322e7b4fe5aa490f56bfaff2fdd3d7b1

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2009-Jul-14 01:09:34
Detected languages English - United States
Debug artifacts psapi.pdb
CompanyName Microsoft Corporation
FileDescription Process Status Helper
FileVersion 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName PSAPI
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename PSAPI
ProductName Microsoft® Windows® Operating System
ProductVersion 6.1.7600.16385

Plugin Output

Safe VirusTotal score: 0/68 (Scanned on 2021-05-22 18:09:15) All the AVs think this file is safe.

Hashes

MD5 322e7b4fe5aa490f56bfaff2fdd3d7b1
SHA1 f13a3d7cd404793ca02f404124e7656f3423a9c3
SHA256 7905ba3c918b6cc545a7967e82cdce9c590bdc7b2f745f77e3a0f8b175c5476b
SHA3 ac76ba53fc6072d9bdf77d888700a0107a4201e5c1ae5b7c52866a53cfd618fe
SSDeep 96:QAuGyH1gqCYU93AUIowApe1m0cVczjFI073629b0EWZiQAWw:/ujgbYU93AUIowApe1m0cOI0ZlWZiQA
Imports Hash 416262e0418934648b199abd24f68460

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2009-Jul-14 01:09:34
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 9.1
SizeOfCode 0xc00
SizeOfInitializedData 0x800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001438 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x75bf0000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 6.1
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x5000
SizeOfHeaders 0x400
Checksum 0xccd3
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x40000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e5c266115bc1eb91398773dbb9c0d8cd
SHA1 abef2fd6b5ec86c6c6784a162306850b7051739b
SHA256 2240053fc4ff38e9f7802a05749962ae72b68a831edd124ef9b96b06cfcc6de6
SHA3 3efcaea9a99e6694d75740a25774c118ae6b4b5b46c043ee779e9801c146aeea
VirtualSize 0xb8a
VirtualAddress 0x1000
SizeOfRawData 0xc00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.70884

.data

MD5 819d5f2b7e6a4ee9f11d487ebcf0bf46
SHA1 d285848e1e616ee0331201e2c8b28c87085c249e
SHA256 a4075daf9b59eaa445e5bc69d0f73f34beee1625733b724564e06b7c1dc8db4e
SHA3 77a74a36a4d4b42b52869d2aa0fedcdff4c00538245df40779aa0293456f35e5
VirtualSize 0x8
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.16299

.rsrc

MD5 4008d8ba3b89d5de0b5c4c68cb5eb02e
SHA1 d43b751eb13aa4aafd0028fad8f5a28cf7cd0bbe
SHA256 a99713c8521f1bac44ec2c1fa1f6c6e6cd1d6c3dcc9127336be364a3328fe47e
SHA3 3fce4b95a077893cb49b818c6024d19897ad2bfac0b825f7d0516c627ec0a53d
VirtualSize 0x3d8
VirtualAddress 0x3000
SizeOfRawData 0x400
PointerToRawData 0x1200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.32426

.reloc

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x50
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0

Imports

KERNEL32.dll K32EnumProcesses
K32EnumProcessModules
K32EnumProcessModulesEx
K32GetModuleBaseNameA
K32GetModuleBaseNameW
K32GetModuleFileNameExA
K32GetModuleFileNameExW
K32GetModuleInformation
K32EmptyWorkingSet
K32QueryWorkingSet
K32QueryWorkingSetEx
K32InitializeProcessForWsWatch
K32GetWsChanges
K32GetWsChangesEx
K32GetMappedFileNameW
K32GetMappedFileNameA
K32EnumDeviceDrivers
K32GetDeviceDriverBaseNameA
K32GetDeviceDriverBaseNameW
K32GetDeviceDriverFileNameA
K32GetDeviceDriverFileNameW
K32GetProcessMemoryInfo
K32GetPerformanceInfo
K32EnumPageFilesW
K32EnumPageFilesA
K32GetProcessImageFileNameA
K32GetProcessImageFileNameW
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

Delayed Imports

EmptyWorkingSet

Ordinal 1
Address 0x15ee

EnumDeviceDrivers

Ordinal 2
Address 0x14cc

EnumPageFilesA

Ordinal 3
Address 0x167e

EnumPageFilesW

Ordinal 4
Address 0x166e

EnumProcessModules

Ordinal 5
Address 0x1408

EnumProcessModulesEx

Ordinal 6
Address 0x15de

EnumProcesses

Ordinal 7
Address 0x1544

GetDeviceDriverBaseNameA

Ordinal 8
Address 0x14e4

GetDeviceDriverBaseNameW

Ordinal 9
Address 0x1514

GetDeviceDriverFileNameA

Ordinal 10
Address 0x164e

GetDeviceDriverFileNameW

Ordinal 11
Address 0x165e

GetMappedFileNameA

Ordinal 12
Address 0x163e

GetMappedFileNameW

Ordinal 13
Address 0x162e

GetModuleBaseNameA

Ordinal 14
Address 0x15a4

GetModuleBaseNameW

Ordinal 15
Address 0x152c

GetModuleFileNameExA

Ordinal 16
Address 0x15bc

GetModuleFileNameExW

Ordinal 17
Address 0x13f0

GetModuleInformation

Ordinal 18
Address 0x1420

GetPerformanceInfo

Ordinal 19
Address 0x1574

GetProcessImageFileNameA

Ordinal 20
Address 0x168e

GetProcessImageFileNameW

Ordinal 21
Address 0x169e

GetProcessMemoryInfo

Ordinal 22
Address 0x155c

GetWsChanges

Ordinal 23
Address 0x160e

GetWsChangesEx

Ordinal 24
Address 0x161e

InitializeProcessForWsWatch

Ordinal 25
Address 0x15fe

QueryWorkingSet

Ordinal 26
Address 0x158c

QueryWorkingSetEx

Ordinal 27
Address 0x14fc

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x378
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.57239
MD5 e4ed2d42b4c9f78b6c073b2555decf9b
SHA1 a36cab67a13366125c01e3bfe1e326372bd63924
SHA256 b8baca8799f659bfa158f06b05f3628a350b8d713ff1bc20f8ac498b7866017a
SHA3 0cffb81429b5d3364bf74f3d92cf6c79258107cd11f203b46e559458df0f82b7

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 6.1.7600.16385
ProductVersion 6.1.7600.16385
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DLL
Language English - United States
CompanyName Microsoft Corporation
FileDescription Process Status Helper
FileVersion (#2) 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName PSAPI
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename PSAPI
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 6.1.7600.16385
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2009-Jul-13 23:15:50
Version 0.0
SizeofData 34
AddressOfRawData 0x1b68
PointerToRawData 0xf68
Referenced File psapi.pdb

IMAGE_DEBUG_TYPE_RESERVED

Characteristics 0
TimeDateStamp 2009-Jul-13 23:15:50
Version 565.6526
SizeofData 4
AddressOfRawData 0x1b64
PointerToRawData 0xf64

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x947984e7
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 3
Total imports 33
Exports (VS2008 SP1 build 30729) 1
C objects (VS2008 SP1 build 30729) 3
Linker (VS2008 SP1 build 30729) 1
Resource objects (VS2008 SP1 build 30729) 1

Errors

<-- -->