apphelp.dll

  • File Path: C:\Windows\system32\apphelp.dll
  • Description: Application Compatibility Client Library

Hashes

Type Hash
MD5 C6A2EA8C36C855AE178E83CCF223927A
SHA1 B2337462DFA1374CCDB5FDE425AFAC32D727E3B7
SHA256 BB93758EB2EA6CE141DE22401765E281C4BAD2C65D8C23E15CCF261475FB0F0B
SHA384 87F022BFE2D7A0A81E1F0B6AE025FE4180C4167125E50409E21FF3689E4EE733E2C20C483C6F9B0672EDE6A219A32F50
SHA512 335FA28ED6A693E47E388234D4F419A10675AEA8E18BF9006D23F43F2E4C03D1C2E82AE385624AA71B8ED6FF72DC88A5F8676F789F1E9B002CE11774A937FADC
SSDEEP 12288:Is0bKRqh2Cwol/2+eJ1P9+AQjAcRUBaMRPnhxcbKWjVHO5:y7o+AQ1RlInhxcrVHO5
IMP 5C8954A2CCAA6D01B27343336271E2CA
PESHA1 CB504540B0F62399C8111D729D78EC783EABDCBD
PE256 EF49EE1417F793D4E4C7A05523B319EF8ADEE2F32E1E48EC4DADA06E1981E513

DLL Exports:

Function Name Ordinal Type
SdbReadStringTag 213 Exported Function
SdbReadQWORDTagRef 212 Exported Function
SdbReadQWORDTag 211 Exported Function
SdbReadWORDTagRef 216 Exported Function
SdbReadWORDTag 215 Exported Function
SdbReadStringTagRef 214 Exported Function
SdbReadPatchBits 210 Exported Function
SdbReadDWORDTag 206 Exported Function
SdbReadBYTETagRef 204 Exported Function
SdbReadBYTETag 203 Exported Function
SdbReadMsiTransformInfo 209 Exported Function
SdbReadEntryInformation 208 Exported Function
SdbReadDWORDTagRef 207 Exported Function
SdbRegisterDatabase 217 Exported Function
SdbShowApphelpFromQuery 227 Exported Function
SdbShowApphelpDialog 226 Exported Function
SdbSetPermLayerKeys 225 Exported Function
SdbStringDuplicate 230 Exported Function
SdbStopIndexing 229 Exported Function
SdbStartIndexing 228 Exported Function
SdbSetImageType 224 Exported Function
SdbReleaseMatchingExe 220 Exported Function
SdbReleaseDatabase 219 Exported Function
SdbRegisterDatabaseEx 218 Exported Function
SdbSetEntryFlags 223 Exported Function
SdbSetApphelpDebugParameters 222 Exported Function
SdbResolveDatabase 221 Exported Function
SdbReadBinaryTag 205 Exported Function
SdbOpenApphelpInformationByID 185 Exported Function
SdbOpenApphelpInformation 184 Exported Function
SdbOpenApphelpDetailsDatabaseSP 183 Exported Function
SdbOpenDbFromGuid 188 Exported Function
SdbOpenDatabase 187 Exported Function
SdbOpenApphelpResourceFile 186 Exported Function
SdbOpenApphelpDetailsDatabase 182 Exported Function
SdbIsTagrefFromLocalDB 178 Exported Function
SdbIsStandardDatabase 177 Exported Function
SdbIsNullGUID 176 Exported Function
SdbMakeIndexKeyFromString 181 Exported Function
SdbLoadString 180 Exported Function
SdbIsTagrefFromMainDB 179 Exported Function
SdbOpenLocalDatabase 189 Exported Function
SdbQueryName 199 Exported Function
SdbQueryFlagMask 198 Exported Function
SdbQueryFlagInfo 197 Exported Function
SdbReadApphelpDetailsData 202 Exported Function
SdbReadApphelpData 201 Exported Function
SdbQueryReinstallUpgrade 200 Exported Function
SdbQueryDataExTagID 196 Exported Function
SdbQueryBlockUpgrade 192 Exported Function
SdbQueryApphelpInformation 191 Exported Function
SdbPackAppCompatData 190 Exported Function
SdbQueryDataEx 195 Exported Function
SdbQueryData 194 Exported Function
SdbQueryContext 193 Exported Function
SE_InstallAfterInit 79 Exported Function
SE_InitializeEngine 78 Exported Function
SE_GetShimId 77 Exported Function
SE_LdrEntryRemoved 82 Exported Function
SE_IsShimDll 81 Exported Function
SE_InstallBeforeInit 80 Exported Function
SE_GetShimCount 76 Exported Function
SE_GetMaxShimCount 72 Exported Function
SE_GetHookAPIs 71 Exported Function
SE_DynamicShim 70 Exported Function
SE_GetProcAddressLoad 75 Exported Function
SE_GetProcAddressIgnoreIncExc 74 Exported Function
SE_GetProcAddressForCaller 73 Exported Function
SE_LdrResolveDllName 83 Exported Function
SetPermLayerStateEx 250 Exported Function
SetPermLayerState 249 Exported Function
SetPermLayers 251 Exported Function
ShimFlushCache 254 Exported Function
ShimDumpCache 253 Exported Function
ShimDbgPrint 252 Exported Function
SE_WINRT_HookObject 90 Exported Function
SE_ProcessDying 86 Exported Function
SE_LookupCaller 85 Exported Function
SE_LookupAddress 84 Exported Function
SE_WINRT_AddHook 89 Exported Function
SE_ShimDPF 87 Exported Function
SE_ShimDllLoaded 88 Exported Function
SE_DllUnloaded 69 Exported Function
SdbWriteBinaryTagFromFile 241 Exported Function
SdbWriteBinaryTag 240 Exported Function
SdbUnregisterDatabase 238 Exported Function
SdbWriteNULLTag 243 Exported Function
SdbWriteDWORDTag 242 Exported Function
SdbWriteBYTETag 239 Exported Function
SdbUnpackQueryResult 237 Exported Function
SdbTagIDToTagRef 233 Exported Function
SdbStringReplaceArray 232 Exported Function
SdbStringReplace 231 Exported Function
SdbUnpackAppCompatData 236 Exported Function
SdbTagToString 235 Exported Function
SdbTagRefToTagID 234 Exported Function
SdbWriteQWORDTag 244 Exported Function
SE_COM_HookInterface 65 Exported Function
SE_COM_AddServer 64 Exported Function
SE_COM_AddHook 63 Exported Function
SE_DllLoaded 68 Exported Function
SE_COM_Lookup 67 Exported Function
SE_COM_HookObject 66 Exported Function
SE_CALLBACK_Lookup 62 Exported Function
SdbWriteStringTagDirect 247 Exported Function
SdbWriteStringTag 246 Exported Function
SdbWriteStringRefTag 245 Exported Function
SE_CALLBACK_AddHook 61 Exported Function
SE_AddHookset 60 Exported Function
SdbWriteWORDTag 248 Exported Function
SdbCreateHelpCenterURL 103 Exported Function
SdbCreateDatabase 102 Exported Function
SdbCommitIndexes 101 Exported Function
SdbDeletePermLayerKeys 106 Exported Function
SdbDeclareIndex 105 Exported Function
SdbCreateMsiTransformFile 104 Exported Function
SdbCloseLocalDatabase 100 Exported Function
SdbBuildCompatEnvVariables 96 Exported Function
SdbBeginWriteListTag 95 Exported Function
SdbApphelpNotifyEx2 94 Exported Function
SdbCloseDatabaseWrite 99 Exported Function
SdbCloseDatabase 98 Exported Function
SdbCloseApphelpInformation 97 Exported Function
SdbDumpSearchPathPartCaches 107 Exported Function
SdbFindFirstStringIndexedTag 117 Exported Function
SdbFindFirstNamedTag 116 Exported Function
SdbFindFirstMsiPackage_Str 115 Exported Function
SdbFindMsiPackageByID 120 Exported Function
SdbFindFirstTagRef 119 Exported Function
SdbFindFirstTag 118 Exported Function
SdbFindFirstMsiPackage 114 Exported Function
SdbEscapeApphelpURL 110 Exported Function
SdbEnumMsiTransforms 109 Exported Function
SdbEndWriteListTag 108 Exported Function
SdbFindFirstGUIDIndexedTag 113 Exported Function
SdbFindFirstDWORDIndexedTag 112 Exported Function
SdbFindCustomActionForPackage 111 Exported Function
SdbApphelpNotifyEx 93 Exported Function
ApphelpChpeModSettingsFromQueryResult 44 Exported Function
ApphelpCheckShellObject 43 Exported Function
ApphelpCheckRunAppEx 42 Exported Function
ApphelpFixMsiPackageExe 47 Exported Function
ApphelpFixMsiPackage 46 Exported Function
ApphelpCreateAppcompatData 45 Exported Function
ApphelpCheckRunApp 41 Exported Function
ApphelpCheckIME 37 Exported Function
ApphelpCheckExe 36 Exported Function
AllowPermLayer 35 Exported Function
ApphelpCheckMsiPackage 40 Exported Function
ApphelpCheckModule 39 Exported Function
ApphelpCheckInstallShieldPackage 38 Exported Function
ApphelpFreeFileAttributes 48 Exported Function
ApphelpUpdateCacheEntry 58 Exported Function
ApphelpShowDialog 57 Exported Function
ApphelpQueryModuleDataEx 56 Exported Function
SdbApphelpNotify 92 Exported Function
SdbAddLayerTagRefToQuery 91 Exported Function
GetPermLayers 59 Exported Function
ApphelpQueryModuleData 55 Exported Function
ApphelpGetNTVDMInfo 51 Exported Function
ApphelpGetMsiProperties 50 Exported Function
ApphelpGetFileAttributes 49 Exported Function
ApphelpParseModuleData 54 Exported Function
ApphelpIsPortMonAllowed 53 Exported Function
ApphelpGetShimDebugLevel 52 Exported Function
SdbGetNthUserSdb 160 Exported Function
SdbGetNextChild 159 Exported Function
SdbGetNamedLayer 158 Exported Function
SdbGetPDBFromGUID 161 Exported Function
SdbGetPathSystemSdb 163 Exported Function
SdbGetPathCustomSdb 162 Exported Function
SdbGetMsiPackageInformation 157 Exported Function
SdbGetLayerName 153 Exported Function
SdbGetItemFromItemRef 152 Exported Function
SdbGetIndex 151 Exported Function
SdbGetMatchingExe 156 Exported Function
SdbGetLocalPDB 155 Exported Function
SdbGetLayerTagRef 154 Exported Function
SdbGetPermLayerKeys 164 Exported Function
SdbGUIDToString 133 Exported Function
SdbGUIDFromString 132 Exported Function
SdbGrabMatchingInfoEx 172 Exported Function
SdbIsDbRuntimePlatformSupportedOnHost 175 Exported Function
SdbInitDatabaseEx 174 Exported Function
SdbInitDatabase 173 Exported Function
SdbGrabMatchingInfo 171 Exported Function
SdbGetStandardDatabaseGUID 167 Exported Function
SdbGetShowDebugInfoOptionValue 166 Exported Function
SdbGetShowDebugInfoOption 165 Exported Function
SdbGetTagFromTagID 170 Exported Function
SdbGetTagDataSize 169 Exported Function
SdbGetStringTagPtr 168 Exported Function
SdbGetImageType 150 Exported Function
SdbFreeFileInfo 130 Exported Function
SdbFreeFileAttributes 129 Exported Function
SdbFreeDatabaseInformation 128 Exported Function
SdbGetAppPatchDir 135 Exported Function
SdbGetAppCompatDataSize 134 Exported Function
SdbFreeFlagInfo 131 Exported Function
SdbFormatAttribute 127 Exported Function
SdbFindNextMsiPackage 123 Exported Function
SdbFindNextGUIDIndexedTag 122 Exported Function
SdbFindNextDWORDIndexedTag 121 Exported Function
SdbFindNextTagRef 126 Exported Function
SdbFindNextTag 125 Exported Function
SdbFindNextStringIndexedTag 124 Exported Function
SdbGetBinaryTagData 136 Exported Function
SdbGetFileImageType 146 Exported Function
SdbGetFileAttributes 145 Exported Function
SdbGetEntryFlags 144 Exported Function
SdbGetFirstChild 149 Exported Function
SdbGetFileInfo 148 Exported Function
SdbGetFileImageTypeEx 147 Exported Function
SdbGetDllPath 143 Exported Function
SdbGetDatabaseInformation 139 Exported Function
SdbGetDatabaseID 138 Exported Function
SdbGetDatabaseGUID 137 Exported Function
SdbGetDatabaseVersion 142 Exported Function
SdbGetDatabaseMatch 141 Exported Function
SdbGetDatabaseInformationByName 140 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Apphelp
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/bb93758eb2ea6ce141de22401765e281c4bad2c65d8c23e15ccf261475fb0f0b/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\SysWOW64\apphelp.dll 33

Possible Misuse

The following table contains possible examples of apphelp.dll being misused. While apphelp.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_shimcache_flush.yml - 'apphelp.dll' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.