ws2_32.dll

  • File Path: C:\Windows\SysWOW64\ws2_32.dll
  • Description: Windows Socket 2.0 32-Bit DLL

Hashes

Type Hash
MD5 9AB0235EC0B3AAC2A9E82C18B4677F89
SHA1 4C37FEA70289ADE6979915B8F718554EA5F80D63
SHA256 320BFDD2F6CC3C9215AAED1856FE381FBE63969E943895427A5A86FE373B3073
SHA384 07B277DB4DBF054D8E244DF219867108FB095AC69002BA73362101B9B32A51041C194B5F8BD785A5EC14CE4BFC3203F3
SHA512 A8BE3277F95AD759D95EE59C4B6B7DE290DBA2887C2CA7A97495BFC9494ADC52CB1C7ED60C00BDAF162795EF2684C19A752381EB3CFD622834AE54F51A915778
SSDEEP 12288:NDdOy/psISIHbl9f/mnmO/5Se7pRDNJOq3CuE:myRznmnp5SejNJJCuE
IMP EE5D442F1418DBA7B8404A20C0DBBA4F
PESHA1 DE9F01999CC48B1D3DA0E53DCD5027C5BC164A88
PE256 52FF05599BEC1D4D7728CE38AD04AE5320996FA1AEBCC2D3808C563116E9299B

DLL Exports:

Function Name Ordinal Type
WSAJoinLeaf 79 Exported Function
WSAIsBlocking 114 Exported Function
WSALookupServiceBeginA 80 Exported Function
WSALookupServiceEnd 82 Exported Function
WSALookupServiceBeginW 81 Exported Function
WSAIoctl 78 Exported Function
WSAHtonl 74 Exported Function
WSAGetServiceClassNameByClassIdW 73 Exported Function
WSAHtons 75 Exported Function
WSAInstallServiceClassW 77 Exported Function
WSAInstallServiceClassA 76 Exported Function
WSAProviderConfigChange 90 Exported Function
WSAProviderCompleteAsyncCall 89 Exported Function
WSApSetPostRoutine 24 Exported Function
WSARecvDisconnect 92 Exported Function
WSARecv 91 Exported Function
WSAPoll 88 Exported Function
WSALookupServiceNextW 84 Exported Function
WSALookupServiceNextA 83 Exported Function
WSANSPIoctl 85 Exported Function
WSANtohs 87 Exported Function
WSANtohl 86 Exported Function
WSAGetServiceClassNameByClassIdA 72 Exported Function
WSADuplicateSocketA 58 Exported Function
WSACreateEvent 50 Exported Function
WSADuplicateSocketW 59 Exported Function
WSAEnumNameSpaceProvidersExA 61 Exported Function
WSAEnumNameSpaceProvidersA 60 Exported Function
WSAConnectByNameW 49 Exported Function
WSACloseEvent 45 Exported Function
WSACleanup 116 Exported Function
WSAConnect 46 Exported Function
WSAConnectByNameA 48 Exported Function
WSAConnectByList 47 Exported Function
WSAGetOverlappedResult 68 Exported Function
WSAGetLastError 111 Exported Function
WSAGetQOSByName 69 Exported Function
WSAGetServiceClassInfoW 71 Exported Function
WSAGetServiceClassInfoA 70 Exported Function
WSAEventSelect 67 Exported Function
WSAEnumNameSpaceProvidersW 63 Exported Function
WSAEnumNameSpaceProvidersExW 62 Exported Function
WSAEnumNetworkEvents 64 Exported Function
WSAEnumProtocolsW 66 Exported Function
WSAEnumProtocolsA 65 Exported Function
WSCInstallNameSpaceEx 136 Exported Function
WSCInstallNameSpace 134 Exported Function
WSCInstallNameSpaceEx2 135 Exported Function
WSCInstallProviderAndChains 138 Exported Function
WSCInstallProvider 137 Exported Function
WSCGetProviderPath 133 Exported Function
WSCEnumProtocolsEx 129 Exported Function
WSCEnumProtocols 128 Exported Function
WSCGetApplicationCategory 130 Exported Function
WSCGetProviderInfo 132 Exported Function
WSCGetApplicationCategoryEx 131 Exported Function
WSCUpdateProviderEx 146 Exported Function
WSCUpdateProvider 145 Exported Function
WSCWriteNameSpaceOrder 147 Exported Function
WSCWriteProviderOrderEx 149 Exported Function
WSCWriteProviderOrder 148 Exported Function
WSCUnInstallNameSpaceEx2 144 Exported Function
WSCSetApplicationCategory 140 Exported Function
WSCInstallProviderEx 139 Exported Function
WSCSetApplicationCategoryEx 141 Exported Function
WSCUnInstallNameSpace 143 Exported Function
WSCSetProviderInfo 142 Exported Function
WSCEnableNSProvider 127 Exported Function
WSASetBlockingHook 109 Exported Function
WSASendTo 99 Exported Function
WSASetEvent 100 Exported Function
WSASetServiceA 117 Exported Function
WSASetLastError 112 Exported Function
WSASendMsg 98 Exported Function
WSARemoveServiceClass 94 Exported Function
WSARecvFrom 93 Exported Function
WSAResetEvent 95 Exported Function
WSASendDisconnect 97 Exported Function
WSASend 96 Exported Function
WSAUnhookBlockingHook 110 Exported Function
WSAUnadvertiseProvider 123 Exported Function
WSAWaitForMultipleEvents 124 Exported Function
WSCDeinstallProviderEx 126 Exported Function
WSCDeinstallProvider 125 Exported Function
WSAStringToAddressW 122 Exported Function
WSASocketA 119 Exported Function
WSASetServiceW 118 Exported Function
WSASocketW 120 Exported Function
WSAStringToAddressA 121 Exported Function
WSAStartup 115 Exported Function
inet_addr 11 Exported Function
htons 9 Exported Function
inet_ntoa 12 Exported Function
inet_pton 179 Exported Function
inet_ntop 178 Exported Function
htonl 8 Exported Function
getservbyname 55 Exported Function
getprotobynumber 54 Exported Function
getservbyport 56 Exported Function
getsockopt 7 Exported Function
getsockname 6 Exported Function
recvfrom 17 Exported Function
recv 16 Exported Function
select 18 Exported Function
sendto 20 Exported Function
send 19 Exported Function
ntohs 15 Exported Function
InetPtonW 36 Exported Function
InetNtopW 35 Exported Function
ioctlsocket 10 Exported Function
ntohl 14 Exported Function
listen 13 Exported Function
getprotobyname 53 Exported Function
FreeAddrInfoExW 26 Exported Function
FreeAddrInfoEx 25 Exported Function
FreeAddrInfoW 27 Exported Function
GetAddrInfoExA 28 Exported Function
getaddrinfo 176 Exported Function
freeaddrinfo 175 Exported Function
accept 1 Exported Function
__WSAFDIsSet 151 Exported Function
bind 2 Exported Function
connect 4 Exported Function
closesocket 3 Exported Function
GetHostNameW 33 Exported Function
gethostname 57 Exported Function
getnameinfo 177 Exported Function
getpeername 5 Exported Function
GetNameInfoW 34 Exported Function
gethostbyname 52 Exported Function
GetAddrInfoExOverlappedResult 30 Exported Function
GetAddrInfoExCancel 29 Exported Function
GetAddrInfoExW 31 Exported Function
gethostbyaddr 51 Exported Function
GetAddrInfoW 32 Exported Function
WPUCompleteOverlappedRequest 39 Exported Function
WEP 500 Exported Function
WPUGetProviderPathEx 40 Exported Function
WSAAddressToStringA 42 Exported Function
WSAAccept 41 Exported Function
WahWriteLSPEvent 174 Exported Function
WahQueueUserApc 170 Exported Function
WahOpenNotificationHandleHelper 169 Exported Function
WahReferenceContextByHandle 171 Exported Function
WahWaitForNotification 173 Exported Function
WahRemoveHandleContext 172 Exported Function
WSAAsyncGetServByPort 106 Exported Function
WSAAsyncGetServByName 107 Exported Function
WSAAsyncSelect 101 Exported Function
WSACancelBlockingCall 113 Exported Function
WSACancelAsyncRequest 108 Exported Function
WSAAsyncGetProtoByNumber 104 Exported Function
WSAAdvertiseProvider 44 Exported Function
WSAAddressToStringW 43 Exported Function
WSAAsyncGetHostByAddr 102 Exported Function
WSAAsyncGetProtoByName 105 Exported Function
WSAAsyncGetHostByName 103 Exported Function
WahOpenHandleHelper 168 Exported Function
WahCloseNotificationHandleHelper 153 Exported Function
WahCloseHandleHelper 152 Exported Function
WahCloseSocketHandle 154 Exported Function
WahCompleteRequest 156 Exported Function
WahCloseThread 155 Exported Function
WahCloseApcHelper 150 Exported Function
SetAddrInfoExW 38 Exported Function
SetAddrInfoExA 37 Exported Function
setsockopt 21 Exported Function
socket 23 Exported Function
shutdown 22 Exported Function
WahInsertHandleContext 164 Exported Function
WahEnumerateHandleContexts 163 Exported Function
WahNotifyAllProcesses 165 Exported Function
WahOpenCurrentThread 167 Exported Function
WahOpenApcHelper 166 Exported Function
WahEnableNonIFSHandleSupport 162 Exported Function
WahCreateNotificationHandle 158 Exported Function
WahCreateHandleContextTable 157 Exported Function
WahCreateSocketHandle 159 Exported Function
WahDisableNonIFSHandleSupport 161 Exported Function
WahDestroyHandleContextTable 160 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: ws2_32.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/66
  • VirusTotal Link: https://www.virustotal.com/gui/file/320bfdd2f6cc3c9215aaed1856fe381fbe63969e943895427a5a86fe373b3073/detection/

Possible Misuse

The following table contains possible examples of ws2_32.dll being misused. While ws2_32.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_darkhydrus.yar $s2 = “Ws2_32.dll” fullword ascii CC BY-NC 4.0
signature-base apt_hkdoor.yar pe.imports(“ws2_32.dll”, “WSAStartup”) and CC BY-NC 4.0
signature-base apt_hkdoor.yar pe.imports(“ws2_32.dll”, “sendto”) CC BY-NC 4.0
signature-base apt_passcv.yar $s2 = “WS2_32.dll” ascii CC BY-NC 4.0
signature-base apt_poisonivy_gen3.yar $s4 = “WS2_32.dll” fullword CC BY-NC 4.0
signature-base crime_cobaltgang.yar $s2 = “Incorrect version of WS2_32.dll found” fullword ascii CC BY-NC 4.0
signature-base crime_rombertik_carbongrabber.yar $s12 = “Ws2_32.dll” fullword ascii CC BY-NC 4.0
signature-base gen_metasploit_loader_rsmudge.yar $s4 = “ws2_32.dll is out of date.” fullword ascii CC BY-NC 4.0
signature-base gen_metasploit_payloads.yar $xs1 = “WS2_32.dll” ascii fullword CC BY-NC 4.0
signature-base thor-hacktools.yar $s4 = “WS2_32.DLL” fullword ascii CC BY-NC 4.0
signature-base thor-hacktools.yar $s4 = “WS2_32.DLL” ascii fullword CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.