wuaueng.dll

  • File Path: C:\Windows\system32\wuaueng.dll
  • Description: Windows Update Agent

Hashes

Type Hash
MD5 EFC3573F588989978DC0C1CFDFADA553
SHA1 CBDE97A4D7C50EE532713249AD0FB7AD2DCBAC37
SHA256 20A655250D6EA9126ADBE3D064DC77B58B46BBE73C39CA551ED639A0190E9158
SHA384 FC1865C63A96126273A57A3D292A555958308962C31397F9606535C5C01EDC5852CC28C8B12E424EE2D6538DBE58C1DA
SHA512 9F558F873D1351BEBCFD04BED647E15237B466E4366FADD2E0A9A60271B1992B830889F5B442C717ECDC805EA9D181186F7F137CA173363F4CCAFD3130C1E0D2
SSDEEP 49152:8BZmZlQHuPj/aqhDbsa3ppJgpzOO8x6R53F7yNICbGy6mwm2YAhH/voikhiEJX:pQHwIS2LGDEvov
IMP 5026345D106C6834EDC5906E1CEC2AB5
PESHA1 5BA19B09CD2E0486D31F861BC16E6EFC34B03441
PE256 487355762F19F2CD9DEEF22B975588E9A611F029724DF9962AEA4EE1F3390E38

DLL Exports:

Function Name Ordinal Type
WUCreateUpdateHandler 6 Exported Function
WUServiceMain 7 Exported Function
WUCreateExpressionEvaluator 5 Exported Function
DllMain 8 Exported Function
GeneralizeForImaging 4 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: wuaueng.dll.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/20a655250d6ea9126adbe3d064dc77b58b46bbe73c39ca551ed639a0190e9158/detection/

Possible Misuse

The following table contains possible examples of wuaueng.dll being misused. While wuaueng.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_lolbas_execution_of_wuauclt.yml - 'wuaueng.dll' DRL 1.0
sigma proc_creation_win_lolbas_execution_of_wuauclt.yml - Wuaueng.dll which is a module belonging to Microsoft Windows Update. DRL 1.0
sigma proc_creation_win_proxy_execution_wuauclt.yml - ' wuaueng.dll ' DRL 1.0
sigma proc_creation_win_susp_wuauclt.yml - ' wuaueng.dll ' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.