wdfcoinstaller01009x64.dll

WDF Coinstaller

Atom Security OOO

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The module wdfcoinstaller01009x64.dll by Atom Security OOO has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by Atom Security OOO)

Product:
Microsoft® Windows® Operating System

Description:
WDF Coinstaller

Version:
1.9.7600.16385 (win7_rtm.090713-1255)

MD5:
02a33ffe5d5f1eae7cefc33ff3f84ba7

SHA-1:
ba40001209a19221ec09d829d0d6cd5a01d47f71

SHA-256:
387c999511eb7c7a31e3fd851121c32b1822c89cdf923f0a326aabdbe576722a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/28/2024 4:54:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.AtomSecu.Installer
16.7.25.15

File size:
1.6 MB (1,721,304 bytes)

Product version:
1.9.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WdfCoInstaller.dll

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\windows\syswow64\wdfcoinstaller01009x64.dll

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/24/2013 6:00:00 AM

Valid to:
6/25/2014 5:59:59 AM

Subject:
CN=Atom Security OOO, OU=development, O=Atom Security OOO, STREET="Academician Koptyuga Prospect, 4,office 158", L=Novosibirsk, S=nso, PostalCode=630090, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
717783EFCF5E8A80B86D166EFF5E6862

File PE Metadata
Compilation timestamp:
7/14/2009 6:04:59 AM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
24576:GU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWh:zFCsfZRZA6Xn388avVovfLd+Mo4iEh

Entry address:
0xEAB4

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 03, 02, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, CF, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, E9, 25, 00, 00, 75, 12, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 03, C2, 00, 00, 48, C1, C9, 10, E9, 64, 02, 00, 00, CC, CC, CC, CC...
 
[+]

Code size:
62 KB (63,488 bytes)

Remove wdfcoinstaller01009x64.dll - Powered by Reason Core Security