ks.dll

• File Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winxp\ks.dll
• Description: Kernel Streaming Debugger Extensions

Hashes

Type	Hash
MD5	39F6F57283F2F464A8BD0A6BB098A66E
SHA1	4097524E7928496F40DF7960D7865E285F88762E
SHA256	492AF2672AA84CE4A8C399D3356085CB3C9DD19BB01A1CCD4DA936FB063A775E
SHA384	8131139F0FBB019204B7A7B3E96A69D159E4DE4A134990106E8C064D1872F92E8EBE7618980854955CF7F6879A7B2A4E
SHA512	33A57247297B46A959D3721E05F1699C379A1EC9776F5C3235E7D3BBEB45FA96A3D4227CEE2A6F311BAB070480D67586E526032D707298AD942F2BC96C52FD69
SSDEEP	6144:bI8Mhil9WXN6UqpyfdY0t3m3hnNBuFwjLJcZBAlz/Aus+sG7WclXM9PF0aDsO7gR:vjH2XtGhfkwjOZxu9msOih
IMP	9BF4F54AD5FC6971C50F65AFDEBA75FB
PESHA1	56F2A1A69D476CE02BAA5CAEE573CF40CB983C50
PE256	2BCE69E34AAC2AE20310955D56751ED80566232A3B02045CA8F46D107FC3BE7A

DLL Exports:

Function Name	Ordinal	Type
help	22	Exported Function
kshelp	23	Exported Function
libexts	24	Exported Function
graph	21	Exported Function
ExtensionApiVersion	2	Exported Function
findlive	19	Exported Function
forcedump	20	Exported Function
objhdr	25	Exported Function
shdr	30	Exported Function
topology	31	Exported Function
WinDbgExtensionDllInit	3	Exported Function
pciks	29	Exported Function
ohdr	26	Exported Function
pchelp	27	Exported Function
pciaudio	28	Exported Function
eval	18	Exported Function
DebugExtensionNotify	5	Exported Function
DebugExtensionUninitialize	6	Exported Function
devhdr	9	Exported Function
DebugExtensionInitialize	4	Exported Function
allstreams	7	Exported Function
automation	8	Exported Function
CheckVersion	1	Exported Function
dhdr	10	Exported Function
dumpqueue	15	Exported Function
enumdevobj	16	Exported Function
enumdrvobj	17	Exported Function
dumplog	14	Exported Function
dump	11	Exported Function
dumpbag	12	Exported Function
dumpcircuit	13	Exported Function

Signature

• Status: Signature verified.
• Serial: 33000002CF6D2CC57CAA65A6D80000000002CF
• Thumbprint: 1A221B3B4FEF088B17BA6704FD088DF192D9E0EF
• Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: ks.dll
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 64-bit

File Scan

• VirusTotal Detections: 0/75
• VirusTotal Link: https://www.virustotal.com/gui/file/492af2672aa84ce4a8c399d3356085cb3c9dd19bb01a1ccd4da936fb063a775e/detection

MIT License. Copyright (c) 2020-2021 Strontic.