scrrun.dll

  • File Path: C:\Windows\system32\scrrun.dll
  • Description: Microsoft Script Runtime

Hashes

Type Hash
MD5 C3E4E41743868529C95B3AE33A239587
SHA1 E8BF8CB061F589EC2BAB9A92AA8DE46CA10879D3
SHA256 88FB7184E2AB58E0F82B93182AC3BFFD02DC86BBBDFB9F9BDBE201113BB42CB7
SHA384 321F2C13E30CDD107EFC21EF92F3B5CB9B5641208B22759553F598DF116147AD2BDDF8C2CBFB739FACD836F098A235B7
SHA512 E7646AEE3FD37A56DC9E1EEC77A6F47583E82D9A96B5D15B7F9771185E29335B483CAEC59BE7E43F3217B69003102B9E95D5C7B16C5915967C17111FC552631B
SSDEEP 3072:eo8+RKEhtYxwfNO8WPb23In+SiIaea8JXUM9C7ceu0TJ49WRjCy24eM68Pm8:eo8+dhtZfN2D23Iva8zCgD3SO54eM
IMP F90736BF92CC46B1B7699517D14BF2CD
PESHA1 5EB3FDB59E8D253B40E33505C7D5D7BC315CF959
PE256 E2AA16418CA2454C1B47FBC2FC6CB2C11226B4B2E91B5B65D8243F252E3F2151

DLL Exports:

Function Name Ordinal Type
DllRegisterServer 4 Exported Function
DllUnregisterServer 5 Exported Function
DoOpenPipeStream 6 Exported Function
DllCanUnloadNow 2 Exported Function
DllGetClassObject 3 Exported Function
DLLGetDocumentation 1 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: scrrun.dll.mui
  • Product Name: Microsoft Script Runtime
  • Company Name: Microsoft Corporation
  • File Version: 5.812.10240.16384
  • Product Version: 5.812.10240.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/88fb7184e2ab58e0f82b93182ac3bffd02dc86bbbdfb9f9bdbe201113bb42cb7/detection/

Possible Misuse

The following table contains possible examples of scrrun.dll being misused. While scrrun.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_scrcons_imageload_wmi_scripteventconsumer.yml - '\scrrun.dll' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.