DismCore.dll

  • File Path: C:\Windows\SysWOW64\Dism\DismCore.dll
  • Description: DISM Core Framework

Hashes

Type Hash
MD5 5775AFC9580E422DA578E2C08DF43CC4
SHA1 C1BD43336E7C9BCB9259F47733489956665272C0
SHA256 C11E24979F01945FF85C2826314F3A99D00972982F00F4C61AE38F10E35CBD3A
SHA384 F3A6348623009D6FDF8637BD7173AAE3F1A3DF2B572CF30DC8E860D24B7E2760DC268EC973660CF706388BD94434CA1B
SHA512 30D2D0C07FBC3B3DA8FC0C1ABD5050FEC8C30CA42C9C629E389FB00056320ECA3C43B55C6BF8C79B2EA4EA6069EDD8CA9803FD453116A9C04C78EB5B54B66F10
SSDEEP 6144:0VWpn89NieYULarRONMR1i/kzMJVnRKQpavvp:eprNu1iOqkvvvp
IMP 7D46AAB6CDB1717A9F05561374D22267
PESHA1 E1A28E19555302F7A005C0EDA2C1536F640145E1
PE256 855F498700764D85ED6035303F0425EFEF8307212DC5D0504EA3434F0DF3C12E

DLL Exports:

Function Name Ordinal Type
DllRegisterServer 3 Exported Function
DllUnregisterServer 4 Exported Function
DllCanUnloadNow 1 Exported Function
DllGetClassObject 2 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: DismCore.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/65
  • VirusTotal Link: https://www.virustotal.com/gui/file/c11e24979f01945ff85c2826314f3a99d00972982f00f4c61ae38f10e35cbd3a/detection/

Possible Misuse

The following table contains possible examples of DismCore.dll being misused. While DismCore.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_uac_bypass_via_dism.yml description: Attempts to load dismcore.dll after dropping it DRL 1.0
sigma image_load_uac_bypass_via_dism.yml - '\dismcore.dll' DRL 1.0
sigma image_load_uac_bypass_via_dism.yml - 'C:\Windows\System32\Dism\dismcore.dll' DRL 1.0
atomic-red-team T1548.002.md Component: DismCore.dll MIT License. © 2018 Red Canary

MIT License. Copyright (c) 2020-2021 Strontic.