vertdll.dll

File Path: C:\Windows\system32\vertdll.dll
Description: VSM enclave runtime DLL

Hashes

Type	Hash
MD5	`DB2F9C7CC5C4D0C7993CDE88F139FF1F`
SHA1	`8312F45B0F0182154661FAD558F924CE86D3369A`
SHA256	`F3469C89BFB2FD027DF0CCD23327370C8F11EBE343A43727B10F4A5CF5BEAAAD`
SHA384	`DEAAFF97E7C03A8D399EB6B01A8BD52C878C7E58DFF24F221DF41B87052F43F5C0125D68702419ACE68C12222716A8EB`
SHA512	`EB1BA9E8F16072561E8B043129A8BF93592B5065394BAB50367D04BA253173830E64DF487E14B987E7E5B721217E1B9069AF2A018E53C54CAADDF00F5FE049A1`
SSDEEP	`3072:xYdYaPlrOttttC7zfKFBNafwNt9P2MaNDv2o/EvvWGL:xYSadrOttttEzkN0ot9KsosF`
PESHA1	`EEACEA34AD302FDC759977210A998CFE602FBA85`
PE256	`5B6A44700BA52940BE5B2A9B722B2495925A9DDE3E9DB38C9C9E43B1DBBFE0B7`

DLL Exports:

Function Name	Ordinal	Type
`RtlAllocateHeap`	105	Exported Function
`RtlAcquireResourceShared`	104	Exported Function
`RtlAssert`	106	Exported Function
`RtlCaptureContext`	108	Exported Function
`RtlCallEnclaveReturn`	107	Exported Function
`ReleaseSRWLockExclusive`	100	Exported Function
`RegQueryValueExW`	98	Exported Function
`ReleaseSRWLockShared`	101	Exported Function
`RtlAcquireResourceExclusive`	103	Exported Function
`ResolveDelayLoadedAPI`	102	Exported Function
`RtlCompareUnicodeString`	109	Exported Function
`RtlGetCurrentProcessorNumberEx`	116	Exported Function
`RtlFreeHeap`	115	Exported Function
`RtlGetLastNtStatus`	117	Exported Function
`RtlInitializeCriticalSection`	120	Exported Function
`RtlImageNtHeader`	118	Exported Function
`RtlDeleteResource`	111	Exported Function
`RtlDeleteCriticalSection`	110	Exported Function
`RtlEnclaveCallDispatch`	112	Exported Function
`RtlEnterCriticalSection`	114	Exported Function
`RtlEnclaveCallDispatchReturn`	113	Exported Function
`RegQueryInfoKeyW`	97	Exported Function
`NtQueryInformationProcess`	84	Exported Function
`NtOpenKey`	83	Exported Function
`NtQueryValueKey`	85	Exported Function
`OpenProcessToken`	87	Exported Function
`NtTerminateProcess`	86	Exported Function
`MultiByteToWideChar`	79	Exported Function
`memset`	168	Exported Function
`NtClose`	80	Exported Function
`NtOpenFile`	82	Exported Function
`NtDeviceIoControlFile`	81	Exported Function
`OutputDebugStringW`	88	Exported Function
`RegCloseKey`	94	Exported Function
`RaiseException`	93	Exported Function
`RegEnumKeyExW`	95	Exported Function
`RegOpenKeyExW`	96	Exported Function
`RegisterWaitForSingleObjectEx`	99	Exported Function
`qsort`	169	Exported Function
`PrivilegeCheck`	89	Exported Function
`QueryDepthSList`	90	Exported Function
`QueryFullProcessImageNameW`	92	Exported Function
`QueryFullProcess`	91	Exported Function
`TryEnterCriticalSection`	148	Exported Function
`TryAcquireSRWLockShared`	147	Exported Function
`UnregisterWaitEx`	149	Exported Function
`VirtualFree`	151	Exported Function
`VirtualAlloc`	150	Exported Function
`TlsFree`	143	Exported Function
`TlsAlloc`	142	Exported Function
`TlsGetValue`	144	Exported Function
`TryAcquireSRWLockExclusive`	146	Exported Function
`TlsSetValue`	145	Exported Function
`VirtualProtect`	152	Exported Function
`wcscmp`	170	Exported Function
`WakeConditionVariable`	158	Exported Function
`wcscpy_s`	171	Exported Function
`WideCharToMultiByte`	159	Exported Function
`wcsncmp`	172	Exported Function
`WaitOnAddress`	154	Exported Function
`VirtualQuery`	153	Exported Function
`WakeAllConditionVariable`	155	Exported Function
`WakeByAddressSingle`	157	Exported Function
`WakeByAddressAll`	156	Exported Function
`TerminateProcess`	141	Exported Function
`RtlRaiseStatus`	126	Exported Function
`RtlPcToFileHeader`	125	Exported Function
`RtlReleaseResource`	127	Exported Function
`RtlTimeFieldsToTime`	129	Exported Function
`RtlReleaseResourceShared`	128	Exported Function
`RtlInitUnicodeString`	119	Exported Function
`RtlInitializeResource`	121	Exported Function
`RtlLeaveCriticalSection`	122	Exported Function
`RtlNtStatusToDosError`	124	Exported Function
`RtlLookupFunctionEntry`	123	Exported Function
`RtlUnhandledExceptionFilter`	130	Exported Function
`SetUnhandledExceptionFilter`	137	Exported Function
`SetThreadStackGuarantee`	136	Exported Function
`SleepConditionVariableCS`	138	Exported Function
`TerminateEnclave`	140	Exported Function
`SleepConditionVariableSRW`	139	Exported Function
`RtlUnwindEx`	132	Exported Function
`RtlUnwind`	131	Exported Function
`RtlVirtualUnwind`	133	Exported Function
`SetLastError`	135	Exported Function
`SetCriticalSectionSpinCount`	134	Exported Function
`EtwGetTraceLoggerHandle`	24	Exported Function
`EtwGetTraceEnableLevel`	23	Exported Function
`EtwRegisterTraceGuidsW`	25	Exported Function
`EtwUnregisterTraceGuids`	27	Exported Function
`EtwTraceMessage`	26	Exported Function
`EtwEventRegister`	19	Exported Function
`EnterSynchronizationBarrier`	18	Exported Function
`EtwEventUnregister`	20	Exported Function
`EtwGetTraceEnableFlags`	22	Exported Function
`EtwEventWrite`	21	Exported Function
`EventRegister`	28	Exported Function
`FreeLibrary`	35	Exported Function
`ExpInterlockedPopEntrySListResume`	34	Exported Function
`GetCurrentProcess`	36	Exported Function
`GetCurrentThreadId`	38	Exported Function
`GetCurrentThread`	37	Exported Function
`EventUnregister`	30	Exported Function
`EventSetInformation`	29	Exported Function
`EventWriteTransfer`	31	Exported Function
`ExpInterlockedPopEntrySListFault`	33	Exported Function
`ExpInterlockedPopEntrySListEnd`	32	Exported Function
`EnterCriticalSection`	17	Exported Function
`AcquireSRWLockShared`	2	Exported Function
`AcquireSRWLockExclusive`	1	Exported Function
`CallEnclave`	3	Exported Function
`CreateEventW`	5	Exported Function
`CloseHandle`	4	Exported Function
`__chkstk`	161	Exported Function
`__C_specific_handler`	160	Exported Function
`_local_unwind`	162	Exported Function
`_wcsicmp`	164	Exported Function
`_vsnwprintf`	163	Exported Function
`DbgPrint`	6	Exported Function
`EnclaveGetEnclaveInformation`	13	Exported Function
`EnclaveGetAttestationReport`	12	Exported Function
`EnclaveSealData`	14	Exported Function
`EnclaveVerifyAttestationReport`	16	Exported Function
`EnclaveUnsealData`	15	Exported Function
`DeleteCriticalSection`	8	Exported Function
`DelayLoadFailureHook`	7	Exported Function
`DeleteSynchronizationBarrier`	9	Exported Function
`DisableThreadLibraryCalls`	11	Exported Function
`DeviceIoControl`	10	Exported Function
`InterlockedFlushSList`	67	Exported Function
`InitializeSynchronizationBarrier`	66	Exported Function
`InterlockedPopEntrySList`	68	Exported Function
`InterlockedPushListSList`	70	Exported Function
`InterlockedPushEntrySList`	69	Exported Function
`InitializeCriticalSectionAndSpinCount`	62	Exported Function
`InitializeCriticalSection`	61	Exported Function
`InitializeCriticalSectionEx`	63	Exported Function
`InitializeSRWLock`	65	Exported Function
`InitializeSListHead`	64	Exported Function
`InterlockedPushListSListEx`	71	Exported Function
`LocateXStateFeature`	78	Exported Function
`LoadLibraryW`	77	Exported Function
`memcmp`	165	Exported Function
`memmove`	167	Exported Function
`memcpy`	166	Exported Function
`LdrDisableThreadCalloutsForDll`	73	Exported Function
`KiUserExceptionDispatcher`	72	Exported Function
`LdrResolveDelayLoadedAPI`	74	Exported Function
`LoadLibraryExW`	76	Exported Function
`LeaveCriticalSection`	75	Exported Function
`InitializeConditionVariable`	60	Exported Function
`GetProcessHeap`	45	Exported Function
`GetProcAddress`	44	Exported Function
`GetProcessHeaps`	46	Exported Function
`GetSystemDirectoryW`	48	Exported Function
`GetSeedFromIumKernelState`	47	Exported Function
`GetFipsModeFromIumKernelState`	40	Exported Function
`GetEnabledXStateFeatures`	39	Exported Function
`GetLastError`	41	Exported Function
`GetModuleHandleExW`	43	Exported Function
`GetModuleFileNameW`	42	Exported Function
`GetSystemInfo`	49	Exported Function
`HeapLock`	56	Exported Function
`HeapFree`	55	Exported Function
`HeapReAlloc`	57	Exported Function
`HeapUnlock`	59	Exported Function
`HeapSize`	58	Exported Function
`HeapAlloc`	51	Exported Function
`GetXStateFeaturesMask`	50	Exported Function
`HeapCompact`	52	Exported Function
`HeapDestroy`	54	Exported Function
`HeapCreate`	53	Exported Function

Signature

Status: Signature verified.
Serial: 3300000266BD1580EFA75CD6D3000000000266
Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: vertdll.dll
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.19041.1 (WinBuild.160101.0800)
Product Version: 10.0.19041.1
Language: English (United States)
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/72
VirusTotal Link: https://www.virustotal.com/gui/file/f3469c89bfb2fd027df0ccd23327370c8f11ebe343a43727b10f4a5cf5beaaad/detection/