comctl32.dll

  • File Path: C:\Windows\SysWOW64\comctl32.dll
  • Description: User Experience Controls Library

Hashes

Type Hash
MD5 CA60795A3158AB3D9BA0E69A3A30A5C9
SHA1 FF6EEAC55596F16B19EBE1348EB6AC6364D94E91
SHA256 07C489F6E617D94D9564997E00A9BC17EC13780E06778A3A5F228988B8070EF1
SHA384 10DE60B46902D94B45AC9122B3E69D6028CC0C4B8C8A7CF669FF7A4A7202B2DE330B82512EF65F7DBCD06FE2A4C6D315
SHA512 488DBA51C288DB02D2ECA9A4D50FC9360A139A355F407F1FACE527575462BFA56B404A4125D801F0ED648602517A09CAFCB8F1CE53C89F6962F6E966DC4B0601
SSDEEP 12288:l7aUcPyjDZ0lCcu4eaN2t8Eejj8W8sVqm8fdnqz04OAfwILN7:l7HiyjDulCc6aN2t8EejjqsVH8fdnqY4
IMP 8B84204D8411BBF33F3F1E9C08DB779B
PESHA1 1E10AD13BDA9161C3B2E933EACCC360F96417BFB
PE256 DF43D3EC1C5AB82E2087F77D900246940FFA8278849D0891F627C27553094C16

DLL Exports:

Function Name Ordinal Type
ImageList_GetBkColor 54 Exported Function
ImageList_GetDragImage 55 Exported Function
ImageList_GetFlags 56 Exported Function
ImageList_EndDrag 53 Exported Function
ImageList_DrawEx 50 Exported Function
ImageList_DrawIndirect 51 Exported Function
ImageList_Duplicate 52 Exported Function
ImageList_GetImageRect 61 Exported Function
ImageList_LoadImage 62 Exported Function
ImageList_LoadImageA 63 Exported Function
ImageList_GetImageInfo 60 Exported Function
ImageList_GetIcon 57 Exported Function
ImageList_GetIconSize 58 Exported Function
ImageList_GetImageCount 59 Exported Function
ImageList_Draw 49 Exported Function
ImageList_AddIcon 39 Exported Function
ImageList_AddMasked 40 Exported Function
ImageList_BeginDrag 41 Exported Function
ImageList_Add 38 Exported Function
FreeMRUList 152 Exported Function
GetEffectiveClientRect 4 Exported Function
GetMUILanguage 37 Exported Function
ImageList_DragLeave 46 Exported Function
ImageList_DragMove 47 Exported Function
ImageList_DragShowNolock 48 Exported Function
ImageList_DragEnter 45 Exported Function
ImageList_Copy 42 Exported Function
ImageList_Create 43 Exported Function
ImageList_Destroy 44 Exported Function
ImageList_LoadImageW 64 Exported Function
MenuHelp 2 Exported Function
PropertySheet 85 Exported Function
PropertySheetA 86 Exported Function
MakeDragList 13 Exported Function
InitializeFlatSB 84 Exported Function
InitMUILanguage 83 Exported Function
LBItemFromPt 14 Exported Function
ShowHideMenuCtl 3 Exported Function
Str_SetPtrW 236 Exported Function
UninitializeFlatSB 89 Exported Function
SetWindowSubclass 410 Exported Function
PropertySheetW 87 Exported Function
RegisterClassNameW 88 Exported Function
RemoveWindowSubclass 412 Exported Function
InitCommonControlsEx 82 Exported Function
ImageList_ReplaceIcon 69 Exported Function
ImageList_SetBkColor 70 Exported Function
ImageList_SetDragCursorImage 75 Exported Function
ImageList_Replace 68 Exported Function
ImageList_Merge 65 Exported Function
ImageList_Read 66 Exported Function
ImageList_Remove 67 Exported Function
ImageList_SetOverlayImage 80 Exported Function
ImageList_Write 81 Exported Function
InitCommonControls 17 Exported Function
ImageList_SetImageCount 79 Exported Function
ImageList_SetFilter 76 Exported Function
ImageList_SetFlags 77 Exported Function
ImageList_SetIconSize 78 Exported Function
DPA_DeleteAllPtrs 337 Exported Function
DPA_DeletePtr 336 Exported Function
DPA_Destroy 329 Exported Function
DPA_CreateEx 340 Exported Function
DllGetVersion 24 Exported Function
DPA_Clone 331 Exported Function
DPA_Create 328 Exported Function
DPA_Grow 330 Exported Function
DPA_InsertPtr 334 Exported Function
DPA_LoadStream 9 Exported Function
DPA_GetPtrIndex 333 Exported Function
DPA_DestroyCallback 386 Exported Function
DPA_EnumCallback 385 Exported Function
DPA_GetPtr 332 Exported Function
DestroyPropertySheetPage 23 Exported Function
CreatePropertySheetPage 12 Exported Function
CreatePropertySheetPageA 18 Exported Function
CreatePropertySheetPageW 19 Exported Function
CreateMRUListW 400 Exported Function
_TrackMouseEvent 90 Exported Function
AddMRUStringW 401 Exported Function
CreateMappedBitmap 8 Exported Function
CreateToolbarEx 22 Exported Function
CreateUpDownControl 16 Exported Function
DefSubclassProc 413 Exported Function
CreateToolbar 7 Exported Function
CreateStatusWindow 20 Exported Function
CreateStatusWindowA 6 Exported Function
CreateStatusWindowW 21 Exported Function
DPA_Merge 11 Exported Function
FlatSB_EnableScrollBar 27 Exported Function
FlatSB_GetScrollInfo 28 Exported Function
FlatSB_GetScrollPos 29 Exported Function
EnumMRUListW 403 Exported Function
DSA_GetItemPtr 323 Exported Function
DSA_InsertItem 324 Exported Function
DSA_SetItem 325 Exported Function
FlatSB_SetScrollProp 34 Exported Function
FlatSB_SetScrollRange 35 Exported Function
FlatSB_ShowScrollBar 36 Exported Function
FlatSB_SetScrollPos 33 Exported Function
FlatSB_GetScrollProp 30 Exported Function
FlatSB_GetScrollRange 31 Exported Function
FlatSB_SetScrollInfo 32 Exported Function
DSA_GetItem 322 Exported Function
DrawInsert 15 Exported Function
DrawStatusText 25 Exported Function
DrawStatusTextA 5 Exported Function
DPA_Sort 338 Exported Function
DPA_SaveStream 10 Exported Function
DPA_Search 339 Exported Function
DPA_SetPtr 335 Exported Function
DSA_Destroy 321 Exported Function
DSA_DestroyCallback 388 Exported Function
DSA_EnumCallback 387 Exported Function
DSA_DeleteItem 326 Exported Function
DrawStatusTextW 26 Exported Function
DSA_Create 320 Exported Function
DSA_DeleteAllItems 327 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: comctl32.DLL.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.10 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/07c489f6e617d94d9564997e00a9bc17ec13780e06778a3a5f228988b8070ef1/detection/

Possible Misuse

The following table contains possible examples of comctl32.dll being misused. While comctl32.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma file_event_win_uac_bypass_consent_comctl32.yml description: Detects the pattern of UAC Bypass using consent.exe and comctl32.dll (UACMe 22) DRL 1.0
sigma file_event_win_uac_bypass_consent_comctl32.yml TargetFilename\|endswith: '\comctl32.dll' DRL 1.0
sigma proc_creation_win_uac_bypass_consent_comctl32.yml description: Detects the pattern of UAC Bypass using consent.exe and comctl32.dll (UACMe 22) DRL 1.0
signature-base cn_pentestset_tools.yar $s2 = “Invalid owner=This control requires version 4.70 or greater of COMCTL32.DLL” fullword wide /* PEStudio Blacklist: strings */ CC BY-NC 4.0
signature-base exploit_uac_elevators.yar $s8 = “COMCTL32.dll” ascii CC BY-NC 4.0
signature-base gen_cn_hacktools.yar $s6 = “COMCTL32.DLL” fullword ascii CC BY-NC 4.0
signature-base thor-hacktools.yar $s3 = “COMCTL32.dll” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.