vbscript.dll

  • File Path: C:\Windows\system32\vbscript.dll
  • Description: Microsoft VBScript

Hashes

Type Hash
MD5 A5D721307A45F46C4A2F6D1FC9C4FA57
SHA1 2A4686D8CBB55ACD3D7CEC82A287BD220024E648
SHA256 3527C832300CFCB9B9B4E2893C53BE979790925B2E5AC7CA21E2EF788F10A9F8
SHA384 7291D409FD64DA1AA5EEAEC973C70E83205E3B9AD3E83E118177998E8A62A39DC1791A5F049F614FA2B4A6CFA11717A2
SHA512 4BF4855D084EDC559590B6FD7D9DDDF437F2C40E5CBE80941677115CE33A926D20AF80BD7820A59C75D1836F4E7B2835C546CCCB75B848ED89625D2030050884
SSDEEP 6144:rZXcT+CYnI+LQADzpB4clQ2ddm2/As4mOg8aH4zLOl0e7aNIStr25BeUeXZLyi6f:tXPBQAr42rm+Asv8El0eqjqJ+eicn
IMP 799391BCF07FFB8DD16158744274524B
PESHA1 4A6C2813235FC279B960BF6505F32A08A278BEFD
PE256 2A95C73CF8F6E720BBF992C1B3ACF5E32954F9619D7642E776D335E11625B5B7

DLL Exports:

Function Name Ordinal Type
DllRegisterServer 3 Exported Function
DllUnregisterServer 4 Exported Function
DllCanUnloadNow 1 Exported Function
DllGetClassObject 2 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: vbscript.dll.mui
  • Product Name: Microsoft VBScript
  • Company Name: Microsoft Corporation
  • File Version: 5.812.10240.16384
  • Product Version: 5.812.10240.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/3527c832300cfcb9b9b4e2893c53be979790925b2e5ac7ca21e2ef788f10a9f8/detection/

Possible Misuse

The following table contains possible examples of vbscript.dll being misused. While vbscript.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_scrcons_imageload_wmi_scripteventconsumer.yml - '\vbscript.dll' DRL 1.0
sigma image_load_wmic_remote_xsl_scripting_dlls.yml - '\vbscript.dll' DRL 1.0
sigma image_load_wmic_remote_xsl_scripting_dlls.yml - Apparently, wmic os get lastboottuptime loads vbscript.dll DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.