offlinesam.dll

• File Path: C:\Windows\SysWOW64\offlinesam.dll
• Description: Windows

Hashes

Type	Hash
MD5	EF97E9EB1ECE3A434F8A3703C612F799
SHA1	4233FAD8BA512FF36E7280B2FADC155462003710
SHA256	F6E2057104A95AEE86D8C44E2EEF22B4E0BF0281ABCA31873498C443F5C50047
SHA384	AAE3CDD45EE0F90EF71078B7CF04DACFBF9D6CF7C3E38A37552B211A22B5907330FA0F756A82DE5BBC307F80C2BC1D3A
SHA512	ACEC0D81DDFFBAC9D77FDF928FBFE36E33D76A1529922F7277114C5554CD78686019228ACCD51133A0DC3291BED343820240B16067CA556C9681A8DD27904054
SSDEEP	3072:8gmxxcW6dnN+k0QmqsOL+rCGwY047nAWMJdlVTigBI4KP+y3bpSpDUXAF+v:VmxxcW3vqqBwWS1igBPo
IMP	86847A4AEB3528C9F88AD28102C37504
PESHA1	6089C0C9B6E48DABEA34DD584717623E0F089E42
PE256	A2E3D438E3EEF6AF56E5EABCE93E82F67D54A7F69A9776256E4F0643D1F9043D

DLL Exports:

Function Name	Ordinal	Type
SamOfflineOpenAlias	17	Exported Function
SamOfflineOpenDomain	18	Exported Function
SamOfflineOpenUser	19	Exported Function
SamOfflineGetMembersInAlias	14	Exported Function
SamOfflineLookupDomainInSamServer	15	Exported Function
SamOfflineLookupNamesInDomain	16	Exported Function
SamOfflineRidToSid	23	Exported Function
SamOfflineSetInformationAlias	24	Exported Function
SamOfflineSetInformationUser	25	Exported Function
SamOfflineQueryInformationAlias	20	Exported Function
SamOfflineQueryInformationUser	21	Exported Function
SamOfflineRemoveMemberFromAlias	22	Exported Function
SamOfflineFreeMemory	13	Exported Function
SamOfflineConnectExternal	4	Exported Function
SamOfflineConnectForInstaller	5	Exported Function
SamOfflineCreateAliasInDomain	6	Exported Function
SamOfflineAddMemberToAlias	1	Exported Function
SamOfflineCloseHandle	2	Exported Function
SamOfflineConnect	3	Exported Function
SamOfflineEnumerateAliasesInDomain	10	Exported Function
SamOfflineEnumerateDomainsInSamServer	11	Exported Function
SamOfflineEnumerateUsersInDomain2	12	Exported Function
SamOfflineCreateUserInDomain	7	Exported Function
SamOfflineDeleteAlias	8	Exported Function
SamOfflineDeleteUser	9	Exported Function

Signature

• Status: Signature verified.
• Serial: 3300000266BD1580EFA75CD6D3000000000266
• Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: offlinesam.dll
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 32-bit

File Scan

• VirusTotal Detections: 0/70
• VirusTotal Link: https://www.virustotal.com/gui/file/f6e2057104a95aee86d8c44e2eef22b4e0bf0281abca31873498c443f5c50047/detection/

File Similarity (ssdeep match)

File	Score
C:\Windows\system32\offlinesam.dll	33

MIT License. Copyright (c) 2020-2021 Strontic.