ProcessHacker.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4c91bddd3d466241ab62f4afe56b2965b8f6b6c1f33b8f20f00e4811f3426261.exe
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4c91bddd3d466241ab62f4afe56b2965b8f6b6c1f33b8f20f00e4811f3426261.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
4c91bddd3d466241ab62f4afe56b2965b8f6b6c1f33b8f20f00e4811f3426261.exe
-
Size
2.0MB
-
MD5
50eccd2849950b7af74ebe2d4358a813
-
SHA1
7680113f272d7ef791bbab3d5594a8d045280f78
-
SHA256
4c91bddd3d466241ab62f4afe56b2965b8f6b6c1f33b8f20f00e4811f3426261
-
SHA512
1ba075287e2cc6f6d5650919b84bc7b9465a78e56a740dd329e6a44b7e3d9ec4a45468e19fb9abc97543c4b996a8ab9c70803d13862a497d612b4f4a4232787a
-
SSDEEP
49152:bukO7p9ixnXXsTtIk+kCKcasyTBwlrkrKfvdyQ:bNON9ixX8Tt7DCKcasyTBESKfly
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4c91bddd3d466241ab62f4afe56b2965b8f6b6c1f33b8f20f00e4811f3426261.exe
Files
-
4c91bddd3d466241ab62f4afe56b2965b8f6b6c1f33b8f20f00e4811f3426261.exe.exe windows:6 windows x86 arch:x86
ff85f52a5eb15da534d6d941a8f8be9f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntdll
NtSetInformationToken
RtlSubAuthorityCountSid
RtlFreeSid
NtTestAlert
NtOpenThreadToken
RtlTimeToSecondsSince1980
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
RtlLengthSid
NtCreateSection
RtlQueryElevationFlags
NtReleaseSemaphore
NtSetHighEventPair
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtPowerInformation
RtlGetFullPathName_U
NtCreateDirectoryObject
RtlGUIDFromString
NtDuplicateToken
RtlRandomEx
RtlTimeToTimeFields
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
LdrUnloadDll
LdrFindResource_U
LdrLoadDll
RtlDestroyProcessParameters
RtlGetFullPathName_UEx
RtlFindMessage
RtlStringFromGUID
NtQueryTimer
RtlNtStatusToDosError
RtlCreateUserProcess
RtlGetDaclSecurityDescriptor
RtlExpandEnvironmentStrings_U
LdrAccessResource
RtlUnicodeToMultiByteN
RtlUpcaseUnicodeChar
NtAllocateVirtualMemory
RtlReAllocateHeap
NtDelayExecution
RtlUTF8ToUnicodeN
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlCreateUserThread
RtlUnicodeToMultiByteSize
RtlUnicodeToUTF8N
RtlInterlockedPopEntrySList
RtlGetVersion
RtlCreateTimerQueue
NtUnlockFile
NtSetInformationFile
NtLockFile
NtFlushBuffersFile
NtQueryInformationFile
NtGetContextThread
NtQueryKey
NtDeleteKey
NtOpenProcessToken
NtOpenThread
RtlAppendUnicodeStringToString
NtOpenSymbolicLinkObject
NtEnumerateKey
NtUnloadDriver
NtEnumerateValueKey
NtQueueApcThread
RtlAppendUnicodeToString
RtlDestroyQueryDebugBuffer
NtOpenKey
RtlConvertSidToUnicodeString
NtQuerySymbolicLinkObject
RtlQueryProcessDebugInformation
NtOpenProcess
NtCreateNamedPipeFile
NtQueryInformationJobObject
NtSetSecurityObject
RtlQueryEnvironmentVariable_U
NtDeleteValueKey
NtQueryAttributesFile
NtOpenDirectoryObject
RtlGetUnloadEventTraceEx
NtFsControlFile
NtQueryDirectoryObject
NtAdjustGroupsToken
RtlCreateQueryDebugBuffer
NtLoadKeyEx
NtCreateKey
NtCreateFile
NtQueryDirectoryFile
NtOpenSection
NtQuerySecurityObject
NtSetValueKey
NtTerminateProcess
NtOpenFile
NtQueryValueKey
NtAlertResumeThread
NtQueryFullAttributesFile
NtSetInformationObject
NtDeviceIoControlFile
NtReleaseKeyedEvent
NtWaitForKeyedEvent
NtCreateKeyedEvent
NtClearEvent
NtQueryObject
NtCreateSemaphore
RtlLengthSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMapGenericMask
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
NtSetTimer
NtAlertThread
NtCreateTimer
RtlNtStatusToDosErrorNoTeb
RtlUnwind
NtResetEvent
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlFirstEntrySList
NtQueryInformationToken
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
RtlEqualSid
NtCreateMutant
RtlSetCurrentDirectory_U
RtlSetUnhandledExceptionFilter
RtlExitUserProcess
NtAdjustPrivilegesToken
NtOpenMutant
NtSystemDebugControl
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryMutant
NtQueryVolumeInformationFile
NtMapViewOfSection
NtQuerySection
NtGetNextProcess
RtlDeleteTimer
RtlCreateTimer
RtlUpdateTimer
RtlSetHeapInformation
RtlInitializeCriticalSection
NtQueryPerformanceCounter
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDetermineDosPathNameType_U
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtAlpcQueryInformation
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtShutdownSystem
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtSetInformationThread
NtResumeProcess
NtTerminateThread
NtRemoveProcessDebug
NtQueryInformationProcess
NtSuspendThread
NtFreeVirtualMemory
RtlCreateProcessParameters
RtlSecondsSince1970ToTime
kernel32
DecodePointer
WriteConsoleW
CreateFileW
CloseHandle
FlushFileBuffers
GetProcessHeap
GetCommandLineW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
SetStdHandle
HeapReAlloc
GetOEMCP
GetACP
IsValidCodePage
MultiByteToWideChar
GetCPInfo
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetFileType
SetFilePointerEx
GetFileSizeEx
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
ReadFile
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
HeapSize
GlobalSize
LocalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
LoadLibraryExW
GetDateFormatW
CreateProcessW
GetTimeFormatW
GetNumberFormatW
GetLocaleInfoW
SearchPathW
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
AllocConsole
GetConsoleWindow
FreeConsole
SetConsoleCtrlHandler
LocalFree
GetLastError
SetEndOfFile
Exports
Exports
PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddJsonArrayObject
PhAddJsonObject
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewGroup
PhAddListViewGroupItem
PhAddListViewItem
PhAddSetting
PhAddSettings
PhAddTabControlTab
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppResolverGetAppIdForWindow
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhAutoDereferenceObject
PhBoostProvider
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCacheDirectory
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearIgnoredSettings
PhClearList
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConnectPipe
PhConvertIgnoredSettings
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateCacheFile
PhCreateDirectory
PhCreateEMenu
PhCreateEMenuItem
PhCreateFile
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateJsonArray
PhCreateJsonObject
PhCreateJsonParser
PhCreateKey
PhCreateList
PhCreateNamedPipe
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePipe
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhCreateThread2
PhCreateThreadEx
PhDecodeUnicodeDecoder
PhDelayExecution
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCacheFile
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteDirectory
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteProviderThread
PhDeleteStringBuilder
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDestroyEMenu
PhDestroyEMenuItem
PhDetermineDosPathNameType
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDnsFree
PhDnsQuery
PhDnsQuery2
PhDoesFileExists
PhDoesFileExistsWin32
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDrawTrayIconText
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumChildWindows
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHandlesEx2
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEnumWindows
PhEnumerateKey
PhEnumerateValueKey
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhExtractIcon
PhExtractIconEx
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatBytes
PhFormatBytes_V
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreeJsonParser
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseDirectory
PhGetBaseName
PhGetClassObject
PhGetComboBoxString
PhGetDialogItemValue
PhGetDllFileName
PhGetDllHandle
PhGetDrawInfoGraphBuffers
PhGetEnabledProvider
PhGetEtwPublisherName
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFilePosition
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionFixedInfo
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFullPath
PhGetGenericTreeNewLines
PhGetGlobalTimerQueue
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetJsonArrayIndexObject
PhGetJsonArrayLength
PhGetJsonArrayLong64
PhGetJsonArrayString
PhGetJsonObject
PhGetJsonObjectAsArrayList
PhGetJsonObjectBool
PhGetJsonObjectLength
PhGetJsonObjectType
PhGetJsonValueAsLong64
PhGetJsonValueAsString
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetListViewItemText
PhGetMappedImageCfg
PhGetMappedImageCfgEntry
PhGetMappedImageExportFunction
PhGetMappedImageExports
PhGetMappedImageLoadConfig32
PhGetMappedImageLoadConfig64
PhGetMessage
PhGetModuleFromAddress
PhGetModuleProcAddress
PhGetNamedPipeClientComputerName
PhGetNamedPipeClientProcessId
PhGetNamedPipeServerProcessId
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddress
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessDeviceMap
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessUnloadedDlls
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetScalableIntegerPairSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceDllParameter
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatusMessage
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenIntegrityLevelRID
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowContext
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHashBytes
PhHashStringRef
PhHexStringToBuffer
PhHexStringToBufferEx
PhHttpDnsQuery
PhHttpSocketAddRequestHeaders
PhHttpSocketBeginRequest
PhHttpSocketConnect
PhHttpSocketCreate
PhHttpSocketDestroy
PhHttpSocketDownloadString
PhHttpSocketEndRequest
PhHttpSocketGetErrorMessage
PhHttpSocketParseUrl
PhHttpSocketQueryHeaderString
PhHttpSocketQueryHeaderUlong
PhHttpSocketQueryHeaders
PhHttpSocketQueryOptionString
PhHttpSocketReadData
PhHttpSocketReadDataToBuffer
PhHttpSocketSendRequest
PhHttpSocketSetCredentials
PhHttpSocketSetFeature
PhHttpSocketSetSecurity
PhHttpSocketWriteData
PhHungWindowFromGhostWindow
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeMappedImage
PhInitializeProviderThread
PhInitializeStringBuilder
PhInitializeThemeWindowHeader
PhInitializeWindowTheme
PhInitializeWindowThemeRebar
PhInitializeWindowThemeStatusBar
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvokeCallback
PhIsExecutablePacked
PhIsExecutingInWow64
PhLargeIntegerToLocalSystemTime
PhLargeIntegerToSystemTime
PhLayoutManagerLayout
PhListenNamedPipe
PhLoadAppKey
PhLoadIcon
PhLoadIndirectString
PhLoadListViewColumnSettings
PhLoadListViewColumnsFromSetting
PhLoadListViewGroupStatesFromSetting
PhLoadListViewSortColumnsFromSetting
PhLoadMappedImage
PhLoadMappedImageEx
PhLoadModuleSymbolProvider
PhLoadModulesForProcessSymbolProvider
PhLoadResource
PhLoadResourceEMenuItem
PhLoadSettings
PhLoadWindowPlacementFromSetting
PhLocalTimeToSystemTime
PhLockFileStream
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhLowerBoundElementAvlTree
PhLowerDualBoundElementAvlTree
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMappedImageRvaToVa
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhModalPropertySheet
PhModifyEMenuItem
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenProcessToken
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPredecessorElementAvlTree
PhPrintTimeSpan
PhQueryFullAttributesFileWin32
PhQueryKey
PhQueryRegistryString
PhQueryRegistryUlong
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 431KB - Virtual size: 431KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 211KB - Virtual size: 210KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 71KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ