wmiclnt.dll

• File Path: C:\Windows\SysWOW64\wmiclnt.dll
• Description: WMI Client API

Hashes

Type	Hash
MD5	3A0762930543084DAF64E61A0CF69923
SHA1	ADA71C18C8FEF33D017501632B6DF014C947FA6A
SHA256	DD53D6079F8C1DAC64EC1A0BA31A99CCDB2173F455A68AD82636A5C2290580D8
SHA384	F730D13EC1723C0B9257DBEBD82CD5F4A70E9AC15F27E5EC3872DCB4AE770817EC23F100D19130BB9C3C4ECF24A5088B
SHA512	5771A2F1FD802366839701DB04F7D5FDEB8C66FD6BE2CB4358D6F4B144419928BE9F42835368B7B58CA09372108A8D57DCF5815FA98ACF11151ACDD7EE3FE000
SSDEEP	768:cCmLuwKotVsLTWyR2+z7erQ8wRK4AKpxw4lWUswIqNB7+BHsaJ:WLRltuHWUNXRxT5wUpIqNh+BHsaJ
IMP	C224C175C29071387DE0035776E40940
PESHA1	BA97C04D6882F6E9C012D644738EF8181E0381CA
PE256	C3A697AB8EBB8F496B11A511BACC451A9559E2D9EC2133389BA4C9D56A11D14A

DLL Exports:

Function Name	Ordinal	Type
WmiQuerySingleInstanceA	20	Exported Function
WmiQuerySingleInstanceMultipleA	21	Exported Function
WmiQuerySingleInstanceMultipleW	22	Exported Function
WmiQueryGuidInformation	19	Exported Function
WmiQueryAllDataMultipleA	16	Exported Function
WmiQueryAllDataMultipleW	17	Exported Function
WmiQueryAllDataW	18	Exported Function
WmiSetSingleInstanceW	27	Exported Function
WmiSetSingleItemA	28	Exported Function
WmiSetSingleItemW	29	Exported Function
WmiSetSingleInstanceA	26	Exported Function
WmiQuerySingleInstanceW	23	Exported Function
WmiReceiveNotificationsA	24	Exported Function
WmiReceiveNotificationsW	25	Exported Function
WmiQueryAllDataA	15	Exported Function
WmiExecuteMethodA	5	Exported Function
WmiExecuteMethodW	6	Exported Function
WmiFileHandleToInstanceNameA	7	Exported Function
WmiEnumerateGuids	4	Exported Function
WmiCloseBlock	1	Exported Function
WmiDevInstToInstanceNameA	2	Exported Function
WmiDevInstToInstanceNameW	3	Exported Function
WmiNotificationRegistrationA	12	Exported Function
WmiNotificationRegistrationW	13	Exported Function
WmiOpenBlock	14	Exported Function
WmiMofEnumerateResourcesW	11	Exported Function
WmiFileHandleToInstanceNameW	8	Exported Function
WmiFreeBuffer	9	Exported Function
WmiMofEnumerateResourcesA	10	Exported Function

Signature

• Status: Signature verified.
• Serial: 330000026551AE1BBD005CBFBD000000000265
• Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: wmiclnt.dll
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.19041.1 (WinBuild.160101.0800)
• Product Version: 10.0.19041.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 32-bit

File Scan

• VirusTotal Detections: 0/72
• VirusTotal Link: https://www.virustotal.com/gui/file/dd53d6079f8c1dac64ec1a0ba31a99ccdb2173f455a68ad82636a5c2290580d8/detection/

Possible Misuse

The following table contains possible examples of wmiclnt.dll being misused. While wmiclnt.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	image_load_wmi_module_load.yml	- '\wmiclnt.dll'	DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.