dialer.exe
- File Path:
C:\Windows\system32\dialer.exe - Description: Microsoft Windows Phone Dialer
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | B2626BDCF079C6516FC016AC5646DF93 |
| SHA1 | 838268205BD97D62A31094D53643C356EA7848A6 |
| SHA256 | E3AC5E6196F3A98C1946D85C653866C318BB2A86DD865DEFFA7B52F665D699BB |
| SHA384 | 6F7C42535766887AFB1990722700D6A110E77F69ACFAC9D345691BB722EA0B55B0C25139BF368DFE3025A3ADAA14974E |
| SHA512 | 615CFE1F91B895513C687906BF3439CA352AFCADD3B73F950AF0A3B5FB1B358168A7A25A6796407B212FDE5F803DD880BCDC350D8BAC7E7594090D37CE259971 |
| SSDEEP | 768:4KWEPeDS5mp3dg9fNBqOKfFz5VJp49Kbg9aQHsWo0meKRCd:335G3dg5NkOwLpOAbQHrmXCd |
| IMP | EA84F2A49408D51D324DE27B0D115B5E |
| PESHA1 | 8B7203D9098FC6ACB648E4BA74AFE29C812FC96A |
| PE256 | 5D31DCC36B5B9B2D66ACD7F3A40800255EC1A169487C372E23DC2E380323F3FD |
Runtime Data
Window Title:
Phone Dialer
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (R-D) C:\Windows\System32\en-US\dialer.exe.mui | File |
| (R-D) C:\Windows\System32\en-US\user32.dll.mui | File |
| (R-D) C:\Windows\SystemResources\imageres.dll.mun | File |
| (RW-) C:\Users\user | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21 | File |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\1\Windows\Theme1175649999 | Section |
| \Windows\Theme601709542 | Section |
Loaded Modules:
| Path |
|---|
| C:\Windows\System32\ADVAPI32.dll |
| C:\Windows\system32\dialer.exe |
| C:\Windows\System32\GDI32.dll |
| C:\Windows\System32\gdi32full.dll |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\sechost.dll |
| C:\Windows\System32\SHELL32.dll |
| C:\Windows\System32\ucrtbase.dll |
| C:\Windows\System32\USER32.dll |
| C:\Windows\System32\win32u.dll |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266 - Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: DIALER.EXE.MUI
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/75
- VirusTotal Link: https://www.virustotal.com/gui/file/e3ac5e6196f3a98c1946d85c653866c318bb2a86dd865deffa7b52f665d699bb/detection
Possible Misuse
The following table contains possible examples of dialer.exe being misused. While dialer.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| LOLBAS | Rasautou.yml | Description: Windows Remote Access Dialer |
MIT License. Copyright (c) 2020-2021 Strontic.