EditionUpgradeManagerObj.dll

  • File Path: C:\Windows\SysWOW64\EditionUpgradeManagerObj.dll
  • Description: Get your Windows license

Hashes

Type Hash
MD5 33DD3FFFBB152DA42E6A04B25D1F96A6
SHA1 8A0AA0F9C5AE88767DF64F060660F0CDEC672A58
SHA256 50809D38EC6F8F4977FC7E05A6CB13541DC762BF6AB8AA0DE9C53477CC4DD5CA
SHA384 F2B17FF2A5837FEB080844CAF8DF3A3077EC88B39C2AF84C8EF4945D6CD61E75CB037F04E4D553550A90C56B7CF13CF6
SHA512 6824EC7FED8791C04F161A9597BCC98BD5C41161D2D80A7E0914FF911DE7C405AB063288C3FB93D74AFB58B800F23478F8EE798296FDA5267C80F95BB62D5174
SSDEEP 3072:VwHvkKI0sZiGOe4kljb0BbZP2C0BbZr0BbZq6y4+xkUDuDz6jSXPNIc7uUr3IfjV:MPIj4+x8IfjQGk4mOt
IMP 3F2922B3CA8224A6668475DE0E11C20E
PESHA1 5D5102748A5FF7629C60D988C77BDE7E39C145B3
PE256 298B2D561F5ECABC318A8FB5DB4058E0D7F5F321F74D3D8FEFFC4FB30E49A888

DLL Exports:

Function Name Ordinal Type
DllRegisterServer 3 Exported Function
DllUnregisterServer 4 Exported Function
DllCanUnloadNow 1 Exported Function
DllGetClassObject 2 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: EditionUpgradeManagerObj.DLL
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.488 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.488
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/50809d38ec6f8f4977fc7e05a6cb13541dc762bf6ab8aa0de9c53477cc4dd5ca/detection/

Possible Misuse

The following table contains possible examples of EditionUpgradeManagerObj.dll being misused. While EditionUpgradeManagerObj.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_access_win_load_undocumented_autoelevated_com_interface.yml CallTrace\|contains: 'editionupgrademanagerobj.dll' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.