dwmghost.dll
Description: DWMGhost
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6216
Architecture: 64-bit
Operating System: Windows NT
SHA256: 66ce459168c7014f659654612f9cce61
File Size: 87.5 KB
Uploaded At: Dec. 1, 2025, 7:27 a.m.
Views: 9
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- DWMGhostCleanup (Ordinal: 1, Address: 0xb710)
- DWMGhostHandleGhostMsg (Ordinal: 2, Address: 0xe1c0)
- DWMGhostInitialize (Ordinal: 3, Address: 0xb6f0)
- DWMGhostSetInShutdown (Ordinal: 4, Address: 0xb700)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x180011538)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x180011550)
- IsDebuggerPresent (Address: 0x180011558)
- OutputDebugStringW (Address: 0x180011548)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x180011568)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x180011578)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180011590)
- SetLastError (Address: 0x1800115a0)
- SetUnhandledExceptionFilter (Address: 0x180011598)
- UnhandledExceptionFilter (Address: 0x180011588)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x1800115b0)
- DuplicateHandle (Address: 0x1800115b8)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x1800115d8)
- HeapAlloc (Address: 0x1800115e0)
- HeapFree (Address: 0x1800115d0)
- HeapReAlloc (Address: 0x1800115c8)
api-ms-win-core-libraryloader-l1-2-0.dll
- FreeLibrary (Address: 0x1800115f0)
- GetModuleFileNameA (Address: 0x180011610)
- GetModuleHandleExW (Address: 0x180011620)
- GetModuleHandleW (Address: 0x180011618)
- GetProcAddress (Address: 0x180011608)
- LoadLibraryExW (Address: 0x1800115f8)
- LoadStringW (Address: 0x180011600)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x180011630)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateThread (Address: 0x180011660)
- GetCurrentProcess (Address: 0x180011648)
- GetCurrentProcessId (Address: 0x180011678)
- GetCurrentThreadId (Address: 0x180011640)
- GetExitCodeThread (Address: 0x180011670)
- ResumeThread (Address: 0x180011668)
- SetThreadPriority (Address: 0x180011658)
- TerminateProcess (Address: 0x180011650)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x180011688)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x180011698)
api-ms-win-core-psapi-l1-1-0.dll
- QueryFullProcessImageNameW (Address: 0x1800116a8)
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
- PathFindFileNameW (Address: 0x1800116b8)
api-ms-win-core-string-obsolete-l1-1-0.dll
- lstrcmpiW (Address: 0x1800116c8)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x1800116f0)
- AcquireSRWLockShared (Address: 0x1800116e8)
- CreateEventW (Address: 0x180011728)
- CreateMutexExW (Address: 0x1800116d8)
- CreateSemaphoreExW (Address: 0x1800116f8)
- DeleteCriticalSection (Address: 0x180011708)
- EnterCriticalSection (Address: 0x180011720)
- InitializeCriticalSection (Address: 0x180011738)
- InitializeCriticalSectionEx (Address: 0x180011710)
- LeaveCriticalSection (Address: 0x180011718)
- OpenSemaphoreW (Address: 0x180011748)
- ReleaseMutex (Address: 0x180011760)
- ReleaseSemaphore (Address: 0x180011758)
- ReleaseSRWLockExclusive (Address: 0x180011700)
- ReleaseSRWLockShared (Address: 0x1800116e0)
- SetEvent (Address: 0x180011730)
- WaitForMultipleObjectsEx (Address: 0x180011768)
- WaitForSingleObject (Address: 0x180011740)
- WaitForSingleObjectEx (Address: 0x180011750)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x180011778)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemTimeAsFileTime (Address: 0x180011788)
- GetTickCount (Address: 0x180011790)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1800117a8)
- CreateThreadpoolTimer (Address: 0x1800117b0)
- SetThreadpoolTimer (Address: 0x1800117b8)
- WaitForThreadpoolTimerCallbacks (Address: 0x1800117a0)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- QueueUserWorkItem (Address: 0x1800117c8)
api-ms-win-eventing-provider-l1-1-0.dll
- EventWriteTransfer (Address: 0x1800117d8)
dwmapi.dll
- (Address: 0x1800117f8)
- DwmIsCompositionEnabled (Address: 0x1800117e8)
- DwmUpdateThumbnailProperties (Address: 0x1800117f0)
GDI32.dll
- BitBlt (Address: 0x1800113e8)
- CombineRgn (Address: 0x1800113a0)
- CreateCompatibleBitmap (Address: 0x1800113d0)
- CreateCompatibleDC (Address: 0x180011408)
- CreateDIBSection (Address: 0x1800113d8)
- CreateRectRgn (Address: 0x1800113c8)
- DeleteDC (Address: 0x1800113c0)
- DeleteObject (Address: 0x1800113b0)
- GdiAlphaBlend (Address: 0x180011398)
- GetDIBits (Address: 0x1800113e0)
- GetRandomRgn (Address: 0x1800113a8)
- GetRgnBox (Address: 0x180011410)
- GetStockObject (Address: 0x180011400)
- OffsetRgn (Address: 0x1800113f8)
- SelectClipRgn (Address: 0x1800113b8)
- SelectObject (Address: 0x1800113f0)
msvcrt.dll
- __C_specific_handler (Address: 0x180011818)
- __dllonexit (Address: 0x180011810)
- _amsg_exit (Address: 0x180011828)
- _initterm (Address: 0x180011838)
- _lock (Address: 0x180011848)
- _onexit (Address: 0x180011830)
- _purecall (Address: 0x180011858)
- _unlock (Address: 0x180011808)
- _vsnwprintf (Address: 0x180011878)
- _XcptFilter (Address: 0x180011870)
- free (Address: 0x180011860)
- malloc (Address: 0x180011820)
- memcmp (Address: 0x180011868)
- memcpy (Address: 0x180011888)
- memcpy_s (Address: 0x180011880)
- memmove (Address: 0x180011840)
- memmove_s (Address: 0x180011850)
- memset (Address: 0x180011890)
ntdll.dll
- EtwEventWriteNoRegistration (Address: 0x1800118a8)
- NtAlpcConnectPort (Address: 0x180011910)
- NtAlpcSendWaitReceivePort (Address: 0x1800118e0)
- NtClose (Address: 0x180011908)
- NtOpenEvent (Address: 0x1800118b8)
- NtOpenProcess (Address: 0x1800118f8)
- NtQuerySystemInformation (Address: 0x1800118b0)
- NtWaitForSingleObject (Address: 0x1800118c0)
- PssNtCaptureSnapshot (Address: 0x180011900)
- PssNtFreeSnapshot (Address: 0x180011948)
- RtlAllocateAndInitializeSid (Address: 0x1800118c8)
- RtlCaptureContext (Address: 0x180011928)
- RtlCompareMemory (Address: 0x180011940)
- RtlFreeSid (Address: 0x1800118e8)
- RtlInitUnicodeString (Address: 0x1800118d0)
- RtlLookupFunctionEntry (Address: 0x180011920)
- RtlQueryResourcePolicy (Address: 0x1800118f0)
- RtlVirtualUnwind (Address: 0x180011918)
- WinSqmAddToStream (Address: 0x180011938)
- WinSqmIsOptedIn (Address: 0x180011930)
- ZwQueryWnfStateNameInformation (Address: 0x1800118d8)
- ZwUpdateWnfStateData (Address: 0x1800118a0)
USER32.dll
- BeginPaint (Address: 0x180011460)
- CreateDialogParamW (Address: 0x180011480)
- CreateWindowInBand (Address: 0x180011420)
- EndPaint (Address: 0x180011468)
- EndTask (Address: 0x1800114e0)
- FlashWindowEx (Address: 0x180011510)
- GetCaretBlinkTime (Address: 0x180011518)
- GetClassNameW (Address: 0x1800114b8)
- GetDC (Address: 0x1800114a8)
- GetDCEx (Address: 0x180011450)
- GetMonitorInfoW (Address: 0x180011508)
- GetSystemMetrics (Address: 0x1800114f8)
- GetUpdateRgn (Address: 0x180011428)
- GetWindowBand (Address: 0x180011498)
- GetWindowLongPtrW (Address: 0x1800114d8)
- GetWindowLongW (Address: 0x1800114c0)
- InternalGetWindowIcon (Address: 0x180011440)
- InternalGetWindowText (Address: 0x180011478)
- InvalidateRect (Address: 0x180011448)
- IsDialogMessageW (Address: 0x1800114d0)
- MessageBeep (Address: 0x180011500)
- MonitorFromPoint (Address: 0x1800114e8)
- MonitorFromWindow (Address: 0x1800114f0)
- MsgWaitForMultipleObjectsEx (Address: 0x1800114c8)
- OffsetRect (Address: 0x1800114a0)
- OpenThreadDesktop (Address: 0x180011490)
- RegisterFrostWindow (Address: 0x180011470)
- RegisterGhostWindow (Address: 0x180011430)
- ReleaseDC (Address: 0x180011458)
- SetClassLongPtrW (Address: 0x1800114b0)
- SetThreadDpiAwarenessContext (Address: 0x180011438)
- SetWindowLongPtrW (Address: 0x180011528)
- SystemParametersInfoW (Address: 0x180011520)
- UpdateWindow (Address: 0x180011488)