drvinst.exe

  • File Path: C:\Windows\system32\drvinst.exe
  • Description: Driver Installation Module

Hashes

Type Hash
MD5 6EB5F4358950B3FE313FE60449A3CDA5
SHA1 3B170E8BAC1D2F671436423BE8A5E8E9F68B79FF
SHA256 D0FE99477FE70549D0C240185B77FD9DB4124A0B6BF413248986EFF16F3B2A85
SHA384 477DA9F96864229F36947D86DB37A619FF804B826F1040B0CDFC91A7EB9ACDDD5EA23C0336E53BAA8994A938278A532D
SHA512 63900372ABCEAA8D9DBBD17D18831F5E41722C03861F8C6A8B648900D4AC0E07789CBB0A99369B93ABDDE165EBCF4D21491B17493BC2EF08C1E9990B38601DF6
SSDEEP 3072:nnzgTRGJjiWdi2T4pAb6cDjMNOQf+uFvpwpTLJ9/0Rhd0q:nnew5N4pA1jMMk+rtLJ9/sh+
IMP DA1305F01AF9CDF200C7B0F24F75FAAE
PESHA1 B292175C300600903C2EEDFE0386AE793B638F0D
PE256 AAB7C70DA81E8E01CE0BF500B08A2297866E05637988EA291C4855CBC1EE142F

Runtime Data

Loaded Modules:

Path
C:\Windows\system32\drvinst.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: DrvInst.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/d0fe99477fe70549d0c240185b77fd9db4124a0b6bf413248986eff16f3b2a85/detection/

Possible Misuse

The following table contains possible examples of drvinst.exe being misused. While drvinst.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
malware-ioc nukesped_lazarus .DrvInst.exe``{:.highlight .language-cmhg} © ESET 2014-2018

MIT License. Copyright (c) 2020-2021 Strontic.