amsi.dll

Description: Anti-Malware Scan Interface

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.4355

Architecture: 64-bit

Operating System: Windows NT

SHA256: 66f7a134f6a4d9fe63dd7d6ff88dded5

File Size: 101.5 KB

Uploaded At: Dec. 1, 2025, 7:22 a.m.

Views: 18

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • AmsiCloseSession (Ordinal: 1, Address: 0x3860)
  • AmsiInitialize (Ordinal: 2, Address: 0x34e0)
  • AmsiOpenSession (Ordinal: 3, Address: 0x3800)
  • AmsiScanBuffer (Ordinal: 4, Address: 0x3880)
  • AmsiScanString (Ordinal: 5, Address: 0x3980)
  • AmsiUacInitialize (Ordinal: 6, Address: 0x39e0)
  • AmsiUacScan (Ordinal: 7, Address: 0x3c60)
  • AmsiUacUninitialize (Ordinal: 8, Address: 0x3c00)
  • AmsiUninitialize (Ordinal: 9, Address: 0x37a0)
  • DllCanUnloadNow (Ordinal: 10, Address: 0x1b00)
  • DllGetClassObject (Ordinal: 11, Address: 0x1b40)
  • DllRegisterServer (Ordinal: 12, Address: 0x1c80)
  • DllUnregisterServer (Ordinal: 13, Address: 0x1c80)

Imported DLLs & Functions

api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x180011e48)
  • IsDebuggerPresent (Address: 0x180011e40)
  • OutputDebugStringW (Address: 0x180011e38)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x180011e58)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x180011e68)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180011e88)
  • SetLastError (Address: 0x180011e90)
  • SetUnhandledExceptionFilter (Address: 0x180011e78)
  • UnhandledExceptionFilter (Address: 0x180011e80)
api-ms-win-core-file-l1-1-0.dll
  • CreateFileW (Address: 0x180011ea0)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x180011eb0)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x180011ec8)
  • HeapAlloc (Address: 0x180011ec0)
  • HeapFree (Address: 0x180011ed0)
api-ms-win-core-libraryloader-l1-2-0.dll
  • GetModuleFileNameA (Address: 0x180011ee8)
  • GetModuleHandleExW (Address: 0x180011f00)
  • GetModuleHandleW (Address: 0x180011ef8)
  • GetProcAddress (Address: 0x180011ef0)
  • LoadLibraryExW (Address: 0x180011ee0)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x180011f10)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x180011f20)
  • GetCurrentProcessId (Address: 0x180011f38)
  • GetCurrentThreadId (Address: 0x180011f28)
  • TerminateProcess (Address: 0x180011f30)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x180011f48)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180011f58)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x180011f78)
  • RegEnumKeyExW (Address: 0x180011f70)
  • RegGetValueW (Address: 0x180011f88)
  • RegOpenKeyExW (Address: 0x180011f68)
  • RegQueryInfoKeyW (Address: 0x180011f80)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x180011fa8)
  • RtlLookupFunctionEntry (Address: 0x180011fa0)
  • RtlVirtualUnwind (Address: 0x180011f98)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x180011fe8)
  • AcquireSRWLockShared (Address: 0x180011fd0)
  • CreateMutexExW (Address: 0x180012010)
  • CreateSemaphoreExW (Address: 0x180011ff0)
  • DeleteCriticalSection (Address: 0x180012000)
  • EnterCriticalSection (Address: 0x180011fb8)
  • InitializeCriticalSection (Address: 0x180012008)
  • InitializeCriticalSectionEx (Address: 0x180011fc0)
  • LeaveCriticalSection (Address: 0x180011fc8)
  • OpenSemaphoreW (Address: 0x180012018)
  • ReleaseMutex (Address: 0x180012028)
  • ReleaseSemaphore (Address: 0x180011fd8)
  • ReleaseSRWLockExclusive (Address: 0x180011ff8)
  • ReleaseSRWLockShared (Address: 0x180011fe0)
  • WaitForSingleObject (Address: 0x180012020)
  • WaitForSingleObjectEx (Address: 0x180012030)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x180012040)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x180012050)
  • GetTickCount (Address: 0x180012058)
api-ms-win-core-sysinfo-l1-2-0.dll
  • GetSystemTimePreciseAsFileTime (Address: 0x180012068)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x180012080)
  • CreateThreadpoolTimer (Address: 0x180012090)
  • SetThreadpoolTimer (Address: 0x180012088)
  • WaitForThreadpoolTimerCallbacks (Address: 0x180012078)
api-ms-win-eventing-classicprovider-l1-1-0.dll
  • GetTraceEnableFlags (Address: 0x1800120a0)
  • GetTraceEnableLevel (Address: 0x1800120b0)
  • GetTraceLoggerHandle (Address: 0x1800120c8)
  • RegisterTraceGuidsW (Address: 0x1800120b8)
  • TraceMessage (Address: 0x1800120a8)
  • UnregisterTraceGuids (Address: 0x1800120c0)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventProviderEnabled (Address: 0x1800120f0)
  • EventRegister (Address: 0x1800120d8)
  • EventSetInformation (Address: 0x1800120f8)
  • EventUnregister (Address: 0x180012100)
  • EventWrite (Address: 0x1800120e0)
  • EventWriteTransfer (Address: 0x1800120e8)
msvcrt.dll
  • __C_specific_handler (Address: 0x180012218)
  • __CxxFrameHandler3 (Address: 0x180012220)
  • __dllonexit (Address: 0x180012128)
  • _amsg_exit (Address: 0x1800121f0)
  • _callnewh (Address: 0x180012198)
  • _CxxThrowException (Address: 0x180012170)
  • _initterm (Address: 0x1800121c8)
  • _lock (Address: 0x180012110)
  • _onexit (Address: 0x180012138)
  • _purecall (Address: 0x1800121a8)
  • _unlock (Address: 0x180012118)
  • _vsnprintf_s (Address: 0x180012148)
  • _vsnwprintf (Address: 0x1800121e8)
  • _XcptFilter (Address: 0x1800121f8)
  • ??_V@YAXPEAX@Z (Address: 0x180012208)
  • ??0exception@@QEAA@AEBQEBD@Z (Address: 0x180012190)
  • ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x180012188)
  • ??0exception@@QEAA@AEBV0@@Z (Address: 0x180012158)
  • ??0exception@@QEAA@XZ (Address: 0x180012180)
  • ??1exception@@UEAA@XZ (Address: 0x1800121b0)
  • ??1type_info@@UEAA@XZ (Address: 0x180012140)
  • ??3@YAXPEAX@Z (Address: 0x180012130)
  • ?terminate@@YAXXZ (Address: 0x1800121c0)
  • ?what@exception@@UEBAPEBDXZ (Address: 0x180012178)
  • free (Address: 0x180012210)
  • malloc (Address: 0x180012200)
  • memcmp (Address: 0x180012160)
  • memcpy (Address: 0x180012168)
  • memcpy_s (Address: 0x1800121d8)
  • memmove (Address: 0x180012150)
  • memmove_s (Address: 0x1800121a0)
  • memset (Address: 0x180012228)
  • rand (Address: 0x1800121d0)
  • srand (Address: 0x1800121e0)
  • time (Address: 0x180012120)
  • wcsnlen (Address: 0x1800121b8)
ntdll.dll
  • NtQueryInformationProcess (Address: 0x180012238)
RPCRT4.dll
  • UuidFromStringW (Address: 0x180011e28)