Reason Labs

advapi32.dll

Advanced Windows 32 Base API

Microsoft Corporation

This is installed with Halo 2 for Windows Vista. It is included with the Windows 7 OS. The file has been seen being downloaded from topdll.ru.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Advanced Windows 32 Base API

 
Part of the Windows 7 Operating System

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
95e2376b3323f062eb562b8586d0f14a

SHA-1:
453d4c3bf4a489433b593420a37bbffb7749875a

SHA-256:
bd3fa8750123d00aa0967fba44372c46ea002681da9c9b77a4f9261553e26017

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/25/2019 9:52:10 AM UTC  (today)

File size:
625.5 KB (640,512 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
advapi32.dll.mui

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\windows\syswow64\advapi32.dll

File PE Metadata
Compilation timestamp:
11/20/2010 6:54:46 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
12288:DgE1ajRMckYyU5HecLnU6gW0QmldrmROFmAGNAebuMy4ICuJBabsoAk:f1eMckYn5HecLndgW0QmyHAebLtITJBO

Entry address:
0x149E5

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 0F, 84, 5B, C6, 00, 00, 5D, E9, 25, FF, FF, FF, 90, 90, 90, 90, 90, 8B, FF, 55, 8B, EC, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 02, FF, FF, FF, 88, 45, 13, 3C, 01, 75, 1A, 8B, 45, 0C, 53, 33, DB, 2B, C3, 56, 57, 0F, 84, 9D, 0E, 01, 00, 48, 0F, 84, 9D, CA, 00, 00, 5F, 5E, 5B, 8A, 45, 13, 5D, C2, 0C, 00, 90, 90, 00, 00, 00, 00, 1E, AB, E7, 4C, 00, 00, 00, 00, DA, 69, 01, 00, E8, 03, 00, 00, 26, 03, 00, 00, 25, 03, 00, 00, 64, 4A, 01, 00, FC, 56, 01, 00, 90, 63, 01, 00, E5...
 
[+]

Code size:
455.5 KB (466,432 bytes)

The file advapi32.dll has been seen being distributed by the following URL.

Clean
kernel32.dll  (f9ac70c562ba70dd7917e99b00ed6878531de66f)

Clean
kernelbase.dll  (90b069cbc93c701394b47d4e830cdd7d384f5d5c)

Clean
ntdll.dll  (3a2bae6036ff2d23309a7b93ab562494c50df236)

Clean
shlwapi.dll  (0ba38e91bf0e9d554e8dfea0ed6ea1214f9952a3)

Clean
gdi32.dll  (6a20fe18619dc46e379c42f12ed761749053cbf9)

Clean
user32.dll  (8b997b38e179cd03c0a2e87bddbc1ebca39a8630)

Clean
msvcrt.dll  (df2756c114ca2d3b2b16d459a93f285924a55202)

Clean
sechost.dll  (2ae4ea1e2f2248a86f0dd25a1cbf828b5496fa79)

Clean
rpcrt4.dll  (0a2886a248c8d157ba89f4d5296a0b30f1a6424c)

Clean
sspicli.dll  (fda5de62a80510b1e02dae814cd6caa0a8fa035f)

Clean
cryptbase.dll  (d5fefb6b6ab0591f28d878b2d05e301ddc7957ab)

Clean
lpk.dll  (769bd7c18f82272b110f3bad913b28b0f7401d09)

Clean
userenv.dll  (83d1722a35eb16b010d8c9f72c627e97d4642101)

Clean
PROFAPI.DLL  (263e8fbf77c0ceead0c9bca56394bffa4a664361)

Clean
VERSION.DLL  (a4f845318e095d841b05e1400747ee4c28e1f28e)

Clean
winmm.dll  (c53e005cd04d99331ce3114ac119256133202313)

Download Reason Core Security - Powerful anti-malware software