D:\projects\ProcessHacker2\bin\Release64\ProcessHacker.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8d3baa366c9e7ee41ca8e2e0ba42b840_NeikiAnalytics.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
8d3baa366c9e7ee41ca8e2e0ba42b840_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
8d3baa366c9e7ee41ca8e2e0ba42b840_NeikiAnalytics.exe
-
Size
1.6MB
-
MD5
8d3baa366c9e7ee41ca8e2e0ba42b840
-
SHA1
f06e5a6ef216a323ea990c470aec1d074c99e184
-
SHA256
19de1e6aee236899de63130082f7c3047195b39c9e995080e65bdf1dbc18e6a3
-
SHA512
68b37b24c3938d6c53df5661fbc661bf1edbd69317fc151b7b554ce8a7da68ecbb7dc94ccafd909470ba38594d847c345e9b62bb100411561a67e30ccabec909
-
SSDEEP
24576:zOqy1D0aL8UQx5329OdOjkXRltmU0mof9ps2ghVOAqB:zOqY/FQx529OdOSlQzmof9O2gn9G
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8d3baa366c9e7ee41ca8e2e0ba42b840_NeikiAnalytics.exe
Files
-
8d3baa366c9e7ee41ca8e2e0ba42b840_NeikiAnalytics.exe.exe windows:5 windows x64 arch:x64
833bee7b681cf0117201b5d5231275fe
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntdll
NtAllocateVirtualMemory
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlFreeHeap
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlInterlockedPopEntrySList
RtlUnicodeToMultiByteSize
RtlInterlockedPushEntrySList
RtlReAllocateHeap
RtlAllocateHeap
RtlRaiseStatus
RtlSubAuthorityCountSid
RtlIdentifierAuthoritySid
NtDebugActiveProcess
NtCreateDebugObject
NtCreateJobObject
NtPowerInformation
NtIsProcessInJob
RtlTimeToSecondsSince1980
RtlQueryDepthSList
RtlSecondsSince1980ToTime
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCreatePort
NtCompleteConnectPort
RtlLengthRequiredSid
NtRequestWaitReplyPort
NtConnectPort
NtDeleteValueKey
NtResetEvent
NtQueryMutant
NtSetLowEventPair
NtPulseEvent
NtQuerySemaphore
NtSetHighEventPair
NtQueryEvent
NtQueryTimer
NtQuerySection
NtCancelTimer
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlSecondsSince1970ToTime
RtlDestroyHeap
NtProtectVirtualMemory
NtSetSystemInformation
NtCreateMutant
NtTerminateJobObject
NtAssignProcessToJobObject
RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
RtlInitializeCriticalSection
NtQueryPerformanceCounter
RtlDeleteCriticalSection
RtlSetHeapInformation
RtlQueryEnvironmentVariable_U
RtlGUIDFromString
RtlDetermineDosPathNameType_U
NtWaitForMultipleObjects
NtInitiatePowerAction
NtDelayExecution
NtSetInformationDebugObject
NtRemoveProcessDebug
LdrLoadDll
LdrGetProcedureAddress
LdrUnloadDll
RtlCreateSecurityDescriptor
RtlCreateProcessParameters
RtlGetFullPathName_U
NtFilterToken
NtQueryValueKey
NtDuplicateToken
RtlInitializeSid
RtlRandomEx
RtlDestroyProcessParameters
RtlFreeUnicodeString
RtlAddAccessAllowedAce
RtlFindMessage
RtlSetDaclSecurityDescriptor
RtlCreateAcl
RtlAddAce
NtQueryAttributesFile
RtlCreateUserProcess
RtlExpandEnvironmentStrings_U
RtlStringFromGUID
RtlGetAce
RtlGetOwnerSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlLengthSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetSaclSecurityDescriptor
NtReleaseKeyedEvent
RtlLeaveCriticalSection
NtWaitForKeyedEvent
NtCreateKeyedEvent
RtlEnterCriticalSection
NtSetTimer
NtAlertThread
NtCreateTimer
RtlCreateUserThread
NtSuspendThread
NtAdjustPrivilegesToken
NtOpenProcess
NtGetContextThread
NtQueryInformationJobObject
NtQueryVirtualMemory
NtOpenProcessToken
NtSetInformationProcess
NtOpenDirectoryObject
NtReadVirtualMemory
NtResumeProcess
RtlPrefixUnicodeString
NtQueryDirectoryObject
NtOpenSection
NtSetInformationToken
NtOpenThread
NtSetInformationThread
NtQueryDirectoryFile
RtlEqualUnicodeString
NtQuerySymbolicLinkObject
NtCreateKey
NtOpenSymbolicLinkObject
NtOpenThreadToken
NtWriteVirtualMemory
NtTerminateProcess
NtUnloadDriver
NtOpenKey
NtSetContextThread
NtSuspendProcess
RtlMultiByteToUnicodeN
RtlUpcaseUnicodeChar
RtlValidSid
RtlNtStatusToDosError
NtAddAtom
NtResumeThread
RtlSubAuthoritySid
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlLengthSid
RtlConvertSidToUnicodeString
RtlDoesFileExists_U
NtDeleteKey
NtSetValueKey
NtSetInformationObject
NtDeviceIoControlFile
RtlDosPathNameToNtPathName_U
NtReadFile
NtOpenFile
RtlFreeAnsiString
NtFlushBuffersFile
NtCreateFile
NtUnlockFile
NtQueryInformationFile
RtlUnicodeStringToAnsiString
NtFsControlFile
NtLockFile
NtWriteFile
NtDuplicateObject
NtQueryObject
NtSetSecurityObject
NtCreateEvent
NtQueryInformationProcess
NtQueryInformationThread
NtTerminateThread
NtQuerySecurityObject
NtSetEvent
NtQueryInformationToken
RtlGetVersion
NtQuerySystemInformation
RtlCreateHeap
NtCreateSection
NtUnmapViewOfSection
NtSetInformationFile
NtMapViewOfSection
NtCreateSemaphore
NtClose
NtWaitForSingleObject
NtReleaseSemaphore
NtFreeVirtualMemory
winsta
WinStationConnectW
WinStationDisconnect
WinStationRegisterConsoleNotification
WinStationReset
WinStationFreeMemory
WinStationQueryInformationW
WinStationFreeGAPMemory
WinStationGetAllProcesses
WinStationShadow
WinStationSendMessageW
WinStationEnumerateW
comctl32
ImageList_SetImageCount
InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
ImageList_Remove
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Replace
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
kernel32
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsFree
GetStartupInfoW
WideCharToMultiByte
GetStdHandle
GetFileType
GetModuleHandleExW
AreFileApisANSI
CloseHandle
GetProcessHeap
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapReAlloc
UnhandledExceptionFilter
LCMapStringW
Sleep
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
SetConsoleCtrlHandler
MulDiv
SetProcessShutdownParameters
FreeLibrary
GetThreadPriority
GetComputerNameW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
GetACP
SetEndOfFile
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
HeapFree
HeapAlloc
GetCommandLineA
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetCPInfo
GetConsoleWindow
FreeConsole
AllocConsole
FileTimeToLocalFileTime
FileTimeToSystemTime
SetThreadPriority
SetLastError
GetNumberFormatW
GetTimeFormatW
GetSystemDirectoryW
GetUserDefaultLangID
CreateProcessW
SearchPathW
GetDateFormatW
GetSystemDefaultLangID
LocalFree
LocalAlloc
TlsAlloc
TlsSetValue
TlsGetValue
CreateRemoteThread
GetLastError
ExitThread
ExitProcess
DeleteFiber
GetTickCount
ConvertThreadToFiber
GlobalSize
GlobalFree
GetProcAddress
GlobalUnlock
LoadLibraryW
GlobalAlloc
GetModuleHandleW
GetLocaleInfoW
GlobalLock
CreateThread
FlushFileBuffers
LoadLibraryExW
SetStdHandle
OutputDebugStringW
ReadFile
ReadConsoleW
WriteConsoleW
HeapSize
CreateFileW
user32
DeleteMenu
EnableWindow
LockWorkStation
ExitWindowsEx
DialogBoxParamW
IsIconic
GetSystemMenu
IsWindowVisible
SetMenuDefaultItem
CreateDialogParamW
SetForegroundWindow
PostMessageW
SetDlgItemInt
SendMessageTimeoutW
IsDialogMessageW
LoadAcceleratorsW
FindWindowW
IsChild
GetMessageW
TranslateAcceleratorW
BringWindowToTop
DrawMenuBar
SetLayeredWindowAttributes
AppendMenuW
GetMenu
ShowWindowAsync
PostQuitMessage
CreateIconIndirect
IsWindowEnabled
GetDlgItemInt
GetGuiResources
IsHungAppWindow
OpenWindowStationW
GetUserObjectInformationW
CloseDesktop
EnumDesktopsW
OpenDesktopW
GetProcessWindowStation
CloseWindowStation
CreateDialogIndirectParamW
EnumWindows
MapDialogRect
DestroyIcon
SetWindowTextW
ClientToScreen
GetWindowPlacement
FindWindowExW
GetClassNameW
MonitorFromRect
GetDlgItem
SetMenuInfo
GetWindowThreadProcessId
DefWindowProcW
SetWindowLongPtrW
InvalidateRect
RegisterClassExW
BeginPaint
GetClientRect
GetWindowLongPtrW
LoadCursorW
TrackMouseEvent
EndPaint
SendMessageW
RegisterClipboardFormatW
DestroyMenu
GetMenuItemCount
CreatePopupMenu
LoadMenuW
InsertMenuItemW
GetMenuItemInfoW
GetSubMenu
TrackPopupMenu
CallWindowProcW
GetPropW
SetWindowPos
SetPropW
RemovePropW
SetCursor
CreateWindowExW
FrameRect
GetCursorPos
ReleaseDC
GetDCEx
GetDC
GetParent
DrawTextW
FillRect
ScreenToClient
DestroyWindow
SetMenuItemInfoW
EndDeferWindowPos
SetClipboardData
MapWindowPoints
BeginDeferWindowPos
DeferWindowPos
OpenClipboard
EmptyClipboard
EnableMenuItem
GetWindowTextW
LoadIconW
LoadImageW
GetWindowRect
CloseClipboard
GetWindowTextLengthW
SetScrollInfo
SetCaretPos
ReleaseCapture
CreateCaret
EnableScrollBar
GetSysColor
DestroyCaret
RedrawWindow
SetScrollPos
SystemParametersInfoW
GetClipboardData
GetScrollInfo
DragDetect
PtInRect
ShowCaret
SetFocus
GetKeyState
SetCapture
GetIconInfo
DrawIconEx
DispatchMessageW
MoveWindow
GetMonitorInfoW
MessageBoxW
MonitorFromWindow
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetMessagePos
GetMessageTime
UpdateWindow
GetSystemMetrics
ScrollWindowEx
IsWindow
GetSysColorBrush
ShowWindow
SetCursorPos
GetAsyncKeyState
DrawFocusRect
GetCapture
GetUpdateRect
WaitMessage
MessageBeep
InvalidateRgn
KillTimer
SetTimer
GetUpdateRgn
SetDlgItemTextW
EndDialog
gdi32
SetDCBrushColor
DeleteObject
Polyline
GdiAlphaBlend
CreateCompatibleDC
SetBkMode
CreateDIBSection
Polygon
DeleteDC
SetTextColor
GetTextExtentPoint32W
BitBlt
TextOutW
CreateFontW
CreateCompatibleBitmap
SelectObject
GetCharWidthW
GetDIBits
RestoreDC
IntersectClipRect
CreateRectRgn
SaveDC
CombineRgn
SetBoundsRect
ExcludeClipRect
CreateFontIndirectW
GetTextMetricsW
GetClipRgn
GetObjectW
GetDeviceCaps
Rectangle
SetDCPenColor
GetStockObject
SetBkColor
SelectClipRgn
comdlg32
GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
ChooseFontW
advapi32
LsaOpenPolicy
LsaEnumerateAccounts
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
ChangeServiceConfigW
LsaAddAccountRights
EnumServicesStatusExW
QueryServiceConfigW
ChangeServiceConfig2W
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW
ControlService
LsaLookupSids
QueryServiceConfig2W
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaClose
LsaLookupPrivilegeName
LsaFreeMemory
GetSecurityInfo
SetSecurityInfo
CreateProcessWithLogonW
LogonUserW
LsaEnumeratePrivilegesOfAccount
CreateProcessAsUserW
LsaOpenAccount
shell32
Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteExW
ExtractIconExW
SHGetFileInfoW
DuplicateIcon
SHCreateDirectoryExW
ole32
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
oleaut32
SysFreeString
Exports
Exports
KphCaptureStackBackTraceThread
KphConnect
KphConnect2
KphConnect2Ex
KphDisconnect
KphDuplicateObject
KphEnumerateProcessHandles
KphGetContextThread
KphGetFeatures
KphInstall
KphInstallEx
KphIsConnected
KphOpenDriver
KphOpenProcess
KphOpenProcessJob
KphOpenProcessToken
KphOpenThread
KphOpenThreadProcess
KphQueryInformationDriver
KphQueryInformationObject
KphQueryInformationProcess
KphQueryInformationThread
KphReadVirtualMemory
KphReadVirtualMemoryUnsafe
KphResumeProcess
KphSetContextThread
KphSetInformationObject
KphSetInformationProcess
KphSetInformationThread
KphSetParameters
KphSuspendProcess
KphTerminateProcess
KphTerminateThread
KphTerminateThreadUnsafe
KphUninstall
KphWriteVirtualMemory
PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsList
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplicationName
PhApplyTreeNewFilters
PhBoostProvider
PhBufferToHexString
PhCenterRectangle
PhCenterWindow
PhCheckSumMappedImage
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_SIZE_T
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareUnicodeStringZIgnoreMenuPrefix
PhCompareUnicodeStringZNatural
PhConcatStringRef2
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhCopyAnsiStringZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_SIZE_T
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyUnicodeStringZ
PhCopyUnicodeStringZFromAnsi
PhCreateAlloc
PhCreateAnsiString
PhCreateAnsiStringEx
PhCreateAnsiStringFromUnicode
PhCreateAnsiStringFromUnicodeEx
PhCreateDsObjectPickerDialog
PhCreateEMenu
PhCreateEMenuItem
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHandle
PhCreateHandleTable
PhCreateHashtable
PhCreateKey
PhCreateList
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateStringFromAnsi
PhCreateStringFromAnsiEx
PhCreateSymbolProvider
PhCreateThread
PhCurrentSessionId
PhCurrentTokenQueryHandle
PhDeleteAutoPool
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_SIZE_T
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteProviderThread
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDestroyHandle
PhDestroyHandleTable
PhDisconnectNamedPipe
PhDoPropPageLayout
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraph
PhDrawGraphDirect
PhDuplicateAnsiStringZ
PhDuplicateAnsiStringZSafe
PhDuplicateObject
PhDuplicateUnicodeStringZ
PhEditSecurity
PhElevated
PhElevationType
PhEllipsisString
PhEllipsisStringPath
PhEnableAllMenuItems
PhEnableMenuItem
PhEnumAvlTree
PhEnumCsrProcessHandles
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandleTable
PhEnumHandles
PhEnumHandlesEx
PhEnumHashtable
PhEnumHiddenProcesses
PhEnumKernelModules
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessHandles
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindElementAvlTree2
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeDsObjectPickerDialog
PhFreeDsObjectPickerObjects
PhFreeFileDialog
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseName
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDllFileName
PhGetDrawInfoGraphBuffers
PhGetDriverServiceKeyName
PhGetEnabledProvider
PhGetEnlistmentBasicInformation
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetMappedArchiveImportEntry
PhGetMappedImageDataEntry
PhGetMappedImageDelayImports
PhGetMappedImageExportEntry
PhGetMappedImageExportFunction
PhGetMappedImageExportFunctionRemote
PhGetMappedImageExports
PhGetMappedImageImportDll
PhGetMappedImageImportEntry
PhGetMappedImageImports
PhGetMappedImageLoadConfig32
PhGetMappedImageLoadConfig64
PhGetMappedImageSectionName
PhGetMemoryProtectionString
PhGetMemoryStateString
PhGetMemoryTypeString
PhGetMessage
PhGetModuleFromAddress
PhGetNextMappedArchiveMember
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetPhVersion
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddressRemote
PhGetProcessDepStatus
PhGetProcessEnvironment
PhGetProcessExecuteFlags
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsPosix
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPosixCommandLine
PhGetProcessPriorityClassString
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetResourceManagerBasicInformation
PhGetRunIdProvider
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadContext
PhGetThreadPriorityWin32String
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTransactionBasicInformation
PhGetTransactionManagerBasicInformation
PhGetTransactionManagerLogFileName
PhGetTransactionPropertiesInformation
PhGetTreeNewText
PhGetWin32Message
PhGetWindowText
PhGraphStateGetDrawInfo
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHeapHandle
PhHexStringToBuffer
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_SIZE_T
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeMappedArchive
PhInitializeMappedImage
PhInitializeProviderThread
PhInitializeStringBuilder
PhInitializeTreeNewColumnMenu
PhInitializeWorkQueue
PhInjectDllProcess
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvalidateAllProcessNodes
PhInvokeCallback
PhIsExecutablePacked
PhIsMappedArchiveMemberShortFormat
PhKphFeatures
PhLayoutManagerLayout
PhLibImageBase
PhListenNamedPipe
PhLoadListViewColumnSettings
PhLoadListViewColumnsFromSetting
PhLoadMappedArchive
PhLoadMappedImage
PhLoadModuleSymbolProvider
PhLoadResourceEMenuItem
PhLoadSymbolProviderOptions
PhLoadWindowPlacementFromSetting
PhLocalTimeToSystemTime
PhLockFileStream
PhLockHandleTableEntry
PhLog2
PhLogMessageEntry
PhLoggedCallback
PhLookupHandleTableEntry
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMapViewOfEntireFile
PhMappedImageRvaToSection
PhMappedImageRvaToVa
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhNetworkItemAddedEvent
PhNetworkItemModifiedEvent
PhNetworkItemRemovedEvent
PhNetworkItemsUpdatedEvent
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenDriverByBaseAddress
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenProcessByCsrHandle
PhOpenProcessByCsrHandles
PhOpenProcessToken
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOpenThreadToken
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPluginAddMenuItem
PhPluginAddTreeNewColumn
Sections
.text Size: 899KB - Virtual size: 898KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 216KB - Virtual size: 215KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 31KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 456KB - Virtual size: 456KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ