dab.dll

• File Path: C:\Windows\system32\dab.dll
• Description: Desktop Activity Broker DLL

Hashes

Type	Hash
MD5	2A9597B49E3ED0D7473EA7C08FC4B9EB
SHA1	1C40E289D12A5A6F2E45130A00247B452EE09913
SHA256	D5332FD51CEE0D0E4056E091D730B9C4DFB1D0100D32A5C295B2EE3E30956F0C
SHA384	F60477A53B6233A031D3A4C1037719EEB600D515DD98A75136761DE161EA63194205E07D7FC09F44535D861D207D9C72
SHA512	C4214532204E00401D4A024BAF8C859308BC0DD283C810D41633B28C5D5920825AE4AB4A462C6FC9767C33E3834D29F97C6E949209787BBA63ADCF6A92508335
SSDEEP	1536:jT6VDki3wxTouZf3EGcahUzR083l7Yc+fzIQEPe10qbxKYRV0uzBo3c20:juVTgxDUm8sfzxbxVROuzB0F0
IMP	9A7AFB9B84D9BF59728FF35911C378D5
PESHA1	4D76A34989A3E1BE46A441EBA0990F8984274313
PE256	9C87BC0AA0579A29E6579D8B1AF8B29A6699F5F59601CF635FF0D28EA4322E81

DLL Exports:

Function Name	Ordinal	Type
DabSessionStateChanged	3	Exported Function
DabTerminate	4	Exported Function
DabInitialize	1	Exported Function
DabPowerStateChanged	2	Exported Function

Signature

• Status: Signature verified.
• Serial: 3300000266BD1580EFA75CD6D3000000000266
• Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: dab.dll.mui
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 64-bit

File Scan

• VirusTotal Detections: 0/67
• VirusTotal Link: https://www.virustotal.com/gui/file/d5332fd51cee0d0e4056e091d730b9c4dfb1d0100d32a5c295b2ee3e30956f0c/detection/

MIT License. Copyright (c) 2020-2021 Strontic.