Geolocation.dll

  • File Path: C:\Windows\SysWOW64\Geolocation.dll
  • Description: Geolocation Runtime DLL

Hashes

Type Hash
MD5 304B137E964DDFA0E8748A5574DB0155
SHA1 DD358BB529C10CC446FF525F5BA34051D0600A91
SHA256 790FBE894A13C3D9D50F28CAD53CA1E18EC73F7CCFF29FB41023F255D1C84581
SHA384 3290614F496A663B7E44067C36836FCB03DD2009F9EDAB58870640EE4CC07A177E313FED9B266E0D411D791746167CFA
SHA512 698F185748891BBC251687EDAF4A98BA160AD86337A1F21FB012FFF611F062B3A213AF3D86C8AD59EE70DB26CC50C9E4C8AF7C013B5D1AE4ED9C7D622B9B9131
SSDEEP 6144:sAriX5d2sCKVv18NIScBpInfaSQcjU1CqnO/GFX:zqUsCKVviKXgSAdlg
IMP A824F5BCB966A68688235CFD18C6F0AF
PESHA1 3B6C742C773D251436DAB972B896F8332D29B96B
PE256 D37DED89A5BBC4DC2062E84D0DE9C701E01B4CB82AD272EFAB7D590DD73CEC60

DLL Exports:

Function Name Ordinal Type
DllGetClassObject 3 Exported Function
DllGetActivationFactory 2 Exported Function
DllCanUnloadNow 1 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Geolocation.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.388 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.388
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/790fbe894a13c3d9d50f28cad53ca1e18ec73f7ccff29fb41023f255d1c84581/detection/

Possible Misuse

The following table contains possible examples of Geolocation.dll being misused. While Geolocation.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc groundbait === Prikormka *GEOLOCATION* modules © ESET 2014-2018

MIT License. Copyright (c) 2020 Strontic.