authz.dll

• File Path: C:\Windows\SysWOW64\authz.dll
• Description: Authorization Framework

Hashes

Type	Hash
MD5	79106D300A42591DE65BDDA4DAD5287A
SHA1	DD40E873891EC2ED3C131D5EE8CAFB2629EB4D9E
SHA256	3B9D3C6F5174F604FB2F16B6BD82F70C5B476FD98F72B717B5CA563D0C7A7BA3
SHA384	CBFB7887DBD9C92122C1BC36D151F383317F16C1C5FA2F64EF3E88CB1B8E5DB9BC711452FC46D76024333147616714AD
SHA512	A9C87F0436731A682E68E71A23B8C006AC8F7C1E816484A8A37EE99F0778051FFA84C75BE7B4B9719B6EA57830CBE899A44EDCEFE20495DCEEF9C54C4D55BD93
SSDEEP	3072:2aOXicLYDVANUyp6ht6NarHMz4hXgB8bV92fBxv8wRe4ifr/5DrABZKKYyB:2aOXicLYDLyWPTA4djI5Ow4zSBZKKYC
IMP	B537A6DCF8732C14BFA75AB78FBF1F39
PESHA1	6A57062C0B69858495F227E00820ABE011756006
PE256	0BD9A87375A9C24D0311AD3230ECC2F5EADDF7C30216D4EFCB0E93CB5AE407BB

DLL Exports:

Function Name	Ordinal	Type
AuthzModifyClaims	24	Exported Function
AuthzModifySecurityAttributes	25	Exported Function
AuthziQuerySecurityAttributes	57	Exported Function
AuthziSourceAudit	58	Exported Function
AuthzRegisterCapChangeNotification	28	Exported Function
AuthzRegisterSecurityEventSource	29	Exported Function
AuthzModifySids	26	Exported Function
AuthzOpenObjectAudit	27	Exported Function
AuthzInstallSecurityEventSource	23	Exported Function
AuthzInitializeObjectAccessAuditEvent	17	Exported Function
AuthzInitializeObjectAccessAuditEvent2	18	Exported Function
AuthzInitializeContextFromSid	15	Exported Function
AuthzInitializeContextFromToken	16	Exported Function
AuthzInitializeResourceManager	21	Exported Function
AuthzInitializeResourceManagerEx	22	Exported Function
AuthzInitializeRemoteAccessCheck	19	Exported Function
AuthzInitializeRemoteResourceManager	20	Exported Function
GetCentralAccessPoliciesByDN	63	Exported Function
GetClaimDefinitions	64	Exported Function
GenerateNewCAPID	61	Exported Function
GetCentralAccessPoliciesByCapID	62	Exported Function
InitializeClaimDictionary	67	Exported Function
RefreshClaimDictionary	68	Exported Function
GetClaimDomainInfo	65	Exported Function
GetDefaultCAPESecurityDescriptor	66	Exported Function
FreeClaimDictionary	60	Exported Function
AuthzSetAppContainerInformation	32	Exported Function
AuthzShutdownRemoteAccessCheck	33	Exported Function
AuthzReportSecurityEvent	30	Exported Function
AuthzReportSecurityEventFromParams	31	Exported Function
AuthzUnregisterSecurityEventSource	36	Exported Function
FreeClaimDefinitions	59	Exported Function
AuthzUninstallSecurityEventSource	34	Exported Function
AuthzUnregisterCapChangeNotification	35	Exported Function
AuthzGetInformationFromContext	12	Exported Function
AuthziAccessCheckEx	37	Exported Function
AuthzFreeHandle	10	Exported Function
AuthzFreeResourceManager	11	Exported Function
AuthziFreeAuditEventType	40	Exported Function
AuthziFreeAuditParams	41	Exported Function
AuthziAllocateAuditParams	38	Exported Function
AuthziCheckContextMembership	39	Exported Function
AuthzFreeContext	9	Exported Function
AuthzCachedAccessCheck	3	Exported Function
AuthzComputeEffectivePermission	4	Exported Function
AuthzAccessCheck	1	Exported Function
AuthzAddSidsToContext	2	Exported Function
AuthzFreeAuditEvent	7	Exported Function
AuthzFreeCentralAccessPolicyCache	8	Exported Function
AuthzEnumerateSecurityEventSources	5	Exported Function
AuthzEvaluateSacl	6	Exported Function
AuthziModifyAuditEvent2	52	Exported Function
AuthziModifyAuditEventType	54	Exported Function
AuthziLogAuditEvent	51	Exported Function
AuthziModifyAuditEvent	53	Exported Function
AuthzInitializeCompoundContext	13	Exported Function
AuthzInitializeContextFromAuthzContext	14	Exported Function
AuthziModifyAuditQueue	55	Exported Function
AuthziModifySecurityAttributes	56	Exported Function
AuthziInitializeContextFromSid	50	Exported Function
AuthziInitializeAuditEvent	44	Exported Function
AuthziInitializeAuditEventType	45	Exported Function
AuthziFreeAuditQueue	42	Exported Function
AuthziGenerateAdminAlertAuditW	43	Exported Function
AuthziInitializeAuditParamsWithRM	48	Exported Function
AuthziInitializeAuditQueue	49	Exported Function
AuthziInitializeAuditParams	46	Exported Function
AuthziInitializeAuditParamsFromArray	47	Exported Function

Signature

• Status: Signature verified.
• Serial: 3300000266BD1580EFA75CD6D3000000000266
• Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: authz.dll
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 32-bit

File Scan

• VirusTotal Detections: 0/69
• VirusTotal Link: https://www.virustotal.com/gui/file/3b9d3c6f5174f604fb2f16b6bd82f70c5b476fd98f72b717b5ca563d0c7a7ba3/detection/

File Similarity (ssdeep match)

File	Score
C:\Windows\SysWOW64\scesrv.dll	30

MIT License. Copyright (c) 2020-2021 Strontic.