Kofmsp.dll Guide
| Indicator | Suspicious | Malicious |
|-----------|------------|------------|
| Digital signature | Missing or self-signed | Invalid or expired |
| Location | %TEMP%, Downloads, or Roaming | Any non-Kofax folder |
| File size | <100 KB or >5 MB (packed) | Executable behavior detected |
| Process loading it | Unknown process (e.g., svchost.exe) | Script runner, PowerShell |
| High CPU/network | Yes, even when not scanning | Persistent outbound connections |
Recommendation: Always verify the digital signature. Right-click
kofmsp.dll→ Properties → Digital Signatures tab. Legitimate Kofax signatures will show "Kofax, Inc." or "Tungsten Automation." kofmsp.dll
If you recently deleted a Kofax folder or your AV software removed the file: Recommendation: Always verify the digital signature
Get-AuthenticodeSignature "C:\Program Files (x86)\Kofax\Capture\Bin\kofmsp.dll"