wevtfwd.dll
- File Path:
C:\Windows\SysWOW64\wevtfwd.dll
- Description: WS-Management Event Forwarding Plug-in
Hashes
| Type |
Hash |
| MD5 |
6F1B11164FE929D2DC1CE8CEAF7CEC06 |
| SHA1 |
C8E53CD2B36EB238A896D1C5ED16A42B5A989AB8 |
| SHA256 |
CF91236DD3CA44A10F0DC6C818DD3C7E5AE1EB1B7520198210174FBC6F8DE69A |
| SHA384 |
3DF7213A0122C5A94F22A92C8D6A85BF675D3AE53D193388F58428AE292BE13751283AE7E1559C4FEBA52E8ECB97F922 |
| SHA512 |
F4DCA9BC46871D603F11F2B7185D86F95C0E7D5EC5A60B8E7D18092F0B8A118A2322E9ADDB3D6F07ABB48A21867BAF2517FC037D105DEA1B261747AA316F3F40 |
| SSDEEP |
1536:A+g4seGCmi4bWtqfXycjX2V4uATMqCatKxpxk0H3uI:A+g4seEFWw21FqCkqJ |
| IMP |
70307D268C5317D35276749A3655EC2D |
| PESHA1 |
1DB1B02EB2F66E6DFB6D55E4939C3144009ACF48 |
| PE256 |
A18257E4C2F52E57E8A6EE567E70907A183952785BEBA7648989252D003B8EFD |
DLL Exports:
| Function Name |
Ordinal |
Type |
WSManProvSubscribe |
4 |
Exported Function |
WSManProvUnsubscribe |
5 |
Exported Function |
WSManProvPullEvents |
3 |
Exported Function |
WSManPluginShutdown |
1 |
Exported Function |
WSManPluginStartup |
2 |
Exported Function |
Signature
- Status: Signature verified.
- Serial:
330000026551AE1BBD005CBFBD000000000265
- Thumbprint:
E168609353F30FF2373157B4EB8CD519D07A2BFF
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: wevtfwd.dll.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/72
- VirusTotal Link: https://www.virustotal.com/gui/file/cf91236dd3ca44a10f0dc6c818dd3c7e5ae1eb1b7520198210174fbc6f8de69a/detection/
MIT License. Copyright (c) 2020-2021 Strontic.