WMIADAP.exe

  • File Path: C:\windows\system32\wbem\WMIADAP.exe
  • Description: WMI Reverse Performance Adapter Maintenance Utility

Hashes

Type Hash
MD5 5C6C8392274C60D7C3A8B0DDD97AB7D9
SHA1 D99D2705027E22673139D0FDB870947347594904
SHA256 32B07C757E2B96776B7A96D6C2EAA035D6A6177BE67868CF5A362D16557FB7D4
SHA384 4DAE874E028F75E3B3F3032B3C5342AF5BE19E13ABF0E18C1672532B7BE71125A41DA1689C01091C25E15D9E152E9FE5
SHA512 C9FC5C2B6502B5B274322E948544B93B26828708308BF28DDC046687C493EC9BBBE90FA0FAFEB1154CBD25384E22D79C6FBF09139172D930ADD51F83AA867F91
SSDEEP 3072:GEYLJcyy9VyjtmmF3gWMBa5F7N9tmTt7gb:GjLJTyXyjRZgXWb67g

Signature

  • Status: The file C:\windows\system32\wbem\WMIADAP.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: wmicookr.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.17415 (winblue_r4.141028-1500)
  • Product Version: 6.3.9600.17415
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of WMIADAP.exe being misused. While WMIADAP.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_wmi_module_load.yml - '\windows\system32\wbem\WMIADAP.exe' # https://github.com/SigmaHQ/sigma/issues/1871 DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.