InfDefaultInstall.exe

  • File Path: C:\Windows\system32\InfDefaultInstall.exe
  • Description: INF Default Install

Screenshot

InfDefaultInstall.exe InfDefaultInstall.exe InfDefaultInstall.exe

Hashes

Type Hash
MD5 6E4ACBE95965D394FE042E1C0B5D7206
SHA1 4BB46BD42846A347C5DEB0479F692824846FC809
SHA256 84FCF22D7086A99B436BA4A39E61318881B8CA544D30D2E93412DAA49795D8C4
SHA384 8B309BE652F8383D9E01DA7C8564D018329371D1B7FDEB667E35994423AE239FA4B338AB8F006C60616C3255924A425A
SHA512 16B2CA778A6C710B681AC8051E1C722C45D5E21952967DC54696E7F505884BE3B707AE5092A7A8F07825AE157EC6F7866594D6B1660769673A662E6FC72C9CA5
SSDEEP 192:PY5Y0PDblClcp1IvCg+7RSBGzZzdBgW6U19wzs9aW/GW:PY5YUx4o1kCrNsGx7gWCzcaW/GW

Signature

  • Status: Signature verified.
  • Serial: 33000000BCE120FDD27CC8EE930000000000BC
  • Thumbprint: E85459B23C232DB3CB94C7A56D47678F58E8E51E
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: InfDefaultInstall.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 5.2.3668.0
  • Product Version: 5.2.3668.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\InfDefaultInstall.exe 49
C:\Windows\system32\InfDefaultInstall.exe 30
C:\Windows\system32\InfDefaultInstall.exe 29

Possible Misuse

The following table contains possible examples of InfDefaultInstall.exe being misused. While InfDefaultInstall.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
LOLBAS Infdefaultinstall.yml Name: Infdefaultinstall.exe  
LOLBAS Infdefaultinstall.yml - Command: InfDefaultInstall.exe Infdefaultinstall.inf  
LOLBAS Infdefaultinstall.yml - Path: C:\Windows\System32\Infdefaultinstall.exe  
LOLBAS Infdefaultinstall.yml - Path: C:\Windows\SysWOW64\Infdefaultinstall.exe  
atomic-red-team index.md - Atomic Test #4: InfDefaultInstall.exe .inf Execution [windows] MIT License. © 2018 Red Canary
atomic-red-team windows-index.md - Atomic Test #4: InfDefaultInstall.exe .inf Execution [windows] MIT License. © 2018 Red Canary
atomic-red-team T1218.md - Atomic Test #4 - InfDefaultInstall.exe .inf Execution MIT License. © 2018 Red Canary
atomic-red-team T1218.md ## Atomic Test #4 - InfDefaultInstall.exe .inf Execution MIT License. © 2018 Red Canary
atomic-red-team T1218.md Test execution of a .inf using InfDefaultInstall.exe MIT License. © 2018 Red Canary
atomic-red-team T1218.md Reference: https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/OSBinaries/Infdefaultinstall.yml MIT License. © 2018 Red Canary
atomic-red-team T1218.md | inf_to_execute | Local location of inf file | string | PathToAtomicsFolder\T1218\src\Infdefaultinstall.inf| MIT License. © 2018 Red Canary
atomic-red-team T1218.md InfDefaultInstall.exe #{inf_to_execute} MIT License. © 2018 Red Canary
atomic-red-team T1218.md Invoke-WebRequest “https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Infdefaultinstall.inf” -OutFile “#{inf_to_execute}” MIT License. © 2018 Red Canary

MIT License. Copyright (c) 2020-2021 Strontic.