shsvcs.dll
Description: Windows Shell Services Dll
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.5794
Architecture: 64-bit
Operating System: Windows NT
SHA256: 732b9ec71fa3d4220bb4947f0cad3d89
File Size: 277.0 KB
Uploaded At: Dec. 1, 2025, 7:39 a.m.
Views: 3
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: WriteProcessMemory, OpenProcess, VirtualAllocEx
Exported Functions
- (Ordinal: 1, Address: 0x3f41d)
- (Ordinal: 2, Address: 0x3f40f)
- (Ordinal: 3, Address: 0x3f3d7)
- (Ordinal: 4, Address: 0x3f3e5)
- (Ordinal: 5, Address: 0x3f3f3)
- (Ordinal: 6, Address: 0x3f401)
- (Ordinal: 7, Address: 0x3f42b)
- (Ordinal: 8, Address: 0x3f47f)
- (Ordinal: 9, Address: 0x3f463)
- (Ordinal: 10, Address: 0x3f455)
- (Ordinal: 11, Address: 0x3f471)
- (Ordinal: 12, Address: 0x3f447)
- (Ordinal: 13, Address: 0x3f439)
- (Ordinal: 14, Address: 0x3f48d)
- HardwareDetectionServiceMain (Ordinal: 15, Address: 0x10d60)
- CreateHardwareEventMoniker (Ordinal: 16, Address: 0x1290)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x180037c50)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x180037c60)
- IsDebuggerPresent (Address: 0x180037c70)
- OutputDebugStringW (Address: 0x180037c68)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x180037c80)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x180037c90)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x180037ca8)
- RaiseException (Address: 0x180037cb0)
- SetLastError (Address: 0x180037ca0)
- SetUnhandledExceptionFilter (Address: 0x180037cb8)
- UnhandledExceptionFilter (Address: 0x180037cc0)
api-ms-win-core-file-l1-1-0.dll
- CreateFileW (Address: 0x180037ce0)
- FindClose (Address: 0x180037cd0)
- FindFirstFileW (Address: 0x180037cd8)
- GetFileAttributesW (Address: 0x180037cf8)
- GetVolumeInformationW (Address: 0x180037d00)
- GetVolumePathNameW (Address: 0x180037cf0)
- ReadFile (Address: 0x180037ce8)
api-ms-win-core-file-l1-2-0.dll
- GetVolumeNameForVolumeMountPointW (Address: 0x180037d10)
- GetVolumePathNamesForVolumeNameW (Address: 0x180037d18)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x180037d30)
- DuplicateHandle (Address: 0x180037d28)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x180037d58)
- HeapAlloc (Address: 0x180037d48)
- HeapFree (Address: 0x180037d50)
- HeapReAlloc (Address: 0x180037d40)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x180037d68)
- LocalFree (Address: 0x180037d70)
api-ms-win-core-io-l1-1-0.dll
- DeviceIoControl (Address: 0x180037d80)
- GetOverlappedResult (Address: 0x180037d88)
api-ms-win-core-io-l1-1-1.dll
- CancelIo (Address: 0x180037d98)
api-ms-win-core-libraryloader-l1-2-0.dll
- DisableThreadLibraryCalls (Address: 0x180037dc0)
- FreeLibrary (Address: 0x180037dd0)
- GetModuleFileNameA (Address: 0x180037da8)
- GetModuleHandleExW (Address: 0x180037db8)
- GetModuleHandleW (Address: 0x180037dd8)
- GetProcAddress (Address: 0x180037dc8)
- LoadLibraryExW (Address: 0x180037db0)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x180037de8)
api-ms-win-core-memory-l1-1-0.dll
- VirtualAlloc (Address: 0x180037e10)
- VirtualAllocEx (Address: 0x180037df8)
- VirtualFree (Address: 0x180037e00)
- VirtualFreeEx (Address: 0x180037e18)
- WriteProcessMemory (Address: 0x180037e08)
api-ms-win-core-path-l1-1-0.dll
- PathCchAddBackslash (Address: 0x180037e28)
api-ms-win-core-privateprofile-l1-1-0.dll
- GetPrivateProfileStringW (Address: 0x180037e38)
- WritePrivateProfileStringW (Address: 0x180037e40)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x180037e50)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateThread (Address: 0x180037e70)
- GetCurrentProcess (Address: 0x180037ea0)
- GetCurrentProcessId (Address: 0x180037e88)
- GetCurrentThread (Address: 0x180037e98)
- GetCurrentThreadId (Address: 0x180037e80)
- OpenProcessToken (Address: 0x180037eb0)
- OpenThreadToken (Address: 0x180037e90)
- ProcessIdToSessionId (Address: 0x180037e60)
- QueueUserAPC (Address: 0x180037e68)
- SetThreadToken (Address: 0x180037e78)
- TerminateProcess (Address: 0x180037ea8)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x180037ec0)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x180037ed0)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x180037f08)
- RegCreateKeyExW (Address: 0x180037f00)
- RegEnumValueW (Address: 0x180037f10)
- RegGetValueW (Address: 0x180037ef0)
- RegOpenKeyExW (Address: 0x180037ef8)
- RegQueryValueExW (Address: 0x180037ee0)
- RegSetValueExW (Address: 0x180037ee8)
api-ms-win-core-rtlsupport-l1-1-0.dll
- RtlCaptureContext (Address: 0x180037f28)
- RtlLookupFunctionEntry (Address: 0x180037f20)
- RtlVirtualUnwind (Address: 0x180037f30)
api-ms-win-core-string-l1-1-0.dll
- CompareStringOrdinal (Address: 0x180037f48)
- CompareStringW (Address: 0x180037f50)
- MultiByteToWideChar (Address: 0x180037f40)
api-ms-win-core-string-obsolete-l1-1-0.dll
- lstrcmpiW (Address: 0x180037f60)
- lstrcmpW (Address: 0x180037f68)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x180037fa8)
- AcquireSRWLockShared (Address: 0x180037ff0)
- CreateEventW (Address: 0x180038010)
- CreateMutexExW (Address: 0x180037fd0)
- CreateSemaphoreExW (Address: 0x180037fc0)
- CreateWaitableTimerExW (Address: 0x180037f80)
- DeleteCriticalSection (Address: 0x180037f88)
- EnterCriticalSection (Address: 0x180038028)
- InitializeCriticalSection (Address: 0x180038018)
- InitializeCriticalSectionEx (Address: 0x180037f90)
- LeaveCriticalSection (Address: 0x180037fd8)
- OpenEventW (Address: 0x180038020)
- OpenSemaphoreW (Address: 0x180037f98)
- ReleaseMutex (Address: 0x180038008)
- ReleaseSemaphore (Address: 0x180038000)
- ReleaseSRWLockExclusive (Address: 0x180037fc8)
- ReleaseSRWLockShared (Address: 0x180037ff8)
- ResetEvent (Address: 0x180037fa0)
- SetEvent (Address: 0x180037fe8)
- SetWaitableTimer (Address: 0x180037f78)
- WaitForMultipleObjectsEx (Address: 0x180037fb0)
- WaitForSingleObject (Address: 0x180037fe0)
- WaitForSingleObjectEx (Address: 0x180037fb8)
api-ms-win-core-synch-l1-2-0.dll
- Sleep (Address: 0x180038038)
- SleepConditionVariableSRW (Address: 0x180038048)
- WakeAllConditionVariable (Address: 0x180038040)
api-ms-win-core-synch-l1-2-1.dll
- WaitForMultipleObjects (Address: 0x180038058)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetLocalTime (Address: 0x180038068)
- GetSystemDirectoryW (Address: 0x180038080)
- GetSystemTimeAsFileTime (Address: 0x180038078)
- GetTickCount (Address: 0x180038070)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x1800380b0)
- CreateThreadpoolTimer (Address: 0x180038090)
- SetThreadpoolTimer (Address: 0x1800380a8)
- TrySubmitThreadpoolCallback (Address: 0x180038098)
- WaitForThreadpoolTimerCallbacks (Address: 0x1800380a0)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- QueueUserWorkItem (Address: 0x1800380c0)
api-ms-win-core-timezone-l1-1-0.dll
- SystemTimeToFileTime (Address: 0x1800380d0)
api-ms-win-devices-config-l1-1-1.dll
- CM_Get_Device_IDW (Address: 0x1800380f8)
- CM_Get_Parent (Address: 0x1800380e8)
- CM_Register_Notification (Address: 0x1800380e0)
- CM_Unregister_Notification (Address: 0x1800380f0)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- TraceMessage (Address: 0x180038108)
api-ms-win-security-base-l1-1-0.dll
- AdjustTokenPrivileges (Address: 0x180038128)
- DuplicateTokenEx (Address: 0x180038120)
- ImpersonateLoggedOnUser (Address: 0x180038118)
- RevertToSelf (Address: 0x180038130)
api-ms-win-service-core-l1-1-0.dll
- RegisterServiceCtrlHandlerExW (Address: 0x180038140)
- SetServiceStatus (Address: 0x180038148)
api-ms-win-service-core-l1-1-1.dll
- EnumDependentServicesW (Address: 0x180038158)
api-ms-win-service-management-l1-1-0.dll
- CloseServiceHandle (Address: 0x180038178)
- OpenSCManagerW (Address: 0x180038170)
- OpenServiceW (Address: 0x180038168)
api-ms-win-service-private-l1-1-0.dll
- I_ScRegisterDeviceNotification (Address: 0x180038190)
- I_ScUnregisterDeviceNotification (Address: 0x180038188)
api-ms-win-service-winsvc-l1-1-0.dll
- ControlService (Address: 0x1800381a8)
- QueryServiceStatus (Address: 0x1800381a0)
api-ms-win-stateseparation-helpers-l1-1-0.dll
- GetPersistedRegistryLocationW (Address: 0x1800381b8)
msvcrt.dll
- __C_specific_handler (Address: 0x180038248)
- __dllonexit (Address: 0x180038220)
- _amsg_exit (Address: 0x180038268)
- _callnewh (Address: 0x180038238)
- _initterm (Address: 0x180038250)
- _lock (Address: 0x180038240)
- _onexit (Address: 0x180038218)
- _purecall (Address: 0x180038208)
- _unlock (Address: 0x180038228)
- _vsnwprintf (Address: 0x180038200)
- _wcsicmp (Address: 0x1800381c8)
- _wcsnicmp (Address: 0x1800381d8)
- _XcptFilter (Address: 0x180038270)
- free (Address: 0x180038260)
- malloc (Address: 0x180038258)
- memcmp (Address: 0x1800381f8)
- memcpy (Address: 0x180038230)
- memcpy_s (Address: 0x1800381d0)
- memmove (Address: 0x180038210)
- memmove_s (Address: 0x1800381e0)
- memset (Address: 0x180038278)
- wcscat_s (Address: 0x1800381f0)
- wcscpy_s (Address: 0x1800381e8)
ntdll.dll
- EtwEventRegister (Address: 0x180038318)
- EtwEventUnregister (Address: 0x180038310)
- EtwEventWriteTransfer (Address: 0x1800382e0)
- EtwGetTraceEnableFlags (Address: 0x1800382f8)
- EtwGetTraceEnableLevel (Address: 0x180038300)
- EtwGetTraceLoggerHandle (Address: 0x180038308)
- EtwRegisterTraceGuidsW (Address: 0x1800382f0)
- EtwTraceMessage (Address: 0x180038298)
- EtwUnregisterTraceGuids (Address: 0x1800382e8)
- NtClose (Address: 0x1800382a8)
- NtFilterToken (Address: 0x1800382b0)
- NtOpenProcessToken (Address: 0x1800382b8)
- NtQueryVolumeInformationFile (Address: 0x180038290)
- RtlAllocateAndInitializeSid (Address: 0x1800382c0)
- RtlCompareMemory (Address: 0x180038288)
- RtlFreeSid (Address: 0x1800382a0)
- RtlGetActiveConsoleId (Address: 0x1800382c8)
- RtlNtStatusToDosError (Address: 0x1800382d0)
- RtlPublishWnfStateData (Address: 0x1800382d8)
RPCRT4.dll
- I_RpcBindingInqLocalClientPID (Address: 0x180037c40)