wmitrace.dll

  • File Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winxp\wmitrace.dll
  • Description: Microsoft Kernel Debugger Extensions (WMI Tracing)

Hashes

Type Hash
MD5 2B386CB3C2E87D0AE428CDA7EB809640
SHA1 771F3FD984485B76610D585375C75BF3CA4E92E3
SHA256 528B1AC6D0803C9FE935B867B1CDDEDCE1540AC1D4D7401C7B5E3F2107B78AC8
SHA384 C359BF0877F8160494D8B98987CE9673F918323514E4F446D38124D1316D83066674F388D659FDA1AA6101DEA8E13274
SHA512 F97FDB33B0F2290D1E909CFE866F47C433702A78739136B93052E8CC963981292FBDA5D7D2E769A94C92C56A2648B504605C3C67D0C2E8F8228FF2E4B2A505C0
SSDEEP 6144:6xNwJ670y1y9v3pIRSEIiN3d5PDu0SqSLlxjpOMUoikXVcA9gIQ/yDbp69puPLlp:4NwJvyG3pIoEtd57u0kLlxjpEz/Okcj
IMP BBFA60ED699C5EA5B33D8E3178F7D632
PESHA1 B89E2F0435EF7F103595258FE75BF6C5D4DFDAE4
PE256 30AEDB0C6B7814899C5B2E0E00B3BDCBAFF354300B25BC0FF46D0A1544690E87

DLL Exports:

Function Name Ordinal Type
regtable 27 Exported Function
ptdump 26 Exported Function
setprefix 29 Exported Function
searchpath 28 Exported Function
manpath 25 Exported Function
logdump 22 Exported Function
kdtracing 21 Exported Function
logsave 24 Exported Function
logger 23 Exported Function
traceoperation 35 Exported Function
Tprint 2 Exported Function
WmiFormatTraceData 3 Exported Function
usermode 36 Exported Function
tmffile 34 Exported Function
stop 31 Exported Function
start 30 Exported Function
systrace 33 Exported Function
strdump 32 Exported Function
DebugExtensionNotify 1 Exported Function
DebugExtensionInitialize 5 Exported Function
disable 11 Exported Function
DebugExtensionUninitialize 6 Exported Function
container 10 Exported Function
bufdump 7 Exported Function
_EFN_wmiLogMiniDump 4 Exported Function
capturestate 9 Exported Function
buffer 8 Exported Function
guidfile 18 Exported Function
guid 17 Exported Function
kd 20 Exported Function
help 19 Exported Function
eventlogdump 16 Exported Function
dumpminievent 13 Exported Function
dumpmini 12 Exported Function
enable 15 Exported Function
dynamicprint 14 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 33000002CF6D2CC57CAA65A6D80000000002CF
  • Thumbprint: 1A221B3B4FEF088B17BA6704FD088DF192D9E0EF
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: wmiTrace.DLL
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/75
  • VirusTotal Link: https://www.virustotal.com/gui/file/528b1ac6d0803c9fe935b867b1cddedce1540ac1d4d7401c7b5e3f2107b78ac8/detection

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\arm64\tracefmt.exe 46
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\tracefmt.exe 47
C:\Program Files (x86)\Windows Kits\10\Debuggers\arm64\winext\wdfkd.dll 44
C:\Program Files (x86)\Windows Kits\10\Debuggers\arm64\winxp\wmitrace.dll 35
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext\rcdrkd.dll 47
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext\wdfkd.dll 35
C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\perf_wpp.dll 49
C:\Windows\system32\nltest.exe 32
C:\Windows\system32\nltest.exe 32
C:\Windows\system32\nltest.exe 29
C:\Windows\system32\nshwfp.dll 32

MIT License. Copyright (c) 2020-2021 Strontic.