coadmin.dll

Description: IIS CoAdmin DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 64-bit

Operating System: Windows NT

SHA256: 480338a6dab987532f8704173a0bcd6c

File Size: 88.5 KB

Uploaded At: Dec. 1, 2025, 8:13 a.m.

Views: 15

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x9d50)
  • DllRegisterServer (Ordinal: 2, Address: 0x9be0)
  • DllUnregisterServer (Ordinal: 3, Address: 0x9c00)
  • InitComAdmindata (Ordinal: 4, Address: 0x9d60)
  • TerminateComAdmindata (Ordinal: 5, Address: 0xa450)

Imported DLLs & Functions

abocomp.dll
  • GetAboWrapper (Address: 0x1800117a0)
  • InitializeAboCompatibilityLayer (Address: 0x180011790)
  • TerminateAboCompatibilityLayer (Address: 0x180011798)
ADMWPROX.dll
  • ReleaseObjectSecurityContextW (Address: 0x1800113d8)
ADVAPI32.dll
  • AccessCheck (Address: 0x180011438)
  • AddAccessAllowedAce (Address: 0x180011440)
  • CloseServiceHandle (Address: 0x180011470)
  • ControlService (Address: 0x180011468)
  • ConvertSecurityDescriptorToStringSecurityDescriptorW (Address: 0x180011408)
  • CreateWellKnownSid (Address: 0x1800114b0)
  • CryptAcquireContextA (Address: 0x180011400)
  • EnumDependentServicesW (Address: 0x180011460)
  • GetLengthSid (Address: 0x180011418)
  • GetSecurityDescriptorControl (Address: 0x180011430)
  • GetTokenInformation (Address: 0x180011420)
  • ImpersonateLoggedOnUser (Address: 0x180011498)
  • InitializeAcl (Address: 0x1800113f8)
  • InitializeSecurityDescriptor (Address: 0x1800114a8)
  • LookupAccountSidW (Address: 0x180011410)
  • OpenProcessToken (Address: 0x180011428)
  • OpenSCManagerW (Address: 0x180011450)
  • OpenServiceW (Address: 0x180011458)
  • OpenThreadToken (Address: 0x180011488)
  • QueryServiceStatus (Address: 0x180011480)
  • QueryServiceStatusEx (Address: 0x1800114a0)
  • RevertToSelf (Address: 0x180011490)
  • SetSecurityDescriptorDacl (Address: 0x180011448)
  • SetSecurityDescriptorGroup (Address: 0x1800113f0)
  • SetSecurityDescriptorOwner (Address: 0x1800113e8)
  • StartServiceW (Address: 0x180011478)
AUTHZ.dll
  • AuthzInstallSecurityEventSource (Address: 0x1800114d0)
  • AuthzRegisterSecurityEventSource (Address: 0x1800114c0)
  • AuthzReportSecurityEventFromParams (Address: 0x1800114c8)
IISCFG.DLL
  • DllGetSimpleObjectByIDEx (Address: 0x1800114e0)
IisRTL.DLL
  • ??0BUFFER@@QEAA@XZ (Address: 0x180011588)
  • ??0STRU@@QEAA@PEAGK@Z (Address: 0x1800115a0)
  • ??0STRU@@QEAA@XZ (Address: 0x180011598)
  • ??1BUFFER@@QEAA@XZ (Address: 0x180011590)
  • ??1STRU@@QEAA@XZ (Address: 0x180011548)
  • ?Append@STRU@@QEAAJAEBV1@@Z (Address: 0x1800115d8)
  • ?Append@STRU@@QEAAJPEBG@Z (Address: 0x180011520)
  • ?Append@STRU@@QEAAJPEBGK@Z (Address: 0x180011550)
  • ?ConvertExclusiveToShared@CReaderWriterLock3@@QEAAXXZ (Address: 0x180011508)
  • ?ConvertSharedToExclusive@CReaderWriterLock3@@QEAAXXZ (Address: 0x1800115c8)
  • ?Copy@STRU@@QEAAJAEBV1@@Z (Address: 0x1800115d0)
  • ?Copy@STRU@@QEAAJPEBG@Z (Address: 0x1800115a8)
  • ?Copy@STRU@@QEAAJPEBGK@Z (Address: 0x180011558)
  • ?ReadLock@CReaderWriterLock3@@QEAAXXZ (Address: 0x180011570)
  • ?ReadUnlock@CReaderWriterLock3@@QEAAXXZ (Address: 0x1800115c0)
  • ?Resize@BUFFER@@QEAA_NK@Z (Address: 0x180011518)
  • ?Resize@STRU@@QEAAJK@Z (Address: 0x180011538)
  • ?SetLen@STRU@@QEAA_NK@Z (Address: 0x1800115e0)
  • ?TryConvertSharedToExclusive@CReaderWriterLock3@@QEAA_NXZ (Address: 0x1800114f8)
  • ?TryReadLock@CReaderWriterLock3@@QEAA_NXZ (Address: 0x1800114f0)
  • ?TryWriteLock@CReaderWriterLock3@@QEAA_NXZ (Address: 0x180011500)
  • ?WriteLock@CReaderWriterLock3@@QEAAXXZ (Address: 0x180011578)
  • ?WriteUnlock@CReaderWriterLock3@@QEAAXXZ (Address: 0x180011568)
  • CreateRefTraceLog (Address: 0x180011528)
  • DestroyRefTraceLog (Address: 0x180011530)
  • IISGetPlatformType (Address: 0x180011540)
  • IISInitializeCriticalSection (Address: 0x180011510)
  • PuCreateDebugPrintsObject (Address: 0x1800115b8)
  • PuDbgPrint (Address: 0x180011580)
  • PuLoadDebugFlagsFromRegStr (Address: 0x1800115b0)
  • WriteRefTraceLog (Address: 0x180011560)
iisutil.dll
  • ?EtwTraceEvent@CEtwTracer@@QEAAKPEBU_GUID@@KZZ (Address: 0x1800117b0)
KERNEL32.dll
  • CloseHandle (Address: 0x180011688)
  • CreateEventA (Address: 0x1800116a0)
  • CreateFileW (Address: 0x180011608)
  • CreateThread (Address: 0x180011698)
  • DeleteCriticalSection (Address: 0x180011700)
  • EnterCriticalSection (Address: 0x1800116c0)
  • FileTimeToLocalFileTime (Address: 0x1800116d0)
  • FreeLibrary (Address: 0x180011738)
  • GetCurrentProcess (Address: 0x180011610)
  • GetCurrentProcessId (Address: 0x180011600)
  • GetCurrentThread (Address: 0x180011670)
  • GetCurrentThreadId (Address: 0x180011708)
  • GetLastError (Address: 0x1800116f0)
  • GetProcAddress (Address: 0x180011730)
  • GetProcessHeap (Address: 0x1800116e0)
  • GetSystemDirectoryW (Address: 0x180011728)
  • GetSystemTimeAsFileTime (Address: 0x180011658)
  • GetTickCount (Address: 0x180011660)
  • GetVersionExA (Address: 0x180011720)
  • HeapAlloc (Address: 0x180011618)
  • HeapFree (Address: 0x1800116e8)
  • InitializeCriticalSection (Address: 0x180011710)
  • InitializeCriticalSectionAndSpinCount (Address: 0x1800116a8)
  • LeaveCriticalSection (Address: 0x1800116b8)
  • LoadLibraryExW (Address: 0x180011740)
  • LocalAlloc (Address: 0x1800116c8)
  • LocalFileTimeToFileTime (Address: 0x1800116d8)
  • LocalFree (Address: 0x180011718)
  • OpenProcess (Address: 0x180011668)
  • OutputDebugStringA (Address: 0x180011758)
  • QueryFullProcessImageNameW (Address: 0x180011678)
  • QueryPerformanceCounter (Address: 0x180011650)
  • RegisterWaitForSingleObject (Address: 0x180011748)
  • RtlCaptureContext (Address: 0x180011620)
  • RtlLookupFunctionEntry (Address: 0x180011628)
  • RtlVirtualUnwind (Address: 0x180011630)
  • SetEvent (Address: 0x1800116b0)
  • SetLastError (Address: 0x1800115f8)
  • SetUnhandledExceptionFilter (Address: 0x180011640)
  • SignalObjectAndWait (Address: 0x180011690)
  • Sleep (Address: 0x180011750)
  • SleepEx (Address: 0x1800116f8)
  • TerminateProcess (Address: 0x180011648)
  • UnhandledExceptionFilter (Address: 0x180011638)
  • UnregisterWaitEx (Address: 0x1800115f0)
  • WaitForMultipleObjects (Address: 0x180011680)
msvcrt.dll
  • __C_specific_handler (Address: 0x1800117d8)
  • __dllonexit (Address: 0x1800117c0)
  • _amsg_exit (Address: 0x180011868)
  • _callnewh (Address: 0x1800117f8)
  • _initterm (Address: 0x1800117e0)
  • _lock (Address: 0x1800117d0)
  • _onexit (Address: 0x180011860)
  • _ultow (Address: 0x180011808)
  • _unlock (Address: 0x1800117c8)
  • _wcsdup (Address: 0x180011820)
  • _wcsicmp (Address: 0x180011828)
  • _wcsnicmp (Address: 0x180011840)
  • _wcsupr (Address: 0x180011818)
  • _XcptFilter (Address: 0x1800117f0)
  • free (Address: 0x180011810)
  • malloc (Address: 0x180011800)
  • memcpy (Address: 0x1800117e8)
  • memset (Address: 0x180011870)
  • wcscat_s (Address: 0x180011858)
  • wcschr (Address: 0x180011850)
  • wcscpy_s (Address: 0x180011830)
  • wcsncmp (Address: 0x180011838)
  • wcsstr (Address: 0x180011848)
ntdll.dll
  • NtQueryInformationFile (Address: 0x180011880)
  • RtlNtStatusToDosError (Address: 0x180011888)
ole32.dll
  • CoCreateFreeThreadedMarshaler (Address: 0x1800118d8)
  • CoCreateInstance (Address: 0x1800118d0)
  • CoDisconnectObject (Address: 0x1800118a0)
  • CoGetCallContext (Address: 0x1800118a8)
  • CoImpersonateClient (Address: 0x1800118c8)
  • CoInitializeEx (Address: 0x1800118c0)
  • CoRegisterClassObject (Address: 0x180011898)
  • CoRevokeClassObject (Address: 0x1800118b0)
  • CoUninitialize (Address: 0x1800118b8)
OLEAUT32.dll
  • GetErrorInfo (Address: 0x180011768)
RPCRT4.dll
  • I_RpcBindingInqLocalClientPID (Address: 0x180011780)
  • I_RpcBindingIsClientLocal (Address: 0x180011778)