clfsw32.dll

  • File Path: C:\Windows\system32\clfsw32.dll
  • Description: Common Log Marshalling Win32 DLL

Hashes

Type Hash
MD5 51C285B0D129F85514D026F0BEF5AD7D
SHA1 19AEBFD5789D13FD20EC9ED8FFB1234E15212197
SHA256 3BF88DF082D8316B7448D577520C1712932F080EE4CBC2AAD8DDCB5CCD38803B
SHA384 FE645C722D9B9554C9D59766B0FF8CF35F78A0118574CBD9A6A0AA3579DC90A0B83FF8DDFE5AA9F28D60452BE49595EC
SHA512 1B6A3C7E19319E2C368D6304D5C9D655E998825290B01ABEC098A27A07A6EAC6AE285CEFA9F17F7233BE4B389B50B060303A091A1480147EF5F43E34D189FA3F
SSDEEP 1536:+RWf5XIO+as99YeRhhDc1mKOMCarX+8u7yXC8/TaW:+RTas9SeVDnKTz+8KH8/z
IMP 5EA1C24D8426558496CDCC67AE06F642
PESHA1 5E7A7647C4666EC88CD684A1CABD173D3D05E858
PE256 1C7135A8AC1170528A17692B4966257C898DDCABB243057EC35B9F840ACB22AD

DLL Exports:

Function Name Ordinal Type
ReadLogRecord 43 Exported Function
ReadLogNotification 42 Exported Function
ReadLogArchiveMetadata 41 Exported Function
ReadLogRestartArea 44 Exported Function
RegisterForLogWriteNotification 47 Exported Function
ReadPreviousLogRestartArea 46 Exported Function
ReadNextLogRecord 45 Exported Function
QueryLogPolicy 40 Exported Function
LsnInvalid 35 Exported Function
LsnIncrement 34 Exported Function
LsnGreater 33 Exported Function
LsnLess 36 Exported Function
PrepareLogArchive 39 Exported Function
LsnRecordSequence 38 Exported Function
LsnNull 37 Exported Function
RegisterManageableLogClient 48 Exported Function
TerminateLogArchive 59 Exported Function
SetLogFileSizeWithPolicy 58 Exported Function
SetLogArchiveTail 57 Exported Function
TerminateReadLog 60 Exported Function
WriteLogRestartArea 63 Exported Function
ValidateLog 62 Exported Function
TruncateLog 61 Exported Function
SetLogArchiveMode 56 Exported Function
RemoveLogPolicy 51 Exported Function
RemoveLogContainerSet 50 Exported Function
RemoveLogContainer 49 Exported Function
ReserveAndAppendLog 52 Exported Function
SetEndOfLog 55 Exported Function
ScanLogContainers 54 Exported Function
ReserveAndAppendLogAligned 53 Exported Function
LsnEqual 32 Exported Function
CreateLogMarshallingArea 12 Exported Function
CreateLogFile 11 Exported Function
CreateLogContainerScanContext 10 Exported Function
DeleteLogByHandle 13 Exported Function
DeregisterManageableLogClient 16 Exported Function
DeleteLogMarshallingArea 15 Exported Function
DeleteLogFile 14 Exported Function
CloseAndResetLogFile 9 Exported Function
AdvanceLogBase 4 Exported Function
AddLogContainerSet 3 Exported Function
AddLogContainer 2 Exported Function
AlignReservedLog 5 Exported Function
CLFS_LSN_NULL 8 Exported Function
CLFS_LSN_INVALID 7 Exported Function
AllocReservedLog 6 Exported Function
DumpLogRecords 17 Exported Function
LogTailAdvanceFailure 28 Exported Function
InstallLogPolicy 27 Exported Function
HandleLogFull 26 Exported Function
LsnBlockOffset 29 Exported Function
LsnDecrement 1 Exported Function
LsnCreate 31 Exported Function
LsnContainer 30 Exported Function
GetNextLogArchiveExtent 25 Exported Function
FreeReservedLog 20 Exported Function
FlushLogToLsn 19 Exported Function
FlushLogBuffers 18 Exported Function
GetLogContainerName 21 Exported Function
GetLogReservationInfo 24 Exported Function
GetLogIoStatistics 23 Exported Function
GetLogFileInformation 22 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: clfsw32.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.21 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.21
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/3bf88df082d8316b7448d577520c1712932f080ee4cbc2aad8ddcb5ccd38803b/detection/

Possible Misuse

The following table contains possible examples of clfsw32.dll being misused. While clfsw32.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_usp_svchost_clfsw32.yml ImageLoaded\|endswith: '\clfsw32.dll' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.