kyle cracking[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

kyle cracking.rar
Size

7.9MB
MD5

c098533414fd886dc4a2a473d2fef1fd
SHA1

5a70c788c53c83559d3aa6841532e4046753dd25
SHA256

9d9b5187ce3d32ba2d6c1d7f0e3e773ae4ae8886350e7abbbc2aea15d9c8af82
SHA512

a8923872a6e9676654dd17ee9cf977f10174cce5412a995c200f91762d329d0b09e8f31ab9f94d4e81857b518b535fbf1d2c4e6d56bcb23adacb3dd82c016366
SSDEEP

196608:FU2TZ2pWWhoLoUVl0lSY9DOLAZ/OLA4FGGgy:pINO8zh/F/O/gy

Score

7^/10

themida

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
static1/unpack001/kyle cracking/Disk Woofer Loader/nebula disk spoofer.exe	net_reactor

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/kyle cracking/paint.exe	themida

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kyle cracking/Disk Woofer Loader/nebula disk spoofer.exe
unpack001/kyle cracking/Emulator.exe
unpack001/kyle cracking/UD Proccess Hacker/Process Hacker/DUP.exe
unpack001/kyle cracking/UD Proccess Hacker/Process Hacker/plugins/DUP.exe
unpack001/kyle cracking/UD Proccess Hacker/Process Hacker/plugins/DotNetTools.dll
unpack001/kyle cracking/UD Proccess Hacker/Process Hacker/plugins/ExtendedNotifications.dll
unpack001/kyle cracking/UD Proccess Hacker/Process Hacker/plugins/ExtendedServices.dll
unpack001/kyle cracking/UD Proccess Hacker/Process Hacker/plugins/ExtendedTools.dll
unpack001/kyle cracking/UD Proccess Hacker/Process Hacker/plugins/HardwareDevices.dll
unpack001/kyle cracking/UD Proccess Hacker/Process Hacker/plugins/NetworkTools.dll
unpack001/kyle cracking/UD Proccess Hacker/Process Hacker/plugins/OnlineChecks.dll
unpack001/kyle cracking/UD Proccess Hacker/Process Hacker/plugins/ToolStatus.dll
unpack001/kyle cracking/UD Proccess Hacker/Process Hacker/plugins/Updater.dll
unpack001/kyle cracking/UD Proccess Hacker/Process Hacker/plugins/UserNotes.dll
unpack001/kyle cracking/UD Proccess Hacker/Process Hacker/plugins/WindowExplorer.dll
unpack001/kyle cracking/paint.exe

Files

kyle cracking.rar
.rar
kyle cracking/Disk Woofer Loader/Check Disk.bat
kyle cracking/Disk Woofer Loader/nebula disk spoofer.exe
.exe windows:6 windows x64 arch:x64

6a91eb82bfd19d2706c7d43c46f7064e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

Imports

kernel32

FreeLibrary
LoadLibraryExW
OutputDebugStringW
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
GetEnvironmentVariableW
GetModuleHandleW
MultiByteToWideChar
GetFileAttributesExW
LoadLibraryA
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetWindowsDirectoryW
FindResourceW
GetLastError
ActivateActCtx
FindClose
CreateActCtxW
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
SwitchToThread
GetCurrentThreadId
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
abort
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
terminate
__p___argc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fputwc
__p__commode
_set_fmode
fputws
_wfsopen
fflush
__stdio_common_vfwprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
setvbuf

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

toupper
_wcsdup
wcsncmp
wcsnlen
strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstoul
_wtoi

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64
wcsftime

api-ms-win-crt-locale-l1-1-0

setlocale
___mb_cur_max_func
_configthreadlocale
___lc_codepage_func
___lc_locale_name_func
__pctype_func
_lock_locales
_unlock_locales

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
kyle cracking/Emulator.exe
.exe windows:6 windows x64 arch:x64

479c5d85ae03022bb2d0ad2e60480a77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\PC\Desktop\Keyauth-Emulator-main\x64\Release\Emulator.pdb

Imports

libcrypto-3-x64

BIO_ctrl
BIO_new_socket

libssl-3-x64

SSL_shutdown
SSL_CTX_use_certificate_chain_file
SSL_read
SSL_pending
SSL_accept
SSL_set_bio
SSL_ctrl
SSL_write
SSL_CTX_new
SSL_CTX_use_PrivateKey_file
SSL_CTX_ctrl
SSL_CTX_free
SSL_new
SSL_CTX_set_options
SSL_free
OPENSSL_init_ssl
TLS_server_method
SSL_get_error

ws2_32

WSACleanup
accept
bind
closesocket
select
shutdown
listen
WSASocketW
getaddrinfo
getpeername
getsockname
send
socket
ntohs
recv
freeaddrinfo
ioctlsocket
getnameinfo
setsockopt
WSAGetLastError
WSAStartup

kernel32

SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
ReadFile
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
HeapReAlloc
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
GetCommandLineW
GetCommandLineA
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
SetConsoleTextAttribute
GetStdHandle
GetFileSizeEx
SetConsoleTitleA
CreateFile2
UnmapViewOfFile
Sleep
CloseHandle
CreateFileMappingFromApp
MapViewOfFileFromApp
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
WakeConditionVariable
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
RtlPcToFileHeader
RaiseException
LocalFree
GetLocaleInfoEx
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
RtlUnwind
AreFileApisANSI
GetLastError
GetProcAddress
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
TryAcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
FreeLibraryAndExitThread
RtlUnwindEx
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread

Sections

.text
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/UD Proccess Hacker/Process Hacker/DUP.exe
.exe windows:6 windows x64 arch:x64

b046ada30a55647ce37232cfc87630a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

H:\git\dexzunpacker

Imports

ntdll

NtOpenThreadToken
NtTestAlert
NtPowerInformation
NtSetInformationToken
RtlSubAuthorityCountSid
RtlFreeSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
RtlLengthSid
NtCreateSection
RtlQueryElevationFlags
NtReleaseSemaphore
NtSetHighEventPair
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlTimeToSecondsSince1980
NtCreateDirectoryObject
RtlGUIDFromString
NtDuplicateToken
RtlRandomEx
RtlTimeToTimeFields
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
LdrFindResource_U
RtlDestroyProcessParameters
RtlGetFullPathName_UEx
RtlFindMessage
RtlStringFromGUID
RtlCreateProcessParameters
RtlNtStatusToDosError
RtlCreateUserProcess
RtlGetDaclSecurityDescriptor
RtlIpv4AddressToStringW
LdrAccessResource
RtlUnicodeToMultiByteN
RtlUpcaseUnicodeChar
NtAllocateVirtualMemory
RtlReAllocateHeap
NtDelayExecution
RtlUTF8ToUnicodeN
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlCreateUserThread
RtlUnicodeToMultiByteSize
RtlUnicodeToUTF8N
RtlInterlockedPopEntrySList
RtlGetVersion
RtlCreateTimerQueue
NtUnlockFile
NtSetInformationFile
NtLockFile
NtFlushBuffersFile
NtQueryInformationFile
NtGetContextThread
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
NtQueryValueKey
NtQueryKey
NtDeleteKey
NtOpenProcessToken
NtOpenThread
RtlQueueApcWow64Thread
RtlAppendUnicodeStringToString
NtOpenSymbolicLinkObject
NtEnumerateKey
NtUnloadDriver
NtEnumerateValueKey
RtlAppendUnicodeToString
RtlDestroyQueryDebugBuffer
NtOpenKey
RtlConvertSidToUnicodeString
NtQuerySymbolicLinkObject
RtlQueryProcessDebugInformation
NtOpenProcess
NtCreateNamedPipeFile
NtSetSecurityObject
RtlQueryEnvironmentVariable_U
NtDeleteValueKey
NtQueryAttributesFile
NtOpenDirectoryObject
RtlGetUnloadEventTraceEx
NtFsControlFile
NtQueryDirectoryObject
NtAdjustGroupsToken
RtlCreateQueryDebugBuffer
NtLoadKeyEx
NtCreateKey
NtQueueApcThreadEx
NtCreateFile
NtQueryDirectoryFile
NtOpenSection
NtQuerySecurityObject
NtSetValueKey
NtOpenFile
NtAlertResumeThread
NtQueryFullAttributesFile
NtSetInformationObject
NtDeviceIoControlFile
NtReleaseKeyedEvent
NtWaitForKeyedEvent
NtCreateKeyedEvent
NtClearEvent
NtQueryObject
NtCreateSemaphore
RtlLengthSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMapGenericMask
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
NtSetTimer
NtAlertThread
NtCreateTimer
RtlNtStatusToDosErrorNoTeb
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlFirstEntrySList
NtQueryInformationToken
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
RtlEqualSid
NtCreateMutant
RtlSetCurrentDirectory_U
RtlSetUnhandledExceptionFilter
RtlExitUserProcess
NtAdjustPrivilegesToken
NtOpenMutant
NtSystemDebugControl
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtQueryMutant
NtQueryVolumeInformationFile
NtMapViewOfSection
NtQuerySection
NtGetNextProcess
RtlDeleteTimer
RtlCreateTimer
RtlUpdateTimer
RtlSetHeapInformation
RtlInitializeCriticalSection
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDetermineDosPathNameType_U
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtAlpcQueryInformation
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtShutdownSystem
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtSetInformationThread
NtResumeProcess
NtTerminateThread
NtRemoveProcessDebug
NtQueryInformationProcess
NtSuspendThread
NtFreeVirtualMemory
RtlExpandEnvironmentStrings_U
RtlSecondsSince1970ToTime

kernel32

HeapSize
CreateFileW
CloseHandle
FlushFileBuffers
GetProcessHeap
GetCommandLineW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
SetStdHandle
HeapReAlloc
GetOEMCP
GetACP
IsValidCodePage
MultiByteToWideChar
GetCPInfo
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetFileType
SetFilePointerEx
GetFileSizeEx
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
ReadFile
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW
GlobalSize
LocalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
LoadLibraryExW
GetDateFormatW
CreateProcessW
GetTimeFormatW
GetNumberFormatW
GetLocaleInfoW
SearchPathW
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
AllocConsole
GetConsoleWindow
FreeConsole
SetConsoleCtrlHandler
LocalFree
GetLastError
SetEndOfFile

Exports

Exports

PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddJsonArrayObject
PhAddJsonObject
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewGroup
PhAddListViewGroupItem
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSetting
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppResolverGetAppIdForWindow
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBoostProvider
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCacheDirectory
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearIgnoredSettings
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConnectPipe
PhConvertIgnoredSettings
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateCacheFile
PhCreateDirectory
PhCreateEMenu
PhCreateEMenuItem
PhCreateFile
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateJsonArray
PhCreateJsonObject
PhCreateJsonParser
PhCreateKey
PhCreateList
PhCreateNamedPipe
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePipe
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSearchControl
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhCreateThread2
PhCreateThreadEx
PhDecodeUnicodeDecoder
PhDelayExecution
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCacheFile
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteDirectory
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteProviderThread
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDetermineDosPathNameType
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDnsFree
PhDnsQuery
PhDoPropPageLayout
PhDoesFileExistsWin32
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDrawTrayIconText
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumChildWindows
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHandlesEx2
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEnumWindows
PhEnumerateKey
PhEnumerateValueKey
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExecuteRunAsCommand3
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhExtractIcon
PhExtractIconEx
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreeJsonParser
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetApplicationIcon
PhGetBaseDirectory
PhGetBaseName
PhGetClassObject
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDialogItemValue
PhGetDllFileName
PhGetDllHandle
PhGetDrawInfoGraphBuffers
PhGetEnabledProvider
PhGetEtwPublisherName
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFilePosition
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetGlobalTimerQueue
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetJsonArrayIndexObject
PhGetJsonArrayLength
PhGetJsonArrayLong64
PhGetJsonArrayString
PhGetJsonObject
PhGetJsonObjectAsArrayList
PhGetJsonObjectBool
PhGetJsonObjectLength
PhGetJsonObjectType
PhGetJsonValueAsLong64
PhGetJsonValueAsString
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetListViewItemText
PhGetMappedImageCfg
PhGetMappedImageCfgEntry
PhGetMappedImageExportFunction
PhGetMappedImageExports
PhGetMappedImageLoadConfig32
PhGetMappedImageLoadConfig64
PhGetMessage
PhGetModuleFromAddress
PhGetModuleProcAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPhVersion
PhGetPhVersionHash
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginFileName
PhGetPluginInformation
PhGetPluginName
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddress
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessDeviceMap
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessInformationCache
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessKnownTypeEx
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPriorityClassString
PhGetProcessUnloadedDlls
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetScalableIntegerPairSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceDllParameter
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStatusMessage
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenIntegrityLevelRID
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowContext
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHandleCopyCellEMenuItem
PhHandleCopyListViewEMenuItem
PhHandleListViewNotifyBehaviors
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHashBytes
PhHashStringRef
PhHexStringToBuffer
PhHexStringToBufferEx
PhHttpDnsQuery
PhHttpSocketAddRequestHeaders
PhHttpSocketBeginRequest
PhHttpSocketConnect
PhHttpSocketCreate
PhHttpSocketDestroy
PhHttpSocketDownloadString
PhHttpSocketEndRequest
PhHttpSocketGetErrorMessage
PhHttpSocketParseUrl
PhHttpSocketQueryHeaderString
PhHttpSocketQueryHeaderUlong
PhHttpSocketQueryHeaders
PhHttpSocketQueryOptionString
PhHttpSocketReadData
PhHttpSocketReadDataToBuffer
PhHttpSocketSendRequest
PhHttpSocketSetCredentials
PhHttpSocketSetFeature
PhHttpSocketSetSecurity
PhHttpSocketWriteData
PhHungWindowFromGhostWindow
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeMappedImage
PhInitializeProviderThread
PhInitializeStringBuilder
PhInitializeThemeWindowHeader
PhInitializeTreeNewColumnMenu
PhInitializeTreeNewFilterSupport
PhInitializeWindowTheme
PhInitializeWindowThemeStatusBar
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInsertCopyCellEMenuItem
PhInsertCopyListViewEMenuItem
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 529KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/UD Proccess Hacker/Process Hacker/plugins/DUP.exe
.exe windows:6 windows x64 arch:x64

b046ada30a55647ce37232cfc87630a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

H:\git\dexzunpacker

Imports

ntdll

NtOpenThreadToken
NtTestAlert
NtPowerInformation
NtSetInformationToken
RtlSubAuthorityCountSid
RtlFreeSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
RtlLengthSid
NtCreateSection
RtlQueryElevationFlags
NtReleaseSemaphore
NtSetHighEventPair
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlTimeToSecondsSince1980
NtCreateDirectoryObject
RtlGUIDFromString
NtDuplicateToken
RtlRandomEx
RtlTimeToTimeFields
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
LdrFindResource_U
RtlDestroyProcessParameters
RtlGetFullPathName_UEx
RtlFindMessage
RtlStringFromGUID
RtlCreateProcessParameters
RtlNtStatusToDosError
RtlCreateUserProcess
RtlGetDaclSecurityDescriptor
RtlIpv4AddressToStringW
LdrAccessResource
RtlUnicodeToMultiByteN
RtlUpcaseUnicodeChar
NtAllocateVirtualMemory
RtlReAllocateHeap
NtDelayExecution
RtlUTF8ToUnicodeN
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlCreateUserThread
RtlUnicodeToMultiByteSize
RtlUnicodeToUTF8N
RtlInterlockedPopEntrySList
RtlGetVersion
RtlCreateTimerQueue
NtUnlockFile
NtSetInformationFile
NtLockFile
NtFlushBuffersFile
NtQueryInformationFile
NtGetContextThread
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
NtQueryValueKey
NtQueryKey
NtDeleteKey
NtOpenProcessToken
NtOpenThread
RtlQueueApcWow64Thread
RtlAppendUnicodeStringToString
NtOpenSymbolicLinkObject
NtEnumerateKey
NtUnloadDriver
NtEnumerateValueKey
RtlAppendUnicodeToString
RtlDestroyQueryDebugBuffer
NtOpenKey
RtlConvertSidToUnicodeString
NtQuerySymbolicLinkObject
RtlQueryProcessDebugInformation
NtOpenProcess
NtCreateNamedPipeFile
NtSetSecurityObject
RtlQueryEnvironmentVariable_U
NtDeleteValueKey
NtQueryAttributesFile
NtOpenDirectoryObject
RtlGetUnloadEventTraceEx
NtFsControlFile
NtQueryDirectoryObject
NtAdjustGroupsToken
RtlCreateQueryDebugBuffer
NtLoadKeyEx
NtCreateKey
NtQueueApcThreadEx
NtCreateFile
NtQueryDirectoryFile
NtOpenSection
NtQuerySecurityObject
NtSetValueKey
NtOpenFile
NtAlertResumeThread
NtQueryFullAttributesFile
NtSetInformationObject
NtDeviceIoControlFile
NtReleaseKeyedEvent
NtWaitForKeyedEvent
NtCreateKeyedEvent
NtClearEvent
NtQueryObject
NtCreateSemaphore
RtlLengthSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMapGenericMask
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
NtSetTimer
NtAlertThread
NtCreateTimer
RtlNtStatusToDosErrorNoTeb
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlFirstEntrySList
NtQueryInformationToken
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
RtlEqualSid
NtCreateMutant
RtlSetCurrentDirectory_U
RtlSetUnhandledExceptionFilter
RtlExitUserProcess
NtAdjustPrivilegesToken
NtOpenMutant
NtSystemDebugControl
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtQueryMutant
NtQueryVolumeInformationFile
NtMapViewOfSection
NtQuerySection
NtGetNextProcess
RtlDeleteTimer
RtlCreateTimer
RtlUpdateTimer
RtlSetHeapInformation
RtlInitializeCriticalSection
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDetermineDosPathNameType_U
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtAlpcQueryInformation
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtShutdownSystem
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtSetInformationThread
NtResumeProcess
NtTerminateThread
NtRemoveProcessDebug
NtQueryInformationProcess
NtSuspendThread
NtFreeVirtualMemory
RtlExpandEnvironmentStrings_U
RtlSecondsSince1970ToTime

kernel32

HeapSize
CreateFileW
CloseHandle
FlushFileBuffers
GetProcessHeap
GetCommandLineW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
SetStdHandle
HeapReAlloc
GetOEMCP
GetACP
IsValidCodePage
MultiByteToWideChar
GetCPInfo
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetFileType
SetFilePointerEx
GetFileSizeEx
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
ReadFile
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW
GlobalSize
LocalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
LoadLibraryExW
GetDateFormatW
CreateProcessW
GetTimeFormatW
GetNumberFormatW
GetLocaleInfoW
SearchPathW
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
AllocConsole
GetConsoleWindow
FreeConsole
SetConsoleCtrlHandler
LocalFree
GetLastError
SetEndOfFile

Exports

Exports

PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddJsonArrayObject
PhAddJsonObject
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewGroup
PhAddListViewGroupItem
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSetting
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppResolverGetAppIdForWindow
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBoostProvider
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCacheDirectory
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearIgnoredSettings
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConnectPipe
PhConvertIgnoredSettings
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateCacheFile
PhCreateDirectory
PhCreateEMenu
PhCreateEMenuItem
PhCreateFile
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateJsonArray
PhCreateJsonObject
PhCreateJsonParser
PhCreateKey
PhCreateList
PhCreateNamedPipe
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePipe
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSearchControl
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhCreateThread2
PhCreateThreadEx
PhDecodeUnicodeDecoder
PhDelayExecution
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCacheFile
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteDirectory
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteProviderThread
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDetermineDosPathNameType
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDnsFree
PhDnsQuery
PhDoPropPageLayout
PhDoesFileExistsWin32
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDrawTrayIconText
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumChildWindows
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHandlesEx2
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEnumWindows
PhEnumerateKey
PhEnumerateValueKey
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExecuteRunAsCommand3
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhExtractIcon
PhExtractIconEx
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreeJsonParser
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetApplicationIcon
PhGetBaseDirectory
PhGetBaseName
PhGetClassObject
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDialogItemValue
PhGetDllFileName
PhGetDllHandle
PhGetDrawInfoGraphBuffers
PhGetEnabledProvider
PhGetEtwPublisherName
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFilePosition
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetGlobalTimerQueue
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetJsonArrayIndexObject
PhGetJsonArrayLength
PhGetJsonArrayLong64
PhGetJsonArrayString
PhGetJsonObject
PhGetJsonObjectAsArrayList
PhGetJsonObjectBool
PhGetJsonObjectLength
PhGetJsonObjectType
PhGetJsonValueAsLong64
PhGetJsonValueAsString
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetListViewItemText
PhGetMappedImageCfg
PhGetMappedImageCfgEntry
PhGetMappedImageExportFunction
PhGetMappedImageExports
PhGetMappedImageLoadConfig32
PhGetMappedImageLoadConfig64
PhGetMessage
PhGetModuleFromAddress
PhGetModuleProcAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPhVersion
PhGetPhVersionHash
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginFileName
PhGetPluginInformation
PhGetPluginName
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddress
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessDeviceMap
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessInformationCache
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessKnownTypeEx
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPriorityClassString
PhGetProcessUnloadedDlls
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetScalableIntegerPairSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceDllParameter
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStatusMessage
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenIntegrityLevelRID
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowContext
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHandleCopyCellEMenuItem
PhHandleCopyListViewEMenuItem
PhHandleListViewNotifyBehaviors
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHashBytes
PhHashStringRef
PhHexStringToBuffer
PhHexStringToBufferEx
PhHttpDnsQuery
PhHttpSocketAddRequestHeaders
PhHttpSocketBeginRequest
PhHttpSocketConnect
PhHttpSocketCreate
PhHttpSocketDestroy
PhHttpSocketDownloadString
PhHttpSocketEndRequest
PhHttpSocketGetErrorMessage
PhHttpSocketParseUrl
PhHttpSocketQueryHeaderString
PhHttpSocketQueryHeaderUlong
PhHttpSocketQueryHeaders
PhHttpSocketQueryOptionString
PhHttpSocketReadData
PhHttpSocketReadDataToBuffer
PhHttpSocketSendRequest
PhHttpSocketSetCredentials
PhHttpSocketSetFeature
PhHttpSocketSetSecurity
PhHttpSocketWriteData
PhHungWindowFromGhostWindow
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeMappedImage
PhInitializeProviderThread
PhInitializeStringBuilder
PhInitializeThemeWindowHeader
PhInitializeTreeNewColumnMenu
PhInitializeTreeNewFilterSupport
PhInitializeWindowTheme
PhInitializeWindowThemeStatusBar
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInsertCopyCellEMenuItem
PhInsertCopyListViewEMenuItem
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 529KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/UD Proccess Hacker/Process Hacker/plugins/DotNetTools.dll
.dll windows:6 windows x64 arch:x64

26abe4bbd8afcb54a4c75add54378fdd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\git\dexzunpacker

Imports

processhacker.exe

WindowsVersion
PhOpenProcessToken
PhGetPluginCallback
PhRegisterPlugin
PhRegisterCallback
PhPluginSetObjectExtension
PhGetGeneralCallback
PhAddSettings
PhCopyListView
PhLoadListViewGroupStatesFromSetting
PhHandleListViewNotifyBehaviors
PhLoadListViewSortColumnsFromSetting
PhGetListViewContextMenuPoint
PhSaveListViewColumnsToSetting
PhSaveListViewGroupStatesToSetting
PhUnregisterCallback
PhLoadListViewColumnsFromSetting
PhAddListViewGroupItem
PhAddListViewColumn
PhQueryTokenVariableSize
PhSaveListViewSortColumnsToSetting
PhAddListViewGroup
PhInsertCopyListViewEMenuItem
PhFormatToBuffer
PhHandleCopyListViewEMenuItem
PhGetSelectedListViewItemParams
PhCreateSimpleHashtable
PhfAcquireQueuedLockExclusive
PhFindItemSimpleHashtable
PhUiConnectToPhSvcEx
PhUiDisconnectFromPhSvc
PhfWakeForReleaseQueuedLock
PhRemoveItemSimpleHashtable
PhAddItemSimpleHashtable
PhPluginQueryPhSvc
PhPluginCallPhSvc
PhPluginGetObjectExtension
PhPluginAddTreeNewColumn
PhGetProcessIsDotNet
PhEnumProcessModules
PhGetSystemRoot
PhOpenProcess
PhfEndInitOnce
PhGetProcedureAddress
PhOpenThread
PhConcatStringRef2
PhEnumProcessModules32
PhfBeginInitOnce
PhFindLastCharInStringRef
PhCreateThreadEx
PhInsertEMenuItem
PhCreateList
PhCreateString
PhGetTreeNewText
PhInitializeTreeNewFilterSupport
PhSetControlTheme
PhFormatString
PhCreateSearchControl
PhAllocate
PhFindProcessInformation
PhFormatString_V
PhEqualStringRef
PhCountStringZ
PhCreateEMenuItem
PhClearList
PhInitializeStringBuilder
PhGetWindowText
PhCmLoadSettings
PhPropPageDlgProcHeader
PhCompareStringRef
PhConcatStrings2
PhDeleteTreeNewColumnMenu
PhCreateEMenu
PhHandleCopyCellEMenuItem
PhAddItemList
PhGetWin32Message
PhShellExploreFile
PhAddItemsList
PhInitializeWindowTheme
PhGetStringSetting
PhHandleTreeNewColumnMenu
PhDoesFileExistsWin32
PhInitializeTreeNewColumnMenu
PhSetClipboardString
PhAddTreeNewFilter
PhReferenceEmptyString
PhGetProcessIsDotNetEx
PhSetStringSetting2
PhGetGlobalWorkQueue
PhSplitStringRefAtChar
PhAddProcessPropPage
PhRemoveStringBuilder
PhCreateStringEx
PhQueueItemWorkQueue
PhDoPropPageLayout
PhFinalStringBuilderString
PhApplyTreeNewFilters
PhShellExecuteUserString
PhShowEMenu
PhFindStringInStringRef
PhAutoDereferenceObject
PhSetIntegerSetting
PhGetIntegerSetting
PhRemoveTreeNewFilter
PhDestroyEMenu
PhFree
PhConcatStrings
PhCmSaveSettings
PhReferenceObject
PhInsertCopyCellEMenuItem
PhDeleteTreeNewFilterSupport
PhCreateProcessPropPageContextEx
PhEnumProcesses
PhShowMessage
PhAppendStringBuilder2
PhDereferenceObject
PhGetProcessIsSuspended
PhSetFlagsEMenuItem
PhAddPropPageLayoutItem
PhSetExtendedListView
PhFormatUInt64

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
NtMapViewOfSection
NtOpenSection
RtlAddSIDToBoundaryDescriptor
NtOpenPrivateNamespace
NtUnmapViewOfSection
RtlFreeSid
RtlAllocateAndInitializeSid
RtlDeleteBoundaryDescriptor
RtlCreateBoundaryDescriptor
RtlNtStatusToDosError
NtReadVirtualMemory
NtQueryInformationProcess
NtGetContextThread
NtWaitForSingleObject
NtClose

kernel32

LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
GetProcessHeap
LoadLibraryW
GetLastError
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/UD Proccess Hacker/Process Hacker/plugins/ExtendedNotifications.dll
.dll windows:6 windows x64 arch:x64

b45f9a00b97b8bc5fde83ab523a54d00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\git\dexzunpacker

Imports

processhacker.exe

PhReferenceProcessItemForParent
PhSetWindowContext
PhCreateList
PhInitializeLayoutManager
PhDeleteLayoutManager
PhFreeFileDialog
PhAllocate
PhShowFileDialog
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhInsertItemList
PhClearList
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhSetFileDialogFilter
PhAddItemList
PhAddSettings
PhRemoveItemList
PhGetFileDialogFileName
PhSetFileDialogFileName
PhCreateSaveFileDialog
PhSetStringSetting2
PhGetWindowContext
PhGetGlobalWorkQueue
PhSetDialogItemText
PhQueueItemWorkQueue
PhFinalStringBuilderString
PhAddLayoutItem
PhFormatString_V
PhSetIntegerSetting
PhAppendCharStringBuilder
PhMatchWildcards
PhGetIntegerSetting
PhRegisterPlugin
PhReferenceObject
PhAppendStringBuilderEx
PhGetPluginCallback
PhDeleteStringBuilder
PhGetFileName
PhConvertUtf8ToUtf16
PhLayoutManagerLayout
PhRemoveWindowContext
PhFindCharInStringRef
PhDuplicateBytesZSafe
PhAllocateSafe
PhFree
PhDereferenceObject
PhGetStringSetting
PhGetGeneralCallback
PhCreateFileStream
PhWriteStringFormatAsUtf8FileStream
PhFormatLogEntry
PhAutoDereferenceObject
PhRegisterCallback
PhFormatDateTime

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx

kernel32

GetModuleHandleW
FlushFileBuffers
CreateFileW
SetStdHandle
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
CloseHandle
LCMapStringW
HeapFree
HeapAlloc
GetFileType
GetStdHandle
GetConsoleMode
SetFilePointerEx
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
WriteConsoleW
HeapSize
GetStringTypeW
GetFileSizeEx
GetConsoleOutputCP
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
SetUnhandledExceptionFilter
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
WriteFile

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/UD Proccess Hacker/Process Hacker/plugins/ExtendedServices.dll
.dll windows:6 windows x64 arch:x64

cfe6f486e067d0abb525baea39a939bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\git\dexzunpacker

Imports

processhacker.exe

PhaChoiceDialog
PhCenterWindow
PhSetFileDialogFileName
PhGetFileDialogFileName
PhGetComboBoxString
PhCreateOpenFileDialog
PhSetFileDialogFilter
PhShowFileDialog
PhFreeFileDialog
PhCreateString
PhOpenKey
PhCreateAlloc
PhAppendStringBuilderEx
PhSetListViewSubItem
PhFinalArrayItems
PhQueryRegistryString
PhFinalStringBuilderString
PhReferenceEmptyString
PhInitializeArray
PhDeleteAutoPool
PhFormatGuid
PhGetEtwPublisherName
PhGetSelectedListViewItemParam
PhAddItemArray
PhClearList
PhStringToGuid
PhEnumerateKey
PhFormatString
PhFindListViewItemByFlags
PhLookupPrivilegeDisplayName
PhSetControlTheme
PhQueryServiceVariableSize
PhDereferenceObjects
PhFindIntegerSiKeyValuePairs
PhEqualStringRef
PhGetNtMessage
PhSelectComboBoxString
PhSetExtendedListView
PhInitializeStringBuilder
PhGetWindowText
PhAddListViewColumn
WindowsVersion
PhRemoveItemList
PhSidToStringSid
PhGetDialogItemValue
PhGetModuleProcAddress
PhRemoveListViewItem
PhUiDisconnectFromPhSvc
PhUiConnectToPhSvc
PhCreateStringEx
PhGetListViewItemParam
PhFindItemList
PhFindStringSiKeyValuePairs
PhAddListViewItem
PhSvcCallChangeServiceConfig2
PhAddComboBoxStrings
PhAppendCharStringBuilder
PhDeleteStringBuilder
PhNtStatusToDosError
PhOpenLsaPolicy
PhShowMessage
PhAppendStringBuilder
PhGetOwnTokenAttributes
PhSetDialogItemValue
PhMainWndHandle
PhInsertEMenuItem
PhUiContinueService
PhUiStopService
PhfReleaseQueuedLockShared
PhEscapeStringForMenuPrefix
PhPluginCreateEMenuItem
PhCompareStringRef
PhFindEMenuItem
PhDestroyEMenuItem
PhAddSettings
PhShowStatus
PhGetGeneralCallback
PhfAcquireQueuedLockShared
PhIndexOfEMenuItem
PhFormatString_V
PhRegisterCallback
PhUiStartService
PhRegisterPlugin
PhReferenceObject
PhGetPluginCallback
PhUiPauseService
PhSetWindowContext
PhCreateList
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhOpenService
PhCountStringZ
PhConcatStrings2
PhAddItemList
PhGetWin32Message
PhReferenceServiceItem
PhInitializeWindowTheme
PhGetWindowContext
PhSetDialogItemText
PhGetServiceConfig
PhAddLayoutItem
PhAutoDereferenceObject
PhGetIntegerSetting
PhFree
PhLayoutManagerLayout
PhDereferenceObject
PhCreateServiceListControl
PhInitializeAutoPool
PhRemoveWindowContext

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtClose
RtlGUIDFromString

kernel32

GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
GetConsoleMode
SetFilePointerEx
GetComputerNameW
SetLastError
GetLastError
CreateFileW
CloseHandle
WriteConsoleW
WriteFile

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/UD Proccess Hacker/Process Hacker/plugins/ExtendedTools.dll
.dll windows:6 windows x64 arch:x64

a7737dce9738b8cafdad4238d0682533

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\git\dexzunpacker

Imports

processhacker.exe

PhCreateSimpleHashtable
PhReferenceProcessRecord
PhFreeToFreeList
PhGetFileName
PhReferenceProcessItem
PhCreateObject
PhDereferenceProcessRecord
PhInitializeFreeList
PhfAcquireQueuedLockShared
PhAllocateFromFreeList
PhGetGeneralCallback
PhInvokeCallback
PhAddEntryHashtableEx
PhEqualStringRef
PhCreateObjectType
PhfReleaseQueuedLockShared
PhHashStringRef
PhGetOwnTokenAttributes
PhDelayExecution
WindowsVersion
PhIsExecutingInWow64
PhFormatUInt64
PhCopyListView
PhRemoveWindowContext
PhLayoutManagerLayout
PhGetListViewContextMenuPoint
PhCenterWindow
PhInitializeAutoPool
PhFormatString_V
PhAddLayoutItem
PhDrainAutoPool
PhSetApplicationWindowIcon
PhGetWindowContext
PhUnregisterCallback
PhInitializeWindowTheme
PhDeleteAutoPool
PhAddListViewGroupItem
PhAddListViewColumn
PhSetListViewSubItem
PhDeleteLayoutManager
PhInitializeLayoutManager
PhFormatSize
PhAddListViewGroup
PhInsertCopyListViewEMenuItem
PhFormatToBuffer
PhSetWindowContext
PhHandleCopyListViewEMenuItem
PhGetSelectedListViewItemParams
PhReferenceProcessRecordForStatistics
PhQueryRegistryUlong
PhInitializeCircularBuffer_FLOAT
PhFormatDate
PhQueryValueKey
PhInitializeCircularBuffer_ULONG64
PhGetModuleProcAddress
PhInitializeCircularBuffer_ULONG
PhQueryRegistryUlong64
PhLargeIntegerToLocalSystemTime
PhGetStatisticsTimeString
PhfResetEvent
PhShowMessage
PhSetGraphText
PhCopyCircularBuffer_FLOAT
PhfSetEvent
PhLoadWindowPlacementFromSetting
PhGraphStateGetDrawInfo
PhDeleteGraphState
PhSiSetColorsGraphDrawInfo
PhInitializeGraphState
PhSaveWindowPlacementToSetting
PhfWaitForEvent
PhCreateThreadEx
PhAddPropPageLayoutItem
PhCreateProcessPropPageContextEx
PhGetStockApplicationIcon
PhAddProcessPropPage
PhGlobalDpi
PhPropPageDlgProcHeader
PhDivideSinglesBySingle
PhGetStatisticsTime
PhAppendStringBuilder
PhAppendStringBuilder2
PhGetDrawInfoGraphBuffers
PhSetWindowText
PhFindProcessRecord
PhFinalStringBuilderString
PhRemoveStringBuilder
PhSetDialogItemText
PhAddLayoutItemEx
PhInitializeStringBuilder
PhDrawTrayIconText
PhGenerateGuid
PhFormatGuid
PhAppendFormatStringBuilder
PhStringToGuid
PhDrawGraphDirect
PhPluginQueryPhSvc
PhPluginCallPhSvc
PhGetProcessUnloadedDlls
PhBufferToHexString
PhPluginGetObjectExtension
PhPluginAddTreeNewColumn
PhGetClassObject
PhPluginEnableTreeNewNotify
PhEnumProcesses
PhReferenceNetworkItem
PhGetProcessInformationCache
PhFindProcessInformation
PhSiSizeLabelYFunction
PhDeleteCircularBuffer_FLOAT
PhGetPluginCallback
PhRegisterPlugin
PhIndexOfEMenuItem
PhPluginSetObjectExtension
PhDeleteCircularBuffer_ULONG
PhAddSettings
PhPrintTimeSpan
PhPluginCreateEMenuItem
PhDeleteCircularBuffer_ULONG64
PhCreateServiceListControl
PhShowStatus
PhReferenceServiceItem
PhCreateSymbolProvider
PhCreateAlloc
PhEnumGenericModules
PhLoadSymbolProviderOptions
PhGetSymbolFromAddress
PhOpenProcess
PhLoadModuleSymbolProvider
PhSetIntegerSetting
PhOpenThread
PhShowConfirmMessage
PhFormatDateTime
PhAddListViewItem
PhHandleListViewNotifyForCopy
PhSaveListViewColumnsToSetting
PhUiConnectToPhSvcEx
PhUiDisconnectFromPhSvc
PhHexStringToBufferEx
PhLoadListViewColumnsFromSetting
PhSetExtendedListView
PhCopyStringZ
PhFindListViewItemByParam
PhFindItemSimpleHashtable
PhQueueItemWorkQueue
PhGetGlobalWorkQueue
PhGetBaseName
PhSystemBasicInformation
PhGetModuleFromAddress
PhAddItemSimpleHashtable
PhMainWndHandle
PhInsertEMenuItem
PhCreateList
PhGetStatusMessage
PhCreateString
PhGetTreeNewText
PhShowProcessRecordDialog
PhFormat
PhInitializeTreeNewFilterSupport
PhSetControlTheme
PhFormatString
PhFindProcessNode
PhSetIntegerPairSetting
PhCreateEMenuItem
PhRemoveEntryHashtable
PhInitializeThemeWindowHeader
PhSetFlagsAllEMenuItems
PhCmLoadSettings
PhAddItemArray
PhCompareStringRef
PhFindLastCharInStringRef
PhDeleteTreeNewColumnMenu
PhFindEMenuItem
PhCreateEMenu
PhGetPluginInformation
PhfWakeForReleaseQueuedLock
PhHandleCopyCellEMenuItem
PhAddItemList
PhReferenceProcessItemForRecord
PhShellExploreFile
PhGetStringSetting
PhHandleTreeNewColumnMenu
PhDoesFileExistsWin32
PhInitializeTreeNewColumnMenu
PhInitializeArray
PhRemoveItemList
PhSetClipboardString
PhAddTreeNewFilter
PhReferenceEmptyString
PhApplyTreeNewFiltersToNode
PhShowMessage2
PhGetIntegerPairSetting
PhFindPlugin
PhSetStringSetting2
PhCreateStringEx
PhApplyTreeNewFilters
PhFindItemList
PhShellExecuteUserString
PhShowEMenu
PhAutoDereferenceObject
PhRegisterCallback
PhRemoveItemsArray
PhSelectAndEnsureVisibleProcessNode
PhGetIntegerSetting
PhDestroyEMenu
PhCmSaveSettings
PhReferenceObject
PhInsertCopyCellEMenuItem
PhfAcquireQueuedLockExclusive
PhWriteStringAsUtf8FileStream
PhGetGenericTreeNewLines
PhShellProperties
PhDereferenceObject
PhWriteStringAsUtf8FileStream2
PhSetFlagsEMenuItem
PhAddEntryHashtable
PhfReleaseFastLockShared
PhAllocate
PhCountStringZ
PhfAcquireFastLockExclusive
PhStringToInteger64
PhfEndInitOnce
PhClearHashtable
PhCreateHashtable
PhSplitStringRefAtChar
PhCreateThread2
PhfAcquireFastLockShared
PhFree
PhEnumHashtable
PhfReleaseFastLockExclusive
PhfBeginInitOnce
PhDoPropPageLayout
PhFindEntryHashtable

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
NtSetInformationProcess
NtQueryInformationProcess
RtlSecondsSince1970ToTime
NtCancelSynchronousIoFile
NtDuplicateObject
NtQueryInformationWorkerFactory
RtlSetBits
RtlInitializeBitMap
RtlInterlockedFlushSList
NtQueryPerformanceCounter
RtlInitializeSListHead
RtlInterlockedPushEntrySList
NtWaitForSingleObject
NtCreateEvent
NtClose

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
GetProcessHeap
GetStdHandle
LocalFree
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
LCMapStringW

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/UD Proccess Hacker/Process Hacker/plugins/HardwareDevices.dll
.dll windows:6 windows x64 arch:x64

32f275ad89798243a4ce9f3ed3c75a6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\git\dexzunpacker

Imports

processhacker.exe

PhGetDrawInfoGraphBuffers
PhConcatStringRef2
PhAddLayoutItemEx
PhGraphStateGetDrawInfo
PhDeleteGraphState
PhSiSizeLabelYFunction
PhInitializeGraphState
PhDivideSinglesBySingle
PhFormat
PhFormatToBuffer
PhExpandEnvironmentStrings
PhExtractIconEx
PhGetListViewItemParam
PhSplitStringRefAtChar
PhSetStringSetting2
PhReferenceEmptyString
PhGetStringSetting
PhStringToInteger64
PhGetSelectedListViewItemParam
PhInitializeLayoutManager
PhFindListViewItemByFlags
PhShellOpenKey
PhGetHandleInformation
PhGetPluginCallback
PhRegisterPlugin
PhGetProcedureAddress
PhShowStatus
PhAddSettings
PhTrimStringRef
WindowsVersion
PhStringToGuid
PhQueryRegistryString
PhQueryRegistryUlong64
PhConvertMultiByteToUtf16
PhSetDialogItemText
PhGetOwnTokenAttributes
PhReAllocate
PhGetProcessDeviceMap
PhSystemBasicInformation
PhDeleteLayoutManager
PhSaveWindowPlacementToSetting
PhSaveListViewSortColumnsToSetting
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhGetIntegerPairSetting
PhLoadWindowPlacementFromSetting
PhRemoveStringBuilder
PhDrainAutoPool
PhFinalStringBuilderString
PhAddLayoutItem
PhGetStatisticsTimeString
PhInitializeAutoPool
PhSetWindowText
PhLoadListViewSortColumnsFromSetting
PhDeleteStringBuilder
PhLayoutManagerLayout
PhMainWndHandle
PhUnregisterCallback
PhGetGeneralCallback
PhRegisterCallback
PhGetSelectedListViewItemParams
PhInsertEMenuItem
PhHandleCopyListViewEMenuItem
PhSetWindowContext
PhInsertCopyListViewEMenuItem
PhAddListViewGroup
PhFormatSize
PhBufferToHexString
PhLargeIntegerToLocalSystemTime
PhSetListViewSubItem
PhSetControlTheme
PhAllocate
PhCreateEMenuItem
PhSetExtendedListView
PhAddListViewColumn
PhCreateEMenu
PhAddListViewGroupItem
PhInitializeWindowTheme
PhLoadListViewColumnsFromSetting
PhGetWindowContext
PhSetApplicationWindowIcon
PhCreateStringEx
PhSaveListViewColumnsToSetting
PhCreateThread2
PhShowEMenu
PhAddListViewItem
PhFormatString_V
PhAutoDereferenceObject
PhFormatDateTime
PhCenterWindow
PhDestroyEMenu
PhFree
PhGetListViewContextMenuPoint
PhHandleListViewNotifyBehaviors
PhRemoveWindowContext
PhCopyListView
PhFormatUInt64
PhModalPropertySheet
PhCreateList
PhDereferenceObjectDeferDelete
PhCreateString
PhDeleteCircularBuffer_ULONG64
PhfReleaseQueuedLockShared
PhCreateObjectType
PhCreateFile
PhCountStringZ
PhConcatStrings2
PhfWakeForReleaseQueuedLock
PhAddItemList
PhRemoveItemList
PhInitializeCircularBuffer_ULONG64
PhfAcquireQueuedLockShared
PhReferenceObjectSafe
PhFindItemList
PhGetIntegerSetting
PhCreateObject
PhReferenceObject
PhfAcquireQueuedLockExclusive
PhEqualStringRef
PhDereferenceObject

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
NtQueryVolumeInformationFile
NtFsControlFile
NtDeviceIoControlFile
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
NtClose

kernel32

GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
FreeLibrary
LoadLibraryW
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/UD Proccess Hacker/Process Hacker/plugins/NetworkTools.dll
.dll windows:6 windows x64 arch:x64

c0fa1210a192ae69354e312affa6f1af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\git\dexzunpacker

Imports

processhacker.exe

PhDestroyEMenu
PhFindStringInStringRef
PhShowEMenu
PhFinalStringBuilderString
PhRemoveStringBuilder
PhSetClipboardString
PhGetWin32Message
PhHandleCopyCellEMenuItem
PhCreateEMenu
PhAppendFormatStringBuilder
PhDnsFree
PhInitializeStringBuilder
PhGetTreeNewText
PhFindEntryHashtable
PhfBeginInitOnce
PhCmSaveSettings
PhCreateObject
PhCreateHashtable
PhClearHashtable
PhInitializeTreeNewColumnMenu
PhHandleTreeNewColumnMenu
PhfEndInitOnce
PhAddItemList
PhDeleteTreeNewColumnMenu
PhCmLoadSettings
PhClearList
PhSetIntegerPairSetting
PhSetControlTheme
PhCreateObjectType
PhCreateList
PhAddEntryHashtable
PhfResetEvent
PhShellExecute
PhConcatStrings
PhDeleteCacheFile
PhOpenKey
PhShowMessage
PhQueryRegistryString
PhCreateDirectory
PhHttpSocketConnect
PhCreateFileWin32
PhConvertUtf16ToUtf8
PhRegisterWindowCallback
PhGetPhVersionNumbers
PhHttpSocketParseUrl
PhHttpSocketAddRequestHeaders
PhHttpSocketDestroy
PhHttpSocketReadData
PhHttpSocketQueryHeaderString
PhHttpSocketQueryHeaderUlong
PhGetPhVersion
PhConcatStrings2
PhHttpSocketEndRequest
PhHttpSocketCreate
PhDeleteFileWin32
PhGetFullPath
PhfWaitForEvent
PhHttpSocketSetFeature
PhCreateCacheFile
PhUnregisterWindowCallback
PhFormatToBuffer
PhCreateThreadEx
PhHttpSocketSendRequest
PhCreateBytesEx
PhReAllocate
PhReferenceEmptyString
PhStringToInteger64
PhFindEMenuItem
PhCountStringZ
PhTrimStringRef
PhInsertCopyCellEMenuItem
PhCreateAlloc
PhAppendStringBuilder2
PhSetFlagsEMenuItem
PhShellProcessHacker
PhGetApplicationIcon
PhGetGlobalWorkQueue
PhfSetEvent
PhMainWndHandle
PhSetWindowContext
PhGenerateRandomAlphaString
PhFormatString
PhAllocate
PhSaveWindowPlacementToSetting
PhDivideSinglesBySingle
PhInitializeGraphState
PhInitializeCircularBuffer_ULONG
PhDeleteAutoPool
PhInitializeWindowTheme
PhConvertUtf16ToMultiByte
PhSiSetColorsGraphDrawInfo
PhUnregisterCallback
PhDeleteGraphState
PhGlobalDpi
PhGraphStateGetDrawInfo
PhGetIntegerPairSetting
PhAddLayoutItemEx
PhGetWindowContext
PhSetApplicationWindowIcon
PhLoadWindowPlacementFromSetting
PhCreateStringEx
PhDnsQuery
PhDrainAutoPool
PhQueueItemWorkQueue
PhCreateThread2
PhFormatString_V
PhDeleteWorkQueue
PhSetGraphText
PhInitializeAutoPool
PhCenterWindow
PhFree
PhSetWindowText
PhInitializeWorkQueue
PhRemoveWindowContext
PhGetStatisticsTimeString
PhInitializeLayoutManager
PhDeleteLayoutManager
PhFreeFileDialog
PhShowFileDialog
PhGetWindowText
PhSetFileDialogFilter
PhCreateOpenFileDialog
PhGetFileDialogFileName
PhSetFileDialogFileName
PhGetDialogItemValue
PhSetStringSetting2
PhSetDialogItemText
PhAddLayoutItem
PhSetIntegerSetting
PhGetFileName
PhLayoutManagerLayout
PhSetDialogItemValue
PhInsertEMenuItem
PhCreateString
PhaChoiceDialog
PhFormatSize
PhPluginCreateEMenuItem
PhCreateEMenuItem
PhCompareStringRef
PhfWakeForReleaseQueuedLock
PhAddSettings
PhGetGeneralCallback
PhPluginSetObjectExtension
PhRegisterCallback
PhGetIntegerSetting
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhfAcquireQueuedLockExclusive
PhPluginGetObjectExtension
PhGetOwnTokenAttributes
PhFormatUInt64
PhQuerySystemTime
PhConvertUtf8ToUtf16Ex
PhEqualStringRef
PhGetStringSetting
PhDoesFileExistsWin32
PhGetBaseName
PhLoadPngImageFromResource
PhAutoDereferenceObject
PhConcatStringRef2
PhReferenceObject
PhExpandEnvironmentStrings
PhDereferenceObject
PhDetermineDosPathNameType
PhHttpSocketBeginRequest
PhGetApplicationDirectory

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
NtClose
NtWriteFile
RtlIpv6AddressToStringExW
RtlIpv4StringToAddressW
RtlIpv4AddressToStringExW
RtlIpv6StringToAddressW
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlTimeToSecondsSince1970

kernel32

FindFirstFileExW
WideCharToMultiByte
SetEndOfFile
LCMapStringW
MultiByteToWideChar
SetStdHandle
GetStdHandle
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetFileType
SetFilePointerEx
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FindClose
WriteFile
ReadFile
LoadLibraryW
GetLastError
MapViewOfFile
CreateFileMappingW
GetFileSize
CloseHandle
UnmapViewOfFile
CreateFileW
GetCommandLineA
GetCommandLineW
GetProcessHeap
GetStringTypeW
WriteConsoleW
FlushFileBuffers
HeapSize
HeapReAlloc

Sections

.text
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/UD Proccess Hacker/Process Hacker/plugins/OnlineChecks.dll
.dll windows:6 windows x64 arch:x64

018c944eb333471d0bd281f049ab5ba7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\git\dexzunpacker

Imports

processhacker.exe

PhFormatString
PhCreateObjectType
PhBufferToHexString
PhFinalHash
PhFormatSize
PhQuerySystemTime
PhGetFileSize
PhInitializeHash
PhGetJsonObjectBool
PhCreateString
PhFormatToBuffer
PhSetWindowContext
PhGetJsonValueAsString
PhGetJsonObject
PhHttpSocketSendRequest
PhOpenKey
PhCreateBytesEx
PhQueryRegistryUlong
PhCreateJsonArray
PhFormatDate
PhExpandEnvironmentStrings
PhConvertUtf8ToUtf16
PhCreateJsonObject
PhHttpSocketCreate
PhConcatStringRef2
PhFree
PhFormatDateTime
PhQueryRegistryString
PhGetServiceDllParameter
PhDelayExecution
PhGetJsonObjectAsArrayList
PhGetJsonArrayIndexObject
PhConvertUtf16ToUtf8
PhGetJsonArrayString
PhHexStringToBuffer
PhConvertUtf16ToMultiByte
PhAddJsonArrayObject
PhAddItemList
PhFormatTime
PhCreateBytes
PhQueryFullAttributesFileWin32
PhParseCommandLineFuzzy
PhGetJsonArrayLength
PhAddJsonObject
PhLargeIntegerToLocalSystemTime
PhCreateList
PhCreateThreadEx
PhHttpSocketEndRequest
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
PhGetPhVersion
PhfEndInitOnce
PhHttpSocketQueryHeaderUlong
PhHttpSocketDestroy
PhDeleteAutoPool
PhHttpSocketAddRequestHeaders
PhCountStringZ
PhGetJsonValueAsLong64
PhSetFilePosition
PhShowStatus
PhHttpSocketParseUrl
PhGetClassObject
PhUpdateHash
PhGetBaseName
PhGetWindowContext
PhHttpSocketGetErrorMessage
PhCreateFileWin32
PhLoadMappedImageEx
PhSetApplicationWindowIcon
PhCreateThread2
PhHttpSocketConnect
PhFreeJsonParser
PhHttpSocketWriteData
PhCreateObject
PhInitializeAutoPool
PhCenterWindow
PhConvertUtf16ToAsciiEx
PhUnloadMappedImage
PhDeleteStringBuilder
PhGetJsonArrayLong64
PhHttpSocketDownloadString
PhCreateJsonParser
PhfBeginInitOnce
PhRemoveWindowContext
PhHttpSocketBeginRequest
PhShellExecute
PhFormatUInt64
PhGetGlobalWorkQueue
PhQueueItemWorkQueue
PhFormatString_V
PhMainWndHandle
PhInsertEMenuItem
PhShellProcessHacker
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhCreateEMenuItem
PhGetApplicationIcon
PhCompareStringRef
PhSetFileDialogFilter
PhFindEMenuItem
PhCreateOpenFileDialog
PhAddSettings
PhGetFileDialogFileName
PhGetGeneralCallback
PhPluginSetObjectExtension
PhIndexOfEMenuItem
PhAutoDereferenceObject
PhRegisterCallback
PhSetIntegerSetting
PhGetIntegerSetting
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhPluginGetObjectExtension
PhHashStringRef
PhFormat
PhAllocate
PhEqualStringRef
PhAddEntryHashtableEx
PhfWakeForReleaseQueuedLock
PhCreateHashtable
PhReferenceObject
PhfAcquireQueuedLockExclusive
PhDereferenceObject
PhGetFileName
PhFindEntryHashtable

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
RtlNtStatusToDosError
NtQueryInformationThread
NtClose
NtSetInformationThread
NtReadFile
RtlRandomEx

kernel32

GetStringTypeW
GetProcessHeap
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
SystemTimeToTzSpecificLocalTime
GetLastError
GetConsoleOutputCP
GetConsoleMode
CloseHandle
CreateFileW
WriteConsoleW
SetStdHandle

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/UD Proccess Hacker/Process Hacker/plugins/ToolStatus.dll
.dll windows:6 windows x64 arch:x64

b6a137390249c4616d291536ebce5df5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\git\dexzunpacker

Imports

processhacker.exe

PhUiTerminateProcesses
PhGetWindowText
PhPluginGetSystemStatistics
PhFindProcessNode
PhSetSelectThreadIdProcessPropContext
PhGetFilterSupportProcessTreeList
PhGetServiceStartTypeString
PhOpenKey
PhExpandEnvironmentStrings
PhGetTcpStateName
PhQueryValueKey
PhGetProcessPriorityClassString
PhGetFileName
PhConcatStringRef2
PhQueryRegistryString
PhGetServiceStateString
PhGetServiceDllParameter
PhCreateEMenu
PhGetServiceErrorControlString
PhfAcquireQueuedLockShared
PhGetProtocolTypeName
PhGetServiceTypeString
PhParseCommandLineFuzzy
PhDereferenceObjects
PhfReleaseQueuedLockShared
PhCreateString
PhFormatToBuffer
PhClearList
PhCountStringZ
PhLoadIcon
PhInitializeWindowThemeStatusBar
PhLoadPngImageFromResource
PhAddTreeNewFilter
PhCreateSearchControl
PhIconToBitmap
PhFindEMenuItem
PhDestroyEMenuItem
PhInvokeCallback
PhAddSettings
WindowsVersion
PhThemeWindowDrawRebar
PhGetGeneralCallback
PhRegisterMessageLoopFilter
PhShowProcessProperties
PhIndexOfEMenuItem
PhApplyTreeNewFilters
PhShowEMenu
PhExpandAllProcessNodes
PhRegisterCallback
PhGetFilterSupportServiceTreeList
PhDeselectAllServiceNodes
PhDestroyEMenu
PhGetFilterSupportNetworkTreeList
PhReferenceProcessItem
PhRegisterPlugin
PhReferenceObject
PhGetPluginCallback
PhHungWindowFromGhostWindow
PhCreateAlloc
PhShowMessage
PhThemeWindowDrawToolbar
PhGetOwnTokenAttributes
PhCreateProcessPropContext
PhDeselectAllProcessNodes
PhAddItemSimpleHashtable
PhInsertEMenuItem
PhCreateList
PhRemoveItemSimpleHashtable
PhModifyEMenuItem
PhShowProcessRecordDialog
PhFormat
PhSystemBasicInformation
PhPluginCreateEMenuItem
PhDivideSinglesBySingle
PhEqualStringRef
PhInitializeGraphState
PhCreateEMenuItem
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
PhStringToInteger64
PhAddItemList
PhGetStringSetting
PhSiSetColorsGraphDrawInfo
PhDeleteGraphState
PhReferenceEmptyString
PhGraphStateGetDrawInfo
PhSetStringSetting2
PhSplitStringRefAtChar
PhRemoveStringBuilder
PhFinalStringBuilderString
PhCopyCircularBuffer_FLOAT
PhFindItemSimpleHashtable
PhDereferenceProcessRecord
PhAutoDereferenceObject
PhFindProcessRecord
PhDereferenceObject
PhGetPluginName
PhGetStatisticsTime
PhCreateSimpleHashtable
PhGetStatisticsTimeString
PhInitializeWindowTheme
PhAddComboBoxStrings
PhSetIntegerSetting
PhGetIntegerSetting
PhMainWndHandle
PhSetWindowContext
PhAllocate
PhInsertItemList
PhRemoveItemList
PhGlobalDpi
PhGetWindowContext
PhCenterWindow
PhFree
PhFindStringInStringRef
PhRemoveWindowContext

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
NtClose

kernel32

GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetConsoleMode

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/UD Proccess Hacker/Process Hacker/plugins/Updater.dll
.dll windows:6 windows x64 arch:x64

7b63668845862659f79d67e846e4a432

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\git\dexzunpacker

Imports

processhacker.exe

PhFormatString_V
PhGetApplicationDirectory
PhOpenKey
PhQueryRegistryUlong
PhConcatStrings
PhFormatDateTime
PhCreateFileWin32
PhHttpSocketGetErrorMessage
PhShowStatus
PhLargeIntegerToLocalSystemTime
PhBufferToHexString
PhMainWndHandle
PhfResetEvent
PhfBeginInitOnce
PhShowMessage
PhGetFileName
PhConcatStringRef2
PhInitializeAutoPool
PhCreateObject
PhDelayExecution
PhQueueItemWorkQueue
PhSplitStringRefAtChar
PhGetGlobalWorkQueue
PhSetStringSetting2
PhRegisterWindowCallback
PhGetApplicationIcon
PhHttpSocketParseUrl
PhHttpSocketAddRequestHeaders
PhGetStringSetting
PhDeleteAutoPool
PhHttpSocketReadData
PhHttpSocketQueryHeaderUlong
PhfEndInitOnce
PhStringToInteger64
PhClearCacheDirectory
PhGetFileVersionInfo
PhGetKernelFileName
PhIsExecutingInWow64
PhfWaitForEvent
PhFormatString
PhCreateObjectType
PhFormat
PhSplitStringRefAtLastChar
PhFormatSize
PhQuerySystemTime
PhCreateCacheFile
PhUnregisterWindowCallback
PhFormatToBuffer
PhCreateThreadEx
PhIntegerToString64
PhHexStringToBufferEx
PhfSetEvent
PhHttpSocketSendRequest
PhGetSelectedListViewItemParams
PhGetJsonObject
PhGetJsonValueAsString
PhHandleCopyListViewEMenuItem
PhSetWindowContext
PhAutoDereferenceObject
PhCreateList
PhInsertCopyListViewEMenuItem
PhInitializeLayoutManager
PhDeleteLayoutManager
PhSetListViewSubItem
PhFindListViewItemByFlags
PhSetControlTheme
PhAllocate
PhGetJsonArrayLength
PhSaveWindowPlacementToSetting
PhTrimStringRef
PhGetPhVersionHash
PhEqualStringRef
PhSaveListViewSortColumnsToSetting
PhHttpSocketCreate
PhCreateEMenuItem
PhHttpSocketEndRequest
PhSetExtendedListView
PhInitializeStringBuilder
PhConcatStrings2
PhAddListViewColumn
PhGetPhVersion
PhCreateEMenu
PhAddItemList
PhHttpSocketDestroy
PhLoadListViewColumnsFromSetting
PhGetJsonValueAsLong64
PhGetJsonObjectType
PhReferenceEmptyString
PhGetIntegerPairSetting
PhGetJsonArrayIndexObject
PhGetWindowContext
PhSetApplicationWindowIcon
PhLoadWindowPlacementFromSetting
PhCreateStringEx
PhGetListViewItemParam
PhFinalStringBuilderString
PhSaveListViewColumnsToSetting
PhHandleListViewNotifyForCopy
PhCreateThread2
PhAddLayoutItem
PhShowEMenu
PhHttpSocketConnect
PhAddListViewItem
PhFindStringInStringRef
PhFreeJsonParser
PhSetIntegerSetting
PhAppendCharStringBuilder
PhCenterWindow
PhDestroyEMenu
PhFree
PhReferenceObject
PhGetListViewContextMenuPoint
PhLoadListViewSortColumnsFromSetting
PhHttpSocketDownloadString
PhFormatDate
PhAppendStringBuilder2
PhGetListViewItemText
PhLayoutManagerLayout
PhDereferenceObject
PhCreateJsonParser
PhRemoveWindowContext
PhHttpSocketBeginRequest
PhShellExecute
PhCopyListView
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhAddSettings
PhGetGeneralCallback
PhRegisterCallback
PhGetIntegerSetting
PhRegisterPlugin
PhGetPhVersionNumbers
PhGetPluginCallback

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtWriteFile
NtClose
RtlSecondsSince1970ToTime

kernel32

WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetProcessHeap
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
GetLastError
SystemTimeToTzSpecificLocalTime
CloseHandle
CreateFileW
WriteConsoleW
FlushFileBuffers

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/UD Proccess Hacker/Process Hacker/plugins/UserNotes.dll
.dll windows:6 windows x64 arch:x64

003dda534affb84933924ca91fe503ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\git\dexzunpacker

Imports

processhacker.exe

PhFindEMenuItem
PhSetFileDialogFilter
PhCompareStringRef
PhPropPageDlgProcHeader
PhGetWindowText
PhInitializeStringBuilder
PhCreateEMenuItem
PhShowFileDialog
PhGetPluginInformation
PhFreeFileDialog
PhDeleteLayoutManager
PhInvalidateAllProcessNodes
PhOpenProcess
PhPluginAddMenuHook
PhInitializeLayoutManager
PhSetWindowContext
PhInsertEMenuItem
PhMainWndHandle
PhAppendFormatStringBuilder
PhCreateOpenFileDialog
PhAddSettings
PhInitializeWindowTheme
PhGetStringSetting
PhDoesFileExistsWin32
PhGetFileDialogFileName
PhShowStatus
PhSetFileDialogFileName
PhGetGeneralCallback
PhFindPlugin
PhSetStringSetting2
PhGetWindowContext
PhPluginSetObjectExtension
PhSplitStringRefAtChar
PhSetDialogItemText
PhAddProcessPropPage
PhGetSelectedProcessItems
PhRemoveStringBuilder
PhShowProcessAffinityDialog2
PhDoPropPageLayout
PhFinalStringBuilderString
PhAddLayoutItem
PhFormatString_V
PhAutoDereferenceObject
PhRegisterCallback
PhGetIntegerSetting
PhCenterWindow
PhGetSelectedProcessItem
PhConcatStringRef2
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhGetFileName
PhCreateProcessPropPageContextEx
PhExpandEnvironmentStrings
PhPluginGetObjectExtension
PhLayoutManagerLayout
PhDuplicateProcessNodeList
PhDetermineDosPathNameType
PhRemoveWindowContext
PhAddPropPageLayoutItem
PhGetApplicationDirectory
PhIntegerToString64
PhFormatToBuffer
mxmlSaveFd
PhHashStringRef
mxmlGetFirstChild
PhGetFileSize
mxmlNewElement
mxmlGetType
mxmlElementGetAttrCount
PhAllocate
PhGetFullPath
mxmlLoadFd
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhRemoveEntryHashtable
PhAddEntryHashtableEx
PhStringToInteger64
PhfWakeForReleaseQueuedLock
mxmlGetNextSibling
mxml_opaque_cb
PhReferenceEmptyString
PhCreateHashtable
PhCreateFileWin32
PhCreateStringEx
PhCreateDirectory
PhFree
PhReferenceObject
mxmlElementSetAttr
mxmlElementGetAttrByIndex
PhConvertUtf8ToUtf16
PhfAcquireQueuedLockExclusive
mxmlNewOpaque
PhEnumHashtable
mxmlGetOpaque
mxmlDelete
PhDereferenceObject
PhPluginCreateEMenuItem
PhFindEntryHashtable

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtSetInformationProcess
NtQueryInformationProcess
NtClose

kernel32

GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
WriteFile

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/UD Proccess Hacker/Process Hacker/plugins/WindowExplorer.dll
.dll windows:6 windows x64 arch:x64

a5e10782bb9a15f50ec468738aa27ace

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\git\dexzunpacker

Imports

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
NtClose

kernel32

GetModuleFileNameW
WriteConsoleW
LoadLibraryW
CreateFileW
SetFilePointerEx
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetConsoleMode
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
CloseHandle

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kyle cracking/paint.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddJsonArrayObject
PhAddJsonObject
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewGroup
PhAddListViewGroupItem
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSetting
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppResolverGetAppIdForWindow
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBoostProvider
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCacheDirectory
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearIgnoredSettings
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConnectPipe
PhConvertIgnoredSettings
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateCacheFile
PhCreateDirectory
PhCreateEMenu
PhCreateEMenuItem
PhCreateFile
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateJsonArray
PhCreateJsonObject
PhCreateJsonParser
PhCreateKey
PhCreateList
PhCreateNamedPipe
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePipe
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSearchControl
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhCreateThread2
PhCreateThreadEx
PhDecodeUnicodeDecoder
PhDelayExecution
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCacheFile
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteDirectory
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteProviderThread
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDetermineDosPathNameType
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDnsFree
PhDnsQuery
PhDoPropPageLayout
PhDoesFileExistsWin32
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDrawTrayIconText
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumChildWindows
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHandlesEx2
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEnumWindows
PhEnumerateKey
PhEnumerateValueKey
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExecuteRunAsCommand3
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhExtractIcon
PhExtractIconEx
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreeJsonParser
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetApplicationIcon
PhGetBaseDirectory
PhGetBaseName
PhGetClassObject
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDialogItemValue
PhGetDllFileName
PhGetDllHandle
PhGetDrawInfoGraphBuffers
PhGetEnabledProvider
PhGetEtwPublisherName
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFilePosition
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetGlobalTimerQueue
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetJsonArrayIndexObject
PhGetJsonArrayLength
PhGetJsonArrayLong64
PhGetJsonArrayString
PhGetJsonObject
PhGetJsonObjectAsArrayList
PhGetJsonObjectBool
PhGetJsonObjectLength
PhGetJsonObjectType
PhGetJsonValueAsLong64
PhGetJsonValueAsString
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetListViewItemText
PhGetMappedImageCfg
PhGetMappedImageCfgEntry
PhGetMappedImageExportFunction
PhGetMappedImageExports
PhGetMappedImageLoadConfig32
PhGetMappedImageLoadConfig64
PhGetMessage
PhGetModuleFromAddress
PhGetModuleProcAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPhVersion
PhGetPhVersionHash
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginFileName
PhGetPluginInformation
PhGetPluginName
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddress
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessDeviceMap
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessInformationCache
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessKnownTypeEx
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPriorityClassString
PhGetProcessUnloadedDlls
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetScalableIntegerPairSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceDllParameter
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStatusMessage
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenIntegrityLevelRID
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowContext
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHandleCopyCellEMenuItem
PhHandleCopyListViewEMenuItem
PhHandleListViewNotifyBehaviors
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHashBytes
PhHashStringRef
PhHexStringToBuffer
PhHexStringToBufferEx
PhHttpDnsQuery
PhHttpSocketAddRequestHeaders
PhHttpSocketBeginRequest
PhHttpSocketConnect
PhHttpSocketCreate
PhHttpSocketDestroy
PhHttpSocketDownloadString
PhHttpSocketEndRequest
PhHttpSocketGetErrorMessage
PhHttpSocketParseUrl
PhHttpSocketQueryHeaderString
PhHttpSocketQueryHeaderUlong
PhHttpSocketQueryHeaders
PhHttpSocketQueryOptionString
PhHttpSocketReadData
PhHttpSocketReadDataToBuffer
PhHttpSocketSendRequest
PhHttpSocketSetCredentials
PhHttpSocketSetFeature
PhHttpSocketSetSecurity
PhHttpSocketWriteData
PhHungWindowFromGhostWindow
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeMappedImage
PhInitializeProviderThread
PhInitializeStringBuilder
PhInitializeThemeWindowHeader
PhInitializeTreeNewColumnMenu
PhInitializeTreeNewFilterSupport
PhInitializeWindowTheme
PhInitializeWindowThemeStatusBar
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInsertCopyCellEMenuItem
PhInsertCopyListViewEMenuItem
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2

Sections

Size: 754KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 165KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 34KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 54KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
kyle cracking/text.txt

Sharing

General

Malware Config

Signatures

Files

6a91eb82bfd19d2706c7d43c46f7064e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

advapi32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 1024B - Virtual size: 792B

.rsrc Size: 4KB - Virtual size: 4KB

479c5d85ae03022bb2d0ad2e60480a77

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcrypto-3-x64

libssl-3-x64

ws2_32

kernel32

Sections

.text Size: 418KB - Virtual size: 418KB

.rdata Size: 119KB - Virtual size: 118KB

.data Size: 32KB - Virtual size: 44KB

.pdata Size: 20KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 4KB - Virtual size: 3KB

b046ada30a55647ce37232cfc87630a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 529KB - Virtual size: 528KB

.data Size: 31KB - Virtual size: 58KB

.pdata Size: 57KB - Virtual size: 57KB

.didat Size: 3KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 129KB - Virtual size: 128KB

.reloc Size: 7KB - Virtual size: 6KB

b046ada30a55647ce37232cfc87630a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 529KB - Virtual size: 528KB

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 1024B - Virtual size: 792B

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 418KB - Virtual size: 418KB

.rdata
Size: 119KB - Virtual size: 118KB

.data
Size: 32KB - Virtual size: 44KB

.pdata
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 529KB - Virtual size: 528KB

.data
Size: 31KB - Virtual size: 58KB

.pdata
Size: 57KB - Virtual size: 57KB

.didat
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 129KB - Virtual size: 128KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 529KB - Virtual size: 528KB

.data
Size: 31KB - Virtual size: 58KB

.pdata
Size: 57KB - Virtual size: 57KB

.didat
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 129KB - Virtual size: 128KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 136B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 79KB - Virtual size: 78KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 144B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 216B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB