comctl32.dll

  • File Path: C:\Windows\system32\comctl32.dll
  • Description: User Experience Controls Library

Hashes

Type Hash
MD5 181FD36988575B7E8E256820F8B38DC7
SHA1 F5806F295FB352E7C29F7ABF0A5DC6A30B358841
SHA256 53F0871CA7E43F832A9AFCB1A83965FEBD2851D901D75CB8AF194790EF3AF086
SHA384 6D9ABE5EEA1D4F64171F343F1F1AD2D2A325B4BB09D2426E3B1840488807FAE3E4C4A6E78966444558FEF59C9BF75E2A
SHA512 ACE3075622C4D656BB87D2B6EE2FDEC5FE353E903C9CB99E047C15889A24DF23B062882E29D2E24FAE2F3435E34D6C47B10D561F7B44CE8112D67400D2B0DB61
SSDEEP 12288:uQ9JJf95fUagkZsI+AtruHE33rQ0rg+8SCpFSrfwIJ:uQ9JNcp2sI/1J31rgLHSDwa
IMP D15202401C121E13ACFB0EED0FA1C497
PESHA1 03F740FE81B069A4DEAFFB6785A5569755497C5D
PE256 B7369D09FB61CFAE60AF10DE512CDE21C3E0244E1F78D91CDC0F3E0DF7E36925

DLL Exports:

Function Name Ordinal Type
ImageList_GetBkColor 55 Exported Function
ImageList_GetDragImage 56 Exported Function
ImageList_GetFlags 57 Exported Function
ImageList_EndDrag 54 Exported Function
ImageList_DrawEx 51 Exported Function
ImageList_DrawIndirect 52 Exported Function
ImageList_Duplicate 53 Exported Function
ImageList_GetImageRect 62 Exported Function
ImageList_LoadImage 63 Exported Function
ImageList_LoadImageA 64 Exported Function
ImageList_GetImageInfo 61 Exported Function
ImageList_GetIcon 58 Exported Function
ImageList_GetIconSize 59 Exported Function
ImageList_GetImageCount 60 Exported Function
ImageList_Draw 50 Exported Function
ImageList_AddIcon 40 Exported Function
ImageList_AddMasked 41 Exported Function
ImageList_BeginDrag 42 Exported Function
ImageList_Add 39 Exported Function
FreeMRUList 152 Exported Function
GetEffectiveClientRect 4 Exported Function
GetMUILanguage 38 Exported Function
ImageList_DragLeave 47 Exported Function
ImageList_DragMove 48 Exported Function
ImageList_DragShowNolock 49 Exported Function
ImageList_DragEnter 46 Exported Function
ImageList_Copy 43 Exported Function
ImageList_Create 44 Exported Function
ImageList_Destroy 45 Exported Function
ImageList_LoadImageW 65 Exported Function
MenuHelp 2 Exported Function
PropertySheet 86 Exported Function
PropertySheetA 87 Exported Function
MakeDragList 13 Exported Function
InitializeFlatSB 85 Exported Function
InitMUILanguage 84 Exported Function
LBItemFromPt 14 Exported Function
ShowHideMenuCtl 3 Exported Function
Str_SetPtrW 236 Exported Function
UninitializeFlatSB 90 Exported Function
SetWindowSubclass 410 Exported Function
PropertySheetW 88 Exported Function
RegisterClassNameW 89 Exported Function
RemoveWindowSubclass 412 Exported Function
InitCommonControlsEx 83 Exported Function
ImageList_ReplaceIcon 70 Exported Function
ImageList_SetBkColor 75 Exported Function
ImageList_SetDragCursorImage 76 Exported Function
ImageList_Replace 69 Exported Function
ImageList_Merge 66 Exported Function
ImageList_Read 67 Exported Function
ImageList_Remove 68 Exported Function
ImageList_SetOverlayImage 81 Exported Function
ImageList_Write 82 Exported Function
InitCommonControls 17 Exported Function
ImageList_SetImageCount 80 Exported Function
ImageList_SetFilter 77 Exported Function
ImageList_SetFlags 78 Exported Function
ImageList_SetIconSize 79 Exported Function
FlatSB_ShowScrollBar 37 Exported Function
DPA_DeleteAllPtrs 337 Exported Function
DPA_DeletePtr 336 Exported Function
DPA_Destroy 329 Exported Function
DPA_CreateEx 340 Exported Function
DllGetVersion 24 Exported Function
DPA_Clone 331 Exported Function
DPA_Create 328 Exported Function
DPA_Grow 330 Exported Function
DPA_InsertPtr 334 Exported Function
DPA_LoadStream 9 Exported Function
DPA_GetPtrIndex 333 Exported Function
DPA_DestroyCallback 386 Exported Function
DPA_EnumCallback 385 Exported Function
DPA_GetPtr 332 Exported Function
DestroyPropertySheetPage 23 Exported Function
CreatePropertySheetPage 12 Exported Function
CreatePropertySheetPageA 18 Exported Function
CreatePropertySheetPageW 19 Exported Function
CreateMRUListW 400 Exported Function
_TrackMouseEvent 91 Exported Function
AddMRUStringW 401 Exported Function
CreateMappedBitmap 8 Exported Function
CreateToolbarEx 22 Exported Function
CreateUpDownControl 16 Exported Function
DefSubclassProc 413 Exported Function
CreateToolbar 7 Exported Function
CreateStatusWindow 20 Exported Function
CreateStatusWindowA 6 Exported Function
CreateStatusWindowW 21 Exported Function
DPA_Merge 11 Exported Function
FlatSB_EnableScrollBar 27 Exported Function
FlatSB_GetScrollInfo 28 Exported Function
FlatSB_GetScrollPos 29 Exported Function
EnumMRUListW 403 Exported Function
DSA_GetItemPtr 323 Exported Function
DSA_InsertItem 324 Exported Function
DSA_SetItem 325 Exported Function
FlatSB_SetScrollPos 34 Exported Function
FlatSB_SetScrollProp 35 Exported Function
FlatSB_SetScrollRange 36 Exported Function
FlatSB_SetScrollInfo 33 Exported Function
FlatSB_GetScrollProp 30 Exported Function
FlatSB_GetScrollPropPtr 31 Exported Function
FlatSB_GetScrollRange 32 Exported Function
DSA_GetItem 322 Exported Function
DrawInsert 15 Exported Function
DrawStatusText 25 Exported Function
DrawStatusTextA 5 Exported Function
DPA_Sort 338 Exported Function
DPA_SaveStream 10 Exported Function
DPA_Search 339 Exported Function
DPA_SetPtr 335 Exported Function
DSA_Destroy 321 Exported Function
DSA_DestroyCallback 388 Exported Function
DSA_EnumCallback 387 Exported Function
DSA_DeleteItem 326 Exported Function
DrawStatusTextW 26 Exported Function
DSA_Create 320 Exported Function
DSA_DeleteAllItems 327 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: comctl32.DLL.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.10 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/53f0871ca7e43f832a9afcb1a83965febd2851d901d75cb8af194790ef3af086/detection/

Possible Misuse

The following table contains possible examples of comctl32.dll being misused. While comctl32.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_uac_bypass_consent_comctl32.yml description: Detects the pattern of UAC Bypass using consent.exe and comctl32.dll (UACMe 22) DRL 1.0
sigma file_event_win_uac_bypass_consent_comctl32.yml TargetFilename\|endswith: '\comctl32.dll' DRL 1.0
sigma proc_creation_win_uac_bypass_consent_comctl32.yml description: Detects the pattern of UAC Bypass using consent.exe and comctl32.dll (UACMe 22) DRL 1.0
signature-base cn_pentestset_tools.yar $s2 = “Invalid owner=This control requires version 4.70 or greater of COMCTL32.DLL” fullword wide /* PEStudio Blacklist: strings */ CC BY-NC 4.0
signature-base exploit_uac_elevators.yar $s8 = “COMCTL32.dll” ascii CC BY-NC 4.0
signature-base gen_cn_hacktools.yar $s6 = “COMCTL32.DLL” fullword ascii CC BY-NC 4.0
signature-base thor-hacktools.yar $s3 = “COMCTL32.dll” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.