InfDefaultInstall.exe

  • File Path: C:\windows\SysWOW64\InfDefaultInstall.exe
  • Description: INF Default Install

Screenshot

InfDefaultInstall.exe InfDefaultInstall.exe InfDefaultInstall.exe

Hashes

Type Hash
MD5 5EC06358941CB2D40FD7963A664BE507
SHA1 B8065E1529F71F9D24A371F4124CD92F8D7D7E0F
SHA256 134E40391E97A3BA5FE6E3B2433A430FCE46D2A678FE2CFD15E48AF59428A375
SHA384 F00D62D439E0179E721E4E04AB0748D5DAC87F450ECE16E05DFC54A02CE965D947F0899C56E30CDC45A206C7081BEB05
SHA512 1AD2BB85950ACFA8DC7A80A51199956765F5FE9C3C95F3216ED84D2D36577644E380402C8CD9C287A60F177B58EAA177894A5569696ECD7ED12119B463B3DDFB
SSDEEP 192:+RFuZKVKXWpbTmbGnBnvwO+EbGZ10FPsBW/GWZ:gdwXWBmeD/bGAdaW/GWZ

Signature

  • Status: The file C:\windows\SysWOW64\InfDefaultInstall.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: InfDefaultInstall.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 5.2.3668.0
  • Product Version: 5.2.3668.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of InfDefaultInstall.exe being misused. While InfDefaultInstall.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_infdefaultinstall.yml title: InfDefaultInstall.exe .inf Execution DRL 1.0
sigma proc_creation_win_infdefaultinstall.yml - https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/OSBinaries/Infdefaultinstall.yml DRL 1.0
sigma proc_creation_win_infdefaultinstall.yml - 'InfDefaultInstall.exe ' DRL 1.0
LOLBAS Infdefaultinstall.yml Name: Infdefaultinstall.exe  
LOLBAS Infdefaultinstall.yml - Command: InfDefaultInstall.exe Infdefaultinstall.inf  
LOLBAS Infdefaultinstall.yml - Path: C:\Windows\System32\Infdefaultinstall.exe  
LOLBAS Infdefaultinstall.yml - Path: C:\Windows\SysWOW64\Infdefaultinstall.exe  
atomic-red-team index.md - Atomic Test #4: InfDefaultInstall.exe .inf Execution [windows] MIT License. © 2018 Red Canary
atomic-red-team windows-index.md - Atomic Test #4: InfDefaultInstall.exe .inf Execution [windows] MIT License. © 2018 Red Canary
atomic-red-team T1218.md - Atomic Test #4 - InfDefaultInstall.exe .inf Execution MIT License. © 2018 Red Canary
atomic-red-team T1218.md ## Atomic Test #4 - InfDefaultInstall.exe .inf Execution MIT License. © 2018 Red Canary
atomic-red-team T1218.md Test execution of a .inf using InfDefaultInstall.exe MIT License. © 2018 Red Canary
atomic-red-team T1218.md Reference: https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/OSBinaries/Infdefaultinstall.yml MIT License. © 2018 Red Canary
atomic-red-team T1218.md | inf_to_execute | Local location of inf file | String | PathToAtomicsFolder\T1218\src\Infdefaultinstall.inf| MIT License. © 2018 Red Canary
atomic-red-team T1218.md InfDefaultInstall.exe #{inf_to_execute} MIT License. © 2018 Red Canary
atomic-red-team T1218.md Invoke-WebRequest “https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Infdefaultinstall.inf” -OutFile “#{inf_to_execute}” MIT License. © 2018 Red Canary

MIT License. Copyright (c) 2020-2021 Strontic.