Import table
advapi32.dll
RegQueryValueExA, ConvertSidToStringSidW, RevertToSelf, ImpersonateLoggedOnUser, DuplicateTokenEx, RegOpenKeyExA, RegSaveKeyW, SetTokenInformation, GetKernelObjectSecurity, GetSecurityDescriptorDacl, RegQueryValueExW, RegDeleteKeyW, RegCloseKey, RegOpenKeyExW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, RegQueryInfoKeyW, RegOpenCurrentUser, SetServiceStatus, RegEnumValueW, RegDeleteValueW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, GetSidSubAuthority, InitializeSid, GetSidLengthRequired, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, LookupAccountSidW, GetTokenInformation, OpenThreadToken, RegNotifyChangeKeyValue, RegisterServiceCtrlHandlerW, OpenProcessToken, CloseServiceHandle, ChangeServiceConfigW, OpenServiceW, OpenSCManagerW, LogonUserW, EqualSid, AdjustTokenPrivileges, LookupPrivilegeValueW, AddAce, GetAce, GetAclInformation, IsValidSid, SetKernelObjectSecurity
api-ms-win-core-localregistry-l1-1-0.dll
RegOpenKeyExA, RegQueryValueExA, RegNotifyChangeKeyValue, RegDeleteValueW, RegEnumValueW, RegOpenCurrentUser, RegQueryInfoKeyW, RegCreateKeyExW, RegSetValueExW, RegEnumKeyExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegDeleteKeyExW
api-ms-win-service-core-l1-1-0.dll
SetServiceStatus
api-ms-win-service-management-l1-1-0.dll
OpenSCManagerW, OpenServiceW, CloseServiceHandle
api-ms-win-service-management-l2-1-0.dll
ChangeServiceConfigW
api-ms-win-service-winsvc-l1-1-0.dll
RegisterServiceCtrlHandlerW
kernel32.dll
SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, GlobalFree, GlobalAlloc, DeleteFileW, GetWindowsDirectoryW, UnhandledExceptionFilter, lstrlenW, MultiByteToWideChar, LeaveCriticalSection, EnterCriticalSection, ReleaseMutex, WaitForSingleObject, InterlockedIncrement, InterlockedDecrement, SetEvent, InterlockedExchange, LoadLibraryW, FreeLibrary, GetLastError, LocalAlloc, GetSystemTime, Sleep, CloseHandle, CreateMutexW, GetCurrentThreadId, DuplicateHandle, GetTickCount, InitializeCriticalSection, DisableThreadLibraryCalls, ResetEvent, HeapAlloc, HeapFree, WriteFile, SetThreadPriority, GetCurrentThread, DeleteCriticalSection, GetComputerNameExW, CreateEventW, OpenProcess, CreateFileW, GetPrivateProfileIntW, GetComputerNameW, TerminateProcess, GetProcAddress, lstrcmpiW, CreateThread, ExitThread, HeapCompact, GetProcessHeap, WaitForMultipleObjects, WritePrivateProfileStringW, GetPrivateProfileSectionNamesW, UnregisterWait, HeapDestroy, GetSystemInfo, OpenEventW, GetModuleHandleW, HeapCreate, GetCurrentProcess, GetPrivateProfileStringW, GetPrivateProfileSectionW, GetFileAttributesExW, GetSystemWindowsDirectoryW, GetSystemDirectoryW, GetFileSize, UnmapViewOfFile, IsDBCSLeadByte, MapViewOfFile, CreateFileMappingW, GetCurrentDirectoryW, WritePrivateProfileSectionW, FindClose, FindNextFileW, FindFirstFileW, LocalFree, FileTimeToSystemTime, GetSystemTimeAsFileTime, OutputDebugStringA, lstrlenA, GetLocalTime, InterlockedCompareExchange, QueryPerformanceCounter, GetCurrentProcessId, CompareStringW, K32EnumProcesses, DelayLoadFailureHook, LoadLibraryExA
msvcrt.dll
DllMain
ole32.dll
CoUninitialize, CoInitializeEx, StringFromGUID2, CoCreateInstance
psapi.dll
EnumProcesses
rpcrt4.dll
RpcImpersonateClient, RpcServerUnregisterIf, RpcBindingFree, RpcBindingSetAuthInfoW, RpcStringFreeW, I_RpcExceptionFilter, RpcRevertToSelf, RpcStringBindingComposeW, RpcServerInqCallAttributesW, RpcCancelThread, RpcMgmtSetCancelTimeout, RpcServerRegisterIfEx, RpcServerListen, RpcServerRegisterAuthInfoW, RpcServerUseProtseqEpW, NdrServerCall2, NdrClientCall2, RpcBindingFromStringBindingW, RpcServerInqDefaultPrincNameW
rtutils.dll
TraceRegisterExW, TraceDeregisterW, TraceVprintfExA
secur32.dll
GetComputerObjectNameW
user32.dll
LoadIconW, LoadStringW, DestroyIcon
winmm.dll
waveOutMessage, waveInMessage, midiInMessage, midiOutMessage
Export table
ServiceMain
SvchostPushServiceGlobals
