nshwfp.dll

  • File Path: C:\Windows\SysWOW64\nshwfp.dll
  • Description: Windows Filtering Platform Netsh Helper

Hashes

Type Hash
MD5 4C8A4BFA5AE5C0634247D8A74FBE4783
SHA1 D5588DC5AEF2D4681BE911175BDD844DF337FE8E
SHA256 3F9F5F8FDE74C5870CD9C2009ACAD70BA2B071E9334BADF1FE3135FCD52EB916
SHA384 81D6B66AC299949CA8CFE769E044BD287B67D56A1A63A77BA812B74A3E743F2650E35E8EDD5D88F0840FAD8A48B10D39
SHA512 EF7884E44979D20DE8FF1728401EEAF499A5AD3DD166E868346295CD79CC4985AAF51993DC0FD1884FA9434D6D92BA2890C86E8788AD446A3252968386B00608
SSDEEP 12288:oHPRTJkasGNZPKLqRAbCjhjDcM8s4rbL7rbL7rbL7l:oHPRTfsGNZPcCjhjDcM8s4rbL7rbL7rp
IMP 68089E3B63527D25475C2DAA554E1DFF
PESHA1 F2F4CA8B96DD1B611A2F855EDA0D1673E3FB9F63
PE256 B7546B0A7842FE06D4FDE7F87673E9B626A44A87CAA32FAEB6B19AB53FB46E7F

DLL Exports:

Function Name Ordinal Type
InitHelperDll 6 Exported Function
IdpConfigRemovePolicy 5 Exported Function
WfpCaptureStop 8 Exported Function
WfpCaptureExportedW 7 Exported Function
IdpConfigAllocateAndGetPolicy 2 Exported Function
IdpConfigAddPolicy 1 Exported Function
IdpConfigInitDefaultPolicy 4 Exported Function
IdpConfigFreePolicy 3 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: nshwfp.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/3f9f5f8fde74c5870cd9c2009acad70ba2b071e9334badf1fe3135fcd52eb916/detection/

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Windows Kits\10\Debuggers\arm\usbview.exe 36
C:\Program Files (x86)\Windows Kits\10\Debuggers\arm\winext\rcdrkd.dll 50
C:\Program Files (x86)\Windows Kits\10\Debuggers\arm64\usbview.exe 40
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\usbview.exe 36
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext\rcdrkd.dll 52

MIT License. Copyright (c) 2020-2021 Strontic.