Reason Labs

user32.dll

Multi-User Windows USER API Client DLL

Microsoft Corporation

The USER32 library provide API function for applications to create and manipulate the standard elements of the Windows user interface, such as the desktop, windows, and menus to perform operations such as creating and managing windows, receiving window messages, displaying text in a window, and displaying message boxes. It is installed with Windows 7. The file has been seen being downloaded from ftp2.tecnicon.com.br and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Multi-User Windows USER API Client DLL

 
Part of the Windows 7 (with Service Pack 1) Operating System

Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)

MD5:
5e0db2d8b2750543cd2ebb9ea8e6cdd3

SHA-1:
8b997b38e179cd03c0a2e87bddbc1ebca39a8630

SHA-256:
01eb95fa3943cf3c6b1a21e473a5c3cb9fcbce46913b15c96cac14e4f04075b4

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/25/2019 9:35:30 AM UTC  (today)

File size:
813.5 KB (833,024 bytes)

Product version:
6.1.7601.17514

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
user32

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\windows\syswow64\user32.dll

File PE Metadata
Compilation timestamp:
11/20/2010 7:08:57 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:rxlCaNt6z7RgnhVzQnaNoroE+KktJImrR1YNt35L+s5ENOeQiV1Li/kc:r6DlghyaNvXjYNPLeYeXV1i/k

Entry address:
0x1B6ED

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 0D, FF, 75, 10, 6A, 01, FF, 75, 08, E8, B7, 17, 00, 00, 5D, 90, 90, 90, 90, 90, 8B, FF, 55, 8B, EC, 81, EC, A4, 06, 00, 00, A1, 20, 07, CD, 7D, 33, C5, 89, 45, FC, 83, 7D, 0C, 01, 8B, 45, 08, 53, 56, 57, 89, 85, DC, FB, FF, FF, 0F, 85, 35, E9, FF, FF, 64, 8B, 0D, 18, 00, 00, 00, C7, 85, E0, FB, FF, FF, 40, 02, 00, 00, 8B, 49, 30, 8B, 99, D4, 01, 00, 00, 50, FF, 15, 68, 04, C6, 7D, 8B, 35, AC, 00, C6, 7D, 68, E0, 02, CD, 7D, FF, D6, 68, 20, 03, CD, 7D, 8B, F8, FF, D6...
 
[+]

Entropy:
6.3275

Code size:
435 KB (445,440 bytes)

The file user32.dll has been seen being distributed by the following URLs.

ftp://ftp2.tecnicon.com.br/darlan/.../user32.dll

Clean
kernel32.dll  (f9ac70c562ba70dd7917e99b00ed6878531de66f)

Clean
kernelbase.dll  (90b069cbc93c701394b47d4e830cdd7d384f5d5c)

Clean
ntdll.dll  (3a2bae6036ff2d23309a7b93ab562494c50df236)

Clean
shlwapi.dll  (0ba38e91bf0e9d554e8dfea0ed6ea1214f9952a3)

Clean
gdi32.dll  (6a20fe18619dc46e379c42f12ed761749053cbf9)

Clean
advapi32.dll  (453d4c3bf4a489433b593420a37bbffb7749875a)

Clean
msvcrt.dll  (df2756c114ca2d3b2b16d459a93f285924a55202)

Clean
sechost.dll  (2ae4ea1e2f2248a86f0dd25a1cbf828b5496fa79)

Clean
rpcrt4.dll  (0a2886a248c8d157ba89f4d5296a0b30f1a6424c)

Clean
sspicli.dll  (fda5de62a80510b1e02dae814cd6caa0a8fa035f)

Clean
cryptbase.dll  (d5fefb6b6ab0591f28d878b2d05e301ddc7957ab)

Clean
lpk.dll  (769bd7c18f82272b110f3bad913b28b0f7401d09)

Clean
userenv.dll  (83d1722a35eb16b010d8c9f72c627e97d4642101)

Clean
PROFAPI.DLL  (263e8fbf77c0ceead0c9bca56394bffa4a664361)

Clean
VERSION.DLL  (a4f845318e095d841b05e1400747ee4c28e1f28e)

Clean
winmm.dll  (c53e005cd04d99331ce3114ac119256133202313)

Download Reason Core Security - Powerful anti-malware software