tdh.dll
- File Path:
C:\Windows\SysWOW64\tdh.dll
- Description: Event Trace Helper Library
Hashes
| Type |
Hash |
| MD5 |
B868D4AD3E68EBA1501E8CA91DFAF2BC |
| SHA1 |
62ECC8537A51CF1856BBB410A09CFD74CF851EB4 |
| SHA256 |
8AFFE60ADDCF56009453146D0BACF80AFBA8511B2BF08096D7807824F1DA676C |
| SHA384 |
53B223DBAC06EB2B2ABA94AC87305282FBBACFFC31DC3458D91D6BEC6C2BE5B86EA541CF68E6CB6888061951E252404E |
| SHA512 |
5811D87B0A7E7D4451CEBF85F0155792E539ABE72769700E2B9B3039DBE4A9DF4867D7499F385472218D03E71309A903F5646B6BBCB41B6E4B9CAB532FF98597 |
| SSDEEP |
24576:Lp7PRTi/HU/l1Z+vjhuUG5IQAwkQAwgQAfP/vfPjtfe9:Lp7PRTwm5IQAwkQAwgQAfP/vfPjtfe9 |
| IMP |
C55E9B3D094B4E103F0BC55B46E74779 |
| PESHA1 |
3CFBAF1C521FCF6E54E871583995798EB2E6A355 |
| PE256 |
C2BAA7D4A0AA01AC89A7ED82CD8BA60DAAB2693715CE658B121D3B59383C990A |
DLL Exports:
| Function Name |
Ordinal |
Type |
TdhGetWppMessage |
24 |
Exported Function |
TdhGetPropertySize |
23 |
Exported Function |
TdhLoadManifest |
26 |
Exported Function |
TdhGetWppProperty |
25 |
Exported Function |
TdhGetManifestEventInformation |
20 |
Exported Function |
TdhGetEventMapInformation |
19 |
Exported Function |
TdhGetPropertyOffsetAndSize |
22 |
Exported Function |
TdhGetProperty |
21 |
Exported Function |
TdhLoadManifestFromBinary |
27 |
Exported Function |
TdhUnloadManifest |
33 |
Exported Function |
TdhSetDecodingParameter |
32 |
Exported Function |
TdhValidatePayloadFilter |
35 |
Exported Function |
TdhUnloadManifestFromMemory |
34 |
Exported Function |
TdhOpenDecodingHandle |
29 |
Exported Function |
TdhLoadManifestFromMemory |
28 |
Exported Function |
TdhQueryRemoteWBEMProviderFieldInformation |
31 |
Exported Function |
TdhQueryProviderFieldInformation |
30 |
Exported Function |
TdhGetEventInformation |
18 |
Exported Function |
TdhCloseDecodingHandle |
6 |
Exported Function |
TdhCleanupPayloadEventFilterDescriptor |
5 |
Exported Function |
TdhDeletePayloadFilter |
8 |
Exported Function |
TdhCreatePayloadFilter |
7 |
Exported Function |
DllGetClassObject |
2 |
Exported Function |
DllCanUnloadNow |
1 |
Exported Function |
TdhApplyPayloadFilter |
4 |
Exported Function |
TdhAggregatePayloadFilters |
3 |
Exported Function |
TdhEnumerateManifestProviderEvents |
9 |
Exported Function |
TdhFormatProperty |
15 |
Exported Function |
TdhEnumerateRemoteWBEMProviders |
14 |
Exported Function |
TdhGetDecodingParameter |
17 |
Exported Function |
TdhGetAllEventsInformation |
16 |
Exported Function |
TdhEnumerateProviderFilters |
11 |
Exported Function |
TdhEnumerateProviderFieldInformation |
10 |
Exported Function |
TdhEnumerateRemoteWBEMProviderFieldInformation |
13 |
Exported Function |
TdhEnumerateProviders |
12 |
Exported Function |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266
- Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: tdh.dll
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.329 (WinBuild.160101.0800)
- Product Version: 10.0.19041.329
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/71
- VirusTotal Link: https://www.virustotal.com/gui/file/8affe60addcf56009453146d0bacf80afba8511b2bf08096d7807824f1da676c/detection/
File Similarity (ssdeep match)
MIT License. Copyright (c) 2020-2021 Strontic.