× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 743f180b44abef20eecd60a6a6649e043344306d1d3aaef265ba98a6951fac35
File name: SHELL32
Detection ratio: 0 / 66
Analysis date: 2017-10-17 09:23:54 UTC ( 1 year, 6 months ago )
Antivirus Result Update
Ad-Aware 20171017
AegisLab 20171017
AhnLab-V3 20171017
Alibaba 20170911
ALYac 20171017
Antiy-AVL 20171017
Arcabit 20171017
Avast 20171017
Avast-Mobile 20171017
AVG 20171017
Avira (no cloud) 20171017
AVware 20171017
Baidu 20171017
BitDefender 20171017
Bkav 20171016
CAT-QuickHeal 20171017
ClamAV 20171017
CMC 20171017
Comodo 20171017
CrowdStrike Falcon (ML) 20170804
Cylance 20171017
Cyren 20171017
eGambit 20171017
Emsisoft 20171017
Endgame 20171016
ESET-NOD32 20171017
F-Prot 20171017
F-Secure 20171017
Fortinet 20171017
GData 20171017
Ikarus 20171017
Sophos ML 20170914
Jiangmin 20171017
K7AntiVirus 20171017
K7GW 20171016
Kaspersky 20171017
Kingsoft 20171017
Malwarebytes 20171017
MAX 20171017
McAfee 20171017
McAfee-GW-Edition 20171017
Microsoft 20171017
eScan 20171017
NANO-Antivirus 20171017
nProtect 20171017
Palo Alto Networks (Known Signatures) 20171017
Panda 20171016
Qihoo-360 20171017
Rising 20171017
SentinelOne (Static ML) 20171001
Sophos AV 20171017
SUPERAntiSpyware 20171017
Symantec 20171017
Symantec Mobile Insight 20171011
Tencent 20171017
TheHacker 20171015
TotalDefense 20171017
TrendMicro 20171017
TrendMicro-HouseCall 20171017
Trustlook 20171017
VBA32 20171016
VIPRE 20171017
ViRobot 20171017
Webroot 20171017
WhiteArmor 20171016
Yandex 20171013
Zillya 20171016
ZoneAlarm by Check Point 20171017
Zoner 20171017
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name SHELL32.DLL
Internal name SHELL32
File version 6.1.7600.20647 (win7_ldr.100217-1503)
Description Windows Shell Common Dll
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-18 07:29:28
Entry Point 0x0007D49A
Number of sections 4
PE sections
PE imports
OutputDebugStringA
OutputDebugStringW
GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
SetLastError
GetVolumePathNameW
GetDriveTypeW
GetShortPathNameW
FileTimeToSystemTime
RemoveDirectoryW
FindVolumeClose
SetEndOfFile
FlushFileBuffers
GetFileAttributesW
FindNextVolumeW
FindFirstChangeNotificationW
CompareFileTime
GetFileSize
GetDiskFreeSpaceExW
SetFileTime
GetVolumeInformationW
GetLogicalDrives
GetFileInformationByHandle
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetFullPathNameW
GetFileSizeEx
GetFileAttributesA
SetFilePointer
GetDiskFreeSpaceW
ReadFile
WriteFile
FindNextFileW
FindFirstFileW
FindFirstFileExW
FindCloseChangeNotification
GetFileAttributesExW
GetLongPathNameW
CreateFileW
FindClose
QueryDosDeviceW
FindNextChangeNotification
SetFileAttributesW
FindFirstVolumeW
DuplicateHandle
CloseHandle
HeapFree
HeapReAlloc
HeapDestroy
HeapAlloc
GetProcessHeap
DeviceIoControl
GetOverlappedResult
CancelIoEx
InterlockedExchange
InterlockedCompareExchange64
InterlockedDecrement
InterlockedCompareExchange
InterlockedIncrement
LoadLibraryExA
SizeofResource
LoadStringA
GetModuleFileNameW
FreeLibraryAndExitThread
LoadResource
LockResource
FreeLibrary
LoadStringW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
FreeResource
RegCreateKeyExW
RegEnumValueW
RegCloseKey
RegSetValueExW
RegDeleteTreeW
RegQueryInfoKeyW
RegQueryValueExA
RegGetValueW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyExW
RegOpenCurrentUser
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExW
GetSystemDefaultLangID
GetCPInfoExW
LCMapStringW
GetCPInfo
VerLanguageNameW
GetOEMCP
GetSystemDefaultLCID
GetThreadLocale
GetThreadUILanguage
FindNLSString
GetACP
GetUserDefaultLCID
GetLocaleInfoEx
GetLocaleInfoW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
VirtualFree
ReadProcessMemory
VirtualProtect
VirtualAlloc
LocalFree
FormatMessageW
IsWow64Process
LocalReAlloc
Wow64DisableWow64FsRedirection
lstrcmpA
LocalAlloc
lstrlenA
lstrcmpiA
GlobalFree
GlobalAlloc
Sleep
Wow64RevertWow64FsRedirection
lstrcmpiW
lstrcmpW
lstrlenW
SetCurrentDirectoryW
GetCurrentDirectoryW
SearchPathW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentVariableW
OpenThread
GetExitCodeProcess
ExitProcess
TlsAlloc
GetCurrentProcess
OpenProcessToken
SetThreadPriority
GetCurrentProcessId
ProcessIdToSessionId
InitializeProcThreadAttributeList
GetStartupInfoW
GetCurrentThread
CreateThread
TlsFree
GetExitCodeThread
OpenThreadToken
SetThreadToken
CreateProcessAsUserW
ResumeThread
DeleteProcThreadAttributeList
TerminateProcess
GetThreadPriority
GetThreadId
CreateProcessW
TlsGetValue
TlsSetValue
GetProcessTimes
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
CompareStringW
WideCharToMultiByte
CompareStringEx
GetStringTypeExW
MultiByteToWideChar
CompareStringOrdinal
GetStringTypeW
ReleaseSRWLockShared
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
ReleaseSemaphore
ReleaseMutex
AcquireSRWLockExclusive
CreateEventW
OpenProcess
TryEnterCriticalSection
WaitForSingleObject
OpenEventW
SetEvent
CreateMutexW
ResetEvent
OpenMutexW
ReleaseSRWLockExclusive
SetWaitableTimer
AcquireSRWLockShared
InitializeSRWLock
LeaveCriticalSection
GetTickCount64
GetSystemTime
GetComputerNameExW
SystemTimeToFileTime
GetWindowsDirectoryW
GetSystemInfo
GetSystemDirectoryW
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetSystemWindowsDirectoryW
GetLocalTime
SetSecurityDescriptorOwner
CopySid
GetSecurityDescriptorControl
AccessCheck
GetAce
AddAccessDeniedAceEx
AdjustTokenPrivileges
InitializeAcl
GetAclInformation
SetSecurityDescriptorDacl
GetSidSubAuthorityCount
GetSidSubAuthority
CreateWellKnownSid
GetSecurityDescriptorGroup
QuerySecurityAccessMask
DuplicateToken
AddAccessAllowedAce
SetFileSecurityW
GetSecurityDescriptorOwner
SetTokenInformation
CheckTokenMembership
GetTokenInformation
DuplicateTokenEx
GetKernelObjectSecurity
IsValidSid
GetSidIdentifierAuthority
ImpersonateSelf
GetSecurityDescriptorDacl
AddAccessAllowedAceEx
GetSecurityDescriptorSacl
GetFileSecurityW
GetLengthSid
DeleteAce
InitializeSid
RevertToSelf
FreeSid
GetSidLengthRequired
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
IsWellKnownSid
AddAce
GetDIBColorTable
CreatePolygonRgn
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
GetWindowOrgEx
OffsetWindowOrgEx
PlayMetaFile
CreatePen
SaveDC
TextOutA
GdiFlush
CreateRectRgnIndirect
LPtoDP
SetStretchBltMode
ExtTextOutW
CreateFontW
GetViewportOrgEx
GetPixel
Rectangle
GetLayout
GetDeviceCaps
TranslateCharsetInfo
LineTo
DeleteDC
RestoreDC
SetBkMode
SetLayout
SetMetaFileBitsEx
CreateDCW
CreateSolidBrush
DeleteObject
IntersectClipRect
GetTextFaceW
CreateDIBSection
GdiAlphaBlend
EnumFontFamiliesA
SetTextColor
GetTextExtentPointW
GetClipBox
GetCurrentObject
CreateFontA
BitBlt
GetObjectW
CreateBitmap
MoveToEx
GetTextExtentPoint32W
EnumFontFamiliesExW
PlgBlt
SetViewportOrgEx
SetTextAlign
SelectClipRgn
CreateCompatibleDC
GetTextAlign
StretchBlt
GetNearestColor
CreateRectRgn
GetClipRgn
GetTextExtentPoint32A
PatBlt
SetFontEnumeration
SetWindowExtEx
GetTextColor
SetWindowOrgEx
GetObjectType
GetStockObject
SelectObject
SetBkColor
GdiTransparentBlt
SetViewportExtEx
CreateCompatibleBitmap
DeleteMetaFile
AddFontResourceW
InitOnceExecuteOnce
FileTimeToDosDateTime
DeactivateActCtx
CreateJobObjectW
GetPrivateProfileSectionNamesW
ActivateActCtx
SetInformationJobObject
SystemTimeToTzSpecificLocalTime
GetProcessId
ExpandEnvironmentStringsA
IsProcessInJob
ResolveLocaleName
PowerCreateRequest
CheckElevationEnabled
GetTempPathW
ReleaseActCtx
GetProfileIntW
MoveFileW
QueueUserWorkItem
CancelSynchronousIo
ReplaceFileW
CopyFileW
MulDiv
CreateActCtxW
DelayLoadFailureHook
GetProfileSectionW
WritePrivateProfileSectionW
QueryFullProcessImageNameW
DeleteTimerQueueTimer
FlushInstructionCache
GetPrivateProfileStringW
GetVolumePathNamesForVolumeNameW
RegisterWaitForSingleObject
GlobalAddAtomW
MoveFileExW
CreateSemaphoreW
GetVolumeNameForVolumeMountPointW
TzSpecificLocalTimeToSystemTime
FindAtomW
CreateWaitableTimerW
LocalFileTimeToFileTime
GetSystemPreferredUILanguages
PowerSetRequest
GetSystemWow64DirectoryW
TerminateThread
LoadLibraryW
LoadLibraryA
CheckElevation
GlobalSize
GetDateFormatW
WaitForMultipleObjects
GetPrivateProfileIntW
GetComputerNameW
EnumResourceNamesW
AssignProcessToJobObject
SetThreadpoolTimer
GetBinaryTypeW
WTSGetActiveConsoleSessionId
CreateHardLinkW
CreateTimerQueueTimer
GlobalLock
SetVolumeLabelW
GetPrivateProfileSectionW
GetFileInformationByHandleEx
GetProductInfo
LocalSize
ReadDirectoryChangesW
GetNativeSystemInfo
GlobalGetAtomNameW
DosDateTimeToFileTime
GlobalDeleteAtom
FindResourceW
UnregisterWaitEx
CloseThreadpoolTimer
GlobalUnlock
GetShortPathNameA
GetQueuedCompletionStatus
FileTimeToLocalFileTime
UnregisterWait
CreateIoCompletionPort
GetCompressedFileSizeW
PowerClearRequest
GlobalReAlloc
GetAtomNameW
QueryActCtxW
Wow64EnableWow64FsRedirection
WerpNotifyUseStringResource
WritePrivateProfileStringW
LocaleNameToLCID
CreateThreadpoolTimer
GlobalFlags
GetPhysicallyInstalledSystemMemory
FindResourceExW
LCIDToLocaleName
GetUserDefaultUILanguage
NotifyRedirectedStringChange
GetNumberFormatW
EnumUILanguagesW
IsDBCSLeadByte
EnumSystemLocalesEx
Ord(156)
Ord(546)
Ord(217)
Ord(537)
Ord(266)
PathIsDirectoryA
PathIsRootA
Ord(354)
Ord(506)
Ord(596)
Ord(445)
PathGetCharTypeW
Ord(639)
AssocIsDangerous
Ord(510)
PathIsDirectoryW
PathRemoveBackslashW
PathCompactPathExW
Ord(192)
PathMakePrettyW
Ord(167)
Ord(22)
SHRegGetBoolUSValueW
Ord(484)
Ord(270)
Ord(184)
Ord(630)
StrFormatByteSizeEx
Ord(237)
UrlUnescapeA
Ord(496)
Ord(461)
Ord(381)
StrChrA
StrCSpnW
Ord(570)
PathBuildRootA
StrStrA
Ord(437)
Ord(476)
Ord(407)
Ord(536)
Ord(218)
Ord(355)
StrToIntA
Ord(581)
Ord(179)
Ord(216)
SHRegGetUSValueW
Ord(507)
PathCreateFromUrlW
PathSetDlgItemPathW
UrlUnescapeW
Ord(400)
Ord(559)
Ord(616)
Ord(4)
StrRStrIA
StrToIntW
PathIsDirectoryEmptyW
Ord(317)
Ord(176)
SHRegOpenUSKeyW
Ord(508)
PathUnquoteSpacesW
Ord(495)
PathIsUNCW
Ord(164)
Ord(615)
Ord(487)
Ord(631)
Ord(210)
Ord(567)
SHRegOpenUSKeyA
Ord(215)
UrlCanonicalizeW
Ord(460)
StrChrIW
PathRemoveBlanksW
PathRemoveExtensionW
SHRegSetPathW
StrPBrkW
Ord(206)
Ord(199)
Ord(198)
PathIsContentTypeW
SHSetValueW
Ord(220)
Ord(365)
Ord(388)
PathRenameExtensionW
Ord(154)
Ord(221)
Ord(516)
UrlApplySchemeW
Ord(531)
Ord(260)
StrRetToBufW
HashData
PathParseIconLocationW
Ord(348)
PathFindExtensionW
Ord(7)
PathRemoveArgsW
Ord(617)
PathCanonicalizeW
Ord(580)
SHGetValueW
Ord(292)
Ord(24)
SHCreateStreamOnFileW
PathIsRelativeW
Ord(600)
Ord(269)
PathIsURLW
SHEnumValueW
Ord(497)
Ord(165)
Ord(448)
PathFindSuffixArrayW
PathAddBackslashW
Ord(540)
Ord(211)
Ord(186)
StrRChrA
Ord(636)
Ord(571)
Ord(235)
Ord(494)
PathRelativePathToW
Ord(621)
PathCompactPathW
Ord(384)
Ord(204)
PathAppendA
PathIsFileSpecW
Ord(478)
SHSkipJunction
StrStrNIW
PathStripPathW
Ord(515)
AssocQueryStringByKeyW
Ord(6)
PathAppendW
SHGetThreadRef
Ord(529)
Ord(283)
Ord(163)
Ord(344)
PathRemoveFileSpecA
StrChrW
Ord(316)
StrCmpW
StrCmpNW
Ord(268)
Ord(614)
Ord(635)
StrRChrIW
Ord(284)
Ord(197)
Ord(452)
UrlIsW
SHEnumKeyExW
PathIsUNCServerShareW
StrCmpNA
Ord(481)
Ord(637)
Ord(456)
PathGetArgsW
StrRChrW
Ord(509)
AssocGetPerceivedType
Ord(530)
StrSpnW
Ord(168)
SHStrDupW
Ord(479)
Ord(152)
Ord(514)
Ord(533)
PathIsPrefixW
GetMenuPosFromID
Ord(477)
Ord(282)
StrStrW
Ord(611)
Ord(278)
PathGetDriveNumberA
Ord(583)
Ord(409)
Ord(538)
StrRChrIA
Ord(446)
Ord(173)
StrCmpIW
ColorHLSToRGB
PathQuoteSpacesA
Ord(626)
Ord(471)
Ord(17)
PathFileExistsW
Ord(618)
PathGetDriveNumberW
Ord(213)
PathStripToRootW
PathMakeSystemFolderW
PathCombineW
Ord(219)
Ord(439)
Ord(9)
PathMatchSpecExW
PathCommonPrefixW
PathMatchSpecW
PathFindNextComponentW
Ord(271)
UrlGetLocationW
StrRetToBSTR
PathFindFileNameW
SHRegEnumUSKeyW
SHDeleteValueW
StrStrIW
SHRegQueryUSValueW
Ord(532)
Ord(513)
Ord(517)
Ord(175)
AssocQueryStringW
SHStrDupA
UrlCompareW
Ord(19)
Ord(628)
SHRegCloseUSKey
Ord(363)
UrlGetPartW
Ord(634)
StrDupW
Ord(294)
Ord(10)
PathIsNetworkPathW
AssocCreate
Ord(172)
Ord(21)
Ord(382)
StrDupA
Ord(195)
PathBuildRootW
Ord(233)
Ord(29)
Ord(472)
SHDeleteKeyA
IntlStrEqWorkerW
Ord(8)
Ord(214)
Ord(535)
StrCmpNIW
Ord(231)
PathRemoveFileSpecW
SHCreateStreamOnFileEx
Ord(288)
SHOpenRegStream2W
PathGetArgsA
Ord(572)
Ord(499)
Ord(18)
Ord(459)
StrCmpNIA
Ord(225)
Ord(512)
UrlCreateFromPathW
StrStrIA
Ord(464)
Ord(174)
Ord(627)
Ord(239)
StrFormatByteSizeW
Ord(632)
Ord(280)
Ord(568)
Ord(629)
Ord(11)
Ord(295)
StrCmpLogicalW
StrTrimW
Ord(433)
Ord(520)
SHRegGetValueW
Ord(20)
PathFindOnPathW
SHAutoComplete
Ord(194)
Ord(201)
StrChrIA
Ord(16)
AssocQueryKeyW
Ord(544)
StrTrimA
PathAddExtensionW
Ord(157)
Ord(534)
Ord(519)
PathUnExpandEnvStringsW
Ord(267)
SHRegGetPathW
Ord(505)
Ord(212)
StrToIntExW
Ord(256)
Ord(208)
Ord(597)
Ord(331)
SHDeleteKeyW
Ord(575)
Ord(178)
Ord(511)
Ord(240)
Ord(2)
Ord(177)
Ord(12)
Ord(193)
PathIsUNCServerW
Ord(613)
Ord(166)
PathQuoteSpacesW
Ord(23)
Ord(485)
Ord(633)
Ord(158)
PathIsSameRootW
PathIsRootW
Ord(236)
Ord(462)
SHQueryValueExW
Ord(466)
PathSkipRootW
ColorRGBToHLS
Ord(200)
StrRetToStrW
StrRStrIW
Ord(545)
RedrawWindow
GetMessagePos
SetWindowRgn
GetMenuInfo
RegisterWindowMessageW
CreateAcceleratorTableW
LoadBitmapW
SetRectEmpty
DestroyMenu
DialogBoxParamW
PostQuitMessage
TrackMouseEvent
GetForegroundWindow
LockSetForegroundWindow
SetWindowPos
GetTaskmanWindow
DdeDisconnect
GetNextDlgTabItem
OemToCharBuffA
GrayStringW
EndPaint
ScreenToClient
WindowFromPoint
RegisterShellHookWindow
CharUpperBuffW
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
MapDialogRect
GetDlgCtrlID
SendMessageW
LookupIconIdFromDirectory
IsDialogMessageW
EndMenu
GetDisplayConfigBufferSizes
UnregisterClassW
GetClassInfoW
GetMenuItemInfoW
DdeInitializeW
DefWindowProcW
AllowSetForegroundWindow
SetMenuDefaultItem
MoveWindow
LoadIconW
SetScrollPos
GetThreadDesktop
CallNextHookEx
GetCursor
GetSysColor
LoadImageW
TrackPopupMenu
DdeQueryStringW
GetDlgItemInt
OpenClipboard
DdeCreateDataHandle
GetWindowTextW
SendMessageCallbackW
CopyAcceleratorTableW
GetWindowTextLengthW
MsgWaitForMultipleObjects
DdeFreeStringHandle
CloseGestureInfoHandle
DrawTextW
GetKeyState
DeregisterShellHookWindow
DestroyWindow
DrawEdge
GetUserObjectInformationW
GetClassInfoExW
UpdateWindow
IsDlgButtonChecked
GetPropW
EqualRect
EnumWindows
SetProcessDPIAware
CheckRadioButton
BroadcastSystemMessageW
ShowWindow
SetMenuInfo
EnumPropsExW
DrawFrameControl
SetPropW
GetDlgItemTextW
GetDesktopWindow
CharToOemBuffA
IsCharAlphaW
PeekMessageW
InsertMenuItemW
GetDC
CharUpperW
GetDlgItemTextA
EnumDisplaySettingsW
ChildWindowFromPoint
GetClipboardData
TranslateMessage
IsWindowEnabled
GetWindow
GetMenuDefaultItem
ActivateKeyboardLayout
RegisterClassW
GetIconInfo
SetTaskmanWindow
PaintDesktop
SetParent
SetClipboardData
PackDDElParam
GetWindowPlacement
SendNotifyMessageW
SetWindowLongW
EnumDisplayMonitors
IsWindow
IsIconic
EnumDisplayDevicesW
GetGestureInfo
GetSubMenu
SetTimer
UnhookWinEvent
GetKeyboardLayout
SwitchToThisWindow
GetWindowRect
MonitorFromPoint
CopyRect
WaitForInputIdle
GetSysColorBrush
IsWindowUnicode
DdeNameService
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetUpdateRect
PtInRect
IsChild
MapWindowPoints
CharPrevA
GetMonitorInfoW
OpenInputDesktop
LockWindowUpdate
EmptyClipboard
BeginPaint
OffsetRect
EndDialog
ReleaseCapture
CopyIcon
ShowCaret
KillTimer
CharNextA
MapVirtualKeyW
GetClipboardOwner
CharPrevW
CheckMenuRadioItem
ChangeWindowMessageFilterEx
SetClipboardViewer
GetParent
GetSystemMetrics
EnableMenuItem
DdeGetData
InflateRect
SetCapture
DrawIcon
EnumChildWindows
CharLowerW
SendDlgItemMessageW
RegisterDeviceNotificationW
GetProcessWindowStation
TrackPopupMenuEx
CheckDlgButton
DdeCreateStringHandleW
CreateDialogParamW
IsProcessDPIAware
CreatePopupMenu
CheckMenuItem
DrawFocusRect
GetClassLongW
GetLastActivePopup
DrawIconEx
ReleaseDC
GetMessageTime
SetWindowTextW
CreateMenu
DdeGetLastError
RemovePropW
BringWindowToTop
SetDlgItemTextW
CreateIconIndirect
ClientToScreen
PostMessageW
IsSETEnabled
SetGestureConfig
CountClipboardFormats
PostThreadMessageW
GetMenuItemCount
AttachThreadInput
DestroyAcceleratorTable
GetMenuState
SetWindowsHookExW
LoadCursorW
GetSystemMenu
FindWindowExW
DispatchMessageW
InsertMenuW
FillRect
SetForegroundWindow
GetClientRect
NotifyWinEvent
ExitWindowsEx
SetFocus
GetMenuStringW
GetAsyncKeyState
IsWinEventHookInstalled
EnableWindow
CharLowerBuffW
IntersectRect
GetScrollInfo
GetMessageW
HideCaret
PrivateExtractIconsW
FindWindowW
GetCapture
SetWinEventHook
WaitMessage
GetShellWindow
FindWindowA
MessageBeep
PaintMonitor
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
DdeUninitialize
RegisterClassExW
UnhookWindowsHookEx
SetDlgItemTextA
GetDialogBaseUnits
LoadAcceleratorsW
RegisterWindowMessageA
AppendMenuW
GetWindowDC
ChangeClipboardChain
AdjustWindowRectEx
GetClassWord
GetFocus
MessageBoxIndirectW
MsgWaitForMultipleObjectsEx
RegisterClipboardFormatW
SetScrollInfo
CopyImage
EndDeferWindowPos
SystemParametersInfoA
UpdateLayeredWindow
GetProcessDefaultLayout
GetDoubleClickTime
GetDlgItem
DestroyIcon
FreeDDElParam
ShowScrollBar
WinHelpW
ShutdownBlockReasonCreate
SubtractRect
UnpackDDElParam
SystemParametersInfoW
GetLastInputInfo
UnionRect
ShutdownBlockReasonDestroy
FrameRect
SetRect
DeleteMenu
MonitorFromRect
AnimateWindow
DdeQueryConvInfo
CharNextW
CallWindowProcW
GetClassNameW
InvalidateRect
Ord(2000)
AdjustWindowRect
ModifyMenuW
MonitorFromWindow
CloseDesktop
UnregisterDeviceNotification
IsRectEmpty
IsMenu
SendMessageTimeoutW
wsprintfW
CloseClipboard
SetShellWindowEx
IsWindowVisible
TranslateAcceleratorW
GetAncestor
SetMenu
SetDlgItemInt
SetCursor
iswalnum
malloc
_lock
_CIlog
realloc
memset
_wcsnicmp
__dllonexit
_ftol2
_CxxThrowException
wcstol
swscanf_s
isdigit
wcstok_s
??1type_info@@UAE@XZ
_vsnwprintf
_amsg_exit
??0exception@@QAE@ABV0@@Z
memcpy_s
floor
_ltow_s
??0exception@@QAE@ABQBD@Z
qsort
_onexit
_ftol2_sse
isalpha
_XcptFilter
_itow
iswalpha
wcsrchr
_wcsicmp
wcspbrk
memmove_s
_unlock
wcschr
iswcntrl
iswspace
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
free
ceil
wcsstr
_except_handler4_common
wcsncmp
_resetstkoflw
memcpy
_vsnprintf
memmove
iswprint
__CxxFrameHandler3
_CIpow
_CIexp
??0exception@@QAE@XZ
_ui64tow_s
_strnicmp
_initterm
_wtoi
RtlGetLastNtStatus
RtlDowncaseUnicodeString
RtlInitUnicodeString
EtwTraceMessage
Ord(1)
NtSetInformationFile
EtwGetTraceEnableLevel
wcsncpy_s
NtClose
EtwEventEnabled
NtFsControlFile
NtQueryInformationToken
NtSetInformationThread
NtOpenThreadToken
RtlSetEnvironmentVariable
RtlSetCurrentEnvironment
NtSetSecurityObject
RtlFreeAnsiString
NtQueryEaFile
EtwLogTraceEvent
ShipAssert
RtlUnicodeStringToAnsiString
RtlDestroyEnvironment
RtlDosPathNameToNtPathName_U
RtlDosPathNameToNtPathName_U_WithStatus
WinSqmSetDWORD
RtlCreateEnvironment
NtQueryObject
RtlInitUnicodeStringEx
RtlOemStringToUnicodeString
RtlReleaseRelativeName
wcscat_s
EtwUnregisterTraceGuids
NtQuerySystemInformation
EtwGetTraceEnableFlags
NtOpenFile
EtwGetTraceLoggerHandle
NtQueryVolumeInformationFile
EtwEventUnregister
RtlRandomEx
RtlExpandEnvironmentStrings_U
NtQueryDirectoryFile
NtSetEaFile
RtlNtStatusToDosError
RtlMapGenericMask
NtCreateFile
RtlFreeHeap
RtlFreeUnicodeString
EtwRegisterTraceGuidsW
EtwEventRegister
EtwEventWrite
WinSqmIsOptedIn
NtQueryInformationThread
NtQueryLicenseValue
WinSqmIncrementDWORD
RtlUnicodeStringToOemString
RtlGetNtProductType
NtSetInformationToken
RtlQueryEnvironmentVariable_U
NtOpenProcessToken
RtlDosPathNameToRelativeNtPathName_U
NtQuerySecurityObject
RtlPrefixString
WinSqmAddToStream
RtlInitString
RtlCreateUnicodeString
NtQueryInformationFile
NtQueryInformationProcess
PE exports
Number of PE resources by type
RT_ICON 2338
RT_GROUP_ICON 306
UIFILE 48
RT_BITMAP 39
AVI 13
FTR 6
RT_GROUP_CURSOR 5
LIBRARY 5
RT_CURSOR 5
XML 4
ORDERSTREAM 2
TYPELIB 1
RT_VERSION 1
RT_MANIFEST 1
MUI 1
WEVT_TEMPLATE 1
Number of PE resources by language
ENGLISH US 2776
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
6.1

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
6.1.7600.20647

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
8907264

EntryPoint
0x7d49a

OriginalFileName
SHELL32.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.20647 (win7_ldr.100217-1503)

TimeStamp
2010:02:18 08:29:28+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
SHELL32

ProductVersion
6.1.7600.20647

FileDescription
Windows Shell Common Dll

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
3963392

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.20647

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 55154beabaab6fb95fda15a541a7f342
SHA1 a4cf2573a2a3fdc88f68467adfcf6e341cd13036
SHA256 743f180b44abef20eecd60a6a6649e043344306d1d3aaef265ba98a6951fac35
ssdeep
196608:3XeKDkTgPx/VxjFwX3M7iLE1CVP/KmYrL7:HFoTiNoc7Rl3

authentihash 06586e973627636c65bc5e572806d54953e809d0e9a40898e1652d21326f4ecf
imphash 892821f926462ad5f65348e156699fba
File size 12.3 MB ( 12866560 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (44.3%)
Windows ActiveX control (25.6%)
InstallShield setup (9.4%)
Win32 EXE PECompact compressed (generic) (9.1%)
Win64 Executable (generic) (6.0%)
Tags
pedll

VirusTotal metadata
First submission 2010-10-21 11:38:32 UTC ( 8 years, 6 months ago )
Last submission 2015-03-05 23:05:15 UTC ( 4 years, 1 month ago )
File names SHELL32.DLL.MUI
shell32.dll
SHELL32
SHELL32.DLL
shell32.dll
vt-upload-2DG0ld
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!