psapi.dll

File Path: C:\Windows\system32\psapi.dll
Description: Process Status Helper

Hashes

Type	Hash
MD5	`640CB3B45C4AC10F9F1B9A4282E03F33`
SHA1	`27DC9D1265E73E7E39E1D766856AA9153710B947`
SHA256	`110B76F2E35ECDEAC5477E1038D6056E89362265B9E5AC907EB5BD42C4DB3392`
SHA384	`D5A1072EC242EE1F328B5DAAD2F73E31F98610FFA0A5937066B35BA050D80F572C4105CE18A7A0F3659A2236C5747410`
SHA512	`1031E1B0BDA1514EBA41FEE172E87B480005814C812F56CD9CFB9C5219746CF0E068D3881B7AAA1829678701C8EA2E7336EA15A2B944925C81FD68845BE59335`
SSDEEP	`384:x49j+ky82xgn/BdZjORWZrAWRD1IDBRJt9LIKliK:qN7Ig/PZjFlI1PzL`
IMP	`A19426362F5443C7159B76FBEAFD171F`
PESHA1	`9EB56BA901536A1A24918F3DD6F370A5079496D8`
PE256	`AAA71ABC7E7B01D0C01243516E5705575042284937BED893FA545BCD415E4B4E`

DLL Exports:

Function Name	Ordinal	Type
`GetModuleInformation`	18	Exported Function
`GetPerformanceInfo`	19	Exported Function
`GetProcessImageFileNameA`	20	Exported Function
`GetModuleBaseNameW`	15	Exported Function
`GetModuleFileNameExA`	16	Exported Function
`GetModuleFileNameExW`	17	Exported Function
`GetProcessImageFileNameW`	21	Exported Function
`InitializeProcessForWsWatch`	25	Exported Function
`QueryWorkingSet`	26	Exported Function
`QueryWorkingSetEx`	27	Exported Function
`GetProcessMemoryInfo`	22	Exported Function
`GetWsChanges`	23	Exported Function
`GetWsChangesEx`	24	Exported Function
`GetModuleBaseNameA`	14	Exported Function
`EnumPageFilesW`	4	Exported Function
`EnumProcesses`	7	Exported Function
`EnumProcessModules`	5	Exported Function
`EmptyWorkingSet`	1	Exported Function
`EnumDeviceDrivers`	2	Exported Function
`EnumPageFilesA`	3	Exported Function
`EnumProcessModulesEx`	6	Exported Function
`GetDeviceDriverFileNameW`	11	Exported Function
`GetMappedFileNameA`	12	Exported Function
`GetMappedFileNameW`	13	Exported Function
`GetDeviceDriverBaseNameA`	8	Exported Function
`GetDeviceDriverBaseNameW`	9	Exported Function
`GetDeviceDriverFileNameA`	10	Exported Function

Signature

Status: Signature verified.
Serial: 330000026551AE1BBD005CBFBD000000000265
Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: PSAPI
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.19041.1 (WinBuild.160101.0800)
Product Version: 10.0.19041.1
Language: English (United States)
Legal Copyright: Microsoft Corporation. All rights reserved.
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/70
VirusTotal Link: https://www.virustotal.com/gui/file/110b76f2e35ecdeac5477e1038d6056e89362265b9e5ac907eb5bd42c4db3392/detection/

File Similarity (ssdeep match)

File	Score
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe	36
C:\Windows\system32\69fe178f-26e7-43a9-aa7d-2b616b672dde_eventlogservice.dll	35
C:\Windows\system32\AppVClientPS.dll	33
C:\Windows\system32\AppVSentinel.dll	32
C:\Windows\system32\AppVTerminator.dll	36
C:\Windows\system32\avrt.dll	29
C:\Windows\system32\backgroundTaskHost.exe	36
C:\Windows\system32\bootstr.dll	38
C:\Windows\system32\BOOTVID.DLL	33
C:\Windows\system32\computelibeventlog.dll	33
C:\Windows\system32\DefaultDeviceManager.dll	38
C:\Windows\system32\DeviceCensus.exe	25
C:\WINDOWS\system32\DeviceCensus.exe	25
C:\Windows\system32\dllhost.exe	35
C:\Windows\system32\downlevel\api-ms-win-base-util-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-com-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-comm-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-console-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-0.dll	47
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-1.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-1.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-delayload-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-1.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-1.dll	33
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-0.dll	38
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-1.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-handle-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-heap-l1-1-0.dll	43
C:\Windows\system32\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-interlocked-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-1.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll	36
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll	36
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll	46
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-1.dll	36
C:\Windows\system32\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-0.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-1.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-2.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-2.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-profile-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-realtime-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-registry-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-registry-l2-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-shutdown-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-stringansi-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-string-l1-1-0.dll	38
C:\Windows\system32\downlevel\API-MS-Win-core-string-l2-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-stringloader-l1-1-1.dll	35
C:\Windows\system32\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-2-0.dll	47
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-l1-2-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll	44
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-timezone-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-url-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-util-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-version-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-wow64-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-xstate-l1-1-0.dll	40
C:\Windows\system32\downlevel\API-MS-Win-core-xstate-l2-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-crt-conio-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-crt-convert-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-crt-environment-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-crt-heap-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-crt-locale-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-crt-math-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-crt-process-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-crt-runtime-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-crt-stdio-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-crt-string-l1-1-0.dll	30
C:\Windows\system32\downlevel\api-ms-win-crt-time-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-crt-utility-l1-1-0.dll	35
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-0.dll	38
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-1.dll	35
C:\Windows\system32\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll	38
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll	36
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll	38
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll	36
C:\Windows\system32\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll	49
C:\Windows\system32\downlevel\api-ms-win-security-base-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll	35
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll	33
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll	40
C:\Windows\system32\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll	32
C:\Windows\system32\downlevel\API-MS-Win-security-provider-L1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-security-sddl-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-service-management-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-service-management-l2-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-service-winsvc-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-shcore-stream-l1-1-0.dll	41
C:\Windows\system32\drivers\UMDF\SDFLauncher.dll	38
C:\Windows\system32\DriverStore\FileRepository\sdflauncher.inf_amd64_1ea082c6cf8f6982\SDFLauncher.dll	38
C:\Windows\system32\dsrole.dll	33
C:\Windows\system32\IME\IMETC\IMTCTRLN.DLL	29
C:\Windows\system32\IME\SHARED\IMEDICAPICCPS.DLL	35
C:\Windows\system32\IME\SHARED\IMESEARCHPS.DLL	38
C:\Windows\system32\kd.dll	38
C:\Windows\system32\kd_02_1af4.dll	47
C:\Windows\system32\kd_07_1415.dll	33
C:\Windows\system32\kdnet_uart16550.dll	35
C:\Windows\system32\kdstub.dll	36
C:\Windows\system32\ksuser.dll	36
C:\Windows\system32\microsoft-windows-battery-events.dll	33
C:\Windows\system32\microsoft-windows-hal-events.dll	29
C:\Windows\system32\microsoft-windows-sleepstudy-events.dll	32
C:\Windows\system32\msdmo.dll	32
C:\Windows\system32\NDKPing.exe	29
C:\Windows\system32\oobe\FirstLogonAnim.exe	38
C:\Windows\system32\pcwum.dll	36
C:\Windows\system32\prproc.exe	41
C:\Windows\system32\ResetEngine.exe	32
C:\WINDOWS\system32\ResetEngine.exe	46
C:\WINDOWS\system32\ScriptRunner.exe	36
C:\Windows\system32\setupetw.dll	35
C:\Windows\system32\sfc.dll	38
C:\Windows\system32\SlideToShutDown.exe	36
C:\Windows\system32\smphost.dll	32
C:\Windows\system32\spwizres.dll	33
C:\Windows\system32\streamci.dll	32
C:\Windows\system32\ttdloader.dll	41
C:\Windows\system32\UtilityVmSysprep.dll	33
C:\Windows\system32\uxlibres.dll	38
C:\Windows\system32\VmApplicationHealthMonitorProxy.dll	29
C:\Windows\system32\wbem\Microsoft.AppV.AppVClientWmi.dll	36
C:\Windows\system32\winnsi.dll	30
C:\Windows\system32\wshhyperv.dll	36
C:\Windows\system32\wshunix.dll	32
C:\Windows\system32\wuauclt.exe	33
C:\Windows\SysWOW64\AppVClientPS.dll	36
C:\Windows\SysWOW64\AppVSentinel.dll	36
C:\Windows\SysWOW64\AppVTerminator.dll	33
C:\Windows\SysWOW64\avrt.dll	33
C:\Windows\SysWOW64\backgroundTaskHost.exe	35
C:\Windows\SysWOW64\BOOTVID.DLL	33
C:\Windows\SysWOW64\CameraSettingsUIHost.exe	38
C:\Windows\SysWOW64\DefaultDeviceManager.dll	38
C:\Windows\SysWOW64\dllhost.exe	35
C:\Windows\SysWOW64\downlevel\api-ms-win-base-util-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-com-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-comm-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-console-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-1.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-1.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-delayload-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll	47
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-1.dll	36
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-0.dll	36
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-handle-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-heap-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-1.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-1.dll	36
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-2.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-profile-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-realtime-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l2-1-0.dll	46
C:\Windows\SysWOW64\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringansi-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-string-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-l2-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll	36
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-2-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-timezone-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-url-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-util-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-version-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-wow64-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-xstate-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-xstate-l2-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-conio-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-convert-l1-1-0.dll	49
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-environment-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-heap-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-locale-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-math-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-process-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-runtime-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-string-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-time-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-utility-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-1.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-security-base-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-provider-L1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-security-sddl-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-1.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l2-1-0.dll	47
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-service-winsvc-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-shcore-stream-l1-1-0.dll	46
C:\Windows\SysWOW64\dsrole.dll	33
C:\Windows\SysWOW64\fltLib.dll	35
C:\Windows\SysWOW64\IME\IMETC\IMTCTRLN.DLL	38
C:\Windows\SysWOW64\IME\SHARED\imecfmps.dll	41
C:\Windows\SysWOW64\IME\SHARED\IMEDICAPICCPS.DLL	32
C:\Windows\SysWOW64\IME\SHARED\IMESEARCHPS.DLL	38
C:\Windows\SysWOW64\ksuser.dll	40
C:\Windows\SysWOW64\LocationFrameworkPS.dll	40
C:\Windows\SysWOW64\pcwum.dll	33
C:\Windows\SysWOW64\psapi.dll	49
C:\Windows\SysWOW64\sfc.dll	36
C:\Windows\SysWOW64\smphost.dll	33
C:\Windows\SysWOW64\ttdloader.dll	33
C:\Windows\SysWOW64\uxlibres.dll	35
C:\Windows\SysWOW64\wbem\Microsoft.AppV.AppVClientWmi.dll	36
C:\Windows\SysWOW64\winnsi.dll	38
C:\Windows\SysWOW64\wshhyperv.dll	33
C:\Windows\SysWOW64\wshunix.dll	33

Possible Misuse

The following table contains possible examples of psapi.dll being misused. While psapi.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
signature-base	apt_putterpanda.yar	$s2 = “psapi.dll” fullword ascii /* PEStudio Blacklist: strings / / score: ‘5’ / / Goodware String - occured 54 times */	CC BY-NC 4.0
signature-base	apt_putterpanda.yar	$s6 = “PSAPI.DLL” fullword ascii /* PEStudio Blacklist: strings / / score: ‘5’ / / Goodware String - occured 420 times */	CC BY-NC 4.0
signature-base	apt_putterpanda.yar	$s19 = “PSAPI.DLL” fullword ascii /* PEStudio Blacklist: strings / / score: ‘4.58’ / / Goodware String - occured 420 times */	CC BY-NC 4.0
signature-base	thor-hacktools.yar	$s11 = “\psapi.dll” fullword ascii	CC BY-NC 4.0