pcasvc.dll

  • File Path: C:\Windows\system32\pcasvc.dll
  • Description: Program Compatibility Assistant Service

Hashes

Type Hash
MD5 E0C6D51F92A7C55C0B91E26EA892152E
SHA1 70B70B5B1022DF4F53077791CA9AC7344E66AD84
SHA256 AAB65583C886EAAC294D3B2F6B2CCC05593C7A1CB6CB565C5344375A8A9B493B
SHA384 B9EC121D98FA7F8EFA948CD03D7902FF07594FC3F6A0B64ECADD466F886D4516EDABEBAC1ED1D15CA9FB0647E52E905A
SHA512 35C79D219D02BE0C6CF1DF99CF29202229C6CE2EE805E2117496D29865ED654423D0DAAFCD89F9EF913F516C5D762AA464B24E03032C7E5FD39846E15AA6EABD
SSDEEP 24576:5HDkp9/pGL3vYfQ+/B6IfbXz0gs+Zx5h46qo:5js98zi/B6Cnzx5h46
IMP 5BB5A2E1975AE78207ABB2B6F6EF800F
PESHA1 432A28B6F022C5DA37E7B3E53D84F5A290D8BE6F
PE256 9FF52F540B9DCCC543F5D255E46F32BF22C9603D4DE72F8663089C4E29571695

DLL Exports:

Function Name Ordinal Type
ServiceMain 4 Exported Function
SvchostPushServiceGlobals 5 Exported Function
QueryEncapsulationSettingsTC 3 Exported Function
PcaPatchSdbTask 1 Exported Function
QueryEncapsulationSettings 2 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: pcasvc.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/66
  • VirusTotal Link: https://www.virustotal.com/gui/file/aab65583c886eaac294d3b2f6b2ccc05593c7a1cb6cb565c5344375a8a9b493b/detection/

Possible Misuse

The following table contains possible examples of pcasvc.dll being misused. While pcasvc.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma net_connection_win_rundll32_net_connections.yml - 'PcaSvc.dll,PcaPatchSdbTask' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.