DLL or EXE? Now, I’m beginning to get confused. I heard from one site that
.dll and .exe files are two different things. But I’ve also heard about
explorer.dll.exe. I’ve read from a site discussing about dll exe that dlls
cannot be directly executed. So how’s that work?
The difference shouldn’t matter to most Windows users. In general, this is something that should be one of those hidden details that you never need to worry about.
Unfortunately, that’s not the case.
I’ll describe what DLLs and EXEs are and how they relate to each other.
And I’ll also tell you why the folks who write malware make it important to
know that there’s a difference.
“.exe” files, or files that end in the four characters “.exe” are assumed by Windows (and even MS-DOS before it) to be executable programs.
Which is really just a fancy way of saying that they’re the programs you run.
You’ll recognize many examples:
explorer.exe – Windows Explorer and the Windows primary user interface
iexplore.exe – Internet Explorer web browser
chrome.exe – the Google Chrome browser
thunderbird.exe – the Mozilla Thunderbird email program
winword.exe – Microsoft Word, word processor
… and so on
DLL stands for Dynamic Link Library.
A library is a collection of software that is made available for programs to use. That means a program you run, such as ‘winword.exe’ from the list above, might load additional DLLs that contain more software that make up the program. In Word’s case, perhaps the software for the “Word Art” feature is placed in a separate DLL that winword.exe loads either at startup or when you use that particular feature.
Software is often broken up into or provided as an .EXE and a collection of .DLLs for any of a number of reasons:
The DLL only needs to be loaded when it’s used, which reduces load time and memory needs when not. Loading only when needed is the “dynamic” part of Dynamic Link Library.
The DLL may be shared among multiple programs. For example, if Word and PowerPoint both have WordArt as a feature, then they can both use that same .DLL to provide the feature (if written properly, of course). This avoids multiple programs from all needing to duplicate the software required to perform a task.
The DLL may provide functionality to another program. For example, using DLLs is one way that one program might cause features to appear in another, such as new context menu items in Windows Explorer.
In fact, much of Windows itself is implemented as DLLs that applications load and use to access your system.
It is true – DLLs cannot be directly executed. They’re designed to be loaded and run by other programs: EXE programs.
Why the difference matters
In short, malware. In fact, your example perfectly shows one way that malware tries to mislead you:
That’s an .exe file, and nothing else. Everything in front of the .exe is the name of the file – even the part that says “.dll”. The file ends in .exe and Windows will treat that as a program. It is not a DLL. The fact that it has .dll in the middle of its name is completely meaningless – other than, to confuse and mislead you.
It is also not Windows Explorer – that’s “explorer.exe” without the “.dll” in the middle. The name may be similar, but this is a completely unrelated file.
Why do this?
Because when displaying files by default, Windows will “hide extensions for known file types”. That means that while the file’s actual name is:
what will be displayed is:
Hiding the “.exe” because that’s a known file type.
It could fool you into thinking that’s a DLL and not an EXE. What they might do from there is unclear.
One thing that I can tell you though: Don’t double-click on it.
Double-clicking means “open this file”, which for an .exe means “run this program”. Even though it shows .dll, the real filename ends in .exe and that’s exactly how Windows will treat it.
Misleading you in this manner is one technique to get you to install malware.