exported Function
PerfDeleteInstance 1551 Exported Function
PerfDeleteCounters 1550 Exported Function
PerfIncrementULongLongCounterValue 1555 Exported Function
PerfIncrementULongCounterValue 1554 Exported Function
PerfEnumerateCounterSetInstances 1553 Exported Function
QueryServiceLockStatusA 1590 Exported Function
RegDeleteValueA 1627 Exported Function
RegDeleteTreeW 1626 Exported Function
RegDeleteTreeA 1625 Exported Function
RegDisablePredefinedCacheEx 1630 Exported Function
RegDisablePredefinedCache 1629 Exported Function
RegDeleteValueW 1628 Exported Function
RegDeleteKeyW 1624 Exported Function
RegDeleteKeyTransactedA 1620 Exported Function
RegDeleteKeyExW 1619 Exported Function
RegDeleteKeyExA 1618 Exported Function
RegDeleteKeyValueW 1623 Exported Function
RegDeleteKeyValueA 1622 Exported Function
RegDeleteKeyTransactedW 1621 Exported Function
RegGetKeySecurity 1640 Exported Function
RegFlushKey 1639 Exported Function
RegEnumValueW 1638 Exported Function
RegisterEventSourceA 1686 Exported Function
RegGetValueW 1642 Exported Function
RegGetValueA 1641 Exported Function
RegEnumValueA 1637 Exported Function
RegEnumKeyA 1633 Exported Function
RegEnableReflectionKey 1632 Exported Function
RegDisableReflectionKey 1631 Exported Function
RegEnumKeyW 1636 Exported Function
RegEnumKeyExW 1635 Exported Function
RegEnumKeyExA 1634 Exported Function
RegDeleteKeyA 1617 Exported Function
QueryUsersOnEncryptedFile 1600 Exported Function
QueryUserServiceNameForContext 1599 Exported Function
QueryUserServiceName 1598 Exported Function
ReadEventLogW 1603 Exported Function
ReadEventLogA 1602 Exported Function
ReadEncryptedFileRaw 1601 Exported Function
QueryTraceW 1597 Exported Function
QueryServiceStatus 1593 Exported Function
QueryServiceObjectSecurity 1592 Exported Function
QueryServiceLockStatusW 1591 Exported Function
QueryTraceProcessingHandle 1596 Exported Function
QueryTraceA 1595 Exported Function
QueryServiceStatusEx 1594 Exported Function
RegCreateKeyExW 1613 Exported Function
RegCreateKeyExA 1612 Exported Function
RegCreateKeyA 1611 Exported Function
RegCreateKeyW 1616 Exported Function
RegCreateKeyTransactedW 1615 Exported Function
RegCreateKeyTransactedA 1614 Exported Function
RegCopyTreeW 1610 Exported Function
RegConnectRegistryExA 1606 Exported Function
RegConnectRegistryA 1605 Exported Function
RegCloseKey 1604 Exported Function
RegCopyTreeA 1609 Exported Function
RegConnectRegistryW 1608 Exported Function
RegConnectRegistryExW 1607 Exported Function
LsaLookupPrivilegeValue 1466 Exported Function
LsaLookupPrivilegeName 1465 Exported Function
LsaLookupPrivilegeDisplayName 1464 Exported Function
LsaManageSidNameMapping 1469 Exported Function
LsaLookupSids2 1467 Exported Function
LsaLookupSids 1468 Exported Function
LsaLookupNames2 1462 Exported Function
LsaICLookupNamesWithCreds 1459 Exported Function
LsaICLookupNames 1458 Exported Function
LsaGetUserName 1457 Exported Function
LsaLookupNames 1463 Exported Function
LsaICLookupSidsWithCreds 1461 Exported Function
LsaICLookupSids 1460 Exported Function
LsaQueryForestTrustInformation 1479 Exported Function
LsaQueryDomainInformationPolicy 1478 Exported Function
LsaQueryCAPs 1477 Exported Function
LsaQuerySecret 1482 Exported Function
LsaQueryInfoTrustedDomain 1480 Exported Function
LsaQueryInformationPolicy 1481 Exported Function
LsaOpenTrustedDomainByName 1476 Exported Function
LsaOpenPolicy 1472 Exported Function
LsaOpenAccount 1471 Exported Function
LsaNtStatusToWinError 1470 Exported Function
LsaOpenTrustedDomain 1475 Exported Function
LsaOpenSecret 1474 Exported Function
LsaOpenPolicySce 1473 Exported Function
LsaGetSystemAccessAccount 1456 Exported Function
LsaCreateAccount 1439 Exported Function
LsaClose 1438 Exported Function
LsaClearAuditLog 1437 Exported Function
LsaCreateTrustedDomainEx 1442 Exported Function
LsaCreateTrustedDomain 1441 Exported Function
LsaCreateSecret 1440 Exported Function
LsaAddPrivilegesToAccount 1436 Exported Function
LookupPrivilegeValueW 1432 Exported Function
LookupPrivilegeValueA 1431 Exported Function
LookupPrivilegeNameW 1430 Exported Function
LsaAddAccountRights 1435 Exported Function
LookupSecurityDescriptorPartsW 1434 Exported Function
LookupSecurityDescriptorPartsA 1433 Exported Function
LsaFreeMemory 1452 Exported Function
LsaEnumerateTrustedDomainsEx 1451 Exported Function
LsaEnumerateTrustedDomains 1450 Exported Function
LsaGetRemoteUserName 1455 Exported Function
LsaGetQuotasForAccount 1454 Exported Function
LsaGetAppliedCAPIDs 1453 Exported Function
LsaEnumeratePrivilegesOfAccount 1449 Exported Function
LsaEnumerateAccountRights 1445 Exported Function
LsaDeleteTrustedDomain 1444 Exported Function
LsaDelete 1443 Exported Function
LsaEnumeratePrivileges 1448 Exported Function
LsaEnumerateAccountsWithUserRight 1447 Exported Function
LsaEnumerateAccounts 1446 Exported Function
LsaQuerySecurityObject 1483 Exported Function
ObjectCloseAuditAlarmA 1520 Exported Function
NpGetUserName 1519 Exported Function
NotifyServiceStatusChangeW 1518 Exported Function
ObjectDeleteAuditAlarmW 1523 Exported Function
ObjectDeleteAuditAlarmA 1522 Exported Function
ObjectCloseAuditAlarmW 1521 Exported Function
NotifyServiceStatusChangeA 1517 Exported Function
MSChapSrvChangePassword2 1508 Exported Function
MSChapSrvChangePassword 1509 Exported Function
MIDL_user_free_Ext 1507 Exported Function
NotifyServiceStatusChange 1516 Exported Function
NotifyChangeEventLog 1515 Exported Function
NotifyBootConfigStatus 1514 Exported Function
OpenEventLogW 1533 Exported Function
OpenEventLogA 1532 Exported Function
OpenEncryptedFileRawW 1531 Exported Function
OpenSCManagerW 1536 Exported Function
OpenSCManagerA 1535 Exported Function
OpenProcessToken 1534 Exported Function
OpenEncryptedFileRawA 1530 Exported Function
ObjectPrivilegeAuditAlarmA 1526 Exported Function
ObjectOpenAuditAlarmW 1525 Exported Function
ObjectOpenAuditAlarmA 1524 Exported Function
OpenBackupEventLogW 1529 Exported Function
OpenBackupEventLogA 1528 Exported Function
ObjectPrivilegeAuditAlarmW 1527 Exported Function
MD5Update 1506 Exported Function
LsaSetInformationTrustedDomain 1493 Exported Function
LsaSetInformationPolicy 1492 Exported Function
LsaSetForestTrustInformation 1491 Exported Function
LsaSetSecurityObject 1496 Exported Function
LsaSetSecret 1495 Exported Function
LsaSetQuotasForAccount 1494 Exported Function
LsaSetDomainInformationPolicy 1490 Exported Function
LsaRemoveAccountRights 1486 Exported Function
LsaQueryTrustedDomainInfoByName 1485 Exported Function
LsaQueryTrustedDomainInfo 1484 Exported Function
LsaSetCAPs 1489 Exported Function
LsaRetrievePrivateData 1488 Exported Function
LsaRemovePrivilegesFromAccount 1487 Exported Function
MD4Init 1502 Exported Function
MD4Final 1501 Exported Function
MapGenericMask 1513 Exported Function
MD5Init 1505 Exported Function
MD5Final 1504 Exported Function
MD4Update 1503 Exported Function
MakeSelfRelativeSD 1512 Exported Function
LsaSetTrustedDomainInformation 1499 Exported Function
LsaSetTrustedDomainInfoByName 1498 Exported Function
LsaSetSystemAccessAccount 1497 Exported Function
MakeAbsoluteSD2 1510 Exported Function
MakeAbsoluteSD 1511 Exported Function
LsaStorePrivateData 1500 Exported Function
SystemFunction019 1787 Exported Function
SystemFunction018 1786 Exported Function
SystemFunction017 1785 Exported Function
SystemFunction022 1790 Exported Function
SystemFunction021 1789 Exported Function
SystemFunction020 1788 Exported Function
SystemFunction016 1784 Exported Function
SystemFunction012 1780 Exported Function
SystemFunction011 1779 Exported Function
SystemFunction010 1778 Exported Function
SystemFunction015 1783 Exported Function
SystemFunction014 1782 Exported Function
SystemFunction013 1781 Exported Function
SystemFunction032 1800 Exported Function
SystemFunction031 1799 Exported Function
SystemFunction030 1798 Exported Function
SystemFunction035 1803 Exported Function
SystemFunction034 1802 Exported Function
SystemFunction033 1801 Exported Function
SystemFunction029 1797 Exported Function
SystemFunction025 1793 Exported Function
SystemFunction024 1792 Exported Function
SystemFunction023 1791 Exported Function
SystemFunction028 1796 Exported Function
SystemFunction027 1795 Exported Function
SystemFunction026 1794 Exported Function
SystemFunction009 1777 Exported Function
SetUserFileEncryptionKeyEx 1760 Exported Function
SetUserFileEncryptionKey 1759 Exported Function
SetTraceCallback 1758 Exported Function
StartServiceCtrlDispatcherW 1763 Exported Function
StartServiceCtrlDispatcherA 1762 Exported Function
StartServiceA 1761 Exported Function
SetTokenInformation 1757 Exported Function
SetServiceBits 1753 Exported Function
SetSecurityInfoExW 1752 Exported Function
SetSecurityInfoExA 1751 Exported Function
SetThreadToken 1756 Exported Function
SetServiceStatus 1755 Exported Function
SetServiceObjectSecurity 1754 Exported Function
SystemFunction005 1773 Exported Function
SystemFunction004 1772 Exported Function
SystemFunction003 1771 Exported Function
SystemFunction008 1776 Exported Function
SystemFunction007 1775 Exported Function
SystemFunction006 1774 Exported Function
SystemFunction002 1770 Exported Function
StartTraceW 1766 Exported Function
StartTraceA 1765 Exported Function
StartServiceW 1764 Exported Function
SystemFunction001 1769 Exported Function
StopTraceW 1768 Exported Function
StopTraceA 1767 Exported Function
SystemFunction036 1804 Exported Function
WmiOpenBlock 1841 Exported Function
WmiNotificationRegistrationW 1840 Exported Function
WmiNotificationRegistrationA 1839 Exported Function
WmiQueryAllDataMultipleW 1844 Exported Function
WmiQueryAllDataMultipleA 1843 Exported Function
WmiQueryAllDataA 1842 Exported Function
WmiMofEnumerateResourcesW 1838 Exported Function
WmiFileHandleToInstanceNameA 1834 Exported Function
WmiExecuteMethodW 1833 Exported Function
WmiExecuteMethodA 1832 Exported Function
WmiMofEnumerateResourcesA 1837 Exported Function
WmiFreeBuffer 1836 Exported Function
WmiFileHandleToInstanceNameW 1835 Exported Function
WmiSetSingleInstanceW 1854 Exported Function
WmiSetSingleInstanceA 1853 Exported Function
WmiReceiveNotificationsW 1852 Exported Function
WriteEncryptedFileRaw 1857 Exported Function
WmiSetSingleItemW 1856 Exported Function
WmiSetSingleItemA 1855 Exported Function
WmiReceiveNotificationsA 1851 Exported Function
WmiQuerySingleInstanceA 1847 Exported Function
WmiQueryGuidInformation 1846 Exported Function
WmiQueryAllDataW 1845 Exported Function
WmiQuerySingleInstanceW 1850 Exported Function
WmiQuerySingleInstanceMultipleW 1849 Exported Function
WmiQuerySingleInstanceMultipleA 1848 Exported Function
WmiEnumerateGuids 1831 Exported Function
TreeResetNamedSecurityInfoW 1814 Exported Function
TreeResetNamedSecurityInfoA 1813 Exported Function
TraceSetInformation 1812 Exported Function
TrusteeAccessToObjectA 1817 Exported Function
TreeSetNamedSecurityInfoW 1816 Exported Function
TreeSetNamedSecurityInfoA 1815 Exported Function
TraceQueryInformation 1811 Exported Function
TraceEvent 1807 Exported Function
SystemFunction041 1806 Exported Function
SystemFunction040 1805 Exported Function
TraceMessageVa 1810 Exported Function
TraceMessage 1809 Exported Function
TraceEventInstance 1808 Exported Function
WaitServiceState 1827 Exported Function
UsePinForEncryptedFilesW 1826 Exported Function
UsePinForEncryptedFilesA 1825 Exported Function
WmiDevInstToInstanceNameW 1830 Exported Function
WmiDevInstToInstanceNameA 1829 Exported Function
WmiCloseBlock 1828 Exported Function
UpdateTraceW 1824 Exported Function
UnlockServiceDatabase 1820 Exported Function
UninstallApplication 1819 Exported Function
TrusteeAccessToObjectW 1818 Exported Function
UpdateTraceA 1823 Exported Function
UnregisterTraceGuids 1822 Exported Function
UnregisterIdleTask 1821 Exported Function
RegReplaceKeyW 1670 Exported Function
RegReplaceKeyA 1669 Exported Function
RegRenameKey 1668 Exported Function
RegSaveKeyA 1673 Exported Function
RegRestoreKeyW 1672 Exported Function
RegRestoreKeyA 1671 Exported Function
RegQueryValueW 1667 Exported Function
RegQueryReflectionKey 1663 Exported Function
RegQueryMultipleValuesW 1662 Exported Function
RegQueryMultipleValuesA 1661 Exported Function
RegQueryValueExW 1666 Exported Function
RegQueryValueExA 1665 Exported Function
RegQueryValueA 1664 Exported Function
RegSetValueW 1683 Exported Function
RegSetValueExW 1682 Exported Function
RegSetValueExA 1681 Exported Function
RemoteRegEnumKeyWrapper 1696 Exported Function
RegUnLoadKeyW 1685 Exported Function
RegUnLoadKeyA 1684 Exported Function
RegSetValueA 1680 Exported Function
RegSaveKeyW 1676 Exported Function
RegSaveKeyExW 1675 Exported Function
RegSaveKeyExA 1674 Exported Function
RegSetKeyValueW 1679 Exported Function
RegSetKeyValueA 1678 Exported Function
RegSetKeySecurity 1677 Exported Function
RegQueryInfoKeyW 1660 Exported Function
RegLoadAppKeyA 1643 Exported Function
RegisterWaitChainCOMCallback 1695 Exported Function
RegisterTraceGuidsW 1694 Exported Function
RegLoadKeyW 1646 Exported Function
RegLoadKeyA 1645 Exported Function
RegLoadAppKeyW 1644 Exported Function
RegisterTraceGuidsA 1693 Exported Function
RegisterServiceCtrlHandlerA 1689 Exported Function
RegisterIdleTask 1688 Exported Function
RegisterEventSourceW 1687 Exported Function
RegisterServiceCtrlHandlerW 1692 Exported Function
RegisterServiceCtrlHandlerExW 1691 Exported Function
RegisterServiceCtrlHandlerExA 1690 Exported Function
RegOpenKeyW 1656 Exported Function
RegOpenKeyTransactedW 1655 Exported Function
RegOpenKeyTransactedA 1654 Exported Function
RegQueryInfoKeyA 1659 Exported Function
RegOverridePredefKey 1658 Exported Function
RegOpenUserClassesRoot 1657 Exported Function
RegOpenKeyExW 1653 Exported Function
RegNotifyChangeKeyValue 1649 Exported Function
RegLoadMUIStringW 1648 Exported Function
RegLoadMUIStringA 1647 Exported Function
RegOpenKeyExA 1652 Exported Function
RegOpenKeyA 1651 Exported Function
RegOpenCurrentUser 1650 Exported Function
RemoteRegEnumValueWrapper 1697 Exported Function
SetInformationCodeAuthzLevelW 1734 Exported Function
SetFileSecurityW 1733 Exported Function
SetFileSecurityA 1732 Exported Function
SetNamedSecurityInfoA 1737 Exported Function
SetKernelObjectSecurity 1736 Exported Function
SetInformationCodeAuthzPolicyW 1735 Exported Function
SetEntriesInAuditListW 1731 Exported Function
SetEntriesInAccessListW 1727 Exported Function
SetEntriesInAccessListA 1726 Exported Function
SetEncryptedFileMetadata 1725 Exported Function
SetEntriesInAuditListA 1730 Exported Function
SetEntriesInAclW 1729 Exported Function
SetEntriesInAclA 1728 Exported Function
SetSecurityDescriptorOwner 1747 Exported Function
SetSecurityDescriptorGroup 1746 Exported Function
SetSecurityDescriptorDacl 1745 Exported Function
SetSecurityInfo 1750 Exported Function
SetSecurityDescriptorSacl 1749 Exported Function
SetSecurityDescriptorRMControl 1748 Exported Function
SetSecurityDescriptorControl 1744 Exported Function
SetNamedSecurityInfoW 1740 Exported Function
SetNamedSecurityInfoExW 1739 Exported Function
SetNamedSecurityInfoExA 1738 Exported Function
SetSecurityAccessMask 1743 Exported Function
SetPrivateObjectSecurityEx 1742 Exported Function
SetPrivateObjectSecurity 1741 Exported Function
SetAclInformation 1724 Exported Function
SafeBaseRegGetKeySecurity 1707 Exported Function
RevertToSelf 1706 Exported Function
ReportEventW 1705 Exported Function
SaferCreateLevel 1710 Exported Function
SaferComputeTokenFromLevel 1709 Exported Function
SaferCloseLevel 1708 Exported Function
ReportEventA 1704 Exported Function
RemoteRegQueryMultipleValuesWrapper 1700 Exported Function
RemoteRegQueryMultipleValues2Wrapper 1699 Exported Function
RemoteRegQueryInfoKeyWrapper 1698 Exported Function
RemoveUsersFromEncryptedFile 1703 Exported Function
RemoveTraceCallback 1702 Exported Function
RemoteRegQueryValueWrapper 1701 Exported Function
SaferiSearchMatchingHashRules 1723 Exported Function
SaferiRecordEventLogEntry 1722 Exported Function
SaferiPopulateDefaultsInRegistry 1721 Exported Function
SaferSetPolicyInformation 1716 Exported Function
SaferSetLevelInformation 1715 Exported Function
SaferRecordEventLogEntry 1714 Exported Function
SaferiIsExecutableFileType 1720 Exported Function
SaferiChangeRegistryScope 1717 Exported Function
SaferGetPolicyInformation 1712 Exported Function
SaferGetLevelInformation 1711 Exported Function
SaferiIsDllAllowed 1719 Exported Function
SaferIdentifyLevel 1713 Exported Function
SaferiCompareTokenLevels 1718 Exported Function
LookupPrivilegeNameA 1429 Exported Function
CreateServiceA 1145 Exported Function
CreateRestrictedToken 1144 Exported Function
CreateProcessWithTokenW 1143 Exported Function
CreateTraceInstanceId 1148 Exported Function
CreateServiceW 1147 Exported Function
CreateServiceEx 1146 Exported Function
CreateProcessWithLogonW 1142 Exported Function
CreatePrivateObjectSecurityEx 1138 Exported Function
CreatePrivateObjectSecurity 1137 Exported Function
CreateCodeAuthzLevel 1136 Exported Function
CreateProcessAsUserW 1141 Exported Function
CreateProcessAsUserA 1140 Exported Function
CreatePrivateObjectSecurityWithMultipleInheritance 1139 Exported Function
CredFree 1158 Exported Function
CredFindBestCredentialW 1157 Exported Function
CredFindBestCredentialA 1156 Exported Function
CredGetTargetInfoW 1161 Exported Function
CredGetTargetInfoA 1160 Exported Function
CredGetSessionTypes 1159 Exported Function
CredEnumerateW 1155 Exported Function
CredDeleteA 1151 Exported Function
CredBackupCredentials 1150 Exported Function
CreateWellKnownSid 1149 Exported Function
CredEnumerateA 1154 Exported Function
CredEncryptAndMarshalBinaryBlob 1153 Exported Function
CredDeleteW 1152 Exported Function
CopySid 1135 Exported Function
ConvertSecurityDescriptorToAccessA 1118 Exported Function
ConvertSDToStringSDRootDomainW 1117 Exported Function
ConvertSDToStringSDRootDomainA 1116 Exported Function
ConvertSecurityDescriptorToAccessW 1121 Exported Function
ConvertSecurityDescriptorToAccessNamedW 1120 Exported Function
ConvertSecurityDescriptorToAccessNamedA 1119 Exported Function
ConvertSDToStringSDDomainW 1115 Exported Function
ControlTraceA 1111 Exported Function
ControlServiceExW 1110 Exported Function
ControlServiceExA 1109 Exported Function
ConvertAccessToSecurityDescriptorW 1114 Exported Function
ConvertAccessToSecurityDescriptorA 1113 Exported Function
ControlTraceW 1112 Exported Function
ConvertStringSecurityDescriptorToSecurityDescriptorW 1131 Exported Function
ConvertStringSecurityDescriptorToSecurityDescriptorA 1130 Exported Function
ConvertStringSDToSDRootDomainW 1129 Exported Function
ConvertToAutoInheritPrivateObjectSecurity 1134 Exported Function
ConvertStringSidToSidW 1133 Exported Function
ConvertStringSidToSidA 1132 Exported Function
ConvertStringSDToSDRootDomainA 1128 Exported Function
ConvertSidToStringSidA 1124 Exported Function
ConvertSecurityDescriptorToStringSecurityDescriptorW 1123 Exported Function
ConvertSecurityDescriptorToStringSecurityDescriptorA 1122 Exported Function
ConvertStringSDToSDDomainW 1127 Exported Function
ConvertStringSDToSDDomainA 1126 Exported Function
ConvertSidToStringSidW 1125 Exported Function
CredIsMarshaledCredentialA 1162 Exported Function
CryptDecrypt 1199 Exported Function
CryptCreateHash 1198 Exported Function
CryptContextAddRef 1197 Exported Function
CryptDestroyKey 1202 Exported Function
CryptDestroyHash 1201 Exported Function
CryptDeriveKey 1200 Exported Function
CryptAcquireContextW 1196 Exported Function
CredWriteDomainCredentialsA 1186 Exported Function
CredWriteA 1185 Exported Function
CredUnprotectW 1184 Exported Function
CryptAcquireContextA 1195 Exported Function
CredWriteW 1188 Exported Function
CredWriteDomainCredentialsW 1187 Exported Function
CryptGenRandom 1212 Exported Function
CryptGenKey 1211 Exported Function
CryptExportKey 1210 Exported Function
CryptGetHashParam 1215 Exported Function
CryptGetDefaultProviderW 1214 Exported Function
CryptGetDefaultProviderA 1213 Exported Function
CryptEnumProviderTypesW 1207 Exported Function
CryptEncrypt 1205 Exported Function
CryptDuplicateKey 1204 Exported Function
CryptDuplicateHash 1203 Exported Function
CryptEnumProviderTypesA 1206 Exported Function
CryptEnumProvidersW 1209 Exported Function
CryptEnumProvidersA 1208 Exported Function
CredUnprotectA 1183 Exported Function
CredpEncodeCredential 1193 Exported Function
CredpDecodeCredential 1192 Exported Function
CredpConvertTargetInfo 1191 Exported Function
CredProfileLoadedEx 1169 Exported Function
CredProfileLoaded 1168 Exported Function
CredpEncodeSecret 1194 Exported Function
CredpConvertOneCredentialSize 1190 Exported Function
CredIsProtectedW 1165 Exported Function
CredIsProtectedA 1164 Exported Function
CredIsMarshaledCredentialW 1163 Exported Function
CredpConvertCredential 1189 Exported Function
CredMarshalCredentialW 1167 Exported Function
CredMarshalCredentialA 1166 Exported Function
CredRenameW 1179 Exported Function
CredRenameA 1178 Exported Function
CredReadW 1177 Exported Function
CredUnmarshalCredentialW 1182 Exported Function
CredUnmarshalCredentialA 1181 Exported Function
CredRestoreCredentials 1180 Exported Function
CredReadDomainCredentialsW 1176 Exported Function
CredProtectW 1172 Exported Function
CredProtectA 1171 Exported Function
CredProfileUnloaded 1170 Exported Function
CredReadDomainCredentialsA 1175 Exported Function
CredReadByTokenHandle 1174 Exported Function
CredReadA 1173 Exported Function
AuditComputeEffectivePolicyBySid 1038 Exported Function
AreAnyAccessesGranted 1037 Exported Function
AreAllAccessesGranted 1036 Exported Function
AuditEnumeratePerUserPolicy 1041 Exported Function
AuditEnumerateCategories 1040 Exported Function
AuditComputeEffectivePolicyByToken 1039 Exported Function
AllocateLocallyUniqueId 1035 Exported Function
AddUsersToEncryptedFileEx 1031 Exported Function
AddUsersToEncryptedFile 1030 Exported Function
AddMandatoryAce 1029 Exported Function
AllocateAndInitializeSid 1034 Exported Function
AdjustTokenPrivileges 1033 Exported Function
AdjustTokenGroups 1032 Exported Function
AuditQueryGlobalSaclW 1051 Exported Function
AuditQueryGlobalSaclA 1050 Exported Function
AuditLookupSubCategoryNameW 1049 Exported Function
AuditQuerySystemPolicy 1054 Exported Function
AuditQuerySecurity 1053 Exported Function
AuditQueryPerUserPolicy 1052 Exported Function
AuditLookupSubCategoryNameA 1048 Exported Function
AuditLookupCategoryGuidFromCategoryId 1044 Exported Function
AuditFree 1043 Exported Function
AuditEnumerateSubCategories 1042 Exported Function
AuditLookupCategoryNameW 1047 Exported Function
AuditLookupCategoryNameA 1046 Exported Function
AuditLookupCategoryIdFromCategoryGuid 1045 Exported Function
AddConditionalAce 1028 Exported Function
AccessCheckByTypeAndAuditAlarmA 1011 Exported Function
AccessCheckByType 1010 Exported Function
AccessCheckAndAuditAlarmW 1009 Exported Function
AccessCheckByTypeResultListAndAuditAlarmA 1014 Exported Function
AccessCheckByTypeResultList 1013 Exported Function
AccessCheckByTypeAndAuditAlarmW 1012 Exported Function
AccessCheckAndAuditAlarmA 1008 Exported Function
A_SHAUpdate 1004 Exported Function
A_SHAInit 1003 Exported Function
A_SHAFinal 1002 Exported Function
AccessCheck 1007 Exported Function
AbortSystemShutdownW 1006 Exported Function
AbortSystemShutdownA 1005 Exported Function
AddAce 1024 Exported Function
AddAccessDeniedObjectAce 1023 Exported Function
AddAccessDeniedAceEx 1022 Exported Function
AddAuditAccessObjectAce 1027 Exported Function
AddAuditAccessAceEx 1026 Exported Function
AddAuditAccessAce 1025 Exported Function
AddAccessDeniedAce 1021 Exported Function
AccessCheckByTypeResultListAndAuditAlarmW 1017 Exported Function
AccessCheckByTypeResultListAndAuditAlarmByHandleW 1016 Exported Function
AccessCheckByTypeResultListAndAuditAlarmByHandleA 1015 Exported Function
AddAccessAllowedObjectAce 1020 Exported Function
AddAccessAllowedAceEx 1019 Exported Function
AddAccessAllowedAce 1018 Exported Function
AuditSetGlobalSaclA 1055 Exported Function
ChangeServiceConfig2A 1092 Exported Function
CancelOverlappedAccess 1091 Exported Function
BuildTrusteeWithSidW 1090 Exported Function
ChangeServiceConfigW 1095 Exported Function
ChangeServiceConfigA 1094 Exported Function
ChangeServiceConfig2W 1093 Exported Function
BuildTrusteeWithSidA 1089 Exported Function
BuildTrusteeWithObjectsAndNameA 1085 Exported Function
BuildTrusteeWithNameW 1084 Exported Function
BuildTrusteeWithNameA 1083 Exported Function
BuildTrusteeWithObjectsAndSidW 1088 Exported Function
BuildTrusteeWithObjectsAndSidA 1087 Exported Function
BuildTrusteeWithObjectsAndNameW 1086 Exported Function
CloseTrace 1105 Exported Function
CloseThreadWaitChainSession 1104 Exported Function
CloseServiceHandle 1103 Exported Function
ControlService 1108 Exported Function
ComputeAccessTokenFromCodeAuthzLevel 1107 Exported Function
CommandLineFromMsiDescriptor 1106 Exported Function
CloseEventLog 1102 Exported Function
ClearEventLogA 1098 Exported Function
CheckTokenMembership 1097 Exported Function
CheckForHiberboot 1096 Exported Function
CloseEncryptedFileRaw 1101 Exported Function
CloseCodeAuthzLevel 1100 Exported Function
ClearEventLogW 1099 Exported Function
BuildSecurityDescriptorW 1082 Exported Function
BaseRegDeleteValue 1065 Exported Function
BaseRegDeleteKeyEx 1064 Exported Function
BaseRegCreateKey 1063 Exported Function
BaseRegLoadKey 1068 Exported Function
BaseRegGetVersion 1067 Exported Function
BaseRegFlushKey 1066 Exported Function
BaseRegCloseKey 1062 Exported Function
AuditSetSecurity 1058 Exported Function
AuditSetPerUserPolicy 1057 Exported Function
AuditSetGlobalSaclW 1056 Exported Function
BackupEventLogW 1061 Exported Function
BackupEventLogA 1060 Exported Function
AuditSetSystemPolicy 1059 Exported Function
BuildImpersonateExplicitAccessWithNameW 1078 Exported Function
BuildImpersonateExplicitAccessWithNameA 1077 Exported Function
BuildExplicitAccessWithNameW 1076 Exported Function
BuildSecurityDescriptorA 1081 Exported Function
BuildImpersonateTrusteeW 1080 Exported Function
BuildImpersonateTrusteeA 1079 Exported Function
BuildExplicitAccessWithNameA 1075 Exported Function
BaseRegSaveKeyEx 1071 Exported Function
BaseRegRestoreKey 1070 Exported Function
BaseRegOpenKey 1069 Exported Function
BaseRegUnLoadKey 1074 Exported Function
BaseRegSetValue 1073 Exported Function
BaseRegSetKeySecurity 1072 Exported Function
GetSecurityInfoExW 1359 Exported Function
GetSecurityInfoExA 1358 Exported Function
GetSecurityInfo 1357 Exported Function
GetServiceKeyNameA 1362 Exported Function
GetServiceDisplayNameW 1361 Exported Function
GetServiceDisplayNameA 1360 Exported Function
GetSecurityDescriptorSacl 1356 Exported Function
GetSecurityDescriptorGroup 1352 Exported Function
GetSecurityDescriptorDacl 1351 Exported Function
GetSecurityDescriptorControl 1350 Exported Function
GetSecurityDescriptorRMControl 1355 Exported Function
GetSecurityDescriptorOwner 1354 Exported Function
GetSecurityDescriptorLength 1353 Exported Function
GetTraceEnableLevel 1372 Exported Function
GetTraceEnableFlags 1371 Exported Function
GetTokenInformation 1370 Exported Function
GetTrusteeFormW 1375 Exported Function
GetTrusteeFormA 1374 Exported Function
GetTraceLoggerHandle 1373 Exported Function
GetThreadWaitChain 1369 Exported Function
GetSidLengthRequired 1365 Exported Function
GetSidIdentifierAuthority 1364 Exported Function
GetServiceKeyNameW 1363 Exported Function
GetStringConditionFromBinary 1368 Exported Function
GetSidSubAuthorityCount 1367 Exported Function
GetSidSubAuthority 1366 Exported Function
GetPrivateObjectSecurity 1349 Exported Function
GetKernelObjectSecurity 1332 Exported Function
GetInheritanceSourceW 1331 Exported Function
GetInheritanceSourceA 1330 Exported Function
GetLocalManagedApplications 1335 Exported Function
GetLocalManagedApplicationData 1334 Exported Function
GetLengthSid 1333 Exported Function
GetInformationCodeAuthzPolicyW 1329 Exported Function
GetExplicitEntriesFromAclW 1325 Exported Function
GetExplicitEntriesFromAclA 1324 Exported Function
GetEventLogInformation 1323 Exported Function
GetInformationCodeAuthzLevelW 1328 Exported Function
GetFileSecurityW 1327 Exported Function
GetFileSecurityA 1326 Exported Function
GetNamedSecurityInfoW 1345 Exported Function
GetNamedSecurityInfoExW 1344 Exported Function
GetNamedSecurityInfoExA 1343 Exported Function
GetOverlappedAccessResults 1348 Exported Function
GetOldestEventLogRecord 1347 Exported Function
GetNumberOfEventLogRecords 1346 Exported Function
GetNamedSecurityInfoA 1342 Exported Function
GetMultipleTrusteeA 1338 Exported Function
GetManagedApplications 1337 Exported Function
GetManagedApplicationCategories 1336 Exported Function
GetMultipleTrusteeW 1341 Exported Function
GetMultipleTrusteeOperationW 1340 Exported Function
GetMultipleTrusteeOperationA 1339 Exported Function
GetTrusteeNameA 1376 Exported Function
IsValidAcl 1412 Exported Function
IsTokenUntrusted 1411 Exported Function
IsTokenRestricted 1410 Exported Function
IsValidSid 1415 Exported Function
IsValidSecurityDescriptor 1414 Exported Function
IsValidRelativeSecurityDescriptor 1413 Exported Function
IsTextUnicode 1409 Exported Function
InitiateSystemShutdownExA 1405 Exported Function
InitiateSystemShutdownA 1404 Exported Function
InitiateShutdownW 1403 Exported Function
InstallApplication 1408 Exported Function
InitiateSystemShutdownW 1407 Exported Function
InitiateSystemShutdownExW 1406 Exported Function
LookupAccountSidA 1425 Exported Function
LookupAccountNameW 1424 Exported Function
LookupAccountNameA 1423 Exported Function
LookupPrivilegeDisplayNameW 1428 Exported Function
LookupPrivilegeDisplayNameA 1427 Exported Function
LookupAccountSidW 1426 Exported Function
LogonUserW 1422 Exported Function
LogonUserA 1418 Exported Function
LockServiceDatabase 1417 Exported Function
IsWellKnownSid 1416 Exported Function
LogonUserExW 1421 Exported Function
LogonUserExExW 1420 Exported Function
LogonUserExA 1419 Exported Function
InitiateShutdownA 1402 Exported Function
I_ScPnPGetServiceName 1385 Exported Function
I_ScIsSecurityProcess 1384 Exported Function
I_ScGetCurrentGroupStateW 1001 Exported Function
I_ScReparseServiceDatabase 1388 Exported Function
I_ScRegisterPreshutdownRestart 1387 Exported Function
I_ScQueryServiceConfig 1386 Exported Function
I_QueryTagInformation 1383 Exported Function
GetTrusteeTypeW 1379 Exported Function
GetTrusteeTypeA 1378 Exported Function
GetTrusteeNameW 1377 Exported Function
GetWindowsAccountDomainSid 1382 Exported Function
GetUserNameW 1381 Exported Function
GetUserNameA 1380 Exported Function
ImpersonateSelf 1398 Exported Function
ImpersonateNamedPipeClient 1397 Exported Function
ImpersonateLoggedOnUser 1396 Exported Function
InitializeSid 1401 Exported Function
InitializeSecurityDescriptor 1400 Exported Function
InitializeAcl 1399 Exported Function
ImpersonateAnonymousToken 1395 Exported Function
I_ScSetServiceBitsA 1391 Exported Function
I_ScSendTSMessage 1390 Exported Function
I_ScSendPnPMessage 1389 Exported Function
IdentifyCodeAuthzLevelW 1394 Exported Function
I_ScValidatePnPService 1393 Exported Function
I_ScSetServiceBitsW 1392 Exported Function
ElfNumberOfRecords 1252 Exported Function
ElfFlushEventLog 1251 Exported Function
ElfDeregisterEventSource 1250 Exported Function
ElfOpenBackupEventLogW 1255 Exported Function
ElfOpenBackupEventLogA 1254 Exported Function
ElfOldestRecord 1253 Exported Function
ElfCloseEventLog 1249 Exported Function
ElfBackupEventLogFileW 1245 Exported Function
ElfBackupEventLogFileA 1244 Exported Function
DuplicateTokenEx 1243 Exported Function
ElfClearEventLogFileW 1248 Exported Function
ElfClearEventLogFileA 1247 Exported Function
ElfChangeNotify 1246 Exported Function
EnableTrace 1265 Exported Function
ElfReportEventW 1264 Exported Function
ElfReportEventAndSourceW 1263 Exported Function
EncryptedFileKeyInfo 1270 Exported Function
EnableTraceEx2 1266 Exported Function
EnableTraceEx 1267 Exported Function
ElfReportEventA 1262 Exported Function
ElfReadEventLogA 1258 Exported Function
ElfOpenEventLogW 1257 Exported Function
ElfOpenEventLogA 1256 Exported Function
ElfRegisterEventSourceW 1261 Exported Function
ElfRegisterEventSourceA 1260 Exported Function
ElfReadEventLogW 1259 Exported Function
DuplicateToken 1242 Exported Function
CryptSetProviderA 1226 Exported Function
CryptSetKeyParam 1224 Exported Function
CryptSetHashParam 1223 Exported Function
CryptSetProviderW 1229 Exported Function
CryptSetProviderExW 1228 Exported Function
CryptSetProviderExA 1227 Exported Function
CryptReleaseContext 1222 Exported Function
CryptGetUserKey 1218 Exported Function
CryptGetProvParam 1217 Exported Function
CryptGetKeyParam 1216 Exported Function
CryptImportKey 1221 Exported Function
CryptHashSessionKey 1220 Exported Function
CryptHashData 1219 Exported Function
DeleteService 1238 Exported Function
DeleteAce 1237 Exported Function
DecryptFileW 1236 Exported Function
DuplicateEncryptionInfoFile 1241 Exported Function
DestroyPrivateObjectSecurity 1240 Exported Function
DeregisterEventSource 1239 Exported Function
DecryptFileA 1235 Exported Function
CryptSignHashW 1231 Exported Function
CryptSignHashA 1230 Exported Function
CryptSetProvParam 1225 Exported Function
CveEventWrite 1234 Exported Function
CryptVerifySignatureW 1233 Exported Function
CryptVerifySignatureA 1232 Exported Function
EncryptFileA 1268 Exported Function
FreeEncryptedFileKeyInfo 1306 Exported Function
FlushTraceW 1305 Exported Function
FlushTraceA 1304 Exported Function
FreeInheritedFromArray 1309 Exported Function
FreeEncryptionCertificateHashList 1308 Exported Function
FreeEncryptedFileMetadata 1307 Exported Function
FlushEfsCache 1303 Exported Function
EventWriteTransfer 1299 Exported Function
EventWriteString 1298 Exported Function
EventWriteStartScenario 1297 Exported Function
FindFirstFreeAce 1302 Exported Function
FileEncryptionStatusW 1301 Exported Function
FileEncryptionStatusA 1300 Exported Function
GetDynamicTimeZoneInformationEffectiveYears 1319 Exported Function
GetCurrentHwProfileW 1318 Exported Function
GetCurrentHwProfileA 1317 Exported Function
GetEncryptedFileMetadata 1322 Exported Function
GetEffectiveRightsFromAclW 1321 Exported Function
GetEffectiveRightsFromAclA 1320 Exported Function
GetAuditedPermissionsFromAclW 1316 Exported Function
GetAccessPermissionsForObjectW 1312 Exported Function
GetAccessPermissionsForObjectA 1311 Exported Function
FreeSid 1310 Exported Function
GetAuditedPermissionsFromAclA 1315 Exported Function
GetAclInformation 1314 Exported Function
GetAce 1313 Exported Function
EventWriteEx 1296 Exported Function
EnumServicesStatusExA 1277 Exported Function
EnumServicesStatusA 1276 Exported Function
EnumServiceGroupW 1275 Exported Function
EqualDomainSid 1282 Exported Function
EnumServicesStatusW 1279 Exported Function
EnumServicesStatusExW 1278 Exported Function
EnumerateTraceGuidsEx 1281 Exported Function
EnumDependentServicesA 1272 Exported Function
EncryptionDisable 1271 Exported Function
EncryptFileW 1269 Exported Function
EnumerateTraceGuids 1280 Exported Function
EnumDynamicTimeZoneInformation 1274 Exported Function
EnumDependentServicesW 1273 Exported Function
EventSetInformation 1292 Exported Function
EventRegister 1291 Exported Function
EventProviderEnabled 1290 Exported Function
EventWriteEndScenario 1295 Exported Function
EventWrite 1294 Exported Function
EventUnregister 1293 Exported Function
EventEnabled 1289 Exported Function
EventAccessControl 1285 Exported Function
EqualSid 1284 Exported Function
EqualPrefixSid 1283 Exported Function
EventActivityIdControl 1288 Exported Function
EventAccessRemove 1287 Exported Function
EventAccessQuery 1286 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: advapi32.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/66
  • VirusTotal Link: https://www.virustotal.com/gui/file/782cd5317f8e91975cfc435262e774cf2927e0b720172262ee3664eacb3a6907/detection/

Possible Misuse

The following table contains possible examples of advapi32.dll being misused. While advapi32.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_susp_advapi32_dll.yml ImageLoaded\|endswith: '\advapi32.dll' DRL 1.0
signature-base apt_apt15.yar ( pe.imports(“advapi32.dll”, “CryptDecrypt”) and pe.imports(“advapi32.dll”, “CryptEncrypt”) and CC BY-NC 4.0
signature-base apt_turla_png_dropper_nov18.yar pe.imports(“advapi32.dll”, “StartServiceCtrlDispatcherA”) and CC BY-NC 4.0
signature-base apt_turla_png_dropper_nov18.yar pe.imports(“advapi32.dll”, “RegEnumValueA”) and CC BY-NC 4.0
signature-base apt_turla_png_dropper_nov18.yar pe.imports(“advapi32.dll”, “RegEnumKeyExA”) and CC BY-NC 4.0
signature-base crime_ransom_darkside.yar $CommonDLLs3 = “ADVAPI32.dll” fullword CC BY-NC 4.0
signature-base exploit_uac_elevators.yar $g13 = “ADVAPI32.dll” CC BY-NC 4.0
signature-base gen_cn_hacktools.yar $s3 = “ADVAPI32.DLL” fullword ascii CC BY-NC 4.0
signature-base gen_empire.yar $x1 = “[DllImport("Advapi32.dll", SetLastError = true, EntryPoint = "CredReadW"” ascii CC BY-NC 4.0
signature-base gen_excel_xll_addin_suspicious.yar or (pe.imports(“ADVAPI32.dll”, “CryptDecrypt”) CC BY-NC 4.0
signature-base gen_excel_xll_addin_suspicious.yar and pe.imports(“ADVAPI32.dll”, “CryptImportKey”)) CC BY-NC 4.0
signature-base gen_powershell_toolkit.yar $s4 = “Get-ProcAddress Advapi32.dll AdjustTokenPrivileges” fullword ascii CC BY-NC 4.0
signature-base gen_powershell_toolkit.yar $x3 = “} = Get-ProcAddress Advapi32.dll OpenThreadToken” ascii CC BY-NC 4.0
signature-base gen_powershell_toolkit.yar $s6 = “= Get-ProcAddress Advapi32.dll AdjustTokenPrivileges” ascii CC BY-NC 4.0
signature-base thor-hacktools.yar $x1 = “ADVAPI32.DLL” fullword ascii CC BY-NC 4.0
signature-base thor-hacktools.yar $z1 = “ADVAPI32.DLL” fullword ascii CC BY-NC 4.0
signature-base thor-webshells.yar $s5 = “[DllImport("Advapi32.dll", SetLastError = true)]” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.