home

wevtapi.dll

Eventing Consumption and Configuration API

Microsoft Corporation

Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
Eventing Consumption and Configuration API

 
Part of the Windows Operating System

Version:
10.0.9901.0 (winmain_prs.141202-1718)

MD5:
705b9c77900ded3785f686d36f49b720

SHA-1:
aed1f9858e2d9a7c61b2456395ce9395f2e8d57a

SHA-256:
1ad579d118571ff032d5fa184939cc8c48b82d23e070cd930ecca0629414b30b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/22/2024 2:49:59 PM UTC  (today)

File size:
308.9 KB (316,312 bytes)

Product version:
10.0.9901.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
wevtapi.dll.mui

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\windows\syswow64\wevtapi.dll

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
9/5/2014 9:39:18 AM

Valid to:
5/2/2015 9:39:18 AM

Subject:
CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Development PCA 2014, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
3300000082A274893CA252BEBD000000000082

File PE Metadata
Compilation timestamp:
12/3/2014 8:33:59 AM

OS version:
10.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.10

CTPH (ssdeep):
6144:KZmQi3HWqJdbGdh9gTf9UzzUE0adQ6Aa6GvLjq1oQT43+4i6:KZmQi3HWqjbGdzzzN0adQ4HvPqGs4c6

Entry address:
0x141F0

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 58, 09, 00, 00, 5D, E9, 2A, 00, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, B8, 63, 73, 6D, E0, 39, 45, 08, 75, 0D, FF, 75, 0C, 50, E8, B7, 07, 00, 00, 59, 59, 5D, C3, 33, C0, 5D, C3, CC, CC, CC, CC, CC, 6A, 30, 68, A8, 13, 04, 10, E8, D0, 09, 00, 00, C7, 45, E0, 01, 00, 00, 00, 33, F6, 89, 75, FC, 8B, 45, 0C, 83, F8, 01, 77, 05, A3, 04, 50, 04, 10, 83, 7D, 0C, 00, 75, 11, 83, 3D, A8, 51, 04, 10, 00, 75, 08, 89, 75, E0, E9, 39, 02, 00, 00, 8B, 45, 0C, 83...
 
[+]

Entropy:
6.5616

Code size:
269.5 KB (275,968 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.