wsock32.dll

  • File Path: C:\Windows\system32\wsock32.dll
  • Description: Windows Socket 32-Bit DLL

Hashes

Type Hash
MD5 7CA726D8C2D54C70B84B3CD492291EDA
SHA1 BD05C93210F10A639B875BB7A388C7729939D0A6
SHA256 F7F82E8B40DAED62E8E5741DCBA3E135873D9F28CA86FE3E5303B222FE4FB685
SHA384 EB30AA90B5940C1CD5315099FEF0F483B530710DCC8024E9162CC31BA48953DF5BA6E774D90152954383687766D8E3E3
SHA512 11507004DC8925BF3039372F9F66E2AEA719E5BA7809A5E44224444AD455D0C4748496DE526E4CD0E69607AC8DD628A4129DC2C8A1A14D9441AAD1377D38FD58
SSDEEP 192:7YEsyqyBQHTV7YwFTJcGQOjcooxA9D/EccQIW9KzW:lq5zVnVyGG2R2QIW8zW
IMP 9036420A1CD883AE2CF99A9CCD44DFB1
PESHA1 0D7E63663CEC235E3978271EB66E658EFE19F922
PE256 4AC651C5E25C8A0EED2675D7B99B9EEBD89168704406A13CE4D38F8CC5BF3F98

DLL Exports:

Function Name Ordinal Type
sethostname 1105 Exported Function
SetServiceA 1117 Exported Function
send 19 Exported Function
sendto 20 Exported Function
SetServiceW 1118 Exported Function
socket 23 Exported Function
TransmitFile 1140 Exported Function
setsockopt 21 Exported Function
shutdown 22 Exported Function
rcmd 1102 Exported Function
recv 16 Exported Function
ntohl 14 Exported Function
ntohs 15 Exported Function
recvfrom 17 Exported Function
s_perror 1108 Exported Function
select 18 Exported Function
rexec 1103 Exported Function
rresvport 1104 Exported Function
WEP 500 Exported Function
WSAIsBlocking 114 Exported Function
WSApSetPostRoutine 1000 Exported Function
WSACleanup 116 Exported Function
WSAGetLastError 111 Exported Function
WSARecvEx 1107 Exported Function
WSAStartup 115 Exported Function
WSAUnhookBlockingHook 110 Exported Function
WSASetBlockingHook 109 Exported Function
WSASetLastError 112 Exported Function
WSAAsyncGetProtoByName 105 Exported Function
WSAAsyncGetProtoByNumber 104 Exported Function
WSAAsyncGetHostByAddr 102 Exported Function
WSAAsyncGetHostByName 103 Exported Function
WSAAsyncGetServByName 107 Exported Function
WSACancelAsyncRequest 108 Exported Function
WSACancelBlockingCall 113 Exported Function
WSAAsyncGetServByPort 106 Exported Function
WSAAsyncSelect 101 Exported Function
NPLoadNameSpaces 1130 Exported Function
GetAddressByNameW 1110 Exported Function
gethostbyaddr 51 Exported Function
GetAcceptExSockaddrs 1142 Exported Function
GetAddressByNameA 1109 Exported Function
gethostbyname 52 Exported Function
GetNameByTypeW 1116 Exported Function
getnetbyname 1101 Exported Function
gethostname 57 Exported Function
GetNameByTypeA 1115 Exported Function
AcceptEx 1141 Exported Function
bind 2 Exported Function
__WSAFDIsSet 151 Exported Function
accept 1 Exported Function
closesocket 3 Exported Function
EnumProtocolsA 1111 Exported Function
EnumProtocolsW 1112 Exported Function
connect 4 Exported Function
dn_expand 1106 Exported Function
getpeername 5 Exported Function
htons 9 Exported Function
inet_addr 10 Exported Function
GetTypeByNameW 1114 Exported Function
htonl 8 Exported Function
inet_network 1100 Exported Function
listen 13 Exported Function
MigrateWinsockConfiguration 24 Exported Function
inet_ntoa 11 Exported Function
ioctlsocket 12 Exported Function
getservbyname 55 Exported Function
getservbyport 56 Exported Function
getprotobyname 53 Exported Function
getprotobynumber 54 Exported Function
GetServiceA 1119 Exported Function
getsockopt 7 Exported Function
GetTypeByNameA 1113 Exported Function
GetServiceW 1120 Exported Function
getsockname 6 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: wsock32.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/f7f82e8b40daed62e8e5741dcba3e135873d9f28ca86fe3e5303b222fe4fb685/detection/

Possible Misuse

The following table contains possible examples of wsock32.dll being misused. While wsock32.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_lazarus_jun18.yar $s2 = “Wsock32.dll” fullword ascii CC BY-NC 4.0
signature-base gen_cn_hacktools.yar $s5 = “WSOCK32.DLL” fullword ascii CC BY-NC 4.0
signature-base thor-hacktools.yar $x3 = “wsock32.dll” fullword ascii CC BY-NC 4.0
signature-base thor-webshells.yar $s0 = “WSOCK32.dll” CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.