G:\dev\ProcessHacker\trunk\bin\Release64\ProcessHacker.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-05-25_a5693763f0d0eb040c3832ff2e87cbdc_ryuk.exe
Resource
win7-20240221-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-05-25_a5693763f0d0eb040c3832ff2e87cbdc_ryuk.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
2024-05-25_a5693763f0d0eb040c3832ff2e87cbdc_ryuk
-
Size
1.7MB
-
MD5
a5693763f0d0eb040c3832ff2e87cbdc
-
SHA1
4072f6492738d266175361ec13fe1087159040b6
-
SHA256
899cb28b26d06157d7d039813e85014ba6d7016a4df726c90be3473dfe8a94d4
-
SHA512
c54e605271e74315976941d1a95e59605e624be9c80d9cd91b3c0bdeee14cf20cf6e0fe21d024769f32970cd381f3a0e255a10980abcb67121f1140edfbaab39
-
SSDEEP
24576:cRDJyUD64wbk/nhu44NVtoiy08tUb68HF67tM37Vi3jdmcmWwbKZRCRCRt:cj/F/huxga8ebpH0MBi3Acm/8ggD
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-05-25_a5693763f0d0eb040c3832ff2e87cbdc_ryuk
Files
-
2024-05-25_a5693763f0d0eb040c3832ff2e87cbdc_ryuk.exe windows:5 windows x64 arch:x64
3214e1fcba9bd6a3af4893dcea7fcdd7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntdll
NtFreeVirtualMemory
RtlInitializeSListHead
RtlAllocateHeap
RtlUnicodeToMultiByteN
RtlUpcaseUnicodeChar
NtAllocateVirtualMemory
RtlReAllocateHeap
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteSize
RtlFreeHeap
RtlRaiseStatus
NtCreateDebugObject
NtCreateJobObject
NtDebugActiveProcess
NtPowerInformation
NtTestAlert
RtlTimeToSecondsSince1980
RtlSecondsSince1980ToTime
NtIsProcessInJob
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
NtCreatePort
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
NtConnectPort
NtRequestWaitReplyPort
RtlAbsoluteToSelfRelativeSD
NtQueryMutant
NtSetHighEventPair
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlSecondsSince1970ToTime
RtlDestroyHeap
NtProtectVirtualMemory
NtSetSystemInformation
NtCreateMutant
NtTerminateJobObject
NtAssignProcessToJobObject
RtlSetHeapInformation
RtlInitializeCriticalSection
RtlQueryEnvironmentVariable_U
NtQueryPerformanceCounter
RtlDeleteCriticalSection
RtlDetermineDosPathNameType_U
NtDeleteValueKey
RtlGUIDFromString
NtWaitForMultipleObjects
NtSetInformationDebugObject
NtInitiatePowerAction
NtDelayExecution
NtRemoveProcessDebug
LdrLoadDll
LdrUnloadDll
LdrGetProcedureAddress
NtQueryValueKey
RtlExpandEnvironmentStrings_U
RtlCreateUserProcess
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlCreateProcessParameters
NtFilterToken
RtlStringFromGUID
RtlFindMessage
NtQueryAttributesFile
RtlAddAccessAllowedAce
RtlAddAce
RtlDestroyProcessParameters
RtlFreeUnicodeString
RtlGetAce
RtlRandomEx
RtlSetDaclSecurityDescriptor
NtDuplicateToken
RtlInitializeSid
RtlGetFullPathName_U
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
RtlFirstEntrySList
RtlLeaveCriticalSection
NtCreateKeyedEvent
NtWaitForKeyedEvent
RtlEnterCriticalSection
NtReleaseKeyedEvent
NtCreateTimer
NtAlertThread
NtSetTimer
NtSuspendProcess
NtResumeThread
NtTerminateProcess
NtOpenSection
NtQueryDirectoryFile
NtCreateKey
NtWriteVirtualMemory
NtSetInformationProcess
NtSetContextThread
NtOpenThreadToken
NtQueryDirectoryObject
NtOpenDirectoryObject
NtReadVirtualMemory
RtlPrefixUnicodeString
NtQueryInformationJobObject
NtSetInformationThread
NtResumeProcess
NtOpenProcess
NtSetInformationToken
NtQuerySymbolicLinkObject
NtOpenKey
RtlSubAuthoritySid
NtSuspendThread
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlValidSid
RtlNtStatusToDosError
NtAddAtom
NtUnloadDriver
NtQueryVirtualMemory
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
NtOpenSymbolicLinkObject
NtGetContextThread
NtOpenThread
NtOpenProcessToken
NtAdjustPrivilegesToken
RtlLengthSid
RtlConvertSidToUnicodeString
NtSetValueKey
RtlDoesFileExists_U
NtDeviceIoControlFile
NtSetInformationObject
NtDeleteKey
NtQueryFullAttributesFile
NtOpenFile
NtCreateFile
NtQueryInformationFile
NtFsControlFile
NtFlushBuffersFile
NtLockFile
NtReadFile
RtlDosPathNameToNtPathName_U
NtUnlockFile
NtWriteFile
NtQuerySection
NtQuerySecurityObject
NtQueryObject
NtClearEvent
NtQueryInformationThread
NtSetEvent
RtlCreateUserThread
NtCreateEvent
NtDuplicateObject
NtSetSecurityObject
NtTerminateThread
NtQueryInformationProcess
RtlEqualUnicodeString
RtlCreateHeap
RtlGetVersion
NtQueryInformationToken
NtQuerySystemInformation
NtMapViewOfSection
NtUnmapViewOfSection
NtSetInformationFile
NtCreateSection
NtWaitForSingleObject
NtReleaseSemaphore
NtCreateSemaphore
NtClose
RtlInterlockedPushEntrySList
winsta
WinStationDisconnect
WinStationReset
WinStationEnumerateW
WinStationConnectW
WinStationQueryInformationW
WinStationRegisterConsoleNotification
WinStationFreeGAPMemory
WinStationGetAllProcesses
WinStationShadow
WinStationSendMessageW
WinStationFreeMemory
comctl32
InitCommonControlsEx
CreatePropertySheetPageW
ImageList_Remove
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
PropertySheetW
ImageList_Replace
ImageList_SetImageCount
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
kernel32
CreateThread
GetModuleHandleW
GetProcAddress
GetLocaleInfoW
SizeofResource
LockResource
GlobalAlloc
RaiseException
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetACP
GetStringTypeW
GetStdHandle
WriteFile
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
GetCPInfo
IsValidCodePage
GetOEMCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
CreateFileW
GetConsoleCP
GetComputerNameW
GetThreadPriority
FreeLibrary
SetProcessShutdownParameters
MulDiv
SetErrorMode
AllocConsole
GetConsoleWindow
FreeConsole
SetConsoleCtrlHandler
FileTimeToLocalFileTime
FileTimeToSystemTime
CreatePipe
SetThreadPriority
SetLastError
GetDateFormatW
SetEndOfFile
CreateProcessW
GetTimeFormatW
GetNumberFormatW
GetSystemDefaultLangID
GetSystemDirectoryW
GetUserDefaultLangID
SearchPathW
LocalFree
LocalAlloc
TlsGetValue
TlsAlloc
TlsSetValue
CreateRemoteThread
ExitProcess
GetLastError
ExitThread
GetTickCount
GlobalSize
GlobalUnlock
FindResourceW
LoadResource
LoadLibraryW
GlobalFree
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
ReadFile
ReadConsoleW
HeapSize
HeapReAlloc
GlobalLock
user32
SetForegroundWindow
FindWindowW
SetLayeredWindowAttributes
ClientToScreen
GetWindowInfo
GetWindowPlacement
IsWindowVisible
GetMenu
FindWindowExW
PostMessageW
SetWindowTextW
MapDialogRect
DestroyIcon
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
CreateDialogParamW
SetDlgItemInt
TranslateAcceleratorW
IsChild
IsDialogMessageW
LoadAcceleratorsW
SendMessageTimeoutW
AppendMenuW
DrawMenuBar
SetMenuItemInfoW
IsHungAppWindow
MonitorFromPoint
GetForegroundWindow
CreateIconIndirect
GetDlgItemInt
GetGuiResources
OpenWindowStationW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
CloseWindowStation
EnumDesktopsW
EnumWindows
GetGUIThreadInfo
ShowWindowAsync
EndPaint
BeginPaint
InvalidateRect
GetClientRect
LoadCursorW
TrackMouseEvent
RegisterClassExW
GetWindowLongPtrW
SetWindowLongPtrW
DefWindowProcW
SendMessageW
RegisterClipboardFormatW
DestroyMenu
SetMenuInfo
GetSubMenu
TrackPopupMenu
CreatePopupMenu
GetMenuItemCount
InsertMenuItemW
LoadMenuW
GetMenuItemInfoW
SetCursor
SetPropW
RemovePropW
GetPropW
SetWindowPos
CallWindowProcW
GetCursorPos
ReleaseDC
GetDCEx
GetParent
DrawTextW
FrameRect
ScreenToClient
CreateWindowExW
FillRect
GetDC
DestroyWindow
GetWindowTextW
EnableWindow
LoadImageW
CreateDialogIndirectParamW
GetDesktopWindow
PostQuitMessage
SetClipboardData
EndDeferWindowPos
LoadIconW
TranslateMessage
SetFocus
InternalGetWindowText
MapWindowPoints
EmptyClipboard
CloseClipboard
DispatchMessageW
OpenClipboard
BeginDeferWindowPos
IsWindow
GetActiveWindow
SetActiveWindow
GetFocus
GetWindowRect
DeferWindowPos
GetMessageW
GetWindowTextLengthW
GetWindowLongW
ReleaseCapture
PtInRect
SystemParametersInfoW
SetScrollPos
ShowCaret
EnableScrollBar
SetCapture
DestroyCaret
DragDetect
GetClipboardData
GetSysColor
CreateCaret
RedrawWindow
SetCaretPos
GetScrollInfo
GetKeyState
SetScrollInfo
DrawIconEx
GetIconInfo
MoveWindow
PeekMessageW
GetMonitorInfoW
MsgWaitForMultipleObjects
MonitorFromWindow
MonitorFromRect
MessageBoxW
SetCursorPos
UpdateWindow
GetSysColorBrush
KillTimer
ScrollWindowEx
GetUpdateRect
GetMessageTime
DrawFocusRect
SetTimer
GetCapture
GetAsyncKeyState
InvalidateRgn
ShowWindow
WaitMessage
MessageBeep
GetSystemMetrics
GetMessagePos
GetUpdateRgn
DialogBoxParamW
SetDlgItemTextW
EndDialog
LockWorkStation
ExitWindowsEx
GetDlgItem
IsWindowEnabled
GetClassNameW
GetWindowThreadProcessId
IsIconic
gdi32
GetTextColor
GetDeviceCaps
IntersectClipRect
GetDIBits
CreateCompatibleBitmap
SetBoundsRect
CreateFontW
TextOutW
GetObjectW
GetCharWidthW
BitBlt
CreateDIBSection
CreateCompatibleDC
GdiAlphaBlend
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkMode
DeleteObject
SelectObject
GetStockObject
Rectangle
SetDCBrushColor
SetDCPenColor
CombineRgn
GetClipRgn
Polyline
GetTextMetricsW
CreateRectRgn
SelectClipRgn
ExcludeClipRect
RestoreDC
SetBkColor
CreateFontIndirectW
SaveDC
comdlg32
ChooseFontW
GetOpenFileNameW
ChooseColorW
GetSaveFileNameW
advapi32
SystemFunction036
LsaEnumerateAccounts
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
ChangeServiceConfigW
LsaAddAccountRights
ChangeServiceConfig2W
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
CreateProcessWithLogonW
LsaOpenAccount
LsaEnumeratePrivilegesOfAccount
LogonUserW
CreateProcessAsUserW
SetSecurityInfo
GetSecurityInfo
LsaLookupSids
LsaFreeMemory
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaOpenPolicy
LsaClose
LsaLookupPrivilegeName
CreateServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
StartServiceW
OpenServiceW
SetServiceStatus
shell32
SHCreateDirectoryExW
Shell_NotifyIconW
ShellExecuteExW
SHGetFolderPathW
DuplicateIcon
ExtractIconExW
SHGetFileInfoW
ole32
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
oleaut32
SysFreeString
Exports
Exports
PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplicationName
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBoostProvider
PhBufferToHexString
PhCenterRectangle
PhCenterWindow
PhCheckSumMappedImage
PhClearArray
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_SIZE_T
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_SIZE_T
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateDsObjectPickerDialog
PhCreateEMenu
PhCreateEMenuItem
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateKey
PhCreateList
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhCurrentSessionId
PhCurrentTokenQueryHandle
PhDecodeUnicodeDecoder
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_SIZE_T
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteProviderThread
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDoPropPageLayout
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateObject
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhElevated
PhElevationType
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeDsObjectPickerDialog
PhFreeDsObjectPickerObjects
PhFreeFileDialog
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseName
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDllFileName
PhGetDrawInfoGraphBuffers
PhGetEnabledProvider
PhGetEnlistmentBasicInformation
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetMappedArchiveImportEntry
PhGetMappedImageDataEntry
PhGetMappedImageDelayImports
PhGetMappedImageExportEntry
PhGetMappedImageExportFunction
PhGetMappedImageExportFunctionRemote
PhGetMappedImageExports
PhGetMappedImageImportDll
PhGetMappedImageImportEntry
PhGetMappedImageImports
PhGetMappedImageLoadConfig32
PhGetMappedImageLoadConfig64
PhGetMappedImageSectionName
PhGetMessage
PhGetModuleFromAddress
PhGetNextMappedArchiveMember
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetPhVersion
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginInformation
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessEnvironment
PhGetProcessExecuteFlags
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsPosix
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPosixCommandLine
PhGetProcessPriorityClassString
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetResourceManagerBasicInformation
PhGetRunIdProvider
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadContext
PhGetThreadPriorityWin32String
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTransactionBasicInformation
PhGetTransactionManagerBasicInformation
PhGetTransactionManagerLogFileName
PhGetTransactionPropertiesInformation
PhGetTreeNewText
PhGetWin32Message
PhGetWindowText
PhGetWindowTextEx
PhGraphStateGetDrawInfo
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHashBytes
PhHashStringRef
PhHeapHandle
PhHexStringToBuffer
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_SIZE_T
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeMappedArchive
PhInitializeMappedImage
PhInitializeProviderThread
PhInitializeStringBuilder
PhInitializeTreeNewColumnMenu
PhInitializeTreeNewFilterSupport
PhInitializeWorkQueue
PhInjectDllProcess
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvalidateAllProcessNodes
PhInvokeCallback
PhIsExecutablePacked
PhIsMappedArchiveMemberShortFormat
PhLayoutManagerLayout
PhLibImageBase
PhListenNamedPipe
PhLoadListViewColumnSettings
PhLoadListViewColumnsFromSetting
PhLoadMappedArchive
PhLoadMappedImage
PhLoadModuleSymbolProvider
PhLoadResourceEMenuItem
PhLoadSymbolProviderOptions
PhLoadWindowPlacementFromSetting
PhLocalTimeToSystemTime
PhLockFileStream
PhLogMessageEntry
PhLoggedCallback
PhLookupMemoryItemList
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhLowerBoundElementAvlTree
PhLowerDualBoundElementAvlTree
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMapViewOfEntireFile
PhMappedImageRvaToSection
PhMappedImageRvaToVa
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhModalPropertySheet
PhModifyEMenuItem
PhNetworkItemAddedEvent
PhNetworkItemModifiedEvent
PhNetworkItemRemovedEvent
PhNetworkItemsUpdatedEvent
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenProcessToken
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOpenThreadToken
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPluginAddMenuHook
PhPluginAddMenuItem
PhPluginAddTreeNewColumn
PhPluginCallPhSvc
PhPluginCreateEMenuItem
PhPluginEnableTreeNewNotify
PhPluginGetObjectExtension
PhPluginGetSystemStatistics
PhPluginQueryPhSvc
PhPluginRegisterIcon
PhPluginReserveIds
PhPluginSetObjectExtension
PhPredecessorElementAvlTree
PhPrintTimeSpan
PhProcessAddedEvent
Sections
.text Size: 1010KB - Virtual size: 1010KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 325KB - Virtual size: 325KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 187KB - Virtual size: 186KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.data Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE