EditionUpgradeManagerObj.dll

  • File Path: C:\Windows\system32\EditionUpgradeManagerObj.dll
  • Description: Get your Windows license

Hashes

Type Hash
MD5 DFC490A1DCA97E7F14BCFEB8557EABA1
SHA1 02A2E8457FA0DD05B4E29745D0FB1C9A268D7E75
SHA256 22191480043634F202BBCCFA035BD03B13DB511CC44B465FFEC58D4EE8FBD69E
SHA384 7D45851C8C51E10D8ED76B60F55290D57D332950B948BE09A8BD171759F21022E7A1FC18C1E1ADC582C55B931BA830C6
SHA512 B9CF288D9101F626E2F08EF474980F2DC41072F32528FCEFE12EC056F56BBD6C0FDF8B7359EBFE712B46CD0A765BDDEDE016ED36BB7B6F349F3D181AD2E04226
SSDEEP 6144:TFxoHP3rlrJEaF2XTKSSCRK+GBxByWUAMuz7DSmF:TFxov3rjEaF5SRRDGB39F
IMP 8ECCA348E99EA02C33DD8612FCDC1F45
PESHA1 58CCDDDA6191753E59CB394A799042281DB1C4E0
PE256 D6D817463025C3A16AE692969466FEAAFE11FB36AE8051E8E7422317D7EEA192

DLL Exports:

Function Name Ordinal Type
DllRegisterServer 3 Exported Function
DllUnregisterServer 4 Exported Function
DllCanUnloadNow 1 Exported Function
DllGetClassObject 2 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: EditionUpgradeManagerObj.DLL.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/22191480043634f202bbccfa035bd03b13db511cc44b465ffec58d4ee8fbd69e/detection/

Possible Misuse

The following table contains possible examples of EditionUpgradeManagerObj.dll being misused. While EditionUpgradeManagerObj.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_access_win_load_undocumented_autoelevated_com_interface.yml CallTrace\|contains: 'editionupgrademanagerobj.dll' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.