offlinesam.dll

• File Path: C:\Windows\system32\offlinesam.dll
• Description: Windows

Hashes

Type	Hash
MD5	82171A97AB299F16EE08BFD5FE2F3A67
SHA1	30A7093A23A54BBFA52AA1E70EA8A98E21B29B85
SHA256	CF6DCAE2775645DC1BE3B1D8BAB9C6075C21A1235562E9DA3AD6E1921B52926C
SHA384	557E35B8EC421B7FC507CED6DA624A22BB3F4BE2FE5848D8BAC7B4F9286CF111DA88FD828B2CE9F4A1CD62938082E85B
SHA512	ED3CFAE1C77FAA8E4BEEECC6C4069A0C23C5AFDB50DC9BB1FE20FF6B55C8BFF7570114000F1D322304C7551AB47DBAD71274B61690EF0376A9073704CD22B6D6
SSDEEP	3072:eyChu55yp/aCxmlIGV3Y8pORiTJIrAE6JYuBrzKP+y3bpSpDUqg:eyMu55ypjxmlIGpOReyAEYYuBhk
IMP	141DFC9E2F63BB0BBD19C6ADEE94CDA3
PESHA1	796585D82A2292B9A4D072EA09C6476A66F2A38B
PE256	7F84533FF2556D32986A6FFE19FE257A79E16A3D184C2DADA7B46ACEC5AE6209

DLL Exports:

Function Name	Ordinal	Type
SamOfflineOpenAlias	17	Exported Function
SamOfflineOpenDomain	18	Exported Function
SamOfflineOpenUser	19	Exported Function
SamOfflineGetMembersInAlias	14	Exported Function
SamOfflineLookupDomainInSamServer	15	Exported Function
SamOfflineLookupNamesInDomain	16	Exported Function
SamOfflineRidToSid	23	Exported Function
SamOfflineSetInformationAlias	24	Exported Function
SamOfflineSetInformationUser	25	Exported Function
SamOfflineQueryInformationAlias	20	Exported Function
SamOfflineQueryInformationUser	21	Exported Function
SamOfflineRemoveMemberFromAlias	22	Exported Function
SamOfflineFreeMemory	13	Exported Function
SamOfflineConnectExternal	4	Exported Function
SamOfflineConnectForInstaller	5	Exported Function
SamOfflineCreateAliasInDomain	6	Exported Function
SamOfflineAddMemberToAlias	1	Exported Function
SamOfflineCloseHandle	2	Exported Function
SamOfflineConnect	3	Exported Function
SamOfflineEnumerateAliasesInDomain	10	Exported Function
SamOfflineEnumerateDomainsInSamServer	11	Exported Function
SamOfflineEnumerateUsersInDomain2	12	Exported Function
SamOfflineCreateUserInDomain	7	Exported Function
SamOfflineDeleteAlias	8	Exported Function
SamOfflineDeleteUser	9	Exported Function

Signature

• Status: Signature verified.
• Serial: 3300000266BD1580EFA75CD6D3000000000266
• Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: offlinesam.dll
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.488 (WinBuild.160101.0800)
• Product Version: 10.0.19041.488
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 64-bit

File Scan

• VirusTotal Detections: 0/68
• VirusTotal Link: https://www.virustotal.com/gui/file/cf6dcae2775645dc1be3b1d8bab9c6075c21a1235562e9da3ad6e1921b52926c/detection/

File Similarity (ssdeep match)

File	Score
C:\Windows\SysWOW64\offlinesam.dll	33

MIT License. Copyright (c) 2020-2021 Strontic.