System.dll

  • File Path: C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.8\System.dll
  • Description: .NET Framework
  • Comments: Flavor=Retail

Hashes

Type Hash
MD5 3157416E567E827DEB98B5189A7A0945
SHA1 CEE9B27ECF49824460E89BCB9788D20F05160C56
SHA256 A3FFFE26CC1E6D35F144E4CC3AB187AD70CAEBF4E30549D49552B54E155927F3
SHA384 7B04A4D5972234F02012362AC40ED03E4CD2CE908E8CB203AD7655C0B4D67DF746636CCC7373C6EAB6D2D6D484E211AA
SHA512 2000F5F79A47E17E9199827FA77B932F7481BAAB790BA65266FBBFC5B2A543E51715CACE14DE820CFBA9B468DC73719FA7F7F70B92DEEC88097099B37A8C27B2
SSDEEP 24576:+Aqr3vUorp3nFso4EtiRioBvAt4g/RSCt:sXr9xIRioBvC/Xt
IMP DAE02F32A21E03CE65412F6E56942DAA
PESHA1 314934BCB4165A3A8DFE7920BBA2987F71ADF025
PE256 C5D5A024F9FC625C21761BEE7B822E9B1A89D01D8618BEC4C877CE9C0C9EEC79

Signature

  • Status: Signature verified.
  • Serial: 33000001519E8D8F4071A30E41000000000151
  • Thumbprint: 62009AAABDAE749FD47D19150958329BF6FF4B34
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: System.dll
  • Product Name: Microsoft .NET Framework
  • Company Name: Microsoft Corporation
  • File Version: 4.8.4084.0 built by: NET48REL1
  • Product Version: 4.8.4084.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/a3fffe26cc1e6d35f144e4cc3ab187ad70caebf4e30549d49552b54e155927f3/detection

Possible Misuse

The following table contains possible examples of System.dll being misused. While System.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base gen_empire.yar $s1 = “Where-Object { $.GlobalAssemblyCache -And $.Location.Split(‘\\’)[-1].Equals(‘System.dll’) }” fullword ascii CC BY-NC 4.0
signature-base gen_metasploit_payloads.yar $s6 = “ReferencedAssemblies.AddRange(@("System.dll", [PsObject].Assembly.Location))” fullword ascii CC BY-NC 4.0
signature-base thor-hacktools.yar $s0 = “system.dll” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.