fveui.dll

  • File Path: C:\Windows\system32\fveui.dll
  • Description: BitLocker Drive Encryption UI

Hashes

Type Hash
MD5 F5FBB09919FBE03401751FEE4046DA67
SHA1 D37A51DA877D6B06873C4F75D3DA722BFECB1F97
SHA256 C2B80BEE8FA34AB31182A56AB37092BA505FE336616108880671B574F87E47D1
SHA384 F6C8AE3809893F39D266CDA16E055DD3A7E28D1FD718B4F84B84683248A8FC4014CB1D45D7C729E10DE594B5E5A5474F
SHA512 3903424DC55D02DC632CDB741D38FB68EB33173593ACAEC960563FBE0486B6C9E9DB52746A4434E18FFD7CBA602ACE01FB0A62873097038C569F19E3CD5887E3
SSDEEP 6144:k2MCBkfasytnLyJ4DpDfTQ9hkyVs7nyatGt+SYF:NMCyfasQnoKDfTPkH+S+
IMP D0BFAA036380A05E8E3A47AC1BFE9659
PESHA1 50D8E3ED8135AC011A36F6A2FA8257E6C8EBD1B9
PE256 4E486A488011A3D99C905ED56417D1D185E21B419691BDB0F0A0329764E46277

DLL Exports:

Function Name Ordinal Type
VolumeFveStatus::IsPartiallyConverted 32 Exported Function
VolumeFveStatus::IsOsVolume 31 Exported Function
VolumeFveStatus::IsPaused 33 Exported Function
VolumeFveStatus::IsRoamingDevice 35 Exported Function
VolumeFveStatus::IsPreProvisioned 34 Exported Function
VolumeFveStatus::IsOsCriticalVolume 30 Exported Function
VolumeFveStatus::IsEncrypted 26 Exported Function
VolumeFveStatus::IsEDriveVolume 25 Exported Function
VolumeFveStatus::IsEncrypting 27 Exported Function
VolumeFveStatus::IsOn 29 Exported Function
VolumeFveStatus::IsLocked 28 Exported Function
VolumeFveStatus::GetLastConvertStatus 8 Exported Function
VolumeFveStatus::operator 5 Exported Function
BuiVolume::NO_DRIVE_LETTER 39 Exported Function
VolumeFveStatus::GetStatusFlags 9 Exported Function
VolumeFveStatus::GetExtendedFlags 7 Exported Function
VolumeFveStatus::operator 4 Exported Function
VolumeFveStatus::IsUnknownFveVersion 37 Exported Function
VolumeFveStatus::IsSecure 36 Exported Function
VolumeFveStatus::IsWiping 38 Exported Function
BuiVolume::operator 3 Exported Function
VolumeFveStatus::NeedsRestart 40 Exported Function
VolumeFveStatus::IsDisabled 24 Exported Function
VolumeFveStatus::FailedDryRun 6 Exported Function
VolumeFveStatus::VolumeFveStatus 2 Exported Function
VolumeFveStatus::HasExternalKey 10 Exported Function
VolumeFveStatus::HasPBKDF2RecoveryPassword 11 Exported Function
VolumeFveStatus::HasPassphraseProtector 12 Exported Function
VolumeFveStatus::VolumeFveStatus 1 Exported Function
DllGetClassObject 42 Exported Function
DllCanUnloadNow 41 Exported Function
FveuiEnumSmartCardCerts 43 Exported Function
FveuiUserSelectSmartCard 45 Exported Function
FveuiUserSelectCert 44 Exported Function
VolumeFveStatus::IsCsvMetadataVolume 20 Exported Function
VolumeFveStatus::IsConverting 19 Exported Function
VolumeFveStatus::IsDEAutoProvisioned 21 Exported Function
VolumeFveStatus::IsDecrypting 23 Exported Function
VolumeFveStatus::IsDecrypted 22 Exported Function
VolumeFveStatus::HasTpmProtector 18 Exported Function
VolumeFveStatus::HasRecoveryData 14 Exported Function
VolumeFveStatus::HasPinProtector 13 Exported Function
VolumeFveStatus::HasRecoveryPassword 15 Exported Function
VolumeFveStatus::HasStartupKeyProtector 17 Exported Function
VolumeFveStatus::HasSmartCardProtector 16 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: FVEUI.DLL.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/c2b80bee8fa34ab31182a56ab37092ba505fe336616108880671b574f87e47d1/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\system32\baaupdate.exe 52
C:\WINDOWS\system32\baaupdate.exe 47
C:\windows\system32\baaupdate.exe 55
C:\WINDOWS\system32\baaupdate.exe 55
C:\Windows\system32\baaupdate.exe 52
C:\WINDOWS\system32\BdeHdCfg.exe 44
C:\Windows\system32\BdeHdCfg.exe 49
C:\WINDOWS\system32\BdeHdCfg.exe 44
C:\Windows\system32\BdeHdCfg.exe 47
C:\windows\system32\BdeHdCfg.exe 49
C:\Windows\system32\bdeunlock.exe 36
C:\Windows\system32\bdeunlock.exe 40
C:\WINDOWS\system32\bdeunlock.exe 36
C:\WINDOWS\system32\bdeunlock.exe 41
C:\windows\system32\bdeunlock.exe 36
C:\Windows\system32\bdeunlock.exe 38
C:\WINDOWS\system32\BitLockerWizard.exe 54
C:\Windows\system32\BitLockerWizard.exe 49
C:\windows\system32\BitLockerWizard.exe 49
C:\WINDOWS\system32\BitLockerWizard.exe 54
C:\Windows\system32\BitLockerWizard.exe 49
C:\Windows\system32\BitLockerWizard.exe 49
C:\Windows\system32\BitLockerWizardElev.exe 49
C:\Windows\system32\BitLockerWizardElev.exe 52
C:\WINDOWS\system32\BitLockerWizardElev.exe 49
C:\Windows\system32\BitLockerWizardElev.exe 55
C:\windows\system32\BitLockerWizardElev.exe 54
C:\WINDOWS\system32\BitLockerWizardElev.exe 52
C:\Windows\system32\fvecpl.dll 40
C:\Windows\system32\fvenotify.exe 49
C:\WINDOWS\system32\fvenotify.exe 46
C:\windows\system32\fvenotify.exe 43
C:\WINDOWS\system32\fvenotify.exe 52
C:\Windows\system32\fvenotify.exe 46
C:\WINDOWS\system32\fveprompt.exe 47
C:\Windows\system32\fveprompt.exe 46
C:\Windows\system32\fveprompt.exe 49
C:\WINDOWS\system32\fveprompt.exe 47
C:\windows\system32\fveprompt.exe 52
C:\WINDOWS\system32\manage-bde.exe 41
C:\Windows\system32\manage-bde.exe 41
C:\Windows\system32\manage-bde.exe 43
C:\WINDOWS\system32\manage-bde.exe 38
C:\windows\system32\manage-bde.exe 46
C:\Windows\system32\repair-bde.exe 50
C:\WINDOWS\system32\repair-bde.exe 54
C:\WINDOWS\system32\repair-bde.exe 50
C:\windows\system32\repair-bde.exe 52
C:\Windows\system32\repair-bde.exe 50

MIT License. Copyright (c) 2020-2021 Strontic.