vbscript.dll

  • File Path: C:\Windows\SysWOW64\vbscript.dll
  • Description: Microsoft VBScript

Hashes

Type Hash
MD5 77273852BE82695F8876F0D2D4FBE533
SHA1 1062D3CED437C1E387F21AD1E9A11F6D2E9979B7
SHA256 04F430D7751112D755CBF78431E28ED7F9C01CB6C1A89D033D6358926F826CCC
SHA384 FD13189258751AB4B4AFFBDF2E27A5F802AF4D99C750F9EB5EEAF9EBD8C18477FE1E2E50E46B0F655D56E4995208625C
SHA512 854809385A68E94D0739E45DAFBF04FC756105D378C9DB4F4BC6E62FAC6D54AC4B44B390EC6CBA0085A5AB2102A9D4A13316103797137AAFC8C50D14DC107723
SSDEEP 12288:ftqWqyIkQ7LTWH9arcPqgI+XI/s5il7OHadbdoARDR+:8yIkQ7fWHorJwy8il7v7oQDR+
IMP 556ED6F66AA25E04D1BF328F88B7E543
PESHA1 DF0C0D9156ED25A1DE4F22763C4F3C60F88DD976
PE256 0C656558D52470E980FEE50D003EBF1460DF2EC9F95C89F70F993E19C18997E4

DLL Exports:

Function Name Ordinal Type
DllRegisterServer 3 Exported Function
DllUnregisterServer 4 Exported Function
DllCanUnloadNow 1 Exported Function
DllGetClassObject 2 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: vbscript.dll
  • Product Name: Microsoft VBScript
  • Company Name: Microsoft Corporation
  • File Version: 5.812.10240.16384
  • Product Version: 5.812.10240.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/04f430d7751112d755cbf78431e28ed7f9c01cb6c1a89d033d6358926f826ccc/detection/

Possible Misuse

The following table contains possible examples of vbscript.dll being misused. While vbscript.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_scrcons_imageload_wmi_scripteventconsumer.yml - '\vbscript.dll' DRL 1.0
sigma image_load_wmic_remote_xsl_scripting_dlls.yml - '\vbscript.dll' DRL 1.0
sigma image_load_wmic_remote_xsl_scripting_dlls.yml - Apparently, wmic os get lastboottuptime loads vbscript.dll DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.