Reason Labs

TiWorker.exe

Windows Modules Installer Worker

Microsoft Corporation

Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows Modules Installer Worker

Version:
10.0.14252.1000 (rs1_onecore_sigma_cafe.160126-1700)

MD5:
33544af9498e92ffbf88701faf2db34b

SHA-1:
6eaeefa7bb4bcec2b61adb1ede2fe3659f03e742

SHA-256:
7c2bbe09fd27a6bbac84e47f5e71e2dd62669cbffa9799adb638712ff138cf3f

Status:
Clean (as of last analysis)

Analysis date:
11/16/2018 1:16:37 PM UTC  (today)

File size:
195.5 KB (200,192 bytes)

Product version:
10.0.14252.1000

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
TiWorker.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14252.1000_none_c70c2fa093d25f20\tiworker.exe

File PE Metadata
Compilation timestamp:
1/26/2016 10:40:43 PM

OS version:
10.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
3072:D5+Rqe/SxoKGgSXMfjK72b+PENXK6JRAqs4xjw8m1I0Smd:MRqeKxz/Vfjvb4MHxM8cDSm

Header:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F0, 00, 00, 00...
 
[+]

Entry address:
0x13210

Entry point:
48, 83, EC, 28, E8, 8B, 02, 00, 00, 48, 83, C4, 28, E9, 0E, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, C1, DD, 01, 00, 75, 10, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 01, C3, 48, C1, C9, 10, E9, 42, 04, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, DA, 10, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, 26, 11, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, 12, 11, 00, 00, CC, CC...
 
[+]

Entropy:
5.8841

Characteristics:
0x34

Code size:
74.5 KB (76,288 bytes)

Properties
Integrity level:
16384

Command line:
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14252.1000_none_c70c2fa093d25f20\TiWorker.exe -Embedding

There are numerous known versions of TiWorker.exe by Microsoft Corporation.

Clean
TiWorker.exe  6.3.9600.17477 (winblue_r5.141030-1500)  (5d22786a3464a6408c5704eaf033ca3d8a9a4c89)

Clean
TiWorker.exe  10.0.15059.0 (WinBuild.160101.0800)  (72d321bd5f9db91b71a99aea547fd4a27f224cea)

Clean
TiWorker.exe  10.0.15059.0 (WinBuild.160101.0800)  (137e3b5ccf98f303dfd960d7f56c675ec611daee)

Clean
TiWorker.exe  10.0.15058.1001 (WinBuild.160101.0800)  (d60cb4a048781f6eb8cba8f3f3e94156f5f33f50)

Clean
TiWorker.exe  10.0.15058.0 (WinBuild.160101.0800)  (a05387d654f80247822bb17a58eb545751950121)

Clean
TiWorker.exe  10.0.15055.0 (WinBuild.160101.0800)  (5615b1dca06c96c5c5c2a757c2974435c1161994)

Clean
TiWorker.exe  10.0.15055.0 (WinBuild.160101.0800)  (fa08c8ec8981753e1271aa308122e49a160b56d5)

Clean
TiWorker.exe  10.0.15054.1000 (WinBuild.160101.0800)  (2821d66cbbe3a80f7e81d0a9e58089688185f7a7)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (9c816310d339060a14080231b27b96508c7cc400)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (1385e483a9cb42eb14d2b15a13083562052998ac)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (9ad073346e23365e8ad23059b323679d5d3bac19)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (33c055cc60da874e6ed4d81ca640e5a114fcaf70)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (32b1d0baa117a1631e26eb42be12daa8fcd1c58b)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (921d1f2af6537159e083ce46f361295bb9da6e59)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (bcd3d9351f79861e36d540838d9462a10e95fd8e)

Clean
kernel32.dll  (f9ac70c562ba70dd7917e99b00ed6878531de66f)

Clean
kernelbase.dll  (90b069cbc93c701394b47d4e830cdd7d384f5d5c)

Clean
ntdll.dll  (3a2bae6036ff2d23309a7b93ab562494c50df236)

Clean
shlwapi.dll  (0ba38e91bf0e9d554e8dfea0ed6ea1214f9952a3)

Clean
gdi32.dll  (6a20fe18619dc46e379c42f12ed761749053cbf9)

Clean
user32.dll  (8b997b38e179cd03c0a2e87bddbc1ebca39a8630)

Clean
advapi32.dll  (453d4c3bf4a489433b593420a37bbffb7749875a)

Clean
msvcrt.dll  (df2756c114ca2d3b2b16d459a93f285924a55202)

Clean
sechost.dll  (2ae4ea1e2f2248a86f0dd25a1cbf828b5496fa79)

Clean
rpcrt4.dll  (0a2886a248c8d157ba89f4d5296a0b30f1a6424c)

Clean
sspicli.dll  (fda5de62a80510b1e02dae814cd6caa0a8fa035f)

Clean
cryptbase.dll  (d5fefb6b6ab0591f28d878b2d05e301ddc7957ab)

Clean
lpk.dll  (769bd7c18f82272b110f3bad913b28b0f7401d09)

Clean
userenv.dll  (83d1722a35eb16b010d8c9f72c627e97d4642101)

Clean
PROFAPI.DLL  (263e8fbf77c0ceead0c9bca56394bffa4a664361)

Clean
VERSION.DLL  (a4f845318e095d841b05e1400747ee4c28e1f28e)

Download Reason Core Security - Powerful anti-malware software