SQLDumper.exe
- File Path:
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
- Description: SQL External minidumper
- Comments: SQL
Hashes
Type |
Hash |
MD5 |
C067C31A60F4B3A73938FEB64ABFB5C1 |
SHA1 |
8B9272C6E98F6C475D8A34C1DD30CEF89DE5080D |
SHA256 |
AFD1B4A9869265D070D2575FFF244BAB18CF7A72153D932D5330F74ED7D3F2C7 |
SHA384 |
8EDAA6C38AE1DC19C0411F777A0C2E1E5677E86ADA0FB4A5A25AF73A289335A3634FFFA4C76F09D7F646E2E2E904EB86 |
SHA512 |
317A0DE4E2DCCF10D5A7CE75C4949B17A29CC3DAEC3F0D4F7675C7F8EE9803227BBFCF4AD39946A82BECA4FF3D6ADC2AC376F720920C33C3E8590C8BA777B656 |
SSDEEP |
3072:Ka/6LKiS4sgk4h2qYr/j4+yrSlEYmyom9fioF:36LKgsYh2q+/j4VsE |
IMP |
759486AB43CB52DF3577D6A2B8B7CECA |
PESHA1 |
6CA351E3F31A7A8AEA66FC29EAE3029255A0E1FA |
PE256 |
2809D5A54DF91EA70D96A86922BF5452CE50662344819B9D81F6B65DB5459C86 |
Runtime Data
Child Processes:
conhost.exe
Open Handles:
Path |
Type |
(RW-) C:\Users\user\Documents |
File |
(RW-) C:\Windows |
File |
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
Loaded Modules:
Path |
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe |
C:\Windows\SYSTEM32\ntdll.dll |
C:\Windows\System32\wow64.dll |
C:\Windows\System32\wow64cpu.dll |
C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
33000001B1DDEDBA54E965B85F0001000001B1
- Thumbprint:
9DC17888B5CFAD98B3CB35C1994E96227F061675
- Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: SqlDumper.exe
- Product Name: Microsoft SQL Server
- Company Name: Microsoft Corporation
- File Version: 2019.0150.1500.158 ((BI_Main).190506-1918)
- Product Version: 15.0.1500.158
- Language: English (United States)
- Legal Copyright: Microsoft. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/72
- VirusTotal Link: https://www.virustotal.com/gui/file/afd1b4a9869265d070d2575fff244bab18cf7a72153d932d5330f74ed7d3f2c7/detection/
Possible Misuse
The following table contains possible examples of SQLDumper.exe
being misused. While SQLDumper.exe
is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
Source |
Source File |
Example |
License |
LOLBAS |
Sqldumper.yml |
Name: Sqldumper.exe |
|
LOLBAS |
Sqldumper.yml |
- Command: sqldumper.exe 464 0 0x0110 |
|
LOLBAS |
Sqldumper.yml |
- Command: sqldumper.exe 540 0 0x01100:40 |
|
LOLBAS |
Sqldumper.yml |
- Path: C:\Program Files\Microsoft SQL Server\90\Shared\SQLDumper.exe |
|
LOLBAS |
Sqldumper.yml |
- Path: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis\AS OLEDB\140\SQLDumper.exe |
|
LOLBAS |
Sqldumper.yml |
- Link: https://support.microsoft.com/en-us/help/917825/how-to-use-the-sqldumper-exe-utility-to-generate-a-dump-file-in-sql-se |
|
MIT License. Copyright (c) 2020-2021 Strontic.