dsreg.dll

• File Path: C:\Windows\system32\dsreg.dll
• Description: AD/AAD User Device Registration

Hashes

Type	Hash
MD5	CFBD80826C73B03ECA55D3E6C25B2661
SHA1	748255C166CE5B9A2D1F0906A835CAA193973F04
SHA256	7141872B513B226A58A708476F3954C8AF3C6A9F09E03F54CE47C14100F15CD4
SHA384	72F13239CE24AFF1591BD2F765054E01EEA90C58CFEBBEA0AAA7E095109A925E9BB2AE4E1AD594D02E30AE84D9E2AB07
SHA512	4C2286577C0047CDC4AA3835794AEA3E38D69EB4EB51382D5E595F426B50E9BE184103676CCF30451FD1026A5D94055DCFA8E1E3F6D0F570A21C2376D4E27D76
SSDEEP	24576:wa/LgEFgjgj4yeoqxBZjGoK5OjFrGVKwluOciXvOC/:wa/nKjWXeoqx36oKMJrGVKwlu7iT/
IMP	E3A279785EBB753BD4F661380F7DEC69
PESHA1	368A0B9395B87F5EEE2BE82A6CB44A9DB3249FDE
PE256	8397BB81856527441AA4674D600E706067E688C38549B6ECFA3405C5810D3018

DLL Exports:

Function Name	Ordinal	Type
DsrWriteAutoJoinSvcDebugEvent	33	Exported Function
DsrWriteAutoJoinSvcAdminEvent	32	Exported Function
DsrSaveWorkplaceTokenProperties	31	Exported Function
FidoRegisterKey	36	Exported Function
FidoDeregisterKey	35	Exported Function
DsrWriteAutoJoinSvcTriggerEvent	34	Exported Function
DsrIsDeviceJoined	27	Exported Function
DsrGetResourceAccount	26	Exported Function
DsrGetPrtAuthorityInfo	25	Exported Function
DsrSaveDeviceTokenProperties	30	Exported Function
DsrIsWorkplaceJoined	29	Exported Function
DsrIsDeviceJoinedEx	28	Exported Function
NgcRegisterKey	45	Exported Function
NgcReadRegistryValue	44	Exported Function
NgcNeedProvisionForAccount	43	Exported Function
NgcUpdateStatistics	48	Exported Function
NgcUpdateCertEnrollStatistics	47	Exported Function
NgcResetPinRetryAttempts	46	Exported Function
NgcGetLogonCertPolicy	39	Exported Function
NgcGetKeyId	38	Exported Function
NgcDeregisterKey	37	Exported Function
NgcNeedProvision	42	Exported Function
NgcIncrementPinRetryAttempts	41	Exported Function
NgcGetStatistics	40	Exported Function
DsrBeginWorkplaceJoin	9	Exported Function
DsrBeginRecovery	8	Exported Function
DsrBeginPreprovisionedDeviceJoin	7	Exported Function
DsrCanCurrentUserProvisionNgcKey	13	Exported Function
DsrBeginWorkplaceUpdate	11	Exported Function
DsrBeginWorkplaceUnjoin	10	Exported Function
DsrBeginDeviceJoin	3	Exported Function
DsrBeginDeviceAndResourceAccountJoin	2	Exported Function
DsrBeginDelegatedWorkplaceJoin	1	Exported Function
DsrBeginDiscover	6	Exported Function
DsrBeginDeviceUpdate	5	Exported Function
DsrBeginDeviceUnjoin	4	Exported Function
DsrGetCxhScenarioInfo	21	Exported Function
DsrGetCurrentUserNgcProvisionStatus	20	Exported Function
DsrFreeJoinInfoEx	19	Exported Function
DsrGetJoinInfoEx	24	Exported Function
DsrGetJoinInfo	23	Exported Function
DsrGetDomainRegistrationData	22	Exported Function
DsrEndRecovery	15	Exported Function
DsrCLI	12	Exported Function
DsrCanCurrentUserResetNgcKey	14	Exported Function
DsrFreeJoinInfo	18	Exported Function
DsrFreeDiscoveryMetadata	17	Exported Function
DsrFreeCxhScenarioInfo	16	Exported Function

Signature

• Status: Signature verified.
• Serial: 330000026551AE1BBD005CBFBD000000000265
• Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: dsreg.dll.mui
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 64-bit

File Scan

• VirusTotal Detections: 0/71
• VirusTotal Link: https://www.virustotal.com/gui/file/7141872b513b226a58a708476f3954c8af3c6a9f09e03f54ce47c14100f15cd4/detection/

MIT License. Copyright (c) 2020-2021 Strontic.