tdh.dll
- File Path:
C:\Windows\system32\tdh.dll
- Description: Event Trace Helper Library
Hashes
| Type |
Hash |
| MD5 |
986A5AD67053117CC7C5BAE91EC60FF9 |
| SHA1 |
6833CCAC2F31A65E5665A667F93BE48A928FACC1 |
| SHA256 |
BD3A889FBF6936F25E85E62E8D335A2F2A1215F6037787702D91024CAFFEDD50 |
| SHA384 |
21CA378814FE40725C1D9CF7E1E1885C32559EA9630A788B609889356A118D0922A95ACDC81F339B45C43B70E95EC18E |
| SHA512 |
331038A2484ED23DBDE7959BE87BBA4FE2059C7AEC5A9FC90FEBD0F03EDA4B9E9D84CE78ADD96FB98E2AC045C155CAC8881598A88E3559759F28FD552A17D5FE |
| SSDEEP |
12288:NLKOMEdB0nzvJ+jKdgNZ4ey1LPxjpEz/PKOSn:NLK/EdB8+jKw4l1LPxjC/PU |
| IMP |
BB35E214BF7197B4DF3B727E63D60458 |
| PESHA1 |
9026D3F4558518EE73977F0BCA69245F0A153983 |
| PE256 |
5360F57824875B2AAFA3119CC1791D289BE3224893B56926015CED1C149B82A8 |
DLL Exports:
| Function Name |
Ordinal |
Type |
TdhGetWppMessage |
24 |
Exported Function |
TdhGetPropertySize |
23 |
Exported Function |
TdhLoadManifest |
26 |
Exported Function |
TdhGetWppProperty |
25 |
Exported Function |
TdhGetManifestEventInformation |
20 |
Exported Function |
TdhGetEventMapInformation |
19 |
Exported Function |
TdhGetPropertyOffsetAndSize |
22 |
Exported Function |
TdhGetProperty |
21 |
Exported Function |
TdhLoadManifestFromBinary |
27 |
Exported Function |
TdhUnloadManifest |
33 |
Exported Function |
TdhSetDecodingParameter |
32 |
Exported Function |
TdhValidatePayloadFilter |
35 |
Exported Function |
TdhUnloadManifestFromMemory |
34 |
Exported Function |
TdhOpenDecodingHandle |
29 |
Exported Function |
TdhLoadManifestFromMemory |
28 |
Exported Function |
TdhQueryRemoteWBEMProviderFieldInformation |
31 |
Exported Function |
TdhQueryProviderFieldInformation |
30 |
Exported Function |
TdhGetEventInformation |
18 |
Exported Function |
TdhCloseDecodingHandle |
6 |
Exported Function |
TdhCleanupPayloadEventFilterDescriptor |
5 |
Exported Function |
TdhDeletePayloadFilter |
8 |
Exported Function |
TdhCreatePayloadFilter |
7 |
Exported Function |
DllGetClassObject |
2 |
Exported Function |
DllCanUnloadNow |
1 |
Exported Function |
TdhApplyPayloadFilter |
4 |
Exported Function |
TdhAggregatePayloadFilters |
3 |
Exported Function |
TdhEnumerateManifestProviderEvents |
9 |
Exported Function |
TdhFormatProperty |
15 |
Exported Function |
TdhEnumerateRemoteWBEMProviders |
14 |
Exported Function |
TdhGetDecodingParameter |
17 |
Exported Function |
TdhGetAllEventsInformation |
16 |
Exported Function |
TdhEnumerateProviderFilters |
11 |
Exported Function |
TdhEnumerateProviderFieldInformation |
10 |
Exported Function |
TdhEnumerateRemoteWBEMProviderFieldInformation |
13 |
Exported Function |
TdhEnumerateProviders |
12 |
Exported Function |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266
- Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: tdh.dll.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/71
- VirusTotal Link: https://www.virustotal.com/gui/file/bd3a889fbf6936f25e85e62e8d335a2f2a1215f6037787702d91024caffedd50/detection/
MIT License. Copyright (c) 2020-2021 Strontic.