Import table
advapi32.dll
ReportEventA, RegisterEventSourceW, OpenThreadToken, SetThreadToken, OpenProcessToken, SetServiceStatus, RegisterServiceCtrlHandlerA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetLengthSid, RevertToSelf, StartTraceW, QueryTraceW, RegOpenKeyExW, TraceEvent, ReportEventW, GetUserNameW, RegCloseKey, DeregisterEventSource, RegSetValueExW, RegDeleteValueW, AddAccessAllowedAceEx, InitializeAcl, GetTokenInformation
api-ms-win-core-errorhandling-l1-1-0.dll
SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetLastError
api-ms-win-core-handle-l1-1-0.dll
CloseHandle
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedExchange
api-ms-win-core-libraryloader-l1-1-0.dll
LoadLibraryExA, GetProcAddress, FreeLibrary
api-ms-win-core-misc-l1-1-0.dll
Sleep
api-ms-win-core-processthreads-l1-1-0.dll
GetCurrentProcessId, GetCurrentThreadId, TerminateProcess, GetCurrentProcess
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-synch-l1-1-0.dll
SetEvent, CreateEventA
api-ms-win-core-sysinfo-l1-1-0.dll
GetTickCount, GetSystemTimeAsFileTime
api-ms-win-core-threadpool-l1-1-0.dll
UnregisterWaitEx
api-ms-win-security-base-l1-1-0.dll
InitializeSecurityDescriptor, SetSecurityDescriptorDacl
api-ms-win-service-core-l1-1-0.dll
SetServiceStatus
api-ms-win-service-winsvc-l1-1-0.dll
RegisterServiceCtrlHandlerA
kernel32.dll
SetUnhandledExceptionFilter, TerminateProcess, UnhandledExceptionFilter, CreateEventA, GetLastError, DisableThreadLibraryCalls, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetSystemWindowsDirectoryW, CloseHandle, GetPrivateProfileIntW, lstrcatW, GetSystemDirectoryW, InterlockedCompareExchange, SetLastError, SetEvent, MapViewOfFile, CreateFileMappingW, CreateFileW, ExpandEnvironmentStringsW, lstrcpyW, CreateEventW, GetComputerNameW, ReleaseMutex, InterlockedDecrement, CreateMutexW, GetUserDefaultUILanguage, WaitForSingleObject, GetModuleFileNameW, UnmapViewOfFile, InterlockedIncrement, lstrlenW, GetSystemTime, ResetEvent, GetFileSize, GetFileTime, SearchPathW, CreateThread, GetCurrentProcess, lstrcpynW, GetCurrentThread, lstrlenA, lstrcpyA, FindClose, FindNextFileW, lstrcmpiW, FindFirstFileExW, MoveFileW, DeleteFileW, CopyFileW, FreeLibrary, GetProcAddress, LoadLibraryExW, SetErrorMode, LocalAlloc, LocalFree, lstrcmpiA, SetFileInformationByHandle, RegKrnGetGlobalState, UnregisterWait, DelayLoadFailureHook, HeapFree, HeapSize, GetProcessHeap, HeapAlloc, RegCloseKey, RegOpenKeyExW, InitializeCriticalSection, RegSetValueExW, CreateMutexA, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, Wow64RevertWow64FsRedirection, LockResource, LoadResource, SizeofResource, FindResourceExW, Wow64DisableWow64FsRedirection, IsWow64Process, HeapReAlloc, DosDateTimeToFileTime, FileTimeToDosDateTime
msvcrt.dll
DllMain
ntdll.dll
RtlFreeHeap, RtlSetGroupSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlLengthSid, RtlGetOwnerSecurityDescriptor, RtlGetAce, RtlQueryInformationAcl, RtlGetDaclSecurityDescriptor, RtlAllocateHeap, NtQuerySecurityObject, NtQueryKey, RtlReleaseResource, RtlAcquireResourceExclusive, NtClose, NtOpenKey, NtSetInformationThread, NtOpenThreadToken, RtlInitUnicodeStringEx, NtQueryValueKey, RtlInitializeResource, NtAccessCheck, RtlAcquireResourceShared, RtlCompareUnicodeString, RtlNtStatusToDosError, NtCreateKey, RtlAllocateAndInitializeSid, RtlValidRelativeSecurityDescriptor, RtlCreateSecurityDescriptor, RtlOpenCurrentUser, RtlLengthRequiredSid, NtOpenFile, RtlDosPathNameToNtPathName_U, NtSaveKey, NtCreateFile, NtSaveKeyEx, NtQueryMultipleValueKey, NtLoadKey, NtUnloadKey, NtReplaceKey, NtSetValueKey, RtlInitUnicodeString, NtSetSecurityObject, NtEnumerateValueKey, NtEnumerateKey, NtDeleteValueKey, NtDeleteKey, RtlGetVersion, NtWaitForSingleObject, RtlFreeUnicodeString, NtQueryInformationThread, RtlCreateUnicodeString, RtlCopyUnicodeString, RtlReAllocateHeap, NtQueryPerformanceCounter, RtlUnicodeToMultiByteN, RtlCreateUnicodeStringFromAsciiz, NtWaitForMultipleObjects, RtlAppendUnicodeStringToString, NtReadFile, NtQueryInformationFile, NtWriteFile, RtlMakeSelfRelativeSD, RtlLengthSecurityDescriptor, RtlValidSecurityDescriptor, RtlCreateAcl, RtlAddAccessAllowedAce, RtlSetDaclSecurityDescriptor, RtlFreeSid, NtRestoreKey, NtFlushKey, DbgPrint, RtlDeleteResource, NtCreateKeyTransacted, NtOpenKeyEx, NtOpenKeyTransactedEx, NtOpenKeyTransacted, RtlReleaseRelativeName, RtlDosPathNameToRelativeNtPathName_U, EtwLogTraceEvent, RtlGetThreadPreferredUILanguages, RtlInitializeCriticalSection, RtlDeleteCriticalSection, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlIntegerToUnicodeString, RtlDllShutdownInProgress, NtQueryInformationProcess, RtlAddAccessAllowedAceEx, NtQueryInformationToken, NtOpenProcessToken
rpcrt4.dll
RpcImpersonateClient, RpcRevertToSelf, NdrServerCall2, NdrClientCall2, RpcBindingFree, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcStringFreeW, RpcServerRegisterAuthInfoA, RpcServerUnregisterIf, RpcServerUseProtseqEpW, RpcServerRegisterIfEx
Export table
ServiceMain
SvchostPushServiceGlobals
