Geolocation.dll

  • File Path: C:\Windows\system32\Geolocation.dll
  • Description: Geolocation Runtime DLL

Hashes

Type Hash
MD5 F13DC779811745A7A7ECD42EB9886320
SHA1 42389AC4C0E52A08FAF997268540599531AC3E31
SHA256 94D2893117443026DE245B8D5765AED20B2DAD1122CAF79D0D13D41B8D3926D0
SHA384 BC093C5A47CF33DECBE107D414D6F7191116CDC6E57AF8E2C4A83B7A49FAE842A94E0DC9E70C482AD4DDE4843A7E27DE
SHA512 00C83F6FFE3C6C58D6CE0AB996BBB5BF7A15CE5A9EEED4A1BFC5EF5375E47BD671877E8F96200B6F7E160E0F8433CD815DF608F107A2908BBA0CC8ADDAAFD6B1
SSDEEP 6144:l33IJfre1UHkxKq8WMmbiJtbYNQyKQ4pGMzdTN9PO+QmEGycIyVN92huEawQu4:13IEGkMfmbiPbYqy9KdZzEEu4
IMP E1712F69FDA04D5127F0FCC1152F497C
PESHA1 B543D1DCFF144DDDC479071B2596C4C2C1313219
PE256 F236DA74B7E23EA29B2750722578E541E9EF08C3C4C78641C6103B884AEE9221

DLL Exports:

Function Name Ordinal Type
DllGetClassObject 3 Exported Function
DllGetActivationFactory 2 Exported Function
DllCanUnloadNow 1 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Geolocation.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/94d2893117443026de245b8d5765aed20b2dad1122caf79d0d13d41b8d3926d0/detection/

Possible Misuse

The following table contains possible examples of Geolocation.dll being misused. While Geolocation.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc groundbait === Prikormka *GEOLOCATION* modules © ESET 2014-2018

MIT License. Copyright (c) 2020 Strontic.