H:\git\dexzunpacker
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
UD Pro.zip
Resource
win10v2004-20240802-en
windows10-2004-x64
29 signatures
1200 seconds
General
-
Target
UD Pro.zip
-
Size
18.2MB
-
MD5
6de579ed8bdfd36792e1d8d7cbac1267
-
SHA1
7b3f344e6d3acc22017998c1636bf3959966591c
-
SHA256
403480aa613a10a72f3bf047125f3ab29756662104d5bc977e5c9f655f45d47d
-
SHA512
7d609f98581defac8a1162c0c875b7bb951191994552db4525c2d0265e526cff208ff733a4a4dbf3a48dcf6d2a48c102a5de69403e8397f9d11bd9e26b81b20a
-
SSDEEP
393216:isR+CLRW386MHKvB9iewb7qRdGrBvGPyDR2i0gNYoVd08d0qU9WGL:aAU86MHKvB4em0CO6DR2i8of0I0qUD
Score
3/10
Malware Config
Signatures
-
Unsigned PE 14 IoCs
Checks for missing Authenticode signature.
resource unpack001/UD Pro/Loader.exe unpack001/UD Pro/penis.exe unpack001/UD Pro/plugins/DUP.exe unpack001/UD Pro/plugins/DotNetTools.dll unpack001/UD Pro/plugins/ExtendedNotifications.dll unpack001/UD Pro/plugins/ExtendedServices.dll unpack001/UD Pro/plugins/ExtendedTools.dll unpack001/UD Pro/plugins/HardwareDevices.dll unpack001/UD Pro/plugins/NetworkTools.dll unpack001/UD Pro/plugins/OnlineChecks.dll unpack001/UD Pro/plugins/ToolStatus.dll unpack001/UD Pro/plugins/Updater.dll unpack001/UD Pro/plugins/UserNotes.dll unpack001/UD Pro/plugins/WindowExplorer.dll
Files
-
UD Pro.zip.zip
-
UD Pro/Loader.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 3.8MB - Virtual size: 8.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 74KB - Virtual size: 179KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 2.8MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 14KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Size: - Virtual size: 14.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 8.6MB - Virtual size: 8.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
-
UD Pro/penis.exe.exe windows:6 windows x64 arch:x64
b046ada30a55647ce37232cfc87630a0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntdll
NtOpenThreadToken
NtTestAlert
NtPowerInformation
NtSetInformationToken
RtlSubAuthorityCountSid
RtlFreeSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
RtlLengthSid
NtCreateSection
RtlQueryElevationFlags
NtReleaseSemaphore
NtSetHighEventPair
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlTimeToSecondsSince1980
NtCreateDirectoryObject
RtlGUIDFromString
NtDuplicateToken
RtlRandomEx
RtlTimeToTimeFields
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
LdrFindResource_U
RtlDestroyProcessParameters
RtlGetFullPathName_UEx
RtlFindMessage
RtlStringFromGUID
RtlCreateProcessParameters
RtlNtStatusToDosError
RtlCreateUserProcess
RtlGetDaclSecurityDescriptor
RtlIpv4AddressToStringW
LdrAccessResource
RtlUnicodeToMultiByteN
RtlUpcaseUnicodeChar
NtAllocateVirtualMemory
RtlReAllocateHeap
NtDelayExecution
RtlUTF8ToUnicodeN
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlCreateUserThread
RtlUnicodeToMultiByteSize
RtlUnicodeToUTF8N
RtlInterlockedPopEntrySList
RtlGetVersion
RtlCreateTimerQueue
NtUnlockFile
NtSetInformationFile
NtLockFile
NtFlushBuffersFile
NtQueryInformationFile
NtGetContextThread
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
NtQueryValueKey
NtQueryKey
NtDeleteKey
NtOpenProcessToken
NtOpenThread
RtlQueueApcWow64Thread
RtlAppendUnicodeStringToString
NtOpenSymbolicLinkObject
NtEnumerateKey
NtUnloadDriver
NtEnumerateValueKey
RtlAppendUnicodeToString
RtlDestroyQueryDebugBuffer
NtOpenKey
RtlConvertSidToUnicodeString
NtQuerySymbolicLinkObject
RtlQueryProcessDebugInformation
NtOpenProcess
NtCreateNamedPipeFile
NtSetSecurityObject
RtlQueryEnvironmentVariable_U
NtDeleteValueKey
NtQueryAttributesFile
NtOpenDirectoryObject
RtlGetUnloadEventTraceEx
NtFsControlFile
NtQueryDirectoryObject
NtAdjustGroupsToken
RtlCreateQueryDebugBuffer
NtLoadKeyEx
NtCreateKey
NtQueueApcThreadEx
NtCreateFile
NtQueryDirectoryFile
NtOpenSection
NtQuerySecurityObject
NtSetValueKey
NtOpenFile
NtAlertResumeThread
NtQueryFullAttributesFile
NtSetInformationObject
NtDeviceIoControlFile
NtReleaseKeyedEvent
NtWaitForKeyedEvent
NtCreateKeyedEvent
NtClearEvent
NtQueryObject
NtCreateSemaphore
RtlLengthSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMapGenericMask
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
NtSetTimer
NtAlertThread
NtCreateTimer
RtlNtStatusToDosErrorNoTeb
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlFirstEntrySList
NtQueryInformationToken
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
RtlEqualSid
NtCreateMutant
RtlSetCurrentDirectory_U
RtlSetUnhandledExceptionFilter
RtlExitUserProcess
NtAdjustPrivilegesToken
NtOpenMutant
NtSystemDebugControl
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtQueryMutant
NtQueryVolumeInformationFile
NtMapViewOfSection
NtQuerySection
NtGetNextProcess
RtlDeleteTimer
RtlCreateTimer
RtlUpdateTimer
RtlSetHeapInformation
RtlInitializeCriticalSection
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDetermineDosPathNameType_U
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtAlpcQueryInformation
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtShutdownSystem
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtSetInformationThread
NtResumeProcess
NtTerminateThread
NtRemoveProcessDebug
NtQueryInformationProcess
NtSuspendThread
NtFreeVirtualMemory
RtlExpandEnvironmentStrings_U
RtlSecondsSince1970ToTime
kernel32
HeapSize
CreateFileW
CloseHandle
FlushFileBuffers
GetProcessHeap
GetCommandLineW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
SetStdHandle
HeapReAlloc
GetOEMCP
GetACP
IsValidCodePage
MultiByteToWideChar
GetCPInfo
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetFileType
SetFilePointerEx
GetFileSizeEx
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
ReadFile
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW
GlobalSize
LocalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
LoadLibraryExW
GetDateFormatW
CreateProcessW
GetTimeFormatW
GetNumberFormatW
GetLocaleInfoW
SearchPathW
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
AllocConsole
GetConsoleWindow
FreeConsole
SetConsoleCtrlHandler
LocalFree
GetLastError
SetEndOfFile
Exports
Exports
PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddJsonArrayObject
PhAddJsonObject
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewGroup
PhAddListViewGroupItem
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSetting
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppResolverGetAppIdForWindow
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBoostProvider
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCacheDirectory
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearIgnoredSettings
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConnectPipe
PhConvertIgnoredSettings
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateCacheFile
PhCreateDirectory
PhCreateEMenu
PhCreateEMenuItem
PhCreateFile
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateJsonArray
PhCreateJsonObject
PhCreateJsonParser
PhCreateKey
PhCreateList
PhCreateNamedPipe
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePipe
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSearchControl
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhCreateThread2
PhCreateThreadEx
PhDecodeUnicodeDecoder
PhDelayExecution
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCacheFile
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteDirectory
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteProviderThread
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDetermineDosPathNameType
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDnsFree
PhDnsQuery
PhDoPropPageLayout
PhDoesFileExistsWin32
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDrawTrayIconText
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumChildWindows
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHandlesEx2
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEnumWindows
PhEnumerateKey
PhEnumerateValueKey
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExecuteRunAsCommand3
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhExtractIcon
PhExtractIconEx
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreeJsonParser
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetApplicationIcon
PhGetBaseDirectory
PhGetBaseName
PhGetClassObject
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDialogItemValue
PhGetDllFileName
PhGetDllHandle
PhGetDrawInfoGraphBuffers
PhGetEnabledProvider
PhGetEtwPublisherName
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFilePosition
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetGlobalTimerQueue
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetJsonArrayIndexObject
PhGetJsonArrayLength
PhGetJsonArrayLong64
PhGetJsonArrayString
PhGetJsonObject
PhGetJsonObjectAsArrayList
PhGetJsonObjectBool
PhGetJsonObjectLength
PhGetJsonObjectType
PhGetJsonValueAsLong64
PhGetJsonValueAsString
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetListViewItemText
PhGetMappedImageCfg
PhGetMappedImageCfgEntry
PhGetMappedImageExportFunction
PhGetMappedImageExports
PhGetMappedImageLoadConfig32
PhGetMappedImageLoadConfig64
PhGetMessage
PhGetModuleFromAddress
PhGetModuleProcAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPhVersion
PhGetPhVersionHash
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginFileName
PhGetPluginInformation
PhGetPluginName
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddress
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessDeviceMap
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessInformationCache
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessKnownTypeEx
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPriorityClassString
PhGetProcessUnloadedDlls
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetScalableIntegerPairSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceDllParameter
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStatusMessage
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenIntegrityLevelRID
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowContext
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHandleCopyCellEMenuItem
PhHandleCopyListViewEMenuItem
PhHandleListViewNotifyBehaviors
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHashBytes
PhHashStringRef
PhHexStringToBuffer
PhHexStringToBufferEx
PhHttpDnsQuery
PhHttpSocketAddRequestHeaders
PhHttpSocketBeginRequest
PhHttpSocketConnect
PhHttpSocketCreate
PhHttpSocketDestroy
PhHttpSocketDownloadString
PhHttpSocketEndRequest
PhHttpSocketGetErrorMessage
PhHttpSocketParseUrl
PhHttpSocketQueryHeaderString
PhHttpSocketQueryHeaderUlong
PhHttpSocketQueryHeaders
PhHttpSocketQueryOptionString
PhHttpSocketReadData
PhHttpSocketReadDataToBuffer
PhHttpSocketSendRequest
PhHttpSocketSetCredentials
PhHttpSocketSetFeature
PhHttpSocketSetSecurity
PhHttpSocketWriteData
PhHungWindowFromGhostWindow
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeMappedImage
PhInitializeProviderThread
PhInitializeStringBuilder
PhInitializeThemeWindowHeader
PhInitializeTreeNewColumnMenu
PhInitializeTreeNewFilterSupport
PhInitializeWindowTheme
PhInitializeWindowThemeStatusBar
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInsertCopyCellEMenuItem
PhInsertCopyListViewEMenuItem
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 529KB - Virtual size: 528KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 31KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 129KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
UD Pro/plugins/DUP.exe.exe windows:6 windows x64 arch:x64
b046ada30a55647ce37232cfc87630a0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
H:\git\dexzunpacker
Imports
ntdll
NtOpenThreadToken
NtTestAlert
NtPowerInformation
NtSetInformationToken
RtlSubAuthorityCountSid
RtlFreeSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
RtlLengthSid
NtCreateSection
RtlQueryElevationFlags
NtReleaseSemaphore
NtSetHighEventPair
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlTimeToSecondsSince1980
NtCreateDirectoryObject
RtlGUIDFromString
NtDuplicateToken
RtlRandomEx
RtlTimeToTimeFields
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
LdrFindResource_U
RtlDestroyProcessParameters
RtlGetFullPathName_UEx
RtlFindMessage
RtlStringFromGUID
RtlCreateProcessParameters
RtlNtStatusToDosError
RtlCreateUserProcess
RtlGetDaclSecurityDescriptor
RtlIpv4AddressToStringW
LdrAccessResource
RtlUnicodeToMultiByteN
RtlUpcaseUnicodeChar
NtAllocateVirtualMemory
RtlReAllocateHeap
NtDelayExecution
RtlUTF8ToUnicodeN
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlCreateUserThread
RtlUnicodeToMultiByteSize
RtlUnicodeToUTF8N
RtlInterlockedPopEntrySList
RtlGetVersion
RtlCreateTimerQueue
NtUnlockFile
NtSetInformationFile
NtLockFile
NtFlushBuffersFile
NtQueryInformationFile
NtGetContextThread
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
NtQueryValueKey
NtQueryKey
NtDeleteKey
NtOpenProcessToken
NtOpenThread
RtlQueueApcWow64Thread
RtlAppendUnicodeStringToString
NtOpenSymbolicLinkObject
NtEnumerateKey
NtUnloadDriver
NtEnumerateValueKey
RtlAppendUnicodeToString
RtlDestroyQueryDebugBuffer
NtOpenKey
RtlConvertSidToUnicodeString
NtQuerySymbolicLinkObject
RtlQueryProcessDebugInformation
NtOpenProcess
NtCreateNamedPipeFile
NtSetSecurityObject
RtlQueryEnvironmentVariable_U
NtDeleteValueKey
NtQueryAttributesFile
NtOpenDirectoryObject
RtlGetUnloadEventTraceEx
NtFsControlFile
NtQueryDirectoryObject
NtAdjustGroupsToken
RtlCreateQueryDebugBuffer
NtLoadKeyEx
NtCreateKey
NtQueueApcThreadEx
NtCreateFile
NtQueryDirectoryFile
NtOpenSection
NtQuerySecurityObject
NtSetValueKey
NtOpenFile
NtAlertResumeThread
NtQueryFullAttributesFile
NtSetInformationObject
NtDeviceIoControlFile
NtReleaseKeyedEvent
NtWaitForKeyedEvent
NtCreateKeyedEvent
NtClearEvent
NtQueryObject
NtCreateSemaphore
RtlLengthSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMapGenericMask
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
NtSetTimer
NtAlertThread
NtCreateTimer
RtlNtStatusToDosErrorNoTeb
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlFirstEntrySList
NtQueryInformationToken
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
RtlEqualSid
NtCreateMutant
RtlSetCurrentDirectory_U
RtlSetUnhandledExceptionFilter
RtlExitUserProcess
NtAdjustPrivilegesToken
NtOpenMutant
NtSystemDebugControl
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtQueryMutant
NtQueryVolumeInformationFile
NtMapViewOfSection
NtQuerySection
NtGetNextProcess
RtlDeleteTimer
RtlCreateTimer
RtlUpdateTimer
RtlSetHeapInformation
RtlInitializeCriticalSection
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDetermineDosPathNameType_U
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtAlpcQueryInformation
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtShutdownSystem
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtSetInformationThread
NtResumeProcess
NtTerminateThread
NtRemoveProcessDebug
NtQueryInformationProcess
NtSuspendThread
NtFreeVirtualMemory
RtlExpandEnvironmentStrings_U
RtlSecondsSince1970ToTime
kernel32
HeapSize
CreateFileW
CloseHandle
FlushFileBuffers
GetProcessHeap
GetCommandLineW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
SetStdHandle
HeapReAlloc
GetOEMCP
GetACP
IsValidCodePage
MultiByteToWideChar
GetCPInfo
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetFileType
SetFilePointerEx
GetFileSizeEx
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
ReadFile
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW
GlobalSize
LocalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
LoadLibraryExW
GetDateFormatW
CreateProcessW
GetTimeFormatW
GetNumberFormatW
GetLocaleInfoW
SearchPathW
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
AllocConsole
GetConsoleWindow
FreeConsole
SetConsoleCtrlHandler
LocalFree
GetLastError
SetEndOfFile
Exports
Exports
PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddJsonArrayObject
PhAddJsonObject
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewGroup
PhAddListViewGroupItem
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSetting
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppResolverGetAppIdForWindow
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBoostProvider
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCacheDirectory
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearIgnoredSettings
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConnectPipe
PhConvertIgnoredSettings
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateCacheFile
PhCreateDirectory
PhCreateEMenu
PhCreateEMenuItem
PhCreateFile
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateJsonArray
PhCreateJsonObject
PhCreateJsonParser
PhCreateKey
PhCreateList
PhCreateNamedPipe
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePipe
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSearchControl
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhCreateThread2
PhCreateThreadEx
PhDecodeUnicodeDecoder
PhDelayExecution
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCacheFile
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteDirectory
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteProviderThread
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDetermineDosPathNameType
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDnsFree
PhDnsQuery
PhDoPropPageLayout
PhDoesFileExistsWin32
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDrawTrayIconText
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumChildWindows
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHandlesEx2
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEnumWindows
PhEnumerateKey
PhEnumerateValueKey
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExecuteRunAsCommand3
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhExtractIcon
PhExtractIconEx
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreeJsonParser
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetApplicationIcon
PhGetBaseDirectory
PhGetBaseName
PhGetClassObject
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDialogItemValue
PhGetDllFileName
PhGetDllHandle
PhGetDrawInfoGraphBuffers
PhGetEnabledProvider
PhGetEtwPublisherName
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFilePosition
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetGlobalTimerQueue
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetJsonArrayIndexObject
PhGetJsonArrayLength
PhGetJsonArrayLong64
PhGetJsonArrayString
PhGetJsonObject
PhGetJsonObjectAsArrayList
PhGetJsonObjectBool
PhGetJsonObjectLength
PhGetJsonObjectType
PhGetJsonValueAsLong64
PhGetJsonValueAsString
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetListViewItemText
PhGetMappedImageCfg
PhGetMappedImageCfgEntry
PhGetMappedImageExportFunction
PhGetMappedImageExports
PhGetMappedImageLoadConfig32
PhGetMappedImageLoadConfig64
PhGetMessage
PhGetModuleFromAddress
PhGetModuleProcAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPhVersion
PhGetPhVersionHash
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginFileName
PhGetPluginInformation
PhGetPluginName
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddress
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessDeviceMap
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessInformationCache
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessKnownTypeEx
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPriorityClassString
PhGetProcessUnloadedDlls
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetScalableIntegerPairSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceDllParameter
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStatusMessage
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenIntegrityLevelRID
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowContext
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHandleCopyCellEMenuItem
PhHandleCopyListViewEMenuItem
PhHandleListViewNotifyBehaviors
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHashBytes
PhHashStringRef
PhHexStringToBuffer
PhHexStringToBufferEx
PhHttpDnsQuery
PhHttpSocketAddRequestHeaders
PhHttpSocketBeginRequest
PhHttpSocketConnect
PhHttpSocketCreate
PhHttpSocketDestroy
PhHttpSocketDownloadString
PhHttpSocketEndRequest
PhHttpSocketGetErrorMessage
PhHttpSocketParseUrl
PhHttpSocketQueryHeaderString
PhHttpSocketQueryHeaderUlong
PhHttpSocketQueryHeaders
PhHttpSocketQueryOptionString
PhHttpSocketReadData
PhHttpSocketReadDataToBuffer
PhHttpSocketSendRequest
PhHttpSocketSetCredentials
PhHttpSocketSetFeature
PhHttpSocketSetSecurity
PhHttpSocketWriteData
PhHungWindowFromGhostWindow
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeMappedImage
PhInitializeProviderThread
PhInitializeStringBuilder
PhInitializeThemeWindowHeader
PhInitializeTreeNewColumnMenu
PhInitializeTreeNewFilterSupport
PhInitializeWindowTheme
PhInitializeWindowThemeStatusBar
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInsertCopyCellEMenuItem
PhInsertCopyListViewEMenuItem
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 529KB - Virtual size: 528KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 31KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 129KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
UD Pro/plugins/DotNetTools.dll.dll windows:6 windows x64 arch:x64
26abe4bbd8afcb54a4c75add54378fdd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
H:\git\dexzunpacker
Imports
processhacker.exe
WindowsVersion
PhOpenProcessToken
PhGetPluginCallback
PhRegisterPlugin
PhRegisterCallback
PhPluginSetObjectExtension
PhGetGeneralCallback
PhAddSettings
PhCopyListView
PhLoadListViewGroupStatesFromSetting
PhHandleListViewNotifyBehaviors
PhLoadListViewSortColumnsFromSetting
PhGetListViewContextMenuPoint
PhSaveListViewColumnsToSetting
PhSaveListViewGroupStatesToSetting
PhUnregisterCallback
PhLoadListViewColumnsFromSetting
PhAddListViewGroupItem
PhAddListViewColumn
PhQueryTokenVariableSize
PhSaveListViewSortColumnsToSetting
PhAddListViewGroup
PhInsertCopyListViewEMenuItem
PhFormatToBuffer
PhHandleCopyListViewEMenuItem
PhGetSelectedListViewItemParams
PhCreateSimpleHashtable
PhfAcquireQueuedLockExclusive
PhFindItemSimpleHashtable
PhUiConnectToPhSvcEx
PhUiDisconnectFromPhSvc
PhfWakeForReleaseQueuedLock
PhRemoveItemSimpleHashtable
PhAddItemSimpleHashtable
PhPluginQueryPhSvc
PhPluginCallPhSvc
PhPluginGetObjectExtension
PhPluginAddTreeNewColumn
PhGetProcessIsDotNet
PhEnumProcessModules
PhGetSystemRoot
PhOpenProcess
PhfEndInitOnce
PhGetProcedureAddress
PhOpenThread
PhConcatStringRef2
PhEnumProcessModules32
PhfBeginInitOnce
PhFindLastCharInStringRef
PhCreateThreadEx
PhInsertEMenuItem
PhCreateList
PhCreateString
PhGetTreeNewText
PhInitializeTreeNewFilterSupport
PhSetControlTheme
PhFormatString
PhCreateSearchControl
PhAllocate
PhFindProcessInformation
PhFormatString_V
PhEqualStringRef
PhCountStringZ
PhCreateEMenuItem
PhClearList
PhInitializeStringBuilder
PhGetWindowText
PhCmLoadSettings
PhPropPageDlgProcHeader
PhCompareStringRef
PhConcatStrings2
PhDeleteTreeNewColumnMenu
PhCreateEMenu
PhHandleCopyCellEMenuItem
PhAddItemList
PhGetWin32Message
PhShellExploreFile
PhAddItemsList
PhInitializeWindowTheme
PhGetStringSetting
PhHandleTreeNewColumnMenu
PhDoesFileExistsWin32
PhInitializeTreeNewColumnMenu
PhSetClipboardString
PhAddTreeNewFilter
PhReferenceEmptyString
PhGetProcessIsDotNetEx
PhSetStringSetting2
PhGetGlobalWorkQueue
PhSplitStringRefAtChar
PhAddProcessPropPage
PhRemoveStringBuilder
PhCreateStringEx
PhQueueItemWorkQueue
PhDoPropPageLayout
PhFinalStringBuilderString
PhApplyTreeNewFilters
PhShellExecuteUserString
PhShowEMenu
PhFindStringInStringRef
PhAutoDereferenceObject
PhSetIntegerSetting
PhGetIntegerSetting
PhRemoveTreeNewFilter
PhDestroyEMenu
PhFree
PhConcatStrings
PhCmSaveSettings
PhReferenceObject
PhInsertCopyCellEMenuItem
PhDeleteTreeNewFilterSupport
PhCreateProcessPropPageContextEx
PhEnumProcesses
PhShowMessage
PhAppendStringBuilder2
PhDereferenceObject
PhGetProcessIsSuspended
PhSetFlagsEMenuItem
PhAddPropPageLayoutItem
PhSetExtendedListView
PhFormatUInt64
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
NtMapViewOfSection
NtOpenSection
RtlAddSIDToBoundaryDescriptor
NtOpenPrivateNamespace
NtUnmapViewOfSection
RtlFreeSid
RtlAllocateAndInitializeSid
RtlDeleteBoundaryDescriptor
RtlCreateBoundaryDescriptor
RtlNtStatusToDosError
NtReadVirtualMemory
NtQueryInformationProcess
NtGetContextThread
NtWaitForSingleObject
NtClose
kernel32
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
GetProcessHeap
LoadLibraryW
GetLastError
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 136B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
UD Pro/plugins/ExtendedNotifications.dll.dll windows:6 windows x64 arch:x64
b45f9a00b97b8bc5fde83ab523a54d00
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
H:\git\dexzunpacker
Imports
processhacker.exe
PhReferenceProcessItemForParent
PhSetWindowContext
PhCreateList
PhInitializeLayoutManager
PhDeleteLayoutManager
PhFreeFileDialog
PhAllocate
PhShowFileDialog
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhInsertItemList
PhClearList
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhSetFileDialogFilter
PhAddItemList
PhAddSettings
PhRemoveItemList
PhGetFileDialogFileName
PhSetFileDialogFileName
PhCreateSaveFileDialog
PhSetStringSetting2
PhGetWindowContext
PhGetGlobalWorkQueue
PhSetDialogItemText
PhQueueItemWorkQueue
PhFinalStringBuilderString
PhAddLayoutItem
PhFormatString_V
PhSetIntegerSetting
PhAppendCharStringBuilder
PhMatchWildcards
PhGetIntegerSetting
PhRegisterPlugin
PhReferenceObject
PhAppendStringBuilderEx
PhGetPluginCallback
PhDeleteStringBuilder
PhGetFileName
PhConvertUtf8ToUtf16
PhLayoutManagerLayout
PhRemoveWindowContext
PhFindCharInStringRef
PhDuplicateBytesZSafe
PhAllocateSafe
PhFree
PhDereferenceObject
PhGetStringSetting
PhGetGeneralCallback
PhCreateFileStream
PhWriteStringFormatAsUtf8FileStream
PhFormatLogEntry
PhAutoDereferenceObject
PhRegisterCallback
PhFormatDateTime
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
kernel32
GetModuleHandleW
FlushFileBuffers
CreateFileW
SetStdHandle
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
CloseHandle
LCMapStringW
HeapFree
HeapAlloc
GetFileType
GetStdHandle
GetConsoleMode
SetFilePointerEx
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
WriteConsoleW
HeapSize
GetStringTypeW
GetFileSizeEx
GetConsoleOutputCP
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
SetUnhandledExceptionFilter
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
WriteFile
Sections
.text Size: 79KB - Virtual size: 78KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
UD Pro/plugins/ExtendedServices.dll.dll windows:6 windows x64 arch:x64
cfe6f486e067d0abb525baea39a939bc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
H:\git\dexzunpacker
Imports
processhacker.exe
PhaChoiceDialog
PhCenterWindow
PhSetFileDialogFileName
PhGetFileDialogFileName
PhGetComboBoxString
PhCreateOpenFileDialog
PhSetFileDialogFilter
PhShowFileDialog
PhFreeFileDialog
PhCreateString
PhOpenKey
PhCreateAlloc
PhAppendStringBuilderEx
PhSetListViewSubItem
PhFinalArrayItems
PhQueryRegistryString
PhFinalStringBuilderString
PhReferenceEmptyString
PhInitializeArray
PhDeleteAutoPool
PhFormatGuid
PhGetEtwPublisherName
PhGetSelectedListViewItemParam
PhAddItemArray
PhClearList
PhStringToGuid
PhEnumerateKey
PhFormatString
PhFindListViewItemByFlags
PhLookupPrivilegeDisplayName
PhSetControlTheme
PhQueryServiceVariableSize
PhDereferenceObjects
PhFindIntegerSiKeyValuePairs
PhEqualStringRef
PhGetNtMessage
PhSelectComboBoxString
PhSetExtendedListView
PhInitializeStringBuilder
PhGetWindowText
PhAddListViewColumn
WindowsVersion
PhRemoveItemList
PhSidToStringSid
PhGetDialogItemValue
PhGetModuleProcAddress
PhRemoveListViewItem
PhUiDisconnectFromPhSvc
PhUiConnectToPhSvc
PhCreateStringEx
PhGetListViewItemParam
PhFindItemList
PhFindStringSiKeyValuePairs
PhAddListViewItem
PhSvcCallChangeServiceConfig2
PhAddComboBoxStrings
PhAppendCharStringBuilder
PhDeleteStringBuilder
PhNtStatusToDosError
PhOpenLsaPolicy
PhShowMessage
PhAppendStringBuilder
PhGetOwnTokenAttributes
PhSetDialogItemValue
PhMainWndHandle
PhInsertEMenuItem
PhUiContinueService
PhUiStopService
PhfReleaseQueuedLockShared
PhEscapeStringForMenuPrefix
PhPluginCreateEMenuItem
PhCompareStringRef
PhFindEMenuItem
PhDestroyEMenuItem
PhAddSettings
PhShowStatus
PhGetGeneralCallback
PhfAcquireQueuedLockShared
PhIndexOfEMenuItem
PhFormatString_V
PhRegisterCallback
PhUiStartService
PhRegisterPlugin
PhReferenceObject
PhGetPluginCallback
PhUiPauseService
PhSetWindowContext
PhCreateList
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhOpenService
PhCountStringZ
PhConcatStrings2
PhAddItemList
PhGetWin32Message
PhReferenceServiceItem
PhInitializeWindowTheme
PhGetWindowContext
PhSetDialogItemText
PhGetServiceConfig
PhAddLayoutItem
PhAutoDereferenceObject
PhGetIntegerSetting
PhFree
PhLayoutManagerLayout
PhDereferenceObject
PhCreateServiceListControl
PhInitializeAutoPool
PhRemoveWindowContext
ntdll
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtClose
RtlGUIDFromString
kernel32
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
GetConsoleMode
SetFilePointerEx
GetComputerNameW
SetLastError
GetLastError
CreateFileW
CloseHandle
WriteConsoleW
WriteFile
Sections
.text Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 216B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
UD Pro/plugins/ExtendedTools.dll.dll windows:6 windows x64 arch:x64
a7737dce9738b8cafdad4238d0682533
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
H:\git\dexzunpacker
Imports
processhacker.exe
PhCreateSimpleHashtable
PhReferenceProcessRecord
PhFreeToFreeList
PhGetFileName
PhReferenceProcessItem
PhCreateObject
PhDereferenceProcessRecord
PhInitializeFreeList
PhfAcquireQueuedLockShared
PhAllocateFromFreeList
PhGetGeneralCallback
PhInvokeCallback
PhAddEntryHashtableEx
PhEqualStringRef
PhCreateObjectType
PhfReleaseQueuedLockShared
PhHashStringRef
PhGetOwnTokenAttributes
PhDelayExecution
WindowsVersion
PhIsExecutingInWow64
PhFormatUInt64
PhCopyListView
PhRemoveWindowContext
PhLayoutManagerLayout
PhGetListViewContextMenuPoint
PhCenterWindow
PhInitializeAutoPool
PhFormatString_V
PhAddLayoutItem
PhDrainAutoPool
PhSetApplicationWindowIcon
PhGetWindowContext
PhUnregisterCallback
PhInitializeWindowTheme
PhDeleteAutoPool
PhAddListViewGroupItem
PhAddListViewColumn
PhSetListViewSubItem
PhDeleteLayoutManager
PhInitializeLayoutManager
PhFormatSize
PhAddListViewGroup
PhInsertCopyListViewEMenuItem
PhFormatToBuffer
PhSetWindowContext
PhHandleCopyListViewEMenuItem
PhGetSelectedListViewItemParams
PhReferenceProcessRecordForStatistics
PhQueryRegistryUlong
PhInitializeCircularBuffer_FLOAT
PhFormatDate
PhQueryValueKey
PhInitializeCircularBuffer_ULONG64
PhGetModuleProcAddress
PhInitializeCircularBuffer_ULONG
PhQueryRegistryUlong64
PhLargeIntegerToLocalSystemTime
PhGetStatisticsTimeString
PhfResetEvent
PhShowMessage
PhSetGraphText
PhCopyCircularBuffer_FLOAT
PhfSetEvent
PhLoadWindowPlacementFromSetting
PhGraphStateGetDrawInfo
PhDeleteGraphState
PhSiSetColorsGraphDrawInfo
PhInitializeGraphState
PhSaveWindowPlacementToSetting
PhfWaitForEvent
PhCreateThreadEx
PhAddPropPageLayoutItem
PhCreateProcessPropPageContextEx
PhGetStockApplicationIcon
PhAddProcessPropPage
PhGlobalDpi
PhPropPageDlgProcHeader
PhDivideSinglesBySingle
PhGetStatisticsTime
PhAppendStringBuilder
PhAppendStringBuilder2
PhGetDrawInfoGraphBuffers
PhSetWindowText
PhFindProcessRecord
PhFinalStringBuilderString
PhRemoveStringBuilder
PhSetDialogItemText
PhAddLayoutItemEx
PhInitializeStringBuilder
PhDrawTrayIconText
PhGenerateGuid
PhFormatGuid
PhAppendFormatStringBuilder
PhStringToGuid
PhDrawGraphDirect
PhPluginQueryPhSvc
PhPluginCallPhSvc
PhGetProcessUnloadedDlls
PhBufferToHexString
PhPluginGetObjectExtension
PhPluginAddTreeNewColumn
PhGetClassObject
PhPluginEnableTreeNewNotify
PhEnumProcesses
PhReferenceNetworkItem
PhGetProcessInformationCache
PhFindProcessInformation
PhSiSizeLabelYFunction
PhDeleteCircularBuffer_FLOAT
PhGetPluginCallback
PhRegisterPlugin
PhIndexOfEMenuItem
PhPluginSetObjectExtension
PhDeleteCircularBuffer_ULONG
PhAddSettings
PhPrintTimeSpan
PhPluginCreateEMenuItem
PhDeleteCircularBuffer_ULONG64
PhCreateServiceListControl
PhShowStatus
PhReferenceServiceItem
PhCreateSymbolProvider
PhCreateAlloc
PhEnumGenericModules
PhLoadSymbolProviderOptions
PhGetSymbolFromAddress
PhOpenProcess
PhLoadModuleSymbolProvider
PhSetIntegerSetting
PhOpenThread
PhShowConfirmMessage
PhFormatDateTime
PhAddListViewItem
PhHandleListViewNotifyForCopy
PhSaveListViewColumnsToSetting
PhUiConnectToPhSvcEx
PhUiDisconnectFromPhSvc
PhHexStringToBufferEx
PhLoadListViewColumnsFromSetting
PhSetExtendedListView
PhCopyStringZ
PhFindListViewItemByParam
PhFindItemSimpleHashtable
PhQueueItemWorkQueue
PhGetGlobalWorkQueue
PhGetBaseName
PhSystemBasicInformation
PhGetModuleFromAddress
PhAddItemSimpleHashtable
PhMainWndHandle
PhInsertEMenuItem
PhCreateList
PhGetStatusMessage
PhCreateString
PhGetTreeNewText
PhShowProcessRecordDialog
PhFormat
PhInitializeTreeNewFilterSupport
PhSetControlTheme
PhFormatString
PhFindProcessNode
PhSetIntegerPairSetting
PhCreateEMenuItem
PhRemoveEntryHashtable
PhInitializeThemeWindowHeader
PhSetFlagsAllEMenuItems
PhCmLoadSettings
PhAddItemArray
PhCompareStringRef
PhFindLastCharInStringRef
PhDeleteTreeNewColumnMenu
PhFindEMenuItem
PhCreateEMenu
PhGetPluginInformation
PhfWakeForReleaseQueuedLock
PhHandleCopyCellEMenuItem
PhAddItemList
PhReferenceProcessItemForRecord
PhShellExploreFile
PhGetStringSetting
PhHandleTreeNewColumnMenu
PhDoesFileExistsWin32
PhInitializeTreeNewColumnMenu
PhInitializeArray
PhRemoveItemList
PhSetClipboardString
PhAddTreeNewFilter
PhReferenceEmptyString
PhApplyTreeNewFiltersToNode
PhShowMessage2
PhGetIntegerPairSetting
PhFindPlugin
PhSetStringSetting2
PhCreateStringEx
PhApplyTreeNewFilters
PhFindItemList
PhShellExecuteUserString
PhShowEMenu
PhAutoDereferenceObject
PhRegisterCallback
PhRemoveItemsArray
PhSelectAndEnsureVisibleProcessNode
PhGetIntegerSetting
PhDestroyEMenu
PhCmSaveSettings
PhReferenceObject
PhInsertCopyCellEMenuItem
PhfAcquireQueuedLockExclusive
PhWriteStringAsUtf8FileStream
PhGetGenericTreeNewLines
PhShellProperties
PhDereferenceObject
PhWriteStringAsUtf8FileStream2
PhSetFlagsEMenuItem
PhAddEntryHashtable
PhfReleaseFastLockShared
PhAllocate
PhCountStringZ
PhfAcquireFastLockExclusive
PhStringToInteger64
PhfEndInitOnce
PhClearHashtable
PhCreateHashtable
PhSplitStringRefAtChar
PhCreateThread2
PhfAcquireFastLockShared
PhFree
PhEnumHashtable
PhfReleaseFastLockExclusive
PhfBeginInitOnce
PhDoPropPageLayout
PhFindEntryHashtable
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
NtSetInformationProcess
NtQueryInformationProcess
RtlSecondsSince1970ToTime
NtCancelSynchronousIoFile
NtDuplicateObject
NtQueryInformationWorkerFactory
RtlSetBits
RtlInitializeBitMap
RtlInterlockedFlushSList
NtQueryPerformanceCounter
RtlInitializeSListHead
RtlInterlockedPushEntrySList
NtWaitForSingleObject
NtCreateEvent
NtClose
kernel32
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
GetProcessHeap
GetStdHandle
LocalFree
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
LCMapStringW
Sections
.text Size: 141KB - Virtual size: 140KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 65KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 544B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
UD Pro/plugins/HardwareDevices.dll.dll windows:6 windows x64 arch:x64
32f275ad89798243a4ce9f3ed3c75a6e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
H:\git\dexzunpacker
Imports
processhacker.exe
PhGetDrawInfoGraphBuffers
PhConcatStringRef2
PhAddLayoutItemEx
PhGraphStateGetDrawInfo
PhDeleteGraphState
PhSiSizeLabelYFunction
PhInitializeGraphState
PhDivideSinglesBySingle
PhFormat
PhFormatToBuffer
PhExpandEnvironmentStrings
PhExtractIconEx
PhGetListViewItemParam
PhSplitStringRefAtChar
PhSetStringSetting2
PhReferenceEmptyString
PhGetStringSetting
PhStringToInteger64
PhGetSelectedListViewItemParam
PhInitializeLayoutManager
PhFindListViewItemByFlags
PhShellOpenKey
PhGetHandleInformation
PhGetPluginCallback
PhRegisterPlugin
PhGetProcedureAddress
PhShowStatus
PhAddSettings
PhTrimStringRef
WindowsVersion
PhStringToGuid
PhQueryRegistryString
PhQueryRegistryUlong64
PhConvertMultiByteToUtf16
PhSetDialogItemText
PhGetOwnTokenAttributes
PhReAllocate
PhGetProcessDeviceMap
PhSystemBasicInformation
PhDeleteLayoutManager
PhSaveWindowPlacementToSetting
PhSaveListViewSortColumnsToSetting
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhGetIntegerPairSetting
PhLoadWindowPlacementFromSetting
PhRemoveStringBuilder
PhDrainAutoPool
PhFinalStringBuilderString
PhAddLayoutItem
PhGetStatisticsTimeString
PhInitializeAutoPool
PhSetWindowText
PhLoadListViewSortColumnsFromSetting
PhDeleteStringBuilder
PhLayoutManagerLayout
PhMainWndHandle
PhUnregisterCallback
PhGetGeneralCallback
PhRegisterCallback
PhGetSelectedListViewItemParams
PhInsertEMenuItem
PhHandleCopyListViewEMenuItem
PhSetWindowContext
PhInsertCopyListViewEMenuItem
PhAddListViewGroup
PhFormatSize
PhBufferToHexString
PhLargeIntegerToLocalSystemTime
PhSetListViewSubItem
PhSetControlTheme
PhAllocate
PhCreateEMenuItem
PhSetExtendedListView
PhAddListViewColumn
PhCreateEMenu
PhAddListViewGroupItem
PhInitializeWindowTheme
PhLoadListViewColumnsFromSetting
PhGetWindowContext
PhSetApplicationWindowIcon
PhCreateStringEx
PhSaveListViewColumnsToSetting
PhCreateThread2
PhShowEMenu
PhAddListViewItem
PhFormatString_V
PhAutoDereferenceObject
PhFormatDateTime
PhCenterWindow
PhDestroyEMenu
PhFree
PhGetListViewContextMenuPoint
PhHandleListViewNotifyBehaviors
PhRemoveWindowContext
PhCopyListView
PhFormatUInt64
PhModalPropertySheet
PhCreateList
PhDereferenceObjectDeferDelete
PhCreateString
PhDeleteCircularBuffer_ULONG64
PhfReleaseQueuedLockShared
PhCreateObjectType
PhCreateFile
PhCountStringZ
PhConcatStrings2
PhfWakeForReleaseQueuedLock
PhAddItemList
PhRemoveItemList
PhInitializeCircularBuffer_ULONG64
PhfAcquireQueuedLockShared
PhReferenceObjectSafe
PhFindItemList
PhGetIntegerSetting
PhCreateObject
PhReferenceObject
PhfAcquireQueuedLockExclusive
PhEqualStringRef
PhDereferenceObject
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
NtQueryVolumeInformationFile
NtFsControlFile
NtDeviceIoControlFile
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
NtClose
kernel32
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
FreeLibrary
LoadLibraryW
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
Sections
.text Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 55KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 400B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
UD Pro/plugins/NetworkTools.dll.dll windows:6 windows x64 arch:x64
c0fa1210a192ae69354e312affa6f1af
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
H:\git\dexzunpacker
Imports
processhacker.exe
PhDestroyEMenu
PhFindStringInStringRef
PhShowEMenu
PhFinalStringBuilderString
PhRemoveStringBuilder
PhSetClipboardString
PhGetWin32Message
PhHandleCopyCellEMenuItem
PhCreateEMenu
PhAppendFormatStringBuilder
PhDnsFree
PhInitializeStringBuilder
PhGetTreeNewText
PhFindEntryHashtable
PhfBeginInitOnce
PhCmSaveSettings
PhCreateObject
PhCreateHashtable
PhClearHashtable
PhInitializeTreeNewColumnMenu
PhHandleTreeNewColumnMenu
PhfEndInitOnce
PhAddItemList
PhDeleteTreeNewColumnMenu
PhCmLoadSettings
PhClearList
PhSetIntegerPairSetting
PhSetControlTheme
PhCreateObjectType
PhCreateList
PhAddEntryHashtable
PhfResetEvent
PhShellExecute
PhConcatStrings
PhDeleteCacheFile
PhOpenKey
PhShowMessage
PhQueryRegistryString
PhCreateDirectory
PhHttpSocketConnect
PhCreateFileWin32
PhConvertUtf16ToUtf8
PhRegisterWindowCallback
PhGetPhVersionNumbers
PhHttpSocketParseUrl
PhHttpSocketAddRequestHeaders
PhHttpSocketDestroy
PhHttpSocketReadData
PhHttpSocketQueryHeaderString
PhHttpSocketQueryHeaderUlong
PhGetPhVersion
PhConcatStrings2
PhHttpSocketEndRequest
PhHttpSocketCreate
PhDeleteFileWin32
PhGetFullPath
PhfWaitForEvent
PhHttpSocketSetFeature
PhCreateCacheFile
PhUnregisterWindowCallback
PhFormatToBuffer
PhCreateThreadEx
PhHttpSocketSendRequest
PhCreateBytesEx
PhReAllocate
PhReferenceEmptyString
PhStringToInteger64
PhFindEMenuItem
PhCountStringZ
PhTrimStringRef
PhInsertCopyCellEMenuItem
PhCreateAlloc
PhAppendStringBuilder2
PhSetFlagsEMenuItem
PhShellProcessHacker
PhGetApplicationIcon
PhGetGlobalWorkQueue
PhfSetEvent
PhMainWndHandle
PhSetWindowContext
PhGenerateRandomAlphaString
PhFormatString
PhAllocate
PhSaveWindowPlacementToSetting
PhDivideSinglesBySingle
PhInitializeGraphState
PhInitializeCircularBuffer_ULONG
PhDeleteAutoPool
PhInitializeWindowTheme
PhConvertUtf16ToMultiByte
PhSiSetColorsGraphDrawInfo
PhUnregisterCallback
PhDeleteGraphState
PhGlobalDpi
PhGraphStateGetDrawInfo
PhGetIntegerPairSetting
PhAddLayoutItemEx
PhGetWindowContext
PhSetApplicationWindowIcon
PhLoadWindowPlacementFromSetting
PhCreateStringEx
PhDnsQuery
PhDrainAutoPool
PhQueueItemWorkQueue
PhCreateThread2
PhFormatString_V
PhDeleteWorkQueue
PhSetGraphText
PhInitializeAutoPool
PhCenterWindow
PhFree
PhSetWindowText
PhInitializeWorkQueue
PhRemoveWindowContext
PhGetStatisticsTimeString
PhInitializeLayoutManager
PhDeleteLayoutManager
PhFreeFileDialog
PhShowFileDialog
PhGetWindowText
PhSetFileDialogFilter
PhCreateOpenFileDialog
PhGetFileDialogFileName
PhSetFileDialogFileName
PhGetDialogItemValue
PhSetStringSetting2
PhSetDialogItemText
PhAddLayoutItem
PhSetIntegerSetting
PhGetFileName
PhLayoutManagerLayout
PhSetDialogItemValue
PhInsertEMenuItem
PhCreateString
PhaChoiceDialog
PhFormatSize
PhPluginCreateEMenuItem
PhCreateEMenuItem
PhCompareStringRef
PhfWakeForReleaseQueuedLock
PhAddSettings
PhGetGeneralCallback
PhPluginSetObjectExtension
PhRegisterCallback
PhGetIntegerSetting
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhfAcquireQueuedLockExclusive
PhPluginGetObjectExtension
PhGetOwnTokenAttributes
PhFormatUInt64
PhQuerySystemTime
PhConvertUtf8ToUtf16Ex
PhEqualStringRef
PhGetStringSetting
PhDoesFileExistsWin32
PhGetBaseName
PhLoadPngImageFromResource
PhAutoDereferenceObject
PhConcatStringRef2
PhReferenceObject
PhExpandEnvironmentStrings
PhDereferenceObject
PhDetermineDosPathNameType
PhHttpSocketBeginRequest
PhGetApplicationDirectory
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
NtClose
NtWriteFile
RtlIpv6AddressToStringExW
RtlIpv4StringToAddressW
RtlIpv4AddressToStringExW
RtlIpv6StringToAddressW
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlTimeToSecondsSince1970
kernel32
FindFirstFileExW
WideCharToMultiByte
SetEndOfFile
LCMapStringW
MultiByteToWideChar
SetStdHandle
GetStdHandle
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetFileType
SetFilePointerEx
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FindClose
WriteFile
ReadFile
LoadLibraryW
GetLastError
MapViewOfFile
CreateFileMappingW
GetFileSize
CloseHandle
UnmapViewOfFile
CreateFileW
GetCommandLineA
GetCommandLineW
GetProcessHeap
GetStringTypeW
WriteConsoleW
FlushFileBuffers
HeapSize
HeapReAlloc
Sections
.text Size: 179KB - Virtual size: 178KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 216KB - Virtual size: 215KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 104KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 432B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 144KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
UD Pro/plugins/OnlineChecks.dll.dll windows:6 windows x64 arch:x64
018c944eb333471d0bd281f049ab5ba7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
H:\git\dexzunpacker
Imports
processhacker.exe
PhFormatString
PhCreateObjectType
PhBufferToHexString
PhFinalHash
PhFormatSize
PhQuerySystemTime
PhGetFileSize
PhInitializeHash
PhGetJsonObjectBool
PhCreateString
PhFormatToBuffer
PhSetWindowContext
PhGetJsonValueAsString
PhGetJsonObject
PhHttpSocketSendRequest
PhOpenKey
PhCreateBytesEx
PhQueryRegistryUlong
PhCreateJsonArray
PhFormatDate
PhExpandEnvironmentStrings
PhConvertUtf8ToUtf16
PhCreateJsonObject
PhHttpSocketCreate
PhConcatStringRef2
PhFree
PhFormatDateTime
PhQueryRegistryString
PhGetServiceDllParameter
PhDelayExecution
PhGetJsonObjectAsArrayList
PhGetJsonArrayIndexObject
PhConvertUtf16ToUtf8
PhGetJsonArrayString
PhHexStringToBuffer
PhConvertUtf16ToMultiByte
PhAddJsonArrayObject
PhAddItemList
PhFormatTime
PhCreateBytes
PhQueryFullAttributesFileWin32
PhParseCommandLineFuzzy
PhGetJsonArrayLength
PhAddJsonObject
PhLargeIntegerToLocalSystemTime
PhCreateList
PhCreateThreadEx
PhHttpSocketEndRequest
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
PhGetPhVersion
PhfEndInitOnce
PhHttpSocketQueryHeaderUlong
PhHttpSocketDestroy
PhDeleteAutoPool
PhHttpSocketAddRequestHeaders
PhCountStringZ
PhGetJsonValueAsLong64
PhSetFilePosition
PhShowStatus
PhHttpSocketParseUrl
PhGetClassObject
PhUpdateHash
PhGetBaseName
PhGetWindowContext
PhHttpSocketGetErrorMessage
PhCreateFileWin32
PhLoadMappedImageEx
PhSetApplicationWindowIcon
PhCreateThread2
PhHttpSocketConnect
PhFreeJsonParser
PhHttpSocketWriteData
PhCreateObject
PhInitializeAutoPool
PhCenterWindow
PhConvertUtf16ToAsciiEx
PhUnloadMappedImage
PhDeleteStringBuilder
PhGetJsonArrayLong64
PhHttpSocketDownloadString
PhCreateJsonParser
PhfBeginInitOnce
PhRemoveWindowContext
PhHttpSocketBeginRequest
PhShellExecute
PhFormatUInt64
PhGetGlobalWorkQueue
PhQueueItemWorkQueue
PhFormatString_V
PhMainWndHandle
PhInsertEMenuItem
PhShellProcessHacker
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhCreateEMenuItem
PhGetApplicationIcon
PhCompareStringRef
PhSetFileDialogFilter
PhFindEMenuItem
PhCreateOpenFileDialog
PhAddSettings
PhGetFileDialogFileName
PhGetGeneralCallback
PhPluginSetObjectExtension
PhIndexOfEMenuItem
PhAutoDereferenceObject
PhRegisterCallback
PhSetIntegerSetting
PhGetIntegerSetting
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhPluginGetObjectExtension
PhHashStringRef
PhFormat
PhAllocate
PhEqualStringRef
PhAddEntryHashtableEx
PhfWakeForReleaseQueuedLock
PhCreateHashtable
PhReferenceObject
PhfAcquireQueuedLockExclusive
PhDereferenceObject
PhGetFileName
PhFindEntryHashtable
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
RtlNtStatusToDosError
NtQueryInformationThread
NtClose
NtSetInformationThread
NtReadFile
RtlRandomEx
kernel32
GetStringTypeW
GetProcessHeap
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
SystemTimeToTzSpecificLocalTime
GetLastError
GetConsoleOutputCP
GetConsoleMode
CloseHandle
CreateFileW
WriteConsoleW
SetStdHandle
Sections
.text Size: 114KB - Virtual size: 114KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
UD Pro/plugins/ToolStatus.dll.dll windows:6 windows x64 arch:x64
b6a137390249c4616d291536ebce5df5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
H:\git\dexzunpacker
Imports
processhacker.exe
PhUiTerminateProcesses
PhGetWindowText
PhPluginGetSystemStatistics
PhFindProcessNode
PhSetSelectThreadIdProcessPropContext
PhGetFilterSupportProcessTreeList
PhGetServiceStartTypeString
PhOpenKey
PhExpandEnvironmentStrings
PhGetTcpStateName
PhQueryValueKey
PhGetProcessPriorityClassString
PhGetFileName
PhConcatStringRef2
PhQueryRegistryString
PhGetServiceStateString
PhGetServiceDllParameter
PhCreateEMenu
PhGetServiceErrorControlString
PhfAcquireQueuedLockShared
PhGetProtocolTypeName
PhGetServiceTypeString
PhParseCommandLineFuzzy
PhDereferenceObjects
PhfReleaseQueuedLockShared
PhCreateString
PhFormatToBuffer
PhClearList
PhCountStringZ
PhLoadIcon
PhInitializeWindowThemeStatusBar
PhLoadPngImageFromResource
PhAddTreeNewFilter
PhCreateSearchControl
PhIconToBitmap
PhFindEMenuItem
PhDestroyEMenuItem
PhInvokeCallback
PhAddSettings
WindowsVersion
PhThemeWindowDrawRebar
PhGetGeneralCallback
PhRegisterMessageLoopFilter
PhShowProcessProperties
PhIndexOfEMenuItem
PhApplyTreeNewFilters
PhShowEMenu
PhExpandAllProcessNodes
PhRegisterCallback
PhGetFilterSupportServiceTreeList
PhDeselectAllServiceNodes
PhDestroyEMenu
PhGetFilterSupportNetworkTreeList
PhReferenceProcessItem
PhRegisterPlugin
PhReferenceObject
PhGetPluginCallback
PhHungWindowFromGhostWindow
PhCreateAlloc
PhShowMessage
PhThemeWindowDrawToolbar
PhGetOwnTokenAttributes
PhCreateProcessPropContext
PhDeselectAllProcessNodes
PhAddItemSimpleHashtable
PhInsertEMenuItem
PhCreateList
PhRemoveItemSimpleHashtable
PhModifyEMenuItem
PhShowProcessRecordDialog
PhFormat
PhSystemBasicInformation
PhPluginCreateEMenuItem
PhDivideSinglesBySingle
PhEqualStringRef
PhInitializeGraphState
PhCreateEMenuItem
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
PhStringToInteger64
PhAddItemList
PhGetStringSetting
PhSiSetColorsGraphDrawInfo
PhDeleteGraphState
PhReferenceEmptyString
PhGraphStateGetDrawInfo
PhSetStringSetting2
PhSplitStringRefAtChar
PhRemoveStringBuilder
PhFinalStringBuilderString
PhCopyCircularBuffer_FLOAT
PhFindItemSimpleHashtable
PhDereferenceProcessRecord
PhAutoDereferenceObject
PhFindProcessRecord
PhDereferenceObject
PhGetPluginName
PhGetStatisticsTime
PhCreateSimpleHashtable
PhGetStatisticsTimeString
PhInitializeWindowTheme
PhAddComboBoxStrings
PhSetIntegerSetting
PhGetIntegerSetting
PhMainWndHandle
PhSetWindowContext
PhAllocate
PhInsertItemList
PhRemoveItemList
PhGlobalDpi
PhGetWindowContext
PhCenterWindow
PhFree
PhFindStringInStringRef
PhRemoveWindowContext
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
NtClose
kernel32
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetConsoleMode
Sections
.text Size: 89KB - Virtual size: 89KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 51KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 552B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
UD Pro/plugins/Updater.dll.dll windows:6 windows x64 arch:x64
7b63668845862659f79d67e846e4a432
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
H:\git\dexzunpacker
Imports
processhacker.exe
PhFormatString_V
PhGetApplicationDirectory
PhOpenKey
PhQueryRegistryUlong
PhConcatStrings
PhFormatDateTime
PhCreateFileWin32
PhHttpSocketGetErrorMessage
PhShowStatus
PhLargeIntegerToLocalSystemTime
PhBufferToHexString
PhMainWndHandle
PhfResetEvent
PhfBeginInitOnce
PhShowMessage
PhGetFileName
PhConcatStringRef2
PhInitializeAutoPool
PhCreateObject
PhDelayExecution
PhQueueItemWorkQueue
PhSplitStringRefAtChar
PhGetGlobalWorkQueue
PhSetStringSetting2
PhRegisterWindowCallback
PhGetApplicationIcon
PhHttpSocketParseUrl
PhHttpSocketAddRequestHeaders
PhGetStringSetting
PhDeleteAutoPool
PhHttpSocketReadData
PhHttpSocketQueryHeaderUlong
PhfEndInitOnce
PhStringToInteger64
PhClearCacheDirectory
PhGetFileVersionInfo
PhGetKernelFileName
PhIsExecutingInWow64
PhfWaitForEvent
PhFormatString
PhCreateObjectType
PhFormat
PhSplitStringRefAtLastChar
PhFormatSize
PhQuerySystemTime
PhCreateCacheFile
PhUnregisterWindowCallback
PhFormatToBuffer
PhCreateThreadEx
PhIntegerToString64
PhHexStringToBufferEx
PhfSetEvent
PhHttpSocketSendRequest
PhGetSelectedListViewItemParams
PhGetJsonObject
PhGetJsonValueAsString
PhHandleCopyListViewEMenuItem
PhSetWindowContext
PhAutoDereferenceObject
PhCreateList
PhInsertCopyListViewEMenuItem
PhInitializeLayoutManager
PhDeleteLayoutManager
PhSetListViewSubItem
PhFindListViewItemByFlags
PhSetControlTheme
PhAllocate
PhGetJsonArrayLength
PhSaveWindowPlacementToSetting
PhTrimStringRef
PhGetPhVersionHash
PhEqualStringRef
PhSaveListViewSortColumnsToSetting
PhHttpSocketCreate
PhCreateEMenuItem
PhHttpSocketEndRequest
PhSetExtendedListView
PhInitializeStringBuilder
PhConcatStrings2
PhAddListViewColumn
PhGetPhVersion
PhCreateEMenu
PhAddItemList
PhHttpSocketDestroy
PhLoadListViewColumnsFromSetting
PhGetJsonValueAsLong64
PhGetJsonObjectType
PhReferenceEmptyString
PhGetIntegerPairSetting
PhGetJsonArrayIndexObject
PhGetWindowContext
PhSetApplicationWindowIcon
PhLoadWindowPlacementFromSetting
PhCreateStringEx
PhGetListViewItemParam
PhFinalStringBuilderString
PhSaveListViewColumnsToSetting
PhHandleListViewNotifyForCopy
PhCreateThread2
PhAddLayoutItem
PhShowEMenu
PhHttpSocketConnect
PhAddListViewItem
PhFindStringInStringRef
PhFreeJsonParser
PhSetIntegerSetting
PhAppendCharStringBuilder
PhCenterWindow
PhDestroyEMenu
PhFree
PhReferenceObject
PhGetListViewContextMenuPoint
PhLoadListViewSortColumnsFromSetting
PhHttpSocketDownloadString
PhFormatDate
PhAppendStringBuilder2
PhGetListViewItemText
PhLayoutManagerLayout
PhDereferenceObject
PhCreateJsonParser
PhRemoveWindowContext
PhHttpSocketBeginRequest
PhShellExecute
PhCopyListView
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhAddSettings
PhGetGeneralCallback
PhRegisterCallback
PhGetIntegerSetting
PhRegisterPlugin
PhGetPhVersionNumbers
PhGetPluginCallback
ntdll
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtWriteFile
NtClose
RtlSecondsSince1970ToTime
kernel32
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetProcessHeap
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
GetLastError
SystemTimeToTzSpecificLocalTime
CloseHandle
CreateFileW
WriteConsoleW
FlushFileBuffers
Sections
.text Size: 89KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 52KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 280B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
UD Pro/plugins/UserNotes.dll.dll windows:6 windows x64 arch:x64
003dda534affb84933924ca91fe503ad
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
H:\git\dexzunpacker
Imports
processhacker.exe
PhFindEMenuItem
PhSetFileDialogFilter
PhCompareStringRef
PhPropPageDlgProcHeader
PhGetWindowText
PhInitializeStringBuilder
PhCreateEMenuItem
PhShowFileDialog
PhGetPluginInformation
PhFreeFileDialog
PhDeleteLayoutManager
PhInvalidateAllProcessNodes
PhOpenProcess
PhPluginAddMenuHook
PhInitializeLayoutManager
PhSetWindowContext
PhInsertEMenuItem
PhMainWndHandle
PhAppendFormatStringBuilder
PhCreateOpenFileDialog
PhAddSettings
PhInitializeWindowTheme
PhGetStringSetting
PhDoesFileExistsWin32
PhGetFileDialogFileName
PhShowStatus
PhSetFileDialogFileName
PhGetGeneralCallback
PhFindPlugin
PhSetStringSetting2
PhGetWindowContext
PhPluginSetObjectExtension
PhSplitStringRefAtChar
PhSetDialogItemText
PhAddProcessPropPage
PhGetSelectedProcessItems
PhRemoveStringBuilder
PhShowProcessAffinityDialog2
PhDoPropPageLayout
PhFinalStringBuilderString
PhAddLayoutItem
PhFormatString_V
PhAutoDereferenceObject
PhRegisterCallback
PhGetIntegerSetting
PhCenterWindow
PhGetSelectedProcessItem
PhConcatStringRef2
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhGetFileName
PhCreateProcessPropPageContextEx
PhExpandEnvironmentStrings
PhPluginGetObjectExtension
PhLayoutManagerLayout
PhDuplicateProcessNodeList
PhDetermineDosPathNameType
PhRemoveWindowContext
PhAddPropPageLayoutItem
PhGetApplicationDirectory
PhIntegerToString64
PhFormatToBuffer
mxmlSaveFd
PhHashStringRef
mxmlGetFirstChild
PhGetFileSize
mxmlNewElement
mxmlGetType
mxmlElementGetAttrCount
PhAllocate
PhGetFullPath
mxmlLoadFd
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhRemoveEntryHashtable
PhAddEntryHashtableEx
PhStringToInteger64
PhfWakeForReleaseQueuedLock
mxmlGetNextSibling
mxml_opaque_cb
PhReferenceEmptyString
PhCreateHashtable
PhCreateFileWin32
PhCreateStringEx
PhCreateDirectory
PhFree
PhReferenceObject
mxmlElementSetAttr
mxmlElementGetAttrByIndex
PhConvertUtf8ToUtf16
PhfAcquireQueuedLockExclusive
mxmlNewOpaque
PhEnumHashtable
mxmlGetOpaque
mxmlDelete
PhDereferenceObject
PhPluginCreateEMenuItem
PhFindEntryHashtable
ntdll
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtSetInformationProcess
NtQueryInformationProcess
NtClose
kernel32
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
WriteFile
Sections
.text Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
UD Pro/plugins/WindowExplorer.dll.dll windows:6 windows x64 arch:x64
a5e10782bb9a15f50ec468738aa27ace
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
H:\git\dexzunpacker
Imports
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
NtClose
kernel32
GetModuleFileNameW
WriteConsoleW
LoadLibraryW
CreateFileW
SetFilePointerEx
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetConsoleMode
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
CloseHandle
Sections
.text Size: 80KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 52KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ