ProcessDump.exe

  • File Path: C:\Program Files (x86)\Cisco Systems\Cisco Jabber\x64\ProcessDump.exe

Hashes

Type Hash
MD5 8E00DFD4152033F4E806AB0E677925A3
SHA1 76D0C455083F4E113200B404425E2C4BF0F4D596
SHA256 F91F794E351C963971B692656F30200A3A7AF54AF1AFD5383DA74BB393AD96AF
SHA384 54B4EC35347AC7DB0DB6D2ECEFA6E9A7C1DF830E5EA6262FB401CF88A6E4C8E0F2C5018FA88625D8E0D759CB0B349BAA
SHA512 8FF050C48568EE975DC7DFDAF013C9E73F0956F00F51C4111FB81A2F74E3576E1A33E851C61819DD41220B6114D5C555566605A005E66FB3DC71DEA4BF722FF0
SSDEEP 384:S7F5fGFH9miwE/ZUKLLew/4oBiCIFaG1zh1NrZI6iLoAlKvaay6MK6j11M:m+wg4oQCINrZOLXLKg11M
IMP 098A8E203FFEFD6C75B750C36EA20CA6
PESHA1 347C7D7AC09B6F2FC51755AE35279705BE86D750
PE256 E8B8DC8B07177D4C6A9B823B7CBA417B73CBB444F07CA5FEA413EC84DD6DEF65

Runtime Data

Usage (stderr):

Error: not enough args!

Loaded Modules:

Path
C:\Program Files (x86)\Cisco Systems\Cisco Jabber\x64\ProcessDump.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 59C5C9F46EA82C4C743981566B64BD6C
  • Thumbprint: 475DAEE5A6CC149389EFDE176DEA526C627D203A
  • Issuer: CN=Symantec Class 3 SHA256 Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US
  • Subject: CN=Cisco Systems Inc., O=Cisco Systems Inc., L=San Jose, S=California, C=US

File Metadata

  • Original Filename:
  • Product Name:
  • Company Name:
  • File Version:
  • Product Version:
  • Language:
  • Legal Copyright:
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/f91f794e351c963971b692656f30200a3a7af54af1afd5383da74bb393ad96af/detection/

Possible Misuse

The following table contains possible examples of ProcessDump.exe being misused. While ProcessDump.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
stockpile 0bff4ee7-42a4-4bde-b09a-9d79d8b9edd7.yml namespace ProcessDump Apache-2.0
stockpile 5a39d7ed-45c9-4a79-b581-e5fb99e24f65.yml build_target: ProcessDump.donut Apache-2.0
stockpile 5a39d7ed-45c9-4a79-b581-e5fb99e24f65.yml namespace ProcessDump Apache-2.0

MIT License. Copyright (c) 2020-2021 Strontic.