wsock32.dll

  • File Path: C:\Windows\SysWOW64\wsock32.dll
  • Description: Windows Socket 32-Bit DLL

Hashes

Type Hash
MD5 8AFEEDA0F4402A363E9BBE612270554A
SHA1 914B13BAD274B66743C019B6FC1240C9E25E6959
SHA256 3C6F947118F434BC2070E90BE7FC487FD413A02F58296F17024915873D15C4F8
SHA384 F34813ECA97D8C5B464C63E795876298E7FE30CD06168660BBF8C28B4DB0F9279F78E60D21E143459CC6039291FC6E66
SHA512 960221DC925F39078F180943BF4C00E8256369EF6FC0317B65C033A5438E4F1649610941D5976B3A38EDA5BE43E7E6B31F922D645CF92C2FF0BBA306E00659FA
SSDEEP 192:Dgd7wwT0Mgd1tBP0hrcoox74EccQ4W9KzWU:eT0Mq1/0odDQ4W8zW
IMP A19CFAB1A21C41E96EFE91202CA2074F
PESHA1 B50796C637368C42481EADB637082883DB484266
PE256 AD7AA2932369790B6BFE7349D25E215446253C642E855935C0092E0261EA6AED

DLL Exports:

Function Name Ordinal Type
sethostname 1105 Exported Function
SetServiceA 1117 Exported Function
send 19 Exported Function
sendto 20 Exported Function
SetServiceW 1118 Exported Function
socket 23 Exported Function
TransmitFile 1140 Exported Function
setsockopt 21 Exported Function
shutdown 22 Exported Function
rcmd 1102 Exported Function
recv 16 Exported Function
ntohl 14 Exported Function
ntohs 15 Exported Function
recvfrom 17 Exported Function
s_perror 1108 Exported Function
select 18 Exported Function
rexec 1103 Exported Function
rresvport 1104 Exported Function
WEP 500 Exported Function
WSAIsBlocking 114 Exported Function
WSApSetPostRoutine 1000 Exported Function
WSACleanup 116 Exported Function
WSAGetLastError 111 Exported Function
WSARecvEx 1107 Exported Function
WSAStartup 115 Exported Function
WSAUnhookBlockingHook 110 Exported Function
WSASetBlockingHook 109 Exported Function
WSASetLastError 112 Exported Function
WSAAsyncGetProtoByName 105 Exported Function
WSAAsyncGetProtoByNumber 104 Exported Function
WSAAsyncGetHostByAddr 102 Exported Function
WSAAsyncGetHostByName 103 Exported Function
WSAAsyncGetServByName 107 Exported Function
WSACancelAsyncRequest 108 Exported Function
WSACancelBlockingCall 113 Exported Function
WSAAsyncGetServByPort 106 Exported Function
WSAAsyncSelect 101 Exported Function
NPLoadNameSpaces 1130 Exported Function
GetAddressByNameW 1110 Exported Function
gethostbyaddr 51 Exported Function
GetAcceptExSockaddrs 1142 Exported Function
GetAddressByNameA 1109 Exported Function
gethostbyname 52 Exported Function
GetNameByTypeW 1116 Exported Function
getnetbyname 1101 Exported Function
gethostname 57 Exported Function
GetNameByTypeA 1115 Exported Function
AcceptEx 1141 Exported Function
bind 2 Exported Function
__WSAFDIsSet 151 Exported Function
accept 1 Exported Function
closesocket 3 Exported Function
EnumProtocolsA 1111 Exported Function
EnumProtocolsW 1112 Exported Function
connect 4 Exported Function
dn_expand 1106 Exported Function
getpeername 5 Exported Function
htons 9 Exported Function
inet_addr 10 Exported Function
GetTypeByNameW 1114 Exported Function
htonl 8 Exported Function
inet_network 1100 Exported Function
listen 13 Exported Function
MigrateWinsockConfiguration 24 Exported Function
inet_ntoa 11 Exported Function
ioctlsocket 12 Exported Function
getservbyname 55 Exported Function
getservbyport 56 Exported Function
getprotobyname 53 Exported Function
getprotobynumber 54 Exported Function
GetServiceA 1119 Exported Function
getsockopt 7 Exported Function
GetTypeByNameA 1113 Exported Function
GetServiceW 1120 Exported Function
getsockname 6 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: wsock32.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/3c6f947118f434bc2070e90be7fc487fd413a02f58296f17024915873d15c4f8/detection/

Possible Misuse

The following table contains possible examples of wsock32.dll being misused. While wsock32.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_lazarus_jun18.yar $s2 = “Wsock32.dll” fullword ascii CC BY-NC 4.0
signature-base gen_cn_hacktools.yar $s5 = “WSOCK32.DLL” fullword ascii CC BY-NC 4.0
signature-base thor-hacktools.yar $x3 = “wsock32.dll” fullword ascii CC BY-NC 4.0
signature-base thor-webshells.yar $s0 = “WSOCK32.dll” CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.