» wdfcoinstaller01009.dll
Overview
Analysis
File Details

wdfcoinstaller01009.dll

WDF Coinstaller

Phonak AG

File name:

Publisher:

Microsoft Corporation (signed by Phonak AG)

Product:

Microsoft® Windows® Operating System

Description:

WDF Coinstaller

Version:

1.9.7600.16385 (win7_rtm.090713-1255)

MD5:

1fe803e0291de99682d3a8661bb95926

SHA-1:

2994cc849e383f248e8768751df4b634dd3d91fa

SHA-256:

6b1db018bae7f3839d7839f4318839231fe31fbd8f5f8835b2c5056478b9621e

Scanner detections:

5 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/19/2024 1:33:16 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

herdProtect (fuzzy)

variant of $rk5k6jc.dll

2015.8.28.23

Kaspersky

Packed.Win32.Krap

14.0.0.1510

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

9663

VIPRE Antivirus

Threat.4729122

31208

File size:

1.6 MB (1,721,656 bytes)

Product version:

1.9.7600.16385

Original file name:

WdfCoInstaller.dll

File type:

Dynamic link library (Win64 DLL)

Language:

Language Neutral

Common path:

C:\Windows\System32\wdfcoinstaller01009.dll

Digital Signature

Signed by:

Phonak AG

Authority:

VeriSign, Inc.

Valid from:

2/19/2012 5:00:00 PM

Valid to:

3/20/2015 5:59:59 PM

Subject:

CN=Phonak AG, OU=Phonak Fitting Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Phonak AG, L=Staefa, S=Zuerich, C=CH

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

37C400FE6F61A93D57453842F153DFE4

File PE Metadata

Compilation timestamp:

7/13/2009 6:04:59 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

24576:WU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWD:DFCsfZRZA6Xn388avVovfLd+Mo4iED

Entry address:

0xEAB4

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 03, 02, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, CF, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, E9, 25, 00, 00, 75, 12, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 03, C2, 00, 00, 48, C1, C9, 10, E9, 64, 02, 00, 00, CC, CC, CC, CC... 
[+]

Entropy:

7.9785 (probably packed)

Code size:

62 KB (63,488 bytes)

Scan wdfcoinstaller01009.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.