wevtfwd.dll
- File Path:
C:\Windows\system32\wevtfwd.dll
- Description: WS-Management Event Forwarding Plug-in
Hashes
| Type |
Hash |
| MD5 |
6D0B67DC87ECDCD716A9C532D7AA8FFD |
| SHA1 |
9990E41C2E7E1CAC7EA2D26DD8CAD0DC641B3330 |
| SHA256 |
B1B05D4AEB895665DC71750CA4DE7B6D17E8A7265FC1EEDF491FA8E1C43661D4 |
| SHA384 |
87E5A87A1879CD1DA008EB24FC35916D53DF0A7EC10B90899E61933AC93C6BD3310A8D3E447C469EF80B5765897B9696 |
| SHA512 |
59072DAFA90150DFA3381E384C66548692EFD9638C661274A308D70F28C11A3C630DED68893539D643D25BD7D503DE234DE1F394F6C7A419B8C0D24B9CA75893 |
| SSDEEP |
1536:mtr4O7wxJyioR9f65pzXaGsHiiogxMIgSk+JMIBeiqbl+Aode2wVX1lHR0U5l8g+:mpvRixioGFkmSiqbl+AodeMUT |
| IMP |
E9B76D35F59E84B8ED8B0B52E612C06C |
| PESHA1 |
13E2F562F1A77B7C8FD4E6FBBE8202EE9FA857CC |
| PE256 |
E183F089C4BC9ABA264A80FB9639BE87F771B6786F23CE2DBA4CA05FF13E197F |
DLL Exports:
| Function Name |
Ordinal |
Type |
WSManProvSubscribe |
4 |
Exported Function |
WSManProvUnsubscribe |
5 |
Exported Function |
WSManProvPullEvents |
3 |
Exported Function |
WSManPluginShutdown |
1 |
Exported Function |
WSManPluginStartup |
2 |
Exported Function |
Signature
- Status: Signature verified.
- Serial:
330000026551AE1BBD005CBFBD000000000265
- Thumbprint:
E168609353F30FF2373157B4EB8CD519D07A2BFF
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: wevtfwd.dll.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/72
- VirusTotal Link: https://www.virustotal.com/gui/file/b1b05d4aeb895665dc71750ca4de7b6d17e8a7265fc1eedf491fa8e1c43661d4/detection/
MIT License. Copyright (c) 2020-2021 Strontic.