psapi.dll

  • File Path: C:\Windows\SysWOW64\psapi.dll
  • Description: Process Status Helper

Hashes

Type Hash
MD5 39FDC69FB223A2CE7ECD1BEACDB46B6A
SHA1 051CF5F0825DE70AE4CB0D1D797ED68769A81134
SHA256 DEB6A988928723B94AAA698C30706F3A914DF8C59A32E7AFF6323A36D3D200AA
SHA384 D1F7004ED401FC74CB88B27AC20AA3DCDF6D9C0CD04A16A9E00A235594187246D540C6216F2E390E021CDFD893ED5D5B
SHA512 FC7C6B3FA9FD7EDB5362AD5CE4390B7B6FE9D7EA96E65B8B470ABB6BECFE0A4BDCBC49D245F08CEE916B9D758E4431A8E1FA89EED094C3BAA4DF1C9526EAA7AD
SSDEEP 384:/PZhgy/PBv+OdWZrAWJNH0D1IDBRJtE4lrvZ:3rgSx+RaI1Pl
IMP C92635D501F395C41AE84007194A43CD
PESHA1 AD4C7EAE79A6AB590DDBDB73927973EAA76D82E5
PE256 7C3779C056356815023130A2D9D3B48AB4CED7EE6E29B7F40D58284EEC6D1A32

DLL Exports:

Function Name Ordinal Type
GetModuleInformation 18 Exported Function
GetPerformanceInfo 19 Exported Function
GetProcessImageFileNameA 20 Exported Function
GetModuleBaseNameW 15 Exported Function
GetModuleFileNameExA 16 Exported Function
GetModuleFileNameExW 17 Exported Function
GetProcessImageFileNameW 21 Exported Function
InitializeProcessForWsWatch 25 Exported Function
QueryWorkingSet 26 Exported Function
QueryWorkingSetEx 27 Exported Function
GetProcessMemoryInfo 22 Exported Function
GetWsChanges 23 Exported Function
GetWsChangesEx 24 Exported Function
GetModuleBaseNameA 14 Exported Function
EnumPageFilesW 4 Exported Function
EnumProcesses 7 Exported Function
EnumProcessModules 5 Exported Function
EmptyWorkingSet 1 Exported Function
EnumDeviceDrivers 2 Exported Function
EnumPageFilesA 3 Exported Function
EnumProcessModulesEx 6 Exported Function
GetDeviceDriverFileNameW 11 Exported Function
GetMappedFileNameA 12 Exported Function
GetMappedFileNameW 13 Exported Function
GetDeviceDriverBaseNameA 8 Exported Function
GetDeviceDriverBaseNameW 9 Exported Function
GetDeviceDriverFileNameA 10 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: PSAPI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/deb6a988928723b94aaa698c30706f3a914df8c59a32e7aff6323a36d3d200aa/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe 38
C:\Windows\system32\69fe178f-26e7-43a9-aa7d-2b616b672dde_eventlogservice.dll 36
C:\Windows\system32\AppVClientPS.dll 25
C:\Windows\system32\AppVSentinel.dll 40
C:\Windows\system32\AppVTerminator.dll 38
C:\Windows\system32\avrt.dll 30
C:\Windows\system32\backgroundTaskHost.exe 40
C:\Windows\system32\bootstr.dll 41
C:\Windows\system32\BOOTVID.DLL 32
C:\Windows\system32\computelibeventlog.dll 40
C:\Windows\system32\DefaultDeviceManager.dll 43
C:\Windows\system32\DeviceCensus.exe 27
C:\WINDOWS\system32\DeviceCensus.exe 25
C:\Windows\system32\dllhost.exe 36
C:\Windows\system32\downlevel\api-ms-win-base-util-l1-1-0.dll 35
C:\Windows\system32\downlevel\api-ms-win-core-com-l1-1-0.dll 40
C:\Windows\system32\downlevel\api-ms-win-core-comm-l1-1-0.dll 33
C:\Windows\system32\downlevel\api-ms-win-core-console-l1-1-0.dll 36
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-0.dll 40
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-1.dll 38
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-0.dll 41
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-1.dll 32
C:\Windows\system32\downlevel\api-ms-win-core-delayload-l1-1-0.dll 33
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll 36
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll 38
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-0.dll 33
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-1.dll 40
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-0.dll 40
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-1.dll 38
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-0.dll 38
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-1.dll 36
C:\Windows\system32\downlevel\api-ms-win-core-handle-l1-1-0.dll 40
C:\Windows\system32\downlevel\api-ms-win-core-heap-l1-1-0.dll 43
C:\Windows\system32\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll 41
C:\Windows\system32\downlevel\api-ms-win-core-interlocked-l1-1-0.dll 41
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-1.dll 32
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll 35
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll 40
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll 41
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll 41
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-0.dll 30
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-1.dll 38
C:\Windows\system32\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll 44
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-1.dll 36
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-2.dll 47
C:\Windows\system32\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll 41
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll 44
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll 35
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll 41
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll 40
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-0.dll 36
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-1.dll 36
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-2.dll 40
C:\Windows\system32\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-core-profile-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-core-realtime-l1-1-0.dll 41
C:\Windows\system32\downlevel\api-ms-win-core-registry-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-core-registry-l2-1-0.dll 30
C:\Windows\system32\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll 29
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-core-shutdown-l1-1-0.dll 36
C:\Windows\system32\downlevel\api-ms-win-core-stringansi-l1-1-0.dll 41
C:\Windows\system32\downlevel\api-ms-win-core-string-l1-1-0.dll 50
C:\Windows\system32\downlevel\API-MS-Win-core-string-l2-1-0.dll 35
C:\Windows\system32\downlevel\api-ms-win-core-stringloader-l1-1-1.dll 36
C:\Windows\system32\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll 33
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-1-0.dll 41
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-2-0.dll 43
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll 35
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll 35
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll 36
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-l1-2-0.dll 36
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll 43
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll 41
C:\Windows\system32\downlevel\api-ms-win-core-timezone-l1-1-0.dll 40
C:\Windows\system32\downlevel\api-ms-win-core-url-l1-1-0.dll 35
C:\Windows\system32\downlevel\api-ms-win-core-util-l1-1-0.dll 33
C:\Windows\system32\downlevel\api-ms-win-core-version-l1-1-0.dll 36
C:\Windows\system32\downlevel\api-ms-win-core-wow64-l1-1-0.dll 41
C:\Windows\system32\downlevel\api-ms-win-core-xstate-l1-1-0.dll 40
C:\Windows\system32\downlevel\API-MS-Win-core-xstate-l2-1-0.dll 35
C:\Windows\system32\downlevel\api-ms-win-crt-conio-l1-1-0.dll 44
C:\Windows\system32\downlevel\api-ms-win-crt-convert-l1-1-0.dll 36
C:\Windows\system32\downlevel\api-ms-win-crt-environment-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-crt-heap-l1-1-0.dll 44
C:\Windows\system32\downlevel\api-ms-win-crt-locale-l1-1-0.dll 43
C:\Windows\system32\downlevel\api-ms-win-crt-math-l1-1-0.dll 32
C:\Windows\system32\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll 33
C:\Windows\system32\downlevel\api-ms-win-crt-process-l1-1-0.dll 36
C:\Windows\system32\downlevel\api-ms-win-crt-runtime-l1-1-0.dll 32
C:\Windows\system32\downlevel\api-ms-win-crt-stdio-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-crt-string-l1-1-0.dll 29
C:\Windows\system32\downlevel\api-ms-win-crt-time-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-crt-utility-l1-1-0.dll 33
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-0.dll 35
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-1.dll 36
C:\Windows\system32\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll 33
C:\Windows\system32\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll 40
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll 41
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll 36
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll 40
C:\Windows\system32\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll 44
C:\Windows\system32\downlevel\api-ms-win-security-base-l1-1-0.dll 36
C:\Windows\system32\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll 40
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll 36
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll 43
C:\Windows\system32\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll 35
C:\Windows\system32\downlevel\API-MS-Win-security-provider-L1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-security-sddl-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-0.dll 38
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-1.dll 35
C:\Windows\system32\downlevel\api-ms-win-service-management-l1-1-0.dll 36
C:\Windows\system32\downlevel\api-ms-win-service-management-l2-1-0.dll 40
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-0.dll 36
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-1.dll 36
C:\Windows\system32\downlevel\api-ms-win-service-winsvc-l1-1-0.dll 35
C:\Windows\system32\downlevel\api-ms-win-shcore-stream-l1-1-0.dll 40
C:\Windows\system32\drivers\UMDF\SDFLauncher.dll 35
C:\Windows\system32\DriverStore\FileRepository\sdflauncher.inf_amd64_1ea082c6cf8f6982\SDFLauncher.dll 35
C:\Windows\system32\dsrole.dll 35
C:\Windows\system32\IME\IMETC\IMTCTRLN.DLL 29
C:\Windows\system32\IME\SHARED\IMEDICAPICCPS.DLL 38
C:\Windows\system32\IME\SHARED\IMESEARCHPS.DLL 44
C:\Windows\system32\kd.dll 38
C:\Windows\system32\kd_02_1af4.dll 38
C:\Windows\system32\kd_07_1415.dll 35
C:\Windows\system32\kdnet_uart16550.dll 40
C:\Windows\system32\kdstub.dll 35
C:\Windows\system32\ksuser.dll 41
C:\Windows\system32\microsoft-windows-battery-events.dll 32
C:\Windows\system32\microsoft-windows-hal-events.dll 35
C:\Windows\system32\microsoft-windows-sleepstudy-events.dll 35
C:\Windows\system32\msdmo.dll 32
C:\Windows\system32\NDKPing.exe 27
C:\Windows\system32\oobe\FirstLogonAnim.exe 40
C:\Windows\system32\pcwum.dll 36
C:\Windows\system32\prproc.exe 35
C:\Windows\system32\psapi.dll 49
C:\Windows\system32\ResetEngine.exe 29
C:\WINDOWS\system32\ResetEngine.exe 35
C:\WINDOWS\system32\ScriptRunner.exe 38
C:\Windows\system32\setupetw.dll 32
C:\Windows\system32\sfc.dll 49
C:\Windows\system32\SlideToShutDown.exe 32
C:\Windows\system32\smphost.dll 27
C:\Windows\system32\spwizres.dll 35
C:\Windows\system32\streamci.dll 35
C:\Windows\system32\ttdloader.dll 36
C:\Windows\system32\UtilityVmSysprep.dll 36
C:\Windows\system32\uxlibres.dll 40
C:\Windows\system32\VmApplicationHealthMonitorProxy.dll 36
C:\Windows\system32\wbem\Microsoft.AppV.AppVClientWmi.dll 33
C:\Windows\system32\winnsi.dll 32
C:\Windows\system32\wshhyperv.dll 35
C:\Windows\system32\wshunix.dll 30
C:\Windows\system32\wuauclt.exe 29
C:\Windows\SysWOW64\AppVClientPS.dll 35
C:\Windows\SysWOW64\AppVSentinel.dll 33
C:\Windows\SysWOW64\AppVTerminator.dll 35
C:\Windows\SysWOW64\avrt.dll 35
C:\Windows\SysWOW64\backgroundTaskHost.exe 33
C:\Windows\SysWOW64\BOOTVID.DLL 32
C:\Windows\SysWOW64\CameraSettingsUIHost.exe 35
C:\Windows\SysWOW64\DefaultDeviceManager.dll 35
C:\Windows\SysWOW64\dllhost.exe 29
C:\Windows\SysWOW64\downlevel\api-ms-win-base-util-l1-1-0.dll 33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-com-l1-1-0.dll 40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-comm-l1-1-0.dll 41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-console-l1-1-0.dll 47
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-0.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-1.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-0.dll 35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-1.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-delayload-l1-1-0.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll 46
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll 40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-0.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-1.dll 40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-1-0.dll 41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-0.dll 46
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-1.dll 46
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-0.dll 46
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-1.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-handle-l1-1-0.dll 41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-heap-l1-1-0.dll 33
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll 46
C:\Windows\SysWOW64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll 30
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-0.dll 43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-1.dll 33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll 35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll 38
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll 43
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll 47
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-0.dll 32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-1.dll 40
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll 41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-0.dll 44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-1.dll 35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-2.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll 44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll 35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-0.dll 35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll 41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll 40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll 35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-profile-l1-1-0.dll 43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-realtime-l1-1-0.dll 41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l1-1-0.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l2-1-0.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll 41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll 40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll 44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringansi-l1-1-0.dll 40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-string-l1-1-0.dll 43
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-l2-1-0.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll 46
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll 44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-1-0.dll 33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-2-0.dll 40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll 41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll 46
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll 41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll 35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-timezone-l1-1-0.dll 40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-url-l1-1-0.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-util-l1-1-0.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-version-l1-1-0.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-wow64-l1-1-0.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-xstate-l1-1-0.dll 36
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-xstate-l2-1-0.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-conio-l1-1-0.dll 44
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-convert-l1-1-0.dll 40
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-environment-l1-1-0.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll 33
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-heap-l1-1-0.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-locale-l1-1-0.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-math-l1-1-0.dll 33
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll 33
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-process-l1-1-0.dll 43
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-runtime-l1-1-0.dll 46
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-string-l1-1-0.dll 27
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-time-l1-1-0.dll 49
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-utility-l1-1-0.dll 35
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-0.dll 36
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-1.dll 40
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll 33
C:\Windows\SysWOW64\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll 32
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll 41
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll 38
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll 40
C:\Windows\SysWOW64\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-security-base-l1-1-0.dll 35
C:\Windows\SysWOW64\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll 36
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll 41
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll 38
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll 38
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-provider-L1-1-0.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-security-sddl-l1-1-0.dll 35
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-0.dll 43
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-1.dll 38
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l1-1-0.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l2-1-0.dll 40
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-0.dll 33
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-1.dll 36
C:\Windows\SysWOW64\downlevel\api-ms-win-service-winsvc-l1-1-0.dll 35
C:\Windows\SysWOW64\downlevel\api-ms-win-shcore-stream-l1-1-0.dll 43
C:\Windows\SysWOW64\dsrole.dll 36
C:\Windows\SysWOW64\fltLib.dll 41
C:\Windows\SysWOW64\IME\IMETC\IMTCTRLN.DLL 32
C:\Windows\SysWOW64\IME\SHARED\imecfmps.dll 38
C:\Windows\SysWOW64\IME\SHARED\IMEDICAPICCPS.DLL 38
C:\Windows\SysWOW64\IME\SHARED\IMESEARCHPS.DLL 33
C:\Windows\SysWOW64\ksuser.dll 35
C:\Windows\SysWOW64\LocationFrameworkPS.dll 38
C:\Windows\SysWOW64\pcwum.dll 35
C:\Windows\SysWOW64\sfc.dll 43
C:\Windows\SysWOW64\smphost.dll 29
C:\Windows\SysWOW64\ttdloader.dll 38
C:\Windows\SysWOW64\uxlibres.dll 46
C:\Windows\SysWOW64\wbem\Microsoft.AppV.AppVClientWmi.dll 32
C:\Windows\SysWOW64\winnsi.dll 30
C:\Windows\SysWOW64\wshhyperv.dll 35
C:\Windows\SysWOW64\wshunix.dll 35

Possible Misuse

The following table contains possible examples of psapi.dll being misused. While psapi.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_putterpanda.yar $s2 = “psapi.dll” fullword ascii /* PEStudio Blacklist: strings / / score: ‘5’ / / Goodware String - occured 54 times */ CC BY-NC 4.0
signature-base apt_putterpanda.yar $s6 = “PSAPI.DLL” fullword ascii /* PEStudio Blacklist: strings / / score: ‘5’ / / Goodware String - occured 420 times */ CC BY-NC 4.0
signature-base apt_putterpanda.yar $s19 = “PSAPI.DLL” fullword ascii /* PEStudio Blacklist: strings / / score: ‘4.58’ / / Goodware String - occured 420 times */ CC BY-NC 4.0
signature-base thor-hacktools.yar $s4 = “psapi.dllK” fullword ascii CC BY-NC 4.0
signature-base thor-hacktools.yar $s11 = “\psapi.dll” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020 Strontic.