biwinrt.dll

Description: Windows Background Broker Infrastructure

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.5794

Architecture: 64-bit

Operating System: Windows NT

SHA256: c2340a1ce66186fe9476307118d7c75d

File Size: 325.9 KB

Uploaded At: Dec. 1, 2025, 7:23 a.m.

Views: 22

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • BiRtCreateEventForApp (Ordinal: 1, Address: 0x3a10)
  • BiRtDeleteEventForApp (Ordinal: 2, Address: 0x1810)
  • BiRtEnumerateBrokeredEvents (Ordinal: 3, Address: 0x34810)
  • BiRtIsValidActivationTypeForEventType (Ordinal: 4, Address: 0x14ae0)
  • BiRtQueryBrokerEventId (Ordinal: 5, Address: 0x34b20)
  • BiRtRegisterWorkItem (Ordinal: 6, Address: 0x38d0)
  • BiRtRegisterWorkItemClsid (Ordinal: 7, Address: 0x14b70)
  • DllCanUnloadNow (Ordinal: 8, Address: 0xee50)
  • DllGetActivationFactory (Ordinal: 9, Address: 0xdd70)
  • DllGetClassObject (Ordinal: 10, Address: 0x1c330)
  • DllMain (Ordinal: 11, Address: 0x122d0)

Imported DLLs & Functions

api-ms-win-core-com-l1-1-0.dll
  • CoCreateFreeThreadedMarshaler (Address: 0x18003b6b0)
  • CoDecrementMTAUsage (Address: 0x18003b690)
  • CoGetApartmentType (Address: 0x18003b6a8)
  • CoGetClassObject (Address: 0x18003b678)
  • CoIncrementMTAUsage (Address: 0x18003b688)
  • CoTaskMemAlloc (Address: 0x18003b6b8)
  • CoTaskMemFree (Address: 0x18003b680)
  • CoUnmarshalInterface (Address: 0x18003b6a0)
  • CreateStreamOnHGlobal (Address: 0x18003b698)
api-ms-win-core-com-l1-1-1.dll
  • RoGetAgileReference (Address: 0x18003b6c8)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x18003b6d8)
  • IsDebuggerPresent (Address: 0x18003b6e0)
  • OutputDebugStringW (Address: 0x18003b6e8)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x18003b6f8)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x18003b708)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x18003b738)
  • RaiseException (Address: 0x18003b730)
  • SetLastError (Address: 0x18003b718)
  • SetUnhandledExceptionFilter (Address: 0x18003b720)
  • UnhandledExceptionFilter (Address: 0x18003b728)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x18003b748)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x18003b760)
  • HeapAlloc (Address: 0x18003b758)
  • HeapFree (Address: 0x18003b768)
api-ms-win-core-heap-l2-1-0.dll
  • GlobalAlloc (Address: 0x18003b778)
  • GlobalFree (Address: 0x18003b780)
  • LocalAlloc (Address: 0x18003b788)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x18003b7b0)
  • GetModuleFileNameA (Address: 0x18003b7a0)
  • GetModuleHandleExW (Address: 0x18003b7a8)
  • GetModuleHandleW (Address: 0x18003b798)
  • GetProcAddress (Address: 0x18003b7b8)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x18003b7c8)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x18003b7d8)
  • GetCurrentProcessId (Address: 0x18003b7f0)
  • GetCurrentThreadId (Address: 0x18003b7f8)
  • OpenProcessToken (Address: 0x18003b7e0)
  • TerminateProcess (Address: 0x18003b7e8)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x18003b808)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x18003b818)
api-ms-win-core-quirks-l1-1-0.dll
  • QuirkIsEnabled (Address: 0x18003b828)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x18003b858)
  • AcquireSRWLockShared (Address: 0x18003b878)
  • CreateEventW (Address: 0x18003b868)
  • CreateMutexExW (Address: 0x18003b870)
  • CreateSemaphoreExW (Address: 0x18003b8b0)
  • DeleteCriticalSection (Address: 0x18003b860)
  • EnterCriticalSection (Address: 0x18003b8b8)
  • InitializeCriticalSectionEx (Address: 0x18003b848)
  • InitializeSRWLock (Address: 0x18003b8a8)
  • LeaveCriticalSection (Address: 0x18003b8c8)
  • OpenSemaphoreW (Address: 0x18003b840)
  • ReleaseMutex (Address: 0x18003b898)
  • ReleaseSemaphore (Address: 0x18003b880)
  • ReleaseSRWLockExclusive (Address: 0x18003b890)
  • ReleaseSRWLockShared (Address: 0x18003b838)
  • SetEvent (Address: 0x18003b8a0)
  • TryAcquireSRWLockExclusive (Address: 0x18003b8c0)
  • WaitForSingleObject (Address: 0x18003b888)
  • WaitForSingleObjectEx (Address: 0x18003b850)
api-ms-win-core-synch-l1-2-0.dll
  • InitOnceExecuteOnce (Address: 0x18003b8d8)
  • Sleep (Address: 0x18003b8e0)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x18003b8f0)
  • GetTickCount (Address: 0x18003b8f8)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x18003b910)
  • CreateThreadpoolTimer (Address: 0x18003b918)
  • SetThreadpoolTimer (Address: 0x18003b920)
  • WaitForThreadpoolTimerCallbacks (Address: 0x18003b908)
api-ms-win-core-util-l1-1-0.dll
  • DecodePointer (Address: 0x18003b938)
  • EncodePointer (Address: 0x18003b930)
api-ms-win-core-winrt-error-l1-1-0.dll
  • RoOriginateError (Address: 0x18003b948)
  • RoOriginateErrorW (Address: 0x18003b960)
  • RoTransformError (Address: 0x18003b958)
  • SetRestrictedErrorInfo (Address: 0x18003b950)
api-ms-win-core-winrt-error-l1-1-1.dll
  • IsErrorPropagationEnabled (Address: 0x18003b978)
  • RoGetMatchingRestrictedErrorInfo (Address: 0x18003b970)
  • RoReportFailedDelegate (Address: 0x18003b980)
api-ms-win-core-winrt-l1-1-0.dll
  • RoActivateInstance (Address: 0x18003b998)
  • RoGetActivationFactory (Address: 0x18003b990)
  • RoInitialize (Address: 0x18003b9a0)
  • RoUninitialize (Address: 0x18003b9a8)
api-ms-win-core-winrt-string-l1-1-0.dll
  • WindowsCompareStringOrdinal (Address: 0x18003b9b8)
  • WindowsCreateString (Address: 0x18003b9d8)
  • WindowsCreateStringReference (Address: 0x18003b9f0)
  • WindowsDeleteString (Address: 0x18003b9c0)
  • WindowsDuplicateString (Address: 0x18003b9d0)
  • WindowsGetStringRawBuffer (Address: 0x18003b9c8)
  • WindowsIsStringEmpty (Address: 0x18003b9e8)
  • WindowsStringHasEmbeddedNull (Address: 0x18003b9e0)
api-ms-win-eventing-classicprovider-l1-1-0.dll
  • GetTraceEnableFlags (Address: 0x18003ba10)
  • GetTraceEnableLevel (Address: 0x18003ba18)
  • GetTraceLoggerHandle (Address: 0x18003ba20)
  • RegisterTraceGuidsW (Address: 0x18003ba00)
  • UnregisterTraceGuids (Address: 0x18003ba08)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventProviderEnabled (Address: 0x18003ba30)
  • EventRegister (Address: 0x18003ba38)
  • EventSetInformation (Address: 0x18003ba40)
  • EventUnregister (Address: 0x18003ba50)
  • EventWriteTransfer (Address: 0x18003ba48)
api-ms-win-service-management-l1-1-0.dll
  • CloseServiceHandle (Address: 0x18003ba68)
  • OpenSCManagerW (Address: 0x18003ba60)
  • OpenServiceW (Address: 0x18003ba70)
api-ms-win-service-private-l1-1-0.dll
  • WaitServiceState (Address: 0x18003ba80)
msvcrt.dll
  • __C_specific_handler (Address: 0x18003bab8)
  • __CxxFrameHandler3 (Address: 0x18003bb90)
  • __dllonexit (Address: 0x18003bb68)
  • _amsg_exit (Address: 0x18003baa8)
  • _callnewh (Address: 0x18003bb28)
  • _CxxThrowException (Address: 0x18003bb30)
  • _initterm (Address: 0x18003ba98)
  • _lock (Address: 0x18003bb00)
  • _onexit (Address: 0x18003bb60)
  • _purecall (Address: 0x18003bb58)
  • _unlock (Address: 0x18003bac8)
  • _vsnprintf_s (Address: 0x18003baf0)
  • _vsnwprintf (Address: 0x18003bb80)
  • _XcptFilter (Address: 0x18003bab0)
  • ??_V@YAXPEAX@Z (Address: 0x18003bb88)
  • ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x18003bb18)
  • ??0exception@@QEAA@AEBV0@@Z (Address: 0x18003bb40)
  • ??0exception@@QEAA@XZ (Address: 0x18003bb48)
  • ??1exception@@UEAA@XZ (Address: 0x18003bb50)
  • ??1type_info@@UEAA@XZ (Address: 0x18003bb38)
  • ??3@YAXPEAX@Z (Address: 0x18003bb70)
  • ?terminate@@YAXXZ (Address: 0x18003ba90)
  • ?what@exception@@UEBAPEBDXZ (Address: 0x18003bb20)
  • free (Address: 0x18003bad8)
  • malloc (Address: 0x18003bad0)
  • memcmp (Address: 0x18003bac0)
  • memcpy (Address: 0x18003baa0)
  • memcpy_s (Address: 0x18003bb78)
  • memmove (Address: 0x18003bae0)
  • memmove_s (Address: 0x18003bae8)
  • memset (Address: 0x18003bb98)
  • realloc (Address: 0x18003baf8)
  • toupper (Address: 0x18003bb10)
  • wcschr (Address: 0x18003bb08)
ntdll.dll
  • NtQueryInformationToken (Address: 0x18003bc40)
  • NtQueryWnfStateData (Address: 0x18003bbc8)
  • RtlAllocateHeap (Address: 0x18003bbf8)
  • RtlCaptureContext (Address: 0x18003bc38)
  • RtlCompareMemory (Address: 0x18003bc00)
  • RtlCompareUnicodeString (Address: 0x18003bba8)
  • RtlFreeHeap (Address: 0x18003bbe8)
  • RtlInitUnicodeString (Address: 0x18003bbb0)
  • RtlLookupFunctionEntry (Address: 0x18003bbc0)
  • RtlNtStatusToDosError (Address: 0x18003bc10)
  • RtlNtStatusToDosErrorNoTeb (Address: 0x18003bc08)
  • RtlQueryPackageClaims (Address: 0x18003bbf0)
  • RtlReportException (Address: 0x18003bc28)
  • RtlRunOnceBeginInitialize (Address: 0x18003bc18)
  • RtlRunOnceComplete (Address: 0x18003bc30)
  • RtlRunOnceInitialize (Address: 0x18003bc20)
  • RtlSubscribeWnfStateChangeNotification (Address: 0x18003bbd0)
  • RtlUnsubscribeWnfStateChangeNotification (Address: 0x18003bbd8)
  • RtlVirtualUnwind (Address: 0x18003bbb8)
  • WinSqmAddToStreamEx (Address: 0x18003bbe0)
OLEAUT32.dll
  • SysFreeString (Address: 0x18003b620)
RPCRT4.dll
  • Ndr64AsyncClientCall (Address: 0x18003b660)
  • NdrClientCall3 (Address: 0x18003b648)
  • RpcAsyncCompleteCall (Address: 0x18003b658)
  • RpcAsyncInitializeHandle (Address: 0x18003b668)
  • RpcBindingBind (Address: 0x18003b638)
  • RpcBindingCreateW (Address: 0x18003b640)
  • RpcBindingFree (Address: 0x18003b630)
  • RpcExceptionFilter (Address: 0x18003b650)