bfe.dll

Base Filtering Engine

Microsoft Corporation

It runs as a scheduled task under the Windows Task Scheduler named BfeOnServiceStartTypeChange triggered to execute when the computer performs a specific event. It is installed with the Windows 8 pre-release build (RTM).
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Base Filtering Engine

 
Part of the Windows 8.1 (Blue) Operating System

Version:
6.3.9600.16384 (winblue_rtm.130821-1623)

MD5:
b865a96b787a813f5d66665b2b62ab11

SHA-1:
842d317687cf31a0bf086406983d0d3b5684f102

SHA-256:
667d7916ec00d5f57b3f527c68aeb0aed147d5d62b25dca2acd78b509c36eaa6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/7/2016 9:28:07 PM UTC  (today)

File size:
538.5 KB (551,424 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
BFE.DLL.MUI

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Windows\System32\bfe.dll

File PE Metadata
Compilation timestamp:
4/30/2014 6:38:07 AM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
12288:SF6N3YYqWswnQpg/ahV2atUdu2b9ANk5:SF6N3HRjQpg/ahz+du2b9ANk5

Entry address:
0x335BE

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 27, DD, FE, FF, 5D, 90, 90, 90, 90, 90, 6A, 2C, 68, A0, 36, 03, 10, E8, 5E, DD, FE, FF, C7, 45, E4, 01, 00, 00, 00, 33, F6, 89, 75, FC, 8B, 45, 0C, 83, F8, 01, 77, 05, A3, 04, C1, 07, 10, 83, 7D, 0C, 00, 0F, 84, 99, B7, 00, 00, 8B, 45, 0C, 83, F8, 01, 0F, 85, 23, 01, 00, 00, A1, 80, DD, 07, 10, 85, C0, 0F, 85, 95, B7, 00, 00, 83, 7D, E4, 00, 74, 60, C7, 45, FC, 02, 00, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 4E, A2, 00, 00, 89, 45, E4, 89, 75, FC, 83...
 
[+]

Entropy:
6.5196

Code size:
490.5 KB (502,272 bytes)

Scheduled Task
Task name:
BfeOnServiceStartTypeChange

Path:
\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange

Trigger:
Event

Action:
bfe.dll bfe.dll,bfeonservicestarttypechange

Description:
This task adjusts the start type for firewall-triggered services when the start type of the Base Filtering Engine (BFE) is disabled.