SubAuthLoader.dll
Description: Hot-Pluggable Sub-Authentication Package DLL Loader.
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.8804.27858.1000
Architecture: 64-bit
Operating System: Windows NT
SHA256: db4739e3938afd9ee3caedc2a8631d70
File Size: 245.4 KB
Uploaded At: Dec. 1, 2025, 7:40 a.m.
Views: 5
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- Msv1_0SubAuthenticationFilterEx (Ordinal: 1, Address: 0x56b0)
- Msv1_0SubAuthenticationFilter (Ordinal: 2, Address: 0x5720)
- Msv1_0SubAuthenticationRoutineGeneric (Ordinal: 3, Address: 0x57c0)
Imported DLLs & Functions
ADVAPI32.dll
- ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x180022018)
- EventRegister (Address: 0x180022010)
- EventSetInformation (Address: 0x180022008)
- EventUnregister (Address: 0x180022000)
- EventWriteTransfer (Address: 0x180022020)
api-ms-win-core-libraryloader-l1-2-0.dll
- GetModuleHandleExA (Address: 0x1800223a8)
api-ms-win-core-synch-l1-1-0.dll
- CreateEventA (Address: 0x1800223c8)
- OpenEventA (Address: 0x1800223d0)
- ResetEvent (Address: 0x1800223c0)
- SetEvent (Address: 0x1800223b8)
KERNEL32.dll
- AcquireSRWLockExclusive (Address: 0x180022098)
- AcquireSRWLockShared (Address: 0x1800220a0)
- CloseHandle (Address: 0x180022170)
- CreateFileW (Address: 0x1800220e0)
- CreateMutexExW (Address: 0x180022030)
- CreateSemaphoreExW (Address: 0x180022038)
- DebugBreak (Address: 0x180022180)
- DecodePointer (Address: 0x180022220)
- DeleteCriticalSection (Address: 0x180022210)
- EncodePointer (Address: 0x180022218)
- EnterCriticalSection (Address: 0x1800221f8)
- ExitProcess (Address: 0x1800222d8)
- FindClose (Address: 0x1800221c8)
- FindFirstFileExW (Address: 0x1800221c0)
- FindNextFileW (Address: 0x1800221b8)
- FlsAlloc (Address: 0x1800222f8)
- FlsFree (Address: 0x180022310)
- FlsGetValue (Address: 0x180022300)
- FlsSetValue (Address: 0x180022308)
- FlushFileBuffers (Address: 0x180022118)
- FormatMessageW (Address: 0x180022070)
- FreeEnvironmentStringsW (Address: 0x180022128)
- FreeLibrary (Address: 0x1800221a8)
- GetACP (Address: 0x1800221a0)
- GetCommandLineA (Address: 0x180022140)
- GetCommandLineW (Address: 0x180022138)
- GetConsoleMode (Address: 0x180022100)
- GetConsoleOutputCP (Address: 0x180022108)
- GetCPInfo (Address: 0x180022230)
- GetCurrentProcess (Address: 0x180022270)
- GetCurrentProcessId (Address: 0x180022040)
- GetCurrentThreadId (Address: 0x180022048)
- GetEnvironmentStringsW (Address: 0x180022130)
- GetFileType (Address: 0x1800222f0)
- GetLastError (Address: 0x180022168)
- GetModuleFileNameA (Address: 0x180022050)
- GetModuleFileNameW (Address: 0x1800222e0)
- GetModuleHandleExW (Address: 0x180022060)
- GetModuleHandleW (Address: 0x180022058)
- GetOEMCP (Address: 0x180022198)
- GetProcAddress (Address: 0x180022068)
- GetProcessHeap (Address: 0x1800220f8)
- GetStartupInfoW (Address: 0x180022260)
- GetStdHandle (Address: 0x1800222e8)
- GetStringTypeW (Address: 0x1800221d8)
- GetSystemTimeAsFileTime (Address: 0x180022228)
- HeapAlloc (Address: 0x180022158)
- HeapFree (Address: 0x180022150)
- HeapReAlloc (Address: 0x180022328)
- HeapSize (Address: 0x180022080)
- InitializeCriticalSectionAndSpinCount (Address: 0x1800222a8)
- InitializeCriticalSectionEx (Address: 0x180022208)
- InitializeSListHead (Address: 0x180022280)
- InitOnceBeginInitialize (Address: 0x1800220a8)
- InitOnceComplete (Address: 0x1800220b0)
- InterlockedFlushSList (Address: 0x1800222a0)
- IsDebuggerPresent (Address: 0x180022188)
- IsProcessorFeaturePresent (Address: 0x180022268)
- IsValidCodePage (Address: 0x1800221b0)
- LCMapStringW (Address: 0x180022318)
- LeaveCriticalSection (Address: 0x180022200)
- LoadLibraryExW (Address: 0x1800222d0)
- LoadLibraryW (Address: 0x1800220e8)
- LocalFree (Address: 0x1800220f0)
- MultiByteToWideChar (Address: 0x1800221d0)
- OpenProcess (Address: 0x180022148)
- OpenSemaphoreW (Address: 0x1800220b8)
- OutputDebugStringW (Address: 0x180022178)
- QueryPerformanceCounter (Address: 0x1800221e0)
- RaiseException (Address: 0x180022290)
- ReleaseMutex (Address: 0x1800220d0)
- ReleaseSemaphore (Address: 0x1800220d8)
- ReleaseSRWLockExclusive (Address: 0x180022088)
- ReleaseSRWLockShared (Address: 0x180022090)
- RtlCaptureContext (Address: 0x180022238)
- RtlLookupFunctionEntry (Address: 0x180022240)
- RtlPcToFileHeader (Address: 0x180022288)
- RtlUnwindEx (Address: 0x180022298)
- RtlVirtualUnwind (Address: 0x180022248)
- SetFilePointerEx (Address: 0x180022320)
- SetLastError (Address: 0x180022160)
- SetStdHandle (Address: 0x180022120)
- SetUnhandledExceptionFilter (Address: 0x180022258)
- SleepConditionVariableSRW (Address: 0x1800221f0)
- TerminateProcess (Address: 0x180022278)
- TlsAlloc (Address: 0x1800222b0)
- TlsFree (Address: 0x1800222c8)
- TlsGetValue (Address: 0x1800222b8)
- TlsSetValue (Address: 0x1800222c0)
- UnhandledExceptionFilter (Address: 0x180022250)
- WaitForSingleObject (Address: 0x1800220c8)
- WaitForSingleObjectEx (Address: 0x1800220c0)
- WakeAllConditionVariable (Address: 0x1800221e8)
- WideCharToMultiByte (Address: 0x180022078)
- WriteConsoleW (Address: 0x180022190)
- WriteFile (Address: 0x180022110)
ntdll.dll
- NtQueryInformationProcess (Address: 0x1800223e0)
RPCRT4.dll
- NdrServerCall2 (Address: 0x180022340)
- NdrServerCallAll (Address: 0x180022338)
- RpcBindingFree (Address: 0x180022398)
- RpcBindingFromStringBindingW (Address: 0x180022358)
- RpcExceptionFilter (Address: 0x180022348)
- RpcMgmtStopServerListening (Address: 0x180022368)
- RpcServerInqCallAttributesW (Address: 0x180022360)
- RpcServerListen (Address: 0x180022388)
- RpcServerRegisterIf2 (Address: 0x180022380)
- RpcServerUnregisterIf (Address: 0x180022378)
- RpcServerUseProtseqEpW (Address: 0x180022370)
- RpcStringBindingComposeW (Address: 0x180022350)
- RpcStringFreeW (Address: 0x180022390)