mscorsvc.dll

Description: .NET Runtime Optimization Service

Authors: © Microsoft Corporation. All rights reserved.

Version: 4.8.9093.0

Architecture: 32-bit

Operating System: Windows

SHA256: 6590fdeab0e82ebcd8de9e30ec7b2d34

File Size: 426.9 KB

Uploaded At: Dec. 1, 2025, 7:19 a.m.

Views: 37

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • CorCreateNGenProcess (Ordinal: 1, Address: 0x3fcf0)
  • CorGetNGenPolicy (Ordinal: 2, Address: 0x3fec0)
  • CorGetSvc (Ordinal: 3, Address: 0x10e00)
  • CorInitSvcLogger (Ordinal: 4, Address: 0x208c0)
  • CorSetCriticalTaskState (Ordinal: 5, Address: 0x30a90)
  • CorStopNonCriticalTask (Ordinal: 6, Address: 0x30f20)
  • CorSvcLog (Ordinal: 7, Address: 0x20a10)

Imported DLLs & Functions

ADVAPI32.dll
  • ConvertSidToStringSidW (Address: 0x10062028)
  • ConvertStringSidToSidW (Address: 0x10062034)
  • CreateProcessAsUserW (Address: 0x10062040)
  • DeregisterEventSource (Address: 0x10062044)
  • DuplicateTokenEx (Address: 0x10062030)
  • EventWrite (Address: 0x10062050)
  • FreeSid (Address: 0x1006202c)
  • GetLengthSid (Address: 0x1006203c)
  • GetSidSubAuthority (Address: 0x10062060)
  • GetSidSubAuthorityCount (Address: 0x1006205c)
  • GetTokenInformation (Address: 0x10062024)
  • OpenProcessToken (Address: 0x10062020)
  • RegCloseKey (Address: 0x10062004)
  • RegCreateKeyExW (Address: 0x10062054)
  • RegDeleteKeyW (Address: 0x10062008)
  • RegDeleteValueW (Address: 0x10062014)
  • RegEnumKeyExW (Address: 0x10062018)
  • RegEnumValueW (Address: 0x1006201c)
  • RegisterEventSourceW (Address: 0x10062048)
  • RegNotifyChangeKeyValue (Address: 0x10062000)
  • RegOpenKeyExW (Address: 0x10062058)
  • RegQueryValueExW (Address: 0x1006200c)
  • RegSetValueExW (Address: 0x10062010)
  • ReportEventW (Address: 0x1006204c)
  • SetTokenInformation (Address: 0x10062038)
fusion.dll
  • CreateApplicationContext (Address: 0x10062378)
  • CreateAssemblyCache (Address: 0x10062370)
  • CreateAssemblyNameObject (Address: 0x1006237c)
  • InitializeFusion (Address: 0x10062374)
KERNEL32.dll
  • ActivateActCtx (Address: 0x10062174)
  • CloseHandle (Address: 0x100621dc)
  • CreateActCtxW (Address: 0x10062178)
  • CreateDirectoryW (Address: 0x10062090)
  • CreateEventW (Address: 0x100621e0)
  • CreateFileMappingW (Address: 0x1006209c)
  • CreateFileW (Address: 0x100620fc)
  • CreateMutexW (Address: 0x1006214c)
  • CreatePipe (Address: 0x100620c4)
  • CreateProcessW (Address: 0x100620e8)
  • CreateSemaphoreW (Address: 0x10062134)
  • CreateThread (Address: 0x100621e8)
  • DeactivateActCtx (Address: 0x10062170)
  • DebugBreak (Address: 0x10062068)
  • DeleteCriticalSection (Address: 0x100621a0)
  • DeleteFileW (Address: 0x100621b4)
  • EnterCriticalSection (Address: 0x1006218c)
  • ExitProcess (Address: 0x100620b0)
  • FileTimeToSystemTime (Address: 0x10062120)
  • FindClose (Address: 0x100620f8)
  • FindFirstFileW (Address: 0x100621c0)
  • FindNextFileW (Address: 0x10062168)
  • FormatMessageW (Address: 0x10062214)
  • FreeLibrary (Address: 0x100620cc)
  • GetACP (Address: 0x1006221c)
  • GetCommandLineW (Address: 0x100620a8)
  • GetCPInfo (Address: 0x10062220)
  • GetCurrentProcess (Address: 0x10062070)
  • GetCurrentProcessId (Address: 0x100620b8)
  • GetCurrentThreadId (Address: 0x100620e0)
  • GetEnvironmentVariableW (Address: 0x10062080)
  • GetExitCodeProcess (Address: 0x100620ac)
  • GetFileAttributesExW (Address: 0x10062180)
  • GetFileAttributesW (Address: 0x100621f8)
  • GetFileSize (Address: 0x10062098)
  • GetFileSizeEx (Address: 0x10062184)
  • GetFullPathNameW (Address: 0x100621f4)
  • GetLastError (Address: 0x100621e4)
  • GetLocalTime (Address: 0x100620dc)
  • GetModuleFileNameW (Address: 0x10062104)
  • GetModuleHandleW (Address: 0x10062108)
  • GetProcAddress (Address: 0x100621f0)
  • GetProcessAffinityMask (Address: 0x100621bc)
  • GetProcessHeap (Address: 0x10062224)
  • GetSystemDirectoryW (Address: 0x100621b8)
  • GetSystemInfo (Address: 0x100621d0)
  • GetSystemPowerStatus (Address: 0x100621ec)
  • GetSystemTime (Address: 0x100621fc)
  • GetSystemTimeAsFileTime (Address: 0x10062188)
  • GetSystemWindowsDirectoryW (Address: 0x100620f4)
  • GetTickCount (Address: 0x10062198)
  • GetVersionExW (Address: 0x10062074)
  • GetWindowsDirectoryW (Address: 0x100620f0)
  • GlobalAlloc (Address: 0x100620c0)
  • GlobalMemoryStatusEx (Address: 0x10062088)
  • HeapAlloc (Address: 0x10062208)
  • HeapCreate (Address: 0x10062164)
  • HeapDestroy (Address: 0x10062138)
  • HeapFree (Address: 0x10062204)
  • HeapValidate (Address: 0x10062144)
  • InitializeCriticalSection (Address: 0x1006219c)
  • InitializeSListHead (Address: 0x1006210c)
  • IsDBCSLeadByte (Address: 0x10062210)
  • IsDebuggerPresent (Address: 0x100621d8)
  • IsProcessorFeaturePresent (Address: 0x10062114)
  • LCMapStringW (Address: 0x1006220c)
  • LeaveCriticalSection (Address: 0x10062190)
  • LoadLibraryExA (Address: 0x10062100)
  • LoadLibraryExW (Address: 0x100620a4)
  • LocalFree (Address: 0x100620d4)
  • MapViewOfFile (Address: 0x100620a0)
  • MoveFileExW (Address: 0x1006217c)
  • MultiByteToWideChar (Address: 0x10062218)
  • OpenEventW (Address: 0x100620b4)
  • OpenProcess (Address: 0x100620c8)
  • OutputDebugStringW (Address: 0x100620e4)
  • QueryInformationJobObject (Address: 0x100621c4)
  • QueryPerformanceCounter (Address: 0x10062110)
  • RaiseException (Address: 0x100620d8)
  • ReadFile (Address: 0x100620bc)
  • ReleaseActCtx (Address: 0x1006216c)
  • ReleaseMutex (Address: 0x10062148)
  • ReleaseSemaphore (Address: 0x10062154)
  • ResetEvent (Address: 0x100621a4)
  • SetConsoleCtrlHandler (Address: 0x10062078)
  • SetEnvironmentVariableW (Address: 0x10062084)
  • SetErrorMode (Address: 0x1006208c)
  • SetEvent (Address: 0x10062194)
  • SetLastError (Address: 0x10062094)
  • SetProcessShutdownParameters (Address: 0x1006207c)
  • SetUnhandledExceptionFilter (Address: 0x10062118)
  • SleepEx (Address: 0x10062130)
  • SwitchToThread (Address: 0x100621b0)
  • SystemTimeToFileTime (Address: 0x10062200)
  • TerminateProcess (Address: 0x1006206c)
  • TlsAlloc (Address: 0x1006213c)
  • TlsFree (Address: 0x10062128)
  • TlsGetValue (Address: 0x1006212c)
  • TlsSetValue (Address: 0x10062160)
  • UnhandledExceptionFilter (Address: 0x1006211c)
  • UnmapViewOfFile (Address: 0x100620d0)
  • VerifyVersionInfoW (Address: 0x100621c8)
  • VerSetConditionMask (Address: 0x100621cc)
  • VirtualAlloc (Address: 0x10062150)
  • VirtualFree (Address: 0x10062158)
  • VirtualProtect (Address: 0x1006215c)
  • VirtualQuery (Address: 0x10062124)
  • WaitForMultipleObjects (Address: 0x100621ac)
  • WaitForSingleObject (Address: 0x100621a8)
  • WaitForSingleObjectEx (Address: 0x10062140)
  • WideCharToMultiByte (Address: 0x100621d4)
  • WriteFile (Address: 0x100620ec)
mscoree.dll
  • CLRCreateInstance (Address: 0x10062368)
  • CreateConfigStream (Address: 0x10062360)
  • GetRequestedRuntimeInfo (Address: 0x10062364)
  • GetXMLObject (Address: 0x1006235c)
ole32.dll
  • CoAddRefServerProcess (Address: 0x10062304)
  • CoCreateGuid (Address: 0x1006231c)
  • CoCreateInstance (Address: 0x10062320)
  • CoDisconnectObject (Address: 0x100622fc)
  • CoInitializeEx (Address: 0x10062318)
  • CoReleaseServerProcess (Address: 0x10062300)
  • CoTaskMemFree (Address: 0x10062308)
  • CoUninitialize (Address: 0x10062314)
  • CoUnmarshalInterface (Address: 0x10062310)
  • CreateStreamOnHGlobal (Address: 0x1006230c)
OLEAUT32.dll
  • SafeArrayCreateVector (Address: 0x10062328)
  • SafeArrayDestroy (Address: 0x10062334)
  • SafeArrayGetElement (Address: 0x1006232c)
  • SafeArrayGetUBound (Address: 0x10062330)
  • SafeArrayPutElement (Address: 0x1006233c)
  • SetErrorInfo (Address: 0x10062348)
  • SysAllocString (Address: 0x10062350)
  • SysFreeString (Address: 0x1006234c)
  • SysStringLen (Address: 0x10062338)
  • VariantChangeType (Address: 0x10062354)
  • VariantClear (Address: 0x10062340)
  • VariantInit (Address: 0x10062344)
ucrtbase_clr0400.dll
  • __acrt_iob_func (Address: 0x10062294)
  • __stdio_common_vfwprintf (Address: 0x1006228c)
  • __stdio_common_vsnprintf_s (Address: 0x10062284)
  • __stdio_common_vsnwprintf_s (Address: 0x10062288)
  • __stdio_common_vswprintf_s (Address: 0x100622a4)
  • _cexit (Address: 0x100622dc)
  • _configure_narrow_argv (Address: 0x100622c4)
  • _crt_atexit (Address: 0x100622d8)
  • _errno (Address: 0x10062278)
  • _execute_onexit_table (Address: 0x100622d4)
  • _flushall (Address: 0x10062264)
  • _initialize_narrow_environment (Address: 0x100622c8)
  • _initialize_onexit_table (Address: 0x100622cc)
  • _initterm (Address: 0x100622b8)
  • _initterm_e (Address: 0x100622bc)
  • _putws (Address: 0x100622e0)
  • _register_onexit_function (Address: 0x100622d0)
  • _seh_filter_dll (Address: 0x100622c0)
  • _wcsicmp (Address: 0x100622ac)
  • _wcsnicmp (Address: 0x100622a0)
  • _wtoi (Address: 0x100622a8)
  • fflush (Address: 0x10062290)
  • free (Address: 0x10062260)
  • iswspace (Address: 0x10062270)
  • malloc (Address: 0x1006225c)
  • strcpy_s (Address: 0x10062280)
  • strncmp (Address: 0x1006227c)
  • wcscat_s (Address: 0x1006226c)
  • wcscpy_s (Address: 0x1006229c)
  • wcsncmp (Address: 0x10062274)
  • wcsncpy_s (Address: 0x10062298)
  • wcstok_s (Address: 0x10062268)
  • wcstol (Address: 0x100622b0)
  • wcstoul (Address: 0x100622b4)
USER32.dll
  • GetProcessWindowStation (Address: 0x100622ec)
  • GetUserObjectInformationW (Address: 0x100622f0)
  • LoadStringW (Address: 0x100622f4)
  • SystemParametersInfoW (Address: 0x100622e8)
VCRUNTIME140_CLR0400.dll
  • __CxxFrameHandler3 (Address: 0x10062238)
  • __std_type_info_destroy_list (Address: 0x10062230)
  • _CxxThrowException (Address: 0x10062244)
  • _except_handler4_common (Address: 0x1006224c)
  • _purecall (Address: 0x1006223c)
  • memcpy (Address: 0x10062234)
  • memmove (Address: 0x10062250)
  • memset (Address: 0x1006222c)
  • wcschr (Address: 0x10062248)
  • wcsrchr (Address: 0x10062240)
  • wcsstr (Address: 0x10062254)