filemgmt.dll

  • File Path: C:\Windows\system32\filemgmt.dll
  • Description: Services and Shared Folders

Hashes

Type Hash
MD5 1B8DCFE374F8E9F4EDB6F2B6618BF9B1
SHA1 00E5F13BD38756BF5C97FED4EAB4241CA5905965
SHA256 3EBF91B7C564165D6EE4AE6DDD911BC325CF60C16794A33BD1F6A60435747F12
SHA384 109B4F78BA580C71992A4A534B752C41259B432204CBA276664D5BD29F6222770AEE63BAF26B589BF3D83D7721419CC4
SHA512 C9E858BBD15E3BA4631FF503AFD6227BD2223F415885DB0A8B37537CAB41CC6A7F0BB66BFE45C1E05D1717D213B58DE2C0F71CFF278E73EC487FBD8C99A015A4
SSDEEP 6144:YqqyrO32zas+U2VG6fffDKQbi5Ye5+EGxX7idvoT/VlTELh9a0xAuv:xf+CofbeIEGJ2dQT/VlTELh9aDu
IMP 89122C235F124C1D01AFC6DC2575D168
PESHA1 B19DEE1729C543A9563D905F93C56CFEEC77733B
PE256 49CD0887330631E248CA545C2174B6658E73886156F209428A9F9CB322BB4F3D

DLL Exports:

Function Name Ordinal Type
DllGetClassObject 8 Exported Function
DllRegisterServer 9 Exported Function
DllUnregisterServer 10 Exported Function
CacheSettingsDlg 5 Exported Function
CacheSettingsDlg2 6 Exported Function
DllCanUnloadNow 7 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: filemgmt.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/3ebf91b7c564165d6ee4ae6ddd911bc325cf60c16794a33bd1f6a60435747f12/detection/

Possible Misuse

The following table contains possible examples of filemgmt.dll being misused. While filemgmt.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .FileMgmt.dll``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.