scrrun.dll

  • File Path: C:\Windows\SysWOW64\scrrun.dll
  • Description: Microsoft Script Runtime

Hashes

Type Hash
MD5 BAAFE7B0932D8457FC0EB73439E086DA
SHA1 7DD582A022D93C0E5FC50A50C988AAB70E9941AA
SHA256 966C02391779D7FB33F27214E842907AD1D098CA1C4CEF97FD5376D0A237E332
SHA384 E671830256EA3934D945AE751F51555FD7E2A883E4F6E0FFDAC01FD373C0D14989CA2DED0CDBBC364C30D060C54D175B
SHA512 3367618A3DD6EA6B25977A56BBA6813C2952D6D088DBAAB3BA7AFC80238377C9E1D64F25EA58BDDFC5FDEAADB8E7CB2951F1B338FD61BDB28207CFCD272FF93D
SSDEEP 3072:o8oqR+i53WKZM3VMWZWK7V7cZ/guIR/Cq7AcSBOSqHG82tTjJq39mQUGbmDWRP6t:X3WtZWCVUsRYbBOSqHG7tvs39yMSFVtI
IMP 5FE163AF7BDD48731BD9B52B1DFD8561
PESHA1 B034F5F904FCB24B4C8189F0383C690BF0BDBC86
PE256 6E26628A0F4CC8EB068BBC526B4FFEEC8DCEDBF949E565FFF7F62E16D8C963D8

DLL Exports:

Function Name Ordinal Type
DllRegisterServer 4 Exported Function
DllUnregisterServer 5 Exported Function
DoOpenPipeStream 6 Exported Function
DllCanUnloadNow 2 Exported Function
DllGetClassObject 3 Exported Function
DLLGetDocumentation 1 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: scrrun.dll
  • Product Name: Microsoft Script Runtime
  • Company Name: Microsoft Corporation
  • File Version: 5.812.10240.16384
  • Product Version: 5.812.10240.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/966c02391779d7fb33f27214e842907ad1d098ca1c4cef97fd5376d0a237e332/detection/

Possible Misuse

The following table contains possible examples of scrrun.dll being misused. While scrrun.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_scrcons_imageload_wmi_scripteventconsumer.yml - '\scrrun.dll' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.