coadmin.dll

Description: IIS CoAdmin DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 32-bit

Operating System: Windows NT

SHA256: bf50422d6bea7352521f608891eb484e

File Size: 77.5 KB

Uploaded At: Dec. 1, 2025, 8:32 a.m.

Views: 15

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0xae50)
  • DllRegisterServer (Ordinal: 2, Address: 0xac70)
  • DllUnregisterServer (Ordinal: 3, Address: 0xac80)
  • InitComAdmindata (Ordinal: 4, Address: 0xae60)
  • TerminateComAdmindata (Ordinal: 5, Address: 0xb500)

Imported DLLs & Functions

abocomp.dll
  • GetAboWrapper (Address: 0x5e1921d0)
  • InitializeAboCompatibilityLayer (Address: 0x5e1921c8)
  • TerminateAboCompatibilityLayer (Address: 0x5e1921cc)
ADMWPROX.dll
  • ReleaseObjectSecurityContextW (Address: 0x5e192000)
ADVAPI32.dll
  • AccessCheck (Address: 0x5e192030)
  • AddAccessAllowedAce (Address: 0x5e192034)
  • CloseServiceHandle (Address: 0x5e19204c)
  • ControlService (Address: 0x5e192048)
  • ConvertSecurityDescriptorToStringSecurityDescriptorW (Address: 0x5e192018)
  • CreateWellKnownSid (Address: 0x5e19206c)
  • CryptAcquireContextA (Address: 0x5e192014)
  • EnumDependentServicesW (Address: 0x5e192044)
  • GetLengthSid (Address: 0x5e192020)
  • GetSecurityDescriptorControl (Address: 0x5e19202c)
  • GetTokenInformation (Address: 0x5e192024)
  • ImpersonateLoggedOnUser (Address: 0x5e192060)
  • InitializeAcl (Address: 0x5e192010)
  • InitializeSecurityDescriptor (Address: 0x5e192068)
  • LookupAccountSidW (Address: 0x5e19201c)
  • OpenProcessToken (Address: 0x5e192028)
  • OpenSCManagerW (Address: 0x5e19203c)
  • OpenServiceW (Address: 0x5e192040)
  • OpenThreadToken (Address: 0x5e192058)
  • QueryServiceStatus (Address: 0x5e192054)
  • QueryServiceStatusEx (Address: 0x5e192064)
  • RevertToSelf (Address: 0x5e19205c)
  • SetSecurityDescriptorDacl (Address: 0x5e192038)
  • SetSecurityDescriptorGroup (Address: 0x5e19200c)
  • SetSecurityDescriptorOwner (Address: 0x5e192008)
  • StartServiceW (Address: 0x5e192050)
AUTHZ.dll
  • AuthzInstallSecurityEventSource (Address: 0x5e19207c)
  • AuthzRegisterSecurityEventSource (Address: 0x5e192074)
  • AuthzReportSecurityEventFromParams (Address: 0x5e192078)
IISCFG.DLL
  • DllGetSimpleObjectByIDEx (Address: 0x5e192084)
IisRTL.DLL
  • ??0STRU@@QAE@PAGK@Z (Address: 0x5e1920e0)
  • ??0STRU@@QAE@XZ (Address: 0x5e1920dc)
  • ??1BUFFER@@QAE@XZ (Address: 0x5e1920d8)
  • ??1STRU@@QAE@XZ (Address: 0x5e1920b8)
  • ?Append@STRU@@QAEJABV1@@Z (Address: 0x5e1920fc)
  • ?Append@STRU@@QAEJPBG@Z (Address: 0x5e1920a4)
  • ?Append@STRU@@QAEJPBGK@Z (Address: 0x5e1920bc)
  • ?ConvertExclusiveToShared@CReaderWriterLock3@@QAEXXZ (Address: 0x5e192098)
  • ?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ (Address: 0x5e1920f4)
  • ?Copy@STRU@@QAEJABV1@@Z (Address: 0x5e1920f8)
  • ?Copy@STRU@@QAEJPBG@Z (Address: 0x5e1920e4)
  • ?Copy@STRU@@QAEJPBGK@Z (Address: 0x5e1920c0)
  • ?ReadLock@CReaderWriterLock3@@QAEXXZ (Address: 0x5e1920c4)
  • ?ReadUnlock@CReaderWriterLock3@@QAEXXZ (Address: 0x5e1920f0)
  • ?Resize@BUFFER@@QAE_NK@Z (Address: 0x5e1920a0)
  • ?Resize@STRU@@QAEJK@Z (Address: 0x5e1920b0)
  • ?TryConvertSharedToExclusive@CReaderWriterLock3@@QAE_NXZ (Address: 0x5e192090)
  • ?TryReadLock@CReaderWriterLock3@@QAE_NXZ (Address: 0x5e19208c)
  • ?TryWriteLock@CReaderWriterLock3@@QAE_NXZ (Address: 0x5e192094)
  • ?WriteLock@CReaderWriterLock3@@QAEXXZ (Address: 0x5e1920d0)
  • ?WriteUnlock@CReaderWriterLock3@@QAEXXZ (Address: 0x5e1920cc)
  • CreateRefTraceLog (Address: 0x5e1920a8)
  • DestroyRefTraceLog (Address: 0x5e1920ac)
  • IISGetPlatformType (Address: 0x5e1920b4)
  • IISInitializeCriticalSection (Address: 0x5e19209c)
  • PuCreateDebugPrintsObject (Address: 0x5e1920ec)
  • PuDbgPrint (Address: 0x5e1920d4)
  • PuLoadDebugFlagsFromRegStr (Address: 0x5e1920e8)
  • WriteRefTraceLog (Address: 0x5e1920c8)
iisutil.dll
  • ?EtwTraceEvent@CEtwTracer@@QAAKPBU_GUID@@KZZ (Address: 0x5e1921d8)
KERNEL32.dll
  • CloseHandle (Address: 0x5e192144)
  • CreateEventA (Address: 0x5e192150)
  • CreateFileW (Address: 0x5e1921ac)
  • CreateThread (Address: 0x5e19214c)
  • DeleteCriticalSection (Address: 0x5e192184)
  • EnterCriticalSection (Address: 0x5e192160)
  • FileTimeToLocalFileTime (Address: 0x5e192168)
  • FreeLibrary (Address: 0x5e19219c)
  • GetCurrentProcess (Address: 0x5e192110)
  • GetCurrentProcessId (Address: 0x5e19210c)
  • GetCurrentThread (Address: 0x5e192138)
  • GetCurrentThreadId (Address: 0x5e1921a8)
  • GetLastError (Address: 0x5e192178)
  • GetProcAddress (Address: 0x5e192198)
  • GetProcessHeap (Address: 0x5e192170)
  • GetSystemDirectoryW (Address: 0x5e192194)
  • GetSystemTimeAsFileTime (Address: 0x5e19212c)
  • GetTickCount (Address: 0x5e192130)
  • GetVersionExA (Address: 0x5e192190)
  • HeapAlloc (Address: 0x5e192118)
  • HeapFree (Address: 0x5e192174)
  • InitializeCriticalSection (Address: 0x5e192188)
  • InitializeCriticalSectionAndSpinCount (Address: 0x5e192154)
  • LeaveCriticalSection (Address: 0x5e19215c)
  • LoadLibraryExW (Address: 0x5e1921a0)
  • LocalAlloc (Address: 0x5e192164)
  • LocalFileTimeToFileTime (Address: 0x5e19216c)
  • LocalFree (Address: 0x5e19218c)
  • OpenProcess (Address: 0x5e192134)
  • OutputDebugStringA (Address: 0x5e192114)
  • QueryFullProcessImageNameW (Address: 0x5e19213c)
  • QueryPerformanceCounter (Address: 0x5e192128)
  • RegisterWaitForSingleObject (Address: 0x5e1921a4)
  • SetEvent (Address: 0x5e192158)
  • SetLastError (Address: 0x5e192108)
  • SetUnhandledExceptionFilter (Address: 0x5e192120)
  • SignalObjectAndWait (Address: 0x5e192148)
  • Sleep (Address: 0x5e192180)
  • SleepEx (Address: 0x5e19217c)
  • TerminateProcess (Address: 0x5e192124)
  • UnhandledExceptionFilter (Address: 0x5e19211c)
  • UnregisterWaitEx (Address: 0x5e192104)
  • WaitForMultipleObjects (Address: 0x5e192140)
msvcrt.dll
  • __dllonexit (Address: 0x5e1921e4)
  • _amsg_exit (Address: 0x5e192234)
  • _callnewh (Address: 0x5e1921fc)
  • _except_handler4_common (Address: 0x5e192230)
  • _initterm (Address: 0x5e1921f0)
  • _lock (Address: 0x5e1921ec)
  • _onexit (Address: 0x5e1921e0)
  • _ultow (Address: 0x5e192204)
  • _unlock (Address: 0x5e1921e8)
  • _wcsdup (Address: 0x5e192210)
  • _wcsicmp (Address: 0x5e192214)
  • _wcsnicmp (Address: 0x5e192220)
  • _wcsupr (Address: 0x5e19220c)
  • _XcptFilter (Address: 0x5e1921f8)
  • free (Address: 0x5e192208)
  • malloc (Address: 0x5e192200)
  • memcpy (Address: 0x5e1921f4)
  • memset (Address: 0x5e192238)
  • wcscat_s (Address: 0x5e19222c)
  • wcschr (Address: 0x5e192228)
  • wcscpy_s (Address: 0x5e192218)
  • wcsncmp (Address: 0x5e19221c)
  • wcsstr (Address: 0x5e192224)
ntdll.dll
  • NtQueryInformationFile (Address: 0x5e192240)
  • RtlNtStatusToDosError (Address: 0x5e192244)
ole32.dll
  • CoCreateFreeThreadedMarshaler (Address: 0x5e19226c)
  • CoCreateInstance (Address: 0x5e192268)
  • CoDisconnectObject (Address: 0x5e192250)
  • CoGetCallContext (Address: 0x5e192254)
  • CoImpersonateClient (Address: 0x5e192264)
  • CoInitializeEx (Address: 0x5e192260)
  • CoRegisterClassObject (Address: 0x5e19224c)
  • CoRevokeClassObject (Address: 0x5e192258)
  • CoUninitialize (Address: 0x5e19225c)
OLEAUT32.dll
  • GetErrorInfo (Address: 0x5e1921b4)
RPCRT4.dll
  • I_RpcBindingInqLocalClientPID (Address: 0x5e1921c0)
  • I_RpcBindingIsClientLocal (Address: 0x5e1921bc)