ieframe.dll

  • File Path: C:\Windows\system32\ieframe.dll
  • Description: Internet Browser

Hashes

Type Hash
MD5 BFAC97B45B35D975C8312029F7F64A28
SHA1 E80918CB85A8DD9BAC16955F5EFA95691DEF1931
SHA256 3C95B0507ED729BDE94C6887EE473ECAC996E67E8028FED0DD81DE8FFC283BCD
SHA384 9E02D5FA0D14FABE7AA7D1F4372299A715948ED74DFF683ED78EF66457FE42C2696D1A5D68FE2A8252E3FAE8BA4FB358
SHA512 84F4996CC1A73B23C6D1383E5EE5BB70D7B01F5235F121BEC69C996F4B739407E58CCE8BB74D3D0580CBCAD82986F34A927341BABA05EFA4F86BC588882A19D4
SSDEEP 98304:Ja3nAFiXVNLMWpKJ5XML0aFQkrPCH6d3T6Pchrge1rMpOxrVNUg:JglXVNLHpKJ5XOFpWadj60RlxrvU
IMP 0F50E3AB6BDD97E12C0C94B0EB52FBB5
PESHA1 A99FF32BA55302A170F1353CD65BD9BA9D88EDBF
PE256 BEE9CD6EA8E33C13446D0E4B7A82E068EECA37239DFAF2091DAF32203675F187

DLL Exports:

Function Name Ordinal Type
IERegisterWritableRegistryKey 155 Exported Function
IERegCreateKeyEx 149 Exported Function
IERefreshElevationPolicy 148 Exported Function
IERegisterWritableRegistryValue 156 Exported Function
IESaveFile 157 Exported Function
IERemoveDirectory 111 Exported Function
IERegSetValueEx 154 Exported Function
IEMoveFileEx 110 Exported Function
IEIsInPrivateBrowsing 108 Exported Function
IEInPrivateFilteringEnabled 107 Exported Function
IEGetWriteableHKCU 144 Exported Function
IEIsProtectedModeProcess 145 Exported Function
IELaunchURL 147 Exported Function
IELaunchManageAddOnsUI 109 Exported Function
IEIsProtectedModeURL 146 Exported Function
SHAddSubscribeFavorite 163 Exported Function
SetQueryNetSessionCount 114 Exported Function
OpenURL 175 Exported Function
SoftwareUpdateMessageBox 176 Exported Function
URLQualifyW 179 Exported Function
URLQualifyA 178 Exported Function
TriggerFileDownload 177 Exported Function
ImportPrivacySettings 174 Exported Function
IEShowOpenFileDialog 169 Exported Function
IESetProtectedModeCookieEx 164 Exported Function
IESetProtectedModeCookie 161 Exported Function
IEShowSaveFileDialog 171 Exported Function
ImportCookieFileByProcessW 113 Exported Function
IEUnregisterWritableRegistry 173 Exported Function
IETrackingProtectionEnabled 112 Exported Function
IEGetWriteableFolderPath 140 Exported Function
DoAddToFavDlgW 124 Exported Function
DoAddToFavDlg 123 Exported Function
DllUnregisterServer 122 Exported Function
DoBlobDownload 125 Exported Function
DoOrganizeFavDlg 128 Exported Function
DoFileDownloadEx 127 Exported Function
DoFileDownload 126 Exported Function
DllRegisterServer 121 Exported Function
CreateExtensionGuidEnumerator 96 Exported Function
CORLockDownProvider 116 Exported Function
AddUrlToFavorites 115 Exported Function
DllCanUnloadNow 117 Exported Function
DllInstall 120 Exported Function
DllGetVersion 119 Exported Function
DllGetClassObject 118 Exported Function
IEDeleteFile 100 Exported Function
IECreateFile 99 Exported Function
IECreateDirectory 98 Exported Function
IEDisassociateThreadWithTab 138 Exported Function
IEGetProtectedModeCookie 139 Exported Function
IEGetFileAttributesEx 106 Exported Function
IEFindFirstFile 104 Exported Function
IECancelSaveFile 136 Exported Function
ExportCookieFileByProcessW 97 Exported Function
DoPrivacyDlg 130 Exported Function
DoOrganizeFavDlgW 129 Exported Function
HlinkFindFrame 131 Exported Function
IEAssociateThreadWithTab 134 Exported Function
HlinkFrameNavigateNHL 133 Exported Function
HlinkFrameNavigate 132 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: IEFRAME.DLL.MUI
  • Product Name: Internet Explorer
  • Company Name: Microsoft Corporation
  • File Version: 11.00.19041.1 (WinBuild.160101.0800)
  • Product Version: 11.00.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/3c95b0507ed729bde94c6887ee473ecac996e67e8028fed0dd81de8ffc283bcd/detection/

Possible Misuse

The following table contains possible examples of ieframe.dll being misused. While ieframe.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_rundll32_activity.yml - 'ieframe.dll' DRL 1.0
LOLBAS Ieframe.yml - Command: rundll32.exe ieframe.dll,OpenURL "C:\test\calc.url"  
LOLBAS Ieframe.yml - Path: c:\windows\system32\ieframe.dll  
LOLBAS Ieframe.yml - Path: c:\windows\syswow64\ieframe.dll  
LOLBAS Ieframe.yml - Link: https://windows10dll.nirsoft.net/ieframe_dll.html  

MIT License. Copyright (c) 2020-2021 Strontic.