RemotePosWorker.exe

  • File Path: C:\WINDOWS\system32\RemotePosWorker.exe
  • Description: Remote Pos Driver Worker

Hashes

Type Hash
MD5 FCD977A96CDA8F951FCC464440E257EA
SHA1 826DEFC262CD11EE9235AB442A3505B3114D47C9
SHA256 39B9CE04B3AFD6CC6F0A3DC3F5A1384995BDE9CE59FE3ED8E3CC6051C6F1E22E
SHA384 B5A79F0CFEA134C7A764F79CAF7C68228C1439B023DAE141B686586292063FE385C8E95A102DDA3B1F6E93F6E1A0486E
SHA512 7F98E6B1561F7B5390D5D0C49F721180E1C0804F9BA810753AFD5FF70D189C23992B9F936D690523247B7C5AE2719DED14CB5DB17A4C642E36FD5FB4B92EA92C
SSDEEP 192:YGpY2s1E8DSTH4G0Qnx+/2QpysWXpUBxr8m3rqidaafaR7WR7W:Y2c1pOTYvQnx+/2QdWOBamuflR7WR7W
IMP C6E4FB88ABA54E5E339120511BB8F20D
PESHA1 7FAF53622CA910CB8D83976EB09161F9409E7960
PE256 5A53C8979648F45FE0877E4586B17D0829880B9994B4BB08EB849A899803A9A8

Runtime Data

Loaded Modules:

Path
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\system32\RemotePosWorker.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: RemotePosWorker.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/39b9ce04b3afd6cc6f0a3dc3f5a1384995bde9ce59fe3ed8e3cc6051c6f1e22e/detection

MIT License. Copyright (c) 2020-2021 Strontic.