samlib.dll | SAM Library DLL Archived: 2026-04-05 19:09:04 UTC samlib.dllPermalink File Path: C:\Windows\SysWOW64\samlib.dll Description: SAM Library DLL HashesPermalink Type Hash MD5 0BDF6351009F6EBA5BA7E886F23263B1 SHA1 3EA88E1819546E538E050266CDE6AA4CDB22B2ED SHA256 328B221FF7E37C6F58EF341CEE533167E499A7239450088180662DEF162D7302 SHA384 80E341D31AEFC8B5641F8E0EC54E9E9350184844F7DA9D10F4A0A65CFE9AFB9EB2C5290F5626D1774278C62905039368 SHA512 8A09E07427DF858B6D587D9E0B5F9CC605CBFCCAAECDBB2C0D4EE02A4E7746321F54DCB84B6642C7A622A14A76C2445374AD24E234C5FBA81122 SSDEEP 1536:T7bzVo2O9ij5TA+BMzkHMvA/uvcx9VzT:P3V5OwDA7cxfz IMP E6A213B654988D6519F1E7E49085E263 PESHA1 A6E178DE3ACCF1C20889B0BAB3779972964B6548 PE256 0F1085F695367C9E756FC8919F55AECB392E75F23DA268ADE81BFD1EF03F548D DLL Exports:Permalink Function Name Ordinal Type SamQueryDisplayInformation 38 Exported Function SamQueryInformationAlias 39 Exported Function SamOpenUser 36 Exported Function SamPerformGenericOperation 37 Exported Function SamQueryInformationUser 42 Exported Function SamQueryLocalizableAccountsInDomain 43 Exported Function SamQueryInformationDomain 40 Exported Function SamQueryInformationGroup 41 Exported Function SamOpenGroup 35 Exported Function SamLookupDomainInSamServer 29 Exported Function SamLookupIdsInDomain 30 Exported Function SamiSetDSRMPasswordOWF 69 Exported Function SamiSyncDSRMPasswordFromAccount 70 Exported Function SamOpenAlias 33 Exported Function SamOpenDomain 34 Exported Function SamLookupNamesInDomain 32 Exported Function https://strontic.github.io/xcyclopedia/library/samlib.dll-0BDF6351009F6EBA5BA7E886F23263B1.html Page 1 of 4 Function Name Ordinal Type SamLookupNamesInDomain2 31 Exported Function SamQuerySecurityObject 44 Exported Function SamSetSecurityObject 56 Exported Function SamShutdownSamServer 57 Exported Function SamSetInformationUser 54 Exported Function SamSetMemberAttributesOfGroup 55 Exported Function SamUnregisterObjectChangeNotification 60 Exported Function SamValidatePassword 61 Exported Function SamTestPrivateFunctionsDomain 58 Exported Function SamTestPrivateFunctionsUser 59 Exported Function SamSetInformationGroup 53 Exported Function SamRemoveMemberFromForeignDomain 47 Exported Function SamRemoveMemberFromGroup 48 Exported Function SamRegisterObjectChangeNotification 45 Exported Function SamRemoveMemberFromAlias 46 Exported Function SamSetInformationAlias 51 Exported Function SamSetInformationDomain 52 Exported Function SamRemoveMultipleMembersFromAlias 49 Exported Function SamRidToSid 50 Exported Function SamCreateUser2InDomain 12 Exported Function SamCreateUserInDomain 13 Exported Function SamCreateAliasInDomain 10 Exported Function SamCreateGroupInDomain 11 Exported Function SamDeleteUser 16 Exported Function SamEnumerateAliasesInDomain 17 Exported Function SamDeleteAlias 14 Exported Function SamDeleteGroup 15 Exported Function SamConnectWithCreds 9 Exported Function SamAddMemberToGroup 3 Exported Function SamAddMultipleMembersToAlias 4 Exported Function OnMachineUILanguageInit 1 Exported Function SamAddMemberToAlias 2 Exported Function SamCloseHandle 7 Exported Function SamConnect 8 Exported Function SamChangePasswordUser 6 Exported Function https://strontic.github.io/xcyclopedia/library/samlib.dll-0BDF6351009F6EBA5BA7E886F23263B1.html Page 2 of 4 Function Name Ordinal Type SamChangePasswordUser2 5 Exported Function SamEnumerateDomainsInSamServer 18 Exported Function SamiChangePasswordUser 64 Exported Function SamiChangePasswordUser2 63 Exported Function SamGetMembersInGroup 28 Exported Function SamiChangeKeys 62 Exported Function SamiSetBootKeyInformation 67 Exported Function SamiSetDSRMPassword 68 Exported Function SamiEncryptPasswords 65 Exported Function SamiLmChangePasswordUser 66 Exported Function SamGetMembersInAlias 27 Exported Function SamEnumerateUsersInDomain2 20 Exported Function SamFreeMemory 22 Exported Function SamEnumerateGroupsInDomain 19 Exported Function SamEnumerateUsersInDomain 21 Exported Function SamGetDisplayEnumerationIndex 25 Exported Function SamGetGroupsForUser 26 Exported Function SamGetAliasMembership 23 Exported Function SamGetCompatibilityMode 24 Exported Function SignaturePermalink Status: Signature verified. Serial: 3300000266BD1580EFA75CD6D3000000000266 Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840 Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US Original Filename: SAMLib.DLL Product Name: Microsoft Windows Operating System Company Name: Microsoft Corporation File Version: 10.0.19041.1 (WinBuild.160101.0800) Product Version: 10.0.19041.1 Language: English (United States) Legal Copyright: Microsoft Corporation. All rights reserved. Machine Type: 32-bit File ScanPermalink VirusTotal Detections: 0/71 VirusTotal Link: https://www.virustotal.com/gui/file/328b221ff7e37c6f58ef341cee533167e499a7239450088180662def162d7302/detection/ Possible MisusePermalink https://strontic.github.io/xcyclopedia/library/samlib.dll-0BDF6351009F6EBA5BA7E886F23263B1.html Page 3 of 4 The following table contains possible examples of samlib.dll being misused. While samlib.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes. Source Source File Example License sigma image_load_mimikatz_inmemory_detection.yml - 'samlib.dll' DRL 1.0 sigma image_load_susp_image_load.yml description: Detects Loading of samlib.dll, WinSCard.dll from untypical process e.g. through process hollowing by Mimikatz DRL 1.0 sigma image_load_susp_image_load.yml - '\samlib.dll' DRL 1.0 atomic-red-team T1003.006.md
Adversaries may attempt to access credentials and other sensitive information by abusing a Windows Domain Controller’s application programming interface (API)(Citation: Microsoft DRSR Dec 2017) (Citation: Microsoft GetNCCChanges) (Citation: Samba DRSUAPI) (Citation: Wine API samlib.dll) to simulate the replication process from a remote domain controller using a technique called DCSync. MIT License. © 2018 Red Canary MIT License. Copyright (c) 2020-2021 Strontic. Source: https://strontic.github.io/xcyclopedia/library/samlib.dll-0BDF6351009F6EBA5BA7E886F23263B1.html https://strontic.github.io/xcyclopedia/library/samlib.dll-0BDF6351009F6EBA5BA7E886F23263B1.html Page 4 of 4