AxInstSv.dll

Description: ActiveX Installer Service

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5794

Architecture: 64-bit

Operating System: Windows NT

SHA256: 8659ac6d2a0cec0de6241a379c425ae1

File Size: 146.5 KB

Uploaded At: Dec. 1, 2025, 7:23 a.m.

Views: 11

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • ServiceMain (Ordinal: 1, Address: 0xd780)
  • SvchostPushServiceGlobals (Ordinal: 2, Address: 0xd770)

Imported DLLs & Functions

ADVAPI32.dll
  • CloseServiceHandle (Address: 0x180018908)
  • OpenSCManagerW (Address: 0x180018920)
  • OpenServiceW (Address: 0x180018910)
  • QueryServiceStatus (Address: 0x180018928)
  • StartServiceW (Address: 0x180018918)
api-ms-win-core-com-l1-1-0.dll
  • CoCreateInstance (Address: 0x180018a50)
  • CoDisconnectContext (Address: 0x1800189e8)
  • CoImpersonateClient (Address: 0x180018a40)
  • CoInitializeEx (Address: 0x180018a10)
  • CoInitializeSecurity (Address: 0x180018a30)
  • CoRegisterClassObject (Address: 0x180018a18)
  • CoResumeClassObjects (Address: 0x180018a00)
  • CoRevertToSelf (Address: 0x180018a28)
  • CoRevokeClassObject (Address: 0x1800189e0)
  • CoSetProxyBlanket (Address: 0x180018a48)
  • CoSuspendClassObjects (Address: 0x180018a20)
  • CoTaskMemAlloc (Address: 0x180018a08)
  • CoTaskMemFree (Address: 0x1800189f8)
  • CoTaskMemRealloc (Address: 0x1800189f0)
  • CoUninitialize (Address: 0x180018a38)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x180018a78)
  • IsDebuggerPresent (Address: 0x180018a70)
  • OutputDebugStringA (Address: 0x180018a60)
  • OutputDebugStringW (Address: 0x180018a68)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x180018a88)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x180018a98)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180018aa8)
  • RaiseException (Address: 0x180018ac0)
  • SetLastError (Address: 0x180018ab8)
  • SetUnhandledExceptionFilter (Address: 0x180018ab0)
  • UnhandledExceptionFilter (Address: 0x180018ac8)
api-ms-win-core-file-l1-1-0.dll
  • CreateDirectoryW (Address: 0x180018ae8)
  • CreateFileW (Address: 0x180018b10)
  • DeleteFileW (Address: 0x180018b08)
  • FindClose (Address: 0x180018af0)
  • FindFirstFileW (Address: 0x180018ad8)
  • FindNextFileW (Address: 0x180018af8)
  • GetFileAttributesW (Address: 0x180018b18)
  • RemoveDirectoryW (Address: 0x180018ae0)
  • SetFileAttributesW (Address: 0x180018b20)
  • WriteFile (Address: 0x180018b00)
api-ms-win-core-file-l2-1-2.dll
  • CopyFileW (Address: 0x180018b30)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x180018b40)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x180018b58)
  • HeapAlloc (Address: 0x180018b60)
  • HeapFree (Address: 0x180018b50)
api-ms-win-core-heap-l2-1-0.dll
  • GlobalFree (Address: 0x180018b80)
  • LocalAlloc (Address: 0x180018b78)
  • LocalFree (Address: 0x180018b70)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
  • UnregisterWait (Address: 0x180018b90)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x180018bc0)
  • FindResourceExW (Address: 0x180018bf0)
  • FreeLibrary (Address: 0x180018ba8)
  • GetModuleFileNameA (Address: 0x180018bd8)
  • GetModuleFileNameW (Address: 0x180018bc8)
  • GetModuleHandleExW (Address: 0x180018be8)
  • GetModuleHandleW (Address: 0x180018bd0)
  • GetProcAddress (Address: 0x180018be0)
  • LoadLibraryExW (Address: 0x180018bb8)
  • LoadResource (Address: 0x180018ba0)
  • SizeofResource (Address: 0x180018bb0)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x180018c00)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateProcessAsUserW (Address: 0x180018c50)
  • GetCurrentProcess (Address: 0x180018c38)
  • GetCurrentProcessId (Address: 0x180018c30)
  • GetCurrentThread (Address: 0x180018c28)
  • GetCurrentThreadId (Address: 0x180018c18)
  • GetExitCodeProcess (Address: 0x180018c60)
  • OpenProcessToken (Address: 0x180018c40)
  • OpenThreadToken (Address: 0x180018c48)
  • ResumeThread (Address: 0x180018c10)
  • SetThreadToken (Address: 0x180018c20)
  • TerminateProcess (Address: 0x180018c58)
api-ms-win-core-processthreads-l1-1-1.dll
  • GetProcessMitigationPolicy (Address: 0x180018c80)
  • OpenProcess (Address: 0x180018c70)
  • SetProcessMitigationPolicy (Address: 0x180018c78)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180018c90)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x180018cd8)
  • RegCreateKeyExW (Address: 0x180018cc8)
  • RegDeleteValueW (Address: 0x180018cc0)
  • RegEnumKeyExW (Address: 0x180018ca8)
  • RegEnumValueW (Address: 0x180018cb8)
  • RegOpenKeyExW (Address: 0x180018cb0)
  • RegQueryInfoKeyW (Address: 0x180018ca0)
  • RegQueryValueExW (Address: 0x180018cd0)
  • RegSetValueExW (Address: 0x180018ce0)
api-ms-win-core-registry-l2-1-0.dll
  • RegDeleteKeyW (Address: 0x180018cf0)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x180018d10)
  • RtlLookupFunctionEntry (Address: 0x180018d08)
  • RtlVirtualUnwind (Address: 0x180018d00)
api-ms-win-core-string-l1-1-0.dll
  • MultiByteToWideChar (Address: 0x180018d20)
api-ms-win-core-string-l2-1-0.dll
  • CharNextW (Address: 0x180018d30)
api-ms-win-core-string-obsolete-l1-1-0.dll
  • lstrcmpiW (Address: 0x180018d48)
  • lstrcmpW (Address: 0x180018d40)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x180018d88)
  • AcquireSRWLockShared (Address: 0x180018d98)
  • CreateEventW (Address: 0x180018dc0)
  • CreateMutexExW (Address: 0x180018d58)
  • CreateSemaphoreExW (Address: 0x180018d60)
  • DeleteCriticalSection (Address: 0x180018d70)
  • EnterCriticalSection (Address: 0x180018d78)
  • InitializeCriticalSection (Address: 0x180018d80)
  • InitializeCriticalSectionEx (Address: 0x180018dc8)
  • LeaveCriticalSection (Address: 0x180018d68)
  • OpenSemaphoreW (Address: 0x180018db8)
  • ReleaseMutex (Address: 0x180018dd8)
  • ReleaseSemaphore (Address: 0x180018db0)
  • ReleaseSRWLockExclusive (Address: 0x180018d90)
  • ReleaseSRWLockShared (Address: 0x180018da0)
  • SetEvent (Address: 0x180018da8)
  • WaitForSingleObject (Address: 0x180018de0)
  • WaitForSingleObjectEx (Address: 0x180018dd0)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x180018df0)
api-ms-win-core-synch-l1-2-1.dll
  • WaitForMultipleObjects (Address: 0x180018e00)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x180018e10)
  • GetTickCount (Address: 0x180018e18)
  • GetWindowsDirectoryW (Address: 0x180018e20)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x180018e38)
  • CreateThreadpoolTimer (Address: 0x180018e48)
  • SetThreadpoolTimer (Address: 0x180018e30)
  • WaitForThreadpoolTimerCallbacks (Address: 0x180018e40)
api-ms-win-core-wow64-l1-1-0.dll
  • IsWow64Process (Address: 0x180018e58)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventRegister (Address: 0x180018e70)
  • EventUnregister (Address: 0x180018e68)
  • EventWrite (Address: 0x180018e78)
api-ms-win-security-base-l1-1-0.dll
  • AddAccessAllowedAce (Address: 0x180018e88)
  • AddAce (Address: 0x180018e98)
  • AllocateAndInitializeSid (Address: 0x180018ea0)
  • CopySid (Address: 0x180018f10)
  • CreateWellKnownSid (Address: 0x180018ef8)
  • DuplicateTokenEx (Address: 0x180018eb8)
  • FreeSid (Address: 0x180018f28)
  • GetAce (Address: 0x180018eb0)
  • GetAclInformation (Address: 0x180018f38)
  • GetLengthSid (Address: 0x180018ed0)
  • GetSecurityDescriptorDacl (Address: 0x180018f30)
  • GetSidLengthRequired (Address: 0x180018f20)
  • GetSidSubAuthority (Address: 0x180018ea8)
  • GetTokenInformation (Address: 0x180018ef0)
  • ImpersonateLoggedOnUser (Address: 0x180018ed8)
  • InitializeAcl (Address: 0x180018ec8)
  • InitializeSecurityDescriptor (Address: 0x180018f00)
  • IsValidSid (Address: 0x180018ee8)
  • RevertToSelf (Address: 0x180018ec0)
  • SetSecurityDescriptorDacl (Address: 0x180018e90)
  • SetSecurityDescriptorGroup (Address: 0x180018f08)
  • SetSecurityDescriptorOwner (Address: 0x180018f18)
  • SetTokenInformation (Address: 0x180018ee0)
api-ms-win-security-provider-l1-1-0.dll
  • SetNamedSecurityInfoW (Address: 0x180018f48)
api-ms-win-security-sddl-l1-1-0.dll
  • ConvertStringSecurityDescriptorToSecurityDescriptorW (Address: 0x180018f58)
api-ms-win-service-core-l1-1-0.dll
  • RegisterServiceCtrlHandlerExW (Address: 0x180018f68)
  • SetServiceStatus (Address: 0x180018f70)
msvcrt.dll
  • __C_specific_handler (Address: 0x180019098)
  • __CxxFrameHandler3 (Address: 0x180018ff0)
  • __dllonexit (Address: 0x180018f90)
  • _amsg_exit (Address: 0x180018fc0)
  • _beginthreadex (Address: 0x180019010)
  • _callnewh (Address: 0x1800190a0)
  • _CxxThrowException (Address: 0x180018fe8)
  • _endthreadex (Address: 0x180019018)
  • _errno (Address: 0x180018f80)
  • _initterm (Address: 0x180018fb8)
  • _lock (Address: 0x180018fa0)
  • _onexit (Address: 0x180018f88)
  • _purecall (Address: 0x180019008)
  • _unlock (Address: 0x180018f98)
  • _vsnprintf_s (Address: 0x180019038)
  • _vsnwprintf (Address: 0x180019048)
  • _wcsicmp (Address: 0x180019050)
  • _XcptFilter (Address: 0x180018fc8)
  • ??0exception@@QEAA@AEBQEBD@Z (Address: 0x180019070)
  • ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x180018ff8)
  • ??0exception@@QEAA@AEBV0@@Z (Address: 0x180019090)
  • ??0exception@@QEAA@XZ (Address: 0x180019060)
  • ??1exception@@UEAA@XZ (Address: 0x180019078)
  • ??1type_info@@UEAA@XZ (Address: 0x180018fa8)
  • ?terminate@@YAXXZ (Address: 0x180018fb0)
  • ?what@exception@@UEBAPEBDXZ (Address: 0x180019080)
  • free (Address: 0x180019030)
  • iswspace (Address: 0x180019000)
  • malloc (Address: 0x180019028)
  • memcmp (Address: 0x180018fe0)
  • memcpy (Address: 0x180018fd0)
  • memcpy_s (Address: 0x180019088)
  • memmove_s (Address: 0x180019068)
  • memset (Address: 0x1800190a8)
  • realloc (Address: 0x180018fd8)
  • swscanf_s (Address: 0x180019058)
  • wcsncpy_s (Address: 0x180019020)
  • wcsrchr (Address: 0x180019040)
ntdll.dll
  • NtClose (Address: 0x1800190c8)
  • NtOpenProcessToken (Address: 0x1800190b8)
  • NtOpenThreadToken (Address: 0x180019100)
  • NtQueryInformationToken (Address: 0x1800190c0)
  • RtlAcquireResourceExclusive (Address: 0x1800190f8)
  • RtlAcquireResourceShared (Address: 0x1800190d8)
  • RtlDeleteResource (Address: 0x1800190e8)
  • RtlInitializeResource (Address: 0x1800190e0)
  • RtlNtStatusToDosError (Address: 0x1800190d0)
  • RtlReleaseResource (Address: 0x1800190f0)
OLEAUT32.dll
  • SysAllocString (Address: 0x180018938)
  • SysAllocStringByteLen (Address: 0x180018940)
  • SysFreeString (Address: 0x180018960)
  • SysStringByteLen (Address: 0x180018948)
  • SysStringLen (Address: 0x180018968)
  • VarBstrCat (Address: 0x180018950)
  • VarUI4FromStr (Address: 0x180018958)
RPCRT4.dll
  • I_RpcExceptionFilter (Address: 0x180018980)
  • Ndr64AsyncClientCall (Address: 0x1800189b0)
  • RpcAsyncCancelCall (Address: 0x1800189a0)
  • RpcAsyncCompleteCall (Address: 0x180018978)
  • RpcAsyncInitializeHandle (Address: 0x180018998)
  • RpcBindingFree (Address: 0x1800189a8)
  • RpcBindingFromStringBindingW (Address: 0x180018990)
  • RpcBindingSetAuthInfoExW (Address: 0x1800189b8)
  • RpcStringBindingComposeW (Address: 0x1800189c0)
  • RpcStringFreeW (Address: 0x180018988)
USER32.dll
  • UnregisterClassA (Address: 0x1800189d0)