shlwapi.dll

  • File Path: C:\Windows\system32\shlwapi.dll
  • Description: Shell Light-weight Utility Library

Hashes

Type Hash
MD5 8437F5787137FE64F6537094CA4073BE
SHA1 3E918DB7A925254FCB60343DC38F916C23463190
SHA256 3D869349068848B7131254389DB82B696BA4846807152EB14718254C07291C0F
SHA384 ADE1BC6A9C9C86100348A234DED51D4AA36DF95CBB56CAE8102B3A7D842248BE6EAD23D13C5261EA10D5FAFA97005592
SHA512 4753F22815050A055E7A212F515E2F9C2FBBD081C198C0901FA0E7FA1B857D3144946C72EEB2A854D75891E69257053147AA6F1A9F4D3AB0343F76D90E7DBF6F
SSDEEP 6144:KWI9svBsCAS1VwHRZRdVq7ApSaPdPql1lKV2Dk5ux26DQX:KWI9sHAKVSndVq7ApSi9GJg58DQX
IMP B9CABA56C3D01E42910AAD421DFF25D2
PESHA1 F9E8DEC29B5EECE0758FB8DB7EB546F4E94E3318
PE256 35B3FB87F2B52AAF5992D280DCC99B95B19B3AB3B04F51CF0EF3FE05F9F28461

DLL Exports:

Function Name Ordinal Type
SHRegSetPathW 821 Exported Function
SHRegSetUSValueA 822 Exported Function
SHRegSetPathA 820 Exported Function
SHRegQueryUSValueA 818 Exported Function
SHRegQueryUSValueW 819 Exported Function
SHRegSetUSValueW 823 Exported Function
SHRunIndirectRegClientCommand 467 Exported Function
SHSendMessageBroadcastA 432 Exported Function
SHReleaseThreadRef 827 Exported Function
SHRegWriteUSValueA 824 Exported Function
SHRegWriteUSValueW 825 Exported Function
SHRegQueryInfoUSKeyW 817 Exported Function
SHRegGetUSValueW 811 Exported Function
SHRegGetValueA 812 Exported Function
SHRegGetUSValueA 810 Exported Function
SHRegGetPathA 808 Exported Function
SHRegGetPathW 809 Exported Function
SHRegGetValueFromHKCUHKLM 629 Exported Function
SHRegOpenUSKeyW 815 Exported Function
SHRegQueryInfoUSKeyA 816 Exported Function
SHRegOpenUSKeyA 814 Exported Function
SHRegGetValueW 813 Exported Function
SHRegisterValidateTemplate 826 Exported Function
SHSendMessageBroadcastW 433 Exported Function
StrCatW 842 Exported Function
StrChrA 843 Exported Function
StrCatChainW 841 Exported Function
StrCatBuffA 839 Exported Function
StrCatBuffW 840 Exported Function
StrChrIA 844 Exported Function
StrChrW 848 Exported Function
StrCmpCA 155 Exported Function
StrChrNW 847 Exported Function
StrChrIW 845 Exported Function
StrChrNIW 846 Exported Function
SHUnlockShared 9 Exported Function
SHSkipJunction 831 Exported Function
SHStrDupA 832 Exported Function
SHSetValueW 830 Exported Function
SHSetThreadRef 828 Exported Function
SHSetValueA 829 Exported Function
SHStrDupW 833 Exported Function
SHUnicodeToAnsiCP 218 Exported Function
SHUnicodeToUnicode 346 Exported Function
SHUnicodeToAnsi 217 Exported Function
SHStripMneumonicA 203 Exported Function
SHStripMneumonicW 225 Exported Function
SHLoadIndirectString 487 Exported Function
SHLockShared 8 Exported Function
SHIsLowMemoryMachine 785 Exported Function
SHGetViewStatePropertyBag 515 Exported Function
SHIsChildOrSelf 204 Exported Function
SHMessageBoxCheckA 185 Exported Function
SHOpenRegStreamA 788 Exported Function
SHOpenRegStreamW 789 Exported Function
SHOpenRegStream2W 787 Exported Function
SHMessageBoxCheckW 191 Exported Function
SHOpenRegStream2A 786 Exported Function
SHGetValueW 784 Exported Function
SHEnumValueA 779 Exported Function
SHEnumValueW 780 Exported Function
SHEnumKeyExW 778 Exported Function
ShellMessageBoxW 388 Exported Function
SHEnumKeyExA 777 Exported Function
SHFormatDateTimeA 353 Exported Function
SHGetThreadRef 782 Exported Function
SHGetValueA 783 Exported Function
SHGetInverseCMAP 781 Exported Function
SHFormatDateTimeW 354 Exported Function
SHFreeShared 10 Exported Function
SHPackDispParamsV 281 Exported Function
SHRegEnumUSKeyA 802 Exported Function
SHRegEnumUSKeyW 803 Exported Function
SHRegDuplicateHKey 801 Exported Function
SHRegDeleteUSValueA 799 Exported Function
SHRegDeleteUSValueW 800 Exported Function
SHRegEnumUSValueA 804 Exported Function
SHRegGetBoolValueFromHKCUHKLM 630 Exported Function
SHRegGetIntW 280 Exported Function
SHRegGetBoolUSValueW 807 Exported Function
SHRegEnumUSValueW 805 Exported Function
SHRegGetBoolUSValueA 806 Exported Function
SHRegDeleteEmptyUSKeyW 798 Exported Function
SHQueryInfoKeyA 790 Exported Function
SHQueryInfoKeyW 791 Exported Function
SHPropertyBag_WriteBSTR 570 Exported Function
SHPinDllOfCLSID 236 Exported Function
SHPropertyBag_ReadStrAlloc 567 Exported Function
SHQueryValueExA 792 Exported Function
SHRegCreateUSKeyW 796 Exported Function
SHRegDeleteEmptyUSKeyA 797 Exported Function
SHRegCreateUSKeyA 795 Exported Function
SHQueryValueExW 793 Exported Function
SHRegCloseUSKey 794 Exported Function
StrCmpCW 156 Exported Function
UrlApplySchemeA 901 Exported Function
UrlApplySchemeW 902 Exported Function
StrTrimW 900 Exported Function
StrToIntW 898 Exported Function
StrTrimA 899 Exported Function
UrlCanonicalizeA 903 Exported Function
UrlCompareA 907 Exported Function
UrlCompareW 908 Exported Function
UrlCombineW 906 Exported Function
UrlCanonicalizeW 904 Exported Function
UrlCombineA 905 Exported Function
StrToIntExW 897 Exported Function
StrStrIW 889 Exported Function
StrStrNIW 890 Exported Function
StrStrIA 888 Exported Function
StrSpnW 886 Exported Function
StrStrA 887 Exported Function
StrStrNW 891 Exported Function
StrToIntA 895 Exported Function
StrToIntExA 896 Exported Function
StrToInt64ExW 894 Exported Function
StrStrW 892 Exported Function
StrToInt64ExA 893 Exported Function
UrlCreateFromPathA 909 Exported Function
UrlIsW 924 Exported Function
UrlUnescapeA 925 Exported Function
UrlIsOpaqueW 923 Exported Function
UrlIsNoHistoryW 921 Exported Function
UrlIsOpaqueA 922 Exported Function
UrlUnescapeW 926 Exported Function
wvnsprintfA 929 Exported Function
wvnsprintfW 930 Exported Function
wnsprintfW 928 Exported Function
WhichPlatform 276 Exported Function
wnsprintfA 927 Exported Function
UrlIsNoHistoryA 920 Exported Function
UrlFixupW 462 Exported Function
UrlGetLocationA 913 Exported Function
UrlEscapeW 912 Exported Function
UrlCreateFromPathW 910 Exported Function
UrlEscapeA 911 Exported Function
UrlGetLocationW 914 Exported Function
UrlHashW 918 Exported Function
UrlIsA 919 Exported Function
UrlHashA 917 Exported Function
UrlGetPartA 915 Exported Function
UrlGetPartW 916 Exported Function
StrCSpnA 835 Exported Function
StrCSpnIA 836 Exported Function
StrCpyW 857 Exported Function
StrCmpW 855 Exported Function
StrCpyNW 856 Exported Function
StrCSpnIW 837 Exported Function
StrFormatByteSize64A 860 Exported Function
StrFormatByteSizeA 861 Exported Function
StrDupW 859 Exported Function
StrCSpnW 838 Exported Function
StrDupA 858 Exported Function
StrCmpNW 854 Exported Function
StrCmpLogicalW 850 Exported Function
StrCmpNA 851 Exported Function
StrCmpIW 849 Exported Function
StrCmpICA 157 Exported Function
StrCmpICW 158 Exported Function
StrCmpNCA 151 Exported Function
StrCmpNICW 154 Exported Function
StrCmpNIW 853 Exported Function
StrCmpNICA 153 Exported Function
StrCmpNCW 152 Exported Function
StrCmpNIA 852 Exported Function
StrFormatByteSizeEx 862 Exported Function
StrRetToBSTR 880 Exported Function
StrRetToBufA 881 Exported Function
StrRChrW 877 Exported Function
StrRChrIA 875 Exported Function
StrRChrIW 876 Exported Function
StrRetToBufW 882 Exported Function
StrRStrIW 879 Exported Function
StrSpnA 885 Exported Function
StrRStrIA 878 Exported Function
StrRetToStrA 883 Exported Function
StrRetToStrW 884 Exported Function
StrRChrA 874 Exported Function
StrFromTimeIntervalA 866 Exported Function
StrFromTimeIntervalW 867 Exported Function
StrFormatKBSizeW 865 Exported Function
StrFormatByteSizeW 863 Exported Function
StrFormatKBSizeA 864 Exported Function
StrIsIntlEqualA 868 Exported Function
StrPBrkA 872 Exported Function
StrPBrkW 873 Exported Function
StrNCatW 871 Exported Function
StrIsIntlEqualW 869 Exported Function
StrNCatA 870 Exported Function
ShellMessageBoxA 834 Exported Function
PathCommonPrefixA 659 Exported Function
PathCommonPrefixW 660 Exported Function
PathCombineW 658 Exported Function
PathCanonicalizeW 656 Exported Function
PathCombineA 657 Exported Function
PathCompactPathA 661 Exported Function
PathCreateFromUrlA 665 Exported Function
PathCreateFromUrlAlloc 666 Exported Function
PathCompactPathW 664 Exported Function
PathCompactPathExA 662 Exported Function
PathCompactPathExW 663 Exported Function
PathCanonicalizeA 655 Exported Function
PathAddBackslashA 624 Exported Function
PathAddBackslashW 625 Exported Function
ParseURLW 2 Exported Function
MLLoadLibraryW 378 Exported Function
ParseURLA 1 Exported Function
PathAddExtensionA 649 Exported Function
PathBuildRootA 653 Exported Function
PathBuildRootW 654 Exported Function
PathAppendW 652 Exported Function
PathAddExtensionW 650 Exported Function
PathAppendA 651 Exported Function
PathCreateFromUrlW 667 Exported Function
PathGetCharTypeA 682 Exported Function
PathGetCharTypeW 683 Exported Function
PathGetArgsW 681 Exported Function
PathFindSuffixArrayW 679 Exported Function
PathGetArgsA 680 Exported Function
PathGetDriveNumberA 684 Exported Function
PathIsDirectoryA 688 Exported Function
PathIsDirectoryEmptyA 689 Exported Function
PathIsContentTypeW 687 Exported Function
PathGetDriveNumberW 685 Exported Function
PathIsContentTypeA 686 Exported Function
PathFindSuffixArrayA 678 Exported Function
PathFindExtensionA 670 Exported Function
PathFindExtensionW 671 Exported Function
PathFileExistsW 669 Exported Function
PathFileExistsA 668 Exported Function
PathFileExistsAndAttributesW 446 Exported Function
PathFindFileNameA 672 Exported Function
PathFindOnPathA 676 Exported Function
PathFindOnPathW 677 Exported Function
PathFindNextComponentW 675 Exported Function
PathFindFileNameW 673 Exported Function
PathFindNextComponentA 674 Exported Function
DelayLoadFailureHook 569 Exported Function
DllGetClassObject 608 Exported Function
ConnectToConnectionPoint 168 Exported Function
ColorHLSToRGB 595 Exported Function
ColorRGBToHLS 607 Exported Function
DllGetVersion 609 Exported Function
GUIDFromStringW 270 Exported Function
HashData 612 Exported Function
GetMenuPosFromID 610 Exported Function
GetAcceptLanguagesA 14 Exported Function
GetAcceptLanguagesW 15 Exported Function
ColorAdjustLuma 594 Exported Function
AssocQueryKeyA 586 Exported Function
AssocQueryKeyW 587 Exported Function
AssocIsDangerous 585 Exported Function
AssocCreate 579 Exported Function
AssocGetPerceivedType 584 Exported Function
AssocQueryStringA 588 Exported Function
ChrCmpIA 592 Exported Function
ChrCmpIW 593 Exported Function
AssocQueryStringW 591 Exported Function
AssocQueryStringByKeyA 589 Exported Function
AssocQueryStringByKeyW 590 Exported Function
IntlStrEqWorkerA 620 Exported Function
IUnknown_Exec 164 Exported Function
IUnknown_GetSite 256 Exported Function
IUnknown_AtomicRelease 169 Exported Function
IStream_WritePidl 513 Exported Function
IStream_WriteStr 597 Exported Function
IUnknown_GetWindow 172 Exported Function
IUnknown_SetSite 174 Exported Function
MLLoadLibraryA 377 Exported Function
IUnknown_Set 199 Exported Function
IUnknown_QueryService 176 Exported Function
IUnknown_QueryStatus 163 Exported Function
IStream_Write 212 Exported Function
IsInternetESCEnabled 553 Exported Function
IsOS 437 Exported Function
IsCharSpaceW 29 Exported Function
IntlStrEqWorkerW 622 Exported Function
IsCharSpaceA 623 Exported Function
IStream_Copy 568 Exported Function
IStream_Reset 213 Exported Function
IStream_Size 214 Exported Function
IStream_ReadStr 596 Exported Function
IStream_Read 184 Exported Function
IStream_ReadPidl 512 Exported Function
PathIsDirectoryEmptyW 690 Exported Function
PathUndecorateW 755 Exported Function
PathUnExpandEnvStringsA 752 Exported Function
PathUndecorateA 754 Exported Function
PathStripToRootA 750 Exported Function
PathStripToRootW 751 Exported Function
PathUnExpandEnvStringsW 753 Exported Function
PathUnquoteSpacesW 759 Exported Function
QISearch 219 Exported Function
PathUnquoteSpacesA 758 Exported Function
PathUnmakeSystemFolderA 756 Exported Function
PathUnmakeSystemFolderW 757 Exported Function
PathStripPathW 749 Exported Function
PathRenameExtensionW 741 Exported Function
PathSearchAndQualifyA 742 Exported Function
PathRenameExtensionA 740 Exported Function
PathRemoveFileSpecA 738 Exported Function
PathRemoveFileSpecW 739 Exported Function
PathSearchAndQualifyW 743 Exported Function
PathSkipRootW 747 Exported Function
PathStripPathA 748 Exported Function
PathSkipRootA 746 Exported Function
PathSetDlgItemPathA 744 Exported Function
PathSetDlgItemPathW 745 Exported Function
SHAllocShared 7 Exported Function
SHDeleteEmptyKeyA 769 Exported Function
SHDeleteEmptyKeyW 770 Exported Function
SHCreateWorkerWindowW 278 Exported Function
SHCreateThreadRef 768 Exported Function
SHCreateThreadWithHandle 615 Exported Function
SHDeleteKeyA 771 Exported Function
SHDeleteValueA 775 Exported Function
SHDeleteValueW 776 Exported Function
SHDeleteOrphanKeyW 774 Exported Function
SHDeleteKeyW 772 Exported Function
SHDeleteOrphanKeyA 773 Exported Function
SHCreateThread 16 Exported Function
SHCopyKeyA 761 Exported Function
SHCopyKeyW 762 Exported Function
SHAutoComplete 760 Exported Function
SHAnsiToAnsi 345 Exported Function
SHAnsiToUnicode 215 Exported Function
SHCreateMemStream 12 Exported Function
SHCreateStreamOnFileW 766 Exported Function
SHCreateStreamWrapper 767 Exported Function
SHCreateStreamOnFileEx 765 Exported Function
SHCreateShellPalette 763 Exported Function
SHCreateStreamOnFileA 764 Exported Function
PathIsSystemFolderA 706 Exported Function
PathIsSystemFolderW 707 Exported Function
PathIsSameRootW 705 Exported Function
PathIsRootW 703 Exported Function
PathIsSameRootA 704 Exported Function
PathIsUNCA 708 Exported Function
PathIsUNCServerW 712 Exported Function
PathIsUNCW 713 Exported Function
PathIsUNCServerShareW 711 Exported Function
PathIsUNCServerA 709 Exported Function
PathIsUNCServerShareA 710 Exported Function
PathIsRootA 702 Exported Function
PathIsLFNFileSpecA 694 Exported Function
PathIsLFNFileSpecW 695 Exported Function
PathIsFileSpecW 693 Exported Function
PathIsDirectoryW 691 Exported Function
PathIsFileSpecA 692 Exported Function
PathIsNetworkPathA 696 Exported Function
PathIsRelativeA 700 Exported Function
PathIsRelativeW 701 Exported Function
PathIsPrefixW 699 Exported Function
PathIsNetworkPathW 697 Exported Function
PathIsPrefixA 698 Exported Function
PathIsURLA 714 Exported Function
PathRemoveArgsA 730 Exported Function
PathRemoveArgsW 731 Exported Function
PathRelativePathToW 729 Exported Function
PathQuoteSpacesW 727 Exported Function
PathRelativePathToA 728 Exported Function
PathRemoveBackslashA 732 Exported Function
PathRemoveExtensionA 736 Exported Function
PathRemoveExtensionW 737 Exported Function
PathRemoveBlanksW 735 Exported Function
PathRemoveBackslashW 733 Exported Function
PathRemoveBlanksA 734 Exported Function
PathQuoteSpacesA 726 Exported Function
PathMakeSystemFolderA 718 Exported Function
PathMakeSystemFolderW 719 Exported Function
PathMakePrettyW 717 Exported Function
PathIsURLW 715 Exported Function
PathMakePrettyA 716 Exported Function
PathMatchSpecA 720 Exported Function
PathParseIconLocationA 724 Exported Function
PathParseIconLocationW 725 Exported Function
PathMatchSpecW 723 Exported Function
PathMatchSpecExA 721 Exported Function
PathMatchSpecExW 722 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SHLWAPI.DLL.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/3d869349068848b7131254389db82b696ba4846807152eb14718254c07291c0f/detection/

Possible Misuse

The following table contains possible examples of shlwapi.dll being misused. While shlwapi.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base crime_icedid.yar $string3 = “SHLWAPI.dll” fullword CC BY-NC 4.0
signature-base crime_ransom_darkside.yar $knownDLLs2 = “SHLWAPI.dll” fullword CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.