WMIADAP.exe

  • File Path: C:\Windows\SysWOW64\wbem\WMIADAP.exe
  • Description: WMI Reverse Performance Adapter Maintenance Utility

Hashes

Type Hash
MD5 F9BBB6D53ED2EC2929CB58FD3673C1DE
SHA1 6A7AA6B6562EE9CA8C8194B41FC92FC5D3D771B0
SHA256 76243553EFD123F8B1CF97120E8D6F0B9AAB2CBA884045E1CCEF34BD71681828
SHA384 2CFB4B0F82D29F82864176F4A75475B8E1CA1B028E00371A01F6F41631D0EAEBB38CC56506F1E050E69AFDB46D30C0AF
SHA512 EE426B81849FB295BCBD35B2152F3CC785E94943533420923F0566FA4EA9F309E7F63FC99D5D7158B81811F8F8AEE425CA5E6D0E96726ECAC0F3E18AE64E2532
SSDEEP 3072:ki+6k+4VOWQZPOu2qgXRm6kMymZO7fnQ6/W:kir4kWQ9x2qotktmZO7fQsW
IMP 8CFB5725B2F97204F3268EDACE605269
PESHA1 2E14881058AD519798FEE13C1287A8AB80FB94C7
PE256 C1B588EE4D51F7DCCBB695C8AC2F79192CF8508F36B4A8E06673201AC9F2FCF9

Runtime Data

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\wbem\WMIADAP.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: wmicookr.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/76243553efd123f8b1cf97120e8d6f0b9aab2cba884045e1ccef34bd71681828/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\SysWOW64\wbem\WMIADAP.exe 85
C:\Windows\SysWOW64\wbem\WMIADAP.exe 85

Possible Misuse

The following table contains possible examples of WMIADAP.exe being misused. While WMIADAP.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_wmi_module_load.yml - '\windows\system32\wbem\WMIADAP.exe' # https://github.com/SigmaHQ/sigma/issues/1871 DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.