Sampei.Nihira Posted December 19, 2019 Author Share Posted December 19, 2019 On 12/17/2019 at 10:38 PM, VistaLover said: ... More likely it needs the latest MS Visual C++ Redistributable, together with Win10 Universal CRT (KB2999226); but I'm sure you'll find the cause in due course... No, I installed MS Visual C ++ Redistributable 2015. Here are the missing files with DW: Link to comment Share on other sites More sharing options...
Tripredacus Posted December 19, 2019 Share Posted December 19, 2019 IESHIMS.dll is often one of the typical "false positive" detections by dependency programs. Oh, where are you running this .exe from? 1 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted December 19, 2019 Author Share Posted December 19, 2019 The path is in the image of the first post. Link to comment Share on other sites More sharing options...
NojusK Posted December 19, 2019 Share Posted December 19, 2019 (edited) ESET probably didn't even test it on XP Wow64DisableWow64FsRedirection and Wow64RevertWow64FsRedirection are missing that prevent it from running Infact both of these functions are in Server 2003/XP x64 SP1+ Edited December 19, 2019 by Nojus2001 1 Link to comment Share on other sites More sharing options...
VistaLover Posted December 19, 2019 Share Posted December 19, 2019 (edited) @Sampei.Nihira The major issue is Error: At least one module has an unresolved import due to a missing export function in an implicitly dependent module first, not the missing files ("question mark" inside a yellow circle); check for missing functions in XP's system files, like kernel32.dll; those files will be marked with a reddish square in the tree structure in the left side-bar; click the + signs where needed At least one other XP user has reported the inability to run that file, perhaps he could also investigate with DW and if a pattern is found and verified, perhaps the app's devs should be alerted their file doesn't run on ALL XP setups; just my 2 eurocents, ofc Buon Natale! EDIT: Beaten to it by mere seconds by @Nojus2001 Edited December 19, 2019 by VistaLover 1 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted December 19, 2019 Author Share Posted December 19, 2019 19 minutes ago, VistaLover said: @Sampei.Nihira The major issue is Error: At least one module has an unresolved import due to a missing export function in an implicitly dependent module first, not the missing files ("question mark" inside a yellow circle); check for missing functions in XP's system files, like kernel32.dll; those files will be marked with a reddish square in the tree structure in the left side-bar; click the + signs where needed At least one other XP user has reported the inability to run that file, perhaps he could also investigate with DW and if a pattern is found and verified, perhaps the app's devs should be alerted their file doesn't run on ALL XP setups; just my 2 eurocents, ofc Buon Natale! EDIT: Beaten to it by mere seconds by @Nojus2001 I have not highlighted them in the image because they are not there. Buone feste natalizie anche a te e i tuoi cari. @to all Guys thank you all very much. 1 Link to comment Share on other sites More sharing options...
Tripredacus Posted December 20, 2019 Share Posted December 20, 2019 22 hours ago, Sampei.Nihira said: The path is in the image of the first post. Ok it is running from Documents. Put it into its own dir. Then you can put copies of the files that it "can't find" in that dir. Unless the program was coded with direct links, dependent files can be in the source dir or System32 or Syswow. That is one way you could say... use a different kernel32.dll than the OS is using, by putting it in the source dir. You can attach a Process Monitor to the .exe to see the search order that is done when looking for files. Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted December 20, 2019 Author Share Posted December 20, 2019 2 hours ago, Tripredacus said: Ok it is running from Documents. Put it into its own dir. Then you can put copies of the files that it "can't find" in that dir. Unless the program was coded with direct links, dependent files can be in the source dir or System32 or Syswow. That is one way you could say... use a different kernel32.dll than the OS is using, by putting it in the source dir. You can attach a Process Monitor to the .exe to see the search order that is done when looking for files. I did a search on the net. Some of those dlls shouldn't be in Windows XP. Link to comment Share on other sites More sharing options...
win32 Posted December 20, 2019 Share Posted December 20, 2019 (edited) The Encrypting File System (efsadu.dll) only exists in XP Pro and higher. wer.dll and mpr.dll are red herrings though; dependency walker always whines about them. You won't need them. But I think 2003 SP1's kernel32.dll is adaptable to XP. Anyone know of an update that contains it? Edited December 20, 2019 by win32 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted December 20, 2019 Author Share Posted December 20, 2019 (edited) Another article: https://www.bleepingcomputer.com/news/security/windows-remote-desktop-services-used-for-fileless-malware-attacks/ As a precaution I have also disabled the service below: and my OSA software has the following rule enabled: Edited December 20, 2019 by Sampei.Nihira 1 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted December 20, 2019 Author Share Posted December 20, 2019 7 minutes ago, win32 said: The Encrypting File System (efsadu.dll) only exists in XP Pro and higher. wer.dll and mpr.dll are red herrings though; dependency walker always whines about them. You won't need them. But I think 2003 SP1's kernel32.dll is adaptable to XP. Anyone know of an update that contains it? I have Windows XP Home. Link to comment Share on other sites More sharing options...
NojusK Posted December 20, 2019 Share Posted December 20, 2019 I was able to patch this using Alky applications 1 Link to comment Share on other sites More sharing options...
Recommended Posts