× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b02fb8f5ab323e2638e53bcfeff55f26f0832b2b71597d1a1f5898bf22d85805
File name: shlext.dll
Detection ratio: 0 / 46
Analysis date: 2012-12-24 10:14:12 UTC ( 6 years ago )
Antivirus Result Update
Yandex 20121223
AhnLab-V3 20121223
AntiVir 20121224
Antiy-AVL 20121224
Avast 20121224
AVG 20121224
BitDefender 20121224
ByteHero 20121212
CAT-QuickHeal 20121224
ClamAV 20121224
Commtouch 20121224
Comodo 20121224
DrWeb 20121224
Emsisoft 20121224
eSafe 20121220
ESET-NOD32 20121223
F-Prot 20121224
F-Secure 20121224
Fortinet 20121224
GData 20121224
Ikarus 20121224
Jiangmin 20121221
K7AntiVirus 20121221
Kaspersky 20121224
Kingsoft 20121217
Malwarebytes 20121224
McAfee 20121224
McAfee-GW-Edition 20121224
Microsoft 20121224
eScan 20121224
NANO-Antivirus 20121224
Norman 20121224
nProtect 20121224
Panda 20121223
PCTools 20121224
Rising 20121224
Sophos AV 20121224
SUPERAntiSpyware 20121223
Symantec 20121224
TheHacker 20121223
TotalDefense 20121224
TrendMicro 20121224
TrendMicro-HouseCall 20121224
VBA32 20121223
VIPRE 20121224
ViRobot 20121224
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-04 10:19:30
Entry Point 0x00018771
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
SetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
AccessCheck
AdjustTokenPrivileges
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
AddAccessAllowedAce
RegOpenKeyExW
RegOpenKeyExA
ImpersonateSelf
OpenThreadToken
GetLengthSid
RegDeleteValueW
RevertToSelf
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
GetUserDefaultUILanguage
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LoadResource
GetSystemInfo
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
HeapDestroy
GetTickCount
FindResourceExW
GetLocaleInfoW
LoadLibraryA
GetFileAttributesW
VerifyVersionInfoW
VerSetConditionMask
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetCurrentProcessId
GetVolumeInformationW
lstrlenW
UnhandledExceptionFilter
LoadLibraryExW
HeapSize
CreateDirectoryW
DeleteFileW
GetProcAddress
InterlockedCompareExchange
EncodePointer
GetProcessHeap
lstrcpynW
lstrcpyW
RaiseException
RemoveDirectoryW
FindResourceW
GetSystemDefaultUILanguage
LocalFree
FindNextFileW
InterlockedExchange
SetUnhandledExceptionFilter
GetTempPathW
CreateMutexW
CloseHandle
GetSystemTimeAsFileTime
FindFirstFileW
HeapReAlloc
DecodePointer
ExpandEnvironmentStringsA
GetCurrentThread
FreeLibrary
GetModuleHandleW
FormatMessageW
TerminateProcess
LoadLibraryW
CreateEventW
LockResource
OutputDebugStringW
WriteFile
CreateFileW
CreateProcessW
FindClose
IsDebuggerPresent
Sleep
GetPrivateProfileStringW
SetFileAttributesW
HeapAlloc
GetCurrentThreadId
WritePrivateProfileStringW
LocalAlloc
SetLastError
LeaveCriticalSection
?_Xlength_error@std@@YAXPBD@Z
_purecall
rand
malloc
_crt_debugger_hook
strtoul
?what@exception@std@@UBEPBDXZ
_wrmdir
srand
_wcsnicmp
_time64
iswalnum
_waccess
wcsncpy_s
swprintf_s
memset
swscanf_s
wcscpy_s
wmemcpy_s
__clean_type_info_names_internal
_recalloc
_amsg_exit
?terminate@@YAXXZ
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_wremove
_errno
memcpy_s
_lock
_vscwprintf
_vswprintf
_onexit
_wcsdup
wcsncat
wcscat_s
_wfopen_s
_wcsupr_s
_filelength
_initterm_e
wcsrchr
_wsopen
_close
printf
_wcsicmp
memmove_s
_unlock
fclose
wcsncpy
__CppXcptFilter
free
_wsplitpath_s
_except_handler4_common
wcsncmp
__dllonexit
calloc
realloc
memcpy
??0exception@std@@QAE@ABV01@@Z
vswprintf_s
_swprintf
fputws
??1exception@std@@UAE@XZ
_malloc_crt
wcsncat_s
__CxxFrameHandler3
_snwprintf_s
??0exception@std@@QAE@ABQBD@Z
wcschr
_lseek
_encoded_null
wcsnlen
iswspace
wcsstr
_initterm
_chsize
_read
_wchmod
_wtoi
DragQueryFileW
ShellExecuteW
ShellExecuteExW
GetSystemMetrics
LoadBitmapW
GetForegroundWindow
PeekMessageW
SetMenuItemBitmaps
TranslateMessage
EnumWindows
GetWindowTextW
LoadStringW
InsertMenuW
wsprintfW
PostMessageW
ExitWindowsEx
DispatchMessageW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Ord(266)
Ord(1873)
Ord(1301)
Ord(11236)
Ord(2064)
Ord(7391)
Ord(908)
Ord(11845)
Ord(1298)
Ord(7548)
Ord(11228)
Ord(1953)
Ord(13567)
Ord(11494)
Ord(7126)
Ord(2045)
Ord(4923)
Ord(6869)
Ord(902)
Ord(1300)
Ord(11209)
Ord(322)
Ord(2185)
Ord(1739)
Ord(2090)
Ord(1945)
Ord(13571)
Ord(14162)
Ord(4290)
Ord(11476)
Ord(8483)
Ord(1292)
Ord(2062)
Ord(3446)
Ord(4086)
Ord(12801)
Ord(4360)
Ord(2091)
Ord(13570)
Ord(3416)
Ord(13605)
Ord(7179)
Ord(2068)
Ord(11477)
Ord(5799)
Ord(4901)
Ord(1984)
Ord(13381)
Ord(3625)
Ord(1302)
Ord(5261)
Ord(13854)
Ord(1934)
Ord(6931)
Ord(890)
Ord(5115)
Ord(11784)
Ord(1905)
Ord(4511)
Ord(2164)
Ord(11240)
Ord(409)
Ord(10976)
Ord(1270)
Ord(7176)
Ord(4794)
Ord(265)
Ord(11864)
Ord(13572)
Ord(323)
Ord(1312)
Ord(2053)
Ord(7393)
Ord(6140)
Ord(1987)
Ord(408)
Ord(11469)
Ord(6922)
Ord(4623)
Ord(13568)
Ord(3413)
Ord(3684)
Ord(4744)
Ord(9328)
Ord(2080)
Ord(2055)
Ord(4792)
Ord(5862)
Ord(8530)
Ord(2088)
Ord(8346)
Ord(7108)
Ord(7624)
Ord(13569)
Ord(6932)
Ord(4645)
Ord(869)
Ord(13267)
Ord(13387)
Ord(4642)
Ord(5118)
Ord(296)
Ord(4338)
Ord(9498)
ReleaseStgMedium
CoInitializeEx
StringFromIID
CoGetMalloc
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
ExifTool file metadata
CodeSize
107008

FileDescription
Avira Shell Extension Library

InitializedDataSize
41984

ImageVersion
0.0

ProductName
Avira Antivirus Premium

FileVersionNumber
13.6.0.400

LanguageCode
Neutral 2

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
13.6.0.400

TimeStamp
2012:12:04 10:19:30+00:00

FileType
Win32 DLL

PEType
PE32

SubsystemVersion
5.1

ProductVersion
13.6.0.400

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
2000 - 2013 Avira Operations GmbH & Co. KG

MachineType
Intel 386 or later, and compatibles

CompanyName
Avira Operations GmbH & Co. KG

LegalTrademarks
AntiVir Avira GmbH.

FileSubtype
0

ProductVersionNumber
13.6.0.400

EntryPoint
0x18771

ObjectFileType
Dynamic link library

File identification
MD5 f89ef9dbaad987c119c7e58d4fb270c5
SHA1 8257323591d775a4c621a7c065ff3f3fc1fcb8b4
SHA256 b02fb8f5ab323e2638e53bcfeff55f26f0832b2b71597d1a1f5898bf22d85805
ssdeep
3072:goH3GbdPXjcQt4JyQI5xMYlCBoFhFV0o+4s/Yd3liHFNvcGs3/3kqAnFOBKn6nv/:WbdLNSJo5xMYsBy0o+4F3AFOBKn4Bx

File size 152.8 KB ( 156448 bytes )
File type Win32 DLL
Magic literal
MS-DOS executable PE for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Windows OCX File (90.7%)
Win32 Executable Generic (6.2%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll

VirusTotal metadata
First submission 2012-12-24 10:14:12 UTC ( 6 years ago )
Last submission 2012-12-24 10:14:12 UTC ( 6 years ago )
File names shlext.dll
shlext.dll
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!