clfsw32.dll

  • File Path: C:\Windows\SysWOW64\clfsw32.dll
  • Description: Common Log Marshalling Win32 DLL

Hashes

Type Hash
MD5 6CD165DE3731C2887702F302A82B2787
SHA1 5E2F0824FC027E32BE2D8D30117CE854F0A18299
SHA256 2348F0489F1B537B2FFCBEB83CB79C3A8016D78C1F2BCAD4B2A04BCA2DE4A747
SHA384 563BC6FE48C081E6FDF9C3BAFD80657F868B5BC6ED8E6BFE0ED5DA5DD8596FE1924BDB1C8F6CACD1DC41C66E290B725D
SHA512 CB0A74060CCEB204D5CCF4A1B9F823A3FBF077EC4516C5F6FF52E4DEFE01F1E4EF830D6F4B50108F6B353DDA07741D04D7FBCAA7DD647D4A656F71282B4FFEED
SSDEEP 1536:lo+DjglOk19RErILfeSNsrAgjv+MGyOF4M:u+wlOS9RErIKSNsrAgjvfGR4M
IMP AB68F7978DA9D552520F1C31BF449794
PESHA1 8915917A2BB399C7623DDD73A6B2019163764C25
PE256 74F3AF48E1A778F9F8AFB414449F8C9CB00E592A24B0A1416D5E3025A45C8FEB

DLL Exports:

Function Name Ordinal Type
ReadLogRecord 43 Exported Function
ReadLogNotification 42 Exported Function
ReadLogArchiveMetadata 41 Exported Function
ReadLogRestartArea 44 Exported Function
RegisterForLogWriteNotification 47 Exported Function
ReadPreviousLogRestartArea 46 Exported Function
ReadNextLogRecord 45 Exported Function
QueryLogPolicy 40 Exported Function
LsnInvalid 35 Exported Function
LsnIncrement 34 Exported Function
LsnGreater 33 Exported Function
LsnLess 36 Exported Function
PrepareLogArchive 39 Exported Function
LsnRecordSequence 38 Exported Function
LsnNull 37 Exported Function
RegisterManageableLogClient 48 Exported Function
TerminateLogArchive 59 Exported Function
SetLogFileSizeWithPolicy 58 Exported Function
SetLogArchiveTail 57 Exported Function
TerminateReadLog 60 Exported Function
WriteLogRestartArea 63 Exported Function
ValidateLog 62 Exported Function
TruncateLog 61 Exported Function
SetLogArchiveMode 56 Exported Function
RemoveLogPolicy 51 Exported Function
RemoveLogContainerSet 50 Exported Function
RemoveLogContainer 49 Exported Function
ReserveAndAppendLog 52 Exported Function
SetEndOfLog 55 Exported Function
ScanLogContainers 54 Exported Function
ReserveAndAppendLogAligned 53 Exported Function
LsnEqual 32 Exported Function
CreateLogMarshallingArea 12 Exported Function
CreateLogFile 11 Exported Function
CreateLogContainerScanContext 10 Exported Function
DeleteLogByHandle 13 Exported Function
DeregisterManageableLogClient 16 Exported Function
DeleteLogMarshallingArea 15 Exported Function
DeleteLogFile 14 Exported Function
CloseAndResetLogFile 9 Exported Function
AdvanceLogBase 4 Exported Function
AddLogContainerSet 3 Exported Function
AddLogContainer 2 Exported Function
AlignReservedLog 5 Exported Function
CLFS_LSN_NULL 8 Exported Function
CLFS_LSN_INVALID 7 Exported Function
AllocReservedLog 6 Exported Function
DumpLogRecords 17 Exported Function
LogTailAdvanceFailure 28 Exported Function
InstallLogPolicy 27 Exported Function
HandleLogFull 26 Exported Function
LsnBlockOffset 29 Exported Function
LsnDecrement 1 Exported Function
LsnCreate 31 Exported Function
LsnContainer 30 Exported Function
GetNextLogArchiveExtent 25 Exported Function
FreeReservedLog 20 Exported Function
FlushLogToLsn 19 Exported Function
FlushLogBuffers 18 Exported Function
GetLogContainerName 21 Exported Function
GetLogReservationInfo 24 Exported Function
GetLogIoStatistics 23 Exported Function
GetLogFileInformation 22 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: clfsw32.dll
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.21 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.21
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/2348f0489f1b537b2ffcbeb83cb79c3a8016d78c1f2bcad4b2a04bca2de4a747/detection/

Possible Misuse

The following table contains possible examples of clfsw32.dll being misused. While clfsw32.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma image_load_usp_svchost_clfsw32.yml ImageLoaded\|endswith: '\clfsw32.dll' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.