InfDefaultInstall.exe

  • File Path: C:\Windows\SysWOW64\InfDefaultInstall.exe
  • Description: INF Default Install

Screenshot

InfDefaultInstall.exe InfDefaultInstall.exe InfDefaultInstall.exe

Hashes

Type Hash
MD5 85449C56339BFEF1AF92EA9E034D5D84
SHA1 C62BB2114365B82797045014EDF81B783B233766
SHA256 C9295D491E4359B89083AE73920E8F2A41A73D52D0C46DD2DBAF34FD645A4032
SHA384 D6F64C863C3C67E04989665DA5C9E49000A088FB2D4E47B792EF819D56ED5A92111AA9D42A5FE2892A7EE35DFB0CEA2A
SHA512 588700E20E0723124CBDC051974240567E6B4FDBF08F963B69592502E525EFD69D77C0D587814BD422C3915B21B27442529963F1FDACCEFFAEC198EDC0A22C88
SSDEEP 192:lAX7UYJHjXvWS72TYMDgABotwTOsZKW/GWL:4vXuS8YuqtJoKW/GWL

Signature

  • Status: Signature verified.
  • Serial: 33000000BCE120FDD27CC8EE930000000000BC
  • Thumbprint: E85459B23C232DB3CB94C7A56D47678F58E8E51E
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: InfDefaultInstall.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 5.2.3668.0
  • Product Version: 5.2.3668.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\SysWOW64\InfDefaultInstall.exe 36
C:\WINDOWS\SysWOW64\InfDefaultInstall.exe 41
C:\Windows\SysWOW64\InfDefaultInstall.exe 41

Possible Misuse

The following table contains possible examples of InfDefaultInstall.exe being misused. While InfDefaultInstall.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
LOLBAS Infdefaultinstall.yml Name: Infdefaultinstall.exe  
LOLBAS Infdefaultinstall.yml - Command: InfDefaultInstall.exe Infdefaultinstall.inf  
LOLBAS Infdefaultinstall.yml - Path: C:\Windows\System32\Infdefaultinstall.exe  
LOLBAS Infdefaultinstall.yml - Path: C:\Windows\SysWOW64\Infdefaultinstall.exe  
atomic-red-team index.md - Atomic Test #4: InfDefaultInstall.exe .inf Execution [windows] MIT License. © 2018 Red Canary
atomic-red-team windows-index.md - Atomic Test #4: InfDefaultInstall.exe .inf Execution [windows] MIT License. © 2018 Red Canary
atomic-red-team T1218.md - Atomic Test #4 - InfDefaultInstall.exe .inf Execution MIT License. © 2018 Red Canary
atomic-red-team T1218.md ## Atomic Test #4 - InfDefaultInstall.exe .inf Execution MIT License. © 2018 Red Canary
atomic-red-team T1218.md Test execution of a .inf using InfDefaultInstall.exe MIT License. © 2018 Red Canary
atomic-red-team T1218.md Reference: https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/OSBinaries/Infdefaultinstall.yml MIT License. © 2018 Red Canary
atomic-red-team T1218.md | inf_to_execute | Local location of inf file | string | PathToAtomicsFolder\T1218\src\Infdefaultinstall.inf| MIT License. © 2018 Red Canary
atomic-red-team T1218.md InfDefaultInstall.exe #{inf_to_execute} MIT License. © 2018 Red Canary
atomic-red-team T1218.md Invoke-WebRequest “https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218/src/Infdefaultinstall.inf” -OutFile “#{inf_to_execute}” MIT License. © 2018 Red Canary

MIT License. Copyright (c) 2020-2021 Strontic.