InfDefaultInstall.exe
- File Path:
C:\Windows\SysWOW64\InfDefaultInstall.exe - Description: INF Default Install
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 85449C56339BFEF1AF92EA9E034D5D84 |
| SHA1 | C62BB2114365B82797045014EDF81B783B233766 |
| SHA256 | C9295D491E4359B89083AE73920E8F2A41A73D52D0C46DD2DBAF34FD645A4032 |
| SHA384 | D6F64C863C3C67E04989665DA5C9E49000A088FB2D4E47B792EF819D56ED5A92111AA9D42A5FE2892A7EE35DFB0CEA2A |
| SHA512 | 588700E20E0723124CBDC051974240567E6B4FDBF08F963B69592502E525EFD69D77C0D587814BD422C3915B21B27442529963F1FDACCEFFAEC198EDC0A22C88 |
| SSDEEP | 192:lAX7UYJHjXvWS72TYMDgABotwTOsZKW/GWL:4vXuS8YuqtJoKW/GWL |
Signature
- Status: Signature verified.
- Serial:
33000000BCE120FDD27CC8EE930000000000BC - Thumbprint:
E85459B23C232DB3CB94C7A56D47678F58E8E51E - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: InfDefaultInstall.EXE.MUI
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 5.2.3668.0
- Product Version: 5.2.3668.0
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
File Similarity (ssdeep match)
| File | Score |
|---|---|
| C:\WINDOWS\SysWOW64\InfDefaultInstall.exe | 32 |
| C:\Windows\SysWOW64\InfDefaultInstall.exe | 36 |
| C:\WINDOWS\SysWOW64\InfDefaultInstall.exe | 41 |
| C:\Windows\SysWOW64\InfDefaultInstall.exe | 41 |
Possible Misuse
The following table contains possible examples of InfDefaultInstall.exe being misused. While InfDefaultInstall.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | proc_creation_win_infdefaultinstall.yml | title: InfDefaultInstall.exe .inf Execution |
DRL 1.0 |
| sigma | proc_creation_win_infdefaultinstall.yml | - https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/OSBinaries/Infdefaultinstall.yml |
DRL 1.0 |
| sigma | proc_creation_win_infdefaultinstall.yml | - 'InfDefaultInstall.exe ' |
DRL 1.0 |
| LOLBAS | Infdefaultinstall.yml | Name: Infdefaultinstall.exe |
|
| LOLBAS | Infdefaultinstall.yml | - Command: InfDefaultInstall.exe Infdefaultinstall.inf |
|
| LOLBAS | Infdefaultinstall.yml | - Path: C:\Windows\System32\Infdefaultinstall.exe |
|
| LOLBAS | Infdefaultinstall.yml | - Path: C:\Windows\SysWOW64\Infdefaultinstall.exe |
|
| atomic-red-team | index.md | - Atomic Test #4: InfDefaultInstall.exe .inf Execution [windows] | MIT License. © 2018 Red Canary |
| atomic-red-team | windows-index.md | - Atomic Test #4: InfDefaultInstall.exe .inf Execution [windows] | MIT License. © 2018 Red Canary |
| atomic-red-team | T1218.md | - Atomic Test #4 - InfDefaultInstall.exe .inf Execution | MIT License. © 2018 Red Canary |
| atomic-red-team | T1218.md | ## Atomic Test #4 - InfDefaultInstall.exe .inf Execution | MIT License. © 2018 Red Canary |
| atomic-red-team | T1218.md | Test execution of a .inf using InfDefaultInstall.exe | MIT License. © 2018 Red Canary |
| atomic-red-team | T1218.md | Reference: https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/OSBinaries/Infdefaultinstall.yml | MIT License. © 2018 Red Canary |
| atomic-red-team | T1218.md | | inf_to_execute | Local location of inf file | String | PathToAtomicsFolder\T1218\src\Infdefaultinstall.inf| | MIT License. © 2018 Red Canary |
| atomic-red-team | T1218.md | InfDefaultInstall.exe #{inf_to_execute} | MIT License. © 2018 Red Canary |
| atomic-red-team | T1218.md | Invoke-WebRequest “https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Infdefaultinstall.inf” -OutFile “#{inf_to_execute}” | MIT License. © 2018 Red Canary |
MIT License. Copyright (c) 2020-2021 Strontic.