Discord.exe
- File Path:
C:\Users\user\AppData\Local\Discord\app-1.0.9003\Discord.exe - Description: Discord
Hashes
| Type | Hash |
|---|---|
| MD5 | 1C13935AEFF94D2473978482644CC599 |
| SHA1 | CBC38180CD5C659B0E48D95676B730B70F3DE77F |
| SHA256 | 688709B3754C5446702062DFF138369DF87B5C21C865D40430628890B95F66DB |
| SHA384 | F4072A1D744D96C98EC413E79D80327A3FB8248B55B303D2F2A5D90FCCCEF081F10405CB6DA6DA4F4E2A773E217D5766 |
| SHA512 | 17B6B5E0DAE4E3F1C50D0830FB17D1D8CC95715A79E0C73C8BA6A7BE72D72C59800BF6DC0C273319C1E16AA9CC97384B634CE718B48D9193C9CF8108CDB5E144 |
| SSDEEP | 1572864:QB01BP10ql0CDLLJnZ895tsVpRzgwQnNoAeJVAd2jrzMa0JGkBf8dUZHb4Am8f19:p1BP6UxQCJVAyke6I8WjUN |
| IMP | 5D7A734E608F216C0FFB097FFEF8C434 |
| PESHA1 | 329BC541EEF67A7439E4BEF8CEE90D38CD8155BC |
| PE256 | F277F9D11E0F34954ED85D8ADAD1973B1ACEB8213A979139F29DAFC71DD859CC |
Runtime Data
Usage (stdout):
Discord 1.0.9003
Starting app.
Starting updater.
Child Processes:
Discord.exe Discord.exe Discord.exe Discord.exe Discord.exe Discord.exe Discord.exe
Window Title:
Discord Updater
Open Handles:
| Path | Type |
|---|---|
| (R–) C:\Users\user\AppData\Roaming\discord\lockfile | File |
| (R-D) C:\Users\user\AppData\Local\Discord\app-1.0.9003\chrome_100_percent.pak | File |
| (R-D) C:\Users\user\AppData\Local\Discord\app-1.0.9003\chrome_200_percent.pak | File |
| (R-D) C:\Users\user\AppData\Local\Discord\app-1.0.9003\locales\en-US.pak | File |
| (R-D) C:\Users\user\AppData\Local\Discord\app-1.0.9003\resources.pak | File |
| (R-D) C:\Windows\System32\en-US\crypt32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\kernel32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\mswsock.dll.mui | File |
| (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui | File |
| (RW-) C:\Users\user | File |
| (RW-) C:\Users\user\AppData\Local\Discord\app-1.0.9003\icudtl.dat | File |
| (RW-) C:\Users\user\AppData\Local\Discord\app-1.0.9003\modules\discord_desktop_core-1\discord_desktop_core\core.asar | File |
| (RW-) C:\Users\user\AppData\Local\Discord\app-1.0.9003\resources\app.asar | File |
| (RW-) C:\Users\user\AppData\Local\Discord\app-1.0.9003\v8_context_snapshot.bin | File |
| (RW-) C:\Users\user\AppData\Local\Discord\installer.db | File |
| (RW-) C:\Users\user\AppData\Local\Discord\installer.db-journal | File |
| (RW-) C:\Users\user\AppData\Roaming\discord\Local Storage\leveldb\000003.log | File |
| (RW-) C:\Users\user\AppData\Roaming\discord\Local Storage\leveldb\LOCK | File |
| (RW-) C:\Users\user\AppData\Roaming\discord\Local Storage\leveldb\LOG | File |
| (RW-) C:\Users\user\AppData\Roaming\discord\Local Storage\leveldb\MANIFEST-000001 | File |
| (RW-) C:\Users\user\AppData\Roaming\discord\Session Storage\000003.log | File |
| (RW-) C:\Users\user\AppData\Roaming\discord\Session Storage\LOCK | File |
| (RW-) C:\Users\user\AppData\Roaming\discord\Session Storage\LOG | File |
| (RW-) C:\Users\user\AppData\Roaming\discord\Session Storage\MANIFEST-000001 | File |
| (RW-) C:\Windows | File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984 | File |
| (RWD) C:\Users\user\AppData\Local\Discord\Discord_updater_rCURRENT.log | File |
| (RWD) C:\Users\user\AppData\Local\Discord\download\incoming.tmp6QnM5a | File |
| (RWD) C:\Users\user\AppData\Roaming\discord\GPUCache\data_0 | File |
| (RWD) C:\Users\user\AppData\Roaming\discord\GPUCache\data_1 | File |
| (RWD) C:\Users\user\AppData\Roaming\discord\GPUCache\data_2 | File |
| (RWD) C:\Users\user\AppData\Roaming\discord\GPUCache\data_3 | File |
| (RWD) C:\Users\user\AppData\Roaming\discord\GPUCache\index | File |
| (RWD) C:\Users\user\AppData\Roaming\Microsoft\Spelling | File |
| (RWD) C:\Windows\System32\drivers\etc | File |
| \BaseNamedObjects__ComCatalogCache__ | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\1\BaseNamedObjects\1818HWNDInterface:1b0990 | Section |
| \Sessions\1\BaseNamedObjects\1818HWNDInterface:4609d8 | Section |
| \Sessions\1\BaseNamedObjects\node-debug-handler-6168 | Section |
| \Sessions\1\BaseNamedObjects\windows_shell_global_counters | Section |
| \Sessions\1\Windows\Theme449731986 | Section |
| \Windows\Theme1396518710 | Section |
Loaded Modules:
| Path |
|---|
| C:\Users\user\AppData\Local\Discord\app-1.0.9003\Discord.exe |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
01E20D5BE0B5190B1DBFDE9BEF380D9A - Thumbprint:
A10EB13B255A9F3BFDA8664182B0F529B649DA3D - Issuer: CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
- Subject: CN=Discord Inc., OU=Select or enter, O=Discord Inc., L=San Francisco, S=California, C=US, SERIALNUMBER=5128862, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
File Metadata
- Original Filename: Discord.exe
- Product Name: Discord
- Company Name: Discord Inc.
- File Version: 1.0.9003
- Product Version: 1.0.9003
- Language: English (United States)
- Legal Copyright: Copyright (c) 2021 Discord Inc. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/70
- VirusTotal Link: https://www.virustotal.com/gui/file/688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db/detection
Possible Misuse
The following table contains possible examples of Discord.exe being misused. While Discord.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | proc_creation_win_susp_squirrel_lolbin.yml | - '\AppData\Local\Discord\Update.exe' |
DRL 1.0 |
| sigma | proc_creation_win_susp_squirrel_lolbin.yml | - ' --processStart Discord.exe' |
DRL 1.0 |
| sigma | proc_creation_win_susp_squirrel_lolbin.yml | - Discord |
DRL 1.0 |
| signature-base | gen_suspicious_strings.yar | description = “Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)” | CC BY-NC 4.0 |
| signature-base | gen_suspicious_strings.yar | description = “Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN)” | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.