apphelp.dll

  • File Path: C:\Windows\SysWOW64\apphelp.dll
  • Description: Application Compatibility Client Library

Hashes

Type Hash
MD5 7B2A4676F1F245E0DA12EA1610D21A5B
SHA1 DCE9B5A40021AF88047912B91A184C47F2AFEC59
SHA256 9EE4D74CCAF5A4D9995DAFAC34450FE96F0F8F13B031A5C102311AFE9A8E5BF7
SHA384 1FA34E5F0983E1CBA9BDB5EC4900A70E7F69908394C699A75B7C7DDFB7938BFECD0819CC53F7885755828CA412486CA1
SHA512 DFDC578163AA02984B80098DE0633168BCDBE20EFF1D8884270027E99249F41E2E044845EE769BF14DBBC080811A4701F9FF0F2FEEEDE96008E2951AA7D35D22
SSDEEP 12288:+u17r15JYPrae7Mu5rZ1uRfrpAn9GKWjVHO5fw95:p7rzCPuYMu5rZmdAn9GVHO5Y95
IMP 1716F8475C67EF5051A25334B9D8E226
PESHA1 8879EECF2A2AFB6F1AEB33EC5D7B8D56FF0875CB
PE256 16190E86C84116FD14B882C25FD44858572F464ECEF80A1D5CD625A75CAF0AD3

DLL Exports:

Function Name Ordinal Type
SdbReadPatchBits 216 Exported Function
SdbReadMsiTransformInfo 215 Exported Function
SdbReadEntryInformation 214 Exported Function
SdbReadQWORDTag 217 Exported Function
SdbReadStringTagRef 220 Exported Function
SdbReadStringTag 219 Exported Function
SdbReadQWORDTagRef 218 Exported Function
SdbReadBinaryTag 211 Exported Function
SdbReadApphelpDetailsData 208 Exported Function
SdbReadApphelpData 207 Exported Function
SdbReadBYTETag 209 Exported Function
SdbReadDWORDTagRef 213 Exported Function
SdbReadDWORDTag 212 Exported Function
SdbReadBYTETagRef 210 Exported Function
SdbSetImageType 230 Exported Function
SdbSetEntryFlags 229 Exported Function
SdbSetApphelpDebugParameters 228 Exported Function
SdbSetPermLayerKeys 231 Exported Function
SdbStartIndexing 234 Exported Function
SdbShowApphelpFromQuery 233 Exported Function
SdbShowApphelpDialog 232 Exported Function
SdbRegisterDatabase 223 Exported Function
SdbReadWORDTagRef 222 Exported Function
SdbReadWORDTag 221 Exported Function
SdbRegisterDatabaseEx 224 Exported Function
SdbResolveDatabase 227 Exported Function
SdbReleaseMatchingExe 226 Exported Function
SdbReleaseDatabase 225 Exported Function
SdbOpenApphelpDetailsDatabase 188 Exported Function
SdbMakeIndexKeyFromString 187 Exported Function
SdbLoadString 186 Exported Function
SdbOpenApphelpDetailsDatabaseSP 189 Exported Function
SdbOpenApphelpResourceFile 192 Exported Function
SdbOpenApphelpInformationByID 191 Exported Function
SdbOpenApphelpInformation 190 Exported Function
SdbIsDbRuntimePlatformSupportedOnHost 181 Exported Function
SdbInitDatabaseEx 180 Exported Function
SdbInitDatabase 179 Exported Function
SdbIsNullGUID 182 Exported Function
SdbIsTagrefFromMainDB 185 Exported Function
SdbIsTagrefFromLocalDB 184 Exported Function
SdbIsStandardDatabase 183 Exported Function
SdbQueryDataExTagID 202 Exported Function
SdbQueryDataEx 201 Exported Function
SdbQueryData 200 Exported Function
SdbQueryFlagInfo 203 Exported Function
SdbQueryReinstallUpgrade 206 Exported Function
SdbQueryName 205 Exported Function
SdbQueryFlagMask 204 Exported Function
SdbOpenLocalDatabase 195 Exported Function
SdbOpenDbFromGuid 194 Exported Function
SdbOpenDatabase 193 Exported Function
SdbPackAppCompatData 196 Exported Function
SdbQueryContext 199 Exported Function
SdbQueryBlockUpgrade 198 Exported Function
SdbQueryApphelpInformation 197 Exported Function
SdbStopIndexing 235 Exported Function
SE_InitializeEngine 84 Exported Function
SE_GetShimId 83 Exported Function
SE_GetShimCount 82 Exported Function
SE_InstallAfterInit 85 Exported Function
SE_LdrEntryRemoved 88 Exported Function
SE_IsShimDll 87 Exported Function
SE_InstallBeforeInit 86 Exported Function
SE_GetHookAPIs 77 Exported Function
SE_DynamicShim 76 Exported Function
SE_DllUnloaded 75 Exported Function
SE_GetMaxShimCount 78 Exported Function
SE_GetProcAddressLoad 81 Exported Function
SE_GetProcAddressIgnoreIncExc 80 Exported Function
SE_GetProcAddressForCaller 79 Exported Function
SetPermLayerState 255 Exported Function
SetPermLayers 257 Exported Function
SE_WINRT_HookObject 96 Exported Function
SetPermLayerStateEx 256 Exported Function
ShimFlushCache 260 Exported Function
ShimDumpCache 259 Exported Function
ShimDbgPrint 258 Exported Function
SE_LookupCaller 91 Exported Function
SE_LookupAddress 90 Exported Function
SE_LdrResolveDllName 89 Exported Function
SE_ProcessDying 92 Exported Function
SE_WINRT_AddHook 95 Exported Function
SE_ShimDPF 93 Exported Function
SE_ShimDllLoaded 94 Exported Function
SdbWriteBinaryTag 246 Exported Function
SdbUnregisterDatabase 244 Exported Function
SdbUnpackQueryResult 243 Exported Function
SdbWriteBinaryTagFromFile 247 Exported Function
SdbWriteNULLTag 249 Exported Function
SdbWriteDWORDTag 248 Exported Function
SdbWriteBYTETag 245 Exported Function
SdbStringReplaceArray 238 Exported Function
SdbStringReplace 237 Exported Function
SdbStringDuplicate 236 Exported Function
SdbTagIDToTagRef 239 Exported Function
SdbUnpackAppCompatData 242 Exported Function
SdbTagToString 241 Exported Function
SdbTagRefToTagID 240 Exported Function
SE_COM_AddServer 70 Exported Function
SE_COM_AddHook 69 Exported Function
SE_CALLBACK_Lookup 68 Exported Function
SE_COM_HookInterface 71 Exported Function
SE_DllLoaded 74 Exported Function
SE_COM_Lookup 73 Exported Function
SE_COM_HookObject 72 Exported Function
SdbWriteStringTag 252 Exported Function
SdbWriteStringRefTag 251 Exported Function
SdbWriteQWORDTag 250 Exported Function
SdbWriteStringTagDirect 253 Exported Function
SE_CALLBACK_AddHook 67 Exported Function
SE_AddHookset 66 Exported Function
SdbWriteWORDTag 254 Exported Function
SdbCloseApphelpInformation 103 Exported Function
SdbBuildCompatEnvVariables 102 Exported Function
SdbBeginWriteListTag 101 Exported Function
SdbCloseDatabase 104 Exported Function
SdbCommitIndexes 107 Exported Function
SdbCloseLocalDatabase 106 Exported Function
SdbCloseDatabaseWrite 105 Exported Function
GetPermLayers 65 Exported Function
DWM8And16Bit_RestoreDisplayMode_CallOut 40 Exported Function
DWM8And16Bit_IsShimApplied_CallOut 39 Exported Function
SdbAddLayerTagRefToQuery 97 Exported Function
SdbApphelpNotifyEx2 99 Exported Function
SdbApphelpNotifyEx 100 Exported Function
SdbApphelpNotify 98 Exported Function
SdbFindCustomActionForPackage 117 Exported Function
SdbEscapeApphelpURL 116 Exported Function
SdbEnumMsiTransforms 115 Exported Function
SdbFindFirstDWORDIndexedTag 118 Exported Function
SdbFindFirstMsiPackage_Str 121 Exported Function
SdbFindFirstMsiPackage 120 Exported Function
SdbFindFirstGUIDIndexedTag 119 Exported Function
SdbCreateMsiTransformFile 110 Exported Function
SdbCreateHelpCenterURL 109 Exported Function
SdbCreateDatabase 108 Exported Function
SdbDeclareIndex 111 Exported Function
SdbEndWriteListTag 114 Exported Function
SdbDumpSearchPathPartCaches 113 Exported Function
SdbDeletePermLayerKeys 112 Exported Function
ApphelpChpeModSettingsFromQueryResult 50 Exported Function
ApphelpCheckShellObject 49 Exported Function
ApphelpCheckRunAppEx 48 Exported Function
ApphelpCreateAppcompatData 51 Exported Function
ApphelpFreeFileAttributes 54 Exported Function
ApphelpFixMsiPackageExe 53 Exported Function
ApphelpFixMsiPackage 52 Exported Function
ApphelpCheckIME 43 Exported Function
ApphelpCheckExe 42 Exported Function
AllowPermLayer 41 Exported Function
ApphelpCheckInstallShieldPackage 44 Exported Function
ApphelpCheckRunApp 47 Exported Function
ApphelpCheckMsiPackage 46 Exported Function
ApphelpCheckModule 45 Exported Function
ApphelpUpdateCacheEntry 64 Exported Function
ApphelpShowDialog 63 Exported Function
ApphelpQueryModuleDataEx 62 Exported Function
DWM8And16Bit_ChangeDisplaySettingsExW_CallOut 35 Exported Function
DWM8And16Bit_EnumDisplaySettingsExW_CallOut 38 Exported Function
DWM8And16Bit_DirectDrawCreateEx_CallOut 36 Exported Function
DWM8And16Bit_DirectDrawCreate_CallOut 37 Exported Function
ApphelpGetNTVDMInfo 57 Exported Function
ApphelpGetMsiProperties 56 Exported Function
ApphelpGetFileAttributes 55 Exported Function
ApphelpGetShimDebugLevel 58 Exported Function
ApphelpQueryModuleData 61 Exported Function
ApphelpParseModuleData 60 Exported Function
ApphelpIsPortMonAllowed 59 Exported Function
SdbFindFirstNamedTag 122 Exported Function
SdbGetMatchingExe 162 Exported Function
SdbGetLocalPDB 161 Exported Function
SdbGetLayerTagRef 160 Exported Function
SdbGetMsiPackageInformation 163 Exported Function
SdbGetNthUserSdb 166 Exported Function
SdbGetNextChild 165 Exported Function
SdbGetNamedLayer 164 Exported Function
SdbGetFirstChild 155 Exported Function
SdbGetFileInfo 154 Exported Function
SdbGetFileImageTypeEx 153 Exported Function
SdbGetImageType 156 Exported Function
SdbGetLayerName 159 Exported Function
SdbGetItemFromItemRef 158 Exported Function
SdbGetIndex 157 Exported Function
SdbGetTagFromTagID 176 Exported Function
SdbGetTagDataSize 175 Exported Function
SdbGetStringTagPtr 174 Exported Function
SdbGrabMatchingInfo 177 Exported Function
SdbGUIDToString 139 Exported Function
SdbGUIDFromString 138 Exported Function
SdbGrabMatchingInfoEx 178 Exported Function
SdbGetPDBFromGUID 167 Exported Function
SdbGetPathSystemSdb 169 Exported Function
SdbGetPathCustomSdb 168 Exported Function
SdbGetPermLayerKeys 170 Exported Function
SdbGetStandardDatabaseGUID 173 Exported Function
SdbGetShowDebugInfoOptionValue 172 Exported Function
SdbGetShowDebugInfoOption 171 Exported Function
SdbFindNextTagRef 132 Exported Function
SdbFindNextTag 131 Exported Function
SdbFindNextStringIndexedTag 130 Exported Function
SdbFormatAttribute 133 Exported Function
SdbFreeFileInfo 136 Exported Function
SdbFreeFileAttributes 135 Exported Function
SdbFreeDatabaseInformation 134 Exported Function
SdbFindFirstTagRef 125 Exported Function
SdbFindFirstTag 124 Exported Function
SdbFindFirstStringIndexedTag 123 Exported Function
SdbFindMsiPackageByID 126 Exported Function
SdbFindNextMsiPackage 129 Exported Function
SdbFindNextGUIDIndexedTag 128 Exported Function
SdbFindNextDWORDIndexedTag 127 Exported Function
SdbGetDatabaseVersion 148 Exported Function
SdbGetDatabaseMatch 147 Exported Function
SdbGetDatabaseInformationByName 146 Exported Function
SdbGetDllPath 149 Exported Function
SdbGetFileImageType 152 Exported Function
SdbGetFileAttributes 151 Exported Function
SdbGetEntryFlags 150 Exported Function
SdbGetAppPatchDir 141 Exported Function
SdbGetAppCompatDataSize 140 Exported Function
SdbFreeFlagInfo 137 Exported Function
SdbGetBinaryTagData 142 Exported Function
SdbGetDatabaseInformation 145 Exported Function
SdbGetDatabaseID 144 Exported Function
SdbGetDatabaseGUID 143 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Apphelp
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/65
  • VirusTotal Link: https://www.virustotal.com/gui/file/9ee4d74ccaf5a4d9995dafac34450fe96f0f8f13b031a5c102311afe9a8e5bf7/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\system32\apphelp.dll 33

Possible Misuse

The following table contains possible examples of apphelp.dll being misused. While apphelp.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_shimcache_flush.yml - 'apphelp.dll' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.