perfproc.dll

Description: Windows System Process Performance Objects DLL

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.3636

Architecture: 64-bit

Operating System: Windows NT

SHA256: 48c60198a38841ff59c1ad7ebcb8689b

File Size: 45.0 KB

Uploaded At: Dec. 1, 2025, 7:36 a.m.

Views: 4

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • CloseSysProcessObject (Ordinal: 1, Address: 0x5140)
  • CollectSysProcessObjectData (Ordinal: 2, Address: 0x4390)
  • OpenSysProcessObject (Ordinal: 3, Address: 0x4da0)

Imported DLLs & Functions

api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180007138)
  • SetLastError (Address: 0x180007128)
  • SetUnhandledExceptionFilter (Address: 0x180007140)
  • UnhandledExceptionFilter (Address: 0x180007130)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x180007150)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x180007170)
  • HeapAlloc (Address: 0x180007160)
  • HeapFree (Address: 0x180007168)
api-ms-win-core-job-l2-1-0.dll
  • QueryInformationJobObject (Address: 0x180007180)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x180007190)
api-ms-win-core-processthreads-l1-1-0.dll
  • GetCurrentProcess (Address: 0x1800071c0)
  • GetCurrentProcessId (Address: 0x1800071a8)
  • GetCurrentThreadId (Address: 0x1800071a0)
  • OpenProcessToken (Address: 0x1800071b8)
  • TerminateProcess (Address: 0x1800071b0)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x1800071d0)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x1800071e0)
api-ms-win-core-string-l1-1-0.dll
  • CompareStringOrdinal (Address: 0x1800071f0)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x180007200)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemInfo (Address: 0x180007218)
  • GetSystemTimeAsFileTime (Address: 0x180007220)
  • GetTickCount (Address: 0x180007210)
api-ms-win-core-wow64-l1-1-0.dll
  • IsWow64Process (Address: 0x180007230)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventRegister (Address: 0x180007250)
  • EventUnregister (Address: 0x180007248)
  • EventWriteTransfer (Address: 0x180007240)
api-ms-win-security-base-l1-1-0.dll
  • AdjustTokenPrivileges (Address: 0x180007260)
msvcrt.dll
  • __C_specific_handler (Address: 0x180007270)
  • _amsg_exit (Address: 0x180007298)
  • _initterm (Address: 0x180007280)
  • _XcptFilter (Address: 0x1800072a0)
  • free (Address: 0x180007290)
  • malloc (Address: 0x180007288)
  • memcpy (Address: 0x180007278)
  • memmove (Address: 0x1800072b0)
  • memset (Address: 0x1800072b8)
  • wcsncmp (Address: 0x1800072a8)
ntdll.dll
  • NtClose (Address: 0x180007368)
  • NtGetContextThread (Address: 0x180007370)
  • NtOpenDirectoryObject (Address: 0x180007300)
  • NtOpenJobObject (Address: 0x1800072f8)
  • NtOpenKey (Address: 0x180007348)
  • NtOpenProcess (Address: 0x180007318)
  • NtOpenThread (Address: 0x180007378)
  • NtQueryDirectoryObject (Address: 0x1800072f0)
  • NtQueryInformationProcess (Address: 0x180007380)
  • NtQueryObject (Address: 0x1800072e8)
  • NtQuerySystemInformation (Address: 0x180007358)
  • NtQueryValueKey (Address: 0x180007330)
  • NtQueryVirtualMemory (Address: 0x180007328)
  • NtReadVirtualMemory (Address: 0x180007308)
  • RtlAppendUnicodeToString (Address: 0x180007350)
  • RtlCaptureContext (Address: 0x1800072d0)
  • RtlCopyUnicodeString (Address: 0x180007310)
  • RtlInitUnicodeString (Address: 0x180007340)
  • RtlInt64ToUnicodeString (Address: 0x1800072e0)
  • RtlIntegerToUnicodeString (Address: 0x180007360)
  • RtlLookupFunctionEntry (Address: 0x1800072c8)
  • RtlNtStatusToDosError (Address: 0x180007338)
  • RtlQueryHeapInformation (Address: 0x1800072d8)
  • RtlVirtualUnwind (Address: 0x180007320)