perfproc.dll

Description: Windows System Process Performance Objects DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 32-bit

Operating System: Windows NT

SHA256: f5e0efec54fa7be778b2fb4d9cc9204e

File Size: 38.5 KB

Uploaded At: Dec. 1, 2025, 8:02 a.m.

Views: 10

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • CloseSysProcessObject (Ordinal: 1, Address: 0x5420)
  • CollectSysProcessObjectData (Ordinal: 2, Address: 0x2230)
  • OpenSysProcessObject (Ordinal: 3, Address: 0x56f0)

Imported DLLs & Functions

api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x1000900c)
  • SetLastError (Address: 0x10009008)
  • SetUnhandledExceptionFilter (Address: 0x10009000)
  • UnhandledExceptionFilter (Address: 0x10009004)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x10009014)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x10009020)
  • HeapAlloc (Address: 0x10009024)
  • HeapFree (Address: 0x1000901c)
api-ms-win-core-job-l2-1-0.dll
  • QueryInformationJobObject (Address: 0x1000902c)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x10009034)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x1000903c)
  • GetCurrentProcessId (Address: 0x1000904c)
  • GetCurrentThreadId (Address: 0x10009040)
  • OpenProcessToken (Address: 0x10009048)
  • TerminateProcess (Address: 0x10009044)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x10009054)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x1000905c)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringOrdinal (Address: 0x10009064)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x1000906c)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemInfo (Address: 0x10009074)
  • GetSystemTimeAsFileTime (Address: 0x10009078)
  • GetTickCount (Address: 0x1000907c)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventRegister (Address: 0x1000908c)
  • EventUnregister (Address: 0x10009088)
  • EventWriteTransfer (Address: 0x10009084)
api-ms-win-security-base-l1-1-0.dll
  • AdjustTokenPrivileges (Address: 0x10009094)
msvcrt.dll
  • _amsg_exit (Address: 0x100090a4)
  • _except_handler4_common (Address: 0x100090ac)
  • _initterm (Address: 0x1000909c)
  • _XcptFilter (Address: 0x100090b8)
  • free (Address: 0x100090a8)
  • malloc (Address: 0x100090a0)
  • memcpy (Address: 0x100090b4)
  • memmove (Address: 0x100090bc)
  • memset (Address: 0x100090c0)
  • wcsncmp (Address: 0x100090b0)
ntdll.dll
  • NtClose (Address: 0x1000910c)
  • NtGetContextThread (Address: 0x10009110)
  • NtOpenDirectoryObject (Address: 0x100090d8)
  • NtOpenJobObject (Address: 0x100090d4)
  • NtOpenKey (Address: 0x100090fc)
  • NtOpenProcess (Address: 0x100090e4)
  • NtOpenThread (Address: 0x10009114)
  • NtQueryDirectoryObject (Address: 0x100090d0)
  • NtQueryInformationProcess (Address: 0x100090e8)
  • NtQueryObject (Address: 0x100090cc)
  • NtQuerySystemInformation (Address: 0x10009104)
  • NtQueryValueKey (Address: 0x100090f0)
  • NtQueryVirtualMemory (Address: 0x10009118)
  • NtReadVirtualMemory (Address: 0x100090dc)
  • RtlAppendUnicodeToString (Address: 0x10009100)
  • RtlCopyUnicodeString (Address: 0x100090e0)
  • RtlInitUnicodeString (Address: 0x100090f8)
  • RtlInt64ToUnicodeString (Address: 0x100090c8)
  • RtlIntegerToUnicodeString (Address: 0x10009108)
  • RtlNtStatusToDosError (Address: 0x100090f4)
  • RtlQueryHeapInformation (Address: 0x100090ec)