WMIADAP.exe

  • File Path: C:\Windows\SysWOW64\wbem\WMIADAP.exe
  • Description: WMI Reverse Performance Adapter Maintenance Utility

Hashes

Type Hash
MD5 83CFA0ACAA299FD5B1B5A255CBD4602B
SHA1 63305D366610DC2AFF85C0CBFF508231B1AC3A05
SHA256 2D484A551751F118EA7609EBA1400F29A98206551959ABECD464828F72CFA28A
SHA384 AC92227AB27C80B09E66D3524FA85CCA68E94840FFD16B849D26AB11E9AFF719996B7875C8C111DD6B93EF3A61581D8E
SHA512 49F7B62DE1E1EF19485E8F9EF42FD9408B6DF84101A0E6A8CE602D75311828BDFDDF972FDE57D81CB976D8111A20FA4287D5722EBBF19130BB109AEC359CB32C
SSDEEP 3072:6i+66+4VOWQZPOu2qgXRm6kMxmZO7kvg6/W:6ip4kWQ9x2qotkmmZO7kosW
IMP 8CFB5725B2F97204F3268EDACE605269
PESHA1 92F3132ED12A7C9AA869E057634E606DDBEE17B2
PE256 62FB0C96B58BAD4D73A6A977EEDA949C7F4C2743BF88655FE25CC5938957A7BA

Runtime Data

Child Processes:

explorer.exe

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\wbem\WMIADAP.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: wmicookr.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.610 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.610
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/76
  • VirusTotal Link: https://www.virustotal.com/gui/file/2d484a551751f118ea7609eba1400f29a98206551959abecd464828f72cfa28a/detection

File Similarity (ssdeep match)

File Score
C:\Windows\SysWOW64\wbem\WMIADAP.exe 85

MIT License. Copyright (c) 2020-2021 Strontic.