IMEWDBLD.EXE

  • File Path: C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE
  • Description: Microsoft IME Open Extended Dictionary Module

Screenshot

IMEWDBLD.EXE

Hashes

Type Hash
MD5 40FBB367D0F83472C170359D6E3446A0
SHA1 C274597DAB07491C3CA8D9863383145771E4EDBB
SHA256 0CFF477B20735E3E56EB8FB1866108362F3FED20E230F07BBC21F8C2D8E13C96
SHA384 030423B6426729A7BE096632F6CF46D4DBA4A8A57E45A8143ADD7380C9C932D6D926F52BE3EC1CB83928AC067A911059
SHA512 E53E7F2379B75755D4617AB13D2DBC60D705D11689763FC0335AB61A3E61330A86488705F4C2B92F2CB1264334243BD8A27027B3240AE477D4327A83129C939D
SSDEEP 6144:vBNjNNnj4mDYaW1rxK4Op4mBNqvcGSvSOkBvGemmq8V7Gs/UEVTppcX+LRe:vBNhNn0881rxK4Op4mB2cGuSOE1V7Gs2
IMP 589AC1368274910A75F86CA227986543
PESHA1 4A1200710DB7A3F462188687A543D4334AFE78CF
PE256 24569DB8E668615F79A19AA6C57282AD259D721EA26E4AD3DF6F88C235D69FD7

Runtime Data

Window Title:

Microsoft IME Open Extended Dictionary Error

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(RW-) C:\Users\user File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme1175649999 Section
\Windows\Theme601709542 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: imewdbld.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: Language Neutral
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/74
  • VirusTotal Link: https://www.virustotal.com/gui/file/0cff477b20735e3e56eb8fb1866108362f3fed20e230f07bbc21f8c2d8e13c96/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\IME\shared\IMEWDBLD.EXE 32
C:\WINDOWS\system32\IME\SHARED\IMEWDBLD.EXE 36
C:\Windows\system32\IME\SHARED\IMEWDBLD.EXE 35
C:\Windows\SysWOW64\IME\shared\IMEWDBLD.EXE 33
C:\windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE 33
C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE 33
C:\WINDOWS\SysWOW64\IME\SHARED\IMEWDBLD.EXE 38

MIT License. Copyright (c) 2020-2021 Strontic.