seclogon.dll

Description: Secondary Logon Service DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 64-bit

Operating System: Windows NT

SHA256: 4fde516b5715a627e3dc2757f903875a

File Size: 32.0 KB

Uploaded At: Dec. 1, 2025, 7:38 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess

Exported Functions

  • SvcEntry_Seclogon (Ordinal: 1, Address: 0x27c0)
  • SvchostPushServiceGlobals (Ordinal: 2, Address: 0x2d80)

Imported DLLs & Functions

api-ms-win-core-crt-l1-1-0.dll
  • __C_specific_handler (Address: 0x180005800)
  • memset (Address: 0x180005808)
  • wcschr (Address: 0x1800057f8)
api-ms-win-core-crt-l2-1-0.dll
  • _initterm (Address: 0x180005820)
  • _initterm_e (Address: 0x180005818)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x180005830)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x180005840)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180005858)
  • SetLastError (Address: 0x180005850)
  • SetUnhandledExceptionFilter (Address: 0x180005868)
  • UnhandledExceptionFilter (Address: 0x180005860)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x180005878)
  • DuplicateHandle (Address: 0x180005880)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x1800058a0)
  • HeapAlloc (Address: 0x180005890)
  • HeapFree (Address: 0x180005898)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x1800058b0)
  • LocalFree (Address: 0x1800058b8)
api-ms-win-core-io-l1-1-0.dll
  • CreateIoCompletionPort (Address: 0x1800058c8)
  • GetQueuedCompletionStatus (Address: 0x1800058d0)
api-ms-win-core-job-l2-1-0.dll
  • AssignProcessToJobObject (Address: 0x1800058e0)
  • CreateJobObjectW (Address: 0x1800058f8)
  • SetInformationJobObject (Address: 0x1800058f0)
  • TerminateJobObject (Address: 0x1800058e8)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
  • UnregisterWait (Address: 0x180005908)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x180005918)
api-ms-win-core-memory-l1-1-0.dll
  • ReadProcessMemory (Address: 0x180005930)
  • WriteProcessMemory (Address: 0x180005928)
api-ms-win-core-processenvironment-l1-1-0.dll
  • GetCurrentDirectoryW (Address: 0x180005940)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateProcessAsUserW (Address: 0x180005980)
  • GetCurrentProcess (Address: 0x180005958)
  • GetCurrentProcessId (Address: 0x1800059a0)
  • GetCurrentThread (Address: 0x180005978)
  • GetCurrentThreadId (Address: 0x180005960)
  • InitializeProcThreadAttributeList (Address: 0x180005968)
  • OpenProcessToken (Address: 0x180005988)
  • OpenThreadToken (Address: 0x180005970)
  • ResumeThread (Address: 0x180005998)
  • TerminateProcess (Address: 0x180005990)
  • UpdateProcThreadAttribute (Address: 0x180005950)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x1800059b8)
  • SetProcessMitigationPolicy (Address: 0x1800059b0)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x1800059c8)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x1800059e0)
  • RtlLookupFunctionEntry (Address: 0x1800059e8)
  • RtlVirtualUnwind (Address: 0x1800059d8)
api-ms-win-core-synch-l1-1-0.dll
  • CreateEventW (Address: 0x180005a00)
  • DeleteCriticalSection (Address: 0x1800059f8)
  • EnterCriticalSection (Address: 0x180005a20)
  • InitializeCriticalSection (Address: 0x180005a08)
  • LeaveCriticalSection (Address: 0x180005a18)
  • SetEvent (Address: 0x180005a10)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x180005a30)
  • GetTickCount (Address: 0x180005a38)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
  • QueueUserWorkItem (Address: 0x180005a48)
api-ms-win-core-util-l1-1-0.dll
  • DecodePointer (Address: 0x180005a58)
  • EncodePointer (Address: 0x180005a60)
api-ms-win-security-base-l1-1-0.dll
  • GetTokenInformation (Address: 0x180005a90)
  • ImpersonateLoggedOnUser (Address: 0x180005a80)
  • PrivilegeCheck (Address: 0x180005a78)
  • RevertToSelf (Address: 0x180005a70)
  • SetTokenInformation (Address: 0x180005a88)
api-ms-win-service-core-l1-1-0.dll
  • RegisterServiceCtrlHandlerExW (Address: 0x180005aa8)
  • SetServiceStatus (Address: 0x180005aa0)
ntdll.dll
  • NtQueryInformationProcess (Address: 0x180005b08)
  • RtlAdjustPrivilege (Address: 0x180005ad8)
  • RtlAllocateAndInitializeSid (Address: 0x180005af0)
  • RtlCopySid (Address: 0x180005b18)
  • RtlFreeSid (Address: 0x180005af8)
  • RtlInitializeSid (Address: 0x180005b20)
  • RtlInitString (Address: 0x180005ab8)
  • RtlInitUnicodeString (Address: 0x180005b00)
  • RtlLengthRequiredSid (Address: 0x180005ae0)
  • RtlLengthSid (Address: 0x180005ae8)
  • RtlNtStatusToDosError (Address: 0x180005ac0)
  • RtlQueryEnvironmentVariable (Address: 0x180005ac8)
  • RtlSetEnvironmentVar (Address: 0x180005ad0)
  • RtlSidDominates (Address: 0x180005b28)
  • RtlSubAuthoritySid (Address: 0x180005b10)
RPCRT4.dll
  • I_RpcBindingIsClientLocal (Address: 0x1800057b8)
  • NdrServerCall2 (Address: 0x1800057d0)
  • NdrServerCallAll (Address: 0x1800057d8)
  • RpcImpersonateClient (Address: 0x1800057b0)
  • RpcRevertToSelfEx (Address: 0x1800057c8)
  • RpcServerRegisterIfEx (Address: 0x1800057e8)
  • RpcServerUnregisterIf (Address: 0x1800057c0)
  • RpcServerUseProtseqEpW (Address: 0x1800057e0)