× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f8e2395577715c21753e7a5d77eff0525f9cd56aecededa4424b9e3b7d2ad54
File name: E5279C877282B52F67AE622F4A497A13.dll
Detection ratio: 0 / 57
Analysis date: 2015-04-17 03:35:24 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware 20150417
AegisLab 20150417
Yandex 20150416
AhnLab-V3 20150416
Alibaba 20150416
ALYac 20150417
Antiy-AVL 20150417
Avast 20150417
AVG 20150417
Avira (no cloud) 20150417
AVware 20150417
Baidu-International 20150416
BitDefender 20150417
Bkav 20150415
ByteHero 20150417
CAT-QuickHeal 20150417
ClamAV 20150417
CMC 20150416
Comodo 20150417
Cyren 20150417
DrWeb 20150417
Emsisoft 20150417
ESET-NOD32 20150417
F-Prot 20150417
F-Secure 20150417
Fortinet 20150417
GData 20150417
Ikarus 20150417
Jiangmin 20150414
K7AntiVirus 20150416
K7GW 20150416
Kaspersky 20150417
Kingsoft 20150417
Malwarebytes 20150417
McAfee 20150417
McAfee-GW-Edition 20150417
Microsoft 20150417
eScan 20150417
NANO-Antivirus 20150417
Norman 20150416
nProtect 20150416
Panda 20150416
Qihoo-360 20150417
Rising 20150416
Sophos AV 20150417
SUPERAntiSpyware 20150417
Symantec 20150417
Tencent 20150417
TheHacker 20150417
TotalDefense 20150416
TrendMicro 20150417
TrendMicro-HouseCall 20150417
VBA32 20150416
VIPRE 20150417
ViRobot 20150416
Zillya 20150416
Zoner 20150416
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© ?????????? ??????????. ??? ????? ????????.

Publisher ?????????? ??????????
Product ???????????? ??????? Microsoft® Windows®
Original name SHLWAPI.DLL
Internal name SHLWAPI
File version 6.00.2900.5912 (xpsp_sp3_qfe.091207-1458)
Description ?????????? ????????? ???????? ????????
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-08 09:02:48
Entry Point 0x0000522B
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
AddAccessDeniedAce
RegQueryValueExA
RegCreateKeyW
RegSetValueA
GetAce
InitializeAcl
RegEnumKeyW
RegCreateKeyExA
RegSetValueW
RegCreateKeyA
RegQueryValueExW
SetSecurityDescriptorDacl
RegOpenKeyA
OpenProcessToken
RegQueryValueA
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyA
RegEnumValueA
RegQueryValueW
GetTokenInformation
GetUserNameW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
OpenThreadToken
GetUserNameA
GetLengthSid
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueW
RegSetValueExW
FreeSid
GetCurrentHwProfileA
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
GetTextMetricsW
GetSystemPaletteEntries
SetBkMode
CreateMetaFileA
GetCharWidth32W
CreateFontIndirectA
CreateICW
CreateICA
CreateMetaFileW
GetDeviceCaps
CreateDCA
CreateCompatibleDC
DeleteDC
GetTextExtentPointA
EnumFontFamiliesW
GetCharacterPlacementW
CreateBitmap
CreateDCW
GetTextMetricsA
DeleteObject
GetObjectW
CreateHalftonePalette
GetCharWidthA
EnumFontFamiliesA
GetCharacterPlacementA
CreateFontIndirectW
GetTextExtentPointW
GetObjectA
ExtTextOutW
GetTextFaceW
CreateFontA
CreatePalette
EnumFontFamiliesExW
GetStockObject
ExtTextOutA
GetDIBits
EnumFontFamiliesExA
CreateFontW
GetTextFaceA
CreateColorSpaceA
GetTextExtentPoint32W
StartDocA
GetPaletteEntries
CreateCompatibleBitmap
CreateColorSpaceW
SetTextColor
SelectObject
SetBkColor
StartDocW
GetTextExtentPoint32A
LocalSize
GetPrivateProfileStructA
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
FindFirstFileW
HeapDestroy
DebugBreak
GetFileAttributesW
DuplicateHandle
GetPrivateProfileStructW
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
SetErrorMode
GetFileInformationByHandle
GetLocaleInfoW
GetFullPathNameA
GetFileTime
GetTempPathA
lstrcmpiA
GetCPInfo
GetProcAddress
WritePrivateProfileStructA
InterlockedExchange
GetTempPathW
MoveFileA
GetSystemTimeAsFileTime
WritePrivateProfileStructW
SetFileAttributesA
SetEvent
LocalFree
FormatMessageW
FreeLibraryAndExitThread
GetEnvironmentVariableA
LoadResource
GetStringTypeExW
FindClose
InterlockedDecrement
FormatMessageA
GetFullPathNameW
GetStringTypeExA
OutputDebugStringA
GetCurrentThread
GetProfileStringW
GetEnvironmentVariableW
SetLastError
DisableThreadLibraryCalls
GetSystemTime
DeviceIoControl
TlsGetValue
CopyFileW
OutputDebugStringW
OpenEventW
GetModuleFileNameW
CopyFileA
HeapAlloc
GetVersionExA
RemoveDirectoryA
QueueUserAPC
RaiseException
LoadLibraryExA
GetPrivateProfileStringA
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
GetSystemPowerStatus
GetPrivateProfileStringW
MoveFileW
CreateMutexA
GetModuleHandleA
SetFileAttributesW
GlobalAddAtomW
CreateSemaphoreA
CreateThread
GetSystemDirectoryW
GlobalAddAtomA
SetUnhandledExceptionFilter
CreateMutexW
GetSystemDirectoryA
InitializeCriticalSection
WaitForMultipleObjectsEx
TerminateProcess
SearchPathW
GetNumberFormatA
GlobalAlloc
SearchPathA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
CloseHandle
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
FlushFileBuffers
LoadLibraryA
ExitThread
GlobalFindAtomW
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
GlobalDeleteAtom
OpenProcess
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GlobalLock
GetPrivateProfileIntW
SleepEx
GetTempFileNameW
GetComputerNameW
EnumResourceNamesW
CompareStringW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
GetProfileStringA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GlobalMemoryStatus
lstrcmpW
ExpandEnvironmentStringsA
GetPrivateProfileSectionW
CreateEventW
CreateFileW
CreateEventA
GlobalFindAtomA
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
SetCurrentDirectoryW
LocalReAlloc
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
UnmapViewOfFile
lstrlenA
GlobalFree
FindResourceW
LCMapStringA
GetTimeFormatW
GetThreadLocale
GlobalUnlock
IsDBCSLeadByte
VirtualQuery
GetModuleFileNameA
GetShortPathNameA
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
OpenSemaphoreA
LockResource
SetFileTime
lstrlenW
GetCurrentDirectoryA
CreateSemaphoreW
InterlockedCompareExchange
WritePrivateProfileStringW
QueryPerformanceFrequency
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
FindFirstFileA
lstrcpynA
GetACP
GetModuleHandleW
IsBadStringPtrW
GetFileAttributesExW
OpenEventA
CreateProcessA
WideCharToMultiByte
CompareFileTime
HeapCreate
WriteFile
SetCurrentDirectoryA
CreateProcessW
Sleep
IsBadReadPtr
GetProcessVersion
EnumResourceNamesA
FindResourceA
GetTimeFormatA
SetFocus
CharPrevA
LoadBitmapW
DestroyMenu
LoadBitmapA
SetWindowPos
DdeCreateStringHandleA
IsWindow
CreateIconIndirect
DispatchMessageA
EndPaint
VkKeyScanA
SetMenuItemInfoA
DdeCreateStringHandleW
CharUpperBuffW
VkKeyScanW
SetMenuItemInfoW
DispatchMessageW
DrawTextA
DdeInitializeA
GetMenuStringW
GetClassInfoA
DialogBoxIndirectParamA
SendMessageW
UnregisterClassA
SendMessageA
UnregisterClassW
GetClassInfoW
DdeInitializeW
DrawTextW
CopyAcceleratorTableA
LoadAcceleratorsA
GetWindowTextLengthA
CharUpperA
LoadImageW
DdeQueryStringW
GetWindowTextW
DialogBoxIndirectParamW
LoadImageA
GetWindowTextLengthW
LoadAcceleratorsW
GetMenuStringA
GetWindowTextA
GetKeyState
DdeQueryStringA
GetMessageA
GetClassInfoExW
SystemParametersInfoA
SetPropA
GetPropW
EqualRect
CallMsgFilterA
EnumWindows
SetMenuContextHelpId
GetClassInfoExA
GetMessageW
ShowWindow
CallMsgFilterW
GetPropA
SetPropW
ValidateRect
GetClipboardFormatNameA
PeekMessageW
SetWindowsHookExW
InsertMenuItemW
CharUpperW
GetClipboardFormatNameW
PeekMessageA
TranslateMessage
SetTimer
GetMenuDefaultItem
InsertMenuItemA
GetIconInfo
MsgWaitForMultipleObjects
LoadStringA
SetParent
RegisterClassW
LoadStringW
EnableMenuItem
RegisterClassA
TrackPopupMenuEx
GetWindowLongA
CreateMenu
OemToCharA
IsDialogMessageW
CopyRect
DeferWindowPos
IsWindowUnicode
OemToCharW
CreateWindowExW
ReleaseDC
GetWindowLongW
GetUpdateRect
GetMenuItemInfoW
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
BeginPaint
OffsetRect
DefWindowProcW
KillTimer
CharNextA
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
GetParent
SendDlgItemMessageA
GetSystemMetrics
SetWindowLongW
BroadcastSystemMessage
GetWindowRect
UpdateWindow
PostMessageA
EnumChildWindows
CharLowerW
SetWindowLongA
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
RemovePropA
CreatePopupMenu
CheckMenuItem
GetSubMenu
GetClassLongW
CharNextW
GetMenuItemCount
DrawIconEx
SetWindowTextW
CreateWindowExA
GetDlgItem
RemovePropW
CreateDialogParamA
SetCursor
FindWindowW
GetClassLongA
InsertMenuA
FindWindowExA
LoadCursorA
LoadIconA
TrackPopupMenu
SetWindowsHookExA
PostThreadMessageW
CharToOemW
IsDlgButtonChecked
DestroyAcceleratorTable
CreateIconFromResourceEx
CreateIconFromResource
LoadCursorW
LoadIconW
FindWindowExW
GetDC
InsertMenuW
GetClientRect
PostThreadMessageA
CharToOemA
CreateDialogIndirectParamW
CharLowerBuffW
DrawTextExW
EndDialog
LoadMenuA
CreateAcceleratorTableW
CreateDialogIndirectParamA
FindWindowA
LoadMenuW
DrawTextExA
RemoveMenu
wvsprintfW
BeginDeferWindowPos
MessageBoxW
RegisterClassExW
GetMenuItemInfoA
RegisterClipboardFormatA
MessageBoxIndirectA
DialogBoxParamW
MessageBoxA
GetClassNameA
LookupIconIdFromDirectoryEx
DialogBoxParamA
GetFocus
MessageBoxIndirectW
GetSysColor
RegisterClipboardFormatW
RegisterClassExA
EndDeferWindowPos
GetWindowThreadProcessId
DestroyIcon
WinHelpW
GetDesktopWindow
SystemParametersInfoW
WinHelpA
DeleteMenu
InvalidateRect
SendMessageTimeoutA
CreateAcceleratorTableA
CallWindowProcW
GetClassNameW
SetWindowTextA
TranslateAcceleratorA
ModifyMenuW
CallWindowProcA
CopyAcceleratorTableW
SendMessageTimeoutW
EnableWindow
ModifyMenuA
TranslateAcceleratorW
_except_handler3
malloc
_vsnprintf
memmove
_adjust_fdiv
free
_vsnwprintf
wcslen
_strlwr
iswalpha
_wtol
_initterm
PE exports
Number of PE resources by type
RT_ICON 9
RT_STRING 5
RT_DIALOG 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 19
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
56832

ImageVersion
5.1

ProductName
Microsoft Windows

FileVersionNumber
6.0.2900.5912

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
7.1

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.00.2900.5912 (xpsp_sp3_qfe.091207-1458)

TimeStamp
2009:12:08 10:02:48+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
SHLWAPI

ProductVersion
6.00.2900.5912

SubsystemVersion
4.0

OSVersion
5.1

OriginalFilename
SHLWAPI.DLL

LegalCopyright
. .

MachineType
Intel 386 or later, and compatibles

CodeSize
441344

FileSubtype
0

ProductVersionNumber
6.0.2900.5912

EntryPoint
0x522b

ObjectFileType
Dynamic link library

File identification
MD5 e5279c877282b52f67ae622f4a497a13
SHA1 86728861e0c671e7f301064501261c0e488613a1
SHA256 1f8e2395577715c21753e7a5d77eff0525f9cd56aecededa4424b9e3b7d2ad54
ssdeep
12288:h5d1Eo7L1h3voP/9xVaJAb7gyI2QsYhPNQ:h5jEo7bvy/9xVac7gyI2QsYtN

authentihash 309c2d4021acba039a75a265620ae36aa13fc8cb013e6062ba26305919849372
imphash 7fdca807e3500a6a8bf9fb27f842ae9b
File size 487.5 KB ( 499200 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Windows ActiveX control (52.6%)
InstallShield setup (19.4%)
Win32 Executable MS Visual C++ (generic) (14.0%)
Win 9x/ME Control Panel applet (7.0%)
Win32 Dynamic Link Library (generic) (2.9%)
Tags
pedll

VirusTotal metadata
First submission 2014-12-03 10:09:09 UTC ( 4 years, 5 months ago )
Last submission 2015-04-17 03:35:24 UTC ( 4 years, 1 month ago )
File names E5279C877282B52F67AE622F4A497A13.dll
shlwapi.dll
SHLWAPI
SHLWAPI.dll
shlwapi.dll
shlwapi.dll
SHLWAPI.DLL
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!