wmipcima.dll

Description: WMI Win32Ex Provider

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 64-bit

Operating System: Windows NT

SHA256: 7b51d865b587d63cadca5d0ee840267e

File Size: 172.0 KB

Uploaded At: Dec. 1, 2025, 7:51 a.m.

Views: 5

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x1b90)
  • DllGetClassObject (Ordinal: 2, Address: 0x1700)
  • DllRegisterServer (Ordinal: 3, Address: 0x83a0)
  • DllUnregisterServer (Ordinal: 4, Address: 0x8410)

Imported DLLs & Functions

ADVAPI32.dll
  • ImpersonateLoggedOnUser (Address: 0x18001a510)
  • LsaClose (Address: 0x18001a4f0)
  • LsaEnumerateTrustedDomains (Address: 0x18001a4f8)
  • LsaFreeMemory (Address: 0x18001a4e8)
  • LsaOpenPolicy (Address: 0x18001a500)
  • LsaQueryInformationPolicy (Address: 0x18001a4e0)
  • OpenThreadToken (Address: 0x18001a4b0)
  • RegCloseKey (Address: 0x18001a4c8)
  • RegCreateKeyExW (Address: 0x18001a4c0)
  • RegDeleteKeyExW (Address: 0x18001a4d8)
  • RegOpenKeyExW (Address: 0x18001a4d0)
  • RegSetValueExW (Address: 0x18001a4b8)
  • RevertToSelf (Address: 0x18001a508)
DEVOBJ.dll
  • DevObjCreateDeviceInfoList (Address: 0x18001a530)
  • DevObjDestroyDeviceInfoList (Address: 0x18001a520)
  • DevObjEnumDeviceInfo (Address: 0x18001a548)
  • DevObjEnumDeviceInterfaces (Address: 0x18001a538)
  • DevObjGetClassDevs (Address: 0x18001a528)
  • DevObjGetDeviceInterfaceDetail (Address: 0x18001a540)
framedynos.dll
  • ??0CHPtrArray@@QEAA@XZ (Address: 0x18001a770)
  • ??0CHString@@QEAA@AEBV0@@Z (Address: 0x18001aa58)
  • ??0CHString@@QEAA@PEBG@Z (Address: 0x18001a818)
  • ??0CHString@@QEAA@XZ (Address: 0x18001a840)
  • ??0CHStringArray@@QEAA@XZ (Address: 0x18001aa38)
  • ??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z (Address: 0x18001a9f8)
  • ??0CThreadBase@@QEAA@W4THREAD_SAFETY_MECHANISM@0@@Z (Address: 0x18001a780)
  • ??0CWinMsgEvent@@QEAA@XZ (Address: 0x18001a930)
  • ??0Provider@@QEAA@PEBG0@Z (Address: 0x18001a858)
  • ??1CHPtrArray@@QEAA@XZ (Address: 0x18001a768)
  • ??1CHString@@QEAA@XZ (Address: 0x18001a968)
  • ??1CHStringArray@@QEAA@XZ (Address: 0x18001aa30)
  • ??1CObjectPathParser@@QEAA@XZ (Address: 0x18001a9f0)
  • ??1CThreadBase@@UEAA@XZ (Address: 0x18001a778)
  • ??1CWinMsgEvent@@QEAA@XZ (Address: 0x18001a938)
  • ??1Provider@@UEAA@XZ (Address: 0x18001a850)
  • ??4CHString@@QEAAAEBV0@AEBV0@@Z (Address: 0x18001a7d8)
  • ??4CHString@@QEAAAEBV0@PEBD@Z (Address: 0x18001a920)
  • ??4CHString@@QEAAAEBV0@PEBG@Z (Address: 0x18001aa48)
  • ??ACHPtrArray@@QEAAAEAPEAXH@Z (Address: 0x18001a738)
  • ??ACHStringArray@@QEAAAEAVCHString@@H@Z (Address: 0x18001a980)
  • ??ACHStringArray@@QEBA?AVCHString@@H@Z (Address: 0x18001a9e8)
  • ??BCHString@@QEBAPEBGXZ (Address: 0x18001a820)
  • ??H@YA?AVCHString@@AEBV0@0@Z (Address: 0x18001a9d8)
  • ??H@YA?AVCHString@@AEBV0@G@Z (Address: 0x18001a9d0)
  • ??H@YA?AVCHString@@AEBV0@PEBG@Z (Address: 0x18001a8e8)
  • ??H@YA?AVCHString@@PEBGAEBV0@@Z (Address: 0x18001a9c8)
  • ??YCHString@@QEAAAEBV0@AEBV0@@Z (Address: 0x18001a9a0)
  • ??YCHString@@QEAAAEBV0@G@Z (Address: 0x18001a888)
  • ??YCHString@@QEAAAEBV0@PEBG@Z (Address: 0x18001a878)
  • ?Add@CHPtrArray@@QEAAHPEAX@Z (Address: 0x18001a9b0)
  • ?Add@CHStringArray@@QEAAHPEBG@Z (Address: 0x18001a990)
  • ?AddRef@CInstance@@QEAAJXZ (Address: 0x18001a790)
  • ?BeginRead@CThreadBase@@QEAAHK@Z (Address: 0x18001a760)
  • ?BeginWrite@CThreadBase@@QEAAHK@Z (Address: 0x18001a740)
  • ?captainsLog@@3VProviderLog@@A (Address: 0x18001a868)
  • ?Commit@CInstance@@QEAAJXZ (Address: 0x18001a7e8)
  • ?Compare@CHString@@QEBAHPEBG@Z (Address: 0x18001a7c8)
  • ?CompareNoCase@CHString@@QEBAHPEBG@Z (Address: 0x18001a960)
  • ?Create@CWbemGlueFactory@@SAPEAV1@PEAJ@Z (Address: 0x18001aa60)
  • ?CreateNewInstance@Provider@@IEAAPEAVCInstance@@PEAVMethodContext@@@Z (Address: 0x18001a7f8)
  • ?DeleteInstance@Provider@@MEAAJAEBVCInstance@@J@Z (Address: 0x18001a718)
  • ?Destroy@CWbemGlueFactory@@QEAAXXZ (Address: 0x18001aa68)
  • ?Empty@CHString@@QEAAXXZ (Address: 0x18001a898)
  • ?EndRead@CThreadBase@@QEAAXXZ (Address: 0x18001a748)
  • ?EndWrite@CThreadBase@@QEAAXXZ (Address: 0x18001a728)
  • ?ExecMethod@Provider@@MEAAJAEBVCInstance@@QEAGPEAV2@2J@Z (Address: 0x18001a710)
  • ?ExecQuery@Provider@@MEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z (Address: 0x18001a928)
  • ?Find@CHString@@QEBAHG@Z (Address: 0x18001a7e0)
  • ?FindOneOf@CHString@@QEBAHPEBG@Z (Address: 0x18001a890)
  • ?Flush@Provider@@MEAAXXZ (Address: 0x18001a838)
  • ?Format@CHString@@QEAAXPEBGZZ (Address: 0x18001a830)
  • ?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z (Address: 0x18001aa78)
  • ?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z (Address: 0x18001aa70)
  • ?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z (Address: 0x18001aa00)
  • ?GetAt@CHPtrArray@@QEBAPEAXH@Z (Address: 0x18001a750)
  • ?GetBuffer@CHString@@QEAAPEAGH@Z (Address: 0x18001a7a8)
  • ?GetCHString@CInstance@@QEBA_NPEBGAEAVCHString@@@Z (Address: 0x18001a808)
  • ?GetDWORD@CInstance@@QEBA_NPEBGAEAK@Z (Address: 0x18001a9c0)
  • ?GetInstanceKeysByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z (Address: 0x18001a828)
  • ?GetInstancePropertiesByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@AEAVCHStringArray@@@Z (Address: 0x18001a988)
  • ?GetInstancesByQuery@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z (Address: 0x18001a800)
  • ?GetInstancesByQueryAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z (Address: 0x18001aa18)
  • ?GetLength@CHString@@QEBAHXZ (Address: 0x18001a7b0)
  • ?GetLocalComputerName@Provider@@IEAAAEBVCHString@@XZ (Address: 0x18001a958)
  • ?GetLocalInstancePath@Provider@@IEAA_NPEBVCInstance@@AEAVCHString@@@Z (Address: 0x18001aa08)
  • ?GetMethodContext@CInstance@@QEBAPEAVMethodContext@@XZ (Address: 0x18001a810)
  • ?GetNamespace@Provider@@IEAAAEBVCHString@@XZ (Address: 0x18001aa10)
  • ?GetObject@Provider@@MEAAJPEAVCInstance@@J@Z (Address: 0x18001a918)
  • ?GetObject@Provider@@MEAAJPEAVCInstance@@JAEAVCFrameworkQuery@@@Z (Address: 0x18001a708)
  • ?GetPropertyBitMask@CFrameworkQueryEx@@QEAAXAEBVCHPtrArray@@PEAX@Z (Address: 0x18001a8e0)
  • ?GetSize@CHPtrArray@@QEBAHXZ (Address: 0x18001a758)
  • ?GetSize@CHStringArray@@QEBAHXZ (Address: 0x18001aa20)
  • ?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAV?$vector@V_bstr_t@@V?$allocator@V_bstr_t@@@std@@@std@@@Z (Address: 0x18001a848)
  • ?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAVCHStringArray@@@Z (Address: 0x18001aa28)
  • ?GetVariant@CInstance@@QEBA_NPEBGAEAUtagVARIANT@@@Z (Address: 0x18001a9a8)
  • ?initFailed@Provider@@SAHXZ (Address: 0x18001aa40)
  • ?IsDerivedFrom@CWbemProviderGlue@@SA_NPEBG0PEAVMethodContext@@0@Z (Address: 0x18001a9b8)
  • ?IsEmpty@CHString@@QEBAHXZ (Address: 0x18001a8d8)
  • ?IsLoggingOn@ProviderLog@@QEAA?AW4LogLevel@1@PEAVCHString@@@Z (Address: 0x18001a880)
  • ?Left@CHString@@QEBA?AV1@H@Z (Address: 0x18001a7c0)
  • ?LocalLogMessage@ProviderLog@@QEAAXPEBG0HW4LogLevel@1@@Z (Address: 0x18001a860)
  • ?LocalLogMessage@ProviderLog@@QEAAXPEBGHW4LogLevel@1@0ZZ (Address: 0x18001a870)
  • ?MakeLower@CHString@@QEAAXXZ (Address: 0x18001a798)
  • ?MakeUpper@CHString@@QEAAXXZ (Address: 0x18001aa50)
  • ?Mid@CHString@@QEBA?AV1@H@Z (Address: 0x18001a7d0)
  • ?OnFinalRelease@CThreadBase@@MEAAXXZ (Address: 0x18001a720)
  • ?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z (Address: 0x18001a9e0)
  • ?PutInstance@Provider@@MEAAJAEBVCInstance@@J@Z (Address: 0x18001a910)
  • ?RegisterForMessage@CWinMsgEvent@@IEAAXIH@Z (Address: 0x18001a940)
  • ?Release@CInstance@@QEAAJXZ (Address: 0x18001a788)
  • ?ReleaseBuffer@CHString@@QEAAXH@Z (Address: 0x18001a7a0)
  • ?RemoveAll@CHPtrArray@@QEAAXXZ (Address: 0x18001a730)
  • ?RemoveAll@CHStringArray@@QEAAXXZ (Address: 0x18001a978)
  • ?RemoveAt@CHStringArray@@QEAAXHH@Z (Address: 0x18001a970)
  • ?Right@CHString@@QEBA?AV1@H@Z (Address: 0x18001a7b8)
  • ?SetAt@CHString@@QEAAXHG@Z (Address: 0x18001a998)
  • ?Setbool@CInstance@@QEAA_NPEBG_N@Z (Address: 0x18001a900)
  • ?SetCHString@CInstance@@QEAA_NPEBG0@Z (Address: 0x18001a908)
  • ?SetCHString@CInstance@@QEAA_NPEBGAEBVCHString@@@Z (Address: 0x18001a7f0)
  • ?SetCreationClassName@Provider@@IEAA_NPEAVCInstance@@@Z (Address: 0x18001a950)
  • ?SetDWORD@CInstance@@QEAA_NPEBGK@Z (Address: 0x18001a8f8)
  • ?SetSize@CHPtrArray@@QEAAXHH@Z (Address: 0x18001a8d0)
  • ?SetWCHARSplat@CInstance@@QEAA_NPEBG0@Z (Address: 0x18001a8f0)
  • ?UnRegisterMessage@CWinMsgEvent@@IEAA_NIH@Z (Address: 0x18001a948)
  • ?ValidateDeletionFlags@Provider@@MEAAJJ@Z (Address: 0x18001a8c0)
  • ?ValidateEnumerationFlags@Provider@@MEAAJJ@Z (Address: 0x18001a8a0)
  • ?ValidateGetObjFlags@Provider@@MEAAJJ@Z (Address: 0x18001a8a8)
  • ?ValidateMethodFlags@Provider@@MEAAJJ@Z (Address: 0x18001a8b0)
  • ?ValidatePutInstanceFlags@Provider@@MEAAJJ@Z (Address: 0x18001a8c8)
  • ?ValidateQueryFlags@Provider@@MEAAJJ@Z (Address: 0x18001a8b8)
KERNEL32.dll
  • AssignProcessToJobObject (Address: 0x18001a690)
  • CloseHandle (Address: 0x18001a680)
  • CreateEventW (Address: 0x18001a5b0)
  • CreateFileW (Address: 0x18001a678)
  • CreateThread (Address: 0x18001a5e8)
  • DebugBreak (Address: 0x18001a640)
  • DeleteCriticalSection (Address: 0x18001a5a8)
  • DeviceIoControl (Address: 0x18001a5f0)
  • DisableThreadLibraryCalls (Address: 0x18001a610)
  • EnterCriticalSection (Address: 0x18001a5b8)
  • FreeLibrary (Address: 0x18001a660)
  • GetComputerNameExW (Address: 0x18001a638)
  • GetCurrentProcess (Address: 0x18001a570)
  • GetCurrentProcessId (Address: 0x18001a588)
  • GetCurrentThread (Address: 0x18001a628)
  • GetCurrentThreadId (Address: 0x18001a590)
  • GetExitCodeThread (Address: 0x18001a600)
  • GetLastError (Address: 0x18001a698)
  • GetModuleFileNameW (Address: 0x18001a620)
  • GetProcAddress (Address: 0x18001a658)
  • GetSystemTimeAsFileTime (Address: 0x18001a598)
  • GetTickCount (Address: 0x18001a558)
  • GetVersionExW (Address: 0x18001a618)
  • GetWindowsDirectoryW (Address: 0x18001a650)
  • InitializeCriticalSection (Address: 0x18001a630)
  • InitializeCriticalSectionAndSpinCount (Address: 0x18001a5a0)
  • InitializeCriticalSectionEx (Address: 0x18001a5e0)
  • LeaveCriticalSection (Address: 0x18001a5c0)
  • LoadLibraryExW (Address: 0x18001a648)
  • LocalAlloc (Address: 0x18001a670)
  • LocalFree (Address: 0x18001a668)
  • lstrlenA (Address: 0x18001a5d0)
  • MultiByteToWideChar (Address: 0x18001a5d8)
  • OpenJobObjectW (Address: 0x18001a688)
  • OpenProcess (Address: 0x18001a6a8)
  • QueryInformationJobObject (Address: 0x18001a6b0)
  • QueryPerformanceCounter (Address: 0x18001a580)
  • ResetEvent (Address: 0x18001a5f8)
  • SetEvent (Address: 0x18001a6a0)
  • SetLastError (Address: 0x18001a608)
  • SetUnhandledExceptionFilter (Address: 0x18001a568)
  • Sleep (Address: 0x18001a6b8)
  • TerminateProcess (Address: 0x18001a578)
  • UnhandledExceptionFilter (Address: 0x18001a560)
  • WaitForSingleObjectEx (Address: 0x18001a5c8)
msvcrt.dll
  • __C_specific_handler (Address: 0x18001ab60)
  • __CxxFrameHandler3 (Address: 0x18001ab90)
  • __dllonexit (Address: 0x18001ab78)
  • _amsg_exit (Address: 0x18001ab48)
  • _callnewh (Address: 0x18001aaf0)
  • _CxxThrowException (Address: 0x18001ab28)
  • _initterm (Address: 0x18001ab58)
  • _lock (Address: 0x18001ab68)
  • _onexit (Address: 0x18001ab80)
  • _purecall (Address: 0x18001aaf8)
  • _unlock (Address: 0x18001ab70)
  • _vsnwprintf (Address: 0x18001aad8)
  • _wcsicmp (Address: 0x18001aad0)
  • _wcslwr (Address: 0x18001aaa8)
  • _wcsnicmp (Address: 0x18001aac8)
  • _wcsupr (Address: 0x18001aa88)
  • _wtoi (Address: 0x18001aa98)
  • _wtol (Address: 0x18001aaa0)
  • _XcptFilter (Address: 0x18001ab40)
  • ??_V@YAXPEAX@Z (Address: 0x18001aab8)
  • ??0exception@@QEAA@AEBQEBD@Z (Address: 0x18001ab00)
  • ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x18001ab08)
  • ??0exception@@QEAA@AEBV0@@Z (Address: 0x18001ab10)
  • ??1exception@@UEAA@XZ (Address: 0x18001ab18)
  • ??1type_info@@UEAA@XZ (Address: 0x18001ab88)
  • ??3@YAXPEAX@Z (Address: 0x18001aa90)
  • ?what@exception@@UEBAPEBDXZ (Address: 0x18001ab20)
  • free (Address: 0x18001ab50)
  • iswupper (Address: 0x18001aac0)
  • malloc (Address: 0x18001aae8)
  • memcpy (Address: 0x18001ab30)
  • memmove (Address: 0x18001ab38)
  • memset (Address: 0x18001ab98)
  • swscanf (Address: 0x18001aae0)
  • towupper (Address: 0x18001aab0)
ntdll.dll
  • RtlCaptureContext (Address: 0x18001abb0)
  • RtlLookupFunctionEntry (Address: 0x18001abb8)
  • RtlNtStatusToDosError (Address: 0x18001aba8)
  • RtlVirtualUnwind (Address: 0x18001abc0)
ole32.dll
  • CLSIDFromString (Address: 0x18001abe8)
  • CoTaskMemFree (Address: 0x18001abe0)
  • StringFromCLSID (Address: 0x18001abd8)
  • StringFromGUID2 (Address: 0x18001abd0)
OLEAUT32.dll
  • SysAllocString (Address: 0x18001a6d0)
  • SysAllocStringByteLen (Address: 0x18001a6f8)
  • SysFreeString (Address: 0x18001a6c8)
  • SysStringLen (Address: 0x18001a6d8)
  • VariantChangeType (Address: 0x18001a6f0)
  • VariantClear (Address: 0x18001a6e8)
  • VariantInit (Address: 0x18001a6e0)