srwmi.dll

• File Path: C:\Windows\system32\srwmi.dll
• Description: Microsoft Windows System Restore WMI Provider

Hashes

Type	Hash
MD5	1115AE037B9F7C304C1AF0F89DDEFD9D
SHA1	9399F6A3022FB981636557336848104B7DEA1CF7
SHA256	1F9F1923D646AA28E27301125B90157994524D41EE22D30488B3E6CCEC2EA3AF
SHA384	8470B0981A9F3175AC5AE4118523EDA16C085B4084A18F6D845C300870A2440E795BFE46C119B7C93301A97F3F7D3A10
SHA512	0B93C23BB9144602FDA019CD98D51414EF969FB64F09308B528B1BF04AA0FB690C725A4F6B6A6E02D38EBFC60AA3633B78592FFF8D12B97113A3512D3D2E8743
SSDEEP	384:zcN4a1s5UkHyRzBoz/J1jSHIke5x3gvf51mMr1SOJimWLnBsqr5gseQsw61wW9oy:L59R11qILxQrr1SmWLneqYE
IMP	AA2795CB5ED02B9FA24A80AC839DC894
PESHA1	21495FDDCEB8C6B0D6BEA7D674F8FAB001B29818
PE256	88F7AEEE42D33234FF9E3BE8DD02EADA978D3A73662C4F9C66E6C2699BFDBCF6

DLL Exports:

Function Name	Ordinal	Type
DllRegisterServer	3	Exported Function
DllUnregisterServer	4	Exported Function
DllCanUnloadNow	1	Exported Function
DllGetClassObject	2	Exported Function

Signature

• Status: Signature verified.
• Serial: 330000026551AE1BBD005CBFBD000000000265
• Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: srwmi.dll
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 64-bit

File Scan

• VirusTotal Detections: 0/71
• VirusTotal Link: https://www.virustotal.com/gui/file/1f9f1923d646aa28e27301125b90157994524d41ee22d30488b3e6ccec2ea3af/detection/

MIT License. Copyright (c) 2020-2021 Strontic.