home

psapi.dll

Process Status Helper

Microsoft Corporation

Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Process Status Helper

Version:
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

MD5:
b79041843539564904144ff5b5c5cffa

SHA-1:
d16481f01b920145158ca7ba3c8cdcea33969478

SHA-256:
bdf88f03d8f609ba316adbabccf10494859e56c0686a1724e0fb04a90a672d36

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 1:55:33 PM UTC  (today)

File size:
22.5 KB (23,040 bytes)

Product version:
5.1.2600.2180

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
PSAPI

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\psapi.dll

File PE Metadata
Compilation timestamp:
8/4/2004 12:52:42 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.10

CTPH (ssdeep):
384:19gOsCTN8ZLCsGE5t+7+gimIk5LNKn4mVWSS6KHJx7OzO6LayspdzWZb8fAW3nOg:19gqOwAmIOLMS3HqC6m7fd

Entry address:
0x10F1

Entry point:
8B, FF, 55, 8B, EC, 8B, 45, 0C, 83, E8, 00, 74, 5B, 48, 75, 24, E8, 2A, 00, 00, 00, FF, 75, 08, FF, 15, 98, 10, BA, 76, 64, A1, 18, 00, 00, 00, 8B, 40, 30, 8B, 40, 10, F6, 40, 08, 02, 0F, 85, F7, 0A, 00, 00, B0, 01, 5D, C2, 0C, 00, 90, 90, 90, 90, 90, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 20, 50, BA, 76, 85, C0, 0F, 84, F0, 0A, 00, 00, 3D, 40, BB, 00, 00, 0F, 84, E5, 0A, 00, 00, F7, D0, A3, 24, 50, BA, 76, C9, C3, 64, A1, 18, 00, 00, 00, 8B, 40, 30, 8B, 40, 10, F6, 40, 08, 02, 0F, 85, BC, 0A, 00, 00, EB, B4...
 
[+]

Entropy:
5.7519

Code size:
16 KB (16,384 bytes)

The file psapi.dll has been seen being distributed by the following 50 URLs.

http://xtrap.tr.funtown.hk/.../psapi.dll

http://download.talesrunner.com/Talesrunner/hackguard/xtrap/.../psapi.dll

http://es.cfpatch.z8games.com/xtrap/.../psapi.dll

http://45.64.187.22/xtrap/.../psapi.dll

http://download.talesrunner.com/Talesrunner/hackguard/xtrap/.../psapi.dll

http://patch.cdn.gamigo.com/fous/xtrap/.../psapi.dll

http://s3.amazonaws.com/S3AIKA/patch/xtrap/.../psapi.dll

http://audl.axeso5.com/xtrap/.../psapi.dll

http://update.cfire.ru/xtrap/.../psapi.dll

http://path.pointblankonline.com.br/xtrap//.../psapi.dll

http://cfsapatch.z8games.com/xtrap/.../psapi.dll

http://patch.zbox.co.id/lost/xtrap/live/.../psapi.dll

http://cfpatch.z8game.com/xtrap/.../psapi.dll

https://s3.amazonaws.com/redbana-xtrap/.../psapi.dll

http://xtrap.mayngames.com/eu/.../psapi.dll

http://kadl.axeso5.com/xtrap/.../psapi.dll

http://dl.cf.vtc.vn/xtrap/.../psapi.dll

http://cfpatch.z8game.com/xtrap/.../psapi.dll

http://dls3.microvolts.com/update/xtrap/.../psapi.dll

http://download.uwo.ogplanet.com/XTrap/.../psapi.dll

http://lostsaga-patch.cdn.lostsaga.com/lostsaga_Service/Protect/.../psapi.dll

http://xtrap.joymax.com/gsro/.../psapi.dll

http://lostsaga-patch.gscdn.com/lostsaga_Service/Protect//.../psapi.dll

http://download.tr.ogplanet.com/Xtrap/.../psapi.dll

http://audl.axeso5.com/xtrap/.../psapi.dll

http://o7dl.axeso5.com/xtrap/.../psapi.dll

http://download.gameclub.com/cf/xtrap/.../psapi.dll

http://update.cfire.ru/xtrap/.../psapi.dll

http://45.64.187.22/xtrap/.../psapi.dll

http://update.cfire.ru/xtrap/.../psapi.dll

Latest 30 of 769 download URLs

Scan psapi.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.