AcSpecfc.dll

Description: Windows Compatibility DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 64-bit

Operating System: Windows NT

SHA256: 35baad73ba5d1fed20e9d9d8178e6fcb

File Size: 80.0 KB

Uploaded At: Dec. 1, 2025, 7:21 a.m.

Views: 13

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • GetHookAPIs (Ordinal: 1, Address: 0xaf50)
  • NotifyShims (Ordinal: 2, Address: 0xb000)

Imported DLLs & Functions

ADVAPI32.dll
  • CloseServiceHandle (Address: 0x18000d158)
  • ControlService (Address: 0x18000d188)
  • EventWriteTransfer (Address: 0x18000d178)
  • LsaFreeMemory (Address: 0x18000d170)
  • LsaOpenPolicy (Address: 0x18000d160)
  • LsaQueryInformationPolicy (Address: 0x18000d168)
  • OpenProcessToken (Address: 0x18000d180)
  • OpenSCManagerW (Address: 0x18000d148)
  • OpenServiceW (Address: 0x18000d150)
  • QueryServiceStatusEx (Address: 0x18000d138)
  • StartServiceW (Address: 0x18000d140)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x18000d390)
  • RegGetValueW (Address: 0x18000d3a0)
  • RegOpenKeyExW (Address: 0x18000d380)
  • RegQueryValueExW (Address: 0x18000d398)
  • RegSetValueExW (Address: 0x18000d388)
apphelp.dll
  • SE_COM_AddHook (Address: 0x18000d3d8)
  • SE_COM_AddServer (Address: 0x18000d3b0)
  • SE_COM_HookObject (Address: 0x18000d3b8)
  • SE_COM_Lookup (Address: 0x18000d3c0)
  • SE_GetShimId (Address: 0x18000d3d0)
  • SE_ShimDPF (Address: 0x18000d3c8)
KERNEL32.dll
  • CloseHandle (Address: 0x18000d1a8)
  • CreateProcessW (Address: 0x18000d1a0)
  • CreateThread (Address: 0x18000d1c8)
  • ExitProcess (Address: 0x18000d1e8)
  • ExpandEnvironmentStringsW (Address: 0x18000d1f0)
  • FindClose (Address: 0x18000d2f0)
  • FindFirstFileW (Address: 0x18000d318)
  • GetCommandLineW (Address: 0x18000d310)
  • GetCurrentProcess (Address: 0x18000d250)
  • GetCurrentProcessId (Address: 0x18000d298)
  • GetCurrentThreadId (Address: 0x18000d228)
  • GetEnvironmentVariableW (Address: 0x18000d2f8)
  • GetExitCodeProcess (Address: 0x18000d1e0)
  • GetFileAttributesW (Address: 0x18000d280)
  • GetFullPathNameW (Address: 0x18000d258)
  • GetLastError (Address: 0x18000d208)
  • GetLongPathNameW (Address: 0x18000d260)
  • GetModuleFileNameW (Address: 0x18000d278)
  • GetModuleHandleA (Address: 0x18000d2a0)
  • GetModuleHandleExW (Address: 0x18000d2e8)
  • GetModuleHandleW (Address: 0x18000d308)
  • GetProcAddress (Address: 0x18000d300)
  • GetProcessHeap (Address: 0x18000d2d8)
  • GetSystemDirectoryW (Address: 0x18000d1d0)
  • GetSystemTimeAsFileTime (Address: 0x18000d220)
  • GetTickCount (Address: 0x18000d218)
  • GetVersionExW (Address: 0x18000d2b0)
  • GetWindowsDirectoryW (Address: 0x18000d268)
  • HeapAlloc (Address: 0x18000d2e0)
  • HeapFree (Address: 0x18000d270)
  • K32EnumProcesses (Address: 0x18000d1b8)
  • K32GetProcessImageFileNameW (Address: 0x18000d198)
  • LocalAlloc (Address: 0x18000d290)
  • LocalFree (Address: 0x18000d2a8)
  • MoveFileW (Address: 0x18000d1f8)
  • MultiByteToWideChar (Address: 0x18000d288)
  • OpenProcess (Address: 0x18000d1b0)
  • QueryPerformanceCounter (Address: 0x18000d230)
  • SearchPathW (Address: 0x18000d1d8)
  • SetEnvironmentVariableW (Address: 0x18000d210)
  • SetUnhandledExceptionFilter (Address: 0x18000d240)
  • Sleep (Address: 0x18000d1c0)
  • TerminateProcess (Address: 0x18000d238)
  • TlsAlloc (Address: 0x18000d2c0)
  • TlsFree (Address: 0x18000d2b8)
  • TlsGetValue (Address: 0x18000d2c8)
  • TlsSetValue (Address: 0x18000d2d0)
  • UnhandledExceptionFilter (Address: 0x18000d248)
  • WaitForSingleObject (Address: 0x18000d200)
msi.dll
  • (Address: 0x18000d3e8)
msvcrt.dll
  • __C_specific_handler (Address: 0x18000d448)
  • __CxxFrameHandler3 (Address: 0x18000d400)
  • _amsg_exit (Address: 0x18000d498)
  • _CxxThrowException (Address: 0x18000d410)
  • _initterm (Address: 0x18000d480)
  • _vscwprintf (Address: 0x18000d4b0)
  • _vsnwprintf (Address: 0x18000d440)
  • _wcsicmp (Address: 0x18000d408)
  • _wcsnicmp (Address: 0x18000d438)
  • _XcptFilter (Address: 0x18000d418)
  • ??1type_info@@UEAA@XZ (Address: 0x18000d478)
  • free (Address: 0x18000d490)
  • iswctype (Address: 0x18000d458)
  • iswspace (Address: 0x18000d4a8)
  • malloc (Address: 0x18000d488)
  • memcpy (Address: 0x18000d420)
  • memmove (Address: 0x18000d3f8)
  • memset (Address: 0x18000d4a0)
  • towlower (Address: 0x18000d460)
  • wcschr (Address: 0x18000d468)
  • wcsncmp (Address: 0x18000d428)
  • wcsrchr (Address: 0x18000d430)
  • wcsspn (Address: 0x18000d450)
  • wcsstr (Address: 0x18000d470)
ntdll.dll
  • NtQueryKey (Address: 0x18000d4d0)
  • RtlAllocateHeap (Address: 0x18000d4c0)
  • RtlCaptureContext (Address: 0x18000d4e8)
  • RtlFreeHeap (Address: 0x18000d4c8)
  • RtlLookupFunctionEntry (Address: 0x18000d4e0)
  • RtlVirtualUnwind (Address: 0x18000d4d8)
ole32.dll
  • CoTaskMemAlloc (Address: 0x18000d4f8)
  • CoTaskMemFree (Address: 0x18000d500)
SHELL32.dll
  • SHGetFolderPathW (Address: 0x18000d330)
  • SHGetSpecialFolderPathW (Address: 0x18000d328)
SspiCli.dll
  • GetUserNameExW (Address: 0x18000d340)
USERENV.dll
  • GetAllUsersProfileDirectoryW (Address: 0x18000d358)
  • GetUserProfileDirectoryW (Address: 0x18000d350)
WINSPOOL.DRV
  • EnumFormsW (Address: 0x18000d370)
  • OpenPrinterW (Address: 0x18000d368)