ndfetw.dll

• File Path: C:\Windows\system32\ndfetw.dll
• Description: Network Diagnostic Engine Event Interface

Hashes

Type	Hash
MD5	B078DDE58B8E924C02AEC94B996CD0CF
SHA1	02819FE1110AF2FE2F97537345E937BB71A98756
SHA256	8D2E21764048A4FB2694B6B0FED4C210D3B601F9FE43C9327795A2605056E1FA
SHA384	BF4584A8F9D0BFD02B1F7599891915B18DACECC5AA6EE691258BB796B93E9C01A5151711CA05E14382BA57B23A0E44BF
SHA512	CE6CAB822EA600978D93CD539D495EF34D3A500BB59972DAC3AF1B9CA79F04D24178C82E83873A2B51EF7932730F5A25B72635A17935FD362065BAEA92D3BC8A
SSDEEP	768:H2NDQsI9nLuutLbhs6SWe91UUbmGIyMB2kPUKgkOAl0kId6d1gIhZzID:WNssI9LTLds6NeTUSmGIJX5gkOA+pd62
IMP	A1F07637C0A958F4774C234571D0DAC8
PESHA1	15BCB0CFA8FAE30E898A732A33AA059977B0ABDB
PE256	F2D1FDDDD2A3FC080B533E8663383B6232932D4092F1A0FFE2DE8695D4403F8F

DLL Exports:

Function Name	Ordinal	Type
DllRegisterServer	3	Exported Function
DllUnregisterServer	4	Exported Function
DllCanUnloadNow	1	Exported Function
DllGetClassObject	2	Exported Function

Signature

• Status: Signature verified.
• Serial: 3300000266BD1580EFA75CD6D3000000000266
• Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: ndfetw.dll
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 64-bit

File Scan

• VirusTotal Detections: 0/70
• VirusTotal Link: https://www.virustotal.com/gui/file/8d2e21764048a4fb2694b6b0fed4c210d3b601f9fe43c9327795a2605056e1fa/detection/

MIT License. Copyright (c) 2020-2021 Strontic.