rdpclip.exe

• File Path: C:\Windows\system32\rdpclip.exe
• Description: RDP Clipboard Monitor

Hashes

Type	Hash
MD5	9E089ECF8B86983B7A77E3844CD02BB5
SHA1	0265C1718EC95B025D9719F3B4872826F8F4661F
SHA256	AF5CAE4B514215E530643A7FEA2D7A47A1B15F6E5610347B217D1ABFA4AE0F92
SHA384	E6D9E48E90A602FE3A19EDF4B56036CA427D727901C9ED6B4E1D6A0691F8F515BAE1287C5FD1C061D97E3212BB876313
SHA512	E7EE8D7D56D19BDD5103A58D5DE00BEAD5960BCD46703D5D5FC7F371DB1FD1C0F29F80B67DF2658EF508F80C41947C9CCB1258A7E252908E784AE519F4E71657
SSDEEP	12288:57MvYJAP0qgCcvijGlkEaaO1arUG94Ft+VN81h8bk969xh0yl:BMvYJw9ncvijGlkEaagarUGakN81hwDe
IMP	E3F33CEBF67721DAC951AFBD20321206
PESHA1	3EAC0DA1DDE4EB05E3CF74EEDBD36D03D7CF5508
PE256	3EE747892157E03603B0909E0BE34986CDFF8298B50F4CCAAE0DFB5709AE1997

Signature

• Status: Signature verified.
• Serial: 3300000266BD1580EFA75CD6D3000000000266
• Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: rdpclip.exe.mui
• Product Name: Microsoft Windows Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.17763.1 (WinBuild.160101.0800)
• Product Version: 10.0.17763.1
• Language: English (United States)
• Legal Copyright: Microsoft Corporation. All rights reserved.
• Machine Type: 64-bit

File Scan

• VirusTotal Detections: 0/67
• VirusTotal Link: https://www.virustotal.com/gui/file/af5cae4b514215e530643a7fea2d7a47a1b15f6e5610347b217d1abfa4ae0f92/detection/

Possible Misuse

The following table contains possible examples of rdpclip.exe being misused. While rdpclip.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	proc_creation_win_termserv_proc_spawn.yml	Image\|endswith: '\rdpclip.exe'	DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.