msafd.dll

  • File Path: C:\Windows\system32\msafd.dll
  • Description: Microsoft Windows Sockets 2.0 Service Provider

Hashes

Type Hash
MD5 B11857C2050F4D10731EE0B481176A85
SHA1 59BF64486FE96C3454B9D974D717D33F2AD6543C
SHA256 C758A6A9448F739BE478D3DBF1A84ABF9ECE53B94D5B82C68E8EA222CCF1892F
SHA384 5F11D9734583F0BBD6D41AD0C0C1188E184FBAE3DC84F0D83A8B0AD7D9B0FA8A664E4AF0569ECD4892101B06D4DFF3B1
SHA512 545F5E142AF274730065C9C92680E05263E26EC5D3F1C6C3C6336E6D981F046F848D32129A34764CDB76FF96B72165CD19457CF119709168934F0A2B9BE94872
SSDEEP 24:eFGS3iBrhDPCjs4vhzt6fL8x8BGIZW0DlAHsNwNuBeuS35WWdPPYPNy:iS5h45D8MIZWdHM+u3Y5WwHg
IMP n/a
PESHA1 D100F4902374A2CECD4E7730F2946FE340ED9760
PE256 C5F8E62F1D4F020D61BAD33118BF2A952A5494F610D41EAD485EEF7E95047C10

DLL Exports:

Function Name Ordinal Type
WSPStartup 1 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: msafd.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/c758a6a9448f739be478d3dbf1a84abf9ece53b94d5b82c68e8ea222ccf1892f/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\system32\advapi32res.dll 50
C:\Windows\system32\asferror.dll 43
C:\Windows\system32\blbres.dll 47
C:\Windows\system32\bridgeres.dll 50
C:\Windows\system32\comres.dll 44
C:\Windows\system32\DMAppsRes.dll 47
C:\Windows\system32\dmdskres.dll 46
C:\Windows\system32\dmdskres2.dll 50
C:\Windows\system32\ETWCoreUIComponentsResources.dll 49
C:\Windows\system32\icmp.dll 54
C:\Windows\system32\imageres.dll 54
C:\Windows\system32\imagesp1.dll 52
C:\Windows\system32\iologmsg.dll 46
C:\Windows\system32\lltdres.dll 47
C:\Windows\system32\MapControlStringsRes.dll 49
C:\Windows\system32\Microsoft-WindowsPhone-SEManagementProvider.dll 46
C:\Windows\system32\moricons.dll 55
C:\Windows\system32\msprivs.dll 47
C:\Windows\system32\neth.dll 46
C:\Windows\system32\netmsg.dll 49
C:\Windows\system32\normaliz.dll 40
C:\Windows\system32\PhoneServiceRes.dll 50
C:\Windows\system32\PhoneutilRes.dll 50
C:\Windows\system32\qedwipes.dll 47
C:\Windows\system32\rnr20.dll 60
C:\Windows\system32\SensorsCpl.dll 41
C:\Windows\system32\SyncRes.dll 47
C:\Windows\system32\tapiui.dll 46
C:\Windows\system32\TelephonyInteractiveUserRes.dll 49
C:\Windows\system32\TpmCertResources.dll 49
C:\Windows\system32\wbem\WmiApRes.dll 52
C:\Windows\system32\WindowsPowerShell\v1.0\pwrshmsg.dll 49
C:\Windows\system32\winrsmgr.dll 54
C:\Windows\system32\wmerror.dll 38
C:\Windows\system32\wmploc.DLL 41
C:\Windows\system32\XAudio2_8.dll 50
C:\Windows\SysWOW64\advapi32res.dll 49
C:\Windows\SysWOW64\asferror.dll 43
C:\Windows\SysWOW64\comres.dll 44
C:\Windows\SysWOW64\DMAppsRes.dll 49
C:\Windows\SysWOW64\dmdskres.dll 46
C:\Windows\SysWOW64\dmdskres2.dll 49
C:\Windows\SysWOW64\ETWCoreUIComponentsResources.dll 47
C:\Windows\SysWOW64\icmp.dll 46
C:\Windows\SysWOW64\imageres.dll 54
C:\Windows\SysWOW64\imagesp1.dll 49
C:\Windows\SysWOW64\iologmsg.dll 47
C:\Windows\SysWOW64\MapControlStringsRes.dll 47
C:\Windows\SysWOW64\moricons.dll 50
C:\Windows\SysWOW64\msafd.dll 79
C:\Windows\SysWOW64\mscpx32r.dLL 50
C:\Windows\SysWOW64\msorc32r.dll 41
C:\Windows\SysWOW64\neth.dll 47
C:\Windows\SysWOW64\netmsg.dll 44
C:\Windows\SysWOW64\normaliz.dll 43
C:\Windows\SysWOW64\PhoneutilRes.dll 46
C:\Windows\SysWOW64\qedwipes.dll 47
C:\Windows\SysWOW64\rnr20.dll 54
C:\Windows\SysWOW64\SensorsCpl.dll 41
C:\Windows\SysWOW64\SyncRes.dll 47
C:\Windows\SysWOW64\tapiui.dll 46
C:\Windows\SysWOW64\TpmCertResources.dll 49
C:\WINDOWS\SysWOW64\user.exe 44
C:\Windows\SysWOW64\user.exe 50
C:\Windows\SysWOW64\user.exe 50
C:\Windows\SysWOW64\user.exe 46
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshmsg.dll 47
C:\Windows\SysWOW64\winrsmgr.dll 50
C:\Windows\SysWOW64\wmerror.dll 40
C:\Windows\SysWOW64\wmploc.DLL 38
C:\Windows\SysWOW64\XAudio2_8.dll 50

Possible Misuse

The following table contains possible examples of msafd.dll being misused. While msafd.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_apt30_backspace.yar $s4 = “MSAFD Tcpip [TCP/IP]” fullword CC BY-NC 4.0

MIT License. Copyright (c) 2020 Strontic.