shlwapi.dll

  • File Path: C:\Windows\SysWOW64\shlwapi.dll
  • Description: Shell Light-weight Utility Library

Hashes

Type Hash
MD5 BFAAC0D90CD4162EA5E2FF12E8D49C79
SHA1 7E96B218B2E7009D753825377C7A492989F437EA
SHA256 906BF43187EEF5F7C5D310951A64FEEC7B8B431D6781676EF1313CD1423C4771
SHA384 8BA6CF9601DCAAC26097F4B7FE4DEA2EBE11F42F2D613C6BDC0A83FE7690133B885BB94810A88E3DC42F868D67DD7276
SHA512 A81614ED9D99425E7A6798BD769CF636E349E9596DDBC4E138F3718E1FF0FBACB4FA706FA2EEB9B8031149DB018F99A876AAF465DC6DB023B96C1D91C5AFE848
SSDEEP 6144:N88NrMSVi8d9vEYs1OpuR7V8uadbc4VJr3ZCyB4k5e37SQJ0PVtI:y4rkg7qyj5oSQyVtI
IMP 69D5E7624245207078FE54B3CC3D1AC0
PESHA1 4CD6C625C5FD9B5102E081048AD6898890CC7891
PE256 D32D575120BC103B81A45D7B5D980747F1907A202EA59DD1F6E75B40D48FD395

DLL Exports:

Function Name Ordinal Type
SHRegSetPathW 816 Exported Function
SHRegSetUSValueA 817 Exported Function
SHRegSetPathA 815 Exported Function
SHRegQueryUSValueA 813 Exported Function
SHRegQueryUSValueW 814 Exported Function
SHRegSetUSValueW 818 Exported Function
SHRunIndirectRegClientCommand 467 Exported Function
SHSendMessageBroadcastA 432 Exported Function
SHReleaseThreadRef 822 Exported Function
SHRegWriteUSValueA 819 Exported Function
SHRegWriteUSValueW 820 Exported Function
SHRegQueryInfoUSKeyW 812 Exported Function
SHRegGetUSValueW 806 Exported Function
SHRegGetValueA 807 Exported Function
SHRegGetUSValueA 805 Exported Function
SHRegGetPathA 803 Exported Function
SHRegGetPathW 804 Exported Function
SHRegGetValueFromHKCUHKLM 629 Exported Function
SHRegOpenUSKeyW 810 Exported Function
SHRegQueryInfoUSKeyA 811 Exported Function
SHRegOpenUSKeyA 809 Exported Function
SHRegGetValueW 808 Exported Function
SHRegisterValidateTemplate 821 Exported Function
SHSendMessageBroadcastW 433 Exported Function
StrCatW 837 Exported Function
StrChrA 838 Exported Function
StrCatChainW 836 Exported Function
StrCatBuffA 834 Exported Function
StrCatBuffW 835 Exported Function
StrChrIA 839 Exported Function
StrChrW 843 Exported Function
StrCmpCA 155 Exported Function
StrChrNW 842 Exported Function
StrChrIW 840 Exported Function
StrChrNIW 841 Exported Function
SHUnlockShared 9 Exported Function
SHSkipJunction 826 Exported Function
SHStrDupA 827 Exported Function
SHSetValueW 825 Exported Function
SHSetThreadRef 823 Exported Function
SHSetValueA 824 Exported Function
SHStrDupW 828 Exported Function
SHUnicodeToAnsiCP 218 Exported Function
SHUnicodeToUnicode 346 Exported Function
SHUnicodeToAnsi 217 Exported Function
SHStripMneumonicA 203 Exported Function
SHStripMneumonicW 225 Exported Function
SHLoadIndirectString 487 Exported Function
SHLockShared 8 Exported Function
SHIsLowMemoryMachine 780 Exported Function
SHGetViewStatePropertyBag 515 Exported Function
SHIsChildOrSelf 204 Exported Function
SHMessageBoxCheckA 185 Exported Function
SHOpenRegStreamA 783 Exported Function
SHOpenRegStreamW 784 Exported Function
SHOpenRegStream2W 782 Exported Function
SHMessageBoxCheckW 191 Exported Function
SHOpenRegStream2A 781 Exported Function
SHGetValueW 779 Exported Function
SHEnumValueA 774 Exported Function
SHEnumValueW 775 Exported Function
SHEnumKeyExW 773 Exported Function
ShellMessageBoxW 388 Exported Function
SHEnumKeyExA 772 Exported Function
SHFormatDateTimeA 353 Exported Function
SHGetThreadRef 777 Exported Function
SHGetValueA 778 Exported Function
SHGetInverseCMAP 776 Exported Function
SHFormatDateTimeW 354 Exported Function
SHFreeShared 10 Exported Function
SHPackDispParamsV 281 Exported Function
SHRegEnumUSKeyA 797 Exported Function
SHRegEnumUSKeyW 798 Exported Function
SHRegDuplicateHKey 796 Exported Function
SHRegDeleteUSValueA 794 Exported Function
SHRegDeleteUSValueW 795 Exported Function
SHRegEnumUSValueA 799 Exported Function
SHRegGetBoolValueFromHKCUHKLM 630 Exported Function
SHRegGetIntW 280 Exported Function
SHRegGetBoolUSValueW 802 Exported Function
SHRegEnumUSValueW 800 Exported Function
SHRegGetBoolUSValueA 801 Exported Function
SHRegDeleteEmptyUSKeyW 793 Exported Function
SHQueryInfoKeyA 785 Exported Function
SHQueryInfoKeyW 786 Exported Function
SHPropertyBag_WriteBSTR 570 Exported Function
SHPinDllOfCLSID 236 Exported Function
SHPropertyBag_ReadStrAlloc 567 Exported Function
SHQueryValueExA 787 Exported Function
SHRegCreateUSKeyW 791 Exported Function
SHRegDeleteEmptyUSKeyA 792 Exported Function
SHRegCreateUSKeyA 790 Exported Function
SHQueryValueExW 788 Exported Function
SHRegCloseUSKey 789 Exported Function
StrCmpCW 156 Exported Function
UrlApplySchemeA 896 Exported Function
UrlApplySchemeW 897 Exported Function
StrTrimW 895 Exported Function
StrToIntW 893 Exported Function
StrTrimA 894 Exported Function
UrlCanonicalizeA 898 Exported Function
UrlCompareA 902 Exported Function
UrlCompareW 903 Exported Function
UrlCombineW 901 Exported Function
UrlCanonicalizeW 899 Exported Function
UrlCombineA 900 Exported Function
StrToIntExW 892 Exported Function
StrStrIW 884 Exported Function
StrStrNIW 885 Exported Function
StrStrIA 883 Exported Function
StrSpnW 881 Exported Function
StrStrA 882 Exported Function
StrStrNW 886 Exported Function
StrToIntA 890 Exported Function
StrToIntExA 891 Exported Function
StrToInt64ExW 889 Exported Function
StrStrW 887 Exported Function
StrToInt64ExA 888 Exported Function
UrlCreateFromPathA 904 Exported Function
UrlIsW 919 Exported Function
UrlUnescapeA 920 Exported Function
UrlIsOpaqueW 918 Exported Function
UrlIsNoHistoryW 916 Exported Function
UrlIsOpaqueA 917 Exported Function
UrlUnescapeW 921 Exported Function
wvnsprintfA 924 Exported Function
wvnsprintfW 925 Exported Function
wnsprintfW 923 Exported Function
WhichPlatform 276 Exported Function
wnsprintfA 922 Exported Function
UrlIsNoHistoryA 915 Exported Function
UrlFixupW 462 Exported Function
UrlGetLocationA 908 Exported Function
UrlEscapeW 907 Exported Function
UrlCreateFromPathW 905 Exported Function
UrlEscapeA 906 Exported Function
UrlGetLocationW 909 Exported Function
UrlHashW 913 Exported Function
UrlIsA 914 Exported Function
UrlHashA 912 Exported Function
UrlGetPartA 910 Exported Function
UrlGetPartW 911 Exported Function
StrCSpnA 830 Exported Function
StrCSpnIA 831 Exported Function
StrCpyW 852 Exported Function
StrCmpW 850 Exported Function
StrCpyNW 851 Exported Function
StrCSpnIW 832 Exported Function
StrFormatByteSize64A 855 Exported Function
StrFormatByteSizeA 856 Exported Function
StrDupW 854 Exported Function
StrCSpnW 833 Exported Function
StrDupA 853 Exported Function
StrCmpNW 849 Exported Function
StrCmpLogicalW 845 Exported Function
StrCmpNA 846 Exported Function
StrCmpIW 844 Exported Function
StrCmpICA 157 Exported Function
StrCmpICW 158 Exported Function
StrCmpNCA 151 Exported Function
StrCmpNICW 154 Exported Function
StrCmpNIW 848 Exported Function
StrCmpNICA 153 Exported Function
StrCmpNCW 152 Exported Function
StrCmpNIA 847 Exported Function
StrFormatByteSizeEx 857 Exported Function
StrRetToBSTR 875 Exported Function
StrRetToBufA 876 Exported Function
StrRChrW 872 Exported Function
StrRChrIA 870 Exported Function
StrRChrIW 871 Exported Function
StrRetToBufW 877 Exported Function
StrRStrIW 874 Exported Function
StrSpnA 880 Exported Function
StrRStrIA 873 Exported Function
StrRetToStrA 878 Exported Function
StrRetToStrW 879 Exported Function
StrRChrA 869 Exported Function
StrFromTimeIntervalA 861 Exported Function
StrFromTimeIntervalW 862 Exported Function
StrFormatKBSizeW 860 Exported Function
StrFormatByteSizeW 858 Exported Function
StrFormatKBSizeA 859 Exported Function
StrIsIntlEqualA 863 Exported Function
StrPBrkA 867 Exported Function
StrPBrkW 868 Exported Function
StrNCatW 866 Exported Function
StrIsIntlEqualW 864 Exported Function
StrNCatA 865 Exported Function
ShellMessageBoxA 829 Exported Function
PathCommonPrefixA 654 Exported Function
PathCommonPrefixW 655 Exported Function
PathCombineW 653 Exported Function
PathCanonicalizeW 651 Exported Function
PathCombineA 652 Exported Function
PathCompactPathA 656 Exported Function
PathCreateFromUrlA 660 Exported Function
PathCreateFromUrlAlloc 661 Exported Function
PathCompactPathW 659 Exported Function
PathCompactPathExA 657 Exported Function
PathCompactPathExW 658 Exported Function
PathCanonicalizeA 650 Exported Function
PathAddBackslashA 610 Exported Function
PathAddBackslashW 612 Exported Function
ParseURLW 2 Exported Function
MLLoadLibraryW 378 Exported Function
ParseURLA 1 Exported Function
PathAddExtensionA 620 Exported Function
PathBuildRootA 625 Exported Function
PathBuildRootW 649 Exported Function
PathAppendW 624 Exported Function
PathAddExtensionW 622 Exported Function
PathAppendA 623 Exported Function
PathCreateFromUrlW 662 Exported Function
PathGetCharTypeA 677 Exported Function
PathGetCharTypeW 678 Exported Function
PathGetArgsW 676 Exported Function
PathFindSuffixArrayW 674 Exported Function
PathGetArgsA 675 Exported Function
PathGetDriveNumberA 679 Exported Function
PathIsDirectoryA 683 Exported Function
PathIsDirectoryEmptyA 684 Exported Function
PathIsContentTypeW 682 Exported Function
PathGetDriveNumberW 680 Exported Function
PathIsContentTypeA 681 Exported Function
PathFindSuffixArrayA 673 Exported Function
PathFindExtensionA 665 Exported Function
PathFindExtensionW 666 Exported Function
PathFileExistsW 664 Exported Function
PathFileExistsA 663 Exported Function
PathFileExistsAndAttributesW 446 Exported Function
PathFindFileNameA 667 Exported Function
PathFindOnPathA 671 Exported Function
PathFindOnPathW 672 Exported Function
PathFindNextComponentW 670 Exported Function
PathFindFileNameW 668 Exported Function
PathFindNextComponentA 669 Exported Function
DelayLoadFailureHook 569 Exported Function
DllGetClassObject 592 Exported Function
ConnectToConnectionPoint 168 Exported Function
ColorHLSToRGB 590 Exported Function
ColorRGBToHLS 591 Exported Function
DllGetVersion 593 Exported Function
GUIDFromStringW 270 Exported Function
HashData 595 Exported Function
GetMenuPosFromID 594 Exported Function
GetAcceptLanguagesA 14 Exported Function
GetAcceptLanguagesW 15 Exported Function
ColorAdjustLuma 589 Exported Function
AssocQueryKeyA 503 Exported Function
AssocQueryKeyW 504 Exported Function
AssocIsDangerous 502 Exported Function
AssocCreate 500 Exported Function
AssocGetPerceivedType 501 Exported Function
AssocQueryStringA 579 Exported Function
ChrCmpIA 587 Exported Function
ChrCmpIW 588 Exported Function
AssocQueryStringW 586 Exported Function
AssocQueryStringByKeyA 584 Exported Function
AssocQueryStringByKeyW 585 Exported Function
IntlStrEqWorkerA 607 Exported Function
IUnknown_Exec 164 Exported Function
IUnknown_GetSite 256 Exported Function
IUnknown_AtomicRelease 169 Exported Function
IStream_WritePidl 513 Exported Function
IStream_WriteStr 597 Exported Function
IUnknown_GetWindow 172 Exported Function
IUnknown_SetSite 174 Exported Function
MLLoadLibraryA 377 Exported Function
IUnknown_Set 199 Exported Function
IUnknown_QueryService 176 Exported Function
IUnknown_QueryStatus 163 Exported Function
IStream_Write 212 Exported Function
IsInternetESCEnabled 553 Exported Function
IsOS 437 Exported Function
IsCharSpaceW 29 Exported Function
IntlStrEqWorkerW 608 Exported Function
IsCharSpaceA 609 Exported Function
IStream_Copy 568 Exported Function
IStream_Reset 213 Exported Function
IStream_Size 214 Exported Function
IStream_ReadStr 596 Exported Function
IStream_Read 184 Exported Function
IStream_ReadPidl 512 Exported Function
PathIsDirectoryEmptyW 685 Exported Function
PathUndecorateW 750 Exported Function
PathUnExpandEnvStringsA 747 Exported Function
PathUndecorateA 749 Exported Function
PathStripToRootA 745 Exported Function
PathStripToRootW 746 Exported Function
PathUnExpandEnvStringsW 748 Exported Function
PathUnquoteSpacesW 754 Exported Function
QISearch 219 Exported Function
PathUnquoteSpacesA 753 Exported Function
PathUnmakeSystemFolderA 751 Exported Function
PathUnmakeSystemFolderW 752 Exported Function
PathStripPathW 744 Exported Function
PathRenameExtensionW 736 Exported Function
PathSearchAndQualifyA 737 Exported Function
PathRenameExtensionA 735 Exported Function
PathRemoveFileSpecA 733 Exported Function
PathRemoveFileSpecW 734 Exported Function
PathSearchAndQualifyW 738 Exported Function
PathSkipRootW 742 Exported Function
PathStripPathA 743 Exported Function
PathSkipRootA 741 Exported Function
PathSetDlgItemPathA 739 Exported Function
PathSetDlgItemPathW 740 Exported Function
SHAllocShared 7 Exported Function
SHDeleteEmptyKeyA 764 Exported Function
SHDeleteEmptyKeyW 765 Exported Function
SHCreateWorkerWindowW 278 Exported Function
SHCreateThreadRef 763 Exported Function
SHCreateThreadWithHandle 615 Exported Function
SHDeleteKeyA 766 Exported Function
SHDeleteValueA 770 Exported Function
SHDeleteValueW 771 Exported Function
SHDeleteOrphanKeyW 769 Exported Function
SHDeleteKeyW 767 Exported Function
SHDeleteOrphanKeyA 768 Exported Function
SHCreateThread 16 Exported Function
SHCopyKeyA 756 Exported Function
SHCopyKeyW 757 Exported Function
SHAutoComplete 755 Exported Function
SHAnsiToAnsi 345 Exported Function
SHAnsiToUnicode 215 Exported Function
SHCreateMemStream 12 Exported Function
SHCreateStreamOnFileW 761 Exported Function
SHCreateStreamWrapper 762 Exported Function
SHCreateStreamOnFileEx 760 Exported Function
SHCreateShellPalette 758 Exported Function
SHCreateStreamOnFileA 759 Exported Function
PathIsSystemFolderA 701 Exported Function
PathIsSystemFolderW 702 Exported Function
PathIsSameRootW 700 Exported Function
PathIsRootW 698 Exported Function
PathIsSameRootA 699 Exported Function
PathIsUNCA 703 Exported Function
PathIsUNCServerW 707 Exported Function
PathIsUNCW 708 Exported Function
PathIsUNCServerShareW 706 Exported Function
PathIsUNCServerA 704 Exported Function
PathIsUNCServerShareA 705 Exported Function
PathIsRootA 697 Exported Function
PathIsLFNFileSpecA 689 Exported Function
PathIsLFNFileSpecW 690 Exported Function
PathIsFileSpecW 688 Exported Function
PathIsDirectoryW 686 Exported Function
PathIsFileSpecA 687 Exported Function
PathIsNetworkPathA 691 Exported Function
PathIsRelativeA 695 Exported Function
PathIsRelativeW 696 Exported Function
PathIsPrefixW 694 Exported Function
PathIsNetworkPathW 692 Exported Function
PathIsPrefixA 693 Exported Function
PathIsURLA 709 Exported Function
PathRemoveArgsA 725 Exported Function
PathRemoveArgsW 726 Exported Function
PathRelativePathToW 724 Exported Function
PathQuoteSpacesW 722 Exported Function
PathRelativePathToA 723 Exported Function
PathRemoveBackslashA 727 Exported Function
PathRemoveExtensionA 731 Exported Function
PathRemoveExtensionW 732 Exported Function
PathRemoveBlanksW 730 Exported Function
PathRemoveBackslashW 728 Exported Function
PathRemoveBlanksA 729 Exported Function
PathQuoteSpacesA 721 Exported Function
PathMakeSystemFolderA 713 Exported Function
PathMakeSystemFolderW 714 Exported Function
PathMakePrettyW 712 Exported Function
PathIsURLW 710 Exported Function
PathMakePrettyA 711 Exported Function
PathMatchSpecA 715 Exported Function
PathParseIconLocationA 719 Exported Function
PathParseIconLocationW 720 Exported Function
PathMatchSpecW 718 Exported Function
PathMatchSpecExA 716 Exported Function
PathMatchSpecExW 717 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SHLWAPI.DLL
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/66
  • VirusTotal Link: https://www.virustotal.com/gui/file/906bf43187eef5f7c5d310951a64feec7b8b431d6781676ef1313cd1423c4771/detection/

Possible Misuse

The following table contains possible examples of shlwapi.dll being misused. While shlwapi.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base crime_icedid.yar $string3 = “SHLWAPI.dll” fullword CC BY-NC 4.0
signature-base crime_ransom_darkside.yar $knownDLLs2 = “SHLWAPI.dll” fullword CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.