IMEWDBLD.EXE

  • File Path: C:\Windows\SysWOW64\IME\shared\IMEWDBLD.EXE
  • Description: Microsoft IME Open Extended Dictionary Module

Screenshot

IMEWDBLD.EXE

Hashes

Type Hash
MD5 0984D217E10D11B2DBB8CCD47CDF36BD
SHA1 6BEBA2522259A3D06D21BA7B051C10F5BD42AD57
SHA256 C6CF94EE76F288CF59EDEBA4440CEDF08264EE1EA6F077DF654A0E9C5149F491
SHA384 B2BED978453E382510491B05274AD0759931273EB4151D6815BF3A413EF62872858882B2D710B985851CC6279165C9A8
SHA512 885060FBC753C4CE02BDF46671C70BDBA74E75584B14C5CC0826F3E184BA3ABB0FA279854121F9C5A7A6B75E64051DB57A38F88833B3A42530619A1FF11DA59A
SSDEEP 6144:sI9YzjicQ9utidKrVvI9p+hOHOty/sLRW3YolFqVQ7Gs/UEVTppNX+:rYzGcAGidKrVvI9p+MHOU/003FsQ7GsT
IMP 85CED23AC51CD18BBAAFE23E9D922D75
PESHA1 7BEEB221CD4C6AEB5536A18B258AF9D56693E715
PE256 06CAFF4A8699D8EBED8CF7A0653D452AE3FCC5232E968CB7BE55E6B3C70F2BD9

Runtime Data

Window Title:

Microsoft IME Open Extended Dictionary Error

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\imageres.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_261b62a767ca4e6d File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme2131664586 Section
\Windows\Theme966197582 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\IME\shared\IMEWDBLD.EXE

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: imewdbld.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1075 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1075
  • Language: Language Neutral
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/c6cf94ee76f288cf59edeba4440cedf08264ee1ea6f077df654a0e9c5149f491/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\system32\IME\shared\IMEWDBLD.EXE 36
C:\WINDOWS\system32\IME\SHARED\IMEWDBLD.EXE 38
C:\Windows\system32\IME\SHARED\IMEWDBLD.EXE 38
C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE 33
C:\windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE 32
C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE 38
C:\WINDOWS\SysWOW64\IME\SHARED\IMEWDBLD.EXE 41

MIT License. Copyright (c) 2020-2021 Strontic.