dialer.exe

  • File Path: C:\WINDOWS\system32\dialer.exe
  • Description: Microsoft Windows Phone Dialer

Screenshot

dialer.exe

Hashes

Type Hash
MD5 9E2A370C34B0E7AAD52CE46A912D56D2
SHA1 ABD8E2A27BEDD89ED0B0CD2285C36F4808E691C5
SHA256 B9642B8E05CF4138B372D497250B67D4BB022D1A4B35547885B7FF98A855C3D1
SHA384 51B8BB62CA5CF1D5F95F752F7AE2A6D6A384B1347150390711ED4334872136D2B42A5CADC0838B5ED7719D72C7B17E72
SHA512 3FEEE354F8B4A4AF3AABA581A1086A4D593349262A1538E250CB50956002D59A192D0E8FC5A2F1D2A32551A03B2480F7B142C23D269FBCE738A9297B534E3691
SSDEEP 768:lbNW/49AdGnMuWfEs9HT0F6C1ajzWhMN6tDDXsNt2nMr7g56rbd:lbw/s9nMuWfE0zhiajFN6B1Chbd
IMP EA84F2A49408D51D324DE27B0D115B5E
PESHA1 C1622380F766A74CB2142F43BE56E1E4F1E893B5
PE256 740B57C70D15A7040FDAF9BE9C97D32843CA446AC5E02E7FE10FB41485BE2134

Runtime Data

Window Title:

Phone Dialer

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\dialer.exe.mui File
(R-D) C:\Windows\System32\en-US\user32.dll.mui File
(R-D) C:\Windows\SystemResources\imageres.dll.mun File
(RW-) C:\Windows\System32 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467 File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme1077709572 Section
\Windows\Theme3461253685 Section

Loaded Modules:

Path
C:\WINDOWS\System32\ADVAPI32.dll
C:\WINDOWS\system32\dialer.exe
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\System32\msvcrt.dll
C:\WINDOWS\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: DIALER.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/b9642b8e05cf4138b372d497250b67d4bb022d1a4b35547885b7ff98a855c3d1/detection

Possible Misuse

The following table contains possible examples of dialer.exe being misused. While dialer.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
LOLBAS Rasautou.yml Description: Windows Remote Access Dialer  

MIT License. Copyright (c) 2020-2021 Strontic.