WMIADAP.exe

  • File Path: C:\WINDOWS\system32\wbem\WMIADAP.exe
  • Description: WMI Reverse Performance Adapter Maintenance Utility

Hashes

Type Hash
MD5 0A3EFBAD56D2131ED36287D8E8829F55
SHA1 7BA9D6B41A11A231E04B9EC91A78CFEDD83D6CC1
SHA256 DB844F69381751FE7AECBB8C8A0C3B5D4E1C59491A203191EF283563C539A887
SHA384 D4FD0F9D91C02F9D5EBE10CB1028F3BC27B2D062284CAAD28287BEB2B87762C0E8C67BE790476280DB914E8C1E0EEC25
SHA512 2C4EBA480FC70D4FF5AE29D16C39D8992C1DE6BD7DC62CFFEC8DEA5E7A7FB5A9418B339FD7B969E4829E1525405D61808624766119E51C0A56BD1BB89121ACD1
SSDEEP 3072:JhpfsicSUfuk1kM/GQ+kulMUyjTvTdesh1uT:Rkic3G8GQcXqRes

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: wmicookr.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of WMIADAP.exe being misused. While WMIADAP.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_wmi_module_load.yml - '\windows\system32\wbem\WMIADAP.exe' # https://github.com/SigmaHQ/sigma/issues/1871 DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.