biwinrt.dll

Description: Windows Background Broker Infrastructure

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5794

Architecture: 32-bit

Operating System: Windows NT

SHA256: 950bc939b8792350f95f5a416fc80f2b

File Size: 255.3 KB

Uploaded At: Dec. 1, 2025, 7:53 a.m.

Views: 6

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x17430)
  • DllGetActivationFactory (Ordinal: 2, Address: 0x16c80)
  • DllGetClassObject (Ordinal: 3, Address: 0x20c70)
  • DllMain (Ordinal: 4, Address: 0x18b70)
  • BiRtCreateEventForApp (Ordinal: 5, Address: 0xd670)
  • BiRtDeleteEventForApp (Ordinal: 6, Address: 0xaff0)
  • BiRtEnumerateBrokeredEvents (Ordinal: 7, Address: 0x35670)
  • BiRtIsValidActivationTypeForEventType (Ordinal: 8, Address: 0xd070)
  • BiRtQueryBrokerEventId (Ordinal: 9, Address: 0x35890)
  • BiRtRegisterWorkItem (Ordinal: 10, Address: 0xd0e0)
  • BiRtRegisterWorkItemClsid (Ordinal: 11, Address: 0x35920)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll
  • CoCreateFreeThreadedMarshaler (Address: 0x10039030)
  • CoDecrementMTAUsage (Address: 0x1003902c)
  • CoGetApartmentType (Address: 0x10039034)
  • CoGetClassObject (Address: 0x10039048)
  • CoIncrementMTAUsage (Address: 0x1003904c)
  • CoTaskMemAlloc (Address: 0x1003903c)
  • CoTaskMemFree (Address: 0x10039040)
  • CoUnmarshalInterface (Address: 0x10039038)
  • CreateStreamOnHGlobal (Address: 0x10039044)
api-ms-win-core-com-l1-1-1.dll
  • RoGetAgileReference (Address: 0x10039054)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x10039060)
  • IsDebuggerPresent (Address: 0x10039064)
  • OutputDebugStringW (Address: 0x1003905c)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x1003906c)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x10039074)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x10039080)
  • RaiseException (Address: 0x10039084)
  • SetLastError (Address: 0x1003908c)
  • SetUnhandledExceptionFilter (Address: 0x1003907c)
  • UnhandledExceptionFilter (Address: 0x10039088)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x10039094)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x100390a4)
  • HeapAlloc (Address: 0x1003909c)
  • HeapFree (Address: 0x100390a0)
api-ms-win-core-heap-l2-1-0.dll
  • GlobalAlloc (Address: 0x100390ac)
  • GlobalFree (Address: 0x100390b4)
  • LocalAlloc (Address: 0x100390b0)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x100390c4)
  • GetModuleFileNameA (Address: 0x100390cc)
  • GetModuleHandleExW (Address: 0x100390bc)
  • GetModuleHandleW (Address: 0x100390c0)
  • GetProcAddress (Address: 0x100390c8)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x100390d4)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x100390e0)
  • GetCurrentProcessId (Address: 0x100390e4)
  • GetCurrentThreadId (Address: 0x100390ec)
  • OpenProcessToken (Address: 0x100390e8)
  • TerminateProcess (Address: 0x100390dc)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x100390f4)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x100390fc)
api-ms-win-core-quirks-l1-1-0.dll
  • QuirkIsEnabled (Address: 0x10039104)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x10039118)
  • AcquireSRWLockShared (Address: 0x10039124)
  • CreateEventW (Address: 0x1003910c)
  • CreateMutexExW (Address: 0x10039120)
  • CreateSemaphoreExW (Address: 0x10039114)
  • DeleteCriticalSection (Address: 0x10039130)
  • EnterCriticalSection (Address: 0x10039144)
  • InitializeCriticalSectionEx (Address: 0x10039148)
  • InitializeSRWLock (Address: 0x1003913c)
  • LeaveCriticalSection (Address: 0x10039150)
  • OpenSemaphoreW (Address: 0x10039138)
  • ReleaseMutex (Address: 0x10039134)
  • ReleaseSemaphore (Address: 0x1003911c)
  • ReleaseSRWLockExclusive (Address: 0x10039140)
  • ReleaseSRWLockShared (Address: 0x1003912c)
  • SetEvent (Address: 0x10039154)
  • TryAcquireSRWLockExclusive (Address: 0x1003914c)
  • WaitForSingleObject (Address: 0x10039128)
  • WaitForSingleObjectEx (Address: 0x10039110)
api-ms-win-core-synch-l1-2-0.dll
  • InitOnceExecuteOnce (Address: 0x10039160)
  • Sleep (Address: 0x1003915c)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x1003916c)
  • GetTickCount (Address: 0x10039168)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x10039174)
  • CreateThreadpoolTimer (Address: 0x10039180)
  • SetThreadpoolTimer (Address: 0x10039178)
  • WaitForThreadpoolTimerCallbacks (Address: 0x1003917c)
api-ms-win-core-util-l1-1-0.dll
  • DecodePointer (Address: 0x10039188)
  • EncodePointer (Address: 0x1003918c)
api-ms-win-core-winrt-error-l1-1-0.dll
  • RoOriginateError (Address: 0x1003919c)
  • RoOriginateErrorW (Address: 0x10039194)
  • RoTransformError (Address: 0x10039198)
  • SetRestrictedErrorInfo (Address: 0x100391a0)
api-ms-win-core-winrt-error-l1-1-1.dll
  • IsErrorPropagationEnabled (Address: 0x100391ac)
  • RoGetMatchingRestrictedErrorInfo (Address: 0x100391b0)
  • RoReportFailedDelegate (Address: 0x100391a8)
api-ms-win-core-winrt-l1-1-0.dll
  • RoActivateInstance (Address: 0x100391c4)
  • RoGetActivationFactory (Address: 0x100391c0)
  • RoInitialize (Address: 0x100391bc)
  • RoUninitialize (Address: 0x100391b8)
api-ms-win-core-winrt-string-l1-1-0.dll
  • WindowsCompareStringOrdinal (Address: 0x100391e4)
  • WindowsCreateString (Address: 0x100391cc)
  • WindowsCreateStringReference (Address: 0x100391e8)
  • WindowsDeleteString (Address: 0x100391d4)
  • WindowsDuplicateString (Address: 0x100391d0)
  • WindowsGetStringRawBuffer (Address: 0x100391d8)
  • WindowsIsStringEmpty (Address: 0x100391e0)
  • WindowsStringHasEmbeddedNull (Address: 0x100391dc)
api-ms-win-eventing-classicprovider-l1-1-0.dll
  • GetTraceEnableFlags (Address: 0x100391fc)
  • GetTraceEnableLevel (Address: 0x100391f0)
  • GetTraceLoggerHandle (Address: 0x10039200)
  • RegisterTraceGuidsW (Address: 0x100391f4)
  • UnregisterTraceGuids (Address: 0x100391f8)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventProviderEnabled (Address: 0x1003920c)
  • EventRegister (Address: 0x10039208)
  • EventSetInformation (Address: 0x10039218)
  • EventUnregister (Address: 0x10039214)
  • EventWriteTransfer (Address: 0x10039210)
api-ms-win-service-management-l1-1-0.dll
  • CloseServiceHandle (Address: 0x10039228)
  • OpenSCManagerW (Address: 0x10039220)
  • OpenServiceW (Address: 0x10039224)
api-ms-win-service-private-l1-1-0.dll
  • WaitServiceState (Address: 0x10039230)
msvcrt.dll
  • __CxxFrameHandler3 (Address: 0x10039260)
  • __dllonexit (Address: 0x10039264)
  • _amsg_exit (Address: 0x10039240)
  • _callnewh (Address: 0x10039278)
  • _CxxThrowException (Address: 0x1003927c)
  • _except_handler4_common (Address: 0x1003924c)
  • _ftol2 (Address: 0x10039298)
  • _initterm (Address: 0x10039238)
  • _lock (Address: 0x10039258)
  • _onexit (Address: 0x100392b8)
  • _purecall (Address: 0x100392a4)
  • _unlock (Address: 0x10039284)
  • _vsnprintf_s (Address: 0x10039280)
  • _vsnwprintf (Address: 0x100392b0)
  • _XcptFilter (Address: 0x10039268)
  • ??_V@YAXPAX@Z (Address: 0x100392b4)
  • ??0exception@@QAE@ABV0@@Z (Address: 0x10039290)
  • ??0exception@@QAE@XZ (Address: 0x1003929c)
  • ??1exception@@UAE@XZ (Address: 0x100392a0)
  • ??1type_info@@UAE@XZ (Address: 0x10039244)
  • ??3@YAXPAX@Z (Address: 0x100392a8)
  • ?terminate@@YAXXZ (Address: 0x1003923c)
  • ?what@exception@@UBEPBDXZ (Address: 0x10039274)
  • free (Address: 0x10039254)
  • malloc (Address: 0x10039250)
  • memcmp (Address: 0x10039294)
  • memcpy (Address: 0x1003928c)
  • memcpy_s (Address: 0x100392ac)
  • memmove (Address: 0x10039288)
  • memmove_s (Address: 0x1003925c)
  • memset (Address: 0x100392bc)
  • realloc (Address: 0x10039248)
  • toupper (Address: 0x10039270)
  • wcschr (Address: 0x1003926c)
ntdll.dll
  • NtQueryInformationToken (Address: 0x10039308)
  • NtQueryWnfStateData (Address: 0x100392cc)
  • RtlAllocateHeap (Address: 0x100392e4)
  • RtlCaptureContext (Address: 0x10039304)
  • RtlCompareMemory (Address: 0x100392e8)
  • RtlCompareUnicodeString (Address: 0x100392c4)
  • RtlFreeHeap (Address: 0x100392dc)
  • RtlInitUnicodeString (Address: 0x100392c8)
  • RtlNtStatusToDosError (Address: 0x100392f0)
  • RtlNtStatusToDosErrorNoTeb (Address: 0x100392ec)
  • RtlQueryPackageClaims (Address: 0x100392e0)
  • RtlReportException (Address: 0x100392fc)
  • RtlRunOnceBeginInitialize (Address: 0x100392f4)
  • RtlRunOnceComplete (Address: 0x10039300)
  • RtlRunOnceInitialize (Address: 0x100392f8)
  • RtlSubscribeWnfStateChangeNotification (Address: 0x100392d0)
  • RtlUnsubscribeWnfStateChangeNotification (Address: 0x100392d4)
  • WinSqmAddToStreamEx (Address: 0x100392d8)
OLEAUT32.dll
  • SysFreeString (Address: 0x10039000)
RPCRT4.dll
  • NdrAsyncClientCall2 (Address: 0x10039014)
  • NdrClientCall4 (Address: 0x10039020)
  • RpcAsyncCompleteCall (Address: 0x10039018)
  • RpcAsyncInitializeHandle (Address: 0x10039024)
  • RpcBindingBind (Address: 0x10039008)
  • RpcBindingCreateW (Address: 0x1003900c)
  • RpcBindingFree (Address: 0x10039010)
  • RpcExceptionFilter (Address: 0x1003901c)