Reason Labs

TiWorker.exe

Windows Modules Installer Worker

Microsoft Corporation

Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows Modules Installer Worker

Version:
10.0.11087.1000 (rs1_onecore_mqsigma2_dev01.151217-1958)

MD5:
45ec5d796f898dfa062b266c66c8d160

SHA-1:
a6cacdfae24d6f95141b88f01fb7d24bbf388bec

SHA-256:
a2b99bb154f304f61ea8964559082b91b94672ad7d381c0e4ace9f990b05b01b

Status:
Clean (as of last analysis)

Analysis date:
11/16/2018 1:31:31 PM UTC  (today)

File size:
195.5 KB (200,192 bytes)

Product version:
10.0.11087.1000

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
TiWorker.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.11087.1000_none_f5a0b284948a8985\tiworker.exe

File PE Metadata
Compilation timestamp:
12/18/2015 5:39:59 AM

OS version:
10.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.10

CTPH (ssdeep):
3072:EEbyTfk0VSAKwRCMcLYYuU0Rob7sENXK6JRAqs4xjw8m1I8uSmTJ:RyTs0cmc0YuUEoboMHxM8c5uSmT

Header:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E8, 00, 00, 00...
 
[+]

Entry address:
0x13200

Entry point:
48, 83, EC, 28, E8, 8B, 02, 00, 00, 48, 83, C4, 28, E9, 0E, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, D1, DD, 01, 00, 75, 10, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 01, C3, 48, C1, C9, 10, E9, 42, 04, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, EA, 10, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, 36, 11, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, 22, 11, 00, 00, CC, CC...
 
[+]

Entropy:
5.8824

Characteristics:
0x34

Code size:
74.5 KB (76,288 bytes)

Properties
Integrity level:
16384

Command line:
C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.11087.1000_none_f5a0b284948a8985\TiWorker.exe -Embedding

There are numerous known versions of TiWorker.exe by Microsoft Corporation.

Clean
TiWorker.exe  6.3.9600.17477 (winblue_r5.141030-1500)  (5d22786a3464a6408c5704eaf033ca3d8a9a4c89)

Clean
TiWorker.exe  10.0.15059.0 (WinBuild.160101.0800)  (72d321bd5f9db91b71a99aea547fd4a27f224cea)

Clean
TiWorker.exe  10.0.15059.0 (WinBuild.160101.0800)  (137e3b5ccf98f303dfd960d7f56c675ec611daee)

Clean
TiWorker.exe  10.0.15058.1001 (WinBuild.160101.0800)  (d60cb4a048781f6eb8cba8f3f3e94156f5f33f50)

Clean
TiWorker.exe  10.0.15058.0 (WinBuild.160101.0800)  (a05387d654f80247822bb17a58eb545751950121)

Clean
TiWorker.exe  10.0.15055.0 (WinBuild.160101.0800)  (5615b1dca06c96c5c5c2a757c2974435c1161994)

Clean
TiWorker.exe  10.0.15055.0 (WinBuild.160101.0800)  (fa08c8ec8981753e1271aa308122e49a160b56d5)

Clean
TiWorker.exe  10.0.15054.1000 (WinBuild.160101.0800)  (2821d66cbbe3a80f7e81d0a9e58089688185f7a7)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (9c816310d339060a14080231b27b96508c7cc400)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (1385e483a9cb42eb14d2b15a13083562052998ac)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (9ad073346e23365e8ad23059b323679d5d3bac19)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (33c055cc60da874e6ed4d81ca640e5a114fcaf70)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (32b1d0baa117a1631e26eb42be12daa8fcd1c58b)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (921d1f2af6537159e083ce46f361295bb9da6e59)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (bcd3d9351f79861e36d540838d9462a10e95fd8e)

Clean
kernel32.dll  (f9ac70c562ba70dd7917e99b00ed6878531de66f)

Clean
kernelbase.dll  (90b069cbc93c701394b47d4e830cdd7d384f5d5c)

Clean
ntdll.dll  (3a2bae6036ff2d23309a7b93ab562494c50df236)

Clean
shlwapi.dll  (0ba38e91bf0e9d554e8dfea0ed6ea1214f9952a3)

Clean
gdi32.dll  (6a20fe18619dc46e379c42f12ed761749053cbf9)

Clean
user32.dll  (8b997b38e179cd03c0a2e87bddbc1ebca39a8630)

Clean
advapi32.dll  (453d4c3bf4a489433b593420a37bbffb7749875a)

Clean
msvcrt.dll  (df2756c114ca2d3b2b16d459a93f285924a55202)

Clean
sechost.dll  (2ae4ea1e2f2248a86f0dd25a1cbf828b5496fa79)

Clean
rpcrt4.dll  (0a2886a248c8d157ba89f4d5296a0b30f1a6424c)

Clean
sspicli.dll  (fda5de62a80510b1e02dae814cd6caa0a8fa035f)

Clean
cryptbase.dll  (d5fefb6b6ab0591f28d878b2d05e301ddc7957ab)

Clean
lpk.dll  (769bd7c18f82272b110f3bad913b28b0f7401d09)

Clean
userenv.dll  (83d1722a35eb16b010d8c9f72c627e97d4642101)

Clean
PROFAPI.DLL  (263e8fbf77c0ceead0c9bca56394bffa4a664361)

Clean
VERSION.DLL  (a4f845318e095d841b05e1400747ee4c28e1f28e)

Download Reason Core Security - Powerful anti-malware software