home

SHELL32.DLL

Windows Shell Common Dll

Microsoft Corporation

.The Windows Shell is the graphical user interface for the desktop and includes components such as the taskbar and the Start menu as well as features such as autoplay and the ability to launch applications. It is registered as a context menu handler (displays a menu when right-clicked in Explorer) named “Open With”. The file has been seen being downloaded from originaldll.com.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows Shell Common Dll

 
Part of the Windows XP Operating System

Version:
6.00.2900.5512 (xpsp.080413-2105)

MD5:
0cf50b1f45dab08430c1dbb79fe2ca5b

SHA-1:
0fb2e1e402451807479f12be4a2936a7f20f0549

SHA-256:
7c201e812138e2b9cbc2aa94e41d5573775d893b8104833a997acc79486d9a3a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/18/2024 10:48:19 AM UTC  (today)

File size:
8.1 MB (8,461,312 bytes)

Product version:
6.00.2900.5512

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
SHELL32.DLL

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Windows\System32\shell32.dll

Registration
CLSIDs:
{00021400-0000-0000-C000-000000000046}, {00021401-0000-0000-C000-000000000046}, {0010890e-8789-413c-adbc-48f5b511b3af}, {00eebf57-477d-4084-9921-7ab3c2c9459d}, {01E2E7C0-2343-407f-B947-7E132E791D3E}, {021003e9-aac0-4975-979f-14b5d4e717f8}

ProgIDs:
lnkfile, Shell.Application.1, MigrationWizard.OOBE.1, {8D8763AB-E93B-4812-964E-F04E0008FD50}, Shell.FolderView.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
4/14/2008 3:10:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
98304:hxQlWGslxx727k3y/ZEAwIBC0Q8sBvIKmkGDGUlVqEF4dHl8At98rpRIQyNL9rjq:j6slH727e8ZEwUcsBgBfbqNLGBfG52Z

Entry address:
0x274D6

Entry point:
8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 85, F6, 57, 8B, 7D, 10, 0F, 84, 8C, 24, 04, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 1D, A1, 50, F5, BC, 7C, 85, C0, 0F, 85, E0, 30, 07, 00, 57, 56, 53, E8, 34, 00, 00, 00, 85, C0, 0F, 84, DD, 30, 07, 00, 57, 56, 53, E8, 7A, FF, FF, FF, 83, FE, 01, 89, 45, 0C, 0F, 84, A5, F3, 03, 00, 85, F6, 74, 71, 83, FE, 03, 74, 6C, 8B, 45, 0C, 5F, 5E, 5B, 5D, C2, 0C, 00, 90, 90, 90, 90, 90, 8B, FF, 55, 8B, EC, 56, 33, F6, 39, 75, 0C, 0F, 84, 38, 28, 04, 00, 83, 7D, 0C...
 
[+]

Code size:
2 MB (2,087,424 bytes)

5 Context Menu Handlers
Display name:
Open With

CLSID:
{09799AFB-AD67-11d1-ABCD-00C04FC30936}

CLSID name:
Open With Context Menu Handler

Display name:
Open With EncryptionMenu

CLSID:
{A470F8CF-A1E8-4f65-8335-227475AA5C46}

CLSID name:
Encryption Context Menu

Display name:
{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}

CLSID:
{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}

CLSID name:
Start Menu Pin

Display name:
New

CLSID:
{D969A300-E7FF-11d0-A93B-00A0C90F2719}

CLSID name:
Microsoft New Object Service

Display name:
Empty Recycle Bin

CLSID:
{645FF040-5081-101B-9F08-00AA002F954E}

CLSID name:
Recycle Bin


Copy Hook Handler
Name:
FileSystem


Internet Explorer Bar
Display name:
HKEY_CURRENT_USER

CLSID:
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}

CLSID name:
File Search Explorer Band

Registry hive:
HKEY_CURRENT_USER

Registry path:
SOFTWARE\Microsoft\Internet Explorer\Explorer Bars


Internet Explorer Web Browser
Name:
{0E5CBF21-D15F-11D0-8301-00AA005B4383}


PROTOCOLS Filter
Type of filter:
text/webviewhtml

CLSID:
{733AC4CB-F1A4-11d0-B951-00A0C90312E1}

CLSID name:
WebView MIME Filter


2 Safe for Initializing Controls
CLSID:
{1820FED0-473E-11D0-A96C-00C04FD705A2}

CLSID name:
WebView Folder View

CLSID:
{72267F6A-A6F9-11D0-BC94-00C04FB67863}

CLSID name:
Active Desktop Mover


2 Safe for Scripting Controls
Name:
{1820FED0-473E-11D0-A96C-00C04FD705A2}

Name:
{72267F6A-A6F9-11D0-BC94-00C04FB67863}


Shell Execute Hook
Name:
{AEB6717E-7E19-11d0-97EE-00C04FD91972}


2 Shell Open Commands
Open type:
msstylesfile

Command:
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,control_rundll C:\Windows\System32\desk.cpl desk,@appearance \actioC:openmstheme \filC:"%1"

Open type:
themefile

Command:
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,control_rundll C:\Windows\System32\desk.cpl desk,@themes \actioC:opentheme \filC:"%1"


2 Shell Service Object Delay Loads
Name:
PostBootReminder

Name:
CDBurn


The file SHELL32.DLL has been seen being distributed by the following URL.

http://originaldll.com/.../2035.dll

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.