8dd71039bb7fb960ddf187f11f089601_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8dd71039bb7fb960ddf187f11f089601_JaffaCakes118
Size

3.2MB
MD5

8dd71039bb7fb960ddf187f11f089601
SHA1

f9ae9036e657393599d3282dddda4ccbb33ae11b
SHA256

fff36e5c17d0f6d1ab54a776fc7193ad908619fcc2eb221391a64e4ef43b93fe
SHA512

1562a9bdcf306beee3c13378bdbfa36b16cbce1aa83f961aa59cda65ac59500ed312732d265681c0ce817d8f7785561d1038b41f1b8294061621b7292b55c748
SSDEEP

98304:ReQHM/E8ZmmKNHtvp2sDhkVt9CN4NIk++OqazMeobBU5:dMrgNF3hESzk++9az

Score

1^/10

Malware Config

Signatures

Files

8dd71039bb7fb960ddf187f11f089601_JaffaCakes118
.zip
CHANGELOG.txt
COPYRIGHT.txt
LICENSE.txt
README.txt
x64/ProcessHacker.exe
.exe windows:5 windows x64 arch:x64

e9303b2a3a410fbe877361a323454acd

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:25:0e:71:d2:d5:5f:7c:ad:70:4c:36:5b:24:ce:b2:d5:a4:9f:59:15:53:1a:03:ff:0f:bf:48:3a:1c:11:42
Signer

Actual PE Digest

33:25:0e:71:d2:d5:5f:7c:ad:70:4c:36:5b:24:ce:b2:d5:a4:9f:59:15:53:1a:03:ff:0f:bf:48:3a:1c:11:42

Digest Algorithm

sha256

PE Digest Matches

true

4a:12:c4:28:00:3d:f0:96:8b:10:c9:05:6e:7e:b3:00:b3:25:73:01
Signer

Actual PE Digest

4a:12:c4:28:00:3d:f0:96:8b:10:c9:05:6e:7e:b3:00:b3:25:73:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\processhacker2\bin\Release64\ProcessHacker.pdb

Imports

ntdll

NtCreateTimer
NtAlertThread
NtSetTimer
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
NtCreateSemaphore
NtQueryObject
NtClearEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlGetVersion
NtDeviceIoControlFile
NtSetInformationObject
NtQueryFullAttributesFile
NtSuspendProcess
NtOpenFile
NtQuerySecurityObject
NtOpenSection
NtQueryDirectoryFile
NtCreateFile
NtCreateKey
NtWriteVirtualMemory
NtSetContextThread
NtOpenThreadToken
NtQueryDirectoryObject
NtFsControlFile
NtDuplicateObject
NtOpenDirectoryObject
NtReadVirtualMemory
RtlPrefixUnicodeString
NtSetSecurityObject
NtResumeProcess
NtOpenProcess
NtQuerySymbolicLinkObject
RtlConvertSidToUnicodeString
NtOpenKey
NtUnloadDriver
RtlEqualUnicodeString
NtOpenSymbolicLinkObject
NtGetContextThread
NtOpenThread
NtDeleteKey
NtQueryKey
NtQueryValueKey
LdrLoadDll
LdrUnloadDll
NtSuspendThread
LdrGetProcedureAddress
NtQueryInformationFile
NtFlushBuffersFile
NtLockFile
NtUnlockFile
RtlInterlockedPopEntrySList
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteN
RtlExpandEnvironmentStrings_U
NtResumeThread
RtlGetDaclSecurityDescriptor
RtlCreateUserProcess
RtlNtStatusToDosError
RtlCreateProcessParameters
NtFilterToken
RtlStringFromGUID
RtlFindMessage
NtQueryAttributesFile
RtlAddAce
RtlDestroyProcessParameters
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlGetAce
RtlRandomEx
NtDuplicateToken
RtlGetFullPathName_U
NtSetInformationToken
NtTerminateProcess
NtCreateDebugObject
RtlCreateUserThread
NtAllocateVirtualMemory
NtCreateJobObject
NtTerminateThread
NtDebugActiveProcess
NtPowerInformation
NtTestAlert
RtlTimeToSecondsSince1980
RtlEqualSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlFirstEntrySList
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
NtQueryInformationProcess
NtRemoveProcessDebug
NtSetInformationThread
NtDelayExecution
NtClose
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
RtlAbsoluteToSelfRelativeSD
RtlLengthSid
NtCreateSection
NtQueryMutant
NtReleaseSemaphore
NtSetHighEventPair
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlSecondsSince1970ToTime
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtSetInformationFile
NtQueryInformationToken
NtOpenProcessToken
NtCreateMutant
NtAdjustPrivilegesToken
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtMapViewOfSection
NtQuerySection
RtlSetHeapInformation
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlQueryEnvironmentVariable_U
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtSetValueKey
RtlDetermineDosPathNameType_U
NtDeleteValueKey
NtAddAtom
RtlGUIDFromString
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtWaitForSingleObject
RtlDoesFileExists_U
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtInitiatePowerAction
NtFreeVirtualMemory

winsta

WinStationSendMessageW
WinStationShadow
WinStationGetAllProcesses
WinStationFreeGAPMemory
WinStationRegisterConsoleNotification
WinStationQueryInformationW
WinStationFreeMemory
WinStationEnumerateW
WinStationReset
WinStationDisconnect
WinStationConnectW

comctl32

ImageList_SetImageCount
PropertySheetW
InitCommonControlsEx
CreatePropertySheetPageW
ImageList_Remove
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ImageList_Replace

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetModuleHandleW
GetProcAddress
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateProcessW
SetConsoleCtrlHandler
RaiseException
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
GetACP
GetStdHandle
WriteFile
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
IsValidCodePage
GetOEMCP
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
CreateFileW
GetConsoleCP
GlobalSize
LocalAlloc
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
GlobalFree
GlobalAlloc
LockResource
SizeofResource
ExitThread
CreateRemoteThread
CreateThread
SetEndOfFile
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
GetSystemDefaultLangID
GetSystemDirectoryW
GetLocaleInfoW
GetUserDefaultLangID
SearchPathW
LocalFree
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
ExitProcess
SetErrorMode
GetTickCount
AllocConsole
GetConsoleWindow
FreeConsole
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
ReadFile
ReadConsoleW
HeapSize
HeapReAlloc
CreatePipe

user32

GetActiveWindow
GetFocus
GetWindowTextLengthW
GetWindowLongW
DestroyMenu
TrackPopupMenu
CreatePopupMenu
InsertMenuItemW
EndPaint
BeginPaint
ReleaseCapture
PtInRect
SetScrollPos
ShowCaret
EnableScrollBar
SetCapture
DestroyCaret
DragDetect
GetClipboardData
CreateCaret
SetCaretPos
GetScrollInfo
RegisterClipboardFormatW
SetScrollInfo
GetDCEx
FrameRect
ScreenToClient
ScrollWindowEx
GetUpdateRect
GetMessageTime
DrawFocusRect
GetCapture
GetAsyncKeyState
InvalidateRgn
WaitMessage
MessageBeep
GetMessagePos
GetUpdateRgn
GetIconInfo
SetCursorPos
DialogBoxParamW
SetDlgItemTextW
EndDialog
LockWorkStation
ExitWindowsEx
SendMessageW
IsWindowVisible
EnableWindow
GetParent
GetDlgItem
SetPropW
IsWindowEnabled
RemovePropW
GetPropW
GetClassNameW
GetWindowThreadProcessId
IsIconic
InvalidateRect
SetForegroundWindow
GetClientRect
FindWindowW
SetLayeredWindowAttributes
MoveWindow
ClientToScreen
GetMonitorInfoW
GetWindowInfo
RedrawWindow
ShowWindow
GetSubMenu
GetWindowPlacement
GetWindowLongPtrW
SetWindowLongPtrW
GetMenuItemCount
MonitorFromRect
SetWindowPos
GetMenu
FindWindowExW
PostMessageW
GetKeyState
GetMenuItemInfoW
MapWindowPoints
SetWindowTextW
GetWindowRect
MapDialogRect
DestroyIcon
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
SetCursor
LoadCursorW
CreateDialogParamW
GetSysColorBrush
GetSysColor
CopyIcon
SetDlgItemInt
SetTimer
DestroyWindow
ReleaseDC
SystemParametersInfoW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
DispatchMessageW
LoadAcceleratorsW
GetSystemMetrics
GetDC
SendMessageTimeoutW
GetMessageW
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
AppendMenuW
EndDeferWindowPos
DrawMenuBar
LoadIconW
SetFocus
SetMenuInfo
SetMenuItemInfoW
BeginDeferWindowPos
IsWindow
RegisterClassExW
CreateWindowExW
ShowWindowAsync
LoadMenuW
DefWindowProcW
DeferWindowPos
GetCursorPos
DrawIconEx
DrawTextW
TrackMouseEvent
IsHungAppWindow
SetActiveWindow
MonitorFromWindow
MonitorFromPoint
CallWindowProcW
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
FillRect
GetDlgItemInt
GetGuiResources
OpenWindowStationW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
CloseWindowStation
EnumDesktopsW
EnumWindows
GetGUIThreadInfo
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
GetWindowTextW
CreateDialogIndirectParamW
GetDesktopWindow
SetClipboardData
InternalGetWindowText
EmptyClipboard
CloseClipboard
OpenClipboard

gdi32

GetDIBits
SaveDC
GetCharWidthW
Rectangle
SetBkMode
BitBlt
DeleteDC
CreateDIBSection
GetClipRgn
GetStockObject
Polyline
SetDCBrushColor
SetDCPenColor
SelectObject
GetTextMetricsW
GetTextExtentPoint32W
GetTextColor
DeleteObject
CreateFontW
GetDeviceCaps
SetTextColor
SetBkColor
GetObjectW
CreateFontIndirectW
TextOutW
SelectClipRgn
ExcludeClipRect
RestoreDC
CombineRgn
IntersectClipRect
GdiAlphaBlend
CreateCompatibleBitmap
CreateCompatibleDC
SetBoundsRect
CreateRectRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
ChooseColorW

advapi32

SystemFunction036
GetSecurityInfo
SetSecurityInfo
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaOpenPolicy
LsaLookupPrivilegeName
EnumServicesStatusExW
QueryServiceConfigW
CreateProcessWithLogonW
LsaOpenAccount
LsaEnumeratePrivilegesOfAccount
LogonUserW
CreateProcessAsUserW
QueryServiceConfig2W
OpenServiceW
RegisterServiceCtrlHandlerExW
LsaEnumerateAccounts
LsaFreeMemory
SetServiceStatus
StartServiceCtrlDispatcherW
CreateServiceW
OpenSCManagerW
ChangeServiceConfig2W
ChangeServiceConfigW
LsaAddAccountRights
LsaClose
CloseServiceHandle
DeleteService
ControlService
StartServiceW
LsaLookupSids

shell32

DuplicateIcon
SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
ExtractIconExW

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

Exports

Exports

PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateEMenu
PhCreateEMenuItem
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateKey
PhCreateList
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhDecodeUnicodeDecoder
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDoPropPageLayout
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateObject
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseName
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDllFileName
PhGetDrawInfoGraphBuffers
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetMessage
PhGetModuleFromAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPhVersion
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginInformation
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessEnvironment
PhGetProcessExecuteFlags
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPriorityClassString
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetScalableIntegerPairSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadContext
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHashBytes
PhHashStringRef
PhHeapHandle
PhHexStringToBuffer
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeStringBuilder
PhInitializeTreeNewColumnMenu
PhInitializeTreeNewFilterSupport
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInjectDllProcess
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvalidateAllProcessNodes
PhInvokeCallback
PhIsExecutablePacked
PhIsExecutingInWow64
PhLayoutManagerLayout
PhLibImageBase
PhListenNamedPipe
PhLoadIcon
PhLoadListViewColumnSettings
PhLoadListViewColumnsFromSetting
PhLoadModuleSymbolProvider
PhLoadResourceEMenuItem
PhLoadSymbolProviderOptions
PhLoadWindowPlacementFromSetting
PhLocalTimeToSystemTime
PhLockFileStream
PhLogMessageEntry
PhLoggedCallback
PhLookupMemoryItemList
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhLowerBoundElementAvlTree
PhLowerDualBoundElementAvlTree
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhModalPropertySheet
PhModifyEMenuItem
PhNetworkItemAddedEvent
PhNetworkItemModifiedEvent
PhNetworkItemRemovedEvent
PhNetworkItemsUpdatedEvent
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenProcessToken
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOpenThreadToken
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPluginAddMenuHook
PhPluginAddMenuItem
PhPluginAddTreeNewColumn
PhPluginCallPhSvc
PhPluginCreateEMenuItem
PhPluginEnableTreeNewNotify
PhPluginGetObjectExtension
PhPluginGetSystemStatistics
PhPluginQueryPhSvc
PhPluginRegisterIcon
PhPluginReserveIds
PhPluginSetObjectExtension
PhPredecessorElementAvlTree
PhPrintTimeSpan
PhProcessAddedEvent
PhProcessModifiedEvent
PhProcessRemovedEvent
PhProcessesUpdatedEvent
PhPropPageDlgProcDestroy
PhPropPageDlgProcHeader
PhQueryFullAttributesFileWin32
PhQueryKey
PhQueryMemoryItemList
PhQueryRegistryString
PhQueryServiceVariableSize
PhQuerySystemTime
PhQueryTimeZoneBias
PhQueryValueKey
PhQueueItemWorkQueue
PhQueueItemWorkQueueEx
PhReAllocate
PhReAllocateSafe
PhReadFileStream
PhReadVirtualMemory
PhReferenceEmptyString
PhReferenceNetworkItem
PhReferenceObject
PhReferenceObjectEx
PhReferenceObjectSafe
PhReferenceObjects
PhReferenceProcessItem
PhReferenceProcessItemForParent
PhReferenceProcessItemForRecord
PhReferenceProcessRecord
PhReferenceProcessRecordForStatistics
PhReferenceProcessRecordSafe
PhReferenceServiceItem
PhRegisterCallback
PhRegisterCallbackEx
PhRegisterDialog
PhRegisterMessageLoopFilter
PhRegisterPlugin
PhRemoveAllEMenuItems

Sections

.text
Size: 1021KB - Virtual size: 1021KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/kprocesshacker.sys
.sys windows:6 windows x64 arch:x64

821d74031d3f625bcbd0df08b70f1e77

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:e9:01:7d:54:cd:93:f0:94:d0:a2:ab:7f:c0:e3:f5
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/11/2015, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:b5:5b:b7:c1:11:f9:3b:d3:ea:9a:c7:15:91:e1:a6:b8:9f:ee:e1
Signer

Actual PE Digest

61:b5:5b:b7:c1:11:f9:3b:d3:ea:9a:c7:15:91:e1:a6:b8:9f:ee:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\projects\processhacker2\kprocesshacker\bin\amd64\kprocesshacker.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
RtlInitUnicodeString
IoDeleteDevice
ProbeForWrite
ZwQuerySystemInformation
ZwQueryValueKey
ZwClose
IofCompleteRequest
PsGetCurrentProcessId
IoCreateDevice
SePrivilegeCheck
ZwOpenKey
ProbeForRead
RtlGetVersion
RtlCompareMemory
MmGetSystemRoutineAddress
PsProcessType
ObOpenObjectByName
ZwQueryObject
RtlEqualUnicodeString
KeUnstackDetachProcess
ExEnumHandleTable
ObQueryNameString
IoFileObjectType
IoDriverObjectType
IoGetCurrentProcess
ObReferenceObjectByHandle
ObCloseHandle
PsInitialSystemProcess
ObSetHandleAttributes
ZwQueryInformationProcess
ObfDereferenceObject
ExAllocatePoolWithQuotaTag
ZwQueryInformationThread
ObOpenObjectByPointer
KeStackAttachProcess
ExAcquireRundownProtection
PsLookupProcessByProcessId
PsJobType
PsReferencePrimaryToken
SeTokenObjectType
ExReleaseRundownProtection
ZwSetInformationProcess
PsGetProcessJob
PsLookupProcessThreadByCid
ZwTerminateProcess
PsDereferencePrimaryToken
IoThreadToProcess
RtlWalkFrameChain
KeInitializeApc
KeSetEvent
KeInsertQueueApc
KeInitializeEvent
PsSetContextThread
PsGetThreadWin32Thread
ZwSetInformationThread
KeWaitForSingleObject
PsThreadType
PsAssignImpersonationToken
PsGetContextThread
PsLookupThreadByThreadId
MmUnmapLockedPages
ExRaiseStatus
MmHighestUserAddress
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
MmUnlockPages
MmIsAddressValid
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/peview.exe
.exe windows:5 windows x64 arch:x64

00d74ea83ceccd86715f52affac9c888

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:3e:1f:cf:41:e6:0e:74:d8:b4:f7:dc:2d:46:f9:2c:c6:23:80:d0:f6:56:59:d5:d0:ca:44:d6:19:ec:11:6c
Signer

Actual PE Digest

a7:3e:1f:cf:41:e6:0e:74:d8:b4:f7:dc:2d:46:f9:2c:c6:23:80:d0:f6:56:59:d5:d0:ca:44:d6:19:ec:11:6c

Digest Algorithm

sha256

PE Digest Matches

true

80:08:0d:8b:08:4a:34:2a:5e:16:04:26:05:a1:ac:20:3c:10:6f:ac
Signer

Actual PE Digest

80:08:0d:8b:08:4a:34:2a:5e:16:04:26:05:a1:ac:20:3c:10:6f:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\processhacker2\bin\Release64\peview.pdb

Imports

ntdll

NtCreateFile
NtQueryInformationFile
RtlRaiseStatus
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
NtSetEvent
NtCreateEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
NtReleaseSemaphore
NtCreateSemaphore
NtSetInformationThread
NtMapViewOfSection
NtCreateSection
RtlCreateHeap
RtlGetVersion
NtQuerySystemInformation
NtAddAtom
NtWaitForSingleObject
RtlNtStatusToDosError
RtlFindMessage
NtClose
RtlDosPathNameToNtPathName_U
NtUnmapViewOfSection
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlSecondsSince1970ToTime

kernel32

GetOEMCP
IsValidCodePage
GetCPInfo
GetFileType
HeapAlloc
HeapFree
GetModuleHandleExW
WideCharToMultiByte
WriteFile
GetStdHandle
GetACP
MultiByteToWideChar
GetStringTypeW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
IsValidLocale
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
ExitProcess
SetLastError
GlobalUnlock
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
RaiseException
CreateFileW
InitializeCriticalSectionAndSpinCount
GlobalLock
GlobalFree
GlobalAlloc
GetDateFormatW
GetModuleHandleW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsSetValue
TlsAlloc
TlsGetValue
CreateThread
GetUserDefaultLangID
GetLocaleInfoW
GetSystemDefaultLangID
GetLastError
LoadLibraryW
GetProcAddress

user32

SetPropW
GetWindowLongPtrW
SetCursor
GetPropW
CallWindowProcW
RemovePropW
GetParent
GetDlgItem
SendMessageW
ReleaseDC
GetDC
GetKeyState
SetDlgItemTextW
ShowWindow
SetWindowLongPtrW
PostMessageW
MoveWindow
GetMonitorInfoW
MonitorFromWindow
MessageBoxW
GetWindowRect
InvalidateRect
GetClientRect
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowPos

gdi32

SelectObject
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SystemFunction036

shell32

SHGetFileInfoW
SHGetFolderPathW
ExtractIconExW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

comctl32

CreatePropertySheetPageW
PropertySheetW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/plugins/DotNetTools.dll
.dll windows:5 windows x64 arch:x64

429638b38a3d86645ff71c7962876304

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:25:e9:89:7a:1b:dd:63:d8:62:86:a2:db:27:c7:ad:d2:4a:68:94:e2:92:e9:6b:f6:49:e1:26:96:07:fa:df
Signer

Actual PE Digest

39:25:e9:89:7a:1b:dd:63:d8:62:86:a2:db:27:c7:ad:d2:4a:68:94:e2:92:e9:6b:f6:49:e1:26:96:07:fa:df

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\DotNetTools.pdb

Imports

processhacker.exe

PhPluginAddTreeNewColumn
PhPluginGetObjectExtension
PhPluginCallPhSvc
PhPluginQueryPhSvc
PhAddItemSimpleHashtable
PhRemoveItemSimpleHashtable
PhfWakeForReleaseQueuedLock
PhUiDisconnectFromPhSvc
PhUiConnectToPhSvcEx
PhFindItemSimpleHashtable
PhfAcquireQueuedLockExclusive
PhCreateSimpleHashtable
PhFormatToBuffer
PhSetListViewSubItem
PhAddPropPageLayoutItem
PhAddListViewColumn
PhLoadListViewColumnsFromSetting
PhUnregisterCallback
PhSaveListViewColumnsToSetting
PhHandleListViewNotifyForCopy
PhAddListViewItem
PhAddComboBoxStrings
PhSetIntegerSetting
PhGetIntegerSetting
PhFormatUInt64
PhGetProcessIsDotNet
PhAddSettings
PhGetGeneralCallback
PhPluginSetObjectExtension
PhRegisterCallback
PhRegisterPlugin
PhGetPluginCallback
PhOpenProcessToken
PhDuplicateObject
WindowsVersion
PhFormatString_V
PhEnumProcessModules
PhGetSystemRoot
PhOpenProcess
PhReadVirtualMemory
PhGetThreadContext
PhfEndInitOnce
ProcessQueryAccess
PhOpenThread
PhConcatStringRef2
PhEnumProcessModules32
PhfBeginInitOnce
PhFindLastCharInStringRef
PhCreateList
PhCreateString
PhGetTreeNewText
PhSetControlTheme
PhFormatString
PhAllocate
PhCreateThread
PhFindProcessInformation
PhCountStringZ
PhInitializeStringBuilder
PhCmLoadSettings
PhPropPageDlgProcHeader
PhCompareStringRef
PhConcatStrings2
PhAddItemList
PhGetWin32Message
PhGetStringSetting
PhSetClipboardString
PhGetProcessIsDotNetEx
PhSetStringSetting2
PhSplitStringRefAtChar
PhAddProcessPropPage
PhRemoveStringBuilder
PhCreateStringEx
PhPropPageDlgProcDestroy
PhDoPropPageLayout
PhFinalStringBuilderString
PhAutoDereferenceObject
PhFree
PhConcatStrings
PhCmSaveSettings
PhCreateProcessPropPageContextEx
PhEnumProcesses
PhShowMessage
PhAppendStringBuilder2
PhDereferenceObject
PhGetProcessIsSuspended

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
NtMapViewOfSection
NtUnmapViewOfSection
RtlFreeSid
NtQueryInformationToken
RtlAllocateAndInitializeSid
LdrGetDllHandle
NtReleaseMutant
RtlNtStatusToDosError
NtQueryInformationProcess
RtlEqualUnicodeString
LdrGetProcedureAddress
NtWaitForSingleObject
NtClose

kernel32

LCMapStringW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetProcessHeap
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
TlsGetValue
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
OpenFileMappingW
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
RaiseException
GetEnvironmentStringsW

user32

GetKeyState
SetCursor
LoadCursorW
SetDlgItemTextW
PostMessageW
GetDlgItem
SendMessageW
ShowWindow

advapi32

SystemFunction036
ControlTraceW
CloseTrace
ProcessTrace
StartTraceW
OpenTraceW

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/plugins/ExtendedNotifications.dll
.dll windows:5 windows x64 arch:x64

acd7837a0f8690fa4b5ada849f2560b0

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:9c:43:48:9e:e7:f5:b5:9f:1d:27:99:da:9f:1c:91:87:9d:cf:a6:56:55:c2:1c:c6:d7:0d:97:9c:ef:fb:aa
Signer

Actual PE Digest

c7:9c:43:48:9e:e7:f5:b5:9f:1d:27:99:da:9f:1c:91:87:9d:cf:a6:56:55:c2:1c:c6:d7:0d:97:9c:ef:fb:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ExtendedNotifications.pdb

Imports

processhacker.exe

PhCreateSaveFileDialog
PhRegisterCallback
PhAutoDereferenceObject
PhFormatLogEntry
PhWriteStringFormatAsUtf8FileStream
PhCreateFileStream
PhGetStringSetting
PhLoggedCallback
PhFree
PhAllocateSafe
PhReferenceProcessItemForParent
PhCreateList
PhFreeFileDialog
PhAllocate
PhShowFileDialog
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhInsertItemList
PhClearList
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhSetFileDialogFilter
PhAddItemList
PhAddSettings
PhRemoveItemList
PhGetFileDialogFileName
PhSetFileDialogFileName
PhGetGeneralCallback
PhFormatDateTime
PhSetStringSetting2
PhGetGlobalWorkQueue
PhQueueItemWorkQueue
PhFinalStringBuilderString
PhFormatString_V
PhSetIntegerSetting
PhAppendCharStringBuilder
PhMatchWildcards
PhGetIntegerSetting
PhRegisterPlugin
PhReferenceObject
PhAppendStringBuilderEx
PhGetPluginCallback
PhDeleteStringBuilder
PhGetFileName
PhConvertUtf8ToUtf16
PhDereferenceObject
PhFindCharInStringRef
PhModalPropertySheet
PhDuplicateBytesZSafe

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx

user32

SendMessageW
SetWindowLongPtrW
EnableWindow
GetParent
GetDlgItem
SetDlgItemTextW

comctl32

ord412
ord410
ord413
CreatePropertySheetPageW

kernel32

HeapSize
WriteConsoleW
FlushFileBuffers
CreateFileW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapReAlloc
GetConsoleCP
WriteFile
SetStdHandle
GetACP
CloseHandle
LCMapStringW
GetFileType
GetStdHandle
GetConsoleMode
SetFilePointerEx
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

advapi32

SystemFunction036

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/plugins/ExtendedServices.dll
.dll windows:5 windows x64 arch:x64

8077acd95550e90db0afd6fb1689e912

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:80:bd:ba:89:aa:33:d5:f0:29:15:06:d6:45:0e:f3:42:43:3c:f8:de:52:d1:dd:15:60:a1:5c:55:87:73:36
Signer

Actual PE Digest

cf:80:bd:ba:89:aa:33:d5:f0:29:15:06:d6:45:0e:f3:42:43:3c:f8:de:52:d1:dd:15:60:a1:5c:55:87:73:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ExtendedServices.pdb

Imports

processhacker.exe

PhQueryRegistryString
PhReAllocate
PhFinalStringBuilderString
PhReferenceEmptyString
PhDeleteAutoPool
PhInitializeAutoPool
PhGetSelectedListViewItemParam
PhClearList
PhFormatString
PhConcatStringRef2
PhAppendStringBuilderEx
PhCreateAlloc
PhOpenKey
PhCreateString
PhFreeFileDialog
PhShowFileDialog
PhSetFileDialogFilter
PhCreateOpenFileDialog
PhGetComboBoxString
PhCreateServiceListControl
PhGetFileDialogFileName
PhSetFileDialogFileName
PhCenterWindow
PhaChoiceDialog
PhGetNtMessage
PhSetListViewSubItem
PhLookupPrivilegeDisplayName
PhSetControlTheme
PhQueryServiceVariableSize
PhDereferenceObjects
PhFindIntegerSiKeyValuePairs
PhEqualStringRef
PhSelectComboBoxString
PhSetExtendedListView
PhInitializeStringBuilder
PhGetWindowText
PhAddListViewColumn
PhRemoveItemList
PhSidToStringSid
PhRemoveListViewItem
PhUiDisconnectFromPhSvc
PhUiConnectToPhSvc
PhCreateStringEx
PhGetListViewItemParam
PhFindItemList
PhFindStringSiKeyValuePairs
PhAddListViewItem
PhSvcCallChangeServiceConfig2
PhAddComboBoxStrings
PhAppendCharStringBuilder
PhDeleteStringBuilder
PhNtStatusToDosError
PhOpenLsaPolicy
PhShowMessage
PhAppendStringBuilder
PhDereferenceObject
PhGetOwnTokenAttributes
PhSetIntegerSetting
PhMainWndHandle
PhInsertEMenuItem
PhUiContinueService
PhUiStopService
PhfReleaseQueuedLockShared
PhEscapeStringForMenuPrefix
PhPluginCreateEMenuItem
PhCompareStringRef
PhFindEMenuItem
PhDestroyEMenuItem
PhAddSettings
WindowsVersion
PhShowStatus
PhGetGeneralCallback
PhfAcquireQueuedLockShared
PhIndexOfEMenuItem
PhFormatString_V
PhRegisterCallback
PhGetIntegerSetting
PhUiStartService
PhRegisterPlugin
PhReferenceObject
PhGetPluginCallback
PhUiPauseService
PhCreateList
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhOpenService
PhCountStringZ
PhConcatStrings2
PhAddItemList
PhGetWin32Message
PhReferenceServiceItem
PhGetServiceConfig
PhAddLayoutItem
PhAutoDereferenceObject
PhFree
PhLayoutManagerLayout
PhFormatGuid

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
NtClose
NtEnumerateKey
RtlGUIDFromString
RtlUnwindEx
RtlCaptureContext

kernel32

HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
HeapAlloc
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
GetComputerNameW
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError
WriteConsoleW
CreateFileW
RaiseException
IsValidCodePage

user32

DialogBoxParamW
SetPropW
MoveWindow
MapWindowPoints
IsWindowEnabled
GetWindowTextLengthW
GetWindowLongPtrW
SetTimer
GetParent
SetWindowLongPtrW
GetDlgItemInt
SetDlgItemInt
EnableWindow
EndDialog
GetDlgItem
SendMessageW
GetWindowRect
GetPropW
RemovePropW
ShowWindow
SetDlgItemTextW

advapi32

SystemFunction036
CloseServiceHandle
LsaEnumeratePrivileges
LsaClose
QueryServiceConfig2W
ChangeServiceConfig2W
LsaFreeMemory
QueryServiceStatus
EnumDependentServicesW

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/plugins/ExtendedTools.dll
.dll windows:5 windows x64 arch:x64

57c8eebfd251362d0d8c159c9f6201f4

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

66:63:19:23:c8:49:c9:d3:0f:03:a6:2f:a8:ba:3e:5f:77:f8:2c:14:af:22:11:c2:e4:15:7a:fa:be:af:18:bd
Signer

Actual PE Digest

66:63:19:23:c8:49:c9:d3:0f:03:a6:2f:a8:ba:3e:5f:77:f8:2c:14:af:22:11:c2:e4:15:7a:fa:be:af:18:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ExtendedTools.pdb

Imports

processhacker.exe

PhDeleteCircularBuffer_FLOAT
PhCreateProcessPropPageContextEx
PhSetGraphText
PhDoPropPageLayout
PhPropPageDlgProcDestroy
PhAddProcessPropPage
PhAddLayoutItemEx
PhGlobalDpi
PhDeleteCircularBuffer_ULONG
PhSiSetColorsGraphDrawInfo
PhPropPageDlgProcHeader
PhPrintTimeSpan
PhDivideSinglesBySingle
PhApplicationFont
PhFormatSize
PhGetStatisticsTime
PhAppendStringBuilder
PhAppendStringBuilder2
PhGetDrawInfoGraphBuffers
PhFindProcessRecord
PhFinalStringBuilderString
PhRemoveStringBuilder
PhInitializeStringBuilder
PhPluginRegisterIcon
PhDrawGraphDirect
PhfBeginInitOnce
PhPluginAddTreeNewColumn
PhfEndInitOnce
PhPluginEnableTreeNewNotify
PhNetworkItemsUpdatedEvent
PhEnumProcesses
PhFindNetworkNode
PhReferenceNetworkItem
PhInitializeCircularBuffer_ULONG64
PhSiSizeLabelYFunction
PhDeleteCircularBuffer_ULONG64
PhPluginGetObjectExtension
PhInitializeGraphState
PhRegisterPlugin
PhIndexOfEMenuItem
PhPluginSetObjectExtension
PhGetGeneralCallback
PhAddSettings
PhPluginCreateEMenuItem
PhInsertEMenuItem
PhCreateServiceListControl
PhShowStatus
PhReferenceServiceItem
PhCreateSymbolProvider
PhCreateAlloc
PhEnumGenericModules
PhLoadSymbolProviderOptions
PhGetSymbolFromAddress
PhDuplicateObject
PhOpenProcess
PhLoadModuleSymbolProvider
PhOpenThread
PhShowConfirmMessage
PhFormatDateTime
PhAddListViewItem
PhHandleListViewNotifyForCopy
PhAllocateSafe
PhAddListViewColumn
PhSetExtendedListView
PhReadVirtualMemory
PhSetListViewSubItem
PhCopyStringZ
PhFindListViewItemByParam
PhFindItemSimpleHashtable
PhQueueItemWorkQueue
PhGetGlobalWorkQueue
PhGetBaseName
PhSystemBasicInformation
PhGetModuleFromAddress
PhAddPropPageLayoutItem
PhUnregisterCallback
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhCopyCircularBuffer_FLOAT
PhAddLayoutItem
PhCenterWindow
PhLayoutManagerLayout
PhGetStatisticsTimeString
PhBufferToHexString
PhCountStringZ
PhInitializeCircularBuffer_ULONG
PhHexStringToBuffer
PhSetIntegerSetting
PhInitializeCircularBuffer_FLOAT
PhReferenceProcessRecordForStatistics
PhFormatString
PhFormatString_V
PhCreateThread
WindowsVersion
PhHashStringRef
PhfReleaseQueuedLockShared
PhCreateObjectType
PhEqualStringRef
PhAddEntryHashtableEx
PhfWakeForReleaseQueuedLock
PhInvokeCallback
PhAllocateFromFreeList
PhfAcquireQueuedLockShared
PhInitializeFreeList
PhDereferenceProcessRecord
PhCreateObject
PhReferenceProcessItem
PhGetFileName
PhfAcquireQueuedLockExclusive
PhFreeToFreeList
PhProcessesUpdatedEvent
PhReferenceProcessRecord
PhCreateSimpleHashtable
PhAddEntryHashtable
PhGetStockApplicationIcon
PhMainWndHandle
PhCreateList
PhShellProcessHacker
PhCreateString
PhGetTreeNewText
PhShowProcessRecordDialog
PhFormat
PhInitializeTreeNewFilterSupport
PhSetControlTheme
PhAllocate
PhFindProcessNode
PhLoadResourceEMenuItem
PhSetIntegerPairSetting
PhRemoveEntryHashtable
PhSetFlagsAllEMenuItems
PhCmLoadSettings
PhCompareStringRef
PhDeleteTreeNewColumnMenu
PhFindEMenuItem
PhCreateEMenu
PhGetPluginInformation
PhAddItemList
PhReferenceProcessItemForRecord
PhShellExploreFile
PhGetStringSetting
PhHandleTreeNewColumnMenu
PhInitializeTreeNewColumnMenu
PhRemoveItemList
PhSetClipboardString
PhAddTreeNewFilter
PhApplyTreeNewFiltersToNode
PhGetIntegerPairSetting
PhCreateHashtable
PhFormatUInt64
PhInitializeLayoutManager
PhAddItemSimpleHashtable
PhDeleteLayoutManager
PhFindPlugin
PhSetStringSetting2
PhCreateStringEx
PhApplyTreeNewFilters
PhFindItemList
PhShowEMenu
PhAutoDereferenceObject
PhRegisterCallback
PhSelectAndEnsureVisibleProcessNode
PhGetIntegerSetting
PhDestroyEMenu
PhFree
PhCmSaveSettings
PhReferenceObject
PhWriteStringAsUtf8FileStream
PhShowMessage
PhGetGenericTreeNewLines
PhShellProperties
PhDereferenceObject
PhGetOwnTokenAttributes
PhWriteStringAsUtf8FileStream2
PhFindEntryHashtable
PhGetPluginCallback
PhSetFlagsEMenuItem

ntdll

NtQueryInformationWorkerFactory
RtlInterlockedPushEntrySList
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationProcess
NtQueryInformationProcess
RtlGetUnloadEventTraceEx
RtlSecondsSince1970ToTime
NtCancelSynchronousIoFile
NtAlpcQueryInformation
RtlUnwindEx
RtlClearAllBits
RtlSetBits
RtlNumberOfSetBits
RtlInitializeBitMap
LdrGetDllHandle
LdrGetProcedureAddress
NtClose
RtlInterlockedFlushSList
NtQueryPerformanceCounter
RtlInitializeSListHead

kernel32

VirtualProtect
GetSystemInfo
GetLastError
RaiseException
VirtualQuery
GetStartupInfoW
GetModuleFileNameW
FreeLibrary
LoadLibraryExA
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleW
LocalFree
GetProcAddress
Sleep
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
InitializeSListHead

user32

InvalidateRect
GetSysColorBrush
GetDlgItem
SetCursor
LoadCursorW
SetTimer
EnableWindow
MoveWindow
CopyIcon
DestroyIcon
DestroyWindow
GetPropW
RemovePropW
SetPropW
DeferWindowPos
GetWindowRect
SetWindowPos
EndDialog
GetSystemMetrics
BeginDeferWindowPos
MapWindowPoints
EndDeferWindowPos
MapDialogRect
GetClientRect
GetParent
DialogBoxParamW
CreateDialogParamW
GetKeyState
PostMessageW
CreateWindowExW
SendMessageW
ShowWindow
SetDlgItemTextW
SetFocus

gdi32

SelectObject
SetBkMode

advapi32

SystemFunction036
StartTraceW
OpenTraceW
ControlTraceW
EnableTraceEx
CloseTrace
ProcessTrace

ole32

CoCreateInstance

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/plugins/HardwareDevices.dll
.dll windows:5 windows x64 arch:x64

d490d2e64d120d39ffaf9dfcf0b61a46

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:9a:d8:9a:8c:0d:26:19:ad:0c:32:da:b8:5f:a7:8a:73:92:c2:2b:6e:90:69:21:a8:f2:ab:ac:37:2f:60:d0
Signer

Actual PE Digest

c9:9a:d8:9a:8c:0d:26:19:ad:0c:32:da:b8:5f:a7:8a:73:92:c2:2b:6e:90:69:21:a8:f2:ab:ac:37:2f:60:d0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\HardwareDevices.pdb

Imports

processhacker.exe

PhReAllocate
PhStringToInteger64
PhConcatStrings_V
PhCreateFileWin32
PhInsertEMenuItem
PhTrimStringRef
PhCreateEMenuItem
PhCreateEMenu
PhAddSettings
PhGetGeneralCallback
PhShowEMenu
PhDestroyEMenu
PhRegisterPlugin
PhGetPluginCallback
PhQueryValueKey
PhModalPropertySheet
PhConcatStrings2
PhDereferenceObject
PhEqualStringRef
PhFindListViewItemByFlags
PhSetExtendedListView
PhGetStringSetting
PhSetStringSetting2
PhSplitStringRefAtChar
PhCreateStringEx
PhGetListViewItemParam
PhFormatString
PhDivideSinglesBySingle
PhInitializeGraphState
PhSiSizeLabelYFunction
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhGetDrawInfoGraphBuffers
PhGetStatisticsTimeString
PhFormatSize
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhRemoveStringBuilder
PhFinalStringBuilderString
PhQueryRegistryString
PhConcatStringRef2
PhDeleteStringBuilder
PhOpenKey
PhFormatUInt64
PhMainWndHandle
PhInitializeLayoutManager
PhDeleteLayoutManager
PhSetListViewSubItem
PhSetControlTheme
PhAllocate
PhCreateThread
PhGetSelectedListViewItemParam
PhAddListViewColumn
PhDeleteAutoPool
PhUnregisterCallback
PhDrainAutoPool
PhAddLayoutItem
PhAddListViewItem
PhFormatString_V
PhAutoDereferenceObject
PhRegisterCallback
PhInitializeAutoPool
PhCenterWindow
PhFree
PhProcessesUpdatedEvent
PhLayoutManagerLayout
PhConvertMultiByteToUtf16
PhCreateList
PhDereferenceObjectDeferDelete
PhCreateString
PhDeleteCircularBuffer_ULONG64
PhfReleaseQueuedLockShared
PhCreateObjectType
PhCountStringZ
PhfWakeForReleaseQueuedLock
PhAddItemList
WindowsVersion
PhRemoveItemList
PhInitializeCircularBuffer_ULONG64
PhfAcquireQueuedLockShared
PhReferenceObjectSafe
PhFindItemList
PhGetIntegerSetting
PhCreateObject
PhReferenceObject
PhfAcquireQueuedLockExclusive

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQueryInformationProcess
NtDeviceIoControlFile
RtlGUIDFromString
LdrGetProcedureAddress
RtlIpv4AddressToStringW
NtClose
RtlUnwindEx

kernel32

HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
HeapAlloc
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
LCMapStringW
GetACP
IsDebuggerPresent
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetLogicalDrives
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
CloseHandle
WriteConsoleW
CreateFileW

user32

SetWindowTextW
IsIconic
SetForegroundWindow
PostQuitMessage
EnableWindow
GetCursorPos
GetParent
CreateWindowExW
InvalidateRect
DefWindowProcW
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
GetPropW
SendMessageW
RemovePropW
GetDlgItem
ShowWindow
DispatchMessageW
IsDialogMessageW
SetDlgItemTextW
SetPropW
TranslateMessage

comctl32

ord413
CreatePropertySheetPageW
ord410

advapi32

SystemFunction036

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/plugins/NetworkTools.dll
.dll windows:5 windows x64 arch:x64

708b686e80e093711f38091d787a01bd

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:52:8c:6f:6d:92:a0:7d:a9:ad:1a:df:8a:46:ee:1c:70:ff:18:1d:b0:40:85:bd:f8:aa:f4:ef:62:04:d1:18
Signer

Actual PE Digest

c6:52:8c:6f:6d:92:a0:7d:a9:ad:1a:df:8a:46:ee:1c:70:ff:18:1d:b0:40:85:bd:f8:aa:f4:ef:62:04:d1:18

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\NetworkTools.pdb

Imports

processhacker.exe

WindowsVersion
PhReAllocate
PhCreateProcessWin32Ex
PhFormatString
PhApplicationFont
PhDivideSinglesBySingle
PhInitializeGraphState
PhInitializeCircularBuffer_ULONG
PhGetPluginCallback
PhGetPhVersion
PhSiSetColorsGraphDrawInfo
PhUnregisterCallback
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhQueueItemWorkQueue
PhDeleteWorkQueue
PhSetGraphText
PhInitializeWorkQueue
PhProcessesUpdatedEvent
PhCreateBytesEx
PhMainWndHandle
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhCreateThread
PhSaveWindowPlacementToSetting
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhTerminateProcess
PhGetIntegerPairSetting
PhLoadWindowPlacementFromSetting
PhRemoveStringBuilder
PhDrainAutoPool
PhAddLayoutItem
PhFormatString_V
PhAutoDereferenceObject
PhGetScalableIntegerPairSetting
PhAppendCharStringBuilder
PhInitializeAutoPool
PhCenterWindow
PhFree
PhDeleteStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilder
PhLayoutManagerLayout
PhDereferenceObject
PhShellExecute
PhSetIntegerSetting
PhGetIntegerSetting
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhFindEMenuItem
PhAddSettings
PhGetGeneralCallback
PhIndexOfEMenuItem
PhRegisterCallback
PhRegisterPlugin

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtReadFile
NtSetInformationObject
RtlOemStringToUnicodeString
RtlIpv6AddressToStringW
NtClose
RtlIpv4AddressToStringW
RtlFreeUnicodeString
RtlUnwindEx

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
SetLastError
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetFileType
LCMapStringW
IsValidCodePage
GetOEMCP
RaiseException
CreateFileW
CloseHandle
WriteConsoleW
MulDiv
GetStdHandle
CreatePipe
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
EnterCriticalSection

user32

SetWindowTextW
DialogBoxParamW
SetDlgItemInt
GetDlgItemInt
PostMessageW
GetDC
SetWindowLongPtrW
CreateWindowExW
GetSystemMetrics
GetWindowLongPtrW
DestroyIcon
SetDlgItemTextW
GetSysColorBrush
SystemParametersInfoW
LoadImageW
InvalidateRect
ReleaseDC
GetMessageW
CreateDialogParamW
DestroyWindow
GetPropW
SendMessageW
RemovePropW
GetDlgCtrlID
ShowWindow
DispatchMessageW
IsDialogMessageW
SetPropW
TranslateMessage
MapDialogRect
GetDlgItem
PostQuitMessage
GetParent
SetForegroundWindow
EndDialog

gdi32

SetBkColor
GetStockObject
DeleteObject
SetBkMode
GetDeviceCaps
CreateFontW
SelectObject
SetTextColor

advapi32

SystemFunction036

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/plugins/OnlineChecks.dll
.dll windows:5 windows x64 arch:x64

04815c367f41620755869bb42bd07b00

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:ea:39:f1:e2:fc:6b:d2:ac:7c:0d:bd:09:2c:e4:e5:32:7a:40:99:85:c2:1f:91:02:bb:fe:54:a2:1a:8b:78
Signer

Actual PE Digest

bf:ea:39:f1:e2:fc:6b:d2:ac:7c:0d:bd:09:2c:e4:e5:32:7a:40:99:85:c2:1f:91:02:bb:fe:54:a2:1a:8b:78

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\OnlineChecks.pdb

Imports

processhacker.exe

PhMainWndHandle
PhCreateString
PhGetFileSize
PhQuerySystemTime
PhFormatSize
PhBufferToHexString
PhFormatString
PhAllocate
PhCreateThread
PhCountStringZ
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
PhGetPhVersion
WindowsVersion
PhDeleteAutoPool
PhGetBaseName
PhCreateFileWin32
PhCreateStringEx
PhDrainAutoPool
PhReAllocate
PhInitializeAutoPool
PhCenterWindow
PhConvertUtf16ToAsciiEx
PhFree
PhDeleteStringBuilder
PhZeroExtendToUtf16Ex
PhDereferenceObject
PhShellExecute
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhFindEMenuItem
PhGetGeneralCallback
PhIndexOfEMenuItem
PhRegisterCallback
PhRegisterPlugin
PhGetPluginCallback

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlNtStatusToDosError
NtClose
NtReadFile
NtSetInformationFile
RtlRandomEx
RtlCaptureContext

kernel32

GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
CreateFileW
GetLastError
MulDiv
WriteConsoleW
SetFilePointerEx
CloseHandle
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
GetACP
GetFileType
WideCharToMultiByte
HeapFree
HeapAlloc
HeapReAlloc
LCMapStringW
GetLocaleInfoW
FreeLibrary
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
IsValidLocale

user32

GetDlgCtrlID
IsIconic
SetForegroundWindow
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
GetParent
SetPropW
TranslateMessage
GetDlgItem
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
ReleaseDC

gdi32

GetDeviceCaps
SetTextColor
SetBkMode
DeleteObject
CreateFontW

advapi32

SystemFunction036
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/plugins/SbieSupport.dll
.dll windows:5 windows x64 arch:x64

72ee8e9111090fd44c3cca631502d2bb

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:8d:ce:d3:45:a7:9e:0e:01:f9:52:e8:5d:09:0e:eb:d5:2d:40:de:69:47:ed:5c:3c:3d:44:21:21:7d:bf:92
Signer

Actual PE Digest

a6:8d:ce:d3:45:a7:9e:0e:01:f9:52:e8:5d:09:0e:eb:d5:2d:40:de:69:47:ed:5c:3c:3d:44:21:21:7d:bf:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\SbieSupport.pdb

Imports

processhacker.exe

PhFindProcessNode
PhEnumHashtable
PhfAcquireQueuedLockExclusive
PhGetFileName
PhGetPluginCallback
PhRegisterPlugin
PhRegisterCallback
PhAutoDereferenceObject
PhUpdateProcessNode
PhSetStringSetting2
PhfAcquireQueuedLockShared
PhCreateHashtable
PhClearHashtable
PhGetGeneralCallback
PhAddEntryHashtable
PhMainWndHandle
PhInsertEMenuItem
PhShowConfirmMessage
PhfReleaseQueuedLockShared
PhOpenProcess
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhFindEntryHashtable
PhGetWindowText
PhSetFileDialogFilter
PhAppendFormatStringBuilder
PhCreateOpenFileDialog
PhfWakeForReleaseQueuedLock
PhAddSettings
PhGetStringSetting
PhGetFileDialogFileName
PhTerminateProcess
PhSetFileDialogFileName

ntdll

RtlCreateTimerQueue
LdrGetProcedureAddress
RtlCreateTimer
NtClose
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx

kernel32

RaiseException
CreateFileW
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
LoadLibraryW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
GetModuleFileNameW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection

user32

SetDlgItemTextW
EndDialog
GetDlgItem
DialogBoxParamW

advapi32

SystemFunction036

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/plugins/ToolStatus.dll
.dll windows:5 windows x64 arch:x64

9fb4b3a9b70f3602941950722824886a

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:32:57:30:24:00:2f:9f:3a:65:fa:ea:f7:7f:f1:27:4f:c9:e8:7b:69:45:c6:16:43:8a:2d:3b:cd:9c:dd:3f
Signer

Actual PE Digest

af:32:57:30:24:00:2f:9f:3a:65:fa:ea:f7:7f:f1:27:4f:c9:e8:7b:69:45:c6:16:43:8a:2d:3b:cd:9c:dd:3f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ToolStatus.pdb

Imports

windowscodecs

WICConvertBitmapSource

processhacker.exe

PhGetServiceErrorControlString
PhCenterWindow
PhGlobalDpi
PhRemoveItemList
PhInsertItemList
PhAllocate
PhMainWndHandle
PhGetIntegerSetting
PhSetIntegerSetting
PhAddComboBoxStrings
WindowsVersion
PhGetStatisticsTimeString
PhGetStatisticsTime
PhDereferenceObject
PhFindProcessRecord
PhAutoDereferenceObject
PhFormatString_V
PhDereferenceProcessRecord
PhCopyCircularBuffer_FLOAT
PhGraphStateGetDrawInfo
PhDeleteGraphState
PhSiSetColorsGraphDrawInfo
PhInitializeGraphState
PhDivideSinglesBySingle
PhSystemBasicInformation
PhFormatString
PhShowProcessRecordDialog
PhFormatSize
PhDeselectAllProcessNodes
PhCreateSimpleHashtable
PhSetFlagsEMenuItem
PhCreateProcessPropContext
PhGetOwnTokenAttributes
PhShowMessage
PhCreateAlloc
PhGetPluginCallback
PhReferenceObject
PhRegisterPlugin
PhReferenceProcessItem
PhGetFilterSupportNetworkTreeList
PhDestroyEMenu
PhDeselectAllServiceNodes
PhGetFilterSupportServiceTreeList
PhRegisterCallback
PhExpandAllProcessNodes
PhShowEMenu
PhFindItemSimpleHashtable
PhApplyTreeNewFilters
PhShowProcessProperties
PhIconToBitmap
PhAddTreeNewFilter
PhReferenceEmptyString
PhLoadIcon
PhCreateString
PhQuerySystemTime
PhClearList
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhStringToInteger64
PhGetStringSetting
PhSetStringSetting2
PhRemoveStringBuilder
PhFinalStringBuilderString
PhFormatUInt64
PhCreateList
PhfReleaseQueuedLockShared
PhDereferenceObjects
PhGetServiceTypeString
PhAddItemList
PhGetProtocolTypeName
PhfAcquireQueuedLockShared
PhSplitStringRefAtChar
PhRegisterMessageLoopFilter
PhFindStringInStringRef
PhGetServiceStateString
PhGetProcessPriorityClassString
PhGetTcpStateName
PhGetServiceStartTypeString
PhSetImageListBitmap
PhAddItemSimpleHashtable
PhInsertEMenuItem
PhGetFilterSupportProcessTreeList
PhSetSelectThreadIdProcessPropContext
PhFindProcessNode
PhPluginGetSystemStatistics
PhEqualStringRef
PhCreateEMenuItem
PhGetWindowText
PhUiTerminateProcesses
PhConcatStrings2
PhCreateEMenu
PhInvokeCallback
PhAddSettings
PhGetGeneralCallback
PhFree

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
LdrGetProcedureAddress

kernel32

HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetStartupInfoW
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
WriteConsoleW
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
RaiseException
CreateFileW
GetProcAddress
GetModuleHandleW
SizeofResource
FreeResource
LockResource
LoadLibraryW
LoadResource
FindResourceW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
InitializeSListHead
SetFilePointerEx

user32

EnableWindow
DialogBoxParamW
GetSysColorBrush
DrawTextW
DestroyIcon
GetDC
GetKeyState
OffsetRect
GetCapture
RedrawWindow
TrackMouseEvent
PtInRect
GetWindowThreadProcessId
DefWindowProcW
GetWindowRect
GetMenu
SetWindowPos
SetWindowTextW
WindowFromPoint
LoadAcceleratorsW
IsChild
MapWindowPoints
SetFocus
TranslateAcceleratorW
LoadCursorW
SetCapture
GetWindowDC
SetCursor
GetClientRect
ReleaseCapture
ReleaseDC
GetDlgItem
DestroyWindow
IsWindowVisible
CreateWindowExW
ShowWindow
GetSystemMetrics
SetMenu
DrawMenuBar
InvalidateRect
GetPropW
FillRect
SendMessageW
EndDialog
RemovePropW
FrameRect
GetSysColor
SetPropW
GetCursorPos

gdi32

RestoreDC
GetObjectW
Rectangle
SetROP2
SaveDC
CreateSolidBrush
CreateDIBSection
GetTextExtentPoint32W
CreateFontIndirectW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
SetTextColor
SetBkMode
CreatePen
DeleteObject

ole32

CoCreateInstance

comctl32

ord412
ImageList_SetImageCount
ord410
ord413
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_Add
ImageList_Replace

advapi32

SystemFunction036

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/plugins/Updater.dll
.dll windows:5 windows x64 arch:x64

4dccbbd0a82f237c5e44462e5595b29e

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:b7:22:49:72:73:64:73:80:81:89:52:e7:f3:47:5b:ee:47:81:b1:96:93:5d:e0:f8:1c:d9:a0:d4:e3:2b:b7
Signer

Actual PE Digest

79:b7:22:49:72:73:64:73:80:81:89:52:e7:f3:47:5b:ee:47:81:b1:96:93:5d:e0:f8:1c:d9:a0:d4:e3:2b:b7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\Updater.pdb

Imports

processhacker.exe

PhMainWndHandle
PhInitializeHash
PhQuerySystemTime
PhOpenKey
PhFormatSize
PhFinalHash
PhBufferToHexString
PhFormatString
PhfWaitForEvent
mxmlLoadString
PhIconToBitmap
PhAllocate
PhVerifyFile
PhCreateThread
mxmlFindElement
PhEqualStringRef
PhConcatStrings2
PhStringToInteger64
WindowsVersion
PhDeleteAutoPool
PhGetStringSetting
PhShowStatus
PhGetPhVersionNumbers
PhUpdateHash
PhSetStringSetting2
PhCreateFileWin32
PhSplitStringRefAtChar
PhCreateStringEx
PhDrainAutoPool
PhfSetEvent
PhFormatString_V
PhAutoDereferenceObject
PhReAllocate
PhQueryRegistryString
PhInitializeAutoPool
PhCenterWindow
PhFree
mxmlDelete
PhDereferenceObject
PhGetOwnTokenAttributes
PhShellExecute
PhfResetEvent
PhFormatUInt64
PhSetIntegerSetting
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhAddSettings
PhReferenceEmptyString
PhGetGeneralCallback
PhRegisterCallback
PhGetIntegerSetting
PhRegisterPlugin
PhGetPluginCallback
PhConvertUtf8ToUtf16

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
NtWriteFile
NtClose
RtlUnwindEx
RtlCaptureContext

kernel32

SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EnterCriticalSection
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
HeapAlloc
LCMapStringW
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
IsProcessorFeaturePresent
MultiByteToWideChar
IsValidCodePage
SetUnhandledExceptionFilter
CreateFileW
WriteConsoleW
GetTempPathW
Sleep
GetLastError
MulDiv
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
HeapFree

user32

EndDialog
GetDlgItem
DialogBoxParamW
SetDlgItemTextW
CreateDialogParamW
PostMessageW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
RemovePropW
GetSystemMetrics
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
DestroyIcon
GetDlgCtrlID
GetMessageW
SendDlgItemMessageW
SetPropW
TranslateMessage
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
GetParent
SetForegroundWindow
LoadImageW
IsIconic
ReleaseDC
EnableWindow
SendMessageW

gdi32

DeleteObject
SetTextColor
GetDeviceCaps
CreateFontW
SetBkMode

shell32

ShellExecuteExW

advapi32

SystemFunction036

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/plugins/UserNotes.dll
.dll windows:5 windows x64 arch:x64

32e92ef3093f563a5d4ca94fcf1162de

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:df:18:e2:17:01:72:b0:a9:79:94:7f:35:59:ea:bb:73:67:f3:a5:f7:64:a8:08:0c:cc:e3:77:8c:bb:37:0e
Signer

Actual PE Digest

a3:df:18:e2:17:01:72:b0:a9:79:94:7f:35:59:ea:bb:73:67:f3:a5:f7:64:a8:08:0c:cc:e3:77:8c:bb:37:0e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\UserNotes.pdb

Imports

processhacker.exe

PhOpenProcess
PhPluginAddMenuHook
PhInitializeLayoutManager
PhInvalidateAllProcessNodes
PhMainWndHandle
PhDeleteLayoutManager
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhInitializeStringBuilder
PhGetWindowText
PhPropPageDlgProcHeader
PhCompareStringRef
PhSetFileDialogFilter
PhFindEntryHashtable
PhFindEMenuItem
PhAppendFormatStringBuilder
PhGetPluginInformation
PhCreateOpenFileDialog
PhAddSettings
PhGetStringSetting
PhGetFileDialogFileName
PhSetFileDialogFileName
PhGetGeneralCallback
PhFindPlugin
PhSetStringSetting2
PhPluginSetObjectExtension
PhSplitStringRefAtChar
PhAddProcessPropPage
PhGetSelectedProcessItems
PhRemoveStringBuilder
PhPropPageDlgProcDestroy
PhDoPropPageLayout
PhFinalStringBuilderString
PhSetProcessIoPriority
PhAddLayoutItem
PhFormatString_V
PhProcessModifiedEvent
PhRegisterCallback
ProcessQueryAccess
PhCenterWindow
PhGetSelectedProcessItem
PhConcatStringRef2
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhGetFileName
PhCreateProcessPropPageContextEx
PhExpandEnvironmentStrings
PhPluginGetObjectExtension
PhProcessesUpdatedEvent
PhLayoutManagerLayout
PhDuplicateProcessNodeList
PhAddPropPageLayoutItem
PhGetApplicationDirectory
PhIntegerToString64
mxmlSaveFd
PhHashStringRef
PhGetFileSize
mxmlNewElement
PhAllocate
PhGetFullPath
mxmlLoadFd
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhRemoveEntryHashtable
PhAddEntryHashtableEx
PhStringToInteger64
PhfWakeForReleaseQueuedLock
PhDeleteAutoPool
PhReferenceEmptyString
PhCreateHashtable
PhCreateFileWin32
PhCreateStringEx
PhDrainAutoPool
PhAutoDereferenceObject
PhInitializeAutoPool
PhFree
PhReferenceObject
mxmlElementSetAttr
PhConvertUtf8ToUtf16
PhfAcquireQueuedLockExclusive
mxmlNewOpaque
PhEnumHashtable
mxmlDelete
PhDereferenceObject
PhInsertEMenuItem

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationProcess
RtlDetermineDosPathNameType_U
NtQueryInformationProcess
NtClose
RtlUnwindEx

kernel32

GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
GetCPInfo
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
TlsSetValue
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
GetModuleHandleW
GetProcAddress
WriteConsoleW
CreateFileW
RaiseException
IsDebuggerPresent
GetProcessHeap

user32

SetPropW
GetDlgItem
EnableWindow
RemovePropW
MessageBoxW
GetPropW
SetWindowLongPtrW
SendMessageW
EndDialog
DialogBoxParamW
SetWindowTextW
SetDlgItemTextW

comdlg32

ChooseColorW

shell32

SHCreateDirectoryExW

comctl32

CreatePropertySheetPageW

advapi32

SystemFunction036

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/plugins/WindowExplorer.dll
.dll windows:5 windows x64 arch:x64

807c2a5324cd8c3d21e70814ac733d28

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:93:b7:0c:29:23:0b:6c:51:e3:ae:a4:b1:85:11:6a:67:a5:3a:db:71:1e:35:75:b2:bc:bb:c8:32:0e:b0:c0
Signer

Actual PE Digest

38:93:b7:0c:29:23:0b:6c:51:e3:ae:a4:b1:85:11:6a:67:a5:3a:db:71:1e:35:75:b2:bc:bb:c8:32:0e:b0:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\WindowExplorer.pdb

Imports

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryInformationProcess
NtMapViewOfSection
NtWaitForSingleObject
NtOpenSection
RtlCreateSecurityDescriptor
NtUnmapViewOfSection
RtlCreateAcl
NtCreateMutant
NtSetEvent
NtCreateEvent
NtClose
RtlAddAce
NtSetSecurityObject
NtOpenEvent
RtlSubAuthoritySid
NtReleaseMutant
NtCreateSection
RtlInitializeSid
NtResetEvent
RtlSetSaclSecurityDescriptor
NtOpenMutant

kernel32

GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetModuleHandleW
GetProcAddress
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
GetConsoleMode
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
DeleteCriticalSection

user32

GetKeyState
GetMessageW
GetClassWord
CallWindowProcW
GetMenu
MonitorFromRect
CreateWindowExW
DispatchMessageW
GetWindowInfo
GetMonitorInfoW
GetDlgCtrlID
PeekMessageW
SetDlgItemTextW
MapWindowPoints
TranslateMessage
PostThreadMessageW
GetWindowLongW
CreateDialogParamW
ShowWindowAsync
PostMessageW
FindWindowExW
DestroyWindow
IsWindowVisible
SetWindowPos
GetPropW
SetWindowLongPtrW
SendMessageW
RemovePropW
SetWindowTextW
GetWindowPlacement
ShowWindow
CloseDesktop
SetTimer
RedrawWindow
GetLayeredWindowAttributes
IsWindowEnabled
MoveWindow
SetLayeredWindowAttributes
SetPropW
EnumDesktopWindows
MapDialogRect
GetDlgItem
KillTimer
GetDesktopWindow
OpenDesktopW
SetForegroundWindow
EnableWindow
GetWindowRect
GetSystemMetrics
GetWindowDC
ReleaseDC
EnumDesktopsW
GetProcessWindowStation
GetWindowThreadProcessId
GetClassLongPtrA
CallNextHookEx
GetWindowLongPtrW
GetClassLongPtrW
UnhookWindowsHookEx
SendNotifyMessageW
GetClassNameW
SetWindowsHookExW
GetWindowLongPtrA
GetClassInfoExW
IsWindowUnicode
RegisterWindowMessageW
EnumPropsExW

gdi32

DeleteObject
RestoreDC
Rectangle
CreatePen
GetStockObject
SelectObject
SaveDC
SetROP2

advapi32

SystemFunction036

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/ProcessHacker.exe
.exe windows:5 windows x86 arch:x86

a5f4c12e9d0d548192774e9019602bb7

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:33:5a:7b:3b:59:3b:d6:02:36:07:a0:14:40:ca:bc:25:20:9f:ed:fe:f9:fb:1d:ab:6e:31:74:f5:bd:3e:d5
Signer

Actual PE Digest

98:33:5a:7b:3b:59:3b:d6:02:36:07:a0:14:40:ca:bc:25:20:9f:ed:fe:f9:fb:1d:ab:6e:31:74:f5:bd:3e:d5

Digest Algorithm

sha256

PE Digest Matches

true

d5:0d:92:64:2e:a4:be:58:b9:54:c7:c6:28:88:16:74:b4:a0:6d:15
Signer

Actual PE Digest

d5:0d:92:64:2e:a4:be:58:b9:54:c7:c6:28:88:16:74:b4:a0:6d:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\processhacker2\bin\Release32\ProcessHacker.pdb

Imports

ntdll

NtCreateTimer
NtAlertThread
NtSetTimer
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
NtCreateSemaphore
NtQueryObject
NtClearEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlGetVersion
NtDeviceIoControlFile
NtSetInformationObject
NtQueryFullAttributesFile
NtSuspendProcess
NtQueryValueKey
NtOpenFile
NtQuerySecurityObject
NtOpenSection
NtQueryDirectoryFile
NtCreateFile
NtCreateKey
NtWriteVirtualMemory
NtSetContextThread
NtOpenThreadToken
NtQueryDirectoryObject
NtFsControlFile
NtDuplicateObject
NtOpenDirectoryObject
NtReadVirtualMemory
RtlPrefixUnicodeString
NtSetSecurityObject
NtResumeProcess
NtOpenProcess
NtQuerySymbolicLinkObject
RtlConvertSidToUnicodeString
NtOpenKey
NtUnloadDriver
RtlEqualUnicodeString
NtOpenSymbolicLinkObject
NtGetContextThread
NtOpenThread
NtDeleteKey
NtQueryKey
NtSuspendThread
NtQueryInformationFile
NtFlushBuffersFile
NtLockFile
NtSetInformationFile
NtUnlockFile
RtlInterlockedPopEntrySList
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteN
RtlExpandEnvironmentStrings_U
NtResumeThread
RtlGetDaclSecurityDescriptor
RtlCreateUserProcess
RtlNtStatusToDosError
RtlCreateProcessParameters
NtFilterToken
RtlStringFromGUID
RtlFindMessage
NtQueryAttributesFile
RtlAddAce
RtlDestroyProcessParameters
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlGetAce
RtlRandomEx
NtDuplicateToken
RtlGetFullPathName_U
NtSetInformationToken
NtTerminateProcess
NtCreateDebugObject
RtlCreateUserThread
NtAllocateVirtualMemory
NtCreateJobObject
NtTerminateThread
NtDebugActiveProcess
NtPowerInformation
NtTestAlert
RtlTimeToSecondsSince1980
RtlEqualSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlFirstEntrySList
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
NtQueryInformationProcess
NtRemoveProcessDebug
NtSetInformationThread
NtDelayExecution
NtClose
RtlSubAuthoritySid
NtCreatePort
RtlUnwind
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
RtlAbsoluteToSelfRelativeSD
RtlLengthSid
NtCreateSection
NtQueryMutant
NtReleaseSemaphore
NtSetHighEventPair
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlSecondsSince1970ToTime
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtQueryInformationToken
NtOpenProcessToken
NtCreateMutant
NtAdjustPrivilegesToken
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtMapViewOfSection
NtQuerySection
RtlSetHeapInformation
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlQueryEnvironmentVariable_U
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtSetValueKey
RtlDetermineDosPathNameType_U
NtDeleteValueKey
NtAddAtom
RtlGUIDFromString
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtWaitForSingleObject
RtlDoesFileExists_U
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtInitiatePowerAction
NtFreeVirtualMemory

winsta

WinStationSendMessageW
WinStationShadow
WinStationGetAllProcesses
WinStationFreeGAPMemory
WinStationRegisterConsoleNotification
WinStationQueryInformationW
WinStationFreeMemory
WinStationEnumerateW
WinStationReset
WinStationDisconnect
WinStationConnectW

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ImageList_Remove
CreatePropertySheetPageW
InitCommonControlsEx
PropertySheetW
ImageList_SetImageCount
ImageList_Replace

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
IsValidCodePage
GetOEMCP
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
CreateFileW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
HeapAlloc
SizeofResource
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
VirtualQuery
GlobalLock
GlobalUnlock
LocalAlloc
GlobalSize
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
GetACP
GetStdHandle
WriteFile
WideCharToMultiByte
GetModuleHandleExW
ExitThread
CreateRemoteThread
CreateThread
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
GetSystemDefaultLangID
GetSystemDirectoryW
GetLocaleInfoW
GetUserDefaultLangID
SearchPathW
LocalFree
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
ExitProcess
SetErrorMode
GetTickCount
AllocConsole
GetConsoleWindow
FreeConsole
SetConsoleCtrlHandler
CreateProcessW
FileTimeToLocalFileTime
FileTimeToSystemTime
ReadFile
ReadConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
WriteConsoleW
DecodePointer
RaiseException
HeapFree
GetModuleHandleW
GetProcAddress
GetLastError

user32

DragDetect
GetClipboardData
CreateCaret
SetCaretPos
GetScrollInfo
RegisterClipboardFormatW
SetScrollInfo
GetDCEx
FrameRect
ScreenToClient
SetCursorPos
DestroyCaret
GetUpdateRect
GetMessageTime
DrawFocusRect
GetCapture
GetAsyncKeyState
InvalidateRgn
WaitMessage
MessageBeep
GetMessagePos
GetUpdateRgn
GetIconInfo
SetCapture
EnableScrollBar
ShowCaret
SetScrollPos
PtInRect
ReleaseCapture
EndPaint
BeginPaint
InsertMenuItemW
ScrollWindowEx
CreatePopupMenu
DialogBoxParamW
SetDlgItemTextW
EndDialog
LockWorkStation
ExitWindowsEx
SendMessageW
IsWindowVisible
EnableWindow
GetParent
GetDlgItem
SetPropW
IsWindowEnabled
RemovePropW
GetPropW
GetClassNameW
GetWindowThreadProcessId
IsIconic
InvalidateRect
SetForegroundWindow
GetClientRect
SetWindowLongW
FindWindowW
SetLayeredWindowAttributes
MoveWindow
ClientToScreen
GetMonitorInfoW
GetWindowInfo
RedrawWindow
ShowWindow
GetSubMenu
GetWindowPlacement
GetMenuItemCount
MonitorFromRect
SetWindowPos
GetMenu
FindWindowExW
PostMessageW
GetKeyState
GetMenuItemInfoW
GetWindowLongW
MapWindowPoints
SetWindowTextW
GetWindowRect
MapDialogRect
DestroyIcon
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
SetCursor
LoadCursorW
CreateDialogParamW
GetSysColorBrush
GetSysColor
CopyIcon
SetDlgItemInt
SetTimer
DestroyWindow
ReleaseDC
SystemParametersInfoW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
DispatchMessageW
LoadAcceleratorsW
GetSystemMetrics
GetDC
SendMessageTimeoutW
GetMessageW
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
AppendMenuW
EndDeferWindowPos
DrawMenuBar
LoadIconW
SetFocus
SetMenuInfo
SetMenuItemInfoW
BeginDeferWindowPos
IsWindow
RegisterClassExW
CreateWindowExW
ShowWindowAsync
LoadMenuW
DefWindowProcW
DeferWindowPos
GetCursorPos
DrawIconEx
DrawTextW
TrackMouseEvent
IsHungAppWindow
SetActiveWindow
MonitorFromWindow
MonitorFromPoint
CallWindowProcW
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
FillRect
GetDlgItemInt
GetGuiResources
OpenWindowStationW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
CloseWindowStation
EnumDesktopsW
EnumWindows
GetGUIThreadInfo
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
GetWindowTextW
CreateDialogIndirectParamW
GetDesktopWindow
SetClipboardData
InternalGetWindowText
EmptyClipboard
CloseClipboard
OpenClipboard
GetActiveWindow
GetFocus
GetWindowTextLengthW
DestroyMenu
TrackPopupMenu

gdi32

GetDeviceCaps
CreateFontW
DeleteObject
GetTextColor
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
SetDCPenColor
SetDCBrushColor
Polyline
GetStockObject
CreateCompatibleDC
CreateDIBSection
DeleteDC
BitBlt
SetTextColor
Rectangle
GetCharWidthW
TextOutW
SetBoundsRect
CreateCompatibleBitmap
GdiAlphaBlend
IntersectClipRect
CombineRgn
RestoreDC
ExcludeClipRect
SelectClipRgn
CreateRectRgn
GetClipRgn
GetDIBits
SaveDC
SetBkColor
GetObjectW
CreateFontIndirectW
SetBkMode

comdlg32

ChooseFontW
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW

advapi32

CreateProcessAsUserW
SystemFunction036
SetSecurityInfo
GetSecurityInfo
LsaLookupSids
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaOpenPolicy
LsaLookupPrivilegeName
EnumServicesStatusExW
StartServiceW
ControlService
DeleteService
CloseServiceHandle
LsaClose
LsaAddAccountRights
ChangeServiceConfigW
ChangeServiceConfig2W
OpenSCManagerW
CreateServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
LsaFreeMemory
LsaEnumerateAccounts
RegisterServiceCtrlHandlerExW
OpenServiceW
QueryServiceConfig2W
QueryServiceConfigW
LogonUserW
LsaEnumeratePrivilegesOfAccount
LsaOpenAccount
CreateProcessWithLogonW

shell32

SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
ExtractIconExW
DuplicateIcon

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

Exports

Exports

PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewItem
PhAddTabControlTab
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhAutoDereferenceObject
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearList
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateEMenu
PhCreateEMenuItem
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateKey
PhCreateList
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhDecodeUnicodeDecoder
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteStringBuilder
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDestroyEMenu
PhDestroyEMenuItem
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateObject
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseName
PhGetComboBoxString
PhGetDllFileName
PhGetDrawInfoGraphBuffers
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFullPath
PhGetGenericTreeNewLines
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetJobProcessIdList
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetMessage
PhGetModuleFromAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessEnvironment
PhGetProcessExecuteFlags
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStockApplicationIcon
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetThreadContext
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHashBytes
PhHashStringRef
PhHeapHandle
PhHexStringToBuffer
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeStringBuilder
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInjectDllProcess
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvokeCallback
PhIsExecutablePacked
PhIsExecutingInWow64
PhLayoutManagerLayout
PhLibImageBase
PhListenNamedPipe
PhLoadIcon
PhLoadListViewColumnSettings
PhLoadModuleSymbolProvider
PhLoadResourceEMenuItem
PhLocalTimeToSystemTime
PhLockFileStream
PhLoggedCallback
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhLowerBoundElementAvlTree
PhLowerDualBoundElementAvlTree
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhModalPropertySheet
PhModifyEMenuItem
PhNetworkItemAddedEvent
PhNetworkItemModifiedEvent
PhNetworkItemRemovedEvent
PhNetworkItemsUpdatedEvent
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenProcessToken
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOpenThreadToken
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPredecessorElementAvlTree
PhPrintTimeSpan
PhProcessAddedEvent
PhProcessModifiedEvent
PhProcessRemovedEvent
PhProcessesUpdatedEvent
PhQueryFullAttributesFileWin32
PhQueryKey
PhQueryRegistryString
PhQueryServiceVariableSize
PhQuerySystemTime
PhQueryTimeZoneBias
PhQueryValueKey
PhQueueItemWorkQueue
PhQueueItemWorkQueueEx
PhReAllocate
PhReAllocateSafe
PhReadFileStream
PhReadVirtualMemory
PhReferenceEmptyString
PhReferenceObject
PhReferenceObjectEx
PhReferenceObjectSafe
PhReferenceObjects
PhRegisterCallback
PhRegisterCallbackEx
PhRemoveAllEMenuItems
PhRemoveEMenuItem
PhRemoveElementAvlTree
PhRemoveEntryHashtable
PhRemoveItemArray
PhRemoveItemList
PhRemoveItemPointerList
PhRemoveItemSimpleHashtable
PhRemoveItemsArray
PhRemoveItemsList
PhRemoveListViewItem
PhRemoveStringBuilder
PhResizeArray
PhResizeCircularBuffer_FLOAT
PhResizeCircularBuffer_PVOID
PhResizeCircularBuffer_ULONG
PhResizeCircularBuffer_ULONG64
PhResizeList
PhResolveDevicePrefix
PhResumeProcess
PhResumeThread
PhRoundUpToPowerOfTwo
PhSaveListViewColumnSettings
PhSeekFileStream
PhSelectComboBoxString
PhServiceAddedEvent
PhServiceModifiedEvent
PhServiceRemovedEvent
PhServicesUpdatedEvent
PhSetClipboardString
PhSetControlTheme
PhSetExtendedListView
PhSetFileDialogFileName
PhSetFileDialogFilter
PhSetFileDialogOptions
PhSetFileSize
PhSetFlagsAllEMenuItems
PhSetFlagsEMenuItem
PhSetGraphText
PhSetHeaderSortIcon
PhSetImageListBitmap
PhSetListViewItemImageIndex
PhSetListViewSubItem
PhSetObjectSecurity
PhSetOptionsSymbolProvider
PhSetProcessIoPriority
PhSetSeObjectSecurity
PhSetSearchPathSymbolProvider
PhSetServiceDelayedAutoStart
PhSetStateAllListViewItems
PhSetThreadContext
PhSetThreadIoPriority
PhSetTokenIsVirtualizationEnabled
PhSetTokenPrivilege
PhSetTokenPrivilege2
PhSetTokenSessionId
PhShellExecute
PhShellExecuteEx
PhShellExploreFile
PhShellOpenKey
PhShellProperties
PhShowConfirmMessage
PhShowContinueStatus
PhShowEMenu
PhShowFileDialog
PhShowMessage
PhShowMessage_V
PhShowStatus
PhSidToStringSid
PhSplitStringRefAtChar
PhSplitStringRefAtLastChar
PhSplitStringRefAtString
PhSplitStringRefEx
PhStackWalk
PhStdGetClientIdName
PhStdGetObjectSecurity
PhStdSetObjectSecurity
PhStringToDouble
PhStringToInteger64
PhSuccessorElementAvlTree
PhSuspendProcess
PhSuspendThread
PhSystemBasicInformation
PhSystemTimeToLocalTime
PhTerminateProcess
PhTerminateThread
PhTransceiveNamedPipe
PhTrimStringRef
PhUnloadDllProcess
PhUnloadDriver
PhUnlockFileStream
PhUnregisterCallback
PhUpdateDosDevicePrefixes
PhUpdateHash
PhUpdateMupDevicePrefixes
PhUpperBoundElementAvlTree

Sections

.text
Size: 865KB - Virtual size: 865KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/kprocesshacker.sys
.sys windows:6 windows x86 arch:x86

5002c596f0963a52028f09c38ae6ecac

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:e9:01:7d:54:cd:93:f0:94:d0:a2:ab:7f:c0:e3:f5
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/11/2015, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:01:be:e3:72:99:e1:f6:50:ac:ef:44:79:6e:95:d8:3d:62:05:dd
Signer

Actual PE Digest

bd:01:be:e3:72:99:e1:f6:50:ac:ef:44:79:6e:95:d8:3d:62:05:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\projects\processhacker2\kprocesshacker\bin\i386\kprocesshacker.pdb

Imports

ntoskrnl.exe

PsGetCurrentProcessId
ZwQueryValueKey
ZwClose
ExFreePoolWithTag
ZwOpenKey
ExAllocatePoolWithTag
RtlInitUnicodeString
memcpy
ProbeForWrite
ZwQuerySystemInformation
IoCreateDevice
ProbeForRead
RtlCompareMemory
RtlGetVersion
MmGetSystemRoutineAddress
ExEnumHandleTable
ObfDereferenceObject
ObReferenceObjectByHandle
PsProcessType
ObQueryNameString
KeUnstackDetachProcess
ObSetHandleAttributes
KeStackAttachProcess
PsInitialSystemProcess
ObOpenObjectByPointer
ObCloseHandle
IoGetCurrentProcess
ObOpenObjectByName
IoFileObjectType
IoDriverObjectType
RtlEqualUnicodeString
ZwQueryInformationThread
ZwQueryInformationProcess
ExAllocatePoolWithQuotaTag
ZwQueryObject
SePrivilegeCheck
PsLookupProcessByProcessId
PsLookupProcessThreadByCid
PsDereferencePrimaryToken
SeTokenObjectType
PsReferencePrimaryToken
PsJobType
PsGetProcessJob
ZwTerminateProcess
ExAcquireRundownProtection
ExReleaseRundownProtection
ZwSetInformationProcess
KeGetCurrentThread
PsThreadType
PsLookupThreadByThreadId
IoThreadToProcess
KeSetEvent
PsGetContextThread
PsSetContextThread
RtlWalkFrameChain
PsGetThreadWin32Thread
PsAssignImpersonationToken
ZwSetInformationThread
KeWaitForSingleObject
KeInsertQueueApc
KeInitializeApc
KeInitializeEvent
MmUnlockPages
MmUnmapLockedPages
ExRaiseStatus
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
MmHighestUserAddress
MmIsAddressValid
KeTickCount
KeBugCheckEx
IofCompleteRequest
memset
IoDeleteDevice
RtlUnwind

hal

KfLowerIrql
KfRaiseIrql

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 768B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/peview.exe
.exe windows:5 windows x86 arch:x86

2f204113a06ecc7177380b0dd345cae5

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:d9:c9:2c:26:b3:ce:be:a7:59:1e:e8:6d:b2:59:56:a5:19:87:7c:7b:8a:2a:f0:96:7f:03:ab:ba:b5:76:f1
Signer

Actual PE Digest

11:d9:c9:2c:26:b3:ce:be:a7:59:1e:e8:6d:b2:59:56:a5:19:87:7c:7b:8a:2a:f0:96:7f:03:ab:ba:b5:76:f1

Digest Algorithm

sha256

PE Digest Matches

true

e8:ea:c9:f7:81:fb:bd:19:7e:f2:af:36:72:c8:f9:20:fe:69:d1:0c
Signer

Actual PE Digest

e8:ea:c9:f7:81:fb:bd:19:7e:f2:af:36:72:c8:f9:20:fe:69:d1:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\processhacker2\bin\Release32\peview.pdb

Imports

ntdll

NtCreateFile
NtQueryInformationFile
RtlRaiseStatus
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlUnwind
NtSetEvent
NtCreateEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
NtReleaseSemaphore
NtCreateSemaphore
NtSetInformationThread
NtMapViewOfSection
NtCreateSection
RtlCreateHeap
RtlGetVersion
NtQuerySystemInformation
NtAddAtom
NtWaitForSingleObject
RtlNtStatusToDosError
RtlFindMessage
NtClose
RtlDosPathNameToNtPathName_U
NtUnmapViewOfSection
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlSecondsSince1970ToTime

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetOEMCP
IsValidCodePage
GetCPInfo
GetFileType
HeapAlloc
HeapFree
GetModuleHandleExW
WideCharToMultiByte
WriteFile
GetStdHandle
GetACP
MultiByteToWideChar
GetStringTypeW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
TlsFree
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
VirtualQuery
ExitProcess
SetLastError
GlobalUnlock
GlobalLock
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW
RaiseException
CreateFileW
FreeLibrary
GlobalFree
GlobalAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsSetValue
TlsAlloc
TlsGetValue
CreateThread
GetUserDefaultLangID
GetLocaleInfoW
GetSystemDefaultLangID
GetLastError
LoadLibraryW
GetProcAddress
GetTimeFormatW
GetModuleHandleW
GetDateFormatW

user32

CallWindowProcW
GetPropW
RemovePropW
SetPropW
SetCursor
GetParent
GetDlgItem
SendMessageW
ReleaseDC
GetDC
GetKeyState
SetWindowLongW
SetDlgItemTextW
ShowWindow
PostMessageW
MoveWindow
GetMonitorInfoW
MonitorFromWindow
MessageBoxW
GetWindowRect
InvalidateRect
GetClientRect
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowPos
GetWindowLongW

gdi32

SelectObject
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SystemFunction036

shell32

SHGetFileInfoW
SHGetFolderPathW
ExtractIconExW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

comctl32

CreatePropertySheetPageW
PropertySheetW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/plugins/DotNetTools.dll
.dll windows:5 windows x86 arch:x86

ba467cc9acc67dec3121d8cc8fa1fac0

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:40:b4:9b:42:b4:98:4e:49:7e:8b:1c:17:80:07:13:c4:fc:c0:d4:30:91:9d:79:01:07:1c:32:32:d7:5d:18
Signer

Actual PE Digest

c0:40:b4:9b:42:b4:98:4e:49:7e:8b:1c:17:80:07:13:c4:fc:c0:d4:30:91:9d:79:01:07:1c:32:32:d7:5d:18

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\DotNetTools.pdb

Imports

processhacker.exe

PhOpenProcessToken
_PhGetProcessIsSuspended@4
PhDereferenceObject
PhAppendStringBuilder2
PhShowMessage
PhEnumProcesses
_PhCreateProcessPropPageContextEx@16
_PhCmSaveSettings@4
PhConcatStrings
PhFree
PhAutoDereferenceObject
PhFinalStringBuilderString
_PhDoPropPageLayout@4
_PhPluginAddTreeNewColumn@24
_PhPropPageDlgProcDestroy@4
PhCreateStringEx
PhRemoveStringBuilder
_PhAddProcessPropPage@8
PhSplitStringRefAtChar
_PhSetStringSetting2@8
PhGetProcessIsDotNetEx
PhSetClipboardString
_PhGetStringSetting@4
_PhPluginGetObjectExtension@12
PhAddItemSimpleHashtable
PhRemoveItemSimpleHashtable
PhfWakeForReleaseQueuedLock
PhGetWin32Message
PhFindItemSimpleHashtable
PhfAcquireQueuedLockExclusive
PhCreateSimpleHashtable
PhFormatToBuffer
PhSetListViewSubItem
PhAddListViewColumn
_PhLoadListViewColumnsFromSetting@8
PhUnregisterCallback
_PhSaveListViewColumnsToSetting@8
_PhHandleListViewNotifyForCopy@8
PhAddListViewItem
PhAddComboBoxStrings
_PhSetIntegerSetting@8
_PhGetIntegerSetting@4
PhFormatUInt64
PhGetProcessIsDotNet
_PhAddSettings@8
_PhGetGeneralCallback@4
_PhPluginSetObjectExtension@20
PhRegisterCallback
_PhRegisterPlugin@12
_PhGetPluginCallback@8
_PhAddPropPageLayoutItem@16
PhDuplicateObject
WindowsVersion
PhFormatString_V
PhEnumProcessModules
PhGetSystemRoot
PhOpenProcess
PhReadVirtualMemory
PhGetThreadContext
PhfEndInitOnce
ProcessQueryAccess
PhOpenThread
PhConcatStringRef2
PhfBeginInitOnce
PhFindLastCharInStringRef
PhCreateList
PhCreateString
PhGetTreeNewText
PhSetControlTheme
PhFormatString
PhAllocate
PhCreateThread
PhFindProcessInformation
PhCountStringZ
PhInitializeStringBuilder
_PhCmLoadSettings@8
_PhPropPageDlgProcHeader@24
PhCompareStringRef
PhConcatStrings2
PhAddItemList

ntdll

RtlUnwind
NtClose
NtWaitForSingleObject
LdrGetProcedureAddress
RtlEqualUnicodeString
NtMapViewOfSection
NtUnmapViewOfSection
RtlFreeSid
NtQueryInformationToken
RtlAllocateAndInitializeSid
LdrGetDllHandle
NtReleaseMutant
RtlNtStatusToDosError

kernel32

CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WriteConsoleW
DecodePointer
CreateFileW
RaiseException
OpenFileMappingW
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError

user32

ShowWindow
PostMessageW
GetKeyState
SendMessageW
GetDlgItem
SetDlgItemTextW
LoadCursorW
SetCursor

advapi32

SystemFunction036
ControlTraceW
CloseTrace
ProcessTrace
StartTraceW
OpenTraceW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/plugins/ExtendedNotifications.dll
.dll windows:5 windows x86 arch:x86

a38628b6f28117aef252a51755a56458

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:51:3f:49:56:79:d5:22:6d:aa:dd:bf:b8:71:97:b3:36:8e:11:70:56:c5:b1:55:58:83:6c:3e:c9:06:5c:c5
Signer

Actual PE Digest

c4:51:3f:49:56:79:d5:22:6d:aa:dd:bf:b8:71:97:b3:36:8e:11:70:56:c5:b1:55:58:83:6c:3e:c9:06:5c:c5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\ExtendedNotifications.pdb

Imports

processhacker.exe

PhGetGlobalWorkQueue
PhRegisterCallback
PhAutoDereferenceObject
_PhFormatLogEntry@4
PhWriteStringFormatAsUtf8FileStream
PhCreateFileStream
_PhGetStringSetting@4
PhLoggedCallback
PhFree
_PhReferenceProcessItemForParent@12
PhCreateList
PhFreeFileDialog
PhAllocate
PhShowFileDialog
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhInsertItemList
PhClearList
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhSetFileDialogFilter
PhAddItemList
_PhAddSettings@8
PhRemoveItemList
PhGetFileDialogFileName
PhSetFileDialogFileName
_PhGetGeneralCallback@4
PhCreateSaveFileDialog
_PhSetStringSetting2@8
PhFormatDateTime
PhQueueItemWorkQueue
PhFinalStringBuilderString
PhFormatString_V
_PhSetIntegerSetting@8
PhAppendCharStringBuilder
PhMatchWildcards
_PhGetIntegerSetting@4
_PhRegisterPlugin@12
PhReferenceObject
PhAppendStringBuilderEx
_PhGetPluginCallback@8
PhDeleteStringBuilder
PhGetFileName
PhConvertUtf8ToUtf16
PhDereferenceObject
PhFindCharInStringRef
PhModalPropertySheet
PhDuplicateBytesZSafe
PhAllocateSafe

ntdll

RtlUnwind

user32

SetWindowLongW
SendMessageW
EnableWindow
GetParent
GetDlgItem
SetDlgItemTextW

comctl32

ord412
ord410
ord413
CreatePropertySheetPageW

kernel32

HeapSize
WriteConsoleW
FlushFileBuffers
CreateFileW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapReAlloc
GetConsoleCP
WriteFile
SetStdHandle
GetACP
CloseHandle
LCMapStringW
GetFileType
GetStdHandle
GetConsoleMode
SetFilePointerEx
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
InterlockedFlushSList
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleFileNameW

advapi32

SystemFunction036

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/plugins/ExtendedServices.dll
.dll windows:5 windows x86 arch:x86

227df7ae8435d542b182ed859f1fc4eb

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:8e:9a:c3:cd:41:0a:ef:cb:bd:ff:04:d5:21:3f:bb:b6:6d:60:15:2e:e7:c3:a8:ba:d3:34:c6:a7:14:7b:52
Signer

Actual PE Digest

17:8e:9a:c3:cd:41:0a:ef:cb:bd:ff:04:d5:21:3f:bb:b6:6d:60:15:2e:e7:c3:a8:ba:d3:34:c6:a7:14:7b:52

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\ExtendedServices.pdb

Imports

processhacker.exe

PhFinalStringBuilderString
PhReferenceEmptyString
PhDeleteAutoPool
PhFormatGuid
PhGetSelectedListViewItemParam
PhClearList
PhFormatString
PhLayoutManagerLayout
PhFree
PhAutoDereferenceObject
PhAddLayoutItem
PhReAllocate
PhQueryRegistryString
PhInitializeAutoPool
PhConcatStringRef2
PhAppendStringBuilderEx
PhCreateAlloc
PhGetServiceConfig
_PhReferenceServiceItem@4
PhGetWin32Message
PhAddItemList
PhConcatStrings2
PhCountStringZ
PhOpenService
PhAllocate
PhDeleteLayoutManager
PhInitializeLayoutManager
PhCreateList
_PhUiPauseService@8
_PhGetPluginCallback@8
PhReferenceObject
_PhRegisterPlugin@12
_PhUiStartService@8
_PhGetIntegerSetting@4
PhRegisterCallback
PhFormatString_V
PhIndexOfEMenuItem
PhfAcquireQueuedLockShared
_PhGetGeneralCallback@4
PhOpenKey
PhCreateString
PhFreeFileDialog
PhShowFileDialog
PhSetFileDialogFilter
PhCreateOpenFileDialog
PhGetComboBoxString
PhGetFileDialogFileName
PhSetFileDialogFileName
PhCenterWindow
_PhaChoiceDialog@40
PhShowStatus
PhGetNtMessage
PhSetListViewSubItem
PhLookupPrivilegeDisplayName
PhSetControlTheme
PhQueryServiceVariableSize
PhDereferenceObjects
PhFindIntegerSiKeyValuePairs
PhEqualStringRef
PhSelectComboBoxString
PhSetExtendedListView
PhInitializeStringBuilder
PhGetWindowText
PhAddListViewColumn
PhRemoveItemList
PhSidToStringSid
PhRemoveListViewItem
_PhUiDisconnectFromPhSvc@0
_PhUiConnectToPhSvc@8
PhCreateStringEx
PhGetListViewItemParam
PhFindItemList
PhFindStringSiKeyValuePairs
PhAddListViewItem
_PhSvcCallChangeServiceConfig2@12
PhAddComboBoxStrings
PhAppendCharStringBuilder
PhDeleteStringBuilder
PhNtStatusToDosError
PhOpenLsaPolicy
PhShowMessage
PhAppendStringBuilder
PhDereferenceObject
PhGetOwnTokenAttributes
_PhSetIntegerSetting@8
PhMainWndHandle
PhInsertEMenuItem
_PhUiContinueService@8
_PhUiStopService@8
PhfReleaseQueuedLockShared
PhEscapeStringForMenuPrefix
_PhPluginCreateEMenuItem@20
PhCompareStringRef
PhFindEMenuItem
PhDestroyEMenuItem
_PhAddSettings@8
WindowsVersion
_PhCreateServiceListControl@12

ntdll

NtClose
NtEnumerateKey
RtlGUIDFromString
RtlUnwind

kernel32

GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
SetFilePointerEx
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
RaiseException
GetComputerNameW
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError

user32

IsWindowEnabled
GetWindowTextLengthW
GetWindowLongW
SetTimer
GetParent
GetDlgItemInt
SetWindowLongW
SetDlgItemInt
EnableWindow
EndDialog
DialogBoxParamW
SendMessageW
GetWindowRect
GetPropW
RemovePropW
ShowWindow
SetDlgItemTextW
MapWindowPoints
MoveWindow
SetPropW
GetDlgItem

advapi32

SystemFunction036
CloseServiceHandle
LsaEnumeratePrivileges
LsaClose
QueryServiceConfig2W
ChangeServiceConfig2W
LsaFreeMemory
QueryServiceStatus
EnumDependentServicesW

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/plugins/ExtendedTools.dll
.dll windows:5 windows x86 arch:x86

27055d9fba51d9fe42c454585d81de94

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:6b:ac:93:7c:2e:58:9a:72:9a:67:97:60:50:cc:7b:4c:43:3e:b3:61:0d:e0:4a:ae:1c:b9:4b:84:89:86:42
Signer

Actual PE Digest

db:6b:ac:93:7c:2e:58:9a:72:9a:67:97:60:50:cc:7b:4c:43:3e:b3:61:0d:e0:4a:ae:1c:b9:4b:84:89:86:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\ExtendedTools.pdb

Imports

processhacker.exe

PhSetGraphText
_PhDoPropPageLayout@4
_PhPropPageDlgProcDestroy@4
_PhAddProcessPropPage@8
PhAddLayoutItemEx
PhGlobalDpi
PhDeleteCircularBuffer_ULONG
_PhSiSetColorsGraphDrawInfo@12
_PhPropPageDlgProcHeader@24
PhPrintTimeSpan
PhDivideSinglesBySingle
PhApplicationFont
PhFormatSize
_PhGetStatisticsTime@12
PhAppendStringBuilder
PhAppendStringBuilder2
PhGetDrawInfoGraphBuffers
_PhFindProcessRecord@8
PhFinalStringBuilderString
PhRemoveStringBuilder
PhInitializeStringBuilder
_PhPluginRegisterIcon@24
PhDrawGraphDirect
PhfBeginInitOnce
_PhPluginAddTreeNewColumn@24
PhfEndInitOnce
_PhPluginEnableTreeNewNotify@8
PhNetworkItemsUpdatedEvent
PhEnumProcesses
_PhFindNetworkNode@4
_PhReferenceNetworkItem@16
PhInitializeCircularBuffer_ULONG64
_PhSiSizeLabelYFunction@16
PhDeleteCircularBuffer_ULONG64
_PhPluginGetObjectExtension@12
_PhGetPluginCallback@8
PhInitializeLayoutManager
PhIndexOfEMenuItem
_PhPluginSetObjectExtension@20
_PhGetGeneralCallback@4
_PhAddSettings@8
_PhPluginCreateEMenuItem@20
PhInsertEMenuItem
_PhCreateServiceListControl@12
PhShowStatus
_PhReferenceServiceItem@4
PhCreateSymbolProvider
PhCreateAlloc
PhEnumGenericModules
_PhLoadSymbolProviderOptions@4
PhGetSymbolFromAddress
PhDuplicateObject
PhOpenProcess
PhLoadModuleSymbolProvider
PhOpenThread
PhShowConfirmMessage
PhFormatDateTime
PhAddListViewItem
_PhHandleListViewNotifyForCopy@8
PhAllocateSafe
PhAddListViewColumn
PhSetExtendedListView
PhReadVirtualMemory
PhSetListViewSubItem
PhCopyStringZ
PhFindListViewItemByParam
PhFindItemSimpleHashtable
PhQueueItemWorkQueue
PhGetGlobalWorkQueue
PhGetBaseName
PhSystemBasicInformation
PhGetModuleFromAddress
PhAddItemSimpleHashtable
_PhCreateProcessPropPageContextEx@16
PhDeleteLayoutManager
PhInitializeGraphState
PhUnregisterCallback
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhCopyCircularBuffer_FLOAT
PhAddLayoutItem
PhCenterWindow
PhLayoutManagerLayout
_PhGetStatisticsTimeString@8
PhBufferToHexString
PhCountStringZ
PhInitializeCircularBuffer_ULONG
PhHexStringToBuffer
_PhSetIntegerSetting@8
PhInitializeCircularBuffer_FLOAT
_PhReferenceProcessRecordForStatistics@4
PhFormatString
PhFormatString_V
PhCreateThread
WindowsVersion
PhHashStringRef
PhfReleaseQueuedLockShared
PhCreateObjectType
PhEqualStringRef
PhAddEntryHashtableEx
PhfWakeForReleaseQueuedLock
PhInvokeCallback
PhAllocateFromFreeList
PhfAcquireQueuedLockShared
PhInitializeFreeList
_PhDereferenceProcessRecord@4
PhCreateObject
_PhReferenceProcessItem@4
PhGetFileName
PhfAcquireQueuedLockExclusive
PhFreeToFreeList
PhProcessesUpdatedEvent
_PhReferenceProcessRecord@4
PhCreateSimpleHashtable
PhAddEntryHashtable
PhGetStockApplicationIcon
PhMainWndHandle
PhCreateList
_PhShellProcessHacker@28
PhCreateString
PhGetTreeNewText
_PhShowProcessRecordDialog@8
PhFormat
_PhInitializeTreeNewFilterSupport@12
PhSetControlTheme
PhAllocate
_PhFindProcessNode@4
PhLoadResourceEMenuItem
_PhSetIntegerPairSetting@12
PhRemoveEntryHashtable
PhSetFlagsAllEMenuItems
_PhCmLoadSettings@8
PhCompareStringRef
_PhDeleteTreeNewColumnMenu@4
PhFindEMenuItem
PhCreateEMenu
_PhGetPluginInformation@4
PhAddItemList
_PhReferenceProcessItemForRecord@4
PhShellExploreFile
_PhGetStringSetting@4
_PhHandleTreeNewColumnMenu@4
_PhInitializeTreeNewColumnMenu@4
PhRemoveItemList
PhSetClipboardString
_PhAddTreeNewFilter@12
_PhApplyTreeNewFiltersToNode@8
PhDeleteCircularBuffer_FLOAT
_PhAddPropPageLayoutItem@16
PhFormatUInt64
_PhGetIntegerPairSetting@4
PhCreateHashtable
_PhFindPlugin@4
_PhSetStringSetting2@8
PhCreateStringEx
_PhApplyTreeNewFilters@4
PhFindItemList
PhShowEMenu
PhAutoDereferenceObject
PhRegisterCallback
_PhSelectAndEnsureVisibleProcessNode@4
_PhGetIntegerSetting@4
PhDestroyEMenu
PhFree
_PhCmSaveSettings@4
PhReferenceObject
PhWriteStringAsUtf8FileStream
PhShowMessage
PhGetGenericTreeNewLines
PhShellProperties
PhDereferenceObject
PhGetOwnTokenAttributes
PhWriteStringAsUtf8FileStream2
PhFindEntryHashtable
_PhRegisterPlugin@12
PhSetFlagsEMenuItem

ntdll

RtlSetBits
RtlInterlockedPushEntrySList
NtSetInformationProcess
NtQueryInformationProcess
RtlGetUnloadEventTraceEx
RtlSecondsSince1970ToTime
NtCancelSynchronousIoFile
NtAlpcQueryInformation
NtQueryInformationWorkerFactory
RtlClearAllBits
RtlUnwind
RtlNumberOfSetBits
RtlInitializeBitMap
LdrGetDllHandle
LdrGetProcedureAddress
NtClose
RtlInterlockedFlushSList
NtQueryPerformanceCounter
RtlInitializeSListHead

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
FreeLibrary
VirtualQuery
GetCurrentProcess
GetSystemInfo
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
TerminateProcess
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleFileNameW
VirtualProtect
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleW
LocalFree
GetProcAddress
Sleep
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
InterlockedFlushSList

user32

InvalidateRect
GetSysColorBrush
SetTimer
EnableWindow
MoveWindow
CopyIcon
DestroyIcon
DestroyWindow
GetPropW
RemovePropW
SetPropW
DeferWindowPos
GetWindowRect
SetWindowPos
EndDialog
GetSystemMetrics
BeginDeferWindowPos
MapWindowPoints
EndDeferWindowPos
MapDialogRect
GetClientRect
GetParent
DialogBoxParamW
CreateDialogParamW
GetKeyState
PostMessageW
CreateWindowExW
SendMessageW
ShowWindow
SetDlgItemTextW
SetFocus
LoadCursorW
SetCursor
GetDlgItem

gdi32

SelectObject
SetBkMode

advapi32

SystemFunction036
StartTraceW
OpenTraceW
ControlTraceW
EnableTraceEx
CloseTrace
ProcessTrace

ole32

CoCreateInstance

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/plugins/HardwareDevices.dll
.dll windows:5 windows x86 arch:x86

03b9fdc9e28856bcc50bb4c6759c8dcf

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:ff:64:a3:b8:a2:a2:09:93:b5:f0:a1:f8:78:5b:83:75:e5:2b:52:6c:c1:1a:6c:be:58:81:8a:45:67:3e:1f
Signer

Actual PE Digest

2d:ff:64:a3:b8:a2:a2:09:93:b5:f0:a1:f8:78:5b:83:75:e5:2b:52:6c:c1:1a:6c:be:58:81:8a:45:67:3e:1f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\HardwareDevices.pdb

Imports

processhacker.exe

PhfAcquireQueuedLockExclusive
PhReAllocate
PhStringToInteger64
PhConcatStrings_V
PhCreateFileWin32
PhInsertEMenuItem
PhTrimStringRef
PhCreateEMenuItem
PhCreateEMenu
_PhAddSettings@8
_PhGetGeneralCallback@4
PhShowEMenu
PhDestroyEMenu
_PhRegisterPlugin@12
PhDereferenceObject
_PhGetPluginCallback@8
PhQueryValueKey
PhModalPropertySheet
PhConcatStrings2
PhEqualStringRef
PhFindListViewItemByFlags
PhSetExtendedListView
_PhGetStringSetting@4
_PhSetStringSetting2@8
PhSplitStringRefAtChar
PhCreateStringEx
PhGetListViewItemParam
PhFormatString
PhDivideSinglesBySingle
PhInitializeGraphState
_PhSiSizeLabelYFunction@16
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhGetDrawInfoGraphBuffers
_PhGetStatisticsTimeString@8
PhFormatSize
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhRemoveStringBuilder
PhFinalStringBuilderString
PhQueryRegistryString
PhConcatStringRef2
PhDeleteStringBuilder
PhOpenKey
PhFormatUInt64
PhMainWndHandle
PhInitializeLayoutManager
PhDeleteLayoutManager
PhSetListViewSubItem
PhSetControlTheme
PhAllocate
PhCreateThread
PhGetSelectedListViewItemParam
PhAddListViewColumn
PhDeleteAutoPool
PhUnregisterCallback
PhDrainAutoPool
PhAddLayoutItem
PhAddListViewItem
PhFormatString_V
PhAutoDereferenceObject
PhRegisterCallback
PhInitializeAutoPool
PhCenterWindow
PhFree
PhProcessesUpdatedEvent
PhLayoutManagerLayout
PhConvertMultiByteToUtf16
PhCreateList
PhDereferenceObjectDeferDelete
PhCreateString
PhDeleteCircularBuffer_ULONG64
PhfReleaseQueuedLockShared
PhCreateObjectType
PhCountStringZ
PhfWakeForReleaseQueuedLock
PhAddItemList
WindowsVersion
PhRemoveItemList
PhInitializeCircularBuffer_ULONG64
PhfAcquireQueuedLockShared
PhReferenceObjectSafe
PhFindItemList
_PhGetIntegerSetting@4
PhCreateObject
PhReferenceObject

ntdll

NtQueryInformationProcess
NtDeviceIoControlFile
RtlGUIDFromString
LdrGetProcedureAddress
RtlIpv4AddressToStringW
NtClose
RtlUnwind

kernel32

LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
IsValidCodePage
InitializeCriticalSectionAndSpinCount
CreateFileW
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
GetLogicalDrives
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
WriteConsoleW
DecodePointer

user32

ShowWindow
EnableWindow
GetCursorPos
GetParent
CreateWindowExW
InvalidateRect
DefWindowProcW
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
GetDlgItem
DispatchMessageW
IsDialogMessageW
SetDlgItemTextW
SetPropW
TranslateMessage
PostQuitMessage
SetForegroundWindow
IsIconic

comctl32

ord413
CreatePropertySheetPageW
ord410

advapi32

SystemFunction036

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/plugins/NetworkTools.dll
.dll windows:5 windows x86 arch:x86

e32684bf82cc05bafae420aa4e52ec9a

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:2c:dc:3e:72:01:81:fa:64:94:97:11:69:03:d0:ba:20:65:fd:91:e1:aa:87:03:06:87:ad:13:88:2d:82:80
Signer

Actual PE Digest

95:2c:dc:3e:72:01:81:fa:64:94:97:11:69:03:d0:ba:20:65:fd:91:e1:aa:87:03:06:87:ad:13:88:2d:82:80

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\NetworkTools.pdb

Imports

processhacker.exe

WindowsVersion
PhReAllocate
PhCreateProcessWin32Ex
PhFormatString
PhApplicationFont
PhDivideSinglesBySingle
_PhGetPluginCallback@8
PhInitializeGraphState
PhInitializeCircularBuffer_ULONG
_PhGetPhVersion@0
_PhSiSetColorsGraphDrawInfo@12
PhUnregisterCallback
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhQueueItemWorkQueue
PhDeleteWorkQueue
PhSetGraphText
PhInitializeWorkQueue
PhProcessesUpdatedEvent
PhCreateBytesEx
PhMainWndHandle
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhCreateThread
_PhSaveWindowPlacementToSetting@12
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhTerminateProcess
_PhGetIntegerPairSetting@4
_PhLoadWindowPlacementFromSetting@12
PhRemoveStringBuilder
PhDrainAutoPool
PhAddLayoutItem
PhFormatString_V
PhAutoDereferenceObject
_PhGetScalableIntegerPairSetting@8
PhAppendCharStringBuilder
PhInitializeAutoPool
PhCenterWindow
PhFree
PhDeleteStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilder
PhLayoutManagerLayout
PhDereferenceObject
PhShellExecute
_PhSetIntegerSetting@8
_PhGetIntegerSetting@4
PhInsertEMenuItem
_PhPluginCreateEMenuItem@20
PhFindEMenuItem
_PhAddSettings@8
_PhGetGeneralCallback@4
PhIndexOfEMenuItem
PhRegisterCallback
_PhRegisterPlugin@12

ntdll

NtReadFile
NtSetInformationObject
RtlOemStringToUnicodeString
RtlIpv6AddressToStringW
NtClose
RtlIpv4AddressToStringW
RtlFreeUnicodeString
RtlUnwind

kernel32

TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TlsGetValue
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
WideCharToMultiByte
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TerminateProcess
ExitProcess
HeapFree
HeapAlloc
GetACP
GetFileType
LCMapStringW
IsValidCodePage
GetOEMCP
FreeLibrary
CreateFileW
CloseHandle
WriteConsoleW
MulDiv
GetStdHandle
CreatePipe
DecodePointer
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
MultiByteToWideChar

user32

ShowWindow
GetWindowLongW
PostMessageW
GetDC
CreateWindowExW
GetSystemMetrics
DestroyIcon
GetDlgCtrlID
SetWindowLongW
GetSysColorBrush
SystemParametersInfoW
LoadImageW
InvalidateRect
ReleaseDC
GetMessageW
CreateDialogParamW
DestroyWindow
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
SetDlgItemTextW
DispatchMessageW
IsDialogMessageW
SetPropW
TranslateMessage
MapDialogRect
GetDlgItem
PostQuitMessage
GetParent
SetForegroundWindow
EndDialog
GetDlgItemInt
SetDlgItemInt
DialogBoxParamW

gdi32

SetBkColor
GetStockObject
DeleteObject
SetBkMode
GetDeviceCaps
CreateFontW
SelectObject
SetTextColor

advapi32

SystemFunction036

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/plugins/OnlineChecks.dll
.dll windows:5 windows x86 arch:x86

7eb18c04e761984313671403452257bb

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:fe:07:27:1f:f0:73:03:6d:01:61:70:f6:a4:c4:1b:d4:c7:62:b2:5b:97:fe:9a:40:f4:a0:2c:ba:67:eb:b9
Signer

Actual PE Digest

10:fe:07:27:1f:f0:73:03:6d:01:61:70:f6:a4:c4:1b:d4:c7:62:b2:5b:97:fe:9a:40:f4:a0:2c:ba:67:eb:b9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\OnlineChecks.pdb

Imports

processhacker.exe

_PhRegisterPlugin@12
PhRegisterCallback
PhIndexOfEMenuItem
_PhGetGeneralCallback@4
PhMainWndHandle
PhCreateString
PhGetFileSize
PhQuerySystemTime
PhFormatSize
PhBufferToHexString
PhFormatString
PhAllocate
PhCreateThread
PhCountStringZ
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
_PhGetPhVersion@0
WindowsVersion
PhDeleteAutoPool
PhGetBaseName
PhCreateFileWin32
PhCreateStringEx
PhDrainAutoPool
PhReAllocate
PhInitializeAutoPool
PhCenterWindow
PhConvertUtf16ToAsciiEx
PhFree
PhDeleteStringBuilder
PhZeroExtendToUtf16Ex
PhDereferenceObject
PhShellExecute
PhInsertEMenuItem
_PhPluginCreateEMenuItem@20
PhFindEMenuItem
_PhGetPluginCallback@8

ntdll

RtlNtStatusToDosError
NtClose
NtReadFile
NtSetInformationFile
RtlRandomEx
RtlUnwind

kernel32

LCMapStringW
HeapReAlloc
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
DecodePointer
GetLocaleInfoW
GetLastError
MulDiv
CreateFileW
WriteConsoleW
SetFilePointerEx
CloseHandle
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetSystemInfo
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
RaiseException
SetUnhandledExceptionFilter
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
GetFileType

user32

GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
GetDlgCtrlID
SetPropW
TranslateMessage
GetDlgItem
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
GetParent
SetForegroundWindow
IsIconic
ReleaseDC

gdi32

GetDeviceCaps
SetTextColor
SetBkMode
DeleteObject
CreateFontW

advapi32

SystemFunction036
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/plugins/SbieSupport.dll
.dll windows:5 windows x86 arch:x86

ac5d7667a131f049a9c88e2f0ce087aa

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:cc:78:08:25:cc:18:fa:1f:6f:86:4b:fb:e0:05:9c:6a:b9:af:f6:7f:7a:97:51:0a:77:b1:f8:0f:50:21:86
Signer

Actual PE Digest

cd:cc:78:08:25:cc:18:fa:1f:6f:86:4b:fb:e0:05:9c:6a:b9:af:f6:7f:7a:97:51:0a:77:b1:f8:0f:50:21:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\SbieSupport.pdb

Imports

processhacker.exe

PhSetFileDialogFilter
PhEnumHashtable
PhfAcquireQueuedLockExclusive
PhGetFileName
_PhGetPluginCallback@8
_PhRegisterPlugin@12
PhRegisterCallback
PhAutoDereferenceObject
_PhUpdateProcessNode@4
_PhSetStringSetting2@8
PhfAcquireQueuedLockShared
PhAddEntryHashtable
PhMainWndHandle
PhInsertEMenuItem
PhShowConfirmMessage
PhfReleaseQueuedLockShared
PhOpenProcess
PhFreeFileDialog
_PhPluginCreateEMenuItem@20
PhShowFileDialog
_PhFindProcessNode@4
PhGetWindowText
PhFindEntryHashtable
PhAppendFormatStringBuilder
PhCreateOpenFileDialog
PhfWakeForReleaseQueuedLock
_PhAddSettings@8
_PhGetStringSetting@4
PhGetFileDialogFileName
PhTerminateProcess
PhSetFileDialogFileName
_PhGetGeneralCallback@4
PhClearHashtable
PhCreateHashtable

ntdll

NtClose
RtlCreateTimerQueue
RtlCreateTimer
LdrGetProcedureAddress
RtlUnwind

kernel32

RaiseException
CreateFileW
DecodePointer
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
LoadLibraryW
HeapAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
GetModuleFileNameW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte

user32

DialogBoxParamW
EndDialog
SetDlgItemTextW
GetDlgItem

advapi32

SystemFunction036

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/plugins/ToolStatus.dll
.dll windows:5 windows x86 arch:x86

6a5eaf3dc3d9ccb6bbfc4dab753978a3

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:bc:ab:4b:0f:f1:84:ee:55:5a:dd:48:96:57:ad:d7:20:d4:f2:19:f8:0e:ae:92:1b:18:5e:78:a1:ac:26:83
Signer

Actual PE Digest

26:bc:ab:4b:0f:f1:84:ee:55:5a:dd:48:96:57:ad:d7:20:d4:f2:19:f8:0e:ae:92:1b:18:5e:78:a1:ac:26:83

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\ToolStatus.pdb

Imports

windowscodecs

WICConvertBitmapSource

processhacker.exe

PhGetServiceErrorControlString
PhCenterWindow
PhGlobalDpi
PhRemoveItemList
PhInsertItemList
PhAllocate
PhMainWndHandle
_PhGetIntegerSetting@4
_PhSetIntegerSetting@8
PhAddComboBoxStrings
WindowsVersion
_PhGetStatisticsTimeString@8
_PhGetStatisticsTime@12
PhDereferenceObject
_PhFindProcessRecord@8
PhAutoDereferenceObject
PhFormatString_V
_PhDereferenceProcessRecord@4
PhCopyCircularBuffer_FLOAT
PhGraphStateGetDrawInfo
PhDeleteGraphState
_PhSiSetColorsGraphDrawInfo@12
PhInitializeGraphState
PhDivideSinglesBySingle
PhSystemBasicInformation
PhFormatString
_PhShowProcessRecordDialog@8
PhFormatSize
_PhDeselectAllProcessNodes@0
PhCreateSimpleHashtable
PhSetFlagsEMenuItem
_PhCreateProcessPropContext@8
PhGetOwnTokenAttributes
PhShowMessage
PhCreateAlloc
_PhGetPluginCallback@8
PhReferenceObject
_PhRegisterPlugin@12
_PhReferenceProcessItem@4
_PhGetFilterSupportNetworkTreeList@0
PhDestroyEMenu
_PhDeselectAllServiceNodes@0
_PhGetFilterSupportServiceTreeList@0
PhRegisterCallback
_PhExpandAllProcessNodes@4
PhShowEMenu
PhFindItemSimpleHashtable
_PhApplyTreeNewFilters@4
_PhShowProcessProperties@4
PhIconToBitmap
_PhAddTreeNewFilter@12
PhReferenceEmptyString
PhLoadIcon
PhCreateString
PhQuerySystemTime
PhClearList
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhStringToInteger64
_PhGetStringSetting@4
_PhSetStringSetting2@8
PhRemoveStringBuilder
PhFinalStringBuilderString
PhFormatUInt64
PhCreateList
PhfReleaseQueuedLockShared
PhDereferenceObjects
PhGetServiceTypeString
PhAddItemList
_PhGetProtocolTypeName@4
PhfAcquireQueuedLockShared
PhSplitStringRefAtChar
_PhRegisterMessageLoopFilter@8
PhFindStringInStringRef
PhGetServiceStateString
_PhGetProcessPriorityClassString@4
_PhGetTcpStateName@4
PhGetServiceStartTypeString
PhSetImageListBitmap
PhAddItemSimpleHashtable
PhInsertEMenuItem
_PhGetFilterSupportProcessTreeList@0
_PhSetSelectThreadIdProcessPropContext@8
_PhFindProcessNode@4
_PhPluginGetSystemStatistics@4
PhEqualStringRef
PhCreateEMenuItem
PhGetWindowText
_PhUiTerminateProcesses@12
PhConcatStrings2
PhCreateEMenu
PhInvokeCallback
_PhAddSettings@8
_PhGetGeneralCallback@4
PhFree

ntdll

LdrGetProcedureAddress
RtlUnwind

kernel32

LCMapStringW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetLastError
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WriteConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RaiseException
CreateFileW
GetProcAddress
GetModuleHandleW
SizeofResource
FreeResource
LockResource
LoadLibraryW
LoadResource
FindResourceW
SetFilePointerEx
CloseHandle
GetModuleFileNameW

user32

EnableWindow
DialogBoxParamW
GetSysColorBrush
DrawTextW
GetDlgItem
SetPropW
DestroyIcon
GetDC
GetKeyState
OffsetRect
GetCapture
RedrawWindow
TrackMouseEvent
PtInRect
GetWindowThreadProcessId
DefWindowProcW
GetWindowRect
GetMenu
SetWindowPos
SetWindowTextW
WindowFromPoint
LoadAcceleratorsW
IsChild
MapWindowPoints
SetFocus
TranslateAcceleratorW
LoadCursorW
SetCapture
GetWindowDC
SetCursor
GetClientRect
ReleaseCapture
GetSysColor
GetCursorPos
DestroyWindow
IsWindowVisible
CreateWindowExW
ShowWindow
GetSystemMetrics
SetMenu
DrawMenuBar
InvalidateRect
GetPropW
FillRect
SendMessageW
EndDialog
RemovePropW
FrameRect
ReleaseDC

gdi32

RestoreDC
GetObjectW
Rectangle
SetROP2
SaveDC
CreateSolidBrush
CreateDIBSection
GetTextExtentPoint32W
CreateFontIndirectW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
SetTextColor
SetBkMode
CreatePen
DeleteObject

ole32

CoCreateInstance

comctl32

ord412
ImageList_SetImageCount
ord410
ord413
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_Add
ImageList_Replace

advapi32

SystemFunction036

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/plugins/Updater.dll
.dll windows:5 windows x86 arch:x86

2176c9f6d75a69d943d8d9de4159b30d

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:77:b5:89:6c:eb:0b:d1:6c:4d:d6:d1:5c:92:8a:f7:20:17:2e:93:b2:a8:6f:22:4f:f3:aa:7b:9d:39:ed:e8
Signer

Actual PE Digest

49:77:b5:89:6c:eb:0b:d1:6c:4d:d6:d1:5c:92:8a:f7:20:17:2e:93:b2:a8:6f:22:4f:f3:aa:7b:9d:39:ed:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\Updater.pdb

Imports

processhacker.exe

PhOpenKey
PhMainWndHandle
PhInitializeHash
PhQuerySystemTime
PhFormatSize
PhFinalHash
PhBufferToHexString
PhFormatString
PhfWaitForEvent
_mxmlLoadString@12
PhIconToBitmap
PhAllocate
PhVerifyFile
PhCreateThread
_mxmlFindElement@24
PhEqualStringRef
PhConcatStrings2
PhStringToInteger64
WindowsVersion
PhDeleteAutoPool
_PhGetStringSetting@4
PhShowStatus
_PhGetPhVersionNumbers@16
PhUpdateHash
_PhSetStringSetting2@8
PhCreateFileWin32
PhSplitStringRefAtChar
PhCreateStringEx
PhDrainAutoPool
PhfSetEvent
PhFormatString_V
PhAutoDereferenceObject
PhReAllocate
PhQueryRegistryString
PhInitializeAutoPool
PhCenterWindow
PhFree
_mxmlDelete@4
PhDereferenceObject
PhGetOwnTokenAttributes
PhShellExecute
PhfResetEvent
PhFormatUInt64
_PhSetIntegerSetting@8
PhInsertEMenuItem
_PhPluginCreateEMenuItem@20
_PhAddSettings@8
PhReferenceEmptyString
_PhGetGeneralCallback@4
PhRegisterCallback
_PhGetIntegerSetting@4
_PhRegisterPlugin@12
_PhGetPluginCallback@8
PhConvertUtf8ToUtf16

ntdll

NtWriteFile
NtClose
RtlUnwind

kernel32

GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
MultiByteToWideChar
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
LCMapStringW
WideCharToMultiByte
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
IsValidCodePage
GetCurrentProcessId
CreateFileW
DecodePointer
GetTempPathW
Sleep
GetLastError
MulDiv
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP

user32

SendDlgItemMessageW
GetMessageW
PostMessageW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
RemovePropW
GetSystemMetrics
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
DestroyIcon
GetDlgCtrlID
SetDlgItemTextW
CreateDialogParamW
SetPropW
TranslateMessage
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
GetParent
SetForegroundWindow
LoadImageW
IsIconic
ReleaseDC
EnableWindow
SendMessageW
EndDialog
GetDlgItem
DialogBoxParamW

gdi32

DeleteObject
SetTextColor
GetDeviceCaps
CreateFontW
SetBkMode

shell32

ShellExecuteExW

advapi32

SystemFunction036

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/plugins/UserNotes.dll
.dll windows:5 windows x86 arch:x86

de82128aa9aa422b0da74aaaa8dc2c3b

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:af:2d:6e:7f:4a:ac:6f:c0:26:3b:73:67:da:19:ba:30:3d:e3:02:b2:12:4c:81:fc:ec:c1:34:32:ae:fd:aa
Signer

Actual PE Digest

9f:af:2d:6e:7f:4a:ac:6f:c0:26:3b:73:67:da:19:ba:30:3d:e3:02:b2:12:4c:81:fc:ec:c1:34:32:ae:fd:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\UserNotes.pdb

Imports

processhacker.exe

PhInitializeLayoutManager
PhInsertEMenuItem
_PhPluginAddMenuHook@12
PhOpenProcess
_PhInvalidateAllProcessNodes@0
PhDeleteLayoutManager
PhFreeFileDialog
_PhPluginCreateEMenuItem@20
PhShowFileDialog
PhInitializeStringBuilder
PhGetWindowText
PhFindEntryHashtable
_PhPropPageDlgProcHeader@24
PhCompareStringRef
PhSetFileDialogFilter
PhFindEMenuItem
PhAppendFormatStringBuilder
_PhGetPluginInformation@4
PhCreateOpenFileDialog
_PhAddSettings@8
_PhGetStringSetting@4
PhGetFileDialogFileName
PhSetFileDialogFileName
_PhGetGeneralCallback@4
_PhFindPlugin@4
_PhSetStringSetting2@8
_PhPluginSetObjectExtension@20
PhSplitStringRefAtChar
_PhAddProcessPropPage@8
_PhGetSelectedProcessItems@8
PhRemoveStringBuilder
_PhPropPageDlgProcDestroy@4
_PhDoPropPageLayout@4
PhFinalStringBuilderString
PhSetProcessIoPriority
PhAddLayoutItem
PhFormatString_V
PhProcessModifiedEvent
PhRegisterCallback
ProcessQueryAccess
PhCenterWindow
_PhGetSelectedProcessItem@0
PhConcatStringRef2
_PhPluginAddTreeNewColumn@24
_PhRegisterPlugin@12
_PhGetPluginCallback@8
PhGetFileName
_PhCreateProcessPropPageContextEx@16
PhExpandEnvironmentStrings
_PhPluginGetObjectExtension@12
PhProcessesUpdatedEvent
PhLayoutManagerLayout
_PhDuplicateProcessNodeList@0
_PhAddPropPageLayoutItem@16
PhGetApplicationDirectory
PhIntegerToString64
_mxmlSaveFd@12
PhHashStringRef
PhGetFileSize
_mxmlNewElement@8
PhAllocate
PhGetFullPath
_mxmlLoadFd@12
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhRemoveEntryHashtable
PhAddEntryHashtableEx
PhStringToInteger64
PhfWakeForReleaseQueuedLock
PhDeleteAutoPool
PhReferenceEmptyString
PhCreateHashtable
PhCreateFileWin32
PhCreateStringEx
PhDrainAutoPool
PhAutoDereferenceObject
PhInitializeAutoPool
PhFree
PhReferenceObject
_mxmlElementSetAttr@12
PhConvertUtf8ToUtf16
PhfAcquireQueuedLockExclusive
_mxmlNewOpaque@8
PhEnumHashtable
_mxmlDelete@4
PhDereferenceObject
PhMainWndHandle

ntdll

NtSetInformationProcess
RtlDetermineDosPathNameType_U
NtQueryInformationProcess
NtClose
RtlUnwind

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetCommandLineW
GetModuleFileNameW
GetLastError
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetStdHandle
GetFileType
HeapSize
HeapReAlloc
SetLastError
GetCommandLineA
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
GetModuleHandleW
GetProcAddress
DecodePointer
CreateFileW
RaiseException

user32

SetDlgItemTextW
MessageBoxW
GetPropW
SendMessageW
EndDialog
RemovePropW
SetWindowTextW
EnableWindow
SetPropW
SetWindowLongW
GetDlgItem
DialogBoxParamW

comdlg32

ChooseColorW

shell32

SHCreateDirectoryExW

comctl32

CreatePropertySheetPageW

advapi32

SystemFunction036

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/plugins/WindowExplorer.dll
.dll windows:5 windows x86 arch:x86

7ebf3461dadb4d4949ccc1e2668eaf78

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:7e:cb:0d:17:21:98:b6:70:c1:e7:31:71:8c:3f:6e:7c:44:a4:a9:55:ec:b9:c6:26:0a:32:98:64:ad:29:d4
Signer

Actual PE Digest

00:7e:cb:0d:17:21:98:b6:70:c1:e7:31:71:8c:3f:6e:7c:44:a4:a9:55:ec:b9:c6:26:0a:32:98:64:ad:29:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\WindowExplorer.pdb

Imports

ntdll

NtClose
RtlUnwind
NtResetEvent
RtlInitializeSid
NtCreateSection
NtReleaseMutant
RtlAddAce
NtOpenEvent
NtSetSecurityObject
NtMapViewOfSection
NtWaitForSingleObject
NtOpenSection
RtlCreateSecurityDescriptor
NtUnmapViewOfSection
RtlCreateAcl
NtCreateMutant
NtSetEvent
RtlSubAuthoritySid
NtCreateEvent
RtlSetSaclSecurityDescriptor
NtOpenMutant

kernel32

CreateFileW
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetModuleHandleW
GetProcAddress
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
DecodePointer

user32

GetLayeredWindowAttributes
IsWindowUnicode
GetClassInfoExW
GetClassLongW
SetWindowsHookExW
GetClassNameW
SendNotifyMessageW
UnhookWindowsHookEx
GetWindowLongA
GetKeyState
GetMessageW
GetClassWord
CallWindowProcW
GetMenu
MonitorFromRect
CreateWindowExW
DispatchMessageW
GetWindowInfo
GetMonitorInfoW
GetDlgCtrlID
PeekMessageW
EnumPropsExW
SetDlgItemTextW
MapWindowPoints
TranslateMessage
PostThreadMessageW
CreateDialogParamW
ShowWindowAsync
PostMessageW
FindWindowExW
DestroyWindow
IsWindowVisible
SetWindowPos
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
GetWindowPlacement
ShowWindow
CloseDesktop
SetTimer
RedrawWindow
GetClassLongA
IsWindowEnabled
MoveWindow
SetLayeredWindowAttributes
SetPropW
EnumDesktopWindows
MapDialogRect
SetWindowLongW
GetDlgItem
KillTimer
GetDesktopWindow
OpenDesktopW
SetForegroundWindow
EnableWindow
GetWindowRect
GetSystemMetrics
GetWindowDC
ReleaseDC
EnumDesktopsW
GetProcessWindowStation
GetWindowLongW
GetWindowThreadProcessId
CallNextHookEx
RegisterWindowMessageW

gdi32

SaveDC
SelectObject
GetStockObject
CreatePen
Rectangle
RestoreDC
DeleteObject
SetROP2

advapi32

SystemFunction036

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9303b2a3a410fbe877361a323454acd

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7fCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate

Extended Key Usages

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

33:25:0e:71:d2:d5:5f:7c:ad:70:4c:36:5b:24:ce:b2:d5:a4:9f:59:15:53:1a:03:ff:0f:bf:48:3a:1c:11:42Signer

4a:12:c4:28:00:3d:f0:96:8b:10:c9:05:6e:7e:b3:00:b3:25:73:01Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

winsta

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1021KB - Virtual size: 1021KB

.rdata Size: 325KB - Virtual size: 325KB

.data Size: 26KB - Virtual size: 53KB

.pdata Size: 47KB - Virtual size: 47KB

.gfids Size: 512B - Virtual size: 216B

.rsrc Size: 239KB - Virtual size: 238KB

.reloc Size: 5KB - Virtual size: 5KB

821d74031d3f625bcbd0df08b70f1e77

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:e9:01:7d:54:cd:93:f0:94:d0:a2:ab:7f:c0:e3:f5Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

61:b5:5b:b7:c1:11:f9:3b:d3:ea:9a:c7:15:91:e1:a6:b8:9f:ee:e1Signer

Headers

File Characteristics

PDB Paths

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

33:25:0e:71:d2:d5:5f:7c:ad:70:4c:36:5b:24:ce:b2:d5:a4:9f:59:15:53:1a:03:ff:0f:bf:48:3a:1c:11:42
Signer

4a:12:c4:28:00:3d:f0:96:8b:10:c9:05:6e:7e:b3:00:b3:25:73:01
Signer

.text
Size: 1021KB - Virtual size: 1021KB

.rdata
Size: 325KB - Virtual size: 325KB

.data
Size: 26KB - Virtual size: 53KB

.pdata
Size: 47KB - Virtual size: 47KB

.gfids
Size: 512B - Virtual size: 216B

.rsrc
Size: 239KB - Virtual size: 238KB

.reloc
Size: 5KB - Virtual size: 5KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:e9:01:7d:54:cd:93:f0:94:d0:a2:ab:7f:c0:e3:f5
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

61:b5:5b:b7:c1:11:f9:3b:d3:ea:9a:c7:15:91:e1:a6:b8:9f:ee:e1
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 832B

.pdata
Size: 1024B - Virtual size: 636B

PAGE
Size: 15KB - Virtual size: 15KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 760B

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

a7:3e:1f:cf:41:e6:0e:74:d8:b4:f7:dc:2d:46:f9:2c:c6:23:80:d0:f6:56:59:d5:d0:ca:44:d6:19:ec:11:6c
Signer

80:08:0d:8b:08:4a:34:2a:5e:16:04:26:05:a1:ac:20:3c:10:6f:ac
Signer

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 7KB - Virtual size: 6KB

.gfids
Size: 512B - Virtual size: 216B

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate