qingshellext64.dll

Description: qingbangong shellext64

Authors: Copyright©2025 Kingsoft Corporation. All rights reserved.

Version: 12.1.0.23542

Architecture: 64-bit

Operating System: Windows NT

SHA256: 6448ec986f61185957dd88e446c9fb82

File Size: 777.5 KB

Uploaded At: Dec. 4, 2025, 6:12 a.m.

Views: 5

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • DllCanUnloadNow (Ordinal: 1, Address: 0x33b0)
  • DllGetClassObject (Ordinal: 2, Address: 0x3430)
  • DllInstall (Ordinal: 3, Address: 0x35e0)
  • DllRegisterServer (Ordinal: 4, Address: 0x3620)
  • DllUnregisterServer (Ordinal: 5, Address: 0x41f0)

Imported DLLs & Functions

KERNEL32.dll
  • AcquireSRWLockExclusive (Address: 0x18007e328)
  • AreFileApisANSI (Address: 0x18007e360)
  • CloseHandle (Address: 0x18007e0d8)
  • CreateEventW (Address: 0x18007e188)
  • CreateFileMappingW (Address: 0x18007e238)
  • CreateFileW (Address: 0x18007e0c0)
  • CreateMutexW (Address: 0x18007e228)
  • CreateToolhelp32Snapshot (Address: 0x18007e208)
  • DecodePointer (Address: 0x18007e000)
  • DeleteCriticalSection (Address: 0x18007e020)
  • DeleteFileW (Address: 0x18007e118)
  • DeviceIoControl (Address: 0x18007e1f0)
  • DisableThreadLibraryCalls (Address: 0x18007e028)
  • EncodePointer (Address: 0x18007e038)
  • EnterCriticalSection (Address: 0x18007e070)
  • EnumSystemLocalesW (Address: 0x18007e460)
  • ExitProcess (Address: 0x18007e428)
  • ExpandEnvironmentStringsW (Address: 0x18007e298)
  • FindClose (Address: 0x18007e120)
  • FindFirstFileExW (Address: 0x18007e340)
  • FindFirstFileW (Address: 0x18007e128)
  • FindNextFileW (Address: 0x18007e130)
  • FindResourceExW (Address: 0x18007e080)
  • FindResourceW (Address: 0x18007e0b8)
  • FlushFileBuffers (Address: 0x18007e478)
  • FormatMessageA (Address: 0x18007e308)
  • FreeEnvironmentStringsW (Address: 0x18007e4b8)
  • FreeLibrary (Address: 0x18007e100)
  • FreeResource (Address: 0x18007e1c8)
  • GetACP (Address: 0x18007e498)
  • GetCommandLineA (Address: 0x18007e4a8)
  • GetCommandLineW (Address: 0x18007e258)
  • GetConsoleCP (Address: 0x18007e480)
  • GetConsoleMode (Address: 0x18007e468)
  • GetCPInfo (Address: 0x18007e380)
  • GetCurrentProcess (Address: 0x18007e2a0)
  • GetCurrentProcessId (Address: 0x18007e2a8)
  • GetCurrentThread (Address: 0x18007e2b0)
  • GetCurrentThreadId (Address: 0x18007e190)
  • GetDriveTypeW (Address: 0x18007e1e8)
  • GetEnvironmentStringsW (Address: 0x18007e4b0)
  • GetEnvironmentVariableW (Address: 0x18007e288)
  • GetFileAttributesExW (Address: 0x18007e348)
  • GetFileAttributesW (Address: 0x18007e1b8)
  • GetFileInformationByHandleEx (Address: 0x18007e368)
  • GetFileSizeEx (Address: 0x18007e488)
  • GetFileType (Address: 0x18007e438)
  • GetLastError (Address: 0x18007e010)
  • GetLocaleInfoW (Address: 0x18007e448)
  • GetLongPathNameW (Address: 0x18007e2d0)
  • GetModuleFileNameW (Address: 0x18007e088)
  • GetModuleHandleExW (Address: 0x18007e1f8)
  • GetModuleHandleW (Address: 0x18007e090)
  • GetOEMCP (Address: 0x18007e4a0)
  • GetPrivateProfileIntW (Address: 0x18007e270)
  • GetPrivateProfileStringW (Address: 0x18007e278)
  • GetProcAddress (Address: 0x18007e098)
  • GetProcessHeap (Address: 0x18007e068)
  • GetProcessId (Address: 0x18007e160)
  • GetStartupInfoW (Address: 0x18007e3e0)
  • GetStdHandle (Address: 0x18007e430)
  • GetStringTypeW (Address: 0x18007e310)
  • GetSystemDirectoryW (Address: 0x18007e260)
  • GetSystemInfo (Address: 0x18007e2f0)
  • GetSystemTimeAsFileTime (Address: 0x18007e378)
  • GetSystemWow64DirectoryW (Address: 0x18007e198)
  • GetTempFileNameW (Address: 0x18007e138)
  • GetTempPathW (Address: 0x18007e150)
  • GetUserDefaultLCID (Address: 0x18007e458)
  • GetUserDefaultUILanguage (Address: 0x18007e280)
  • GlobalAlloc (Address: 0x18007e1d0)
  • GlobalFree (Address: 0x18007e1d8)
  • GlobalLock (Address: 0x18007e1a8)
  • GlobalUnlock (Address: 0x18007e1a0)
  • HeapAlloc (Address: 0x18007e048)
  • HeapDestroy (Address: 0x18007e040)
  • HeapFree (Address: 0x18007e058)
  • HeapReAlloc (Address: 0x18007e050)
  • HeapSize (Address: 0x18007e060)
  • InitializeCriticalSectionAndSpinCount (Address: 0x18007e018)
  • InitializeCriticalSectionEx (Address: 0x18007e330)
  • InitializeSListHead (Address: 0x18007e3d8)
  • InitializeSRWLock (Address: 0x18007e318)
  • InterlockedFlushSList (Address: 0x18007e3f8)
  • IsDebuggerPresent (Address: 0x18007e388)
  • IsProcessorFeaturePresent (Address: 0x18007e3d0)
  • IsValidCodePage (Address: 0x18007e490)
  • IsValidLocale (Address: 0x18007e450)
  • LCMapStringEx (Address: 0x18007e370)
  • LCMapStringW (Address: 0x18007e440)
  • LeaveCriticalSection (Address: 0x18007e078)
  • LoadLibraryExA (Address: 0x18007e300)
  • LoadLibraryExW (Address: 0x18007e108)
  • LoadLibraryW (Address: 0x18007e200)
  • LoadResource (Address: 0x18007e0a0)
  • LocalFree (Address: 0x18007e168)
  • LockResource (Address: 0x18007e0a8)
  • lstrcmpiW (Address: 0x18007e110)
  • lstrlenW (Address: 0x18007e268)
  • MapViewOfFile (Address: 0x18007e248)
  • MulDiv (Address: 0x18007e1e0)
  • MultiByteToWideChar (Address: 0x18007e0f0)
  • OpenFileMappingW (Address: 0x18007e240)
  • OpenMutexW (Address: 0x18007e158)
  • OpenProcess (Address: 0x18007e2c0)
  • OutputDebugStringW (Address: 0x18007e030)
  • Process32FirstW (Address: 0x18007e210)
  • Process32NextW (Address: 0x18007e218)
  • ProcessIdToSessionId (Address: 0x18007e2b8)
  • QueryPerformanceCounter (Address: 0x18007e2d8)
  • QueryPerformanceFrequency (Address: 0x18007e2e0)
  • RaiseException (Address: 0x18007e008)
  • ReadConsoleW (Address: 0x18007e470)
  • ReadFile (Address: 0x18007e0c8)
  • ReleaseMutex (Address: 0x18007e220)
  • ReleaseSRWLockExclusive (Address: 0x18007e320)
  • ResetEvent (Address: 0x18007e390)
  • RtlCaptureContext (Address: 0x18007e3a0)
  • RtlLookupFunctionEntry (Address: 0x18007e3a8)
  • RtlPcToFileHeader (Address: 0x18007e3f0)
  • RtlUnwind (Address: 0x18007e4c8)
  • RtlUnwindEx (Address: 0x18007e3e8)
  • RtlVirtualUnwind (Address: 0x18007e3b0)
  • SetEndOfFile (Address: 0x18007e350)
  • SetEnvironmentVariableW (Address: 0x18007e290)
  • SetEvent (Address: 0x18007e178)
  • SetFileAttributesW (Address: 0x18007e140)
  • SetFilePointer (Address: 0x18007e148)
  • SetFilePointerEx (Address: 0x18007e358)
  • SetLastError (Address: 0x18007e2c8)
  • SetNamedPipeHandleState (Address: 0x18007e0e0)
  • SetStdHandle (Address: 0x18007e4c0)
  • SetUnhandledExceptionFilter (Address: 0x18007e3c0)
  • SizeofResource (Address: 0x18007e0b0)
  • Sleep (Address: 0x18007e170)
  • TerminateProcess (Address: 0x18007e3c8)
  • TlsAlloc (Address: 0x18007e400)
  • TlsFree (Address: 0x18007e418)
  • TlsGetValue (Address: 0x18007e408)
  • TlsSetValue (Address: 0x18007e410)
  • TryEnterCriticalSection (Address: 0x18007e338)
  • UnhandledExceptionFilter (Address: 0x18007e3b8)
  • UnmapViewOfFile (Address: 0x18007e250)
  • VerifyVersionInfoW (Address: 0x18007e1c0)
  • VerSetConditionMask (Address: 0x18007e1b0)
  • VirtualAlloc (Address: 0x18007e420)
  • VirtualProtect (Address: 0x18007e2f8)
  • VirtualQuery (Address: 0x18007e230)
  • WaitForSingleObject (Address: 0x18007e180)
  • WaitForSingleObjectEx (Address: 0x18007e398)
  • WaitNamedPipeW (Address: 0x18007e0e8)
  • WideCharToMultiByte (Address: 0x18007e0f8)
  • WriteConsoleW (Address: 0x18007e2e8)
  • WriteFile (Address: 0x18007e0d0)