MpDlpCmd.exe

  • File Path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.8-0\MpDlpCmd.exe
  • Description: Microsoft Malware Protection DLP Command Line Utility

Hashes

Type Hash
MD5 C97B4BF420EB28F996FB2FC881D3864F
SHA1 26399AB0DCCC2DB8E3C656338B3EDDA1F344841F
SHA256 5144B12FC98F3E601225B4F3CB3545C6BB528E2FB8CBD166F1F3EC9ABCA459AD
SHA384 DAE8B0E1C4644A949E1841D904928C8FBA0D4F3A12CA3CE0BEFECD5B81980E5742F5B17EDEC93D1785AF056A86832F9B
SHA512 20DDD6D42B6C595D03F9650586452A981EC243B69BDFDDCD6F86E86B5F21DDE3F0B8DCBC941EC222BA6EB55F41DCEF5304DB44E7EEA59C83096ED211F43E0A94
SSDEEP 6144:sFBI/ZoNY3S6uQmiTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV60jVLVVOVO:sFBI/ZoNY3juyB
IMP 02825D4A6921DDC8942786A47C533B8B
PESHA1 A2355846A2DC68978A9ED96F09205AA438EAD270
PE256 65A3CE1C042A6A96C3A06B219C75756D8E33139340BA734B9C133AE59B947356

Runtime Data

Usage (stdout):

MpDlpCmd: Failed with hr = 0x80070667.MpDlpCmd: Invalid command line argument

Usage: MpDlpCmd -<Command>

Loaded Modules:

Path
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.8-0\MpDlpCmd.exe
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\SYSTEM32\UxTheme.dll
C:\Windows\System32\win32u.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_de6e2bd0534e2567\COMCTL32.dll

Signature

  • Status: Signature verified.
  • Serial: 330000024A0E8AFDF15C662D2B00000000024A
  • Thumbprint: 96384A7F5F1C438F32E2454697DC6D312A74517B
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows Publisher, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: MpDlpCmd.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 4.18.2007.8 (WinBuild.160101.0800)
  • Product Version: 4.18.2007.8
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/5144b12fc98f3e601225b4f3cb3545c6bb528e2fb8cbd166f1f3ec9abca459ad/detection/

File Similarity (ssdeep match)

File Score
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpDlpCmd.exe 77
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2005.5-0\MpDlpCmd.exe 74
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MpDlpCmd.exe 79
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MpDlpCmd.exe 80
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MpDlpCmd.exe 77
C:\WINDOWS\system32\SecurityHealthSystray.exe 80

MIT License. Copyright (c) 2020-2021 Strontic.