dmcfghost.exe

  • File Path: C:\WINDOWS\system32\dmcfghost.exe
  • Description: Host Process for Push Router Client of OMA-CP

Hashes

Type Hash
MD5 A3D6717C0155DC0090D6D3E86964E3F7
SHA1 DB15BB14EE2EBD0268D466E08B38EC85563333C0
SHA256 30E603B182FC49F0B68CE9D646032E8026BA4322A7ED49AF9BF103109C6B236D
SHA384 0C8B9A7DEC60EEB8923EE01B682ED05BCBD2C20E668BA78A174EBFAAD6A76BA71819BD0052700962D3959ABE293D2018
SHA512 A160FAAF501D35E4997CCAAC7EAB1AEF7D00109AAC7C855463C9CA51C8E330F05DC041B924878CCC923E8A3BAE37A5AB898374E5461DA7BF201688997C378681
SSDEEP 768:J4A1RJwL4AAqoJDSYr7PWil0m8G91M3KI/HKQ:JNiAqoJDvPWi+m8I1M31/HKQ
IMP B9D23EB98585FD9233750D9597B028DA
PESHA1 4C0CAEC945E02A3509C37A71697FFC4B10A9D2B6
PE256 741AAE7946DEBAECEE5BE8F4031A8783EDC1DBDCA4F278B7C0C66F645E20487D

Runtime Data

Loaded Modules:

Path
C:\WINDOWS\system32\dmcfghost.exe
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\System32\msvcp_win.dll
C:\WINDOWS\System32\msvcrt.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\OLEAUT32.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: dmcfghost.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/30e603b182fc49f0b68ce9d646032e8026ba4322a7ed49af9bf103109c6b236d/detection

MIT License. Copyright (c) 2020-2021 Strontic.