dialer.exe
- File Path:
C:\WINDOWS\SysWOW64\dialer.exe - Description: Microsoft Windows Phone Dialer
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | F473F64BF440EB1021192CF68A4085D1 |
| SHA1 | 8CE7DD291DD2FCC04DE5161D8A33305623374E3F |
| SHA256 | 8C9289E2183CA2DD594363BFCD79BCA3A44E878AE7A158FEDB82D3B2DF3EA147 |
| SHA384 | E1A86A640F15D31A8258976A050E4F60C29FF80B9D86755CF155D4EAE73F69208699691801460BBE98139944371E63FC |
| SHA512 | 8FD7355468E55DEFA0C166572E594EAD58854A498E4272CB5AB4EFEE0B35914130AA325FE3AF95C4C5C8AD4810A2F6C5095F121F08DD16D5B37F4D8C574E2C47 |
| SSDEEP | 768:jlVb6ks78neEbvq1UH5XOv5+B/BLcFFpbdm:788neEbvgm5+v50abdm |
| IMP | 76E0D8D65462216E7B0903BC27D606D1 |
| PESHA1 | 4BD489C34D83356154EE39C1AADDD1B9E268AEFB |
| PE256 | D6A037638D2F29A123108852FD7D4C9606F820352307D31EA57F1A40DD3395A3 |
Runtime Data
Window Title:
Phone Dialer
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (R-D) C:\Windows\SystemResources\imageres.dll.mun | File |
| (R-D) C:\Windows\SysWOW64\en-US\dialer.exe.mui | File |
| (R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui | File |
| (RW-) C:\Windows | File |
| (RW-) C:\Windows\SysWOW64 | File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_e541a94fcce8ed6d | File |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro | Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\2\Windows\Theme1077709572 | Section |
| \Windows\Theme3461253685 | Section |
Loaded Modules:
| Path |
|---|
| C:\WINDOWS\SYSTEM32\ntdll.dll |
| C:\WINDOWS\System32\wow64.dll |
| C:\WINDOWS\System32\wow64base.dll |
| C:\WINDOWS\System32\wow64con.dll |
| C:\WINDOWS\System32\wow64cpu.dll |
| C:\WINDOWS\System32\wow64win.dll |
| C:\WINDOWS\SysWOW64\dialer.exe |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED - Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: DIALER.EXE.MUI
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.1 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/72
- VirusTotal Link: https://www.virustotal.com/gui/file/8c9289e2183ca2dd594363bfcd79bca3a44e878ae7a158fedb82d3b2df3ea147/detection
Possible Misuse
The following table contains possible examples of dialer.exe being misused. While dialer.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| LOLBAS | Rasautou.yml | Description: Windows Remote Access Dialer |
MIT License. Copyright (c) 2020-2021 Strontic.