Discord.exe

  • File Path: C:\Users\user\AppData\Local\Discord\app-1.0.9003\Discord.exe
  • Description: Discord

Hashes

Type Hash
MD5 1C13935AEFF94D2473978482644CC599
SHA1 CBC38180CD5C659B0E48D95676B730B70F3DE77F
SHA256 688709B3754C5446702062DFF138369DF87B5C21C865D40430628890B95F66DB
SHA384 F4072A1D744D96C98EC413E79D80327A3FB8248B55B303D2F2A5D90FCCCEF081F10405CB6DA6DA4F4E2A773E217D5766
SHA512 17B6B5E0DAE4E3F1C50D0830FB17D1D8CC95715A79E0C73C8BA6A7BE72D72C59800BF6DC0C273319C1E16AA9CC97384B634CE718B48D9193C9CF8108CDB5E144
SSDEEP 1572864:QB01BP10ql0CDLLJnZ895tsVpRzgwQnNoAeJVAd2jrzMa0JGkBf8dUZHb4Am8f19:p1BP6UxQCJVAyke6I8WjUN
IMP 5D7A734E608F216C0FFB097FFEF8C434
PESHA1 329BC541EEF67A7439E4BEF8CEE90D38CD8155BC
PE256 F277F9D11E0F34954ED85D8ADAD1973B1ACEB8213A979139F29DAFC71DD859CC

Runtime Data

Usage (stdout):


Discord 1.0.9003
Starting app.
Starting updater.

Child Processes:

Discord.exe Discord.exe Discord.exe Discord.exe Discord.exe Discord.exe Discord.exe

Window Title:

Discord Updater

Open Handles:

Path Type
(R–) C:\Users\user\AppData\Roaming\discord\lockfile File
(R-D) C:\Users\user\AppData\Local\Discord\app-1.0.9003\chrome_100_percent.pak File
(R-D) C:\Users\user\AppData\Local\Discord\app-1.0.9003\chrome_200_percent.pak File
(R-D) C:\Users\user\AppData\Local\Discord\app-1.0.9003\locales\en-US.pak File
(R-D) C:\Users\user\AppData\Local\Discord\app-1.0.9003\resources.pak File
(R-D) C:\Windows\System32\en-US\crypt32.dll.mui File
(R-D) C:\Windows\System32\en-US\kernel32.dll.mui File
(R-D) C:\Windows\System32\en-US\mswsock.dll.mui File
(R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Users\user\AppData\Local\Discord\app-1.0.9003\icudtl.dat File
(RW-) C:\Users\user\AppData\Local\Discord\app-1.0.9003\modules\discord_desktop_core-1\discord_desktop_core\core.asar File
(RW-) C:\Users\user\AppData\Local\Discord\app-1.0.9003\resources\app.asar File
(RW-) C:\Users\user\AppData\Local\Discord\app-1.0.9003\v8_context_snapshot.bin File
(RW-) C:\Users\user\AppData\Local\Discord\installer.db File
(RW-) C:\Users\user\AppData\Local\Discord\installer.db-journal File
(RW-) C:\Users\user\AppData\Roaming\discord\Local Storage\leveldb\000003.log File
(RW-) C:\Users\user\AppData\Roaming\discord\Local Storage\leveldb\LOCK File
(RW-) C:\Users\user\AppData\Roaming\discord\Local Storage\leveldb\LOG File
(RW-) C:\Users\user\AppData\Roaming\discord\Local Storage\leveldb\MANIFEST-000001 File
(RW-) C:\Users\user\AppData\Roaming\discord\Session Storage\000003.log File
(RW-) C:\Users\user\AppData\Roaming\discord\Session Storage\LOCK File
(RW-) C:\Users\user\AppData\Roaming\discord\Session Storage\LOG File
(RW-) C:\Users\user\AppData\Roaming\discord\Session Storage\MANIFEST-000001 File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984 File
(RWD) C:\Users\user\AppData\Local\Discord\Discord_updater_rCURRENT.log File
(RWD) C:\Users\user\AppData\Local\Discord\download\incoming.tmp6QnM5a File
(RWD) C:\Users\user\AppData\Roaming\discord\GPUCache\data_0 File
(RWD) C:\Users\user\AppData\Roaming\discord\GPUCache\data_1 File
(RWD) C:\Users\user\AppData\Roaming\discord\GPUCache\data_2 File
(RWD) C:\Users\user\AppData\Roaming\discord\GPUCache\data_3 File
(RWD) C:\Users\user\AppData\Roaming\discord\GPUCache\index File
(RWD) C:\Users\user\AppData\Roaming\Microsoft\Spelling File
(RWD) C:\Windows\System32\drivers\etc File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\BaseNamedObjects\1818HWNDInterface:1b0990 Section
\Sessions\1\BaseNamedObjects\1818HWNDInterface:4609d8 Section
\Sessions\1\BaseNamedObjects\node-debug-handler-6168 Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\1\Windows\Theme449731986 Section
\Windows\Theme1396518710 Section

Loaded Modules:

Path
C:\Users\user\AppData\Local\Discord\app-1.0.9003\Discord.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 01E20D5BE0B5190B1DBFDE9BEF380D9A
  • Thumbprint: A10EB13B255A9F3BFDA8664182B0F529B649DA3D
  • Issuer: CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
  • Subject: CN=Discord Inc., OU=Select or enter, O=Discord Inc., L=San Francisco, S=California, C=US, SERIALNUMBER=5128862, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US

File Metadata

  • Original Filename: Discord.exe
  • Product Name: Discord
  • Company Name: Discord Inc.
  • File Version: 1.0.9003
  • Product Version: 1.0.9003
  • Language: English (United States)
  • Legal Copyright: Copyright (c) 2021 Discord Inc. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db/detection

Possible Misuse

The following table contains possible examples of Discord.exe being misused. While Discord.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_susp_squirrel_lolbin.yml - Discord DRL 1.0
signature-base gen_suspicious_strings.yar description = “Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)” CC BY-NC 4.0
signature-base gen_suspicious_strings.yar description = “Detects suspicious encoded URL to a Discord attachment (often used for malware hosting on a legitimate FQDN)” CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.