themeservice.dll

Description: Windows Shell Theme Service Dll

Authors: © Microsoft Corporation. All rights reserved.

Version: 10.0.19041.6093

Architecture: 64-bit

Operating System: Windows NT

SHA256: 923ba2cdcd6c31808a9d7661ee4a8a62

File Size: 91.5 KB

Uploaded At: Dec. 1, 2025, 7:40 a.m.

Views: 3

Security Warning

This file has been flagged as potentially dangerous.

Reason: Detected potentially dangerous functions used for process injection: OpenProcess

Exported Functions

  • ThemeServiceMain (Ordinal: 1, Address: 0xf220)

Imported DLLs & Functions

api-ms-win-core-apiquery-l1-1-0.dll
  • ApiSetQueryApiSetPresence (Address: 0x1800122e8)
api-ms-win-core-debug-l1-1-0.dll
  • DebugBreak (Address: 0x1800122f8)
  • IsDebuggerPresent (Address: 0x180012308)
  • OutputDebugStringW (Address: 0x180012300)
api-ms-win-core-delayload-l1-1-0.dll
  • DelayLoadFailureHook (Address: 0x180012318)
api-ms-win-core-delayload-l1-1-1.dll
  • ResolveDelayLoadedAPI (Address: 0x180012328)
api-ms-win-core-errorhandling-l1-1-0.dll
  • GetLastError (Address: 0x180012348)
  • SetLastError (Address: 0x180012338)
  • SetUnhandledExceptionFilter (Address: 0x180012350)
  • UnhandledExceptionFilter (Address: 0x180012340)
api-ms-win-core-handle-l1-1-0.dll
  • CloseHandle (Address: 0x180012360)
  • DuplicateHandle (Address: 0x180012368)
api-ms-win-core-heap-l1-1-0.dll
  • GetProcessHeap (Address: 0x180012378)
  • HeapAlloc (Address: 0x180012388)
  • HeapFree (Address: 0x180012390)
  • HeapReAlloc (Address: 0x180012380)
api-ms-win-core-heap-l2-1-0.dll
  • LocalAlloc (Address: 0x1800123a0)
  • LocalFree (Address: 0x1800123a8)
api-ms-win-core-libraryloader-l1-2-0.dll
  • DisableThreadLibraryCalls (Address: 0x1800123d8)
  • GetModuleFileNameA (Address: 0x1800123d0)
  • GetModuleHandleExW (Address: 0x1800123b8)
  • GetModuleHandleW (Address: 0x1800123c8)
  • GetProcAddress (Address: 0x1800123c0)
api-ms-win-core-localization-l1-2-0.dll
  • FormatMessageW (Address: 0x1800123e8)
api-ms-win-core-memory-l1-1-0.dll
  • CreateFileMappingW (Address: 0x1800123f8)
  • MapViewOfFile (Address: 0x180012400)
  • ReadProcessMemory (Address: 0x180012410)
  • UnmapViewOfFile (Address: 0x180012408)
api-ms-win-core-processthreads-l1-1-0.dll
  • CreateProcessAsUserW (Address: 0x180012450)
  • GetCurrentProcess (Address: 0x180012428)
  • GetCurrentProcessId (Address: 0x180012430)
  • GetCurrentThreadId (Address: 0x180012438)
  • GetExitCodeThread (Address: 0x180012440)
  • OpenProcessToken (Address: 0x180012448)
  • TerminateProcess (Address: 0x180012420)
api-ms-win-core-processthreads-l1-1-1.dll
  • OpenProcess (Address: 0x180012460)
api-ms-win-core-profile-l1-1-0.dll
  • QueryPerformanceCounter (Address: 0x180012470)
api-ms-win-core-registry-l1-1-0.dll
  • RegCloseKey (Address: 0x180012490)
  • RegOpenKeyExW (Address: 0x180012488)
  • RegQueryValueExW (Address: 0x180012480)
  • RegSetValueExW (Address: 0x180012498)
api-ms-win-core-rtlsupport-l1-1-0.dll
  • RtlCaptureContext (Address: 0x1800124b0)
  • RtlLookupFunctionEntry (Address: 0x1800124a8)
  • RtlVirtualUnwind (Address: 0x1800124b8)
api-ms-win-core-string-obsolete-l1-1-0.dll
  • lstrcmpiW (Address: 0x1800124d0)
  • lstrcmpW (Address: 0x1800124d8)
  • lstrlenW (Address: 0x1800124c8)
api-ms-win-core-synch-l1-1-0.dll
  • AcquireSRWLockExclusive (Address: 0x180012578)
  • AcquireSRWLockShared (Address: 0x1800124e8)
  • CreateEventW (Address: 0x180012560)
  • CreateMutexExW (Address: 0x180012528)
  • CreateSemaphoreExW (Address: 0x180012520)
  • DeleteCriticalSection (Address: 0x180012500)
  • EnterCriticalSection (Address: 0x180012518)
  • InitializeCriticalSectionAndSpinCount (Address: 0x180012568)
  • InitializeCriticalSectionEx (Address: 0x1800124f8)
  • LeaveCriticalSection (Address: 0x180012550)
  • OpenSemaphoreW (Address: 0x180012508)
  • ReleaseMutex (Address: 0x180012570)
  • ReleaseSemaphore (Address: 0x180012530)
  • ReleaseSRWLockExclusive (Address: 0x180012580)
  • ReleaseSRWLockShared (Address: 0x1800124f0)
  • ResetEvent (Address: 0x180012548)
  • SetEvent (Address: 0x180012558)
  • WaitForMultipleObjectsEx (Address: 0x180012510)
  • WaitForSingleObject (Address: 0x180012538)
  • WaitForSingleObjectEx (Address: 0x180012540)
api-ms-win-core-synch-l1-2-0.dll
  • Sleep (Address: 0x180012590)
api-ms-win-core-sysinfo-l1-1-0.dll
  • GetSystemTimeAsFileTime (Address: 0x1800125a0)
  • GetTickCount (Address: 0x1800125a8)
api-ms-win-core-threadpool-l1-2-0.dll
  • CloseThreadpoolTimer (Address: 0x1800125c0)
  • CreateThreadpoolTimer (Address: 0x1800125b8)
  • SetThreadpoolTimer (Address: 0x1800125c8)
  • WaitForThreadpoolTimerCallbacks (Address: 0x1800125d0)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
  • QueueUserWorkItem (Address: 0x1800125e8)
  • UnregisterWaitEx (Address: 0x1800125e0)
api-ms-win-core-threadpool-private-l1-1-0.dll
  • RegisterWaitForSingleObjectEx (Address: 0x1800125f8)
api-ms-win-eventing-provider-l1-1-0.dll
  • EventRegister (Address: 0x180012608)
  • EventUnregister (Address: 0x180012610)
  • EventWriteTransfer (Address: 0x180012618)
api-ms-win-security-base-l1-1-0.dll
  • AddAccessAllowedAceEx (Address: 0x180012630)
  • EqualSid (Address: 0x180012650)
  • GetAce (Address: 0x180012640)
  • GetLengthSid (Address: 0x180012628)
  • GetTokenInformation (Address: 0x180012638)
  • ImpersonateLoggedOnUser (Address: 0x180012658)
  • InitializeAcl (Address: 0x180012660)
  • RevertToSelf (Address: 0x180012648)
api-ms-win-service-core-l1-1-0.dll
  • RegisterServiceCtrlHandlerExW (Address: 0x180012670)
  • SetServiceStatus (Address: 0x180012678)
msvcrt.dll
  • __C_specific_handler (Address: 0x1800126c8)
  • __dllonexit (Address: 0x1800126b0)
  • _amsg_exit (Address: 0x1800126e8)
  • _initterm (Address: 0x1800126d0)
  • _lock (Address: 0x1800126c0)
  • _onexit (Address: 0x1800126a8)
  • _purecall (Address: 0x180012700)
  • _unlock (Address: 0x1800126b8)
  • _vsnwprintf (Address: 0x180012688)
  • _XcptFilter (Address: 0x1800126f0)
  • free (Address: 0x1800126e0)
  • malloc (Address: 0x1800126d8)
  • memcmp (Address: 0x180012698)
  • memcpy (Address: 0x180012690)
  • memcpy_s (Address: 0x180012710)
  • memmove (Address: 0x1800126a0)
  • memmove_s (Address: 0x180012708)
  • memset (Address: 0x180012718)
  • wcscpy_s (Address: 0x1800126f8)
ntdll.dll
  • NtAcceptConnectPort (Address: 0x180012748)
  • NtClose (Address: 0x180012768)
  • NtCompleteConnectPort (Address: 0x180012740)
  • NtConnectPort (Address: 0x180012790)
  • NtCreatePort (Address: 0x180012758)
  • NtOpenEvent (Address: 0x1800127b0)
  • NtOpenProcess (Address: 0x1800127c0)
  • NtOpenProcessToken (Address: 0x180012760)
  • NtOpenSection (Address: 0x180012738)
  • NtOpenThread (Address: 0x180012778)
  • NtOpenThreadToken (Address: 0x1800127c8)
  • NtQueryInformationProcess (Address: 0x1800127a8)
  • NtReplyPort (Address: 0x180012788)
  • NtReplyWaitReceivePort (Address: 0x180012750)
  • NtRequestWaitReplyPort (Address: 0x180012798)
  • RtlCreateUserThread (Address: 0x1800127a0)
  • RtlDeleteCriticalSection (Address: 0x180012770)
  • RtlInitializeCriticalSection (Address: 0x180012728)
  • RtlInitUnicodeString (Address: 0x1800127b8)
  • RtlNtStatusToDosError (Address: 0x180012730)
  • RtlUnhandledExceptionFilter (Address: 0x180012780)