msafd.dll

  • File Path: C:\Windows\SysWOW64\msafd.dll
  • Description: Microsoft Windows Sockets 2.0 Service Provider

Hashes

Type Hash
MD5 F182526FFE1945F22607416C7ECD84DE
SHA1 B2382AD16D2AD68415A25E48B8A837C9D2342E7E
SHA256 B96ADEF36FAFD1CF953D87777CFD4F63D23942E26A1441635D5F94E7B73A2850
SHA384 5CC439F875CF077074D3AD8DD629A97DFCA3C6558A6838453DCC1D2E31368737A69C520ADCA6E26D8E3987214ED63F9E
SHA512 44FC270F118B9C999D06D7986D3944AC216868DAD3369058EF06C110CFFA400E793EF4005481E6DAB297C318D0111EB8D45051B8A77CBBF9DCB60A4AB62CDEC3
SSDEEP 24:eH1GS3LY1dihhz2w8L84C8BGIZW0DlAHsNwNuBeuS35WWdPPYPNy:y01qiwgC8MIZWdHM+u3Y5WwHg
IMP n/a
PESHA1 D0A7D495526213D3F0D57C8F1D6CAFCA49CC9AEA
PE256 77FF04CAD3A947068A73C3A5BFBF2AA65EF81F8CCB205402EA6F07F6F2542A64

DLL Exports:

Function Name Ordinal Type
WSPStartup 1 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: msafd.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/b96adef36fafd1cf953d87777cfd4f63d23942e26a1441635d5f94e7b73a2850/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\system32\advapi32res.dll 47
C:\Windows\system32\asferror.dll 44
C:\Windows\system32\blbres.dll 50
C:\Windows\system32\bridgeres.dll 49
C:\Windows\system32\comres.dll 43
C:\Windows\system32\DMAppsRes.dll 49
C:\Windows\system32\dmdskres.dll 49
C:\Windows\system32\dmdskres2.dll 46
C:\Windows\system32\ETWCoreUIComponentsResources.dll 54
C:\Windows\system32\icmp.dll 49
C:\Windows\system32\imageres.dll 50
C:\Windows\system32\imagesp1.dll 49
C:\Windows\system32\iologmsg.dll 47
C:\Windows\system32\lltdres.dll 49
C:\Windows\system32\MapControlStringsRes.dll 47
C:\Windows\system32\Microsoft-WindowsPhone-SEManagementProvider.dll 47
C:\Windows\system32\moricons.dll 52
C:\Windows\system32\msafd.dll 79
C:\Windows\system32\msprivs.dll 54
C:\Windows\system32\neth.dll 47
C:\Windows\system32\netmsg.dll 50
C:\Windows\system32\normaliz.dll 43
C:\Windows\system32\PhoneServiceRes.dll 49
C:\Windows\system32\PhoneutilRes.dll 49
C:\Windows\system32\qedwipes.dll 54
C:\Windows\system32\rnr20.dll 58
C:\Windows\system32\SensorsCpl.dll 41
C:\Windows\system32\SyncRes.dll 49
C:\Windows\system32\tapiui.dll 49
C:\Windows\system32\TelephonyInteractiveUserRes.dll 50
C:\Windows\system32\TpmCertResources.dll 47
C:\Windows\system32\wbem\WmiApRes.dll 49
C:\Windows\system32\WindowsPowerShell\v1.0\pwrshmsg.dll 47
C:\Windows\system32\winrsmgr.dll 52
C:\Windows\system32\wmerror.dll 40
C:\Windows\system32\wmploc.DLL 43
C:\Windows\system32\XAudio2_8.dll 49
C:\Windows\SysWOW64\advapi32res.dll 54
C:\Windows\SysWOW64\asferror.dll 46
C:\Windows\SysWOW64\comres.dll 47
C:\Windows\SysWOW64\DMAppsRes.dll 54
C:\Windows\SysWOW64\dmdskres.dll 49
C:\Windows\SysWOW64\dmdskres2.dll 50
C:\Windows\SysWOW64\ETWCoreUIComponentsResources.dll 55
C:\Windows\SysWOW64\icmp.dll 46
C:\Windows\SysWOW64\imageres.dll 60
C:\Windows\SysWOW64\imagesp1.dll 54
C:\Windows\SysWOW64\iologmsg.dll 57
C:\Windows\SysWOW64\MapControlStringsRes.dll 49
C:\Windows\SysWOW64\moricons.dll 58
C:\Windows\SysWOW64\mscpx32r.dLL 60
C:\Windows\SysWOW64\msorc32r.dll 46
C:\Windows\SysWOW64\neth.dll 55
C:\Windows\SysWOW64\netmsg.dll 47
C:\Windows\SysWOW64\normaliz.dll 43
C:\Windows\SysWOW64\PhoneutilRes.dll 52
C:\Windows\SysWOW64\qedwipes.dll 49
C:\Windows\SysWOW64\rnr20.dll 61
C:\Windows\SysWOW64\SensorsCpl.dll 44
C:\Windows\SysWOW64\SyncRes.dll 55
C:\Windows\SysWOW64\tapiui.dll 50
C:\Windows\SysWOW64\TpmCertResources.dll 52
C:\WINDOWS\SysWOW64\user.exe 47
C:\Windows\SysWOW64\user.exe 54
C:\Windows\SysWOW64\user.exe 58
C:\Windows\SysWOW64\user.exe 46
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshmsg.dll 50
C:\Windows\SysWOW64\winrsmgr.dll 57
C:\Windows\SysWOW64\wmerror.dll 46
C:\Windows\SysWOW64\wmploc.DLL 43
C:\Windows\SysWOW64\XAudio2_8.dll 50

Possible Misuse

The following table contains possible examples of msafd.dll being misused. While msafd.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_apt30_backspace.yar $s4 = “MSAFD Tcpip [TCP/IP]” fullword CC BY-NC 4.0

MIT License. Copyright (c) 2020 Strontic.