winhttp.dll

  • File Path: C:\Windows\system32\winhttp.dll
  • Description: Windows HTTP Services

Hashes

Type Hash
MD5 A2D07BB4089CA7BAD386A495CCA005A8
SHA1 556BC5828EA736A98A3CF34B4E32E7DC3DB1DD3C
SHA256 894620855200F91E24A663A5C0238F229ADC7D706CD4C1F321FE463B377FFB8A
SHA384 5FBDDE07B655FB06E43FECC93CBA8BE02311C4FED4EAED8EFA4BDF11866F88BD17437756449E2CACD9300290FE7D7641
SHA512 4F03D280A14940DD7D074350BE61DC501EE2347BCAC08090275AF65B62D35EF6A937F1AF17DDE552B0E48F829308C43BCCF19FC61B87626C4D645D0CBA862226
SSDEEP 24576:pzIjadNllCqMgbhBdQFXivwkZ5fZv9fyJWCmx2hsd2Cg8hdY:pzIjajrVdNBduXivwk/fZv9fyrmxHg8U
IMP FB30D488DB8FB750D0018816379C3A2B
PESHA1 156C3059EB4459C3FD14EBD02B22229FA4333E00
PE256 33AEF6DE37BE54B4D5C82C5B377ECE81563452E31EA0F572BBB5792C631F5E26

DLL Exports:

Function Name Ordinal Type
WinHttpReadData 47 Exported Function
WinHttpReadProxySettings 48 Exported Function
WinHttpQueryHeaders 45 Exported Function
WinHttpQueryOption 46 Exported Function
WinHttpResetAutoProxy 51 Exported Function
WinHttpSaveProxyCredentials 52 Exported Function
WinHttpReadProxySettingsHvsi 49 Exported Function
WinHttpReceiveResponse 50 Exported Function
WinHttpQueryDataAvailable 44 Exported Function
WinHttpGetTunnelSocket 39 Exported Function
WinHttpOpen 40 Exported Function
WinHttpGetProxyResultEx 37 Exported Function
WinHttpGetProxySettingsVersion 38 Exported Function
WinHttpProbeConnectivity 42 Exported Function
WinHttpQueryAuthSchemes 43 Exported Function
WinHttpOpenRequest 41 Exported Function
WinHttpPacJsWorkerMain 1 Exported Function
WinHttpWebSocketQueryCloseStatus 64 Exported Function
WinHttpWebSocketReceive 65 Exported Function
WinHttpWebSocketClose 62 Exported Function
WinHttpWebSocketCompleteUpgrade 63 Exported Function
WinHttpWriteData 68 Exported Function
WinHttpWriteProxySettings 69 Exported Function
WinHttpWebSocketSend 66 Exported Function
WinHttpWebSocketShutdown 67 Exported Function
WinHttpTimeToSystemTime 61 Exported Function
WinHttpSetDefaultProxyConfiguration 55 Exported Function
WinHttpSetOption 56 Exported Function
WinHttpSendRequest 53 Exported Function
WinHttpSetCredentials 54 Exported Function
WinHttpSetTimeouts 59 Exported Function
WinHttpTimeFromSystemTime 60 Exported Function
WinHttpSetProxySettingsPerUser 57 Exported Function
WinHttpSetStatusCallback 58 Exported Function
WinHttpGetProxyResult 36 Exported Function
WinHttpConnectionDeleteProxyInfo 13 Exported Function
WinHttpConnectionFreeNameList 14 Exported Function
WinHttpConnect 11 Exported Function
WinHttpConnectionDeletePolicyEntries 12 Exported Function
WinHttpConnectionGetNameList 17 Exported Function
WinHttpConnectionGetProxyInfo 18 Exported Function
WinHttpConnectionFreeProxyInfo 15 Exported Function
WinHttpConnectionFreeProxyList 16 Exported Function
WinHttpCloseHandle 10 Exported Function
Private1 4 Exported Function
SvchostPushServiceGlobals 5 Exported Function
DllCanUnloadNow 2 Exported Function
DllGetClassObject 3 Exported Function
WinHttpAutoProxySvcMain 8 Exported Function
WinHttpCheckPlatform 9 Exported Function
WinHttpAddRequestHeaders 6 Exported Function
WinHttpAddRequestHeadersEx 7 Exported Function
WinHttpGetDefaultProxyConfiguration 30 Exported Function
WinHttpGetIEProxyConfigForCurrentUser 31 Exported Function
WinHttpFreeProxyResultEx 28 Exported Function
WinHttpFreeProxySettings 29 Exported Function
WinHttpGetProxyForUrlEx2 34 Exported Function
WinHttpGetProxyForUrlHvsi 35 Exported Function
WinHttpGetProxyForUrl 32 Exported Function
WinHttpGetProxyForUrlEx 33 Exported Function
WinHttpFreeProxyResult 27 Exported Function
WinHttpConnectionSetProxyInfo 21 Exported Function
WinHttpConnectionUpdateIfIndexTable 22 Exported Function
WinHttpConnectionGetProxyList 19 Exported Function
WinHttpConnectionSetPolicyEntries 20 Exported Function
WinHttpCreateUrl 25 Exported Function
WinHttpDetectAutoProxyConfigUrl 26 Exported Function
WinHttpCrackUrl 23 Exported Function
WinHttpCreateProxyResolver 24 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: winhttp.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/894620855200f91e24a663a5c0238f229adc7d706cd4c1f321fe463b377ffb8a/detection/

Possible Misuse

The following table contains possible examples of winhttp.dll being misused. While winhttp.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc rtm winhttp.dll © ESET 2014-2018
signature-base apt_lazarus_jun18.yar $s1 = “Winhttp.dll” fullword ascii CC BY-NC 4.0
signature-base crime_icedid.yar $string6 = “WINHTTP.dll” fullword CC BY-NC 4.0
signature-base crime_ransom_darkside.yar $knownDLLs1 = “WINHTTP.dll” fullword CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.