| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | WdfCoinstaller01011.dll |
| File Type: | PE32 executable (DLL) (console) Intel 80386, for MS Windows |
| SHA1: | 7ae2c22e9efff46b2c224dcce8bfb279084f5e0d |
| MD5: | 014f75442d1d7065a075ce6a22340938 |
| First Seen Date: | 2017-04-12 16:03:28.872222 ( ) |
| Number of Clients Seen: | 3 |
| Last Analysis Date: | 2017-04-15 19:23:47.381723 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| number of sections | 5 |
| compilation time stamp | 0x50109E9F [Thu Jul 26 01:34:23 2012 UTC] |
| LegalCopyright | \xa9 Microsoft Corporation. All rights reserved. |
| InternalName | WdfCoInstaller.dll |
| FileVersion | 1.11.9200.16384 (win8_rtm.120725-1247) |
| CompanyName | Microsoft Corporation |
| ProductName | Microsoft\xae Windows\xae Operating System |
| ProductVersion | 1.11.9200.16384 |
| FileDescription | WDF Coinstaller |
| OriginalFilename | WdfCoInstaller.dll |
| Translation | 0x0000 0x04b0 |
| entry point | 0x1000cab3 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 1634880 |
| sha256 | 1d30743070095c39416604d73b9e722821bf3171fc812d109f2895f87b264ca7 |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0xc0a1 | 0xc200 | 5.370074 | - |
| .data | 0xe000 | 0x44c8 | 0x200 | 0.835312[SUSPICIOUS] | - |
| .idata | 0x13000 | 0xb58 | 0xc00 | 5.795925 | - |
| .rsrc | 0x14000 | 0x17e170 | 0x17e200 | 7.999050[SUSPICIOUS] | - |
| .reloc | 0x193000 | 0x960 | 0xa00 | 5.534577 | - |
-
msvcrt.dll
- free
- _wtoi
- _wcsnicmp
- _amsg_exit
- malloc
- _ultow
- _XcptFilter
- _initterm
- _wcsicmp
- _except_handler4_common
- _vsnwprintf
- memcpy
- memset
-
SETUPAPI.dll
- SetupDiGetActualSectionToInstallW
- SetupLogErrorW
- SetupDiGetDeviceInstallParamsW
- CM_Set_DevNode_Problem_Ex
- SetupCloseInfFile
- SetupOpenInfFileW
- SetupCloseLog
- SetupDiSetDeviceInstallParamsW
- SetupOpenLog
- SetupDiGetDriverInfoDetailW
- SetupDiGetSelectedDriverW
- SetupGetStringFieldW
- SetupPromptReboot
- SetupFindFirstLineW
- SetupGetLineCountW
- SetupFindNextMatchLineW
-
KERNEL32.dll
- SetLastError
- GetCurrentProcess
- SetUnhandledExceptionFilter
- UnhandledExceptionFilter
- GetTickCount
- GetSystemTimeAsFileTime
- GetCurrentThreadId
- GetCurrentProcessId
- QueryPerformanceCounter
- VerSetConditionMask
- GetModuleHandleW
- GetVersionExW
- GetModuleFileNameW
- VerifyVersionInfoW
- GetLastError
- GetProcAddress
- GlobalFree
- LocalAlloc
- GetWindowsDirectoryW
- LocalFree
- FreeLibrary
- LoadLibraryW
- FindFirstFileW
- FindResourceW
- LoadResource
- CreateProcessW
- CreateDirectoryW
- WaitForSingleObject
- OutputDebugStringW
- WriteFile
- SizeofResource
- FormatMessageW
- GetExitCodeProcess
- TerminateProcess
- CreateFileW
- InterlockedCompareExchange
- FindClose
- GetLocalTime
- LockResource
- RemoveDirectoryW
- FindNextFileW
- CloseHandle
- DeleteFileW
- ExpandEnvironmentStringsW
- LoadLibraryExW
- Sleep
- InterlockedExchange
-
ADVAPI32.dll
- EventUnregister
- EventRegister
- QueryServiceConfigW
- ChangeServiceConfigW
- RegFlushKey
- RegSetValueExW
- RegCreateKeyExW
- RegCloseKey
- RegOpenKeyExW
- EventWrite
- QueryServiceStatusEx
- RegQueryValueExW
- OpenServiceW
- OpenSCManagerW
- DeleteService
- CloseServiceHandle
-
SHELL32.dll
- CommandLineToArgvW
-
USER32.dll
- IsCharAlphaNumericW
- LoadStringW
- IsCharAlphaW
-
SHLWAPI.dll
- PathFileExistsW
WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceInstallEx
WdfPreDeviceRemove
RT_RCDATA
RT_VERSION