ksandbox.dll

Description:

Authors: Copyright©2025 Kingsoft Corporation. All rights reserved.

Version: 12.9.0.23662

Architecture: 32-bit

Operating System: Windows NT

SHA256: 36c750424d6a0044830781c288df4bba

File Size: 160.0 KB

Uploaded At: Dec. 4, 2025, 6:16 a.m.

Views: 10

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, VirtualAllocEx, OpenProcess

Exported Functions

  • Exec (Ordinal: 1, Address: 0x1fb0)
  • GetSandboxManager (Ordinal: 2, Address: 0x1fd0)
  • ReHook (Ordinal: 3, Address: 0x1fe0)
  • ReInitSpinLock (Ordinal: 4, Address: 0x1ff0)

Imported DLLs & Functions

api-ms-win-crt-heap-l1-1-0.dll
  • _callnewh (Address: 0x1001814c)
  • free (Address: 0x10018150)
  • malloc (Address: 0x10018154)
api-ms-win-crt-math-l1-1-0.dll
  • ceil (Address: 0x1001815c)
api-ms-win-crt-runtime-l1-1-0.dll
  • _cexit (Address: 0x10018174)
  • _configure_narrow_argv (Address: 0x10018180)
  • _crt_atexit (Address: 0x1001817c)
  • _errno (Address: 0x10018170)
  • _execute_onexit_table (Address: 0x10018184)
  • _initialize_narrow_environment (Address: 0x10018190)
  • _initialize_onexit_table (Address: 0x1001818c)
  • _initterm (Address: 0x1001816c)
  • _initterm_e (Address: 0x10018164)
  • _invalid_parameter_noinfo (Address: 0x10018168)
  • _invalid_parameter_noinfo_noreturn (Address: 0x10018194)
  • _register_onexit_function (Address: 0x10018188)
  • _seh_filter_dll (Address: 0x10018178)
api-ms-win-crt-stdio-l1-1-0.dll
  • __stdio_common_vsnwprintf_s (Address: 0x1001819c)
  • __stdio_common_vswprintf_s (Address: 0x100181a0)
api-ms-win-crt-string-l1-1-0.dll
  • _wcsicmp (Address: 0x100181b0)
  • _wcsnicmp (Address: 0x100181a8)
  • wcsncpy_s (Address: 0x100181ac)
KERNEL32.dll
  • CloseHandle (Address: 0x10018078)
  • CreateEventW (Address: 0x1001807c)
  • CreateToolhelp32Snapshot (Address: 0x1001809c)
  • DeleteCriticalSection (Address: 0x100180b4)
  • DisableThreadLibraryCalls (Address: 0x10018008)
  • EnterCriticalSection (Address: 0x10018038)
  • ExpandEnvironmentStringsW (Address: 0x10018090)
  • FindFirstVolumeW (Address: 0x10018058)
  • FindNextVolumeW (Address: 0x1001805c)
  • FindVolumeClose (Address: 0x10018060)
  • FlushInstructionCache (Address: 0x100180ec)
  • FreeLibrary (Address: 0x10018088)
  • GetCurrentProcess (Address: 0x1001803c)
  • GetCurrentProcessId (Address: 0x10018074)
  • GetCurrentThread (Address: 0x10018040)
  • GetCurrentThreadId (Address: 0x100180d8)
  • GetEnvironmentVariableW (Address: 0x10018054)
  • GetLastError (Address: 0x1001806c)
  • GetModuleFileNameW (Address: 0x10018070)
  • GetModuleHandleExW (Address: 0x100180d0)
  • GetModuleHandleW (Address: 0x1001804c)
  • GetNativeSystemInfo (Address: 0x100180bc)
  • GetProcAddress (Address: 0x10018050)
  • GetProductInfo (Address: 0x100180c0)
  • GetSystemDirectoryW (Address: 0x10018080)
  • GetSystemInfo (Address: 0x10018108)
  • GetSystemTimeAsFileTime (Address: 0x1001800c)
  • GetSystemWow64DirectoryW (Address: 0x10018084)
  • GetThreadContext (Address: 0x100180e4)
  • GetUserDefaultLangID (Address: 0x100180d4)
  • GetVersionExW (Address: 0x100180b8)
  • GetVolumePathNamesForVolumeNameW (Address: 0x10018068)
  • InitializeCriticalSectionAndSpinCount (Address: 0x100180b0)
  • InitializeSListHead (Address: 0x10018004)
  • IsDebuggerPresent (Address: 0x10018014)
  • IsProcessorFeaturePresent (Address: 0x10018018)
  • IsWow64Process (Address: 0x100180c4)
  • LeaveCriticalSection (Address: 0x10018034)
  • LoadLibraryExA (Address: 0x10018100)
  • LoadLibraryExW (Address: 0x10018104)
  • LoadLibraryW (Address: 0x1001808c)
  • OpenProcess (Address: 0x10018098)
  • OutputDebugStringW (Address: 0x10018000)
  • Process32FirstW (Address: 0x100180a0)
  • Process32NextW (Address: 0x100180a4)
  • ProcessIdToSessionId (Address: 0x10018094)
  • QueryDosDeviceW (Address: 0x10018064)
  • QueryPerformanceCounter (Address: 0x10018010)
  • RaiseException (Address: 0x100180ac)
  • ReadProcessMemory (Address: 0x100180c8)
  • ResetEvent (Address: 0x1001802c)
  • ResumeThread (Address: 0x100180e0)
  • SetEvent (Address: 0x10018030)
  • SetLastError (Address: 0x100180a8)
  • SetThreadContext (Address: 0x100180e8)
  • SetUnhandledExceptionFilter (Address: 0x10018020)
  • SuspendThread (Address: 0x100180dc)
  • TerminateProcess (Address: 0x1001801c)
  • UnhandledExceptionFilter (Address: 0x10018024)
  • VirtualAlloc (Address: 0x100180f0)
  • VirtualAllocEx (Address: 0x10018044)
  • VirtualFree (Address: 0x100180f8)
  • VirtualProtect (Address: 0x100180f4)
  • VirtualProtectEx (Address: 0x10018048)
  • VirtualQuery (Address: 0x100180fc)
  • WaitForSingleObjectEx (Address: 0x10018028)
  • WriteProcessMemory (Address: 0x100180cc)
MSVCP140.dll
  • ?_Xlength_error@std@@YAXPBD@Z (Address: 0x10018114)
  • ?_Xout_of_range@std@@YAXPBD@Z (Address: 0x10018110)
ntdll.dll
  • NtClose (Address: 0x100181dc)
  • NtCreateEvent (Address: 0x100181e0)
  • NtCreateFile (Address: 0x100181d0)
  • NtGetTickCount (Address: 0x100181c0)
  • NtQueryDirectoryFile (Address: 0x100181d4)
  • NtQueryInformationFile (Address: 0x100181bc)
  • NtQueryObject (Address: 0x100181c8)
  • NtSetEvent (Address: 0x100181c4)
  • NtWaitForSingleObject (Address: 0x100181cc)
  • RtlAllocateHeap (Address: 0x100181e8)
  • RtlCaptureStackBackTrace (Address: 0x100181b8)
  • RtlCreateHeap (Address: 0x100181f0)
  • RtlDestroyHeap (Address: 0x100181ec)
  • RtlFreeHeap (Address: 0x100181e4)
  • RtlInitUnicodeString (Address: 0x100181d8)
VCRUNTIME140.dll
  • __CxxFrameHandler3 (Address: 0x10018134)
  • __std_exception_copy (Address: 0x10018128)
  • __std_exception_destroy (Address: 0x1001812c)
  • __std_terminate (Address: 0x10018124)
  • __std_type_info_destroy_list (Address: 0x10018144)
  • _CxxThrowException (Address: 0x10018130)
  • _except_handler4_common (Address: 0x10018140)
  • _purecall (Address: 0x10018120)
  • memcpy (Address: 0x10018138)
  • memmove (Address: 0x1001813c)
  • memset (Address: 0x1001811c)