WofUtil.dll

  • File Path: C:\Windows\system32\WofUtil.dll
  • Description: Windows Overlay File System Filter user mode API

Hashes

Type Hash
MD5 15FB7F0BC6665C5F339E6D0811EE2205
SHA1 2316930E1FD055222D38F887C8969C7D10EFAF52
SHA256 EA4DD90E10593315A46632DBF29BBC39C2913EEE6FB4E1F9BDDE806B0E334A03
SHA384 209BA409191D02B0F86B27E8988535BD86AD9BCFF24FE6F90E30B510F6E3A1CDE33C245B323E69D0B7D0F1636CB56E93
SHA512 6AC792E00D66A58A345A052E724D8930125B564F74E984F97DD0ACE570BD3369D1C4B123C177F8FAA646C0A1004C29E115F6BF1DA7158CDC5F2D5B691F72DD26
SSDEEP 768:JrSCVOPfile/FewcDnafmbfLcrKDPiEBDJQcTlpHp1043WkzQhP:ZIPfile/FwaebMYqEBDJQcTlpHphzQhP
IMP 4F543A1C80ADAE3FEC33E95172E09117
PESHA1 3AEAC38D66756F46026F167F7D3E5CB2C0FA9A18
PE256 3E0B23DA0A6A14A5E3523855059F1632C279CACC30D03DF9DEC60E4C1C7125E9

DLL Exports:

Function Name Ordinal Type
WofWimEnumFiles 8 Exported Function
WofWimAddEntry 7 Exported Function
WofWimRemoveEntry 9 Exported Function
WofWimUpdateEntry 11 Exported Function
WofWimSuspendEntry 10 Exported Function
WofShouldCompressBinaries 6 Exported Function
WofFileEnumFiles 2 Exported Function
WofEnumEntries 1 Exported Function
WofGetDriverVersion 3 Exported Function
WofSetFileDataLocation 5 Exported Function
WofIsExternalFile 4 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: wofutil.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/ea4dd90e10593315a46632dbf29bbc39c2913eee6fb4e1f9bdde806b0e334a03/detection/

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\compact.exe 32
C:\Windows\system32\compact.exe 35
C:\Windows\system32\compact.exe 38
C:\WINDOWS\system32\compact.exe 32

MIT License. Copyright (c) 2020-2021 Strontic.