authz.dll

• File Path: C:\Windows\system32\authz.dll
• Description: Authorization Framework

Hashes

Type	Hash
MD5	2FBC5D943CB69088A704884EB39F83B9
SHA1	D94FEB9CC09D2F924A880E3871A417F913BC3272
SHA256	4E4EF8C31583ECE0A3B8ED92FF5CC9D04D6CEAF90FA00CDB8ADEE3808A835BDB
SHA384	B37E6BC41EF069709C27935EE0660B9038C07E8C5AC747EAC4A6EF414C1119495D43EB00D10607DBDBA9D7EB9F6200AA
SHA512	7D0BAE806D968A281197674D9A5477F73A3EE172536C35BF5CBFA568D875C16C9804AB7E67C197DB3502792A23CBE3899507C8AEB9B1FCF3FFD82C92ABFBA50F
SSDEEP	6144:VU17m15OeWv1cDDQzoVoRoJNNxVXiF8KXXNy:VM7cknW/ZJDxVRKXX
IMP	7B1BC95845D27CF40466108A31A982D3
PESHA1	A06CC6A50056FCB0E3EECC39173D9DA13E5E4E33
PE256	14D3D64044AF81CBA121B366147915605F9BC343B956727E52395AFF3E8C13E6

DLL Exports:

Function Name	Ordinal	Type
AuthzModifyClaims	24	Exported Function
AuthzModifySecurityAttributes	25	Exported Function
AuthziQuerySecurityAttributes	57	Exported Function
AuthziSourceAudit	58	Exported Function
AuthzRegisterCapChangeNotification	28	Exported Function
AuthzRegisterSecurityEventSource	29	Exported Function
AuthzModifySids	26	Exported Function
AuthzOpenObjectAudit	27	Exported Function
AuthzInstallSecurityEventSource	23	Exported Function
AuthzInitializeObjectAccessAuditEvent	17	Exported Function
AuthzInitializeObjectAccessAuditEvent2	18	Exported Function
AuthzInitializeContextFromSid	15	Exported Function
AuthzInitializeContextFromToken	16	Exported Function
AuthzInitializeResourceManager	21	Exported Function
AuthzInitializeResourceManagerEx	22	Exported Function
AuthzInitializeRemoteAccessCheck	19	Exported Function
AuthzInitializeRemoteResourceManager	20	Exported Function
GetCentralAccessPoliciesByDN	63	Exported Function
GetClaimDefinitions	64	Exported Function
GenerateNewCAPID	61	Exported Function
GetCentralAccessPoliciesByCapID	62	Exported Function
InitializeClaimDictionary	67	Exported Function
RefreshClaimDictionary	68	Exported Function
GetClaimDomainInfo	65	Exported Function
GetDefaultCAPESecurityDescriptor	66	Exported Function
FreeClaimDictionary	60	Exported Function
AuthzSetAppContainerInformation	32	Exported Function
AuthzShutdownRemoteAccessCheck	33	Exported Function
AuthzReportSecurityEvent	30	Exported Function
AuthzReportSecurityEventFromParams	31	Exported Function
AuthzUnregisterSecurityEventSource	36	Exported Function
FreeClaimDefinitions	59	Exported Function
AuthzUninstallSecurityEventSource	34	Exported Function
AuthzUnregisterCapChangeNotification	35	Exported Function
AuthzGetInformationFromContext	12	Exported Function
AuthziAccessCheckEx	37	Exported Function
AuthzFreeHandle	10	Exported Function
AuthzFreeResourceManager	11	Exported Function
AuthziFreeAuditEventType	40	Exported Function
AuthziFreeAuditParams	41	Exported Function
AuthziAllocateAuditParams	38	Exported Function
AuthziCheckContextMembership	39	Exported Function
AuthzFreeContext	9	Exported Function
AuthzCachedAccessCheck	3	Exported Function
AuthzComputeEffectivePermission	4	Exported Function
AuthzAccessCheck	1	Exported Function
AuthzAddSidsToContext	2	Exported Function
AuthzFreeAuditEvent	7	Exported Function
AuthzFreeCentralAccessPolicyCache	8	Exported Function
AuthzEnumerateSecurityEventSources	5	Exported Function
AuthzEvaluateSacl	6	Exported Function
AuthziModifyAuditEvent2	53	Exported Function
AuthziModifyAuditEventType	54	Exported Function
AuthziLogAuditEvent	51	Exported Function
AuthziModifyAuditEvent	52	Exported Function
AuthzInitializeCompoundContext	13	Exported Function
AuthzInitializeContextFromAuthzContext	14	Exported Function
AuthziModifyAuditQueue	55	Exported Function
AuthziModifySecurityAttributes	56	Exported Function
AuthziInitializeContextFromSid	50	Exported Function
AuthziInitializeAuditEvent	44	Exported Function
AuthziInitializeAuditEventType	45	Exported Function
AuthziFreeAuditQueue	42	Exported Function
AuthziGenerateAdminAlertAuditW	43	Exported Function
AuthziInitializeAuditParamsWithRM	48	Exported Function
AuthziInitializeAuditQueue	49	Exported Function
AuthziInitializeAuditParams	46	Exported Function
AuthziInitializeAuditParamsFromArray	47	Exported Function

Signature

• Status: Signature verified.
• Serial: 3300000266BD1580EFA75CD6D3000000000266
• Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: authz.dll
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 64-bit

File Scan

• VirusTotal Detections: 0/72
• VirusTotal Link: https://www.virustotal.com/gui/file/4e4ef8c31583ece0a3b8ed92ff5cc9d04d6ceaf90fa00cdb8adee3808a835bdb/detection/

MIT License. Copyright (c) 2020-2021 Strontic.