amsi.dll
Description: Anti-Malware Scan Interface
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.4355
Architecture: 32-bit
Operating System: Windows NT
SHA256: 78250252f016973a2255f8d9aa19fdae
File Size: 77.0 KB
Uploaded At: Dec. 1, 2025, 7:52 a.m.
Views: 5
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- AmsiCloseSession (Ordinal: 1, Address: 0x5930)
- AmsiInitialize (Ordinal: 2, Address: 0x5610)
- AmsiOpenSession (Ordinal: 3, Address: 0x58d0)
- AmsiScanBuffer (Ordinal: 4, Address: 0x5960)
- AmsiScanString (Ordinal: 5, Address: 0x5a10)
- AmsiUacInitialize (Ordinal: 6, Address: 0x5a60)
- AmsiUacScan (Ordinal: 7, Address: 0x5c80)
- AmsiUacUninitialize (Ordinal: 8, Address: 0x5c30)
- AmsiUninitialize (Ordinal: 9, Address: 0x5880)
- DllCanUnloadNow (Ordinal: 10, Address: 0x4560)
- DllGetClassObject (Ordinal: 11, Address: 0x4590)
- DllRegisterServer (Ordinal: 12, Address: 0x45c0)
- DllUnregisterServer (Ordinal: 13, Address: 0x45c0)
Imported DLLs & Functions
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x10011008)
- IsDebuggerPresent (Address: 0x10011010)
- OutputDebugStringW (Address: 0x1001100c)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x10011018)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x10011020)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x10011034)
- SetLastError (Address: 0x10011030)
- SetUnhandledExceptionFilter (Address: 0x1001102c)
- UnhandledExceptionFilter (Address: 0x10011028)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x1001103c)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x10011044)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x10011054)
- HeapAlloc (Address: 0x10011050)
- HeapFree (Address: 0x1001104c)
api-ms-win-core-libraryloader-l1-2-0.dll
- GetModuleFileNameA (Address: 0x10011064)
- GetModuleHandleExW (Address: 0x10011060)
- GetModuleHandleW (Address: 0x1001106c)
- GetProcAddress (Address: 0x1001105c)
- LoadLibraryExW (Address: 0x10011068)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x10011074)
api-ms-win-core-processthreads-l1-1-0.dll
- GetCurrentProcess (Address: 0x10011088)
- GetCurrentProcessId (Address: 0x10011084)
- GetCurrentThreadId (Address: 0x10011080)
- TerminateProcess (Address: 0x1001107c)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x10011090)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x10011098)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x100110a0)
- RegEnumKeyExW (Address: 0x100110a8)
- RegGetValueW (Address: 0x100110b0)
- RegOpenKeyExW (Address: 0x100110a4)
- RegQueryInfoKeyW (Address: 0x100110ac)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x100110c4)
- AcquireSRWLockShared (Address: 0x100110dc)
- CreateMutexExW (Address: 0x100110e0)
- CreateSemaphoreExW (Address: 0x100110d8)
- DeleteCriticalSection (Address: 0x100110bc)
- EnterCriticalSection (Address: 0x100110f0)
- InitializeCriticalSection (Address: 0x100110e8)
- InitializeCriticalSectionEx (Address: 0x100110f4)
- LeaveCriticalSection (Address: 0x100110ec)
- OpenSemaphoreW (Address: 0x100110c0)
- ReleaseMutex (Address: 0x100110e4)
- ReleaseSemaphore (Address: 0x100110d4)
- ReleaseSRWLockExclusive (Address: 0x100110cc)
- ReleaseSRWLockShared (Address: 0x100110b8)
- WaitForSingleObject (Address: 0x100110d0)
- WaitForSingleObjectEx (Address: 0x100110c8)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x100110fc)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x10011108)
- GetTickCount (Address: 0x10011104)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetSystemTimePreciseAsFileTime (Address: 0x10011110)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1001111c)
- CreateThreadpoolTimer (Address: 0x10011120)
- SetThreadpoolTimer (Address: 0x10011118)
- WaitForThreadpoolTimerCallbacks (Address: 0x10011124)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x10011130)
- GetTraceEnableLevel (Address: 0x1001113c)
- GetTraceLoggerHandle (Address: 0x1001112c)
- RegisterTraceGuidsW (Address: 0x10011138)
- TraceMessage (Address: 0x10011140)
- UnregisterTraceGuids (Address: 0x10011134)
api-ms-win-eventing-provider-l1-1-0.dll
- EventProviderEnabled (Address: 0x1001114c)
- EventRegister (Address: 0x10011150)
- EventSetInformation (Address: 0x10011148)
- EventUnregister (Address: 0x10011154)
- EventWrite (Address: 0x1001115c)
- EventWriteTransfer (Address: 0x10011158)
msvcrt.dll
- __CxxFrameHandler3 (Address: 0x100111d8)
- __dllonexit (Address: 0x100111a8)
- _amsg_exit (Address: 0x100111cc)
- _callnewh (Address: 0x10011184)
- _CxxThrowException (Address: 0x10011174)
- _except_handler4_common (Address: 0x100111bc)
- _initterm (Address: 0x100111c8)
- _lock (Address: 0x100111b4)
- _onexit (Address: 0x100111a4)
- _purecall (Address: 0x10011190)
- _unlock (Address: 0x100111ac)
- _vsnprintf_s (Address: 0x10011194)
- _vsnwprintf (Address: 0x100111c4)
- _XcptFilter (Address: 0x100111d4)
- ??_V@YAXPAX@Z (Address: 0x100111d0)
- ??0exception@@QAE@ABQBD@Z (Address: 0x10011180)
- ??0exception@@QAE@ABQBDH@Z (Address: 0x1001117c)
- ??0exception@@QAE@ABV0@@Z (Address: 0x100111e4)
- ??0exception@@QAE@XZ (Address: 0x100111b0)
- ??1exception@@UAE@XZ (Address: 0x100111e0)
- ??1type_info@@UAE@XZ (Address: 0x100111a0)
- ??3@YAXPAX@Z (Address: 0x100111c0)
- ?terminate@@YAXXZ (Address: 0x100111b8)
- ?what@exception@@UBEPBDXZ (Address: 0x10011178)
- free (Address: 0x100111e8)
- malloc (Address: 0x100111dc)
- memcmp (Address: 0x10011198)
- memcpy (Address: 0x10011170)
- memcpy_s (Address: 0x10011164)
- memmove (Address: 0x10011168)
- memmove_s (Address: 0x1001118c)
- memset (Address: 0x100111f0)
- rand (Address: 0x10011188)
- srand (Address: 0x1001116c)
- time (Address: 0x100111ec)
- wcsnlen (Address: 0x1001119c)
ntdll.dll
- NtQueryInformationProcess (Address: 0x100111f8)
RPCRT4.dll
- UuidFromStringW (Address: 0x10011000)