qingshellext64.dll

Description: qingbangong shellext64

Authors: Copyright©2025 Kingsoft Corporation. All rights reserved.

Version: 12.1.0.23125

Architecture: 64-bit

Operating System: Windows NT

SHA256: a234a6d217abbde62691b9d5e7b0b0e3

File Size: 839.5 KB

Uploaded At: Dec. 4, 2025, 6:11 a.m.

Views: 3

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x33b0)
  • DllGetClassObject (Ordinal: 2, Address: 0x3430)
  • DllInstall (Ordinal: 3, Address: 0x35e0)
  • DllRegisterServer (Ordinal: 4, Address: 0x3620)
  • DllUnregisterServer (Ordinal: 5, Address: 0x41f0)

Imported DLLs & Functions

KERNEL32.dll
  • AcquireSRWLockExclusive (Address: 0x18008b348)
  • AreFileApisANSI (Address: 0x18008b380)
  • CloseHandle (Address: 0x18008b0d8)
  • CreateEventW (Address: 0x18008b190)
  • CreateFileA (Address: 0x18008b2e8)
  • CreateFileMappingW (Address: 0x18008b248)
  • CreateFileW (Address: 0x18008b0c0)
  • CreateMutexW (Address: 0x18008b238)
  • CreateThread (Address: 0x18008b2f0)
  • CreateToolhelp32Snapshot (Address: 0x18008b218)
  • DecodePointer (Address: 0x18008b000)
  • DeleteCriticalSection (Address: 0x18008b020)
  • DeleteFileW (Address: 0x18008b118)
  • DeviceIoControl (Address: 0x18008b200)
  • DisableThreadLibraryCalls (Address: 0x18008b028)
  • EncodePointer (Address: 0x18008b038)
  • EnterCriticalSection (Address: 0x18008b070)
  • EnumSystemLocalesW (Address: 0x18008b490)
  • ExitProcess (Address: 0x18008b458)
  • ExitThread (Address: 0x18008b440)
  • ExpandEnvironmentStringsW (Address: 0x18008b2a8)
  • FindClose (Address: 0x18008b120)
  • FindFirstFileExW (Address: 0x18008b360)
  • FindFirstFileW (Address: 0x18008b128)
  • FindNextFileW (Address: 0x18008b130)
  • FindResourceExW (Address: 0x18008b080)
  • FindResourceW (Address: 0x18008b0b8)
  • FlushFileBuffers (Address: 0x18008b4a8)
  • FormatMessageA (Address: 0x18008b328)
  • FreeEnvironmentStringsW (Address: 0x18008b4e8)
  • FreeLibrary (Address: 0x18008b100)
  • FreeLibraryAndExitThread (Address: 0x18008b448)
  • FreeResource (Address: 0x18008b1d8)
  • GetACP (Address: 0x18008b4c8)
  • GetCommandLineA (Address: 0x18008b4d8)
  • GetCommandLineW (Address: 0x18008b268)
  • GetConsoleCP (Address: 0x18008b4b0)
  • GetConsoleMode (Address: 0x18008b498)
  • GetCPInfo (Address: 0x18008b3a0)
  • GetCurrentProcess (Address: 0x18008b2b0)
  • GetCurrentProcessId (Address: 0x18008b2b8)
  • GetCurrentThread (Address: 0x18008b2c0)
  • GetCurrentThreadId (Address: 0x18008b1a0)
  • GetDriveTypeW (Address: 0x18008b1f8)
  • GetEnvironmentStringsW (Address: 0x18008b4e0)
  • GetEnvironmentVariableW (Address: 0x18008b298)
  • GetFileAttributesExW (Address: 0x18008b368)
  • GetFileAttributesW (Address: 0x18008b1c8)
  • GetFileInformationByHandleEx (Address: 0x18008b388)
  • GetFileSizeEx (Address: 0x18008b4b8)
  • GetFileType (Address: 0x18008b468)
  • GetLastError (Address: 0x18008b010)
  • GetLocaleInfoW (Address: 0x18008b478)
  • GetLongPathNameW (Address: 0x18008b2e0)
  • GetModuleFileNameW (Address: 0x18008b088)
  • GetModuleHandleExW (Address: 0x18008b208)
  • GetModuleHandleW (Address: 0x18008b090)
  • GetOEMCP (Address: 0x18008b4d0)
  • GetPrivateProfileIntW (Address: 0x18008b280)
  • GetPrivateProfileStringW (Address: 0x18008b288)
  • GetProcAddress (Address: 0x18008b098)
  • GetProcessHeap (Address: 0x18008b068)
  • GetProcessId (Address: 0x18008b160)
  • GetStartupInfoW (Address: 0x18008b400)
  • GetStdHandle (Address: 0x18008b460)
  • GetStringTypeW (Address: 0x18008b330)
  • GetSystemDirectoryW (Address: 0x18008b270)
  • GetSystemInfo (Address: 0x18008b310)
  • GetSystemTimeAsFileTime (Address: 0x18008b398)
  • GetSystemWow64DirectoryW (Address: 0x18008b1a8)
  • GetTempFileNameW (Address: 0x18008b138)
  • GetTempPathW (Address: 0x18008b150)
  • GetUserDefaultLCID (Address: 0x18008b488)
  • GetUserDefaultUILanguage (Address: 0x18008b290)
  • GlobalAlloc (Address: 0x18008b1e0)
  • GlobalFree (Address: 0x18008b1e8)
  • GlobalLock (Address: 0x18008b1b8)
  • GlobalUnlock (Address: 0x18008b1b0)
  • HeapAlloc (Address: 0x18008b048)
  • HeapDestroy (Address: 0x18008b040)
  • HeapFree (Address: 0x18008b058)
  • HeapReAlloc (Address: 0x18008b050)
  • HeapSize (Address: 0x18008b060)
  • InitializeCriticalSection (Address: 0x18008b178)
  • InitializeCriticalSectionAndSpinCount (Address: 0x18008b018)
  • InitializeCriticalSectionEx (Address: 0x18008b350)
  • InitializeSListHead (Address: 0x18008b3f8)
  • InitializeSRWLock (Address: 0x18008b338)
  • InterlockedFlushSList (Address: 0x18008b418)
  • IsDebuggerPresent (Address: 0x18008b3a8)
  • IsProcessorFeaturePresent (Address: 0x18008b3f0)
  • IsValidCodePage (Address: 0x18008b4c0)
  • IsValidLocale (Address: 0x18008b480)
  • LCMapStringEx (Address: 0x18008b390)
  • LCMapStringW (Address: 0x18008b470)
  • LeaveCriticalSection (Address: 0x18008b078)
  • LoadLibraryExA (Address: 0x18008b320)
  • LoadLibraryExW (Address: 0x18008b108)
  • LoadLibraryW (Address: 0x18008b210)
  • LoadResource (Address: 0x18008b0a0)
  • LocalFree (Address: 0x18008b168)
  • LockResource (Address: 0x18008b0a8)
  • lstrcmpiW (Address: 0x18008b110)
  • lstrlenW (Address: 0x18008b278)
  • MapViewOfFile (Address: 0x18008b258)
  • MulDiv (Address: 0x18008b1f0)
  • MultiByteToWideChar (Address: 0x18008b0f0)
  • OpenFileMappingW (Address: 0x18008b250)
  • OpenMutexW (Address: 0x18008b158)
  • OpenProcess (Address: 0x18008b2d0)
  • OutputDebugStringW (Address: 0x18008b030)
  • Process32FirstW (Address: 0x18008b220)
  • Process32NextW (Address: 0x18008b228)
  • ProcessIdToSessionId (Address: 0x18008b2c8)
  • QueryPerformanceCounter (Address: 0x18008b2f8)
  • QueryPerformanceFrequency (Address: 0x18008b300)
  • RaiseException (Address: 0x18008b008)
  • ReadConsoleW (Address: 0x18008b4a0)
  • ReadFile (Address: 0x18008b0c8)
  • ReleaseMutex (Address: 0x18008b230)
  • ReleaseSRWLockExclusive (Address: 0x18008b340)
  • ResetEvent (Address: 0x18008b3b0)
  • RtlCaptureContext (Address: 0x18008b3c0)
  • RtlLookupFunctionEntry (Address: 0x18008b3c8)
  • RtlPcToFileHeader (Address: 0x18008b410)
  • RtlUnwind (Address: 0x18008b4f8)
  • RtlUnwindEx (Address: 0x18008b408)
  • RtlVirtualUnwind (Address: 0x18008b3d0)
  • SetEndOfFile (Address: 0x18008b370)
  • SetEnvironmentVariableW (Address: 0x18008b2a0)
  • SetEvent (Address: 0x18008b180)
  • SetFileAttributesW (Address: 0x18008b140)
  • SetFilePointer (Address: 0x18008b148)
  • SetFilePointerEx (Address: 0x18008b378)
  • SetLastError (Address: 0x18008b2d8)
  • SetNamedPipeHandleState (Address: 0x18008b0e0)
  • SetStdHandle (Address: 0x18008b4f0)
  • SetUnhandledExceptionFilter (Address: 0x18008b3e0)
  • SizeofResource (Address: 0x18008b0b0)
  • Sleep (Address: 0x18008b170)
  • TerminateProcess (Address: 0x18008b3e8)
  • TerminateThread (Address: 0x18008b198)
  • TlsAlloc (Address: 0x18008b420)
  • TlsFree (Address: 0x18008b438)
  • TlsGetValue (Address: 0x18008b428)
  • TlsSetValue (Address: 0x18008b430)
  • TryEnterCriticalSection (Address: 0x18008b358)
  • UnhandledExceptionFilter (Address: 0x18008b3d8)
  • UnmapViewOfFile (Address: 0x18008b260)
  • VerifyVersionInfoW (Address: 0x18008b1d0)
  • VerSetConditionMask (Address: 0x18008b1c0)
  • VirtualAlloc (Address: 0x18008b450)
  • VirtualProtect (Address: 0x18008b318)
  • VirtualQuery (Address: 0x18008b240)
  • WaitForSingleObject (Address: 0x18008b188)
  • WaitForSingleObjectEx (Address: 0x18008b3b8)
  • WaitNamedPipeW (Address: 0x18008b0e8)
  • WideCharToMultiByte (Address: 0x18008b0f8)
  • WriteConsoleW (Address: 0x18008b308)
  • WriteFile (Address: 0x18008b0d0)