simpleunlocker_release[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

simpleunlocker_release.rar
Size

16.6MB
MD5

e6377501a82d5af5af9fb757d8f1bab5
SHA1

e363763754892246b9d20969244788d973a3352e
SHA256

fa8232858774f5f2fc17a3008e431957809b4b0ffee95bd5eb7132fddf4ea879
SHA512

503aa295c6e194d6b3f2b4def2792f7874a2549c406a9e135014f936c104222df5682ed63b03e1c6b897a8a8a8d7b3ca926084b4dd0926d288590907aa461809
SSDEEP

393216:NQAc6hA0Sclb/SCP/EAc9Ngzzctvv+qKOFLUTwIH2c9WrsXfSfBZVy7fob:NQ6sE/379za3+ZOFUrsqSnVysb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/avz.exe	upx

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/simpleunlocker_release/simpleunlocker_release/SU.exe
unpack001/simpleunlocker_release/simpleunlocker_release/bin/AntiGDI.dll
unpack001/simpleunlocker_release/simpleunlocker_release/bin/AntiGDI_Injector.exe
unpack001/simpleunlocker_release/simpleunlocker_release/bin/EasyHook.dll
unpack001/simpleunlocker_release/simpleunlocker_release/bin/EasyHook32.dll
unpack001/simpleunlocker_release/simpleunlocker_release/bin/EasyHook32Svc.exe
unpack001/simpleunlocker_release/simpleunlocker_release/bin/EasyHook64.dll
unpack001/simpleunlocker_release/simpleunlocker_release/bin/EasyHook64Svc.exe
unpack001/simpleunlocker_release/simpleunlocker_release/bin/EasyLoad32.dll
unpack001/simpleunlocker_release/simpleunlocker_release/bin/EasyLoad64.dll
unpack001/simpleunlocker_release/simpleunlocker_release/bin/su_updater.exe
unpack001/simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/avz.exe
unpack002/out.upx

Files

simpleunlocker_release.rar
.rar
simpleunlocker_release/simpleunlocker_release/ReadMe.txt
simpleunlocker_release/simpleunlocker_release/SU.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 806KB - Virtual size: 806KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 407KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/bin/AntiGDI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

R:\Програмирование\Мои проекты\SimpleUnlocker (c0d9d by DesConnet)\v1 (Recode)\src\AntiGDI\obj\Release\AntiGDI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/bin/AntiGDI_Injector.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

R:\Програмирование\Мои проекты\SimpleUnlocker (c0d9d by DesConnet)\v1 (Recode)\src\AntiGDI_Injector\obj\Release\AntiGDI_Injector.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/bin/EasyHook.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\easyhook\EasyHook\obj\netfx4-Release\EasyHook.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/bin/EasyHook32.dll
.dll windows:6 windows x86 arch:x86

0c2609288fcba4a8350c2130643a83bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\easyhook\Build\netfx4-Release\x86\EasyHook32.pdb

Imports

psapi

EnumProcessModules
GetModuleInformation

kernel32

TlsFree
GetCurrentThreadId
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
CloseHandle
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetThreadContext
SetThreadContext
WaitForSingleObject
OpenProcess
Thread32First
ReadProcessMemory
Thread32Next
VirtualAllocEx
OpenThread
CreateEventW
CreateToolhelp32Snapshot
DuplicateHandle
TlsAlloc
SuspendThread
ResumeThread
TlsGetValue
CreateProcessW
CreateRemoteThread
TlsSetValue
WideCharToMultiByte
TerminateProcess
lstrlenW
SetLastError
GetExitCodeThread
Module32FirstW
WaitForMultipleObjects
Module32NextW
GetCurrentProcessId
FatalAppExitW
GetModuleFileNameW
CreateFileW
HeapAlloc
HeapFree
IsBadReadPtr
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
InterlockedExchange
GetVersionExW
VirtualQuery
SetStdHandle
OutputDebugStringW
LoadLibraryA
HeapCreate
HeapDestroy
FreeLibrary
WriteConsoleW
SetEndOfFile
WriteProcessMemory
LCMapStringW
EncodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
GetFileType
GetStartupInfoW
GetProcessHeap
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
RtlUnwind
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
HeapReAlloc
LoadLibraryExW
ReadFile
ReadConsoleW
GetStringTypeW

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
OpenProcessToken

ole32

CoTaskMemAlloc
CoTaskMemFree

shlwapi

PathQuoteSpacesW

Exports

Exports

?GetRemoteModuleExportDirectory@@YGHPAXPAUHINSTANCE__@@PAU_IMAGE_EXPORT_DIRECTORY@@U_IMAGE_DOS_HEADER@@U_IMAGE_NT_HEADERS@@@Z
_DbgAttachDebugger@0
_DbgDetachDebugger@0
_DbgGetProcessIdByHandle@8
_DbgGetThreadIdByHandle@8
_DbgHandleToObjectName@16
_DbgIsAvailable@0
_DbgIsEnabled@0
_GacCreateContext@0
_GacInstallAssembly@16
_GacReleaseContext@4
_GacUninstallAssembly@16
_HookCompleteInjection@4
_LhBarrierBeginStackTrace@4
_LhBarrierCallStackTrace@12
_LhBarrierEndStackTrace@4
_LhBarrierGetAddressOfReturnAddress@4
_LhBarrierGetCallback@4
_LhBarrierGetCallingModule@4
_LhBarrierGetReturnAddress@4
_LhBarrierPointerToModule@8
_LhEnumModules@12
_LhGetHookBypassAddress@8
_LhInstallHook@16
_LhIsThreadIntercepted@12
_LhSetExclusiveACL@12
_LhSetGlobalExclusiveACL@8
_LhSetGlobalInclusiveACL@8
_LhSetInclusiveACL@12
_LhUninstallAllHooks@0
_LhUninstallHook@4
_LhUpdateModuleInformation@0
_LhWaitForPendingRemovals@0
_ReleaseTestFuncHookResults@8
_RhCreateAndInject@36
_RhCreateStealthRemoteThread@16
_RhGetProcessToken@8
_RhInjectLibrary@28
_RhInstallDriver@8
_RhInstallSupportDriver@0
_RhIsAdministrator@0
_RhIsX64Process@8
_RhIsX64System@0
_RhWakeUpProcess@0
_RtlCreateSuspendedProcess@20
_RtlGetLastError@0
_RtlGetLastErrorString@0
_RtlGetLastErrorStringCopy@0
_RtlInstallService@12
_TestFuncHooks@24

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/bin/EasyHook32Svc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\projects\easyhook\EasyHookSvc\obj\x86\netfx4-Release\EasyHookSvc.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/bin/EasyHook64.dll
.dll windows:6 windows x64 arch:x64

4d117d78b1518e2a9eee4e20c8ed50c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\easyhook\Build\netfx4-Release\x64\EasyHook64.pdb

Imports

psapi

EnumProcessModules
GetModuleInformation

kernel32

TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
LoadLibraryW
GetCurrentProcessId
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
GetModuleHandleW
GetModuleHandleA
CloseHandle
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetThreadContext
SetThreadContext
WaitForSingleObject
OpenProcess
Thread32First
ReadProcessMemory
Thread32Next
VirtualAllocEx
OpenThread
TlsAlloc
CreateToolhelp32Snapshot
DuplicateHandle
WriteProcessMemory
SuspendThread
ResumeThread
TlsGetValue
CreateProcessW
CreateRemoteThread
TlsSetValue
WideCharToMultiByte
TerminateProcess
lstrlenW
SetLastError
GetExitCodeThread
Module32FirstW
WaitForMultipleObjects
Module32NextW
FatalAppExitW
GetModuleFileNameW
CreateFileW
HeapAlloc
HeapFree
IsBadReadPtr
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
GetVersionExW
SetEndOfFile
LoadLibraryA
HeapCreate
HeapDestroy
FreeLibrary
CreateEventW
RtlPcToFileHeader
WriteConsoleW
SetStdHandle
OutputDebugStringW
LCMapStringW
EncodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
RtlUnwindEx
GetStdHandle
GetFileType
GetStartupInfoW
GetProcessHeap
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
HeapReAlloc
LoadLibraryExW
ReadFile
ReadConsoleW
GetStringTypeW

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
OpenProcessToken

ole32

CoTaskMemFree
CoTaskMemAlloc

shlwapi

PathQuoteSpacesW

Exports

Exports

?GetRemoteModuleExportDirectory@@YAHPEAXPEAUHINSTANCE__@@PEAU_IMAGE_EXPORT_DIRECTORY@@U_IMAGE_DOS_HEADER@@U_IMAGE_NT_HEADERS64@@@Z
DbgAttachDebugger
DbgDetachDebugger
DbgGetProcessIdByHandle
DbgGetThreadIdByHandle
DbgHandleToObjectName
DbgIsAvailable
DbgIsEnabled
GacCreateContext
GacInstallAssembly
GacReleaseContext
GacUninstallAssembly
HookCompleteInjection
LhBarrierBeginStackTrace
LhBarrierCallStackTrace
LhBarrierEndStackTrace
LhBarrierGetAddressOfReturnAddress
LhBarrierGetCallback
LhBarrierGetCallingModule
LhBarrierGetReturnAddress
LhBarrierPointerToModule
LhEnumModules
LhGetHookBypassAddress
LhInstallHook
LhIsThreadIntercepted
LhSetExclusiveACL
LhSetGlobalExclusiveACL
LhSetGlobalInclusiveACL
LhSetInclusiveACL
LhUninstallAllHooks
LhUninstallHook
LhUpdateModuleInformation
LhWaitForPendingRemovals
ReleaseTestFuncHookResults
RhCreateAndInject
RhCreateStealthRemoteThread
RhGetProcessToken
RhInjectLibrary
RhInstallDriver
RhInstallSupportDriver
RhIsAdministrator
RhIsX64Process
RhIsX64System
RhWakeUpProcess
RtlCreateSuspendedProcess
RtlGetLastError
RtlGetLastErrorString
RtlGetLastErrorStringCopy
RtlInstallService
TestFuncHooks

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/bin/EasyHook64Svc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\projects\easyhook\EasyHookSvc\obj\netfx4-Release\EasyHookSvc.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/bin/EasyLoad32.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Exports

Exports

Close
Load

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/bin/EasyLoad64.dll
.dll windows:4 windows x64 arch:x64

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Exports

Exports

Close
Load

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 103B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/bin/su_updater.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/software.ini
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/ProcessHacker.sig
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/gew48rre.exe
.exe windows:5 windows x64 arch:x64

3695333c60dedecdcaff1590409aa462

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:d2:9e:0f:da:7b:5d:e5:f9:b1:55:33:a5:84:a2:3e:61:8a:33:28:9f:56:8e:f2:d2:82:c8:65:2c:11:1a:44
Signer

Actual PE Digest

aa:d2:9e:0f:da:7b:5d:e5:f9:b1:55:33:a5:84:a2:3e:61:8a:33:28:9f:56:8e:f2:d2:82:c8:65:2c:11:1a:44

Digest Algorithm

sha256

PE Digest Matches

false

b4:ab:c6:64:cf:ee:32:e4:f0:23:7b:dc:3e:86:6e:ce:7a:e1:08:50
Signer

Actual PE Digest

b4:ab:c6:64:cf:ee:32:e4:f0:23:7b:dc:3e:86:6e:ce:7a:e1:08:50

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\processhacker2\bin\Release64\ProcessHacker.pdb

Imports

ntdll

NtCreateTimer
NtAlertThread
NtSetTimer
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
NtCreateSemaphore
NtQueryObject
NtClearEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlGetVersion
NtDeviceIoControlFile
NtSetInformationObject
NtQueryFullAttributesFile
NtOpenFile
NtQuerySecurityObject
NtOpenSection
NtQueryDirectoryFile
NtCreateFile
NtCreateKey
RtlCreateUserThread
NtQueryDirectoryObject
NtFsControlFile
NtOpenDirectoryObject
RtlPrefixUnicodeString
NtSetSecurityObject
NtOpenProcess
NtQuerySymbolicLinkObject
RtlConvertSidToUnicodeString
NtOpenKey
NtQueueApcThread
NtUnloadDriver
RtlEqualUnicodeString
NtOpenSymbolicLinkObject
RtlQueueApcWow64Thread
NtOpenThread
NtDeleteKey
NtQueryKey
NtQueryValueKey
LdrLoadDll
LdrUnloadDll
LdrGetProcedureAddress
NtGetContextThread
NtQueryInformationFile
NtFlushBuffersFile
NtLockFile
NtUnlockFile
RtlInterlockedPopEntrySList
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
NtAllocateVirtualMemory
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteN
RtlExpandEnvironmentStrings_U
RtlGetDaclSecurityDescriptor
RtlCreateUserProcess
RtlNtStatusToDosError
RtlCreateProcessParameters
NtFilterToken
RtlStringFromGUID
RtlFindMessage
NtQueryAttributesFile
RtlAddAce
RtlDestroyProcessParameters
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlGetAce
RtlRandomEx
NtDuplicateToken
RtlGetFullPathName_U
NtSetInformationToken
NtPowerInformation
NtTestAlert
NtOpenThreadToken
RtlTimeToSecondsSince1980
RtlEqualSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlFirstEntrySList
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
RtlAbsoluteToSelfRelativeSD
RtlLengthSid
NtCreateSection
NtQueryMutant
NtSuspendThread
NtQueryInformationProcess
NtRemoveProcessDebug
NtTerminateThread
NtResumeProcess
NtReleaseSemaphore
NtSetHighEventPair
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlSecondsSince1970ToTime
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
NtSetInformationFile
NtQueryInformationToken
NtCreateMutant
NtOpenProcessToken
NtAdjustPrivilegesToken
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtMapViewOfSection
NtQuerySection
RtlSetHeapInformation
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlQueryEnvironmentVariable_U
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
NtSetValueKey
RtlDetermineDosPathNameType_U
NtDeleteValueKey
NtAddAtom
RtlGUIDFromString
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtDelayExecution
NtSetInformationThread
NtFreeVirtualMemory

winsta

WinStationSendMessageW
WinStationShadow
WinStationGetAllProcesses
WinStationFreeGAPMemory
WinStationRegisterConsoleNotification
WinStationQueryInformationW
WinStationFreeMemory
WinStationEnumerateW
WinStationReset
WinStationDisconnect
WinStationConnectW

comctl32

PropertySheetW
InitCommonControlsEx
CreatePropertySheetPageW
ImageList_Remove
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ImageList_Replace

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

uxtheme

IsThemeActive
GetThemeInt
SetWindowTheme
CloseThemeData
DrawThemeBackground
OpenThemeData
IsThemePartDefined
EnableThemeDialogTexture

kernel32

GetProcAddress
GetModuleHandleW
CreatePipe
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateProcessW
SetConsoleCtrlHandler
FreeConsole
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
GetACP
GetStdHandle
WriteFile
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
IsValidCodePage
GetOEMCP
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
CreateFileW
GetConsoleCP
GetConsoleMode
GlobalSize
LocalAlloc
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
GlobalFree
GlobalAlloc
LockResource
SizeofResource
CreateRemoteThread
CreateThread
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
WriteConsoleW
GetSystemDefaultLangID
GetSystemDirectoryW
GetLocaleInfoW
GetUserDefaultLangID
SearchPathW
LocalFree
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
ExitProcess
SetErrorMode
GetTickCount
AllocConsole
GetConsoleWindow
SetFilePointerEx
FlushFileBuffers
ReadFile
ReadConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
GetLastError

user32

SetClipboardData
GetDesktopWindow
CreateDialogIndirectParamW
GetWindowTextW
InternalGetWindowText
EmptyClipboard
CloseClipboard
OpenClipboard
GetActiveWindow
GetFocus
GetWindowLongW
DestroyMenu
TrackPopupMenu
CreatePopupMenu
InsertMenuItemW
EndPaint
BeginPaint
ReleaseCapture
PtInRect
SetScrollPos
ShowCaret
EnableScrollBar
SetCapture
DestroyCaret
DragDetect
GetClipboardData
CreateCaret
SetCaretPos
GetScrollInfo
RegisterClipboardFormatW
SetScrollInfo
GetDCEx
ScreenToClient
SetCursorPos
ScrollWindowEx
GetUpdateRect
GetMessageTime
DrawFocusRect
GetCapture
GetAsyncKeyState
InvalidateRgn
WaitMessage
MessageBeep
GetMessagePos
GetUpdateRgn
GetIconInfo
FrameRect
DialogBoxParamW
SetDlgItemTextW
EndDialog
LockWorkStation
ExitWindowsEx
SendMessageW
IsWindowVisible
EnableWindow
GetParent
GetDlgItem
SetPropW
IsWindowEnabled
RemovePropW
GetPropW
GetClassNameW
GetWindowThreadProcessId
IsIconic
InvalidateRect
SetForegroundWindow
GetClientRect
FindWindowW
SetLayeredWindowAttributes
MoveWindow
ClientToScreen
GetMonitorInfoW
GetWindowInfo
RedrawWindow
ShowWindow
GetSubMenu
GetWindowPlacement
GetWindowLongPtrW
SetWindowLongPtrW
GetMenuItemCount
MonitorFromRect
SetWindowPos
GetMenu
FindWindowExW
PostMessageW
GetKeyState
GetMenuItemInfoW
MapWindowPoints
SetWindowTextW
GetWindowRect
MapDialogRect
DestroyIcon
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
SetCursor
LoadCursorW
CreateDialogParamW
GetSysColorBrush
GetSysColor
CopyIcon
SetDlgItemInt
SetTimer
DestroyWindow
ReleaseDC
SystemParametersInfoW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
DispatchMessageW
LoadAcceleratorsW
GetSystemMetrics
GetDC
SendMessageTimeoutW
GetMessageW
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
AppendMenuW
EndDeferWindowPos
DrawMenuBar
LoadIconW
SetFocus
SetMenuInfo
SetMenuItemInfoW
BeginDeferWindowPos
IsWindow
RegisterClassExW
CreateWindowExW
ShowWindowAsync
LoadMenuW
DefWindowProcW
DeferWindowPos
GetCursorPos
DrawIconEx
DrawTextW
TrackMouseEvent
IsHungAppWindow
SetActiveWindow
MonitorFromWindow
MonitorFromPoint
CallWindowProcW
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
FillRect
GetDlgItemInt
GetGuiResources
GetWindowTextLengthW
OpenWindowStationW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
CloseWindowStation
EnumDesktopsW
GetGUIThreadInfo
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW

gdi32

GetDIBits
SaveDC
TextOutW
GetCharWidthW
Rectangle
SetBkMode
BitBlt
DeleteDC
CreateDIBSection
SetBoundsRect
GetStockObject
Polyline
SetDCBrushColor
SetDCPenColor
SelectObject
GetTextMetricsW
GetTextExtentPoint32W
GetTextColor
DeleteObject
CreateFontW
GetDeviceCaps
SetTextColor
SetBkColor
GetObjectW
CreateFontIndirectW
CreateRectRgn
SelectClipRgn
ExcludeClipRect
RestoreDC
CombineRgn
IntersectClipRect
GdiAlphaBlend
CreateCompatibleDC
CreateCompatibleBitmap
GetClipRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
ChooseColorW

advapi32

SystemFunction036
SetSecurityInfo
LsaLookupSids
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaOpenPolicy
LsaLookupPrivilegeName
EnumServicesStatusExW
QueryServiceConfigW
CreateProcessWithLogonW
LsaOpenAccount
LsaEnumeratePrivilegesOfAccount
LogonUserW
CreateProcessAsUserW
QueryServiceConfig2W
OpenServiceW
RegisterServiceCtrlHandlerExW
LsaEnumerateAccounts
LsaFreeMemory
SetServiceStatus
StartServiceCtrlDispatcherW
CreateServiceW
OpenSCManagerW
ChangeServiceConfig2W
ChangeServiceConfigW
LsaAddAccountRights
LsaClose
CloseServiceHandle
DeleteService
ControlService
StartServiceW
GetSecurityInfo

shell32

DuplicateIcon
SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
ExtractIconExW

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

Exports

Exports

PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateEMenu
PhCreateEMenuItem
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateKey
PhCreateList
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhDecodeUnicodeDecoder
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDoPropPageLayout
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseName
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDllFileName
PhGetDrawInfoGraphBuffers
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetMessage
PhGetModuleFromAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPhVersion
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginInformation
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPriorityClassString
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetScalableIntegerPairSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHashBytes
PhHashStringRef
PhHeapHandle
PhHexStringToBuffer
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeStringBuilder
PhInitializeTreeNewColumnMenu
PhInitializeTreeNewFilterSupport
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInjectDllProcess
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvalidateAllProcessNodes
PhInvokeCallback
PhIsExecutablePacked
PhIsExecutingInWow64
PhLayoutManagerLayout
PhLibImageBase
PhListenNamedPipe
PhLoadIcon
PhLoadListViewColumnSettings
PhLoadListViewColumnsFromSetting
PhLoadModuleSymbolProvider
PhLoadResourceEMenuItem
PhLoadSymbolProviderOptions
PhLoadWindowPlacementFromSetting
PhLocalTimeToSystemTime
PhLockFileStream
PhLogMessageEntry
PhLoggedCallback
PhLookupMemoryItemList
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhLowerBoundElementAvlTree
PhLowerDualBoundElementAvlTree
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhModalPropertySheet
PhModifyEMenuItem
PhNetworkItemAddedEvent
PhNetworkItemModifiedEvent
PhNetworkItemRemovedEvent
PhNetworkItemsUpdatedEvent
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPluginAddMenuHook
PhPluginAddMenuItem
PhPluginAddTreeNewColumn
PhPluginCallPhSvc
PhPluginCreateEMenuItem
PhPluginEnableTreeNewNotify
PhPluginGetObjectExtension
PhPluginGetSystemStatistics
PhPluginQueryPhSvc
PhPluginRegisterIcon
PhPluginReserveIds
PhPluginSetObjectExtension
PhPredecessorElementAvlTree
PhPrintTimeSpan
PhProcessAddedEvent
PhProcessModifiedEvent
PhProcessRemovedEvent
PhProcessesUpdatedEvent
PhPropPageDlgProcDestroy
PhPropPageDlgProcHeader
PhQueryFullAttributesFileWin32
PhQueryKey
PhQueryMemoryItemList
PhQueryRegistryString
PhQueryServiceVariableSize
PhQuerySystemTime
PhQueryTimeZoneBias
PhQueryValueKey
PhQueueItemWorkQueue
PhQueueItemWorkQueueEx
PhReAllocate
PhReAllocateSafe
PhReadFileStream
PhReferenceEmptyString
PhReferenceNetworkItem
PhReferenceObject
PhReferenceObjectEx
PhReferenceObjectSafe
PhReferenceObjects
PhReferenceProcessItem
PhReferenceProcessItemForParent
PhReferenceProcessItemForRecord
PhReferenceProcessRecord
PhReferenceProcessRecordForStatistics
PhReferenceProcessRecordSafe
PhReferenceServiceItem
PhRegisterCallback
PhRegisterCallbackEx
PhRegisterDialog
PhRegisterMessageLoopFilter
PhRegisterPlugin
PhRemoveAllEMenuItems
PhRemoveEMenuItem
PhRemoveElementAvlTree
PhRemoveEntryHashtable
PhRemoveItemArray
PhRemoveItemList
PhRemoveItemPointerList

Sections

.text
Size: 1023KB - Virtual size: 1023KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/kprocesshacker.sys
.sys windows:6 windows x64 arch:x64

3905de10e3379fd2be8de512a33433a3

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:e2:a5:6c:15:92:ff:0e:95:1b:45:2c:0d:e0:64:eb:a0:5b:7c:98:e3:ad:d0:4c:8a:a3:b4:a8:4e:b7:97:a5
Signer

Actual PE Digest

4e:e2:a5:6c:15:92:ff:0e:95:1b:45:2c:0d:e0:64:eb:a0:5b:7c:98:e3:ad:d0:4c:8a:a3:b4:a8:4e:b7:97:a5

Digest Algorithm

sha256

PE Digest Matches

true

c2:b8:c1:b3:4f:09:a9:1e:fe:19:6f:64:6e:f7:f9:a1:11:90:fb:8e
Signer

Actual PE Digest

c2:b8:c1:b3:4f:09:a9:1e:fe:19:6f:64:6e:f7:f9:a1:11:90:fb:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\projects\processhacker2\kprocesshacker\bin\amd64\kprocesshacker.pdb

Imports

ntoskrnl.exe

SePrivilegeCheck
ZwOpenKey
ProbeForRead
RtlGetVersion
PsProcessType
ObOpenObjectByName
ObGetObjectType
PsReleaseProcessExitSynchronization
ZwQueryObject
RtlEqualUnicodeString
KeUnstackDetachProcess
ExEnumHandleTable
ObQueryNameString
IoFileObjectType
IoDriverObjectType
ExfUnblockPushLock
ObReferenceObjectByHandle
PsAcquireProcessExitSynchronization
PsInitialSystemProcess
ObSetHandleAttributes
ZwQueryInformationProcess
ObfDereferenceObject
ExAllocatePoolWithQuotaTag
ZwQueryInformationThread
ObOpenObjectByPointer
KeStackAttachProcess
PsLookupProcessByProcessId
PsJobType
PsReferencePrimaryToken
SeTokenObjectType
IoCreateDevice
PsGetProcessJob
PsLookupProcessThreadByCid
ZwTerminateProcess
PsDereferencePrimaryToken
IoThreadToProcess
RtlWalkFrameChain
KeInitializeApc
KeSetEvent
KeInsertQueueApc
KeWaitForSingleObject
PsThreadType
PsLookupThreadByThreadId
ZwQuerySystemInformation
ZwQueryVirtualMemory
ExReleaseFastMutex
ExAcquireFastMutex
ZwReadFile
MmHighestUserAddress
SeLocateProcessImageName
KeDelayExecutionThread
ZwCreateFile
RtlRandomEx
ZwQueryInformationFile
MmUnmapLockedPages
ExRaiseStatus
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
MmUnlockPages
MmIsAddressValid
KeBugCheckEx
PsGetCurrentProcessId
IofCompleteRequest
ZwClose
ZwQueryValueKey
KeInitializeEvent
ProbeForWrite
IoDeleteDevice
RtlInitUnicodeString
ExFreePoolWithTag
IoGetCurrentProcess
ExAllocatePoolWithTag
__C_specific_handler

ksecdd.sys

BCryptCreateHash
BCryptDestroyKey
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptVerifySignature
BCryptFinishHash
BCryptHashData
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/peview.exe
.exe windows:5 windows x64 arch:x64

c79e8e2893e86218fc71412598f61209

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:f2:7d:9e:d8:b6:a3:b2:06:54:33:86:12:c1:5b:30:f2:48:51:de:6d:67:2e:be:9e:6f:09:45:a7:18:2e:95
Signer

Actual PE Digest

92:f2:7d:9e:d8:b6:a3:b2:06:54:33:86:12:c1:5b:30:f2:48:51:de:6d:67:2e:be:9e:6f:09:45:a7:18:2e:95

Digest Algorithm

sha256

PE Digest Matches

true

37:21:29:3d:d3:ab:8a:e6:86:2f:eb:46:10:ad:54:e5:f4:37:36:22
Signer

Actual PE Digest

37:21:29:3d:d3:ab:8a:e6:86:2f:eb:46:10:ad:54:e5:f4:37:36:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\processhacker2\bin\Release64\peview.pdb

Imports

ntdll

NtCreateFile
RtlRaiseStatus
RtlInterlockedPushEntrySList
RtlInitializeSListHead
NtQueryInformationFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
NtSetEvent
NtCreateEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
NtReleaseSemaphore
NtCreateSemaphore
NtSetInformationThread
NtMapViewOfSection
NtCreateSection
RtlCreateHeap
RtlGetVersion
NtQuerySystemInformation
NtAddAtom
LdrGetProcedureAddress
NtWaitForSingleObject
RtlNtStatusToDosError
RtlFindMessage
NtClose
RtlDosPathNameToNtPathName_U
NtUnmapViewOfSection
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlSecondsSince1970ToTime

uxtheme

SetWindowTheme
EnableThemeDialogTexture

kernel32

GetOEMCP
IsValidCodePage
GetCPInfo
GetFileType
HeapAlloc
HeapFree
GetModuleHandleExW
WideCharToMultiByte
WriteFile
GetStdHandle
GetACP
MultiByteToWideChar
GetStringTypeW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
IsValidLocale
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
ExitProcess
SetLastError
GlobalUnlock
GlobalLock
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
RaiseException
CreateFileW
InitializeCriticalSectionAndSpinCount
GlobalFree
GlobalAlloc
GetDateFormatW
GetModuleHandleW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsSetValue
TlsAlloc
TlsGetValue
CreateThread
GetUserDefaultLangID
GetLocaleInfoW
GetSystemDefaultLangID
GetLastError
LoadLibraryW
GetProcAddress

user32

GetWindowLongPtrW
RemovePropW
SetPropW
CallWindowProcW
SetCursor
GetPropW
GetParent
GetDlgItem
SendMessageW
ReleaseDC
GetDC
GetKeyState
SetDlgItemTextW
ShowWindow
SetWindowLongPtrW
PostMessageW
MoveWindow
GetMonitorInfoW
MonitorFromWindow
MessageBoxW
GetWindowRect
InvalidateRect
GetClientRect
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowPos

gdi32

SelectObject
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SystemFunction036

shell32

SHGetFileInfoW
SHGetFolderPathW
ExtractIconExW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

comctl32

CreatePropertySheetPageW
PropertySheetW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/plugins/DotNetTools.dll
.dll windows:5 windows x64 arch:x64

c3f8d8cddba6c99a5f0f2ab21f6f89f6

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:d1:3b:7e:d5:8e:62:ea:4f:24:d2:32:52:43:00:ee:a3:ed:be:ad:33:dd:5d:6f:de:3e:a1:9b:cf:da:a9:76
Signer

Actual PE Digest

18:d1:3b:7e:d5:8e:62:ea:4f:24:d2:32:52:43:00:ee:a3:ed:be:ad:33:dd:5d:6f:de:3e:a1:9b:cf:da:a9:76

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\DotNetTools.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

PhfWakeForReleaseQueuedLock
PhRemoveItemSimpleHashtable
PhAddItemSimpleHashtable
PhPluginQueryPhSvc
PhPluginCallPhSvc
PhPluginGetObjectExtension
PhPluginAddTreeNewColumn
PhUiDisconnectFromPhSvc
PhUiConnectToPhSvcEx
PhFindItemSimpleHashtable
PhfAcquireQueuedLockExclusive
PhCreateSimpleHashtable
PhFormatToBuffer
PhFormatSize
PhSetListViewSubItem
PhAddListViewColumn
PhLoadListViewColumnsFromSetting
PhUnregisterCallback
PhSaveListViewColumnsToSetting
PhAddPropPageLayoutItem
PhHandleListViewNotifyForCopy
PhAddListViewItem
PhAddComboBoxStrings
PhSetIntegerSetting
PhGetIntegerSetting
PhFormatUInt64
PhGetProcessIsDotNet
PhAddSettings
PhGetGeneralCallback
PhPluginSetObjectExtension
PhRegisterCallback
PhRegisterPlugin
PhGetPluginCallback
PhSetFlagsEMenuItem
PhGetProcessIsSuspended
PhDereferenceObject
PhAppendStringBuilder2
PhShowMessage
PhEnumProcesses
PhCreateProcessPropPageContextEx
WindowsVersion
PhFormatString_V
PhAutoDereferenceObject
PhEnumProcessModules
PhGetSystemRoot
PhOpenProcess
PhfEndInitOnce
ProcessQueryAccess
PhOpenThread
PhConcatStringRef2
PhEnumProcessModules32
PhfBeginInitOnce
PhFindLastCharInStringRef
PhCreateList
PhCreateString
PhGetTreeNewText
PhSetControlTheme
PhFormatString
PhAllocate
PhCreateThread
PhFindProcessInformation
PhLoadResourceEMenuItem
PhCountStringZ
PhInitializeStringBuilder
PhCmLoadSettings
PhPropPageDlgProcHeader
PhCompareStringRef
PhConcatStrings2
PhCreateEMenu
PhAddItemList
PhGetWin32Message
PhShellExploreFile
PhGetStringSetting
PhSetClipboardString
PhGetProcessIsDotNetEx
PhSetStringSetting2
PhSplitStringRefAtChar
PhAddProcessPropPage
PhRemoveStringBuilder
PhCreateStringEx
PhPropPageDlgProcDestroy
PhDoPropPageLayout
PhFinalStringBuilderString
PhShowEMenu
PhDestroyEMenu
PhFree
PhConcatStrings
PhCmSaveSettings
PhReferenceObject

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtMapViewOfSection
NtOpenSection
NtUnmapViewOfSection
RtlFreeSid
NtDuplicateObject
NtQueryInformationToken
RtlAllocateAndInitializeSid
NtReleaseMutant
NtOpenProcessToken
RtlNtStatusToDosError
NtReadVirtualMemory
NtQueryInformationProcess
RtlEqualUnicodeString
LdrGetProcedureAddress
NtGetContextThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtClose
LdrGetDllHandle

kernel32

IsValidCodePage
LCMapStringW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
GetACP
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsFree
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
RaiseException

user32

GetKeyState
PostMessageW
SendMessageW
IsWindow
GetDlgItem
InvalidateRect

advapi32

SystemFunction036
ControlTraceW
CloseTrace
ProcessTrace
StartTraceW
OpenTraceW

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/plugins/ExtendedNotifications.dll
.dll windows:5 windows x64 arch:x64

acd7837a0f8690fa4b5ada849f2560b0

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:82:37:af:a7:21:13:1c:c7:61:7c:30:ee:46:fb:f5:86:34:2a:d2:85:14:18:36:38:8c:60:c0:b5:1a:83:d5
Signer

Actual PE Digest

e8:82:37:af:a7:21:13:1c:c7:61:7c:30:ee:46:fb:f5:86:34:2a:d2:85:14:18:36:38:8c:60:c0:b5:1a:83:d5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ExtendedNotifications.pdb

Imports

processhacker.exe

PhCreateSaveFileDialog
PhRegisterCallback
PhAutoDereferenceObject
PhFormatLogEntry
PhWriteStringFormatAsUtf8FileStream
PhCreateFileStream
PhGetStringSetting
PhLoggedCallback
PhFree
PhAllocateSafe
PhReferenceProcessItemForParent
PhCreateList
PhFreeFileDialog
PhAllocate
PhShowFileDialog
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhInsertItemList
PhClearList
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhSetFileDialogFilter
PhAddItemList
PhAddSettings
PhRemoveItemList
PhGetFileDialogFileName
PhSetFileDialogFileName
PhGetGeneralCallback
PhFormatDateTime
PhSetStringSetting2
PhGetGlobalWorkQueue
PhQueueItemWorkQueue
PhFinalStringBuilderString
PhFormatString_V
PhSetIntegerSetting
PhAppendCharStringBuilder
PhMatchWildcards
PhGetIntegerSetting
PhRegisterPlugin
PhReferenceObject
PhAppendStringBuilderEx
PhGetPluginCallback
PhDeleteStringBuilder
PhGetFileName
PhConvertUtf8ToUtf16
PhDereferenceObject
PhFindCharInStringRef
PhModalPropertySheet
PhDuplicateBytesZSafe

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx

user32

SendMessageW
SetWindowLongPtrW
EnableWindow
GetParent
GetDlgItem
SetDlgItemTextW

comctl32

ord412
ord410
ord413
CreatePropertySheetPageW

kernel32

HeapSize
WriteConsoleW
FlushFileBuffers
CreateFileW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapReAlloc
GetConsoleCP
WriteFile
SetStdHandle
GetACP
CloseHandle
LCMapStringW
GetFileType
GetStdHandle
GetConsoleMode
SetFilePointerEx
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

advapi32

SystemFunction036

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/plugins/ExtendedServices.dll
.dll windows:5 windows x64 arch:x64

8077acd95550e90db0afd6fb1689e912

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:c6:d2:e6:47:62:90:08:e5:8a:72:2f:24:20:8c:fa:c2:6c:56:a6:72:47:7b:f2:16:70:b8:40:56:4b:c3:2f
Signer

Actual PE Digest

0e:c6:d2:e6:47:62:90:08:e5:8a:72:2f:24:20:8c:fa:c2:6c:56:a6:72:47:7b:f2:16:70:b8:40:56:4b:c3:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ExtendedServices.pdb

Imports

processhacker.exe

PhQueryRegistryString
PhReAllocate
PhFinalStringBuilderString
PhReferenceEmptyString
PhDeleteAutoPool
PhInitializeAutoPool
PhGetSelectedListViewItemParam
PhClearList
PhFormatString
PhConcatStringRef2
PhAppendStringBuilderEx
PhCreateAlloc
PhOpenKey
PhCreateString
PhFreeFileDialog
PhShowFileDialog
PhSetFileDialogFilter
PhCreateOpenFileDialog
PhGetComboBoxString
PhCreateServiceListControl
PhGetFileDialogFileName
PhSetFileDialogFileName
PhCenterWindow
PhaChoiceDialog
PhGetNtMessage
PhSetListViewSubItem
PhLookupPrivilegeDisplayName
PhSetControlTheme
PhQueryServiceVariableSize
PhDereferenceObjects
PhFindIntegerSiKeyValuePairs
PhEqualStringRef
PhSelectComboBoxString
PhSetExtendedListView
PhInitializeStringBuilder
PhGetWindowText
PhAddListViewColumn
PhRemoveItemList
PhSidToStringSid
PhRemoveListViewItem
PhUiDisconnectFromPhSvc
PhUiConnectToPhSvc
PhCreateStringEx
PhGetListViewItemParam
PhFindItemList
PhFindStringSiKeyValuePairs
PhAddListViewItem
PhSvcCallChangeServiceConfig2
PhAddComboBoxStrings
PhAppendCharStringBuilder
PhDeleteStringBuilder
PhNtStatusToDosError
PhOpenLsaPolicy
PhShowMessage
PhAppendStringBuilder
PhDereferenceObject
PhGetOwnTokenAttributes
PhSetIntegerSetting
PhMainWndHandle
PhInsertEMenuItem
PhUiContinueService
PhUiStopService
PhfReleaseQueuedLockShared
PhEscapeStringForMenuPrefix
PhPluginCreateEMenuItem
PhCompareStringRef
PhFindEMenuItem
PhDestroyEMenuItem
PhAddSettings
WindowsVersion
PhShowStatus
PhGetGeneralCallback
PhfAcquireQueuedLockShared
PhIndexOfEMenuItem
PhFormatString_V
PhRegisterCallback
PhGetIntegerSetting
PhUiStartService
PhRegisterPlugin
PhReferenceObject
PhGetPluginCallback
PhUiPauseService
PhCreateList
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhOpenService
PhCountStringZ
PhConcatStrings2
PhAddItemList
PhGetWin32Message
PhReferenceServiceItem
PhGetServiceConfig
PhAddLayoutItem
PhAutoDereferenceObject
PhFree
PhLayoutManagerLayout
PhFormatGuid

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
NtClose
NtEnumerateKey
RtlGUIDFromString
RtlUnwindEx
RtlCaptureContext

kernel32

HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
HeapAlloc
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
GetComputerNameW
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError
WriteConsoleW
CreateFileW
RaiseException
IsValidCodePage

user32

DialogBoxParamW
SetPropW
MoveWindow
MapWindowPoints
IsWindowEnabled
GetWindowTextLengthW
GetWindowLongPtrW
SetTimer
GetParent
SetWindowLongPtrW
GetDlgItemInt
SetDlgItemInt
EnableWindow
EndDialog
GetDlgItem
SendMessageW
GetWindowRect
GetPropW
RemovePropW
ShowWindow
SetDlgItemTextW

advapi32

SystemFunction036
CloseServiceHandle
LsaEnumeratePrivileges
LsaClose
QueryServiceConfig2W
ChangeServiceConfig2W
LsaFreeMemory
QueryServiceStatus
EnumDependentServicesW

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/plugins/ExtendedTools.dll
.dll windows:5 windows x64 arch:x64

9d757d0f8f00e9133c716e8e21d6b1b0

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:fb:f7:93:ea:ca:63:85:bc:18:c6:65:cf:d4:0f:5f:96:9b:53:7f:7e:82:32:92:d4:5b:b4:97:0a:2f:4b:cc
Signer

Actual PE Digest

b9:fb:f7:93:ea:ca:63:85:bc:18:c6:65:cf:d4:0f:5f:96:9b:53:7f:7e:82:32:92:d4:5b:b4:97:0a:2f:4b:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ExtendedTools.pdb

Imports

processhacker.exe

PhDeleteCircularBuffer_FLOAT
PhCreateProcessPropPageContextEx
PhSetGraphText
PhDoPropPageLayout
PhPropPageDlgProcDestroy
PhAddProcessPropPage
PhAddLayoutItemEx
PhGlobalDpi
PhDeleteCircularBuffer_ULONG
PhSiSetColorsGraphDrawInfo
PhPropPageDlgProcHeader
PhPrintTimeSpan
PhDivideSinglesBySingle
PhApplicationFont
PhFormatSize
PhGetStatisticsTime
PhAppendStringBuilder
PhAppendStringBuilder2
PhGetDrawInfoGraphBuffers
PhFindProcessRecord
PhFinalStringBuilderString
PhRemoveStringBuilder
PhInitializeStringBuilder
PhPluginRegisterIcon
PhDrawGraphDirect
PhfBeginInitOnce
PhPluginAddTreeNewColumn
PhfEndInitOnce
PhPluginEnableTreeNewNotify
PhNetworkItemsUpdatedEvent
PhEnumProcesses
PhFindNetworkNode
PhReferenceNetworkItem
PhInitializeCircularBuffer_ULONG64
PhSiSizeLabelYFunction
PhDeleteCircularBuffer_ULONG64
PhInitializeGraphState
PhGetPluginCallback
PhRegisterPlugin
PhIndexOfEMenuItem
PhPluginSetObjectExtension
PhGetGeneralCallback
PhAddSettings
PhPluginCreateEMenuItem
PhInsertEMenuItem
PhCreateServiceListControl
PhShowStatus
PhReferenceServiceItem
PhCreateSymbolProvider
PhCreateAlloc
PhEnumGenericModules
PhLoadSymbolProviderOptions
PhGetSymbolFromAddress
PhOpenProcess
PhLoadModuleSymbolProvider
PhOpenThread
PhShowConfirmMessage
PhFormatDateTime
PhAddListViewItem
PhHandleListViewNotifyForCopy
PhAllocateSafe
PhAddListViewColumn
PhSetExtendedListView
PhSetListViewSubItem
PhCopyStringZ
PhFindListViewItemByParam
PhFindItemSimpleHashtable
PhQueueItemWorkQueue
PhGetGlobalWorkQueue
PhGetBaseName
PhSystemBasicInformation
PhGetModuleFromAddress
PhAddItemSimpleHashtable
PhAddPropPageLayoutItem
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhCopyCircularBuffer_FLOAT
PhAddLayoutItem
PhCenterWindow
PhLayoutManagerLayout
PhGetStatisticsTimeString
PhBufferToHexString
PhCountStringZ
PhInitializeCircularBuffer_ULONG
PhHexStringToBuffer
PhSetIntegerSetting
PhInitializeCircularBuffer_FLOAT
PhReferenceProcessRecordForStatistics
PhFormatString
PhFormatString_V
PhCreateThread
WindowsVersion
PhHashStringRef
PhfReleaseQueuedLockShared
PhCreateObjectType
PhEqualStringRef
PhAddEntryHashtableEx
PhfWakeForReleaseQueuedLock
PhInvokeCallback
PhAllocateFromFreeList
PhfAcquireQueuedLockShared
PhInitializeFreeList
PhDereferenceProcessRecord
PhCreateObject
PhReferenceProcessItem
PhGetFileName
PhfAcquireQueuedLockExclusive
PhFreeToFreeList
PhProcessesUpdatedEvent
PhReferenceProcessRecord
PhCreateSimpleHashtable
PhAddEntryHashtable
PhGetStockApplicationIcon
PhMainWndHandle
PhCreateList
PhShellProcessHacker
PhCreateString
PhGetTreeNewText
PhShowProcessRecordDialog
PhFormat
PhInitializeTreeNewFilterSupport
PhSetControlTheme
PhAllocate
PhFindProcessNode
PhLoadResourceEMenuItem
PhSetIntegerPairSetting
PhRemoveEntryHashtable
PhSetFlagsAllEMenuItems
PhCmLoadSettings
PhCompareStringRef
PhDeleteTreeNewColumnMenu
PhFindEMenuItem
PhCreateEMenu
PhGetPluginInformation
PhAddItemList
PhReferenceProcessItemForRecord
PhShellExploreFile
PhGetStringSetting
PhHandleTreeNewColumnMenu
PhInitializeTreeNewColumnMenu
PhRemoveItemList
PhSetClipboardString
PhAddTreeNewFilter
PhApplyTreeNewFiltersToNode
PhGetIntegerPairSetting
PhCreateHashtable
PhFindPlugin
PhSetStringSetting2
PhFormatUInt64
PhInitializeLayoutManager
PhUnregisterCallback
PhDeleteLayoutManager
PhCreateStringEx
PhApplyTreeNewFilters
PhFindItemList
PhShowEMenu
PhAutoDereferenceObject
PhRegisterCallback
PhSelectAndEnsureVisibleProcessNode
PhGetIntegerSetting
PhDestroyEMenu
PhFree
PhCmSaveSettings
PhReferenceObject
PhWriteStringAsUtf8FileStream
PhShowMessage
PhGetGenericTreeNewLines
PhShellProperties
PhDereferenceObject
PhGetOwnTokenAttributes
PhWriteStringAsUtf8FileStream2
PhFindEntryHashtable
PhPluginGetObjectExtension
PhSetFlagsEMenuItem

ntdll

NtAlpcQueryInformation
RtlInterlockedPushEntrySList
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationProcess
NtQueryInformationProcess
RtlGetUnloadEventTraceEx
NtReadVirtualMemory
RtlSecondsSince1970ToTime
NtCancelSynchronousIoFile
NtDuplicateObject
RtlUnwindEx
NtQueryInformationWorkerFactory
RtlClearAllBits
RtlSetBits
RtlNumberOfSetBits
RtlInitializeBitMap
LdrGetDllHandle
LdrGetProcedureAddress
NtClose
RtlInterlockedFlushSList
NtQueryPerformanceCounter
RtlInitializeSListHead

kernel32

GetLastError
RaiseException
GetSystemTimeAsFileTime
GetSystemInfo
IsDebuggerPresent
GetStartupInfoW
VirtualProtect
VirtualQuery
GetModuleFileNameW
FreeLibrary
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleW
LocalFree
GetProcAddress
Sleep
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
GetCurrentThreadId

user32

InvalidateRect
GetSysColorBrush
GetDlgItem
SetCursor
LoadCursorW
SetTimer
EnableWindow
MoveWindow
CopyIcon
DestroyIcon
DestroyWindow
GetPropW
RemovePropW
SetPropW
DeferWindowPos
GetWindowRect
SetWindowPos
EndDialog
GetSystemMetrics
BeginDeferWindowPos
MapWindowPoints
EndDeferWindowPos
MapDialogRect
GetClientRect
GetParent
DialogBoxParamW
CreateDialogParamW
GetKeyState
PostMessageW
CreateWindowExW
SendMessageW
ShowWindow
SetDlgItemTextW
SetFocus

gdi32

SelectObject
SetBkMode

advapi32

SystemFunction036
StartTraceW
OpenTraceW
ControlTraceW
EnableTraceEx
CloseTrace
ProcessTrace

ole32

CoCreateInstance

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/plugins/HardwareDevices.dll
.dll windows:5 windows x64 arch:x64

119abb51b3de6c8e65225ee81e503143

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:cc:af:aa:0c:e9:3b:13:cb:33:66:28:b5:60:42:62:f7:62:68:a1:6c:43:40:48:f6:48:0d:33:e2:b9:8c:e7
Signer

Actual PE Digest

f1:cc:af:aa:0c:e9:3b:13:cb:33:66:28:b5:60:42:62:f7:62:68:a1:6c:43:40:48:f6:48:0d:33:e2:b9:8c:e7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\HardwareDevices.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

PhReAllocate
PhSystemBasicInformation
PhDereferenceObject
PhfAcquireQueuedLockExclusive
PhReferenceObject
PhCreateObject
PhGetIntegerSetting
PhFindItemList
PhReferenceObjectSafe
PhfAcquireQueuedLockShared
PhInitializeCircularBuffer_ULONG64
PhRemoveItemList
WindowsVersion
PhAddItemList
PhGetOwnTokenAttributes
PhStringToInteger64
PhConcatStrings_V
PhCreateFileWin32
PhInsertEMenuItem
PhTrimStringRef
PhCreateEMenuItem
PhCreateEMenu
PhfWakeForReleaseQueuedLock
PhCountStringZ
PhCreateObjectType
PhfReleaseQueuedLockShared
PhDeleteCircularBuffer_ULONG64
PhCreateString
PhDereferenceObjectDeferDelete
PhCreateList
PhConvertMultiByteToUtf16
PhModalPropertySheet
PhFormatUInt64
PhLayoutManagerLayout
PhFree
PhCenterWindow
PhFormatDateTime
PhAutoDereferenceObject
PhFormatString_V
PhAddListViewItem
PhAddLayoutItem
PhCreateStringEx
PhAddListViewColumn
PhGetSelectedListViewItemParam
PhSetExtendedListView
PhCreateThread
PhAllocate
PhAddSettings
PhGetGeneralCallback
PhShowEMenu
PhDestroyEMenu
PhRegisterPlugin
PhSetControlTheme
PhSetListViewSubItem
PhDeleteLayoutManager
PhBufferToHexString
PhGetPluginCallback
PhQueryValueKey
PhEqualStringRef
PhFindListViewItemByFlags
PhGetStringSetting
PhSetStringSetting2
PhSplitStringRefAtChar
PhGetListViewItemParam
PhFormatString
PhDivideSinglesBySingle
PhInitializeGraphState
PhConcatStrings2
PhSiSizeLabelYFunction
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhGetDrawInfoGraphBuffers
PhGetStatisticsTimeString
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhUnregisterCallback
PhRemoveStringBuilder
PhDrainAutoPool
PhFinalStringBuilderString
PhRegisterCallback
PhQueryRegistryString
PhInitializeAutoPool
PhConcatStringRef2
PhDeleteStringBuilder
PhProcessesUpdatedEvent
PhOpenKey
PhMainWndHandle
PhFormatSize
PhInitializeLayoutManager

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
NtQueryVolumeInformationFile
NtFsControlFile
NtQueryInformationProcess
NtDeviceIoControlFile
RtlGUIDFromString
LdrGetProcedureAddress
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
NtClose
RtlVirtualUnwind
RtlUnwindEx

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
CloseHandle
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW
CreateFileW
HeapAlloc
GetLogicalDrives
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime

user32

DefWindowProcW
SetDlgItemTextW
GetParent
GetDlgItem
EnableWindow
GetCursorPos
CreateWindowExW
InvalidateRect
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
TranslateMessage
PostQuitMessage
SetForegroundWindow
IsIconic
RemovePropW
GetPropW
SendMessageW
SetPropW

comctl32

ord413
ord410
ord412
CreatePropertySheetPageW

advapi32

SystemFunction036

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/plugins/NetworkTools.dll
.dll windows:5 windows x64 arch:x64

708b686e80e093711f38091d787a01bd

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:4e:bf:30:7a:53:ea:24:c3:9a:27:62:54:01:bc:37:2d:a9:d7:d9:4e:11:84:11:6f:97:3c:e4:cb:dc:3f:9d
Signer

Actual PE Digest

ad:4e:bf:30:7a:53:ea:24:c3:9a:27:62:54:01:bc:37:2d:a9:d7:d9:4e:11:84:11:6f:97:3c:e4:cb:dc:3f:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\NetworkTools.pdb

Imports

processhacker.exe

WindowsVersion
PhReAllocate
PhCreateProcessWin32Ex
PhFormatString
PhApplicationFont
PhDivideSinglesBySingle
PhInitializeGraphState
PhInitializeCircularBuffer_ULONG
PhGetPluginCallback
PhGetPhVersion
PhSiSetColorsGraphDrawInfo
PhUnregisterCallback
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhQueueItemWorkQueue
PhDeleteWorkQueue
PhSetGraphText
PhInitializeWorkQueue
PhProcessesUpdatedEvent
PhCreateBytesEx
PhMainWndHandle
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhCreateThread
PhSaveWindowPlacementToSetting
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhTerminateProcess
PhGetIntegerPairSetting
PhLoadWindowPlacementFromSetting
PhRemoveStringBuilder
PhDrainAutoPool
PhAddLayoutItem
PhFormatString_V
PhAutoDereferenceObject
PhGetScalableIntegerPairSetting
PhAppendCharStringBuilder
PhInitializeAutoPool
PhCenterWindow
PhFree
PhDeleteStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilder
PhLayoutManagerLayout
PhDereferenceObject
PhShellExecute
PhSetIntegerSetting
PhGetIntegerSetting
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhFindEMenuItem
PhAddSettings
PhGetGeneralCallback
PhIndexOfEMenuItem
PhRegisterCallback
PhRegisterPlugin

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtReadFile
NtSetInformationObject
RtlOemStringToUnicodeString
RtlIpv6AddressToStringW
NtClose
RtlIpv4AddressToStringW
RtlFreeUnicodeString
RtlUnwindEx

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
SetLastError
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetFileType
LCMapStringW
IsValidCodePage
GetOEMCP
RaiseException
CreateFileW
CloseHandle
WriteConsoleW
MulDiv
GetStdHandle
CreatePipe
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
EnterCriticalSection

user32

SetWindowTextW
DialogBoxParamW
SetDlgItemInt
GetDlgItemInt
PostMessageW
GetDC
SetWindowLongPtrW
CreateWindowExW
GetSystemMetrics
GetWindowLongPtrW
DestroyIcon
SetDlgItemTextW
GetSysColorBrush
SystemParametersInfoW
LoadImageW
InvalidateRect
ReleaseDC
GetMessageW
CreateDialogParamW
DestroyWindow
GetPropW
SendMessageW
RemovePropW
GetDlgCtrlID
ShowWindow
DispatchMessageW
IsDialogMessageW
SetPropW
TranslateMessage
MapDialogRect
GetDlgItem
PostQuitMessage
GetParent
SetForegroundWindow
EndDialog

gdi32

SetBkColor
GetStockObject
DeleteObject
SetBkMode
GetDeviceCaps
CreateFontW
SelectObject
SetTextColor

advapi32

SystemFunction036

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/plugins/OnlineChecks.dll
.dll windows:5 windows x64 arch:x64

04815c367f41620755869bb42bd07b00

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:df:1d:91:39:3a:2d:e9:e1:1e:06:e7:99:83:c8:a8:c0:e3:04:ed:ff:4c:80:58:1a:46:dd:f2:ff:a3:59:fd
Signer

Actual PE Digest

b9:df:1d:91:39:3a:2d:e9:e1:1e:06:e7:99:83:c8:a8:c0:e3:04:ed:ff:4c:80:58:1a:46:dd:f2:ff:a3:59:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\OnlineChecks.pdb

Imports

processhacker.exe

PhMainWndHandle
PhCreateString
PhGetFileSize
PhQuerySystemTime
PhFormatSize
PhBufferToHexString
PhFormatString
PhAllocate
PhCreateThread
PhCountStringZ
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
PhGetPhVersion
WindowsVersion
PhDeleteAutoPool
PhGetBaseName
PhCreateFileWin32
PhCreateStringEx
PhDrainAutoPool
PhReAllocate
PhInitializeAutoPool
PhCenterWindow
PhConvertUtf16ToAsciiEx
PhFree
PhDeleteStringBuilder
PhZeroExtendToUtf16Ex
PhDereferenceObject
PhShellExecute
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhFindEMenuItem
PhGetGeneralCallback
PhIndexOfEMenuItem
PhRegisterCallback
PhRegisterPlugin
PhGetPluginCallback

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlNtStatusToDosError
NtClose
NtReadFile
NtSetInformationFile
RtlRandomEx
RtlCaptureContext

kernel32

GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
CreateFileW
GetLastError
MulDiv
WriteConsoleW
SetFilePointerEx
CloseHandle
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
GetACP
GetFileType
WideCharToMultiByte
HeapFree
HeapAlloc
HeapReAlloc
LCMapStringW
GetLocaleInfoW
FreeLibrary
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
IsValidLocale

user32

GetDlgCtrlID
IsIconic
SetForegroundWindow
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
GetParent
SetPropW
TranslateMessage
GetDlgItem
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
ReleaseDC

gdi32

GetDeviceCaps
SetTextColor
SetBkMode
DeleteObject
CreateFontW

advapi32

SystemFunction036
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/plugins/SbieSupport.dll
.dll windows:5 windows x64 arch:x64

72ee8e9111090fd44c3cca631502d2bb

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

97:f3:af:2c:a2:fc:99:7a:77:7d:ae:4f:15:7a:06:6f:ba:fa:84:f0:66:d0:22:fd:d6:9a:35:0d:c9:f6:3e:e8
Signer

Actual PE Digest

97:f3:af:2c:a2:fc:99:7a:77:7d:ae:4f:15:7a:06:6f:ba:fa:84:f0:66:d0:22:fd:d6:9a:35:0d:c9:f6:3e:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\SbieSupport.pdb

Imports

processhacker.exe

PhFindProcessNode
PhEnumHashtable
PhfAcquireQueuedLockExclusive
PhGetFileName
PhGetPluginCallback
PhRegisterPlugin
PhRegisterCallback
PhAutoDereferenceObject
PhUpdateProcessNode
PhSetStringSetting2
PhfAcquireQueuedLockShared
PhCreateHashtable
PhClearHashtable
PhGetGeneralCallback
PhAddEntryHashtable
PhMainWndHandle
PhInsertEMenuItem
PhShowConfirmMessage
PhfReleaseQueuedLockShared
PhOpenProcess
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhFindEntryHashtable
PhGetWindowText
PhSetFileDialogFilter
PhAppendFormatStringBuilder
PhCreateOpenFileDialog
PhfWakeForReleaseQueuedLock
PhAddSettings
PhGetStringSetting
PhGetFileDialogFileName
PhTerminateProcess
PhSetFileDialogFileName

ntdll

RtlCreateTimerQueue
LdrGetProcedureAddress
RtlCreateTimer
NtClose
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx

kernel32

RaiseException
CreateFileW
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
LoadLibraryW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
GetModuleFileNameW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection

user32

SetDlgItemTextW
EndDialog
GetDlgItem
DialogBoxParamW

advapi32

SystemFunction036

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/plugins/ToolStatus.dll
.dll windows:5 windows x64 arch:x64

eb997c25e2337a8dceb7fa463ce2b04d

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:5f:08:7b:0f:7b:52:5b:0c:f8:79:b5:5b:0a:a7:12:b9:68:76:e2:5d:64:7f:e2:e0:f0:34:fa:0b:9d:51:70
Signer

Actual PE Digest

a8:5f:08:7b:0f:7b:52:5b:0c:f8:79:b5:5b:0a:a7:12:b9:68:76:e2:5d:64:7f:e2:e0:f0:34:fa:0b:9d:51:70

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ToolStatus.pdb

Imports

uxtheme

GetThemeInt
IsThemeActive
OpenThemeData
CloseThemeData

processhacker.exe

PhSplitStringRefAtChar
PhCenterWindow
PhGlobalDpi
PhRemoveItemList
PhInsertItemList
PhAllocate
PhMainWndHandle
PhGetIntegerSetting
PhSetIntegerSetting
PhAddComboBoxStrings
WindowsVersion
PhGetStatisticsTimeString
PhGetStatisticsTime
PhDereferenceObject
PhFindProcessRecord
PhAutoDereferenceObject
PhFormatString_V
PhDereferenceProcessRecord
PhCopyCircularBuffer_FLOAT
PhGraphStateGetDrawInfo
PhDeleteGraphState
PhSiSetColorsGraphDrawInfo
PhInitializeGraphState
PhDivideSinglesBySingle
PhSystemBasicInformation
PhFormatString
PhShowProcessRecordDialog
PhFormatSize
PhDeselectAllProcessNodes
PhCreateSimpleHashtable
PhSetFlagsEMenuItem
PhCreateProcessPropContext
PhGetOwnTokenAttributes
PhShowMessage
PhCreateAlloc
PhGetPluginCallback
PhReferenceObject
PhRegisterPlugin
PhReferenceProcessItem
PhGetFilterSupportNetworkTreeList
PhDestroyEMenu
PhDeselectAllServiceNodes
PhGetFilterSupportServiceTreeList
PhRegisterCallback
PhExpandAllProcessNodes
PhShowEMenu
PhFindItemSimpleHashtable
PhApplyTreeNewFilters
PhShowProcessProperties
PhRegisterMessageLoopFilter
PhIconToBitmap
PhAddTreeNewFilter
PhReferenceEmptyString
PhLoadIcon
PhCreateString
PhQuerySystemTime
PhClearList
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhStringToInteger64
PhGetStringSetting
PhSetStringSetting2
PhRemoveStringBuilder
PhFinalStringBuilderString
PhFormatUInt64
PhCreateList
PhfReleaseQueuedLockShared
PhDereferenceObjects
PhGetServiceTypeString
PhAddItemList
PhGetProtocolTypeName
PhfAcquireQueuedLockShared
PhFree
PhGetServiceErrorControlString
PhFindStringInStringRef
PhGetServiceStateString
PhGetProcessPriorityClassString
PhGetTcpStateName
PhGetServiceStartTypeString
PhSetImageListBitmap
PhAddItemSimpleHashtable
PhInsertEMenuItem
PhGetFilterSupportProcessTreeList
PhSetSelectThreadIdProcessPropContext
PhFindProcessNode
PhPluginGetSystemStatistics
PhEqualStringRef
PhCreateEMenuItem
PhGetWindowText
PhUiTerminateProcesses
PhConcatStrings2
PhCreateEMenu
PhInvokeCallback
PhAddSettings
PhGetGeneralCallback

kernel32

HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
SetFilePointerEx
CloseHandle
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
WriteConsoleW
GetProcAddress
GetModuleHandleW
SizeofResource
FreeResource
LockResource
LoadResource
FindResourceW
CreateFileW
RaiseException
IsDebuggerPresent
GetConsoleCP

user32

EnableWindow
DialogBoxParamW
GetSysColorBrush
DestroyIcon
GetParent
GetKeyState
GetDC
OffsetRect
GetCapture
RedrawWindow
TrackMouseEvent
PtInRect
GetWindowThreadProcessId
DefWindowProcW
GetWindowRect
GetMenu
SetWindowPos
SetWindowTextW
WindowFromPoint
LoadAcceleratorsW
IsChild
MapWindowPoints
SetFocus
TranslateAcceleratorW
LoadCursorW
SetCapture
GetWindowDC
SetCursor
GetClientRect
ReleaseCapture
ReleaseDC
DrawTextW
DestroyWindow
IsWindowVisible
CreateWindowExW
ShowWindow
GetSystemMetrics
SetMenu
DrawMenuBar
InvalidateRect
GetPropW
FillRect
SendMessageW
EndDialog
RemovePropW
FrameRect
GetSysColor
SetPropW
GetDlgItem
GetCursorPos

gdi32

SetROP2
RestoreDC
Rectangle
BitBlt
SaveDC
CreateSolidBrush
CreateDIBSection
GetTextExtentPoint32W
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
SetTextColor
SetBkMode
GetObjectW
DeleteObject
CreatePen
CreateFontIndirectW

ole32

CoCreateInstance

comctl32

ord412
ImageList_SetImageCount
ord410
ord413
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_Add
ImageList_Replace

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlLookupFunctionEntry
RtlCaptureContext

advapi32

SystemFunction036

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/plugins/Updater.dll
.dll windows:5 windows x64 arch:x64

a4de2eec6f8b6d96d60cfa61bcaa6840

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:3d:e0:4a:39:d8:b0:4f:95:19:30:b3:72:cc:85:c3:24:a0:b7:37:1a:2d:c0:85:07:ad:08:81:c4:d1:92:68
Signer

Actual PE Digest

f2:3d:e0:4a:39:d8:b0:4f:95:19:30:b3:72:cc:85:c3:24:a0:b7:37:1a:2d:c0:85:07:ad:08:81:c4:d1:92:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\Updater.pdb

Imports

processhacker.exe

PhMainWndHandle
PhInitializeHash
PhQuerySystemTime
PhFormatSize
PhFinalHash
PhOpenKey
PhBufferToHexString
PhFormatString
PhfWaitForEvent
mxmlLoadString
PhIconToBitmap
PhAllocate
PhVerifyFile
PhCreateThread
PhGetFullPath
mxmlFindElement
PhEqualStringRef
PhConcatStrings2
PhFormatGuid
PhStringToInteger64
WindowsVersion
PhDeleteAutoPool
PhGetStringSetting
PhShowStatus
PhGetPhVersionNumbers
PhUpdateHash
PhSetStringSetting2
PhGenerateGuid
PhCreateFileWin32
PhSplitStringRefAtChar
PhCreateStringEx
PhDrainAutoPool
PhfSetEvent
PhFormatString_V
PhAutoDereferenceObject
PhReAllocate
PhQueryRegistryString
PhInitializeAutoPool
PhCenterWindow
PhFree
PhReferenceObject
mxmlDelete
PhDereferenceObject
PhGetOwnTokenAttributes
PhShellExecute
PhfResetEvent
PhFormatUInt64
PhSetIntegerSetting
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhAddSettings
PhReferenceEmptyString
PhGetGeneralCallback
PhRegisterCallback
PhGetIntegerSetting
PhRegisterPlugin
PhGetPluginCallback
PhConvertUtf8ToUtf16

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
NtWriteFile
NtClose
RtlUnwindEx
RtlCaptureContext

kernel32

LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetLastError
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
MultiByteToWideChar
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
HeapFree
HeapAlloc
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
TerminateProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
GetProcAddress
CreateFileW
WriteConsoleW
GetTempPathW
Sleep
GetLastError
MulDiv
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
WideCharToMultiByte

user32

EndDialog
GetDlgItem
DialogBoxParamW
GetDlgCtrlID
GetMessageW
CreateDialogParamW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
RemovePropW
GetSystemMetrics
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
DestroyIcon
PostMessageW
SetDlgItemTextW
SendDlgItemMessageW
SetPropW
TranslateMessage
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
GetParent
SetForegroundWindow
LoadImageW
IsIconic
ReleaseDC
EnableWindow
SendMessageW

gdi32

DeleteObject
SetTextColor
GetDeviceCaps
CreateFontW
SetBkMode

shell32

ShellExecuteExW
SHCreateDirectoryExW

advapi32

SystemFunction036

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/plugins/UserNotes.dll
.dll windows:5 windows x64 arch:x64

dc18317fe7617feca1007aefae7060a6

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:80:61:a0:b7:8d:b5:d0:5d:ec:68:e7:74:2e:07:71:a7:ec:7a:fb:13:8b:9a:20:72:5b:bf:d5:09:f7:09:ec
Signer

Actual PE Digest

ba:80:61:a0:b7:8d:b5:d0:5d:ec:68:e7:74:2e:07:71:a7:ec:7a:fb:13:8b:9a:20:72:5b:bf:d5:09:f7:09:ec

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\UserNotes.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

PhInvalidateAllProcessNodes
PhOpenProcess
PhPluginAddMenuHook
PhInitializeLayoutManager
PhInsertEMenuItem
PhMainWndHandle
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhInitializeStringBuilder
PhGetWindowText
PhFindEntryHashtable
PhDereferenceObject
mxmlDelete
PhEnumHashtable
mxmlNewOpaque
PhfAcquireQueuedLockExclusive
PhConvertUtf8ToUtf16
mxmlElementSetAttr
PhReferenceObject
PhFree
PhInitializeAutoPool
PhAutoDereferenceObject
PhDrainAutoPool
PhPropPageDlgProcHeader
PhCompareStringRef
PhCreateStringEx
PhCreateFileWin32
PhSetFileDialogFilter
PhFindEMenuItem
PhAppendFormatStringBuilder
PhGetPluginInformation
PhCreateOpenFileDialog
PhAddSettings
PhGetStringSetting
PhGetFileDialogFileName
PhSetFileDialogFileName
PhGetGeneralCallback
PhFindPlugin
PhSetStringSetting2
PhPluginSetObjectExtension
PhSplitStringRefAtChar
PhAddProcessPropPage
PhGetSelectedProcessItems
PhRemoveStringBuilder
PhPropPageDlgProcDestroy
PhDoPropPageLayout
PhFinalStringBuilderString
PhAddLayoutItem
PhFormatString_V
PhProcessModifiedEvent
PhRegisterCallback
ProcessQueryAccess
PhCenterWindow
PhGetSelectedProcessItem
PhConcatStringRef2
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhGetFileName
PhCreateProcessPropPageContextEx
PhExpandEnvironmentStrings
PhPluginGetObjectExtension
PhProcessesUpdatedEvent
PhLayoutManagerLayout
PhDuplicateProcessNodeList
PhAddPropPageLayoutItem
PhGetApplicationDirectory
PhIntegerToString64
mxmlSaveFd
PhHashStringRef
PhGetFileSize
mxmlNewElement
PhAllocate
PhGetFullPath
mxmlLoadFd
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhRemoveEntryHashtable
PhAddEntryHashtableEx
PhStringToInteger64
PhfWakeForReleaseQueuedLock
PhDeleteAutoPool
PhReferenceEmptyString
PhCreateHashtable
PhDeleteLayoutManager

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlDetermineDosPathNameType_U
NtQueryInformationProcess
NtClose
NtSetInformationProcess
RtlLookupFunctionEntry
RtlUnwindEx

user32

MessageBoxW
GetPropW
SetWindowLongPtrW
SendMessageW
EndDialog
SetWindowTextW
SetDlgItemTextW
SetPropW
GetDlgItem
DialogBoxParamW
EnableWindow
RemovePropW

comdlg32

ChooseColorW

shell32

SHCreateDirectoryExW

comctl32

CreatePropertySheetPageW

kernel32

SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
WriteFile
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ExitProcess
WriteConsoleW
CreateFileW
RaiseException
SetFilePointerEx

advapi32

SystemFunction036

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/ProcessHacker/x64/plugins/WindowExplorer.dll
.dll windows:5 windows x64 arch:x64

807c2a5324cd8c3d21e70814ac733d28

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:8c:eb:35:82:9e:7f:f3:23:3f:a9:5a:42:21:55:19:bc:29:dd:e7:55:f0:92:b1:e7:34:45:2e:a9:a3:f2:12
Signer

Actual PE Digest

a1:8c:eb:35:82:9e:7f:f3:23:3f:a9:5a:42:21:55:19:bc:29:dd:e7:55:f0:92:b1:e7:34:45:2e:a9:a3:f2:12

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\WindowExplorer.pdb

Imports

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryInformationProcess
NtMapViewOfSection
NtWaitForSingleObject
NtOpenSection
RtlCreateSecurityDescriptor
NtUnmapViewOfSection
RtlCreateAcl
NtCreateMutant
NtSetEvent
NtCreateEvent
NtClose
RtlAddAce
NtSetSecurityObject
NtOpenEvent
RtlSubAuthoritySid
NtReleaseMutant
NtCreateSection
RtlInitializeSid
NtResetEvent
RtlSetSaclSecurityDescriptor
NtOpenMutant

kernel32

GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetModuleHandleW
GetProcAddress
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
GetConsoleMode
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
DeleteCriticalSection

user32

GetKeyState
GetMessageW
GetClassWord
CallWindowProcW
GetMenu
MonitorFromRect
CreateWindowExW
DispatchMessageW
GetWindowInfo
GetMonitorInfoW
GetDlgCtrlID
PeekMessageW
SetDlgItemTextW
MapWindowPoints
TranslateMessage
PostThreadMessageW
GetWindowLongW
CreateDialogParamW
ShowWindowAsync
PostMessageW
FindWindowExW
DestroyWindow
IsWindowVisible
SetWindowPos
GetPropW
SetWindowLongPtrW
SendMessageW
RemovePropW
SetWindowTextW
GetWindowPlacement
ShowWindow
CloseDesktop
SetTimer
RedrawWindow
GetLayeredWindowAttributes
IsWindowEnabled
MoveWindow
SetLayeredWindowAttributes
SetPropW
EnumDesktopWindows
MapDialogRect
GetDlgItem
KillTimer
GetDesktopWindow
OpenDesktopW
SetForegroundWindow
EnableWindow
GetWindowRect
GetSystemMetrics
GetWindowDC
ReleaseDC
EnumDesktopsW
GetProcessWindowStation
GetWindowThreadProcessId
GetClassLongPtrA
CallNextHookEx
GetWindowLongPtrW
GetClassLongPtrW
UnhookWindowsHookEx
SendNotifyMessageW
GetClassNameW
SetWindowsHookExW
GetWindowLongPtrA
GetClassInfoExW
IsWindowUnicode
RegisterWindowMessageW
EnumPropsExW

gdi32

DeleteObject
RestoreDC
Rectangle
CreatePen
GetStockObject
SelectObject
SaveDC
SetROP2

advapi32

SystemFunction036

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/Uninstall tool/software.ini
simpleunlocker_release/simpleunlocker_release/othersoftware/Uninstall tool/uninstalltool_setup.exe
.exe windows:6 windows x86 arch:x86

e569e6f445d32ba23766ad67d1e3787f

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:0f:fa:00:a5:0c:fa:4e:38:9f:6b:7f:4d:93:2d:4f
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10/04/2023, 00:00

Not After

09/07/2026, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,ST=West-Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:0f:fa:00:a5:0c:fa:4e:38:9f:6b:7f:4d:93:2d:4f
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10/04/2023, 00:00

Not After

09/07/2026, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,ST=West-Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:39:fa:2a:cf:6b:83:36:4f:15:55:da:b1:11:0e:95:50:57:c1:68:5c:fc:96:5f:e7:35:ee:9f:3f:51:f3:32
Signer

Actual PE Digest

ec:39:fa:2a:cf:6b:83:36:4f:15:55:da:b1:11:0e:95:50:57:c1:68:5c:fc:96:5f:e7:35:ee:9f:3f:51:f3:32

Digest Algorithm

sha256

PE Digest Matches

true

25:c4:23:d1:b3:0e:cc:bd:a1:06:a0:92:b3:21:94:ce:0c:16:1e:8b
Signer

Actual PE Digest

25:c4:23:d1:b3:0e:cc:bd:a1:06:a0:92:b3:21:94:ce:0c:16:1e:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/backup.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/bt.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/esc.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/exc.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/extract.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/keylogger.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/krnldrv.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/lang_en.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/lang_ru.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main001.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main002.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main003.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main004.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main005.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main006.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main007.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main008.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main009.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main010.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main011.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main012.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main013.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main014.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main015.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main016.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main017.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main018.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main019.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main020.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main021.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main022.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main023.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main024.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main025.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main026.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main027.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main028.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/main029.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/net.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/neural.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/neurald.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/neurale.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/neuralm.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/par.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/ports.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/prt.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/repair.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/rootkit.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/scripts.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/scu.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/signf001.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/signf002.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/signf003.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/signf004.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/signf005.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/signf006.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/signf007.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/signf008.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/signf009.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/signfusr.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/syscheck.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/sysipu.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/tsw-auto.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/tsw.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/update.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/Base/vse_ru.avz
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/avz.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 738KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 108KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 144B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
simpleunlocker_release/simpleunlocker_release/othersoftware/avz4/software.ini

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 806KB - Virtual size: 806KB

.rsrc Size: 407KB - Virtual size: 406KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 19KB - Virtual size: 19KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 48KB - Virtual size: 48KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

0c2609288fcba4a8350c2130643a83bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

advapi32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 109KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 78KB - Virtual size: 98KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 5KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

4d117d78b1518e2a9eee4e20c8ed50c7

Headers

.text
Size: 806KB - Virtual size: 806KB

.rsrc
Size: 407KB - Virtual size: 406KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 109KB - Virtual size: 109KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 78KB - Virtual size: 98KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 85KB - Virtual size: 112KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 4KB - Virtual size: 4KB

.sdata
Size: 512B - Virtual size: 95B

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 24B

.text
Size: 4KB - Virtual size: 4KB

.sdata
Size: 512B - Virtual size: 103B

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 24B

.text
Size: 208KB - Virtual size: 207KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate