home

wfpcapture.sys

Microsoft Message Analyzer WFP Driver

Microsoft Corporation

It runs as a Windows kernel mode device driver named “wfpcapture”.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Message Analyzer WFP Driver

Description:
Message Analyzer -- WFP Callout Driver

Version:
0.03.01.00

MD5:
417486a7a5865cc23837ac5eda3046e4

SHA-1:
a722a257d196cfe13e5228bf554ed534b160952b

SHA-256:
f4d6e879d58973e01a9d96644e2ae617e85dd8f35026d52aeaabdc217016fe3e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/25/2024 5:16:00 AM UTC  (today)

File size:
51.7 KB (52,912 bytes)

Product version:
0.03.01.00

Copyright:
Copyright © 2012-2015 Microsoft Corporation. All rights reserved.

Original file name:
wfpcapture.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\wfpcapture.sys

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
4/22/2014 11:39:00 AM

Valid to:
7/22/2015 11:39:00 AM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000CA6CD5321235C4E1550001000000CA

File PE Metadata
Compilation timestamp:
5/21/2015 3:04:48 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
12.0

CTPH (ssdeep):
768:kwCw0SfYdH24ujFOHDmkzQz3z3z3z3z3z3z3z3zhzjbtdQUsxAN142Ui5:zCGCHFUYjv6DDDDDDDDhfbtdQWN142US

Entry address:
0x1104

Entry point:
8B, FF, 55, 8B, EC, E8, F2, 6E, 00, 00, 5D, E9, 22, FF, FF, FF, E8, 27, 00, 00, 00, C2, 08, 00, 8B, FF, 55, 8B, EC, A1, 44, 77, 01, 00, 85, C0, 74, 0C, 3D, 1C, 11, 01, 00, 74, 05, FF, 75, 08, FF, D0, E8, 05, 00, 00, 00, 5D, C2, 04, 00, CC, 8B, FF, 56, BE, 08, 70, 01, 00, 56, E8, 62, 00, 00, 00, FF, 35, 48, 77, 01, 00, 56, 68, 60, 79, 01, 00, E8, D5, 0D, 00, 00, 5E, C3, CC, 8B, FF, 57, B8, 70, 70, 01, 00, BF, 78, 70, 01, 00, 3B, C7, 76, 07, B8, 7B, 00, 00, C0, 5F, C3, B8, 78, 70, 01, 00, 56, 3B, C7, 73, 20...
 
[+]

Entropy:
6.0226

Code size:
16.5 KB (16,896 bytes)

Driver
Display name:
wfpcapture

Type:
Kernel device driver (KernelDriver)


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.