pwrshsip.dll

Description: Crypto SIP provider for signing and verifying PowerShell script files (.ps1/.ps1xml)

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 32-bit

Operating System: Windows NT

SHA256: 4533e1887e9e4bc64ea6e4db5d22b787

File Size: 22.5 KB

Uploaded At: Dec. 1, 2025, 8:11 a.m.

Views: 13

Exported Functions

  • PsCreateHash (Ordinal: 1, Address: 0x44c0)
  • PsDelSignature (Ordinal: 2, Address: 0x4590)
  • PsGetSignature (Ordinal: 3, Address: 0x43d0)
  • PsIsMyFileType (Ordinal: 4, Address: 0x4600)
  • PsPutSignature (Ordinal: 5, Address: 0x4450)
  • PsVerifyHash (Ordinal: 6, Address: 0x4520)
  • DllRegisterServer (Ordinal: 7, Address: 0x46d0)
  • DllUnregisterServer (Ordinal: 8, Address: 0x47c0)

Imported DLLs & Functions

ADVAPI32.dll
  • CryptAcquireContextW (Address: 0x10007018)
  • CryptCreateHash (Address: 0x10007010)
  • CryptDestroyHash (Address: 0x10007000)
  • CryptGetHashParam (Address: 0x10007004)
  • CryptGetProvParam (Address: 0x1000700c)
  • CryptHashData (Address: 0x10007008)
  • CryptReleaseContext (Address: 0x10007014)
CRYPT32.dll
  • CertOIDToAlgId (Address: 0x10007024)
  • CryptBinaryToStringW (Address: 0x10007030)
  • CryptEncodeObject (Address: 0x10007028)
  • CryptFindOIDInfo (Address: 0x10007020)
  • CryptSIPAddProvider (Address: 0x10007034)
  • CryptSIPRemoveProvider (Address: 0x10007038)
  • CryptStringToBinaryW (Address: 0x1000702c)
KERNEL32.dll
  • CloseHandle (Address: 0x10007044)
  • CreateFileW (Address: 0x10007048)
  • GetCurrentProcess (Address: 0x1000706c)
  • GetCurrentProcessId (Address: 0x10007094)
  • GetCurrentThreadId (Address: 0x10007084)
  • GetFileSizeEx (Address: 0x1000704c)
  • GetLastError (Address: 0x10007040)
  • GetModuleFileNameW (Address: 0x10007088)
  • GetSystemTimeAsFileTime (Address: 0x10007080)
  • GetTickCount (Address: 0x1000707c)
  • MultiByteToWideChar (Address: 0x10007064)
  • QueryPerformanceCounter (Address: 0x10007090)
  • ReadFile (Address: 0x10007058)
  • SetEndOfFile (Address: 0x10007050)
  • SetFilePointerEx (Address: 0x10007054)
  • SetLastError (Address: 0x10007070)
  • SetUnhandledExceptionFilter (Address: 0x10007074)
  • Sleep (Address: 0x1000708c)
  • TerminateProcess (Address: 0x10007068)
  • UnhandledExceptionFilter (Address: 0x10007078)
  • WideCharToMultiByte (Address: 0x10007060)
  • WriteFile (Address: 0x1000705c)
msvcrt.dll
  • _amsg_exit (Address: 0x100070c0)
  • _callnewh (Address: 0x100070ac)
  • _except_handler4_common (Address: 0x100070b8)
  • _initterm (Address: 0x100070bc)
  • _purecall (Address: 0x100070a4)
  • _wcsicmp (Address: 0x100070b0)
  • _XcptFilter (Address: 0x100070c8)
  • free (Address: 0x100070c4)
  • malloc (Address: 0x100070a8)
  • memcmp (Address: 0x100070cc)
  • memcpy (Address: 0x100070a0)
  • memset (Address: 0x100070d0)
  • wcsncmp (Address: 0x100070b4)
  • wcsrchr (Address: 0x1000709c)