ENDERHC - sprawdzanie[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

ENDERHC - sprawdzanie.rar
Size

16.6MB
MD5

74e9f7be2142eb82856782352bf6a142
SHA1

4d27e06369114e6f3d146d28144becb1a13dea10
SHA256

d252bd95679a4dab4087d8cf269da4125291a9bfec97342b426a9474de50d0c0
SHA512

fcfcdf7e276f16285ed3f1d72098bff1ec1abc2b06e56e823dc557d8e6e22501ea71fc0e1302847aa9f5997a31d5a72f7a3398b41e72e2dec50da3a92929802b
SSDEEP

393216:sWpJNIPCj1qer3c2X781VLyoX2nJDKIXvUND1Kv8gyvKlxFCjm:sW7N9j1qs3cp8oX2nJFw1GyYxFCjm

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/ENDERHC - sprawdzanie/Last Activity View/LastActivityView.exe	Nirsoft

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ENDERHC - sprawdzanie/Process Hacker 2/unins000.exe
unpack001/ENDERHC - sprawdzanie/class_kopia.dll

Files

ENDERHC - sprawdzanie.rar
.rar
ENDERHC - sprawdzanie/Everything/Everything.db
ENDERHC - sprawdzanie/Everything/Everything.exe
.exe windows:4 windows x86 arch:x86

7573208674510652893809b0317e4eb4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:0f:a0:91:94:b2:2d:c5:1d:00:65:31:c9:c1:61:04
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/12/2021, 00:00

Not After

17/03/2025, 23:59

Subject

CN=voidtools,O=voidtools,L=Wilmington,ST=South Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:06:7b:d9:6a:55:37:05:85:2b:8a:8d:28:a8:ab:bf:77:c1:6f:57:7a:db:13:91:ff:15:c1:37:de:38:73:d9
Signer

Actual PE Digest

71:06:7b:d9:6a:55:37:05:85:2b:8a:8d:28:a8:ab:bf:77:c1:6f:57:7a:db:13:91:ff:15:c1:37:de:38:73:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_GetIconSize
ImageList_DrawEx
_TrackMouseEvent
InitCommonControlsEx

ws2_32

WSAGetLastError
WSACleanup
closesocket
send
recv
socket
connect
WSAAsyncSelect
setsockopt
WSAStartup
shutdown
listen
bind
getpeername
ntohs
htons
gethostbyname
inet_addr
accept
getsockname

shlwapi

SHRegGetUSValueW
PathIsRootW
PathCombineW
PathRemoveFileSpecW

kernel32

QueryPerformanceFrequency
ExitProcess
SetConsoleScreenBufferSize
SetStdHandle
AllocConsole
FreeConsole
SetFilePointer
FileTimeToSystemTime
GetSystemTime
FreeResource
LockResource
LoadResource
SizeofResource
GetSystemDefaultLangID
LoadLibraryA
TerminateProcess
OpenProcess
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
VirtualAlloc
VirtualFree
SetErrorMode
MoveFileExW
GlobalFree
GlobalUnlock
QueryPerformanceCounter
GlobalAlloc
GetFileSize
GetThreadPriority
FreeLibrary
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
WaitForMultipleObjects
GetSystemInfo
GetVersionExA
LocalFree
LocalAlloc
ConnectNamedPipe
GetTimeZoneInformation
MulDiv
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedExchange
RtlUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
WriteFile
FlushFileBuffers
GetStdHandle
GetFileType
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
DeviceIoControl
GetOverlappedResult
ResetEvent
Sleep
FindNextChangeNotification
GetFileInformationByHandle
GetLocalTime
FindCloseChangeNotification
FindClose
GetSystemTimeAsFileTime
GetCurrentThread
SetThreadPriority
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
GetTickCount
LeaveCriticalSection
SetEvent
GetCommandLineW
GetCurrentThreadId
ReadFile
GetLastError
CloseHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
HeapDestroy
HeapCreate
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
SetHandleCount
GetCurrentProcessId
LCMapStringA
GetStringTypeA
GetLocaleInfoA
HeapSize
GlobalLock

user32

SetCapture
ChangeClipboardChain
DrawEdge
DrawFrameControl
EqualRect
GetSubMenu
GetMenu
SetClipboardViewer
EnumWindows
ActivateKeyboardLayout
IsDlgButtonChecked
SetScrollInfo
UpdateWindow
ScrollWindowEx
SetDlgItemInt
GetMenuItemID
RemoveMenu
GetMenuState
GetMenuDefaultItem
EnableMenuItem
AdjustWindowRect
GetSysColorBrush
OffsetRect
InvalidateRgn
MessageBeep
SetCursorPos
GetDlgItemInt
GetDlgCtrlID
GetDesktopWindow
ValidateRect
CreateIconIndirect
GetCursorPos
CreateMenu
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
KillTimer
GetDoubleClickTime
RegisterHotKey
UnregisterHotKey
GetLastActivePopup
OpenIcon
GetForegroundWindow
SetCursor
SetActiveWindow
BringWindowToTop
EnumChildWindows
CheckDlgButton
GetKeyboardLayoutList
GetScrollInfo
InvalidateRect
ClientToScreen
ScreenToClient
GetKeyState
IsIconic
GetWindowPlacement
IsZoomed
GetParent
CopyRect
EmptyClipboard
SetClipboardData
SetFocus
PtInRect
SetForegroundWindow
BeginPaint
EndPaint
OpenClipboard
CloseClipboard
IsWindowVisible
GetAsyncKeyState
FillRect
IsWindowEnabled
GetFocus
GetNextDlgTabItem
SetWindowPos
GetMenuItemCount
CreatePopupMenu
DeleteMenu
AdjustWindowRectEx
GetDlgItem
GetWindowRect
MapWindowPoints
IntersectRect
GetDC
ReleaseDC
WaitMessage
UnhookWindowsHookEx
CallNextHookEx
TranslateMessage
GetSystemMetrics
GetClientRect
GetCapture
ReleaseCapture
ShowWindow
SetMenu
RedrawWindow
GetMessagePos
RegisterWindowMessageA
AttachThreadInput
ReplyMessage
GetSysColor
EndDialog
DestroyIcon
SetTimer
DestroyWindow
GetWindowThreadProcessId
IsWindow
GetKeyboardLayout
PostQuitMessage

gdi32

BitBlt
CreateCompatibleDC
GetTextAlign
SetStretchBltMode
GetDeviceCaps
StretchDIBits
SelectClipRgn
StretchBlt
SetTextAlign
CreateCompatibleBitmap
OffsetClipRgn
OffsetRgn
CombineRgn
GetDCOrgEx
GetRandomRgn
GetRegionData
ExtCreateRegion
GetStockObject
GetNearestColor
CreateSolidBrush
CreateRectRgn
CreateDIBSection
GetCurrentObject
ExcludeClipRect
RectVisible
DeleteDC
SetBkMode
CreateBitmapIndirect
CreatePatternBrush
SetBrushOrgEx
SetBkColor
SetTextColor
PatBlt
SelectObject
GetDIBits
DeleteObject

comdlg32

CommDlgExtendedError

advapi32

RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
DeleteService
ControlService
RegOpenKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
QueryServiceConfigW
RegCloseKey
QueryServiceStatusEx
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CreateServiceW
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
SetServiceStatus

shell32

DragFinish
ord16
DragQueryPoint
SHGetDesktopFolder
DragAcceptFiles
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
OleUninitialize
OleInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemAlloc
RevokeDragDrop
DoDragDrop
ReleaseStgMedium
RegisterDragDrop

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Everything/Everything.ini
ENDERHC - sprawdzanie/Everything/Everything.lng
ENDERHC - sprawdzanie/Journal/Journal (1).exe
.exe windows:6 windows x64 arch:x64

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:8c:52:ec:df:d9:ae:65:be:45:96:45:8b:4c:31:af
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/12/2021, 00:00

Not After

16/12/2022, 23:59

Subject

SERIALNUMBER=13017981,CN=Inspect Element Ltd,O=Inspect Element Ltd,L=POOLE,C=GB,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:b0:d3:11:06:0f:81:c0:90:8a:80:09:1d:6e:b8:c9:fb:6c:f9:db:37:ef:b0:ed:2d:41:9f:18:3a:c3:0b:f6
Signer

Actual PE Digest

ae:b0:d3:11:06:0f:81:c0:90:8a:80:09:1d:6e:b8:c9:fb:6c:f9:db:37:ef:b0:ed:2d:41:9f:18:3a:c3:0b:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_cgo_dummy_export
glowDebugCallback_glcore32
goCharCB
goCharModsCB
goCursorEnterCB
goCursorPosCB
goDropCB
goErrorCB
goFramebufferSizeCB
goJoystickCB
goKeyCB
goMarkdownImageCallback
goMonitorCB
goMouseButtonCB
goScrollCB
goWindowCloseCB
goWindowContentScaleCB
goWindowFocusCB
goWindowIconifyCB
goWindowMaximizeCB
goWindowPosCB
goWindowRefreshCB
goWindowSizeCB
iggAssert
iggInputTextCallback
iggIoGetClipboardText
iggIoSetClipboardText

Sections

.text
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 618KB - Virtual size: 617KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 15KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Last Activity View/LastActivityView.cfg
ENDERHC - sprawdzanie/Last Activity View/LastActivityView.chm
.chm
ENDERHC - sprawdzanie/Last Activity View/LastActivityView.exe
.exe windows:4 windows x86 arch:x86

3fbcb180ebbfb0ad62cf50d337af18c5

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:d0:50:e9:bb:2f:ee:a9:26:74:b9:34:ef:82:25:c8:43:e0:7f:b7:d0:98:e5:f2:8e:e8:20:f8:95:33:8c:05
Signer

Actual PE Digest

86:d0:50:e9:bb:2f:ee:a9:26:74:b9:34:ef:82:25:c8:43:e0:7f:b7:d0:98:e5:f2:8e:e8:20:f8:95:33:8c:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_msize
__set_app_type
_controlfp
_except_handler3
_wcmdln
calloc
realloc
_purecall
_wcslwr
strlen
_itow
_wcsnicmp
qsort
free
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
_snwprintf
wcscat
wcsncat

comctl32

CreateToolbarEx
CreateStatusWindowW
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetLongPathNameW
QueryDosDeviceW
GetVolumeInformationW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GetModuleHandleW
ReadProcessMemory
SetErrorMode
DeleteFileW
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetDriveTypeW
CompareFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
GetCurrentProcess
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle

user32

ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
MoveWindow
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
DrawTextExW
CreatePopupMenu
CallWindowProcW

gdi32

CreateFontIndirectW
SetTextColor
DeleteObject
DeleteDC
GetObjectW
SetBkMode
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetPixel
SetPixel
SelectObject
CreateCompatibleDC

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegConnectRegistryW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
SHGetMalloc
SHBindToParent
SHGetDesktopFolder
SHGetPathFromIDListW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SysFreeString
SysAllocString

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Last Activity View/readme.txt
ENDERHC - sprawdzanie/Ocean/link do pobrania oceana.txt
ENDERHC - sprawdzanie/Process Hacker 2/CHANGELOG.txt
ENDERHC - sprawdzanie/Process Hacker 2/COPYRIGHT.txt
ENDERHC - sprawdzanie/Process Hacker 2/LICENSE.txt
ENDERHC - sprawdzanie/Process Hacker 2/ProcessHacker.exe
.exe windows:5 windows x64 arch:x64

3695333c60dedecdcaff1590409aa462

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:a7:55:31:1b:42:8c:20:63:f9:83:05:8d:bf:9e:16:48:d0:0d:5f:ec:4a:df:00:e0:a3:4d:de:e6:39:f6:8b
Signer

Actual PE Digest

33:a7:55:31:1b:42:8c:20:63:f9:83:05:8d:bf:9e:16:48:d0:0d:5f:ec:4a:df:00:e0:a3:4d:de:e6:39:f6:8b

Digest Algorithm

sha256

PE Digest Matches

true

92:53:a6:f7:2e:e0:e3:97:0d:54:57:e0:f0:61:fd:b4:0b:48:4f:18
Signer

Actual PE Digest

92:53:a6:f7:2e:e0:e3:97:0d:54:57:e0:f0:61:fd:b4:0b:48:4f:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\processhacker2\bin\Release64\ProcessHacker.pdb

Imports

ntdll

NtCreateTimer
NtAlertThread
NtSetTimer
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
NtCreateSemaphore
NtQueryObject
NtClearEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlGetVersion
NtDeviceIoControlFile
NtSetInformationObject
NtQueryFullAttributesFile
NtOpenFile
NtQuerySecurityObject
NtOpenSection
NtQueryDirectoryFile
NtCreateFile
NtCreateKey
RtlCreateUserThread
NtQueryDirectoryObject
NtFsControlFile
NtOpenDirectoryObject
RtlPrefixUnicodeString
NtSetSecurityObject
NtOpenProcess
NtQuerySymbolicLinkObject
RtlConvertSidToUnicodeString
NtOpenKey
NtQueueApcThread
NtUnloadDriver
RtlEqualUnicodeString
NtOpenSymbolicLinkObject
RtlQueueApcWow64Thread
NtOpenThread
NtDeleteKey
NtQueryKey
NtQueryValueKey
LdrLoadDll
LdrUnloadDll
LdrGetProcedureAddress
NtGetContextThread
NtQueryInformationFile
NtFlushBuffersFile
NtLockFile
NtUnlockFile
RtlInterlockedPopEntrySList
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
NtAllocateVirtualMemory
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteN
RtlExpandEnvironmentStrings_U
RtlGetDaclSecurityDescriptor
RtlCreateUserProcess
RtlNtStatusToDosError
RtlCreateProcessParameters
NtFilterToken
RtlStringFromGUID
RtlFindMessage
NtQueryAttributesFile
RtlAddAce
RtlDestroyProcessParameters
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlGetAce
RtlRandomEx
NtDuplicateToken
RtlGetFullPathName_U
NtSetInformationToken
NtPowerInformation
NtTestAlert
NtOpenThreadToken
RtlTimeToSecondsSince1980
RtlEqualSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlFirstEntrySList
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
RtlAbsoluteToSelfRelativeSD
RtlLengthSid
NtCreateSection
NtQueryMutant
NtSuspendThread
NtQueryInformationProcess
NtRemoveProcessDebug
NtTerminateThread
NtResumeProcess
NtReleaseSemaphore
NtSetHighEventPair
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlSecondsSince1970ToTime
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
NtSetInformationFile
NtQueryInformationToken
NtCreateMutant
NtOpenProcessToken
NtAdjustPrivilegesToken
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtMapViewOfSection
NtQuerySection
RtlSetHeapInformation
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlQueryEnvironmentVariable_U
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
NtSetValueKey
RtlDetermineDosPathNameType_U
NtDeleteValueKey
NtAddAtom
RtlGUIDFromString
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtDelayExecution
NtSetInformationThread
NtFreeVirtualMemory

winsta

WinStationSendMessageW
WinStationShadow
WinStationGetAllProcesses
WinStationFreeGAPMemory
WinStationRegisterConsoleNotification
WinStationQueryInformationW
WinStationFreeMemory
WinStationEnumerateW
WinStationReset
WinStationDisconnect
WinStationConnectW

comctl32

PropertySheetW
InitCommonControlsEx
CreatePropertySheetPageW
ImageList_Remove
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ImageList_Replace

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

uxtheme

IsThemeActive
GetThemeInt
SetWindowTheme
CloseThemeData
DrawThemeBackground
OpenThemeData
IsThemePartDefined
EnableThemeDialogTexture

kernel32

GetProcAddress
GetModuleHandleW
CreatePipe
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateProcessW
SetConsoleCtrlHandler
FreeConsole
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
GetACP
GetStdHandle
WriteFile
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
IsValidCodePage
GetOEMCP
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
CreateFileW
GetConsoleCP
GetConsoleMode
GlobalSize
LocalAlloc
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
GlobalFree
GlobalAlloc
LockResource
SizeofResource
CreateRemoteThread
CreateThread
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
WriteConsoleW
GetSystemDefaultLangID
GetSystemDirectoryW
GetLocaleInfoW
GetUserDefaultLangID
SearchPathW
LocalFree
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
ExitProcess
SetErrorMode
GetTickCount
AllocConsole
GetConsoleWindow
SetFilePointerEx
FlushFileBuffers
ReadFile
ReadConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
GetLastError

user32

SetClipboardData
GetDesktopWindow
CreateDialogIndirectParamW
GetWindowTextW
InternalGetWindowText
EmptyClipboard
CloseClipboard
OpenClipboard
GetActiveWindow
GetFocus
GetWindowLongW
DestroyMenu
TrackPopupMenu
CreatePopupMenu
InsertMenuItemW
EndPaint
BeginPaint
ReleaseCapture
PtInRect
SetScrollPos
ShowCaret
EnableScrollBar
SetCapture
DestroyCaret
DragDetect
GetClipboardData
CreateCaret
SetCaretPos
GetScrollInfo
RegisterClipboardFormatW
SetScrollInfo
GetDCEx
ScreenToClient
SetCursorPos
ScrollWindowEx
GetUpdateRect
GetMessageTime
DrawFocusRect
GetCapture
GetAsyncKeyState
InvalidateRgn
WaitMessage
MessageBeep
GetMessagePos
GetUpdateRgn
GetIconInfo
FrameRect
DialogBoxParamW
SetDlgItemTextW
EndDialog
LockWorkStation
ExitWindowsEx
SendMessageW
IsWindowVisible
EnableWindow
GetParent
GetDlgItem
SetPropW
IsWindowEnabled
RemovePropW
GetPropW
GetClassNameW
GetWindowThreadProcessId
IsIconic
InvalidateRect
SetForegroundWindow
GetClientRect
FindWindowW
SetLayeredWindowAttributes
MoveWindow
ClientToScreen
GetMonitorInfoW
GetWindowInfo
RedrawWindow
ShowWindow
GetSubMenu
GetWindowPlacement
GetWindowLongPtrW
SetWindowLongPtrW
GetMenuItemCount
MonitorFromRect
SetWindowPos
GetMenu
FindWindowExW
PostMessageW
GetKeyState
GetMenuItemInfoW
MapWindowPoints
SetWindowTextW
GetWindowRect
MapDialogRect
DestroyIcon
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
SetCursor
LoadCursorW
CreateDialogParamW
GetSysColorBrush
GetSysColor
CopyIcon
SetDlgItemInt
SetTimer
DestroyWindow
ReleaseDC
SystemParametersInfoW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
DispatchMessageW
LoadAcceleratorsW
GetSystemMetrics
GetDC
SendMessageTimeoutW
GetMessageW
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
AppendMenuW
EndDeferWindowPos
DrawMenuBar
LoadIconW
SetFocus
SetMenuInfo
SetMenuItemInfoW
BeginDeferWindowPos
IsWindow
RegisterClassExW
CreateWindowExW
ShowWindowAsync
LoadMenuW
DefWindowProcW
DeferWindowPos
GetCursorPos
DrawIconEx
DrawTextW
TrackMouseEvent
IsHungAppWindow
SetActiveWindow
MonitorFromWindow
MonitorFromPoint
CallWindowProcW
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
FillRect
GetDlgItemInt
GetGuiResources
GetWindowTextLengthW
OpenWindowStationW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
CloseWindowStation
EnumDesktopsW
GetGUIThreadInfo
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW

gdi32

GetDIBits
SaveDC
TextOutW
GetCharWidthW
Rectangle
SetBkMode
BitBlt
DeleteDC
CreateDIBSection
SetBoundsRect
GetStockObject
Polyline
SetDCBrushColor
SetDCPenColor
SelectObject
GetTextMetricsW
GetTextExtentPoint32W
GetTextColor
DeleteObject
CreateFontW
GetDeviceCaps
SetTextColor
SetBkColor
GetObjectW
CreateFontIndirectW
CreateRectRgn
SelectClipRgn
ExcludeClipRect
RestoreDC
CombineRgn
IntersectClipRect
GdiAlphaBlend
CreateCompatibleDC
CreateCompatibleBitmap
GetClipRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
ChooseColorW

advapi32

SystemFunction036
SetSecurityInfo
LsaLookupSids
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaOpenPolicy
LsaLookupPrivilegeName
EnumServicesStatusExW
QueryServiceConfigW
CreateProcessWithLogonW
LsaOpenAccount
LsaEnumeratePrivilegesOfAccount
LogonUserW
CreateProcessAsUserW
QueryServiceConfig2W
OpenServiceW
RegisterServiceCtrlHandlerExW
LsaEnumerateAccounts
LsaFreeMemory
SetServiceStatus
StartServiceCtrlDispatcherW
CreateServiceW
OpenSCManagerW
ChangeServiceConfig2W
ChangeServiceConfigW
LsaAddAccountRights
LsaClose
CloseServiceHandle
DeleteService
ControlService
StartServiceW
GetSecurityInfo

shell32

DuplicateIcon
SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
ExtractIconExW

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

Exports

Exports

PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateEMenu
PhCreateEMenuItem
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateKey
PhCreateList
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhDecodeUnicodeDecoder
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDoPropPageLayout
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseName
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDllFileName
PhGetDrawInfoGraphBuffers
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetMessage
PhGetModuleFromAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPhVersion
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginInformation
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPriorityClassString
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetScalableIntegerPairSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHashBytes
PhHashStringRef
PhHeapHandle
PhHexStringToBuffer
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeStringBuilder
PhInitializeTreeNewColumnMenu
PhInitializeTreeNewFilterSupport
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInjectDllProcess
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvalidateAllProcessNodes
PhInvokeCallback
PhIsExecutablePacked
PhIsExecutingInWow64
PhLayoutManagerLayout
PhLibImageBase
PhListenNamedPipe
PhLoadIcon
PhLoadListViewColumnSettings
PhLoadListViewColumnsFromSetting
PhLoadModuleSymbolProvider
PhLoadResourceEMenuItem
PhLoadSymbolProviderOptions
PhLoadWindowPlacementFromSetting
PhLocalTimeToSystemTime
PhLockFileStream
PhLogMessageEntry
PhLoggedCallback
PhLookupMemoryItemList
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhLowerBoundElementAvlTree
PhLowerDualBoundElementAvlTree
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhModalPropertySheet
PhModifyEMenuItem
PhNetworkItemAddedEvent
PhNetworkItemModifiedEvent
PhNetworkItemRemovedEvent
PhNetworkItemsUpdatedEvent
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPluginAddMenuHook
PhPluginAddMenuItem
PhPluginAddTreeNewColumn
PhPluginCallPhSvc
PhPluginCreateEMenuItem
PhPluginEnableTreeNewNotify
PhPluginGetObjectExtension
PhPluginGetSystemStatistics
PhPluginQueryPhSvc
PhPluginRegisterIcon
PhPluginReserveIds
PhPluginSetObjectExtension
PhPredecessorElementAvlTree
PhPrintTimeSpan
PhProcessAddedEvent
PhProcessModifiedEvent
PhProcessRemovedEvent
PhProcessesUpdatedEvent
PhPropPageDlgProcDestroy
PhPropPageDlgProcHeader
PhQueryFullAttributesFileWin32
PhQueryKey
PhQueryMemoryItemList
PhQueryRegistryString
PhQueryServiceVariableSize
PhQuerySystemTime
PhQueryTimeZoneBias
PhQueryValueKey
PhQueueItemWorkQueue
PhQueueItemWorkQueueEx
PhReAllocate
PhReAllocateSafe
PhReadFileStream
PhReferenceEmptyString
PhReferenceNetworkItem
PhReferenceObject
PhReferenceObjectEx
PhReferenceObjectSafe
PhReferenceObjects
PhReferenceProcessItem
PhReferenceProcessItemForParent
PhReferenceProcessItemForRecord
PhReferenceProcessRecord
PhReferenceProcessRecordForStatistics
PhReferenceProcessRecordSafe
PhReferenceServiceItem
PhRegisterCallback
PhRegisterCallbackEx
PhRegisterDialog
PhRegisterMessageLoopFilter
PhRegisterPlugin
PhRemoveAllEMenuItems
PhRemoveEMenuItem
PhRemoveElementAvlTree
PhRemoveEntryHashtable
PhRemoveItemArray
PhRemoveItemList
PhRemoveItemPointerList

Sections

.text
Size: 1023KB - Virtual size: 1023KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/ProcessHacker.sig
ENDERHC - sprawdzanie/Process Hacker 2/README.txt
ENDERHC - sprawdzanie/Process Hacker 2/kprocesshacker.sys
.sys windows:6 windows x64 arch:x64

3905de10e3379fd2be8de512a33433a3

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:e2:a5:6c:15:92:ff:0e:95:1b:45:2c:0d:e0:64:eb:a0:5b:7c:98:e3:ad:d0:4c:8a:a3:b4:a8:4e:b7:97:a5
Signer

Actual PE Digest

4e:e2:a5:6c:15:92:ff:0e:95:1b:45:2c:0d:e0:64:eb:a0:5b:7c:98:e3:ad:d0:4c:8a:a3:b4:a8:4e:b7:97:a5

Digest Algorithm

sha256

PE Digest Matches

true

c2:b8:c1:b3:4f:09:a9:1e:fe:19:6f:64:6e:f7:f9:a1:11:90:fb:8e
Signer

Actual PE Digest

c2:b8:c1:b3:4f:09:a9:1e:fe:19:6f:64:6e:f7:f9:a1:11:90:fb:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\projects\processhacker2\kprocesshacker\bin\amd64\kprocesshacker.pdb

Imports

ntoskrnl.exe

SePrivilegeCheck
ZwOpenKey
ProbeForRead
RtlGetVersion
PsProcessType
ObOpenObjectByName
ObGetObjectType
PsReleaseProcessExitSynchronization
ZwQueryObject
RtlEqualUnicodeString
KeUnstackDetachProcess
ExEnumHandleTable
ObQueryNameString
IoFileObjectType
IoDriverObjectType
ExfUnblockPushLock
ObReferenceObjectByHandle
PsAcquireProcessExitSynchronization
PsInitialSystemProcess
ObSetHandleAttributes
ZwQueryInformationProcess
ObfDereferenceObject
ExAllocatePoolWithQuotaTag
ZwQueryInformationThread
ObOpenObjectByPointer
KeStackAttachProcess
PsLookupProcessByProcessId
PsJobType
PsReferencePrimaryToken
SeTokenObjectType
IoCreateDevice
PsGetProcessJob
PsLookupProcessThreadByCid
ZwTerminateProcess
PsDereferencePrimaryToken
IoThreadToProcess
RtlWalkFrameChain
KeInitializeApc
KeSetEvent
KeInsertQueueApc
KeWaitForSingleObject
PsThreadType
PsLookupThreadByThreadId
ZwQuerySystemInformation
ZwQueryVirtualMemory
ExReleaseFastMutex
ExAcquireFastMutex
ZwReadFile
MmHighestUserAddress
SeLocateProcessImageName
KeDelayExecutionThread
ZwCreateFile
RtlRandomEx
ZwQueryInformationFile
MmUnmapLockedPages
ExRaiseStatus
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
MmUnlockPages
MmIsAddressValid
KeBugCheckEx
PsGetCurrentProcessId
IofCompleteRequest
ZwClose
ZwQueryValueKey
KeInitializeEvent
ProbeForWrite
IoDeleteDevice
RtlInitUnicodeString
ExFreePoolWithTag
IoGetCurrentProcess
ExAllocatePoolWithTag
__C_specific_handler

ksecdd.sys

BCryptCreateHash
BCryptDestroyKey
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptVerifySignature
BCryptFinishHash
BCryptHashData
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/peview.exe
.exe windows:5 windows x64 arch:x64

c79e8e2893e86218fc71412598f61209

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:f2:7d:9e:d8:b6:a3:b2:06:54:33:86:12:c1:5b:30:f2:48:51:de:6d:67:2e:be:9e:6f:09:45:a7:18:2e:95
Signer

Actual PE Digest

92:f2:7d:9e:d8:b6:a3:b2:06:54:33:86:12:c1:5b:30:f2:48:51:de:6d:67:2e:be:9e:6f:09:45:a7:18:2e:95

Digest Algorithm

sha256

PE Digest Matches

true

37:21:29:3d:d3:ab:8a:e6:86:2f:eb:46:10:ad:54:e5:f4:37:36:22
Signer

Actual PE Digest

37:21:29:3d:d3:ab:8a:e6:86:2f:eb:46:10:ad:54:e5:f4:37:36:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\processhacker2\bin\Release64\peview.pdb

Imports

ntdll

NtCreateFile
RtlRaiseStatus
RtlInterlockedPushEntrySList
RtlInitializeSListHead
NtQueryInformationFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
NtSetEvent
NtCreateEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
NtReleaseSemaphore
NtCreateSemaphore
NtSetInformationThread
NtMapViewOfSection
NtCreateSection
RtlCreateHeap
RtlGetVersion
NtQuerySystemInformation
NtAddAtom
LdrGetProcedureAddress
NtWaitForSingleObject
RtlNtStatusToDosError
RtlFindMessage
NtClose
RtlDosPathNameToNtPathName_U
NtUnmapViewOfSection
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlSecondsSince1970ToTime

uxtheme

SetWindowTheme
EnableThemeDialogTexture

kernel32

GetOEMCP
IsValidCodePage
GetCPInfo
GetFileType
HeapAlloc
HeapFree
GetModuleHandleExW
WideCharToMultiByte
WriteFile
GetStdHandle
GetACP
MultiByteToWideChar
GetStringTypeW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
IsValidLocale
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
ExitProcess
SetLastError
GlobalUnlock
GlobalLock
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
RaiseException
CreateFileW
InitializeCriticalSectionAndSpinCount
GlobalFree
GlobalAlloc
GetDateFormatW
GetModuleHandleW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsSetValue
TlsAlloc
TlsGetValue
CreateThread
GetUserDefaultLangID
GetLocaleInfoW
GetSystemDefaultLangID
GetLastError
LoadLibraryW
GetProcAddress

user32

GetWindowLongPtrW
RemovePropW
SetPropW
CallWindowProcW
SetCursor
GetPropW
GetParent
GetDlgItem
SendMessageW
ReleaseDC
GetDC
GetKeyState
SetDlgItemTextW
ShowWindow
SetWindowLongPtrW
PostMessageW
MoveWindow
GetMonitorInfoW
MonitorFromWindow
MessageBoxW
GetWindowRect
InvalidateRect
GetClientRect
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowPos

gdi32

SelectObject
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SystemFunction036

shell32

SHGetFileInfoW
SHGetFolderPathW
ExtractIconExW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

comctl32

CreatePropertySheetPageW
PropertySheetW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/plugins/DotNetTools.dll
.dll windows:5 windows x64 arch:x64

c3f8d8cddba6c99a5f0f2ab21f6f89f6

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:d1:3b:7e:d5:8e:62:ea:4f:24:d2:32:52:43:00:ee:a3:ed:be:ad:33:dd:5d:6f:de:3e:a1:9b:cf:da:a9:76
Signer

Actual PE Digest

18:d1:3b:7e:d5:8e:62:ea:4f:24:d2:32:52:43:00:ee:a3:ed:be:ad:33:dd:5d:6f:de:3e:a1:9b:cf:da:a9:76

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\DotNetTools.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

PhfWakeForReleaseQueuedLock
PhRemoveItemSimpleHashtable
PhAddItemSimpleHashtable
PhPluginQueryPhSvc
PhPluginCallPhSvc
PhPluginGetObjectExtension
PhPluginAddTreeNewColumn
PhUiDisconnectFromPhSvc
PhUiConnectToPhSvcEx
PhFindItemSimpleHashtable
PhfAcquireQueuedLockExclusive
PhCreateSimpleHashtable
PhFormatToBuffer
PhFormatSize
PhSetListViewSubItem
PhAddListViewColumn
PhLoadListViewColumnsFromSetting
PhUnregisterCallback
PhSaveListViewColumnsToSetting
PhAddPropPageLayoutItem
PhHandleListViewNotifyForCopy
PhAddListViewItem
PhAddComboBoxStrings
PhSetIntegerSetting
PhGetIntegerSetting
PhFormatUInt64
PhGetProcessIsDotNet
PhAddSettings
PhGetGeneralCallback
PhPluginSetObjectExtension
PhRegisterCallback
PhRegisterPlugin
PhGetPluginCallback
PhSetFlagsEMenuItem
PhGetProcessIsSuspended
PhDereferenceObject
PhAppendStringBuilder2
PhShowMessage
PhEnumProcesses
PhCreateProcessPropPageContextEx
WindowsVersion
PhFormatString_V
PhAutoDereferenceObject
PhEnumProcessModules
PhGetSystemRoot
PhOpenProcess
PhfEndInitOnce
ProcessQueryAccess
PhOpenThread
PhConcatStringRef2
PhEnumProcessModules32
PhfBeginInitOnce
PhFindLastCharInStringRef
PhCreateList
PhCreateString
PhGetTreeNewText
PhSetControlTheme
PhFormatString
PhAllocate
PhCreateThread
PhFindProcessInformation
PhLoadResourceEMenuItem
PhCountStringZ
PhInitializeStringBuilder
PhCmLoadSettings
PhPropPageDlgProcHeader
PhCompareStringRef
PhConcatStrings2
PhCreateEMenu
PhAddItemList
PhGetWin32Message
PhShellExploreFile
PhGetStringSetting
PhSetClipboardString
PhGetProcessIsDotNetEx
PhSetStringSetting2
PhSplitStringRefAtChar
PhAddProcessPropPage
PhRemoveStringBuilder
PhCreateStringEx
PhPropPageDlgProcDestroy
PhDoPropPageLayout
PhFinalStringBuilderString
PhShowEMenu
PhDestroyEMenu
PhFree
PhConcatStrings
PhCmSaveSettings
PhReferenceObject

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtMapViewOfSection
NtOpenSection
NtUnmapViewOfSection
RtlFreeSid
NtDuplicateObject
NtQueryInformationToken
RtlAllocateAndInitializeSid
NtReleaseMutant
NtOpenProcessToken
RtlNtStatusToDosError
NtReadVirtualMemory
NtQueryInformationProcess
RtlEqualUnicodeString
LdrGetProcedureAddress
NtGetContextThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtClose
LdrGetDllHandle

kernel32

IsValidCodePage
LCMapStringW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
GetACP
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsFree
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
RaiseException

user32

GetKeyState
PostMessageW
SendMessageW
IsWindow
GetDlgItem
InvalidateRect

advapi32

SystemFunction036
ControlTraceW
CloseTrace
ProcessTrace
StartTraceW
OpenTraceW

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/plugins/ExtendedNotifications.dll
.dll windows:5 windows x64 arch:x64

acd7837a0f8690fa4b5ada849f2560b0

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:82:37:af:a7:21:13:1c:c7:61:7c:30:ee:46:fb:f5:86:34:2a:d2:85:14:18:36:38:8c:60:c0:b5:1a:83:d5
Signer

Actual PE Digest

e8:82:37:af:a7:21:13:1c:c7:61:7c:30:ee:46:fb:f5:86:34:2a:d2:85:14:18:36:38:8c:60:c0:b5:1a:83:d5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ExtendedNotifications.pdb

Imports

processhacker.exe

PhCreateSaveFileDialog
PhRegisterCallback
PhAutoDereferenceObject
PhFormatLogEntry
PhWriteStringFormatAsUtf8FileStream
PhCreateFileStream
PhGetStringSetting
PhLoggedCallback
PhFree
PhAllocateSafe
PhReferenceProcessItemForParent
PhCreateList
PhFreeFileDialog
PhAllocate
PhShowFileDialog
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhInsertItemList
PhClearList
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhSetFileDialogFilter
PhAddItemList
PhAddSettings
PhRemoveItemList
PhGetFileDialogFileName
PhSetFileDialogFileName
PhGetGeneralCallback
PhFormatDateTime
PhSetStringSetting2
PhGetGlobalWorkQueue
PhQueueItemWorkQueue
PhFinalStringBuilderString
PhFormatString_V
PhSetIntegerSetting
PhAppendCharStringBuilder
PhMatchWildcards
PhGetIntegerSetting
PhRegisterPlugin
PhReferenceObject
PhAppendStringBuilderEx
PhGetPluginCallback
PhDeleteStringBuilder
PhGetFileName
PhConvertUtf8ToUtf16
PhDereferenceObject
PhFindCharInStringRef
PhModalPropertySheet
PhDuplicateBytesZSafe

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx

user32

SendMessageW
SetWindowLongPtrW
EnableWindow
GetParent
GetDlgItem
SetDlgItemTextW

comctl32

ord412
ord410
ord413
CreatePropertySheetPageW

kernel32

HeapSize
WriteConsoleW
FlushFileBuffers
CreateFileW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapReAlloc
GetConsoleCP
WriteFile
SetStdHandle
GetACP
CloseHandle
LCMapStringW
GetFileType
GetStdHandle
GetConsoleMode
SetFilePointerEx
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

advapi32

SystemFunction036

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/plugins/ExtendedServices.dll
.dll windows:5 windows x64 arch:x64

8077acd95550e90db0afd6fb1689e912

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:c6:d2:e6:47:62:90:08:e5:8a:72:2f:24:20:8c:fa:c2:6c:56:a6:72:47:7b:f2:16:70:b8:40:56:4b:c3:2f
Signer

Actual PE Digest

0e:c6:d2:e6:47:62:90:08:e5:8a:72:2f:24:20:8c:fa:c2:6c:56:a6:72:47:7b:f2:16:70:b8:40:56:4b:c3:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ExtendedServices.pdb

Imports

processhacker.exe

PhQueryRegistryString
PhReAllocate
PhFinalStringBuilderString
PhReferenceEmptyString
PhDeleteAutoPool
PhInitializeAutoPool
PhGetSelectedListViewItemParam
PhClearList
PhFormatString
PhConcatStringRef2
PhAppendStringBuilderEx
PhCreateAlloc
PhOpenKey
PhCreateString
PhFreeFileDialog
PhShowFileDialog
PhSetFileDialogFilter
PhCreateOpenFileDialog
PhGetComboBoxString
PhCreateServiceListControl
PhGetFileDialogFileName
PhSetFileDialogFileName
PhCenterWindow
PhaChoiceDialog
PhGetNtMessage
PhSetListViewSubItem
PhLookupPrivilegeDisplayName
PhSetControlTheme
PhQueryServiceVariableSize
PhDereferenceObjects
PhFindIntegerSiKeyValuePairs
PhEqualStringRef
PhSelectComboBoxString
PhSetExtendedListView
PhInitializeStringBuilder
PhGetWindowText
PhAddListViewColumn
PhRemoveItemList
PhSidToStringSid
PhRemoveListViewItem
PhUiDisconnectFromPhSvc
PhUiConnectToPhSvc
PhCreateStringEx
PhGetListViewItemParam
PhFindItemList
PhFindStringSiKeyValuePairs
PhAddListViewItem
PhSvcCallChangeServiceConfig2
PhAddComboBoxStrings
PhAppendCharStringBuilder
PhDeleteStringBuilder
PhNtStatusToDosError
PhOpenLsaPolicy
PhShowMessage
PhAppendStringBuilder
PhDereferenceObject
PhGetOwnTokenAttributes
PhSetIntegerSetting
PhMainWndHandle
PhInsertEMenuItem
PhUiContinueService
PhUiStopService
PhfReleaseQueuedLockShared
PhEscapeStringForMenuPrefix
PhPluginCreateEMenuItem
PhCompareStringRef
PhFindEMenuItem
PhDestroyEMenuItem
PhAddSettings
WindowsVersion
PhShowStatus
PhGetGeneralCallback
PhfAcquireQueuedLockShared
PhIndexOfEMenuItem
PhFormatString_V
PhRegisterCallback
PhGetIntegerSetting
PhUiStartService
PhRegisterPlugin
PhReferenceObject
PhGetPluginCallback
PhUiPauseService
PhCreateList
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhOpenService
PhCountStringZ
PhConcatStrings2
PhAddItemList
PhGetWin32Message
PhReferenceServiceItem
PhGetServiceConfig
PhAddLayoutItem
PhAutoDereferenceObject
PhFree
PhLayoutManagerLayout
PhFormatGuid

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
NtClose
NtEnumerateKey
RtlGUIDFromString
RtlUnwindEx
RtlCaptureContext

kernel32

HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
HeapAlloc
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
GetComputerNameW
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError
WriteConsoleW
CreateFileW
RaiseException
IsValidCodePage

user32

DialogBoxParamW
SetPropW
MoveWindow
MapWindowPoints
IsWindowEnabled
GetWindowTextLengthW
GetWindowLongPtrW
SetTimer
GetParent
SetWindowLongPtrW
GetDlgItemInt
SetDlgItemInt
EnableWindow
EndDialog
GetDlgItem
SendMessageW
GetWindowRect
GetPropW
RemovePropW
ShowWindow
SetDlgItemTextW

advapi32

SystemFunction036
CloseServiceHandle
LsaEnumeratePrivileges
LsaClose
QueryServiceConfig2W
ChangeServiceConfig2W
LsaFreeMemory
QueryServiceStatus
EnumDependentServicesW

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/plugins/ExtendedTools.dll
.dll windows:5 windows x64 arch:x64

9d757d0f8f00e9133c716e8e21d6b1b0

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:fb:f7:93:ea:ca:63:85:bc:18:c6:65:cf:d4:0f:5f:96:9b:53:7f:7e:82:32:92:d4:5b:b4:97:0a:2f:4b:cc
Signer

Actual PE Digest

b9:fb:f7:93:ea:ca:63:85:bc:18:c6:65:cf:d4:0f:5f:96:9b:53:7f:7e:82:32:92:d4:5b:b4:97:0a:2f:4b:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ExtendedTools.pdb

Imports

processhacker.exe

PhDeleteCircularBuffer_FLOAT
PhCreateProcessPropPageContextEx
PhSetGraphText
PhDoPropPageLayout
PhPropPageDlgProcDestroy
PhAddProcessPropPage
PhAddLayoutItemEx
PhGlobalDpi
PhDeleteCircularBuffer_ULONG
PhSiSetColorsGraphDrawInfo
PhPropPageDlgProcHeader
PhPrintTimeSpan
PhDivideSinglesBySingle
PhApplicationFont
PhFormatSize
PhGetStatisticsTime
PhAppendStringBuilder
PhAppendStringBuilder2
PhGetDrawInfoGraphBuffers
PhFindProcessRecord
PhFinalStringBuilderString
PhRemoveStringBuilder
PhInitializeStringBuilder
PhPluginRegisterIcon
PhDrawGraphDirect
PhfBeginInitOnce
PhPluginAddTreeNewColumn
PhfEndInitOnce
PhPluginEnableTreeNewNotify
PhNetworkItemsUpdatedEvent
PhEnumProcesses
PhFindNetworkNode
PhReferenceNetworkItem
PhInitializeCircularBuffer_ULONG64
PhSiSizeLabelYFunction
PhDeleteCircularBuffer_ULONG64
PhInitializeGraphState
PhGetPluginCallback
PhRegisterPlugin
PhIndexOfEMenuItem
PhPluginSetObjectExtension
PhGetGeneralCallback
PhAddSettings
PhPluginCreateEMenuItem
PhInsertEMenuItem
PhCreateServiceListControl
PhShowStatus
PhReferenceServiceItem
PhCreateSymbolProvider
PhCreateAlloc
PhEnumGenericModules
PhLoadSymbolProviderOptions
PhGetSymbolFromAddress
PhOpenProcess
PhLoadModuleSymbolProvider
PhOpenThread
PhShowConfirmMessage
PhFormatDateTime
PhAddListViewItem
PhHandleListViewNotifyForCopy
PhAllocateSafe
PhAddListViewColumn
PhSetExtendedListView
PhSetListViewSubItem
PhCopyStringZ
PhFindListViewItemByParam
PhFindItemSimpleHashtable
PhQueueItemWorkQueue
PhGetGlobalWorkQueue
PhGetBaseName
PhSystemBasicInformation
PhGetModuleFromAddress
PhAddItemSimpleHashtable
PhAddPropPageLayoutItem
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhCopyCircularBuffer_FLOAT
PhAddLayoutItem
PhCenterWindow
PhLayoutManagerLayout
PhGetStatisticsTimeString
PhBufferToHexString
PhCountStringZ
PhInitializeCircularBuffer_ULONG
PhHexStringToBuffer
PhSetIntegerSetting
PhInitializeCircularBuffer_FLOAT
PhReferenceProcessRecordForStatistics
PhFormatString
PhFormatString_V
PhCreateThread
WindowsVersion
PhHashStringRef
PhfReleaseQueuedLockShared
PhCreateObjectType
PhEqualStringRef
PhAddEntryHashtableEx
PhfWakeForReleaseQueuedLock
PhInvokeCallback
PhAllocateFromFreeList
PhfAcquireQueuedLockShared
PhInitializeFreeList
PhDereferenceProcessRecord
PhCreateObject
PhReferenceProcessItem
PhGetFileName
PhfAcquireQueuedLockExclusive
PhFreeToFreeList
PhProcessesUpdatedEvent
PhReferenceProcessRecord
PhCreateSimpleHashtable
PhAddEntryHashtable
PhGetStockApplicationIcon
PhMainWndHandle
PhCreateList
PhShellProcessHacker
PhCreateString
PhGetTreeNewText
PhShowProcessRecordDialog
PhFormat
PhInitializeTreeNewFilterSupport
PhSetControlTheme
PhAllocate
PhFindProcessNode
PhLoadResourceEMenuItem
PhSetIntegerPairSetting
PhRemoveEntryHashtable
PhSetFlagsAllEMenuItems
PhCmLoadSettings
PhCompareStringRef
PhDeleteTreeNewColumnMenu
PhFindEMenuItem
PhCreateEMenu
PhGetPluginInformation
PhAddItemList
PhReferenceProcessItemForRecord
PhShellExploreFile
PhGetStringSetting
PhHandleTreeNewColumnMenu
PhInitializeTreeNewColumnMenu
PhRemoveItemList
PhSetClipboardString
PhAddTreeNewFilter
PhApplyTreeNewFiltersToNode
PhGetIntegerPairSetting
PhCreateHashtable
PhFindPlugin
PhSetStringSetting2
PhFormatUInt64
PhInitializeLayoutManager
PhUnregisterCallback
PhDeleteLayoutManager
PhCreateStringEx
PhApplyTreeNewFilters
PhFindItemList
PhShowEMenu
PhAutoDereferenceObject
PhRegisterCallback
PhSelectAndEnsureVisibleProcessNode
PhGetIntegerSetting
PhDestroyEMenu
PhFree
PhCmSaveSettings
PhReferenceObject
PhWriteStringAsUtf8FileStream
PhShowMessage
PhGetGenericTreeNewLines
PhShellProperties
PhDereferenceObject
PhGetOwnTokenAttributes
PhWriteStringAsUtf8FileStream2
PhFindEntryHashtable
PhPluginGetObjectExtension
PhSetFlagsEMenuItem

ntdll

NtAlpcQueryInformation
RtlInterlockedPushEntrySList
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationProcess
NtQueryInformationProcess
RtlGetUnloadEventTraceEx
NtReadVirtualMemory
RtlSecondsSince1970ToTime
NtCancelSynchronousIoFile
NtDuplicateObject
RtlUnwindEx
NtQueryInformationWorkerFactory
RtlClearAllBits
RtlSetBits
RtlNumberOfSetBits
RtlInitializeBitMap
LdrGetDllHandle
LdrGetProcedureAddress
NtClose
RtlInterlockedFlushSList
NtQueryPerformanceCounter
RtlInitializeSListHead

kernel32

GetLastError
RaiseException
GetSystemTimeAsFileTime
GetSystemInfo
IsDebuggerPresent
GetStartupInfoW
VirtualProtect
VirtualQuery
GetModuleFileNameW
FreeLibrary
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleW
LocalFree
GetProcAddress
Sleep
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
GetCurrentThreadId

user32

InvalidateRect
GetSysColorBrush
GetDlgItem
SetCursor
LoadCursorW
SetTimer
EnableWindow
MoveWindow
CopyIcon
DestroyIcon
DestroyWindow
GetPropW
RemovePropW
SetPropW
DeferWindowPos
GetWindowRect
SetWindowPos
EndDialog
GetSystemMetrics
BeginDeferWindowPos
MapWindowPoints
EndDeferWindowPos
MapDialogRect
GetClientRect
GetParent
DialogBoxParamW
CreateDialogParamW
GetKeyState
PostMessageW
CreateWindowExW
SendMessageW
ShowWindow
SetDlgItemTextW
SetFocus

gdi32

SelectObject
SetBkMode

advapi32

SystemFunction036
StartTraceW
OpenTraceW
ControlTraceW
EnableTraceEx
CloseTrace
ProcessTrace

ole32

CoCreateInstance

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/plugins/HardwareDevices.dll
.dll windows:5 windows x64 arch:x64

119abb51b3de6c8e65225ee81e503143

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:cc:af:aa:0c:e9:3b:13:cb:33:66:28:b5:60:42:62:f7:62:68:a1:6c:43:40:48:f6:48:0d:33:e2:b9:8c:e7
Signer

Actual PE Digest

f1:cc:af:aa:0c:e9:3b:13:cb:33:66:28:b5:60:42:62:f7:62:68:a1:6c:43:40:48:f6:48:0d:33:e2:b9:8c:e7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\HardwareDevices.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

PhReAllocate
PhSystemBasicInformation
PhDereferenceObject
PhfAcquireQueuedLockExclusive
PhReferenceObject
PhCreateObject
PhGetIntegerSetting
PhFindItemList
PhReferenceObjectSafe
PhfAcquireQueuedLockShared
PhInitializeCircularBuffer_ULONG64
PhRemoveItemList
WindowsVersion
PhAddItemList
PhGetOwnTokenAttributes
PhStringToInteger64
PhConcatStrings_V
PhCreateFileWin32
PhInsertEMenuItem
PhTrimStringRef
PhCreateEMenuItem
PhCreateEMenu
PhfWakeForReleaseQueuedLock
PhCountStringZ
PhCreateObjectType
PhfReleaseQueuedLockShared
PhDeleteCircularBuffer_ULONG64
PhCreateString
PhDereferenceObjectDeferDelete
PhCreateList
PhConvertMultiByteToUtf16
PhModalPropertySheet
PhFormatUInt64
PhLayoutManagerLayout
PhFree
PhCenterWindow
PhFormatDateTime
PhAutoDereferenceObject
PhFormatString_V
PhAddListViewItem
PhAddLayoutItem
PhCreateStringEx
PhAddListViewColumn
PhGetSelectedListViewItemParam
PhSetExtendedListView
PhCreateThread
PhAllocate
PhAddSettings
PhGetGeneralCallback
PhShowEMenu
PhDestroyEMenu
PhRegisterPlugin
PhSetControlTheme
PhSetListViewSubItem
PhDeleteLayoutManager
PhBufferToHexString
PhGetPluginCallback
PhQueryValueKey
PhEqualStringRef
PhFindListViewItemByFlags
PhGetStringSetting
PhSetStringSetting2
PhSplitStringRefAtChar
PhGetListViewItemParam
PhFormatString
PhDivideSinglesBySingle
PhInitializeGraphState
PhConcatStrings2
PhSiSizeLabelYFunction
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhGetDrawInfoGraphBuffers
PhGetStatisticsTimeString
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhUnregisterCallback
PhRemoveStringBuilder
PhDrainAutoPool
PhFinalStringBuilderString
PhRegisterCallback
PhQueryRegistryString
PhInitializeAutoPool
PhConcatStringRef2
PhDeleteStringBuilder
PhProcessesUpdatedEvent
PhOpenKey
PhMainWndHandle
PhFormatSize
PhInitializeLayoutManager

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
NtQueryVolumeInformationFile
NtFsControlFile
NtQueryInformationProcess
NtDeviceIoControlFile
RtlGUIDFromString
LdrGetProcedureAddress
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
NtClose
RtlVirtualUnwind
RtlUnwindEx

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
CloseHandle
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW
CreateFileW
HeapAlloc
GetLogicalDrives
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime

user32

DefWindowProcW
SetDlgItemTextW
GetParent
GetDlgItem
EnableWindow
GetCursorPos
CreateWindowExW
InvalidateRect
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
TranslateMessage
PostQuitMessage
SetForegroundWindow
IsIconic
RemovePropW
GetPropW
SendMessageW
SetPropW

comctl32

ord413
ord410
ord412
CreatePropertySheetPageW

advapi32

SystemFunction036

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/plugins/NetworkTools.dll
.dll windows:5 windows x64 arch:x64

708b686e80e093711f38091d787a01bd

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:4e:bf:30:7a:53:ea:24:c3:9a:27:62:54:01:bc:37:2d:a9:d7:d9:4e:11:84:11:6f:97:3c:e4:cb:dc:3f:9d
Signer

Actual PE Digest

ad:4e:bf:30:7a:53:ea:24:c3:9a:27:62:54:01:bc:37:2d:a9:d7:d9:4e:11:84:11:6f:97:3c:e4:cb:dc:3f:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\NetworkTools.pdb

Imports

processhacker.exe

WindowsVersion
PhReAllocate
PhCreateProcessWin32Ex
PhFormatString
PhApplicationFont
PhDivideSinglesBySingle
PhInitializeGraphState
PhInitializeCircularBuffer_ULONG
PhGetPluginCallback
PhGetPhVersion
PhSiSetColorsGraphDrawInfo
PhUnregisterCallback
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhQueueItemWorkQueue
PhDeleteWorkQueue
PhSetGraphText
PhInitializeWorkQueue
PhProcessesUpdatedEvent
PhCreateBytesEx
PhMainWndHandle
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhCreateThread
PhSaveWindowPlacementToSetting
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhTerminateProcess
PhGetIntegerPairSetting
PhLoadWindowPlacementFromSetting
PhRemoveStringBuilder
PhDrainAutoPool
PhAddLayoutItem
PhFormatString_V
PhAutoDereferenceObject
PhGetScalableIntegerPairSetting
PhAppendCharStringBuilder
PhInitializeAutoPool
PhCenterWindow
PhFree
PhDeleteStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilder
PhLayoutManagerLayout
PhDereferenceObject
PhShellExecute
PhSetIntegerSetting
PhGetIntegerSetting
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhFindEMenuItem
PhAddSettings
PhGetGeneralCallback
PhIndexOfEMenuItem
PhRegisterCallback
PhRegisterPlugin

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtReadFile
NtSetInformationObject
RtlOemStringToUnicodeString
RtlIpv6AddressToStringW
NtClose
RtlIpv4AddressToStringW
RtlFreeUnicodeString
RtlUnwindEx

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
SetLastError
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetFileType
LCMapStringW
IsValidCodePage
GetOEMCP
RaiseException
CreateFileW
CloseHandle
WriteConsoleW
MulDiv
GetStdHandle
CreatePipe
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
EnterCriticalSection

user32

SetWindowTextW
DialogBoxParamW
SetDlgItemInt
GetDlgItemInt
PostMessageW
GetDC
SetWindowLongPtrW
CreateWindowExW
GetSystemMetrics
GetWindowLongPtrW
DestroyIcon
SetDlgItemTextW
GetSysColorBrush
SystemParametersInfoW
LoadImageW
InvalidateRect
ReleaseDC
GetMessageW
CreateDialogParamW
DestroyWindow
GetPropW
SendMessageW
RemovePropW
GetDlgCtrlID
ShowWindow
DispatchMessageW
IsDialogMessageW
SetPropW
TranslateMessage
MapDialogRect
GetDlgItem
PostQuitMessage
GetParent
SetForegroundWindow
EndDialog

gdi32

SetBkColor
GetStockObject
DeleteObject
SetBkMode
GetDeviceCaps
CreateFontW
SelectObject
SetTextColor

advapi32

SystemFunction036

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/plugins/OnlineChecks.dll
.dll windows:5 windows x64 arch:x64

04815c367f41620755869bb42bd07b00

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:df:1d:91:39:3a:2d:e9:e1:1e:06:e7:99:83:c8:a8:c0:e3:04:ed:ff:4c:80:58:1a:46:dd:f2:ff:a3:59:fd
Signer

Actual PE Digest

b9:df:1d:91:39:3a:2d:e9:e1:1e:06:e7:99:83:c8:a8:c0:e3:04:ed:ff:4c:80:58:1a:46:dd:f2:ff:a3:59:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\OnlineChecks.pdb

Imports

processhacker.exe

PhMainWndHandle
PhCreateString
PhGetFileSize
PhQuerySystemTime
PhFormatSize
PhBufferToHexString
PhFormatString
PhAllocate
PhCreateThread
PhCountStringZ
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
PhGetPhVersion
WindowsVersion
PhDeleteAutoPool
PhGetBaseName
PhCreateFileWin32
PhCreateStringEx
PhDrainAutoPool
PhReAllocate
PhInitializeAutoPool
PhCenterWindow
PhConvertUtf16ToAsciiEx
PhFree
PhDeleteStringBuilder
PhZeroExtendToUtf16Ex
PhDereferenceObject
PhShellExecute
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhFindEMenuItem
PhGetGeneralCallback
PhIndexOfEMenuItem
PhRegisterCallback
PhRegisterPlugin
PhGetPluginCallback

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlNtStatusToDosError
NtClose
NtReadFile
NtSetInformationFile
RtlRandomEx
RtlCaptureContext

kernel32

GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
CreateFileW
GetLastError
MulDiv
WriteConsoleW
SetFilePointerEx
CloseHandle
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
GetACP
GetFileType
WideCharToMultiByte
HeapFree
HeapAlloc
HeapReAlloc
LCMapStringW
GetLocaleInfoW
FreeLibrary
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
IsValidLocale

user32

GetDlgCtrlID
IsIconic
SetForegroundWindow
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
GetParent
SetPropW
TranslateMessage
GetDlgItem
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
ReleaseDC

gdi32

GetDeviceCaps
SetTextColor
SetBkMode
DeleteObject
CreateFontW

advapi32

SystemFunction036
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/plugins/SbieSupport.dll
.dll windows:5 windows x64 arch:x64

72ee8e9111090fd44c3cca631502d2bb

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

97:f3:af:2c:a2:fc:99:7a:77:7d:ae:4f:15:7a:06:6f:ba:fa:84:f0:66:d0:22:fd:d6:9a:35:0d:c9:f6:3e:e8
Signer

Actual PE Digest

97:f3:af:2c:a2:fc:99:7a:77:7d:ae:4f:15:7a:06:6f:ba:fa:84:f0:66:d0:22:fd:d6:9a:35:0d:c9:f6:3e:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\SbieSupport.pdb

Imports

processhacker.exe

PhFindProcessNode
PhEnumHashtable
PhfAcquireQueuedLockExclusive
PhGetFileName
PhGetPluginCallback
PhRegisterPlugin
PhRegisterCallback
PhAutoDereferenceObject
PhUpdateProcessNode
PhSetStringSetting2
PhfAcquireQueuedLockShared
PhCreateHashtable
PhClearHashtable
PhGetGeneralCallback
PhAddEntryHashtable
PhMainWndHandle
PhInsertEMenuItem
PhShowConfirmMessage
PhfReleaseQueuedLockShared
PhOpenProcess
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhFindEntryHashtable
PhGetWindowText
PhSetFileDialogFilter
PhAppendFormatStringBuilder
PhCreateOpenFileDialog
PhfWakeForReleaseQueuedLock
PhAddSettings
PhGetStringSetting
PhGetFileDialogFileName
PhTerminateProcess
PhSetFileDialogFileName

ntdll

RtlCreateTimerQueue
LdrGetProcedureAddress
RtlCreateTimer
NtClose
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx

kernel32

RaiseException
CreateFileW
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
LoadLibraryW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
GetModuleFileNameW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection

user32

SetDlgItemTextW
EndDialog
GetDlgItem
DialogBoxParamW

advapi32

SystemFunction036

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/plugins/ToolStatus.dll
.dll windows:5 windows x64 arch:x64

eb997c25e2337a8dceb7fa463ce2b04d

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:5f:08:7b:0f:7b:52:5b:0c:f8:79:b5:5b:0a:a7:12:b9:68:76:e2:5d:64:7f:e2:e0:f0:34:fa:0b:9d:51:70
Signer

Actual PE Digest

a8:5f:08:7b:0f:7b:52:5b:0c:f8:79:b5:5b:0a:a7:12:b9:68:76:e2:5d:64:7f:e2:e0:f0:34:fa:0b:9d:51:70

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ToolStatus.pdb

Imports

uxtheme

GetThemeInt
IsThemeActive
OpenThemeData
CloseThemeData

processhacker.exe

PhSplitStringRefAtChar
PhCenterWindow
PhGlobalDpi
PhRemoveItemList
PhInsertItemList
PhAllocate
PhMainWndHandle
PhGetIntegerSetting
PhSetIntegerSetting
PhAddComboBoxStrings
WindowsVersion
PhGetStatisticsTimeString
PhGetStatisticsTime
PhDereferenceObject
PhFindProcessRecord
PhAutoDereferenceObject
PhFormatString_V
PhDereferenceProcessRecord
PhCopyCircularBuffer_FLOAT
PhGraphStateGetDrawInfo
PhDeleteGraphState
PhSiSetColorsGraphDrawInfo
PhInitializeGraphState
PhDivideSinglesBySingle
PhSystemBasicInformation
PhFormatString
PhShowProcessRecordDialog
PhFormatSize
PhDeselectAllProcessNodes
PhCreateSimpleHashtable
PhSetFlagsEMenuItem
PhCreateProcessPropContext
PhGetOwnTokenAttributes
PhShowMessage
PhCreateAlloc
PhGetPluginCallback
PhReferenceObject
PhRegisterPlugin
PhReferenceProcessItem
PhGetFilterSupportNetworkTreeList
PhDestroyEMenu
PhDeselectAllServiceNodes
PhGetFilterSupportServiceTreeList
PhRegisterCallback
PhExpandAllProcessNodes
PhShowEMenu
PhFindItemSimpleHashtable
PhApplyTreeNewFilters
PhShowProcessProperties
PhRegisterMessageLoopFilter
PhIconToBitmap
PhAddTreeNewFilter
PhReferenceEmptyString
PhLoadIcon
PhCreateString
PhQuerySystemTime
PhClearList
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhStringToInteger64
PhGetStringSetting
PhSetStringSetting2
PhRemoveStringBuilder
PhFinalStringBuilderString
PhFormatUInt64
PhCreateList
PhfReleaseQueuedLockShared
PhDereferenceObjects
PhGetServiceTypeString
PhAddItemList
PhGetProtocolTypeName
PhfAcquireQueuedLockShared
PhFree
PhGetServiceErrorControlString
PhFindStringInStringRef
PhGetServiceStateString
PhGetProcessPriorityClassString
PhGetTcpStateName
PhGetServiceStartTypeString
PhSetImageListBitmap
PhAddItemSimpleHashtable
PhInsertEMenuItem
PhGetFilterSupportProcessTreeList
PhSetSelectThreadIdProcessPropContext
PhFindProcessNode
PhPluginGetSystemStatistics
PhEqualStringRef
PhCreateEMenuItem
PhGetWindowText
PhUiTerminateProcesses
PhConcatStrings2
PhCreateEMenu
PhInvokeCallback
PhAddSettings
PhGetGeneralCallback

kernel32

HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
SetFilePointerEx
CloseHandle
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
WriteConsoleW
GetProcAddress
GetModuleHandleW
SizeofResource
FreeResource
LockResource
LoadResource
FindResourceW
CreateFileW
RaiseException
IsDebuggerPresent
GetConsoleCP

user32

EnableWindow
DialogBoxParamW
GetSysColorBrush
DestroyIcon
GetParent
GetKeyState
GetDC
OffsetRect
GetCapture
RedrawWindow
TrackMouseEvent
PtInRect
GetWindowThreadProcessId
DefWindowProcW
GetWindowRect
GetMenu
SetWindowPos
SetWindowTextW
WindowFromPoint
LoadAcceleratorsW
IsChild
MapWindowPoints
SetFocus
TranslateAcceleratorW
LoadCursorW
SetCapture
GetWindowDC
SetCursor
GetClientRect
ReleaseCapture
ReleaseDC
DrawTextW
DestroyWindow
IsWindowVisible
CreateWindowExW
ShowWindow
GetSystemMetrics
SetMenu
DrawMenuBar
InvalidateRect
GetPropW
FillRect
SendMessageW
EndDialog
RemovePropW
FrameRect
GetSysColor
SetPropW
GetDlgItem
GetCursorPos

gdi32

SetROP2
RestoreDC
Rectangle
BitBlt
SaveDC
CreateSolidBrush
CreateDIBSection
GetTextExtentPoint32W
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
SetTextColor
SetBkMode
GetObjectW
DeleteObject
CreatePen
CreateFontIndirectW

ole32

CoCreateInstance

comctl32

ord412
ImageList_SetImageCount
ord410
ord413
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_Add
ImageList_Replace

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlLookupFunctionEntry
RtlCaptureContext

advapi32

SystemFunction036

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/plugins/Updater.dll
.dll windows:5 windows x64 arch:x64

a4de2eec6f8b6d96d60cfa61bcaa6840

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:3d:e0:4a:39:d8:b0:4f:95:19:30:b3:72:cc:85:c3:24:a0:b7:37:1a:2d:c0:85:07:ad:08:81:c4:d1:92:68
Signer

Actual PE Digest

f2:3d:e0:4a:39:d8:b0:4f:95:19:30:b3:72:cc:85:c3:24:a0:b7:37:1a:2d:c0:85:07:ad:08:81:c4:d1:92:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\Updater.pdb

Imports

processhacker.exe

PhMainWndHandle
PhInitializeHash
PhQuerySystemTime
PhFormatSize
PhFinalHash
PhOpenKey
PhBufferToHexString
PhFormatString
PhfWaitForEvent
mxmlLoadString
PhIconToBitmap
PhAllocate
PhVerifyFile
PhCreateThread
PhGetFullPath
mxmlFindElement
PhEqualStringRef
PhConcatStrings2
PhFormatGuid
PhStringToInteger64
WindowsVersion
PhDeleteAutoPool
PhGetStringSetting
PhShowStatus
PhGetPhVersionNumbers
PhUpdateHash
PhSetStringSetting2
PhGenerateGuid
PhCreateFileWin32
PhSplitStringRefAtChar
PhCreateStringEx
PhDrainAutoPool
PhfSetEvent
PhFormatString_V
PhAutoDereferenceObject
PhReAllocate
PhQueryRegistryString
PhInitializeAutoPool
PhCenterWindow
PhFree
PhReferenceObject
mxmlDelete
PhDereferenceObject
PhGetOwnTokenAttributes
PhShellExecute
PhfResetEvent
PhFormatUInt64
PhSetIntegerSetting
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhAddSettings
PhReferenceEmptyString
PhGetGeneralCallback
PhRegisterCallback
PhGetIntegerSetting
PhRegisterPlugin
PhGetPluginCallback
PhConvertUtf8ToUtf16

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
NtWriteFile
NtClose
RtlUnwindEx
RtlCaptureContext

kernel32

LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetLastError
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
MultiByteToWideChar
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
HeapFree
HeapAlloc
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
TerminateProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
GetProcAddress
CreateFileW
WriteConsoleW
GetTempPathW
Sleep
GetLastError
MulDiv
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
WideCharToMultiByte

user32

EndDialog
GetDlgItem
DialogBoxParamW
GetDlgCtrlID
GetMessageW
CreateDialogParamW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
RemovePropW
GetSystemMetrics
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
DestroyIcon
PostMessageW
SetDlgItemTextW
SendDlgItemMessageW
SetPropW
TranslateMessage
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
GetParent
SetForegroundWindow
LoadImageW
IsIconic
ReleaseDC
EnableWindow
SendMessageW

gdi32

DeleteObject
SetTextColor
GetDeviceCaps
CreateFontW
SetBkMode

shell32

ShellExecuteExW
SHCreateDirectoryExW

advapi32

SystemFunction036

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/plugins/UserNotes.dll
.dll windows:5 windows x64 arch:x64

dc18317fe7617feca1007aefae7060a6

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:80:61:a0:b7:8d:b5:d0:5d:ec:68:e7:74:2e:07:71:a7:ec:7a:fb:13:8b:9a:20:72:5b:bf:d5:09:f7:09:ec
Signer

Actual PE Digest

ba:80:61:a0:b7:8d:b5:d0:5d:ec:68:e7:74:2e:07:71:a7:ec:7a:fb:13:8b:9a:20:72:5b:bf:d5:09:f7:09:ec

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\UserNotes.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

PhInvalidateAllProcessNodes
PhOpenProcess
PhPluginAddMenuHook
PhInitializeLayoutManager
PhInsertEMenuItem
PhMainWndHandle
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhInitializeStringBuilder
PhGetWindowText
PhFindEntryHashtable
PhDereferenceObject
mxmlDelete
PhEnumHashtable
mxmlNewOpaque
PhfAcquireQueuedLockExclusive
PhConvertUtf8ToUtf16
mxmlElementSetAttr
PhReferenceObject
PhFree
PhInitializeAutoPool
PhAutoDereferenceObject
PhDrainAutoPool
PhPropPageDlgProcHeader
PhCompareStringRef
PhCreateStringEx
PhCreateFileWin32
PhSetFileDialogFilter
PhFindEMenuItem
PhAppendFormatStringBuilder
PhGetPluginInformation
PhCreateOpenFileDialog
PhAddSettings
PhGetStringSetting
PhGetFileDialogFileName
PhSetFileDialogFileName
PhGetGeneralCallback
PhFindPlugin
PhSetStringSetting2
PhPluginSetObjectExtension
PhSplitStringRefAtChar
PhAddProcessPropPage
PhGetSelectedProcessItems
PhRemoveStringBuilder
PhPropPageDlgProcDestroy
PhDoPropPageLayout
PhFinalStringBuilderString
PhAddLayoutItem
PhFormatString_V
PhProcessModifiedEvent
PhRegisterCallback
ProcessQueryAccess
PhCenterWindow
PhGetSelectedProcessItem
PhConcatStringRef2
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhGetFileName
PhCreateProcessPropPageContextEx
PhExpandEnvironmentStrings
PhPluginGetObjectExtension
PhProcessesUpdatedEvent
PhLayoutManagerLayout
PhDuplicateProcessNodeList
PhAddPropPageLayoutItem
PhGetApplicationDirectory
PhIntegerToString64
mxmlSaveFd
PhHashStringRef
PhGetFileSize
mxmlNewElement
PhAllocate
PhGetFullPath
mxmlLoadFd
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhRemoveEntryHashtable
PhAddEntryHashtableEx
PhStringToInteger64
PhfWakeForReleaseQueuedLock
PhDeleteAutoPool
PhReferenceEmptyString
PhCreateHashtable
PhDeleteLayoutManager

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlDetermineDosPathNameType_U
NtQueryInformationProcess
NtClose
NtSetInformationProcess
RtlLookupFunctionEntry
RtlUnwindEx

user32

MessageBoxW
GetPropW
SetWindowLongPtrW
SendMessageW
EndDialog
SetWindowTextW
SetDlgItemTextW
SetPropW
GetDlgItem
DialogBoxParamW
EnableWindow
RemovePropW

comdlg32

ChooseColorW

shell32

SHCreateDirectoryExW

comctl32

CreatePropertySheetPageW

kernel32

SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
WriteFile
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ExitProcess
WriteConsoleW
CreateFileW
RaiseException
SetFilePointerEx

advapi32

SystemFunction036

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/plugins/WindowExplorer.dll
.dll windows:5 windows x64 arch:x64

807c2a5324cd8c3d21e70814ac733d28

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:8c:eb:35:82:9e:7f:f3:23:3f:a9:5a:42:21:55:19:bc:29:dd:e7:55:f0:92:b1:e7:34:45:2e:a9:a3:f2:12
Signer

Actual PE Digest

a1:8c:eb:35:82:9e:7f:f3:23:3f:a9:5a:42:21:55:19:bc:29:dd:e7:55:f0:92:b1:e7:34:45:2e:a9:a3:f2:12

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\WindowExplorer.pdb

Imports

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryInformationProcess
NtMapViewOfSection
NtWaitForSingleObject
NtOpenSection
RtlCreateSecurityDescriptor
NtUnmapViewOfSection
RtlCreateAcl
NtCreateMutant
NtSetEvent
NtCreateEvent
NtClose
RtlAddAce
NtSetSecurityObject
NtOpenEvent
RtlSubAuthoritySid
NtReleaseMutant
NtCreateSection
RtlInitializeSid
NtResetEvent
RtlSetSaclSecurityDescriptor
NtOpenMutant

kernel32

GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetModuleHandleW
GetProcAddress
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
GetConsoleMode
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
DeleteCriticalSection

user32

GetKeyState
GetMessageW
GetClassWord
CallWindowProcW
GetMenu
MonitorFromRect
CreateWindowExW
DispatchMessageW
GetWindowInfo
GetMonitorInfoW
GetDlgCtrlID
PeekMessageW
SetDlgItemTextW
MapWindowPoints
TranslateMessage
PostThreadMessageW
GetWindowLongW
CreateDialogParamW
ShowWindowAsync
PostMessageW
FindWindowExW
DestroyWindow
IsWindowVisible
SetWindowPos
GetPropW
SetWindowLongPtrW
SendMessageW
RemovePropW
SetWindowTextW
GetWindowPlacement
ShowWindow
CloseDesktop
SetTimer
RedrawWindow
GetLayeredWindowAttributes
IsWindowEnabled
MoveWindow
SetLayeredWindowAttributes
SetPropW
EnumDesktopWindows
MapDialogRect
GetDlgItem
KillTimer
GetDesktopWindow
OpenDesktopW
SetForegroundWindow
EnableWindow
GetWindowRect
GetSystemMetrics
GetWindowDC
ReleaseDC
EnumDesktopsW
GetProcessWindowStation
GetWindowThreadProcessId
GetClassLongPtrA
CallNextHookEx
GetWindowLongPtrW
GetClassLongPtrW
UnhookWindowsHookEx
SendNotifyMessageW
GetClassNameW
SetWindowsHookExW
GetWindowLongPtrA
GetClassInfoExW
IsWindowUnicode
RegisterWindowMessageW
EnumPropsExW

gdi32

DeleteObject
RestoreDC
Rectangle
CreatePen
GetStockObject
SelectObject
SaveDC
SetROP2

advapi32

SystemFunction036

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/unins000.dat
ENDERHC - sprawdzanie/Process Hacker 2/unins000.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/uninstall.ico
ENDERHC - sprawdzanie/Process Hacker 2/x86/ProcessHacker.exe
.exe windows:5 windows x86 arch:x86

04de0ad9c37eb7bd52043d2ecac958df

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0d:50:34:d9:d5:b2:74:e3:7b:42:9c:b2:20:c0:e4:f0:a0:be:42:30:5f:68:9d:f1:2c:5e:79:08:f0:27:e1
Signer

Actual PE Digest

04:0d:50:34:d9:d5:b2:74:e3:7b:42:9c:b2:20:c0:e4:f0:a0:be:42:30:5f:68:9d:f1:2c:5e:79:08:f0:27:e1

Digest Algorithm

sha256

PE Digest Matches

true

be:c9:d8:3f:06:9b:df:1c:14:7d:4a:b1:44:ad:e3:46:1e:7a:46:c3
Signer

Actual PE Digest

be:c9:d8:3f:06:9b:df:1c:14:7d:4a:b1:44:ad:e3:46:1e:7a:46:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\processhacker2\bin\Release32\ProcessHacker.pdb

Imports

ntdll

NtCreateTimer
NtAlertThread
NtSetTimer
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
NtCreateSemaphore
LdrGetProcedureAddress
NtQueryObject
NtClearEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlGetVersion
NtDeviceIoControlFile
NtSetInformationObject
NtQueryFullAttributesFile
NtQueryValueKey
NtOpenFile
NtQuerySecurityObject
NtOpenSection
NtQueryDirectoryFile
NtCreateFile
NtCreateKey
RtlCreateUserThread
NtQueryDirectoryObject
NtFsControlFile
NtOpenDirectoryObject
RtlPrefixUnicodeString
NtSetSecurityObject
NtOpenProcess
NtQuerySymbolicLinkObject
RtlConvertSidToUnicodeString
NtOpenKey
NtQueueApcThread
NtUnloadDriver
RtlEqualUnicodeString
NtOpenSymbolicLinkObject
NtOpenThread
NtDeleteKey
NtQueryKey
NtGetContextThread
NtQueryInformationFile
NtFlushBuffersFile
NtLockFile
NtSetInformationFile
NtUnlockFile
RtlInterlockedPopEntrySList
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
NtAllocateVirtualMemory
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteN
RtlExpandEnvironmentStrings_U
RtlGetDaclSecurityDescriptor
RtlCreateUserProcess
RtlNtStatusToDosError
RtlCreateProcessParameters
NtFilterToken
RtlStringFromGUID
RtlFindMessage
NtQueryAttributesFile
RtlAddAce
RtlDestroyProcessParameters
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlGetAce
RtlRandomEx
NtDuplicateToken
RtlGetFullPathName_U
NtSetInformationToken
NtPowerInformation
NtTestAlert
NtOpenThreadToken
RtlTimeToSecondsSince1980
RtlEqualSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlFirstEntrySList
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
NtSuspendThread
NtQueryInformationProcess
NtRemoveProcessDebug
NtTerminateThread
NtResumeProcess
RtlAbsoluteToSelfRelativeSD
RtlLengthSid
RtlUnwind
NtCreateSection
NtQueryMutant
NtReleaseSemaphore
NtSetHighEventPair
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlSecondsSince1970ToTime
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
NtQueryInformationToken
NtCreateMutant
NtOpenProcessToken
NtAdjustPrivilegesToken
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtMapViewOfSection
NtQuerySection
RtlSetHeapInformation
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlQueryEnvironmentVariable_U
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
NtSetValueKey
RtlDetermineDosPathNameType_U
NtDeleteValueKey
NtAddAtom
RtlGUIDFromString
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtDelayExecution
NtSetInformationThread
NtFreeVirtualMemory

winsta

WinStationSendMessageW
WinStationShadow
WinStationGetAllProcesses
WinStationFreeGAPMemory
WinStationRegisterConsoleNotification
WinStationQueryInformationW
WinStationFreeMemory
WinStationEnumerateW
WinStationReset
WinStationDisconnect
WinStationConnectW

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ImageList_Remove
CreatePropertySheetPageW
InitCommonControlsEx
PropertySheetW
ImageList_Replace

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

uxtheme

IsThemeActive
GetThemeInt
SetWindowTheme
CloseThemeData
DrawThemeBackground
OpenThemeData
IsThemePartDefined
EnableThemeDialogTexture

kernel32

GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
IsValidCodePage
GetOEMCP
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
CreateFileW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
ReadFile
SizeofResource
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
GlobalLock
GlobalUnlock
LocalAlloc
VirtualQuery
GlobalSize
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
GetACP
GetStdHandle
WriteFile
WideCharToMultiByte
GetModuleHandleExW
HeapFree
CreateRemoteThread
CreateThread
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
GetSystemDefaultLangID
GetSystemDirectoryW
GetLocaleInfoW
GetUserDefaultLangID
SearchPathW
LocalFree
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
ExitProcess
SetErrorMode
GetTickCount
AllocConsole
GetConsoleWindow
FreeConsole
SetConsoleCtrlHandler
CreateProcessW
FileTimeToLocalFileTime
FileTimeToSystemTime
ReadConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
WriteConsoleW
DecodePointer
RaiseException
HeapAlloc
GetModuleHandleW
GetProcAddress
GetLastError

user32

ReleaseCapture
PtInRect
SetScrollPos
ShowCaret
EnableScrollBar
SetCapture
DestroyCaret
DragDetect
GetClipboardData
CreateCaret
SetCaretPos
GetScrollInfo
RegisterClipboardFormatW
SetScrollInfo
GetDCEx
BeginPaint
ScreenToClient
SetCursorPos
ScrollWindowEx
GetUpdateRect
GetMessageTime
DrawFocusRect
GetCapture
GetAsyncKeyState
InvalidateRgn
WaitMessage
MessageBeep
GetMessagePos
GetUpdateRgn
GetIconInfo
EndPaint
EmptyClipboard
CloseClipboard
OpenClipboard
GetActiveWindow
GetFocus
TrackPopupMenu
DestroyMenu
CreatePopupMenu
FrameRect
InsertMenuItemW
DialogBoxParamW
SetDlgItemTextW
EndDialog
LockWorkStation
ExitWindowsEx
SendMessageW
IsWindowVisible
EnableWindow
GetParent
GetDlgItem
SetPropW
IsWindowEnabled
RemovePropW
GetPropW
GetClassNameW
GetWindowThreadProcessId
IsIconic
InvalidateRect
SetForegroundWindow
GetClientRect
SetWindowLongW
FindWindowW
SetLayeredWindowAttributes
MoveWindow
ClientToScreen
GetMonitorInfoW
GetWindowInfo
RedrawWindow
ShowWindow
GetSubMenu
GetWindowPlacement
GetMenuItemCount
MonitorFromRect
SetWindowPos
GetMenu
FindWindowExW
PostMessageW
GetKeyState
GetMenuItemInfoW
GetWindowLongW
MapWindowPoints
SetWindowTextW
GetWindowRect
MapDialogRect
DestroyIcon
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
SetCursor
LoadCursorW
CreateDialogParamW
GetSysColorBrush
GetSysColor
CopyIcon
SetDlgItemInt
SetTimer
DestroyWindow
ReleaseDC
SystemParametersInfoW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
DispatchMessageW
LoadAcceleratorsW
GetSystemMetrics
GetDC
SendMessageTimeoutW
GetMessageW
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
AppendMenuW
EndDeferWindowPos
DrawMenuBar
LoadIconW
SetFocus
SetMenuInfo
SetMenuItemInfoW
BeginDeferWindowPos
IsWindow
RegisterClassExW
CreateWindowExW
ShowWindowAsync
LoadMenuW
DefWindowProcW
DeferWindowPos
GetCursorPos
DrawIconEx
DrawTextW
TrackMouseEvent
IsHungAppWindow
SetActiveWindow
MonitorFromWindow
MonitorFromPoint
CallWindowProcW
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
FillRect
GetDlgItemInt
GetGuiResources
GetWindowTextLengthW
OpenWindowStationW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
CloseWindowStation
EnumDesktopsW
GetGUIThreadInfo
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
GetWindowTextW
CreateDialogIndirectParamW
GetDesktopWindow
SetClipboardData
InternalGetWindowText

gdi32

GetDeviceCaps
CreateFontW
DeleteObject
GetTextColor
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
SetDCPenColor
SetDCBrushColor
Polyline
GetStockObject
CreateCompatibleDC
CreateDIBSection
DeleteDC
BitBlt
SetTextColor
Rectangle
GetCharWidthW
TextOutW
SetBoundsRect
CreateCompatibleBitmap
GdiAlphaBlend
IntersectClipRect
CombineRgn
RestoreDC
ExcludeClipRect
SelectClipRgn
GetClipRgn
SaveDC
GetDIBits
SetBkColor
GetObjectW
CreateRectRgn
CreateFontIndirectW
SetBkMode

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
ChooseFontW

advapi32

LogonUserW
SystemFunction036
SetSecurityInfo
GetSecurityInfo
LsaLookupSids
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaOpenPolicy
LsaLookupPrivilegeName
StartServiceW
ControlService
DeleteService
CloseServiceHandle
LsaClose
LsaAddAccountRights
ChangeServiceConfigW
ChangeServiceConfig2W
OpenSCManagerW
CreateServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
LsaFreeMemory
LsaEnumerateAccounts
RegisterServiceCtrlHandlerExW
OpenServiceW
QueryServiceConfig2W
CreateProcessAsUserW
EnumServicesStatusExW
LsaEnumeratePrivilegesOfAccount
LsaOpenAccount
CreateProcessWithLogonW
QueryServiceConfigW

shell32

SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
ExtractIconExW
DuplicateIcon

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

Exports

Exports

PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewItem
PhAddTabControlTab
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhAutoDereferenceObject
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearList
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateEMenu
PhCreateEMenuItem
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateKey
PhCreateList
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhDecodeUnicodeDecoder
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteStringBuilder
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDestroyEMenu
PhDestroyEMenuItem
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseName
PhGetComboBoxString
PhGetDllFileName
PhGetDrawInfoGraphBuffers
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFullPath
PhGetGenericTreeNewLines
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetJobProcessIdList
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetMessage
PhGetModuleFromAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStockApplicationIcon
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHashBytes
PhHashStringRef
PhHeapHandle
PhHexStringToBuffer
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeStringBuilder
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInjectDllProcess
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvokeCallback
PhIsExecutablePacked
PhIsExecutingInWow64
PhLayoutManagerLayout
PhLibImageBase
PhListenNamedPipe
PhLoadIcon
PhLoadListViewColumnSettings
PhLoadModuleSymbolProvider
PhLoadResourceEMenuItem
PhLocalTimeToSystemTime
PhLockFileStream
PhLoggedCallback
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhLowerBoundElementAvlTree
PhLowerDualBoundElementAvlTree
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhModalPropertySheet
PhModifyEMenuItem
PhNetworkItemAddedEvent
PhNetworkItemModifiedEvent
PhNetworkItemRemovedEvent
PhNetworkItemsUpdatedEvent
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPredecessorElementAvlTree
PhPrintTimeSpan
PhProcessAddedEvent
PhProcessModifiedEvent
PhProcessRemovedEvent
PhProcessesUpdatedEvent
PhQueryFullAttributesFileWin32
PhQueryKey
PhQueryRegistryString
PhQueryServiceVariableSize
PhQuerySystemTime
PhQueryTimeZoneBias
PhQueryValueKey
PhQueueItemWorkQueue
PhQueueItemWorkQueueEx
PhReAllocate
PhReAllocateSafe
PhReadFileStream
PhReferenceEmptyString
PhReferenceObject
PhReferenceObjectEx
PhReferenceObjectSafe
PhReferenceObjects
PhRegisterCallback
PhRegisterCallbackEx
PhRemoveAllEMenuItems
PhRemoveEMenuItem
PhRemoveElementAvlTree
PhRemoveEntryHashtable
PhRemoveItemArray
PhRemoveItemList
PhRemoveItemPointerList
PhRemoveItemSimpleHashtable
PhRemoveItemsArray
PhRemoveItemsList
PhRemoveListViewItem
PhRemoveStringBuilder
PhResizeArray
PhResizeCircularBuffer_FLOAT
PhResizeCircularBuffer_PVOID
PhResizeCircularBuffer_ULONG
PhResizeCircularBuffer_ULONG64
PhResizeList
PhResolveDevicePrefix
PhRoundUpToPowerOfTwo
PhSaveListViewColumnSettings
PhSeekFileStream
PhSelectComboBoxString
PhServiceAddedEvent
PhServiceModifiedEvent
PhServiceRemovedEvent
PhServicesUpdatedEvent
PhSetClipboardString
PhSetControlTheme
PhSetExtendedListView
PhSetFileDialogFileName
PhSetFileDialogFilter
PhSetFileDialogOptions
PhSetFileSize
PhSetFlagsAllEMenuItems
PhSetFlagsEMenuItem
PhSetGraphText
PhSetHeaderSortIcon
PhSetImageListBitmap
PhSetListViewItemImageIndex
PhSetListViewSubItem
PhSetObjectSecurity
PhSetOptionsSymbolProvider
PhSetSeObjectSecurity
PhSetSearchPathSymbolProvider
PhSetServiceDelayedAutoStart
PhSetStateAllListViewItems
PhSetTokenIsVirtualizationEnabled
PhSetTokenPrivilege
PhSetTokenPrivilege2
PhSetTokenSessionId
PhShellExecute
PhShellExecuteEx
PhShellExploreFile
PhShellOpenKey
PhShellProperties
PhShowConfirmMessage
PhShowContinueStatus
PhShowEMenu
PhShowFileDialog
PhShowMessage
PhShowMessage_V
PhShowStatus
PhSidToStringSid
PhSplitStringRefAtChar
PhSplitStringRefAtLastChar
PhSplitStringRefAtString
PhSplitStringRefEx
PhStackWalk
PhStdGetClientIdName
PhStdGetObjectSecurity
PhStdSetObjectSecurity
PhStringToDouble
PhStringToInteger64
PhSuccessorElementAvlTree
PhSystemBasicInformation
PhSystemTimeToLocalTime
PhTerminateProcess
PhTransceiveNamedPipe
PhTrimStringRef
PhUnloadDllProcess
PhUnloadDriver
PhUnlockFileStream
PhUnregisterCallback
PhUpdateDosDevicePrefixes
PhUpdateHash
PhUpdateMupDevicePrefixes
PhUpperBoundElementAvlTree
PhUpperDualBoundElementAvlTree
PhVerifyFile
PhVerifyFileStream
PhWaitForNamedPipe
PhWaitForWorkQueue
PhWalkThreadStack
PhWriteFileStream
PhWriteMiniDumpProcess
PhWriteStringAsUtf8FileStream
PhWriteStringAsUtf8FileStream2
PhWriteStringAsUtf8FileStreamEx
PhWriteStringFormatAsUtf8FileStream
PhWriteStringFormatAsUtf8FileStream_V
PhWriteUnicodeDecoder

Sections

.text
Size: 865KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/Process Hacker 2/x86/plugins/DotNetTools.dll
.dll windows:5 windows x86 arch:x86

e17ba1da8b79afe0943501b2878fa8aa

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:97:f5:3c:1c:9b:91:67:27:f3:3f:9c:4e:83:8f:30:6e:8a:ca:b8:74:77:fa:ff:89:b7:b9:b2:9c:63:72:9f
Signer

Actual PE Digest

16:97:f5:3c:1c:9b:91:67:27:f3:3f:9c:4e:83:8f:30:6e:8a:ca:b8:74:77:fa:ff:89:b7:b9:b2:9c:63:72:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\DotNetTools.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

_PhPluginGetObjectExtension@12
_PhPluginAddTreeNewColumn@24
PhAddItemSimpleHashtable
PhRemoveItemSimpleHashtable
PhfWakeForReleaseQueuedLock
PhFindItemSimpleHashtable
PhfAcquireQueuedLockExclusive
PhCreateSimpleHashtable
PhFormatToBuffer
PhFormatSize
PhSetListViewSubItem
PhAddListViewColumn
_PhLoadListViewColumnsFromSetting@8
_PhAddPropPageLayoutItem@16
PhUnregisterCallback
_PhSaveListViewColumnsToSetting@8
_PhHandleListViewNotifyForCopy@8
PhAddListViewItem
PhAddComboBoxStrings
_PhSetIntegerSetting@8
_PhGetIntegerSetting@4
PhFormatUInt64
PhGetProcessIsDotNet
_PhAddSettings@8
_PhGetGeneralCallback@4
PhSetFlagsEMenuItem
_PhGetProcessIsSuspended@4
PhDereferenceObject
PhAppendStringBuilder2
PhShowMessage
PhEnumProcesses
_PhCreateProcessPropPageContextEx@16
_PhPluginSetObjectExtension@20
PhRegisterCallback
_PhRegisterPlugin@12
_PhGetPluginCallback@8
WindowsVersion
PhFormatString_V
PhAutoDereferenceObject
PhEnumProcessModules
PhGetSystemRoot
PhOpenProcess
PhfEndInitOnce
ProcessQueryAccess
PhOpenThread
PhConcatStringRef2
PhfBeginInitOnce
PhFindLastCharInStringRef
PhCreateList
PhCreateString
PhGetTreeNewText
PhSetControlTheme
PhFormatString
PhAllocate
PhCreateThread
PhFindProcessInformation
PhLoadResourceEMenuItem
PhCountStringZ
PhInitializeStringBuilder
_PhCmLoadSettings@8
_PhPropPageDlgProcHeader@24
PhCompareStringRef
PhConcatStrings2
PhCreateEMenu
PhAddItemList
PhGetWin32Message
PhShellExploreFile
_PhGetStringSetting@4
PhSetClipboardString
PhGetProcessIsDotNetEx
_PhSetStringSetting2@8
PhSplitStringRefAtChar
_PhAddProcessPropPage@8
PhRemoveStringBuilder
PhCreateStringEx
_PhPropPageDlgProcDestroy@4
_PhDoPropPageLayout@4
PhFinalStringBuilderString
PhShowEMenu
PhDestroyEMenu
PhFree
PhConcatStrings
_PhCmSaveSettings@4
PhReferenceObject

ntdll

RtlUnwind
NtMapViewOfSection
NtOpenSection
NtUnmapViewOfSection
RtlFreeSid
NtDuplicateObject
RtlAllocateAndInitializeSid
LdrGetDllHandle
NtReleaseMutant
NtOpenProcessToken
RtlNtStatusToDosError
NtReadVirtualMemory
RtlEqualUnicodeString
LdrGetProcedureAddress
NtGetContextThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtClose
NtQueryInformationToken

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
EnterCriticalSection
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
RaiseException

user32

GetKeyState
PostMessageW
SendMessageW
IsWindow
GetDlgItem
InvalidateRect

advapi32

SystemFunction036
ControlTraceW
CloseTrace
ProcessTrace
StartTraceW
OpenTraceW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ENDERHC - sprawdzanie/class_kopia.dll
.dll windows:4 windows x64 arch:x64

fb44800029c165cfd9718bddaa7a6896

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

jvm

JNI_GetCreatedJavaVMs

kernel32

AddVectoredExceptionHandler
AllocConsole
CloseHandle
CreateEventA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FreeConsole
FreeLibraryAndExitThread
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount64
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleTextAttribute
SetConsoleTitleA
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_beginthreadex
_filelengthi64
_fileno
_endthreadex
_errno
_fstat64
memchr
memcmp
memcpy
memmove
memset
_initterm
_lock
_lseeki64
_setjmp
_strnicmp
_ultoa
_unlock
_wfopen
abort
calloc
exit
fclose
fflush
fgetpos
fopen
fputc
fputs
fread
free
freopen_s
fsetpos
fwrite
getc
getwc
isspace
iswctype
localeconv
malloc
putc
putwc
realloc
setlocale
setvbuf
signal
strcmp
strcoll
strerror
strftime
strlen
strncmp
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm
longjmp
_write
_strdup
_read
_fileno
_fdopen
_close

user32

ShowWindow

Exports

Exports

_GCC_specific_handler
_Unwind_Backtrace
_Unwind_DeleteException
_Unwind_FindEnclosingFunction
_Unwind_ForcedUnwind
_Unwind_GetCFA
_Unwind_GetDataRelBase
_Unwind_GetGR
_Unwind_GetIP
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
_Z16InitializeDumperP11HINSTANCE__
_Z8Forward0P7JNIEnv_P7_jclass
_Z8Forward1P7JNIEnv_P7_jclassP8_jstring
_ZN7JNIEnv_16CallObjectMethodEP8_jobjectP10_jmethodIDz
_ZN7JNIEnv_20CallStaticVoidMethodEP7_jclassP10_jmethodIDz
_ZN7JNIEnv_22CallStaticObjectMethodEP7_jclassP10_jmethodIDz
_ZNKSt5ctypeIcE8do_widenEc
__IMPORT_DESCRIPTOR_jvm
__NULL_IMPORT_DESCRIPTOR
__pth_gpointer_locked
__pthread_clock_nanosleep
__pthread_shallcancel
__xl_f
_pthread_cleanup_dest
_pthread_get_state
_pthread_invoke_cancel
_pthread_key_dest
_pthread_rel_time_in_ms
_pthread_set_state
_pthread_setnobreak
_pthread_time_in_ms
_pthread_time_in_ms_from_timespec
_pthread_tryjoin
_pthread_wait_for_multiple_objects
_pthread_wait_for_single_object
cond_print
cond_print_set
do_sema_b_wait_intern
dumperData
jvmti
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstack
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstack
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_timedwait_relative_np
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getclock
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setclock
pthread_condattr_setpshared
pthread_create
pthread_create_wrapper
pthread_delay_np
pthread_delay_np_ms
pthread_detach
pthread_equal
pthread_exit
pthread_get_concurrency
pthread_getclean
pthread_getconcurrency
pthread_getevent
pthread_gethandle
pthread_getname_np
pthread_getschedparam
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getprioceiling
pthread_mutexattr_getprotocol
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setprioceiling
pthread_mutexattr_setprotocol
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_set_concurrency
pthread_set_num_processors_np
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setname_np
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_tls_init
rwl_print
rwl_print_set
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
thread_print
thread_print_set

Sections

.text
Size: 725KB - Virtual size: 725KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7573208674510652893809b0317e4eb4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:0f:a0:91:94:b2:2d:c5:1d:00:65:31:c9:c1:61:04Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

71:06:7b:d9:6a:55:37:05:85:2b:8a:8d:28:a8:ab:bf:77:c1:6f:57:7a:db:13:91:ff:15:c1:37:de:38:73:d9Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

ws2_32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 231KB - Virtual size: 230KB

.data Size: 56KB - Virtual size: 60KB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 58KB - Virtual size: 57KB

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:8c:52:ec:df:d9:ae:65:be:45:96:45:8b:4c:31:afCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ae:b0:d3:11:06:0f:81:c0:90:8a:80:09:1d:6e:b8:c9:fb:6c:f9:db:37:ef:b0:ed:2d:41:9f:18:3a:c3:0b:f6Signer

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 6.4MB - Virtual size: 6.4MB

.data Size: 618KB - Virtual size: 617KB

.rdata Size: 3.5MB - Virtual size: 3.5MB

.pdata Size: 124KB - Virtual size: 124KB

.xdata Size: 181KB - Virtual size: 180KB

.bss Size: - Virtual size: 8.6MB

.edata Size: 1024B - Virtual size: 754B

.idata Size: 12KB - Virtual size: 12KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

Size: 15KB - Virtual size: 17KB

.reloc Size: 73KB - Virtual size: 72KB

.edata Size: 1024B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 17KB - Virtual size: 17KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:0f:a0:91:94:b2:2d:c5:1d:00:65:31:c9:c1:61:04
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

71:06:7b:d9:6a:55:37:05:85:2b:8a:8d:28:a8:ab:bf:77:c1:6f:57:7a:db:13:91:ff:15:c1:37:de:38:73:d9
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 231KB - Virtual size: 230KB

.data
Size: 56KB - Virtual size: 60KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 58KB - Virtual size: 57KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:8c:52:ec:df:d9:ae:65:be:45:96:45:8b:4c:31:af
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ae:b0:d3:11:06:0f:81:c0:90:8a:80:09:1d:6e:b8:c9:fb:6c:f9:db:37:ef:b0:ed:2d:41:9f:18:3a:c3:0b:f6
Signer

.text
Size: 6.4MB - Virtual size: 6.4MB

.data
Size: 618KB - Virtual size: 617KB

.rdata
Size: 3.5MB - Virtual size: 3.5MB

.pdata
Size: 124KB - Virtual size: 124KB

.xdata
Size: 181KB - Virtual size: 180KB

.bss
Size: - Virtual size: 8.6MB

.edata
Size: 1024B - Virtual size: 754B

.idata
Size: 12KB - Virtual size: 12KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 73KB - Virtual size: 72KB

.edata
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 17KB - Virtual size: 17KB

.themida
Size: - Virtual size: 6.1MB

.boot
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 16B - Virtual size: 4KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

86:d0:50:e9:bb:2f:ee:a9:26:74:b9:34:ef:82:25:c8:43:e0:7f:b7:d0:98:e5:f2:8e:e8:20:f8:95:33:8c:05
Signer

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 3KB - Virtual size: 62KB

.rsrc
Size: 22KB - Virtual size: 21KB

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

33:a7:55:31:1b:42:8c:20:63:f9:83:05:8d:bf:9e:16:48:d0:0d:5f:ec:4a:df:00:e0:a3:4d:de:e6:39:f6:8b
Signer

92:53:a6:f7:2e:e0:e3:97:0d:54:57:e0:f0:61:fd:b4:0b:48:4f:18
Signer