mofd.dll

Description: WMI

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3684

Architecture: 64-bit

Operating System: Windows NT

SHA256: 60902acff7c0e8754a7bc0232d23a1ee

File Size: 265.5 KB

Uploaded At: Dec. 1, 2025, 8:19 a.m.

Views: 9

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • CompileFileViaDLL (Ordinal: 1, Address: 0x27530)
  • CreateBMOFViaDLL (Ordinal: 2, Address: 0x277e0)
  • DllCanUnloadNow (Ordinal: 3, Address: 0xbf00)
  • DllGetClassObject (Ordinal: 4, Address: 0xbce0)
  • DllRegisterServer (Ordinal: 5, Address: 0xbf70)
  • DllUnregisterServer (Ordinal: 6, Address: 0xc040)

Imported DLLs & Functions

ADVAPI32.dll
  • AdjustTokenPrivileges (Address: 0x18002e640)
  • GetTraceEnableFlags (Address: 0x18002e6b0)
  • GetTraceEnableLevel (Address: 0x18002e6a8)
  • GetTraceLoggerHandle (Address: 0x18002e6a0)
  • ImpersonateSelf (Address: 0x18002e650)
  • LookupPrivilegeValueW (Address: 0x18002e660)
  • OpenProcessToken (Address: 0x18002e688)
  • OpenThreadToken (Address: 0x18002e658)
  • RegCloseKey (Address: 0x18002e690)
  • RegCreateKeyExW (Address: 0x18002e670)
  • RegDeleteKeyW (Address: 0x18002e680)
  • RegDeleteValueW (Address: 0x18002e678)
  • RegEnumKeyExW (Address: 0x18002e620)
  • RegisterTraceGuidsW (Address: 0x18002e6b8)
  • RegOpenKeyExW (Address: 0x18002e638)
  • RegQueryInfoKeyW (Address: 0x18002e628)
  • RegQueryValueExW (Address: 0x18002e630)
  • RegSetValueExW (Address: 0x18002e698)
  • RevertToSelf (Address: 0x18002e648)
  • TraceMessage (Address: 0x18002e668)
  • UnregisterTraceGuids (Address: 0x18002e6c0)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetVersionExW (Address: 0x18002e9d8)
KERNEL32.dll
  • AcquireSRWLockExclusive (Address: 0x18002e6e8)
  • CloseHandle (Address: 0x18002e800)
  • CompareStringW (Address: 0x18002e6f8)
  • CreateFileW (Address: 0x18002e848)
  • CreateProcessW (Address: 0x18002e778)
  • DebugBreak (Address: 0x18002e730)
  • DeleteCriticalSection (Address: 0x18002e810)
  • DeleteFileW (Address: 0x18002e700)
  • DisableThreadLibraryCalls (Address: 0x18002e7a8)
  • EnterCriticalSection (Address: 0x18002e818)
  • ExpandEnvironmentStringsW (Address: 0x18002e720)
  • FindResourceExW (Address: 0x18002e7b8)
  • FreeLibrary (Address: 0x18002e808)
  • GetConsoleOutputCP (Address: 0x18002e790)
  • GetCurrentProcess (Address: 0x18002e768)
  • GetCurrentProcessId (Address: 0x18002e858)
  • GetCurrentThread (Address: 0x18002e860)
  • GetCurrentThreadId (Address: 0x18002e868)
  • GetFullPathNameW (Address: 0x18002e7a0)
  • GetLastError (Address: 0x18002e840)
  • GetModuleFileNameW (Address: 0x18002e718)
  • GetModuleHandleW (Address: 0x18002e880)
  • GetProcAddress (Address: 0x18002e7f8)
  • GetStdHandle (Address: 0x18002e788)
  • GetStringTypeExW (Address: 0x18002e758)
  • GetSystemDirectoryW (Address: 0x18002e7d0)
  • GetSystemTimeAsFileTime (Address: 0x18002e798)
  • GetTempFileNameW (Address: 0x18002e738)
  • GetTempPathW (Address: 0x18002e740)
  • GetTickCount (Address: 0x18002e870)
  • InitializeCriticalSection (Address: 0x18002e710)
  • LCMapStringW (Address: 0x18002e760)
  • LeaveCriticalSection (Address: 0x18002e820)
  • LoadLibraryExW (Address: 0x18002e838)
  • LoadResource (Address: 0x18002e7c0)
  • LocalFree (Address: 0x18002e6d0)
  • lstrcmpiW (Address: 0x18002e888)
  • lstrcmpW (Address: 0x18002e7b0)
  • MultiByteToWideChar (Address: 0x18002e7c8)
  • OpenProcess (Address: 0x18002e850)
  • OutputDebugStringA (Address: 0x18002e878)
  • QueryPerformanceCounter (Address: 0x18002e830)
  • RaiseException (Address: 0x18002e7d8)
  • ReadFile (Address: 0x18002e750)
  • ReleaseSRWLockExclusive (Address: 0x18002e6e0)
  • RtlCaptureContext (Address: 0x18002e748)
  • RtlLookupFunctionEntry (Address: 0x18002e770)
  • RtlVirtualUnwind (Address: 0x18002e7e0)
  • SetFilePointer (Address: 0x18002e890)
  • SetUnhandledExceptionFilter (Address: 0x18002e7f0)
  • SizeofResource (Address: 0x18002e898)
  • Sleep (Address: 0x18002e6d8)
  • SleepConditionVariableSRW (Address: 0x18002e728)
  • TerminateProcess (Address: 0x18002e828)
  • UnhandledExceptionFilter (Address: 0x18002e7e8)
  • WakeAllConditionVariable (Address: 0x18002e6f0)
  • WideCharToMultiByte (Address: 0x18002e708)
  • WriteFile (Address: 0x18002e780)
msvcrt.dll
  • __C_specific_handler (Address: 0x18002eb80)
  • __CxxFrameHandler3 (Address: 0x18002ebc8)
  • __dllonexit (Address: 0x18002eac0)
  • _amsg_exit (Address: 0x18002eba8)
  • _close (Address: 0x18002ea08)
  • _CxxThrowException (Address: 0x18002eb88)
  • _errno (Address: 0x18002ea98)
  • _initterm (Address: 0x18002ebb0)
  • _lock (Address: 0x18002ea88)
  • _onexit (Address: 0x18002eac8)
  • _open (Address: 0x18002ea18)
  • _purecall (Address: 0x18002eb10)
  • _resetstkoflw (Address: 0x18002eb20)
  • _ui64tow_s (Address: 0x18002eab0)
  • _unlock (Address: 0x18002ea90)
  • _vsnwprintf (Address: 0x18002eb68)
  • _waccess (Address: 0x18002ea30)
  • _wcsdup (Address: 0x18002ea58)
  • _wcserror (Address: 0x18002ea38)
  • _wcsicmp (Address: 0x18002eb38)
  • _wcsnicmp (Address: 0x18002eb30)
  • _wfopen (Address: 0x18002eb00)
  • _wfullpath (Address: 0x18002ea28)
  • _write (Address: 0x18002ea10)
  • _wsplitpath_s (Address: 0x18002ea20)
  • _wtoi (Address: 0x18002ea60)
  • _wtol (Address: 0x18002ea68)
  • _XcptFilter (Address: 0x18002eba0)
  • ??0exception@@QEAA@AEBQEBD@Z (Address: 0x18002e9f8)
  • ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x18002e9f0)
  • ??0exception@@QEAA@AEBV0@@Z (Address: 0x18002e9e8)
  • ??1exception@@UEAA@XZ (Address: 0x18002eaa0)
  • ??1type_info@@UEAA@XZ (Address: 0x18002ea80)
  • ?terminate@@YAXXZ (Address: 0x18002ebb8)
  • ?what@exception@@UEBAPEBDXZ (Address: 0x18002eb78)
  • calloc (Address: 0x18002eb08)
  • fclose (Address: 0x18002eae8)
  • ferror (Address: 0x18002ead8)
  • fread (Address: 0x18002eae0)
  • free (Address: 0x18002eb70)
  • fseek (Address: 0x18002eaf8)
  • ftell (Address: 0x18002eaf0)
  • fwrite (Address: 0x18002ea40)
  • iswspace (Address: 0x18002eb48)
  • iswxdigit (Address: 0x18002ebc0)
  • malloc (Address: 0x18002eb18)
  • mbstowcs (Address: 0x18002ead0)
  • memcmp (Address: 0x18002eb60)
  • memcpy (Address: 0x18002eb90)
  • memcpy_s (Address: 0x18002eb58)
  • memmove (Address: 0x18002eb98)
  • memset (Address: 0x18002ebd0)
  • printf (Address: 0x18002ea50)
  • realloc (Address: 0x18002ea00)
  • swscanf (Address: 0x18002ea70)
  • towupper (Address: 0x18002ea78)
  • wcschr (Address: 0x18002eb40)
  • wcsncmp (Address: 0x18002eb50)
  • wcsncpy_s (Address: 0x18002eab8)
  • wcsrchr (Address: 0x18002eb28)
  • wcstok (Address: 0x18002eaa8)
  • wcstombs (Address: 0x18002ea48)
OLE32.dll
  • CoCreateGuid (Address: 0x18002e8b0)
  • CoCreateInstance (Address: 0x18002e8d8)
  • CoQueryProxyBlanket (Address: 0x18002e8b8)
  • CoTaskMemAlloc (Address: 0x18002e8d0)
  • CoTaskMemFree (Address: 0x18002e8c0)
  • CoTaskMemRealloc (Address: 0x18002e8c8)
  • StringFromGUID2 (Address: 0x18002e8a8)
OLEAUT32.dll
  • CreateErrorInfo (Address: 0x18002e9a0)
  • GetErrorInfo (Address: 0x18002e920)
  • LoadRegTypeLib (Address: 0x18002e930)
  • LoadTypeLib (Address: 0x18002e938)
  • SafeArrayCreate (Address: 0x18002e908)
  • SafeArrayDestroy (Address: 0x18002e958)
  • SafeArrayDestroyData (Address: 0x18002e960)
  • SafeArrayDestroyDescriptor (Address: 0x18002e970)
  • SafeArrayGetElement (Address: 0x18002e950)
  • SafeArrayGetLBound (Address: 0x18002e940)
  • SafeArrayGetUBound (Address: 0x18002e948)
  • SafeArrayPutElement (Address: 0x18002e910)
  • SetErrorInfo (Address: 0x18002e918)
  • SysAllocString (Address: 0x18002e990)
  • SysAllocStringByteLen (Address: 0x18002e900)
  • SysAllocStringLen (Address: 0x18002e9a8)
  • SysFreeString (Address: 0x18002e980)
  • SysStringByteLen (Address: 0x18002e8f8)
  • SysStringLen (Address: 0x18002e998)
  • VarBstrCat (Address: 0x18002e8f0)
  • VariantChangeTypeEx (Address: 0x18002e8e8)
  • VariantClear (Address: 0x18002e988)
  • VariantCopy (Address: 0x18002e978)
  • VariantInit (Address: 0x18002e928)
  • VarUI4FromStr (Address: 0x18002e968)
USER32.dll
  • CharLowerBuffW (Address: 0x18002e9b8)
  • CharNextW (Address: 0x18002e9c0)
  • LoadStringW (Address: 0x18002e9c8)
wbemcomn.dll
  • _ThrowMemoryException_ (Address: 0x18002ebe0)
  • ??0CFlexArray@@QEAA@HH@Z (Address: 0x18002ece8)
  • ??0CMRCICompression@@QEAA@XZ (Address: 0x18002ecc8)
  • ??0Registry@@QEAA@PEBGK@Z (Address: 0x18002ec98)
  • ??0WString@@QEAA@PEBG@Z (Address: 0x18002ed18)
  • ??0WString@@QEAA@XZ (Address: 0x18002ec08)
  • ??1CFlexArray@@QEAA@XZ (Address: 0x18002ecf0)
  • ??1CMRCICompression@@QEAA@XZ (Address: 0x18002ed00)
  • ??1CVar@@QEAA@XZ (Address: 0x18002ed48)
  • ??1Registry@@QEAA@XZ (Address: 0x18002ed70)
  • ??4WString@@QEAAAEAV0@PEBG@Z (Address: 0x18002ec68)
  • ?AddEnvironmentValue@CWbemInstallObject@@SAJPEBG0@Z (Address: 0x18002ec10)
  • ?CleanUp@CWbemInstallObject@@SAXXZ (Address: 0x18002ec60)
  • ?CoCreateInstance@CWbemInstallObject@@SAJAEBU_GUID@@PEAUIUnknown@@K0PEAPEAX@Z (Address: 0x18002ecc0)
  • ?DeleteString@WString@@AEAAXPEAG@Z (Address: 0x18002ebe8)
  • ?ExpandEnvironmentStringsW@CWbemInstallObject@@SAKPEBGPEAGK@Z (Address: 0x18002ecd8)
  • ?FlushRepository@CWbemInstallObject@@SAJXZ (Address: 0x18002ec58)
  • ?GetAt@CFlexArray@@QEBAPEAXH@Z (Address: 0x18002ecf8)
  • ?GetMultiStr@Registry@@QEAAPEAGPEBGAEAK@Z (Address: 0x18002eca8)
  • ?GetRepositoryFolder@CWbemInstallObject@@SAPEBGXZ (Address: 0x18002ece0)
  • ?GetText@CVar@@QEAAPEAGJJPEBG@Z (Address: 0x18002ed50)
  • ?Init@CVar@@AEAAXXZ (Address: 0x18002ed38)
  • ?InsertAt@CFlexArray@@QEAAHHPEAX@Z (Address: 0x18002ed58)
  • ?IsOffline@CWbemInstallObject@@SA_NXZ (Address: 0x18002ec00)
  • ?LocaleName_To_LCID@CMUILocale@@SAJPEBGPEA_NPEAK@Z (Address: 0x18002ed30)
  • ?Mrci1Decompress@CBaseMrciCompression@@QEAAIPEAEI0I@Z (Address: 0x18002ecd0)
  • ?Mrci1MaxCompress@CBaseMrciCompression@@QEAAIPEAEI0I@Z (Address: 0x18002ed68)
  • ?ms_XXX_Locale_To_LCID@CMUILocale@@SAJPEBGPEAK@Z (Address: 0x18002ed28)
  • ?RemoveAt@CFlexArray@@QEAAHH@Z (Address: 0x18002ed60)
  • ?SetAutoRecoverFolder@CWbemInstallObject@@SAXPEBG@Z (Address: 0x18002ec38)
  • ?SetBinaryPath@CWbemInstallObject@@SAXPEBG@Z (Address: 0x18002ec28)
  • ?SetMultiStr@Registry@@QEAAHPEBGPEAGK@Z (Address: 0x18002ecb0)
  • ?SetOffline@CWbemInstallObject@@SAX_N@Z (Address: 0x18002ec20)
  • ?SetRegistryPathCIMOM@CWbemInstallObject@@SAXPEBG@Z (Address: 0x18002ec48)
  • ?SetRegistryPathWbem@CWbemInstallObject@@SAXPEBG@Z (Address: 0x18002ec40)
  • ?SetRepositoryFolder@CWbemInstallObject@@SAXPEBG@Z (Address: 0x18002ec30)
  • ?SetStr@Registry@@QEAAHPEBG0@Z (Address: 0x18002ecb8)
  • ?SetVariant@CVar@@QEAAHPEAUtagVARIANT@@H@Z (Address: 0x18002ed40)
  • ?Shutdown@CWbemInstallObject@@SAXXZ (Address: 0x18002ec18)
  • ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z (Address: 0x18002ed78)
  • ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z (Address: 0x18002eca0)
  • ?Write@CMemoryLog@@QEAAXJ@Z (Address: 0x18002ebf0)
  • bAreWeLocal (Address: 0x18002ed10)
  • CopyFileToAutorecover (Address: 0x18002ec90)
  • ExtractMachineName (Address: 0x18002ed08)
  • GetMemLogObject (Address: 0x18002ebf8)
  • RegisterDLL (Address: 0x18002ec70)
  • RegisterDllAppid (Address: 0x18002ec78)
  • RemoveFileFromAutoRecoverFolder (Address: 0x18002ec50)
  • UnRegisterDLL (Address: 0x18002ec80)
  • UnregisterDllAppid (Address: 0x18002ec88)
  • WbemVariantChangeType (Address: 0x18002ed20)