ws2_32.dll

  • File Path: C:\Windows\system32\ws2_32.dll
  • Description: Windows Socket 2.0 32-Bit DLL

Hashes

Type Hash
MD5 F1FAFC04216614EC5C7B8C6A82394DFD
SHA1 5B6966D9AF7BCF687AAB982C26EFE1C2ADFAFF18
SHA256 7E412388C871F5F1D1651DA11689EB82A7E4C5785409EC2753CFC4BE484D910E
SHA384 A2F34C43698A4070AE3FF7C5D6081DBE62F80AFA2B983EE385A56021138B70032D65A53B34A976C4099B9A98002564BD
SHA512 0828267F5036B105982B2FC351C1C40D06AE4853ACE76F131DC44D8DEC0F9281B4FECAB52CE273E2D9DE06B95B8CE47AF093689B9F9304DE3577D47A3853F599
SSDEEP 6144:0LYcepnIinzqyUMCLJ16iYRrKWr3GIIGepi6/GDQez5NzLJpyM7BVl7+jBSEYdRU:5d+iiYxKdns6+Dl5NpdqmU
IMP 6EEE61EF7874AA59D1A3452C72E61D5C
PESHA1 04EF876B1BDAA9CB1C6364C432DFFCBC7C2E8485
PE256 F72DEA1BF4F816431E0085042E192D103AFA8A634D7ED19C5B3456D8D900085E

DLL Exports:

Function Name Ordinal Type
WSAProviderCompleteAsyncCall 89 Exported Function
WSAPoll 88 Exported Function
WSANtohs 87 Exported Function
WSARecv 91 Exported Function
WSApSetPostRoutine 24 Exported Function
WSAProviderConfigChange 90 Exported Function
WSALookupServiceNextA 83 Exported Function
WSALookupServiceEnd 82 Exported Function
WSALookupServiceBeginW 81 Exported Function
WSANtohl 86 Exported Function
WSANSPIoctl 85 Exported Function
WSALookupServiceNextW 84 Exported Function
WSASetBlockingHook 109 Exported Function
WSASendTo 99 Exported Function
WSASendMsg 98 Exported Function
WSASetServiceA 117 Exported Function
WSASetLastError 112 Exported Function
WSASetEvent 100 Exported Function
WSARemoveServiceClass 94 Exported Function
WSARecvFrom 93 Exported Function
WSARecvDisconnect 92 Exported Function
WSASendDisconnect 97 Exported Function
WSASend 96 Exported Function
WSAResetEvent 95 Exported Function
WSAEventSelect 67 Exported Function
WSAEnumProtocolsW 66 Exported Function
WSAEnumProtocolsA 65 Exported Function
WSAGetQOSByName 69 Exported Function
WSAGetOverlappedResult 68 Exported Function
WSAGetLastError 111 Exported Function
WSAEnumNameSpaceProvidersExA 61 Exported Function
WSAEnumNameSpaceProvidersA 60 Exported Function
WSADuplicateSocketW 59 Exported Function
WSAEnumNetworkEvents 64 Exported Function
WSAEnumNameSpaceProvidersW 63 Exported Function
WSAEnumNameSpaceProvidersExW 62 Exported Function
WSAIoctl 78 Exported Function
WSAInstallServiceClassW 77 Exported Function
WSAInstallServiceClassA 76 Exported Function
WSALookupServiceBeginA 80 Exported Function
WSAJoinLeaf 79 Exported Function
WSAIsBlocking 114 Exported Function
WSAGetServiceClassNameByClassIdA 72 Exported Function
WSAGetServiceClassInfoW 71 Exported Function
WSAGetServiceClassInfoA 70 Exported Function
WSAHtons 75 Exported Function
WSAHtonl 74 Exported Function
WSAGetServiceClassNameByClassIdW 73 Exported Function
WSASetServiceW 118 Exported Function
WSCInstallProviderEx 149 Exported Function
WSCInstallProviderAndChains64_32 148 Exported Function
WSCInstallProvider64_32 147 Exported Function
WSCSetProviderInfo 153 Exported Function
WSCSetApplicationCategoryEx 152 Exported Function
WSCSetApplicationCategory 150 Exported Function
WSCInstallNameSpaceEx 143 Exported Function
WSCInstallNameSpace32 142 Exported Function
WSCInstallNameSpace 141 Exported Function
WSCInstallProvider 146 Exported Function
WSCInstallNameSpaceEx32 145 Exported Function
WSCInstallNameSpaceEx2 144 Exported Function
WSCWriteNameSpaceOrder32 162 Exported Function
WSCWriteNameSpaceOrder 161 Exported Function
WSCUpdateProviderEx 160 Exported Function
WSCWriteProviderOrderEx 165 Exported Function
WSCWriteProviderOrder32 164 Exported Function
WSCWriteProviderOrder 163 Exported Function
WSCUnInstallNameSpace32 156 Exported Function
WSCUnInstallNameSpace 155 Exported Function
WSCSetProviderInfo32 154 Exported Function
WSCUpdateProvider32 159 Exported Function
WSCUpdateProvider 158 Exported Function
WSCUnInstallNameSpaceEx2 157 Exported Function
WSCDeinstallProvider 125 Exported Function
WSAWaitForMultipleEvents 124 Exported Function
WSAUnhookBlockingHook 110 Exported Function
WSCEnableNSProvider 128 Exported Function
WSCDeinstallProviderEx 127 Exported Function
WSCDeinstallProvider32 126 Exported Function
WSAStartup 115 Exported Function
WSASocketW 120 Exported Function
WSASocketA 119 Exported Function
WSAUnadvertiseProvider 123 Exported Function
WSAStringToAddressW 122 Exported Function
WSAStringToAddressA 121 Exported Function
WSCGetProviderInfo 137 Exported Function
WSCGetApplicationCategoryEx 136 Exported Function
WSCGetApplicationCategory 135 Exported Function
WSCGetProviderPath32 140 Exported Function
WSCGetProviderPath 139 Exported Function
WSCGetProviderInfo32 138 Exported Function
WSCEnumNameSpaceProvidersEx32 131 Exported Function
WSCEnumNameSpaceProviders32 130 Exported Function
WSCEnableNSProvider32 129 Exported Function
WSCEnumProtocolsEx 134 Exported Function
WSCEnumProtocols32 133 Exported Function
WSCEnumProtocols 132 Exported Function
WSADuplicateSocketA 58 Exported Function
inet_ntop 193 Exported Function
inet_ntoa 12 Exported Function
inet_addr 11 Exported Function
InetPtonW 36 Exported Function
InetNtopW 35 Exported Function
inet_pton 194 Exported Function
getsockname 6 Exported Function
getservbyport 56 Exported Function
getservbyname 55 Exported Function
htons 9 Exported Function
htonl 8 Exported Function
getsockopt 7 Exported Function
sendto 20 Exported Function
send 19 Exported Function
select 18 Exported Function
setsockopt 21 Exported Function
SetAddrInfoExW 38 Exported Function
SetAddrInfoExA 37 Exported Function
ntohl 14 Exported Function
listen 13 Exported Function
ioctlsocket 10 Exported Function
recvfrom 17 Exported Function
recv 16 Exported Function
ntohs 15 Exported Function
FreeAddrInfoW 27 Exported Function
FreeAddrInfoExW 26 Exported Function
FreeAddrInfoEx 25 Exported Function
GetAddrInfoExCancel 29 Exported Function
GetAddrInfoExA 28 Exported Function
getaddrinfo 191 Exported Function
bind 2 Exported Function
accept 1 Exported Function
__WSAFDIsSet 151 Exported Function
freeaddrinfo 190 Exported Function
connect 4 Exported Function
closesocket 3 Exported Function
GetNameInfoW 34 Exported Function
getnameinfo 192 Exported Function
GetHostNameW 33 Exported Function
getprotobynumber 54 Exported Function
getprotobyname 53 Exported Function
getpeername 5 Exported Function
GetAddrInfoW 32 Exported Function
GetAddrInfoExW 31 Exported Function
GetAddrInfoExOverlappedResult 30 Exported Function
gethostname 57 Exported Function
gethostbyname 52 Exported Function
gethostbyaddr 51 Exported Function
shutdown 22 Exported Function
WSAAsyncGetHostByAddr 102 Exported Function
WSAAdvertiseProvider 44 Exported Function
WSAAddressToStringW 43 Exported Function
WSAAsyncGetProtoByNumber 104 Exported Function
WSAAsyncGetProtoByName 105 Exported Function
WSAAsyncGetHostByName 103 Exported Function
WPUCompleteOverlappedRequest 39 Exported Function
WEP 500 Exported Function
WahWriteLSPEvent 189 Exported Function
WSAAddressToStringA 42 Exported Function
WSAAccept 41 Exported Function
WPUGetProviderPathEx 40 Exported Function
WSAConnectByList 47 Exported Function
WSAConnect 46 Exported Function
WSACloseEvent 45 Exported Function
WSACreateEvent 50 Exported Function
WSAConnectByNameW 49 Exported Function
WSAConnectByNameA 48 Exported Function
WSAAsyncSelect 101 Exported Function
WSAAsyncGetServByPort 106 Exported Function
WSAAsyncGetServByName 107 Exported Function
WSACleanup 116 Exported Function
WSACancelBlockingCall 113 Exported Function
WSACancelAsyncRequest 108 Exported Function
WahCreateNotificationHandle 173 Exported Function
WahCreateHandleContextTable 172 Exported Function
WahCompleteRequest 171 Exported Function
WahDisableNonIFSHandleSupport 176 Exported Function
WahDestroyHandleContextTable 175 Exported Function
WahCreateSocketHandle 174 Exported Function
WahCloseHandleHelper 167 Exported Function
WahCloseApcHelper 166 Exported Function
socket 23 Exported Function
WahCloseThread 170 Exported Function
WahCloseSocketHandle 169 Exported Function
WahCloseNotificationHandleHelper 168 Exported Function
WahQueueUserApc 185 Exported Function
WahOpenNotificationHandleHelper 184 Exported Function
WahOpenHandleHelper 183 Exported Function
WahWaitForNotification 188 Exported Function
WahRemoveHandleContext 187 Exported Function
WahReferenceContextByHandle 186 Exported Function
WahInsertHandleContext 179 Exported Function
WahEnumerateHandleContexts 178 Exported Function
WahEnableNonIFSHandleSupport 177 Exported Function
WahOpenCurrentThread 182 Exported Function
WahOpenApcHelper 181 Exported Function
WahNotifyAllProcesses 180 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: ws2_32.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/7e412388c871f5f1d1651da11689eb82a7e4c5785409ec2753cfc4be484d910e/detection/

Possible Misuse

The following table contains possible examples of ws2_32.dll being misused. While ws2_32.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_darkhydrus.yar $s2 = “Ws2_32.dll” fullword ascii CC BY-NC 4.0
signature-base apt_hkdoor.yar pe.imports(“ws2_32.dll”, “WSAStartup”) and CC BY-NC 4.0
signature-base apt_hkdoor.yar pe.imports(“ws2_32.dll”, “sendto”) CC BY-NC 4.0
signature-base apt_passcv.yar $s2 = “WS2_32.dll” ascii CC BY-NC 4.0
signature-base apt_poisonivy_gen3.yar $s4 = “WS2_32.dll” fullword CC BY-NC 4.0
signature-base crime_cobaltgang.yar $s2 = “Incorrect version of WS2_32.dll found” fullword ascii CC BY-NC 4.0
signature-base crime_rombertik_carbongrabber.yar $s12 = “Ws2_32.dll” fullword ascii CC BY-NC 4.0
signature-base gen_metasploit_loader_rsmudge.yar $s4 = “ws2_32.dll is out of date.” fullword ascii CC BY-NC 4.0
signature-base gen_metasploit_payloads.yar $xs1 = “WS2_32.dll” ascii fullword CC BY-NC 4.0
signature-base thor-hacktools.yar $s4 = “WS2_32.DLL” fullword ascii CC BY-NC 4.0
signature-base thor-hacktools.yar $s4 = “WS2_32.DLL” ascii fullword CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.