Reason Labs

TiWorker.exe

Windows Modules Installer Worker

Microsoft Corporation

This is a self-extracting archive and installer.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows Modules Installer Worker

Version:
10.0.11089.1000 (rs1_release.151220-0032)

MD5:
d63c6ad7d428d8162f2592205e5e8c73

SHA-1:
cb2c96271e6fcbe013d87ec940cecaaf839e43ab

SHA-256:
4cc1c586fcfb5d0d65335ee0f3e34b788766b43873ed59a690031ab727ddacd3

Status:
Clean (as of last analysis)

Analysis date:
11/16/2018 12:34:14 PM UTC  (today)

File size:
195.5 KB (200,192 bytes)

Product version:
10.0.11089.1000

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
TiWorker.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.11089.1000_none_f6b2d6eec6c70257\tiworker.exe

File PE Metadata
Compilation timestamp:
12/20/2015 11:58:07 AM

OS version:
10.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.10

CTPH (ssdeep):
3072:QEbyTfk0VSAKwRCMcLYYuU0Rob7sENXK6JRAqs4xjw8m1IruSmTo:dyTs0cmc0YuUEoboMHxM8c2uSmT

Header:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E8, 00, 00, 00...
 
[+]

Entry address:
0x13200

Entry point:
48, 83, EC, 28, E8, 8B, 02, 00, 00, 48, 83, C4, 28, E9, 0E, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, D1, DD, 01, 00, 75, 10, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 01, C3, 48, C1, C9, 10, E9, 42, 04, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, EA, 10, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, 36, 11, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, 22, 11, 00, 00, CC, CC...
 
[+]

Characteristics:
0x34

Code size:
74.5 KB (76,288 bytes)

Properties
Integrity level:
16384

Command line:
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.11089.1000_none_f6b2d6eec6c70257\TiWorker.exe -Embedding

There are numerous known versions of TiWorker.exe by Microsoft Corporation.

Clean
TiWorker.exe  6.3.9600.17477 (winblue_r5.141030-1500)  (5d22786a3464a6408c5704eaf033ca3d8a9a4c89)

Clean
TiWorker.exe  10.0.15059.0 (WinBuild.160101.0800)  (72d321bd5f9db91b71a99aea547fd4a27f224cea)

Clean
TiWorker.exe  10.0.15059.0 (WinBuild.160101.0800)  (137e3b5ccf98f303dfd960d7f56c675ec611daee)

Clean
TiWorker.exe  10.0.15058.1001 (WinBuild.160101.0800)  (d60cb4a048781f6eb8cba8f3f3e94156f5f33f50)

Clean
TiWorker.exe  10.0.15058.0 (WinBuild.160101.0800)  (a05387d654f80247822bb17a58eb545751950121)

Clean
TiWorker.exe  10.0.15055.0 (WinBuild.160101.0800)  (5615b1dca06c96c5c5c2a757c2974435c1161994)

Clean
TiWorker.exe  10.0.15055.0 (WinBuild.160101.0800)  (fa08c8ec8981753e1271aa308122e49a160b56d5)

Clean
TiWorker.exe  10.0.15054.1000 (WinBuild.160101.0800)  (2821d66cbbe3a80f7e81d0a9e58089688185f7a7)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (9c816310d339060a14080231b27b96508c7cc400)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (1385e483a9cb42eb14d2b15a13083562052998ac)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (9ad073346e23365e8ad23059b323679d5d3bac19)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (33c055cc60da874e6ed4d81ca640e5a114fcaf70)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (32b1d0baa117a1631e26eb42be12daa8fcd1c58b)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (921d1f2af6537159e083ce46f361295bb9da6e59)

Clean
TiWorker.exe  10.0.14393.693 (rs1_release.161220-1747)  (bcd3d9351f79861e36d540838d9462a10e95fd8e)

Clean
kernel32.dll  (f9ac70c562ba70dd7917e99b00ed6878531de66f)

Clean
kernelbase.dll  (90b069cbc93c701394b47d4e830cdd7d384f5d5c)

Clean
ntdll.dll  (3a2bae6036ff2d23309a7b93ab562494c50df236)

Clean
shlwapi.dll  (0ba38e91bf0e9d554e8dfea0ed6ea1214f9952a3)

Clean
gdi32.dll  (6a20fe18619dc46e379c42f12ed761749053cbf9)

Clean
user32.dll  (8b997b38e179cd03c0a2e87bddbc1ebca39a8630)

Clean
advapi32.dll  (453d4c3bf4a489433b593420a37bbffb7749875a)

Clean
msvcrt.dll  (df2756c114ca2d3b2b16d459a93f285924a55202)

Clean
sechost.dll  (2ae4ea1e2f2248a86f0dd25a1cbf828b5496fa79)

Clean
rpcrt4.dll  (0a2886a248c8d157ba89f4d5296a0b30f1a6424c)

Clean
sspicli.dll  (fda5de62a80510b1e02dae814cd6caa0a8fa035f)

Clean
cryptbase.dll  (d5fefb6b6ab0591f28d878b2d05e301ddc7957ab)

Clean
lpk.dll  (769bd7c18f82272b110f3bad913b28b0f7401d09)

Clean
userenv.dll  (83d1722a35eb16b010d8c9f72c627e97d4642101)

Clean
PROFAPI.DLL  (263e8fbf77c0ceead0c9bca56394bffa4a664361)

Clean
VERSION.DLL  (a4f845318e095d841b05e1400747ee4c28e1f28e)

Download Reason Core Security - Powerful anti-malware software