baaupdate.exe

  • File Path: C:\WINDOWS\system32\baaupdate.exe
  • Description: BitLocker Access Agent Update Utility

Hashes

Type Hash
MD5 6B16BB0AE5A0D92ACB86E24F0C3CAA70
SHA1 C0A1C181432FEB43A43AF960CE432F7B91103AC2
SHA256 D7D3FB7B1DEFE23559375BE3C10DC5804367CF379D07888CDA47F67AB527E0A0
SHA384 E501BA670E687407EEA1C2062AC2ABC67DC81654A9C1F68A7EDC22742513C5C2C6853693E9BFAEE48FAD672D776E9F5C
SHA512 3F9EEF65201719A6C928EED3A0AD73D1D6C9665D098A0AA19542D114740B4BED056836A6980C5124923EEA2A941AFECE93729C5EAB2C851099138A54624F1992
SSDEEP 3072:w0TPtWQwnVS570M9kdatGCO+xmBc+hMPhPsx:rtkVs7nyatGt+SYF
IMP EEDA0083C7D468FE0C97DE8B9FCD7FF8
PESHA1 769C123119ACFE23D6CEDAE94FB8B46A4845CCAC
PE256 B34AD9736B2712DF3F1E286D9C4DDF4BA2CD047D7D09BC42F2C8640D1B94A81C

Runtime Data

Loaded Modules:

Path
C:\WINDOWS\system32\baaupdate.exe
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\USER32.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: BAAUPDATE.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/d7d3fb7b1defe23559375be3c10dc5804367cf379d07888cda47f67ab527e0a0/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\baaupdate.exe 88
C:\WINDOWS\system32\baaupdate.exe 85
C:\windows\system32\baaupdate.exe 80
C:\Windows\system32\baaupdate.exe 88
C:\WINDOWS\system32\BdeHdCfg.exe 77
C:\Windows\system32\BdeHdCfg.exe 75
C:\WINDOWS\system32\BdeHdCfg.exe 75
C:\Windows\system32\BdeHdCfg.exe 74
C:\windows\system32\BdeHdCfg.exe 75
C:\Windows\system32\bdeunlock.exe 40
C:\Windows\system32\bdeunlock.exe 44
C:\WINDOWS\system32\bdeunlock.exe 40
C:\WINDOWS\system32\bdeunlock.exe 44
C:\windows\system32\bdeunlock.exe 52
C:\Windows\system32\bdeunlock.exe 41
C:\WINDOWS\system32\BitLockerWizard.exe 85
C:\Windows\system32\BitLockerWizard.exe 88
C:\windows\system32\BitLockerWizard.exe 85
C:\WINDOWS\system32\BitLockerWizard.exe 88
C:\Windows\system32\BitLockerWizard.exe 85
C:\Windows\system32\BitLockerWizard.exe 85
C:\Windows\system32\BitLockerWizardElev.exe 85
C:\Windows\system32\BitLockerWizardElev.exe 88
C:\WINDOWS\system32\BitLockerWizardElev.exe 86
C:\Windows\system32\BitLockerWizardElev.exe 88
C:\windows\system32\BitLockerWizardElev.exe 88
C:\WINDOWS\system32\BitLockerWizardElev.exe 83
C:\Windows\system32\fvecpl.dll 40
C:\Windows\system32\fvenotify.exe 71
C:\WINDOWS\system32\fvenotify.exe 60
C:\windows\system32\fvenotify.exe 71
C:\WINDOWS\system32\fvenotify.exe 69
C:\Windows\system32\fvenotify.exe 63
C:\WINDOWS\system32\fveprompt.exe 71
C:\Windows\system32\fveprompt.exe 71
C:\Windows\system32\fveprompt.exe 66
C:\WINDOWS\system32\fveprompt.exe 72
C:\windows\system32\fveprompt.exe 71
C:\Windows\system32\fveui.dll 55
C:\WINDOWS\system32\manage-bde.exe 50
C:\Windows\system32\manage-bde.exe 50
C:\Windows\system32\manage-bde.exe 52
C:\WINDOWS\system32\manage-bde.exe 46
C:\windows\system32\manage-bde.exe 58
C:\Windows\system32\repair-bde.exe 74
C:\WINDOWS\system32\repair-bde.exe 79
C:\WINDOWS\system32\repair-bde.exe 74
C:\windows\system32\repair-bde.exe 75
C:\Windows\system32\repair-bde.exe 75

MIT License. Copyright (c) 2020-2021 Strontic.