sechost.dll

File Path: C:\Windows\system32\sechost.dll
Description: Host for SCM/SDDL/LSA Lookup APIs

Hashes

Type	Hash
MD5	`232DB0BB52B37B5AAB5586D7208299C3`
SHA1	`A59DB9473AD005C2F677D927AE61061C81F8B1B6`
SHA256	`2653AF8A97D2FD52CE8E699C93337B84F893AB08CCFC71DEB3A0794C88BD1E59`
SHA384	`025957038AE43FB9E46E53FAFFBC005EFECE12EC4A1A3BF426792F6F1F139FCC97D1B347E0A73CA4545AFB0F6877EA2A`
SHA512	`16ABC016CFAC172411E1BF50FC2F8D35B535E5923160B3FEA96B7C4E0DF7EA21F11E896A44310CDABDA6F990BA2F8544FC6697D0D374909952055A08B1E38887`
SSDEEP	`12288:X/wXwA37sOQ4ZZxXQ3E1VjCsEfjGwZu8qrDdqfeaC6:XYXwi7sOQ4ZZxXeEb7ELGX8q1qfeaC6`
IMP	`CE4BD072766253F6A267D0284CA82002`
PESHA1	`4D983453F36154E89ABE27AF38A9858D3DF243CD`
PE256	`5D3E3CD46EA52D176ABF4FBFDE83516EDE569C40007DEC8A64B0F3BBD7D3FB38`

DLL Exports:

Function Name	Ordinal	Type
`LsaICLookupNamesWithCreds`	146	Exported Function
`LsaICLookupNames`	145	Exported Function
`LsaFreeMemory`	144	Exported Function
`LsaLookupClose`	149	Exported Function
`LsaICLookupSidsWithCreds`	148	Exported Function
`LsaICLookupSids`	147	Exported Function
`LsaEnumerateAccountsWithUserRight`	143	Exported Function
`LsaClose`	139	Exported Function
`LsaAddAccountRights`	138	Exported Function
`LookupAccountSidLocalW`	137	Exported Function
`LsaEnumerateAccountRights`	142	Exported Function
`LsaDelete`	141	Exported Function
`LsaCreateSecret`	140	Exported Function
`LsaLookupFreeMemory`	150	Exported Function
`LsaOpenPolicy`	160	Exported Function
`LsaLookupUserAccountType`	159	Exported Function
`LsaLookupTranslateSids`	158	Exported Function
`LsaQuerySecret`	163	Exported Function
`LsaQueryInformationPolicy`	162	Exported Function
`LsaOpenSecret`	161	Exported Function
`LsaLookupTranslateNames`	157	Exported Function
`LsaLookupNames2`	153	Exported Function
`LsaLookupManageSidNameMapping`	152	Exported Function
`LsaLookupGetDomainInfo`	151	Exported Function
`LsaLookupSids2`	156	Exported Function
`LsaLookupSids`	155	Exported Function
`LsaLookupOpenLocalPolicy`	154	Exported Function
`I_ScRegisterPreshutdownRestart`	121	Exported Function
`I_ScRegisterDeviceNotification`	120	Exported Function
`I_ScQueryServiceConfig`	119	Exported Function
`I_ScRpcBindW`	124	Exported Function
`I_ScRpcBindA`	123	Exported Function
`I_ScReparseServiceDatabase`	122	Exported Function
`I_ScPnPGetServiceName`	118	Exported Function
`I_QueryTagInformation`	114	Exported Function
`GetServiceRegistryStateKey`	113	Exported Function
`GetServiceProcessToken`	112	Exported Function
`I_ScIsSecurityProcess`	117	Exported Function
`I_ScBroadcastServiceControlMessage`	116	Exported Function
`I_RegisterSvchostNotificationCallback`	115	Exported Function
`I_ScSendPnPMessage`	125	Exported Function
`LocalRpcBindingSetAuthInfoEx`	133	Exported Function
`LocalRpcBindingCreateWithSecurity`	132	Exported Function
`LocalGetStringForCondition`	131	Exported Function
`LookupAccountSidLocalA`	136	Exported Function
`LookupAccountNameLocalW`	135	Exported Function
`LookupAccountNameLocalA`	134	Exported Function
`LocalGetReferencedTokenTypesForCondition`	130	Exported Function
`I_ScSetServiceBitsW`	2	Exported Function
`I_ScSetServiceBitsA`	1	Exported Function
`I_ScSendTSMessage`	126	Exported Function
`LocalGetConditionForString`	129	Exported Function
`I_ScValidatePnPService`	128	Exported Function
`I_ScUnregisterDeviceNotification`	127	Exported Function
`RpcClientCapabilityCheck`	200	Exported Function
`RemoveTraceCallback`	199	Exported Function
`ReleaseIdentityProviderEnumContext`	198	Exported Function
`SetServiceObjectSecurity`	203	Exported Function
`SetLocalRpcServerProtseqSecurity`	202	Exported Function
`SetLocalRpcServerInterfaceSecurity`	201	Exported Function
`RegisterTraceGuidsA`	197	Exported Function
`RegisterServiceCtrlHandlerA`	193	Exported Function
`QueryUserServiceNameForContext`	192	Exported Function
`QueryUserServiceName`	191	Exported Function
`RegisterServiceCtrlHandlerW`	196	Exported Function
`RegisterServiceCtrlHandlerExW`	195	Exported Function
`RegisterServiceCtrlHandlerExA`	194	Exported Function
`SetServiceStatus`	204	Exported Function
`TraceQueryInformation`	214	Exported Function
`SubscribeServiceChangeNotifications`	213	Exported Function
`StopTraceW`	212	Exported Function
`WaitServiceState`	217	Exported Function
`UnsubscribeServiceChangeNotifications`	216	Exported Function
`TraceSetInformation`	215	Exported Function
`StartTraceW`	211	Exported Function
`StartServiceCtrlDispatcherA`	207	Exported Function
`StartServiceA`	206	Exported Function
`SetTraceCallback`	205	Exported Function
`StartTraceA`	210	Exported Function
`StartServiceW`	209	Exported Function
`StartServiceCtrlDispatcherW`	208	Exported Function
`OpenSCManagerW`	173	Exported Function
`OpenSCManagerA`	172	Exported Function
`NotifyServiceStatusChangeW`	171	Exported Function
`OpenTraceW`	176	Exported Function
`OpenServiceW`	175	Exported Function
`OpenServiceA`	174	Exported Function
`NotifyServiceStatusChangeA`	170	Exported Function
`LsaSetInformationPolicy`	166	Exported Function
`LsaRetrievePrivateData`	165	Exported Function
`LsaRemoveAccountRights`	164	Exported Function
`NotifyServiceStatusChange`	169	Exported Function
`LsaStorePrivateData`	168	Exported Function
`LsaSetSecret`	167	Exported Function
`ProcessTrace`	177	Exported Function
`QueryServiceStatus`	187	Exported Function
`QueryServiceObjectSecurity`	186	Exported Function
`QueryServiceDynamicInformation`	185	Exported Function
`QueryTransientObjectSecurityDescriptor`	190	Exported Function
`QueryTraceProcessingHandle`	189	Exported Function
`QueryServiceStatusEx`	188	Exported Function
`QueryServiceConfigW`	184	Exported Function
`QueryLocalUserServiceName`	180	Exported Function
`QueryAllTracesW`	179	Exported Function
`QueryAllTracesA`	178	Exported Function
`QueryServiceConfigA`	183	Exported Function
`QueryServiceConfig2W`	182	Exported Function
`QueryServiceConfig2A`	181	Exported Function
`GetServiceKeyNameW`	111	Exported Function
`ConvertStringSecurityDescriptorToSecurityDescriptorW`	39	Exported Function
`ConvertStringSDToSDRootDomainW`	38	Exported Function
`ConvertStringSDToSDDomainW`	37	Exported Function
`CreateIsolationContainer`	42	Exported Function
`CreateIsolatedProcess`	41	Exported Function
`ConvertStringSidToSidW`	40	Exported Function
`ConvertStringSDToSDDomainA`	36	Exported Function
`ControlTraceW`	32	Exported Function
`ControlTraceA`	31	Exported Function
`ControlServiceExW`	30	Exported Function
`ConvertSidToStringSidW`	35	Exported Function
`ConvertSecurityDescriptorToStringSecurityDescriptorW`	34	Exported Function
`ConvertSDToStringSDRootDomainW`	33	Exported Function
`CreateServiceA`	43	Exported Function
`CredFindBestCredentialW`	53	Exported Function
`CredFindBestCredentialA`	52	Exported Function
`CredEnumerateW`	51	Exported Function
`CredGetTargetInfoA`	56	Exported Function
`CredGetSessionTypes`	55	Exported Function
`CredFree`	54	Exported Function
`CredEnumerateA`	50	Exported Function
`CredBackupCredentials`	46	Exported Function
`CreateServiceW`	45	Exported Function
`CreateServiceEx`	44	Exported Function
`CredEncryptAndMarshalBinaryBlob`	49	Exported Function
`CredDeleteW`	48	Exported Function
`CredDeleteA`	47	Exported Function
`AuditQuerySecurity`	12	Exported Function
`AuditQueryPerUserPolicy`	11	Exported Function
`AuditQueryGlobalSaclW`	10	Exported Function
`AuditSetPerUserPolicy`	15	Exported Function
`AuditSetGlobalSaclW`	14	Exported Function
`AuditQuerySystemPolicy`	13	Exported Function
`AuditLookupSubCategoryNameW`	9	Exported Function
`AuditEnumeratePerUserPolicy`	5	Exported Function
`AuditEnumerateCategories`	4	Exported Function
`AuditComputeEffectivePolicyBySid`	3	Exported Function
`AuditLookupCategoryNameW`	8	Exported Function
`AuditFree`	7	Exported Function
`AuditEnumerateSubCategories`	6	Exported Function
`AuditSetSecurity`	16	Exported Function
`CloseServiceHandle`	26	Exported Function
`ChangeServiceConfigW`	25	Exported Function
`ChangeServiceConfigA`	24	Exported Function
`ControlServiceExA`	29	Exported Function
`ControlService`	28	Exported Function
`CloseTrace`	27	Exported Function
`ChangeServiceConfig2W`	23	Exported Function
`BuildSecurityDescriptorForSharingAccessEx`	19	Exported Function
`BuildSecurityDescriptorForSharingAccess`	18	Exported Function
`AuditSetSystemPolicy`	17	Exported Function
`ChangeServiceConfig2A`	22	Exported Function
`CapabilityCheckForSingleSessionSku`	21	Exported Function
`CapabilityCheck`	20	Exported Function
`EnableTraceEx2`	93	Exported Function
`DeleteService`	92	Exported Function
`DeleteIsolationContainer`	91	Exported Function
`EnumerateTraceGuidsEx`	97	Exported Function
`EnumerateIdentityProviders`	96	Exported Function
`EnumDependentServicesW`	94	Exported Function
`CredWriteW`	84	Exported Function
`CredUnprotectW`	80	Exported Function
`CredUnprotectEx`	79	Exported Function
`CredUnprotectA`	78	Exported Function
`CredWriteDomainCredentialsW`	83	Exported Function
`CredWriteDomainCredentialsA`	82	Exported Function
`CredWriteA`	81	Exported Function
`EnumServicesStatusExW`	95	Exported Function
`GetIdentityProviderInfoByGUID`	107	Exported Function
`GetEmbeddedImageMitigationPolicy`	106	Exported Function
`GetEmbeddedContainerIsolationPolicy`	105	Exported Function
`GetServiceDisplayNameW`	110	Exported Function
`GetServiceDirectory`	109	Exported Function
`GetIdentityProviderInfoByName`	108	Exported Function
`GetDefaultIdentityProvider`	104	Exported Function
`EventAccessQuery`	100	Exported Function
`EventAccessControl`	99	Exported Function
`EtwQueryRealtimeConsumer`	98	Exported Function
`FreeTransientObjectSecurityDescriptor`	103	Exported Function
`FreeContainer`	102	Exported Function
`EventAccessRemove`	101	Exported Function
`CredpConvertTargetInfo`	87	Exported Function
`CredpConvertOneCredentialSize`	86	Exported Function
`CredpConvertCredential`	85	Exported Function
`CredpEncodeSecret`	90	Exported Function
`CredpEncodeCredential`	89	Exported Function
`CredpDecodeCredential`	88	Exported Function
`CredParseUserNameWithType`	63	Exported Function
`CredIsProtectedA`	59	Exported Function
`CredIsMarshaledCredentialW`	58	Exported Function
`CredGetTargetInfoW`	57	Exported Function
`CredMarshalCredentialW`	62	Exported Function
`CredMarshalCredentialA`	61	Exported Function
`CredIsProtectedW`	60	Exported Function
`CredProfileLoaded`	64	Exported Function
`CredReadW`	74	Exported Function
`CredReadDomainCredentialsW`	73	Exported Function
`CredReadDomainCredentialsA`	72	Exported Function
`CredUnmarshalCredentialW`	77	Exported Function
`CredUnmarshalCredentialA`	76	Exported Function
`CredRestoreCredentials`	75	Exported Function
`CredReadByTokenHandle`	71	Exported Function
`CredProtectA`	67	Exported Function
`CredProfileUnloaded`	66	Exported Function
`CredProfileLoadedEx`	65	Exported Function
`CredReadA`	70	Exported Function
`CredProtectW`	69	Exported Function
`CredProtectEx`	68	Exported Function

Signature

Status: Signature verified.
Serial: 3300000266BD1580EFA75CD6D3000000000266
Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: sechost.dll.mui
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.19041.1 (WinBuild.160101.0800)
Product Version: 10.0.19041.1
Language: English (United States)
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/70
VirusTotal Link: https://www.virustotal.com/gui/file/2653af8a97d2fd52ce8e699c93337b84f893ab08ccfc71deb3a0794c88bd1e59/detection/