efsadu.dll
Description: File Encryption Utility
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.4355
Architecture: 32-bit
Operating System: Windows NT
SHA256: 4b9534f14e97a8ab403b85b26007ce89
File Size: 106.5 KB
Uploaded At: Dec. 1, 2025, 7:56 a.m.
Views: 5
Exported Functions
- AddUserToObjectW (Ordinal: 1, Address: 0xb460)
- BackCurrentEfsCert (Ordinal: 2, Address: 0xb2f0)
- EfsDetail (Ordinal: 3, Address: 0x9050)
- EfsUIUtilCheckScardStatus (Ordinal: 4, Address: 0x8ac0)
- EfsUIUtilCreateSelfSignedCertificate (Ordinal: 5, Address: 0x8a40)
- EfsUIUtilEncryptMyDocuments (Ordinal: 6, Address: 0x8c00)
- EfsUIUtilEnrollEfsCertificate (Ordinal: 7, Address: 0x8be0)
- EfsUIUtilEnrollEfsCertificateEx (Ordinal: 8, Address: 0x8b70)
- EfsUIUtilInstallDra (Ordinal: 9, Address: 0x82d0)
- EfsUIUtilKeyBackup (Ordinal: 10, Address: 0x8540)
- EfsUIUtilPromptForPin (Ordinal: 11, Address: 0x8720)
- EfsUIUtilPromptForPinDialog (Ordinal: 12, Address: 0x8510)
- EfsUIUtilSelectCard (Ordinal: 13, Address: 0x8750)
- EfsUIUtilShowBalloonAndWait (Ordinal: 14, Address: 0x84e0)
Imported DLLs & Functions
ADVAPI32.dll
- AddUsersToEncryptedFile (Address: 0x67bb3018)
- ConvertStringSidToSidW (Address: 0x67bb3034)
- CryptSetProvParam (Address: 0x67bb3000)
- EncryptFileW (Address: 0x67bb303c)
- EventWriteTransfer (Address: 0x67bb3038)
- FreeEncryptionCertificateHashList (Address: 0x67bb3014)
- LsaClose (Address: 0x67bb302c)
- LsaFreeMemory (Address: 0x67bb3028)
- LsaLookupSids (Address: 0x67bb3024)
- LsaOpenPolicy (Address: 0x67bb3020)
- QueryRecoveryAgentsOnEncryptedFile (Address: 0x67bb3010)
- QueryUsersOnEncryptedFile (Address: 0x67bb300c)
- RegGetValueW (Address: 0x67bb3030)
- RemoveUsersFromEncryptedFile (Address: 0x67bb301c)
- SetUserFileEncryptionKeyEx (Address: 0x67bb3004)
- UsePinForEncryptedFilesW (Address: 0x67bb3008)
api-ms-win-core-com-l1-1-0.dll
- CoCreateInstance (Address: 0x67bb33fc)
- CoInitializeEx (Address: 0x67bb33f8)
- CoTaskMemAlloc (Address: 0x67bb33ec)
- CoTaskMemFree (Address: 0x67bb33f4)
- CoUninitialize (Address: 0x67bb33f0)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x67bb340c)
- IsDebuggerPresent (Address: 0x67bb3408)
- OutputDebugStringA (Address: 0x67bb3410)
- OutputDebugStringW (Address: 0x67bb3404)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x67bb3418)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x67bb3420)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x67bb3430)
- SetLastError (Address: 0x67bb3428)
- SetUnhandledExceptionFilter (Address: 0x67bb3434)
- UnhandledExceptionFilter (Address: 0x67bb342c)
api-ms-win-core-file-l1-1-0.dll
- FindClose (Address: 0x67bb343c)
- FindFirstFileExW (Address: 0x67bb3444)
- FindNextFileW (Address: 0x67bb3440)
- GetFileAttributesW (Address: 0x67bb344c)
- GetFullPathNameW (Address: 0x67bb3448)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x67bb3454)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x67bb345c)
- HeapAlloc (Address: 0x67bb3464)
- HeapFree (Address: 0x67bb3460)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x67bb3470)
- LocalFree (Address: 0x67bb346c)
api-ms-win-core-libraryloader-l1-2-0.dll
- GetModuleFileNameA (Address: 0x67bb3488)
- GetModuleFileNameW (Address: 0x67bb3484)
- GetModuleHandleA (Address: 0x67bb3480)
- GetModuleHandleExW (Address: 0x67bb3490)
- GetModuleHandleW (Address: 0x67bb347c)
- GetProcAddress (Address: 0x67bb348c)
- LoadStringW (Address: 0x67bb3478)
api-ms-win-core-libraryloader-l1-2-1.dll
- LoadLibraryA (Address: 0x67bb3498)
- LoadLibraryW (Address: 0x67bb349c)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x67bb34a8)
- GetLocaleInfoEx (Address: 0x67bb34a4)
- GetUserPreferredUILanguages (Address: 0x67bb34ac)
- IdnToAscii (Address: 0x67bb34b0)
api-ms-win-core-processenvironment-l1-1-0.dll
- GetCurrentDirectoryW (Address: 0x67bb34bc)
- SetCurrentDirectoryW (Address: 0x67bb34b8)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateThread (Address: 0x67bb34c4)
- GetCurrentProcess (Address: 0x67bb34dc)
- GetCurrentProcessId (Address: 0x67bb34e0)
- GetCurrentThread (Address: 0x67bb34d4)
- GetCurrentThreadId (Address: 0x67bb34cc)
- OpenProcessToken (Address: 0x67bb34d8)
- OpenThreadToken (Address: 0x67bb34c8)
- TerminateProcess (Address: 0x67bb34d0)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x67bb34e8)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x67bb34f4)
- RegCreateKeyExW (Address: 0x67bb3500)
- RegOpenKeyExW (Address: 0x67bb34fc)
- RegQueryValueExW (Address: 0x67bb34f8)
- RegSetValueExW (Address: 0x67bb34f0)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x67bb3514)
- CreateMutexExW (Address: 0x67bb3518)
- CreateSemaphoreExW (Address: 0x67bb351c)
- OpenEventW (Address: 0x67bb3510)
- OpenSemaphoreW (Address: 0x67bb352c)
- ReleaseMutex (Address: 0x67bb3524)
- ReleaseSemaphore (Address: 0x67bb3520)
- ReleaseSRWLockExclusive (Address: 0x67bb350c)
- WaitForSingleObject (Address: 0x67bb3528)
- WaitForSingleObjectEx (Address: 0x67bb3508)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x67bb3534)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x67bb353c)
- GetTickCount (Address: 0x67bb3540)
api-ms-win-eventing-provider-l1-1-0.dll
- EventEnabled (Address: 0x67bb354c)
- EventProviderEnabled (Address: 0x67bb3550)
- EventRegister (Address: 0x67bb3554)
- EventSetInformation (Address: 0x67bb3558)
- EventUnregister (Address: 0x67bb3548)
- EventWrite (Address: 0x67bb355c)
api-ms-win-security-base-l1-1-0.dll
- CheckTokenMembership (Address: 0x67bb3574)
- CopySid (Address: 0x67bb3564)
- EqualSid (Address: 0x67bb356c)
- GetLengthSid (Address: 0x67bb3568)
- GetTokenInformation (Address: 0x67bb3570)
api-ms-win-security-credentials-l1-1-0.dll
- CredFree (Address: 0x67bb3580)
- CredMarshalCredentialW (Address: 0x67bb357c)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x67bb3590)
- OpenSCManagerW (Address: 0x67bb358c)
- OpenServiceW (Address: 0x67bb3588)
api-ms-win-service-management-l2-1-0.dll
- ChangeServiceConfigW (Address: 0x67bb3598)
credui.dll
- CredPackAuthenticationBufferW (Address: 0x67bb35a0)
- CredUIPromptForWindowsCredentialsW (Address: 0x67bb35a8)
- CredUnPackAuthenticationBufferW (Address: 0x67bb35a4)
CRYPT32.dll
- CertAddCertificateContextToStore (Address: 0x67bb3078)
- CertAddCertificateLinkToStore (Address: 0x67bb3054)
- CertCloseStore (Address: 0x67bb3084)
- CertCreateCertificateContext (Address: 0x67bb3094)
- CertEnumCertificatesInStore (Address: 0x67bb3058)
- CertFindCertificateInStore (Address: 0x67bb3088)
- CertFindExtension (Address: 0x67bb3064)
- CertFreeCertificateChain (Address: 0x67bb3090)
- CertFreeCertificateContext (Address: 0x67bb307c)
- CertGetCertificateChain (Address: 0x67bb3050)
- CertGetCertificateContextProperty (Address: 0x67bb3074)
- CertGetEnhancedKeyUsage (Address: 0x67bb3068)
- CertGetNameStringW (Address: 0x67bb305c)
- CertOpenStore (Address: 0x67bb308c)
- CertSetCertificateContextProperty (Address: 0x67bb3070)
- CertVerifyCertificateChainPolicy (Address: 0x67bb304c)
- CertVerifyTimeValidity (Address: 0x67bb306c)
- CryptBinaryToStringW (Address: 0x67bb3080)
- CryptDecodeObject (Address: 0x67bb3060)
- CryptEncodeObjectEx (Address: 0x67bb3044)
- CryptStringToBinaryW (Address: 0x67bb3048)
CRYPTUI.dll
- CryptUIDlgSelectCertificateW (Address: 0x67bb309c)
- CryptUIWizExport (Address: 0x67bb30a0)
DSROLE.dll
- DsRoleFreeMemory (Address: 0x67bb30a8)
- DsRoleGetPrimaryDomainInformation (Address: 0x67bb30ac)
EFSUTIL.dll
- EfsUtilApplyGroupPolicy (Address: 0x67bb30c8)
- EfsUtilCheckCurrentKeyCapabilities (Address: 0x67bb30b8)
- EfsUtilCreateSelfSignedCertificate (Address: 0x67bb30d0)
- EfsUtilGetCertContextFromCertHash (Address: 0x67bb30c4)
- EfsUtilGetCurrentKey (Address: 0x67bb30d4)
- EfsUtilGetCurrentUserInformation (Address: 0x67bb30cc)
- EfsUtilGetSmartcardProviderName (Address: 0x67bb30dc)
- EfsUtilGetUserKey (Address: 0x67bb30c0)
- EfsUtilReleaseUserKey (Address: 0x67bb30b4)
- EfsUtilSetSmartcardPin (Address: 0x67bb30bc)
- EfsUtilSmartcardCredsNeededError (Address: 0x67bb30d8)
FeClient.dll
- EfsClientFreeKeyInfo (Address: 0x67bb30ec)
- EfsClientFreeProtectorList (Address: 0x67bb30e8)
- EfsClientGetKeyInfo (Address: 0x67bb30f0)
- EfsClientQueryProtectors (Address: 0x67bb30e4)
KERNEL32.dll
- DeleteCriticalSection (Address: 0x67bb310c)
- EnterCriticalSection (Address: 0x67bb3100)
- FreeLibrary (Address: 0x67bb3110)
- GetComputerNameW (Address: 0x67bb30f8)
- InitializeCriticalSection (Address: 0x67bb3108)
- LeaveCriticalSection (Address: 0x67bb3104)
- LoadLibraryExW (Address: 0x67bb3114)
- lstrlenW (Address: 0x67bb30fc)
logoncli.dll
- DsGetDcNameW (Address: 0x67bb35b0)
MFC42u.dll
- (Address: 0x67bb311c)
- (Address: 0x67bb3120)
- (Address: 0x67bb3124)
- (Address: 0x67bb3128)
- (Address: 0x67bb312c)
- (Address: 0x67bb3130)
- (Address: 0x67bb3134)
- (Address: 0x67bb3138)
- (Address: 0x67bb313c)
- (Address: 0x67bb3140)
- (Address: 0x67bb3144)
- (Address: 0x67bb3148)
- (Address: 0x67bb314c)
- (Address: 0x67bb3150)
- (Address: 0x67bb3154)
- (Address: 0x67bb3158)
- (Address: 0x67bb315c)
- (Address: 0x67bb3160)
- (Address: 0x67bb3164)
- (Address: 0x67bb3168)
- (Address: 0x67bb316c)
- (Address: 0x67bb3170)
- (Address: 0x67bb3174)
- (Address: 0x67bb3178)
- (Address: 0x67bb317c)
- (Address: 0x67bb3180)
- (Address: 0x67bb3184)
- (Address: 0x67bb3188)
- (Address: 0x67bb318c)
- (Address: 0x67bb3190)
- (Address: 0x67bb3194)
- (Address: 0x67bb3198)
- (Address: 0x67bb319c)
- (Address: 0x67bb31a0)
- (Address: 0x67bb31a4)
- (Address: 0x67bb31a8)
- (Address: 0x67bb31ac)
- (Address: 0x67bb31b0)
- (Address: 0x67bb31b4)
- (Address: 0x67bb31b8)
- (Address: 0x67bb31bc)
- (Address: 0x67bb31c0)
- (Address: 0x67bb31c4)
- (Address: 0x67bb31c8)
- (Address: 0x67bb31cc)
- (Address: 0x67bb31d0)
- (Address: 0x67bb31d4)
- (Address: 0x67bb31d8)
- (Address: 0x67bb31dc)
- (Address: 0x67bb31e0)
- (Address: 0x67bb31e4)
- (Address: 0x67bb31e8)
- (Address: 0x67bb31ec)
- (Address: 0x67bb31f0)
- (Address: 0x67bb31f4)
- (Address: 0x67bb31f8)
- (Address: 0x67bb31fc)
- (Address: 0x67bb3200)
- (Address: 0x67bb3204)
- (Address: 0x67bb3208)
- (Address: 0x67bb320c)
- (Address: 0x67bb3210)
- (Address: 0x67bb3214)
- (Address: 0x67bb3218)
- (Address: 0x67bb321c)
- (Address: 0x67bb3220)
- (Address: 0x67bb3224)
- (Address: 0x67bb3228)
- (Address: 0x67bb322c)
- (Address: 0x67bb3230)
- (Address: 0x67bb3234)
- (Address: 0x67bb3238)
- (Address: 0x67bb323c)
- (Address: 0x67bb3240)
- (Address: 0x67bb3244)
- (Address: 0x67bb3248)
- (Address: 0x67bb324c)
- (Address: 0x67bb3250)
- (Address: 0x67bb3254)
- (Address: 0x67bb3258)
- (Address: 0x67bb325c)
- (Address: 0x67bb3260)
- (Address: 0x67bb3264)
- (Address: 0x67bb3268)
- (Address: 0x67bb326c)
- (Address: 0x67bb3270)
- (Address: 0x67bb3274)
- (Address: 0x67bb3278)
- (Address: 0x67bb327c)
- (Address: 0x67bb3280)
- (Address: 0x67bb3284)
- (Address: 0x67bb3288)
- (Address: 0x67bb328c)
- (Address: 0x67bb3290)
- (Address: 0x67bb3294)
- (Address: 0x67bb3298)
- (Address: 0x67bb329c)
- (Address: 0x67bb32a0)
- (Address: 0x67bb32a4)
- (Address: 0x67bb32a8)
- (Address: 0x67bb32ac)
- (Address: 0x67bb32b0)
- (Address: 0x67bb32b4)
- (Address: 0x67bb32b8)
- (Address: 0x67bb32bc)
- (Address: 0x67bb32c0)
- (Address: 0x67bb32c4)
- (Address: 0x67bb32c8)
- (Address: 0x67bb32cc)
- (Address: 0x67bb32d0)
- (Address: 0x67bb32d4)
- (Address: 0x67bb32d8)
- (Address: 0x67bb32dc)
- (Address: 0x67bb32e0)
- (Address: 0x67bb32e4)
- (Address: 0x67bb32e8)
- (Address: 0x67bb32ec)
- (Address: 0x67bb32f0)
- (Address: 0x67bb32f4)
- (Address: 0x67bb32f8)
- (Address: 0x67bb32fc)
- (Address: 0x67bb3300)
- (Address: 0x67bb3304)
- (Address: 0x67bb3308)
- (Address: 0x67bb330c)
- (Address: 0x67bb3310)
msvcrt.dll
- __CxxFrameHandler3 (Address: 0x67bb35e0)
- __dllonexit (Address: 0x67bb35e8)
- _amsg_exit (Address: 0x67bb35f8)
- _CxxThrowException (Address: 0x67bb3610)
- _except_handler4_common (Address: 0x67bb35dc)
- _initterm (Address: 0x67bb35f4)
- _lock (Address: 0x67bb35f0)
- _ltow_s (Address: 0x67bb3604)
- _onexit (Address: 0x67bb35e4)
- _unlock (Address: 0x67bb35ec)
- _vsnprintf_s (Address: 0x67bb3624)
- _vsnwprintf (Address: 0x67bb35c4)
- _wcsicmp (Address: 0x67bb3600)
- _wcsnicmp (Address: 0x67bb3618)
- _XcptFilter (Address: 0x67bb35fc)
- ??_V@YAXPAX@Z (Address: 0x67bb35c8)
- ??0exception@@QAE@ABV0@@Z (Address: 0x67bb35d4)
- ??0exception@@QAE@XZ (Address: 0x67bb35d0)
- ??1exception@@UAE@XZ (Address: 0x67bb35c0)
- ??1type_info@@UAE@XZ (Address: 0x67bb3628)
- free (Address: 0x67bb3608)
- malloc (Address: 0x67bb360c)
- memcmp (Address: 0x67bb3614)
- memcpy (Address: 0x67bb35d8)
- memcpy_s (Address: 0x67bb35bc)
- memmove (Address: 0x67bb35cc)
- memset (Address: 0x67bb35b8)
- toupper (Address: 0x67bb3620)
- wcsncmp (Address: 0x67bb361c)
netutils.dll
- NetApiBufferFree (Address: 0x67bb3630)
ntdll.dll
- NtQueryInformationToken (Address: 0x67bb3640)
- RtlAllocateAndInitializeSid (Address: 0x67bb363c)
- RtlFreeSid (Address: 0x67bb3644)
- RtlNtStatusToDosError (Address: 0x67bb3638)
ole32.dll
- CoInitialize (Address: 0x67bb364c)
OLEAUT32.dll
- SysAllocString (Address: 0x67bb3320)
- SysFreeString (Address: 0x67bb3318)
- SysStringByteLen (Address: 0x67bb331c)
RPCRT4.dll
- RpcStringFreeW (Address: 0x67bb3330)
- UuidCreate (Address: 0x67bb3338)
- UuidCreateNil (Address: 0x67bb332c)
- UuidFromStringW (Address: 0x67bb3328)
- UuidToStringW (Address: 0x67bb3334)
SHELL32.dll
- (Address: 0x67bb3348)
- (Address: 0x67bb3354)
- SHChangeNotifySuspendResume (Address: 0x67bb334c)
- SHCreateItemFromParsingName (Address: 0x67bb3344)
- Shell_NotifyIconW (Address: 0x67bb3340)
- SHGetFolderPathW (Address: 0x67bb3350)
SHLWAPI.dll
- (Address: 0x67bb3360)
- StrDupW (Address: 0x67bb335c)
urlmon.dll
- CreateUri (Address: 0x67bb3654)
USER32.dll
- DefWindowProcW (Address: 0x67bb339c)
- DestroyWindow (Address: 0x67bb338c)
- DispatchMessageW (Address: 0x67bb3368)
- EnableWindow (Address: 0x67bb3398)
- GetClientRect (Address: 0x67bb3390)
- GetMessageW (Address: 0x67bb3380)
- KillTimer (Address: 0x67bb3374)
- LoadIconW (Address: 0x67bb3370)
- MessageBoxW (Address: 0x67bb3388)
- PostMessageW (Address: 0x67bb3384)
- PostQuitMessage (Address: 0x67bb336c)
- SendMessageW (Address: 0x67bb3394)
- SetTimer (Address: 0x67bb337c)
- TranslateMessage (Address: 0x67bb3378)
USERENV.dll
- RefreshPolicy (Address: 0x67bb33a4)
VAULTCLI.dll
- VaultCloseVault (Address: 0x67bb33b4)
- VaultFree (Address: 0x67bb33b0)
- VaultGetItem (Address: 0x67bb33b8)
- VaultOpenVault (Address: 0x67bb33ac)
WLDAP32.dll
- (Address: 0x67bb33c0)
- (Address: 0x67bb33c4)
- (Address: 0x67bb33c8)
- (Address: 0x67bb33cc)
- (Address: 0x67bb33d0)
- (Address: 0x67bb33d4)
- (Address: 0x67bb33d8)
- (Address: 0x67bb33dc)
- (Address: 0x67bb33e0)
- (Address: 0x67bb33e4)