rdpshell.exe
- File Path:
C:\Windows\system32\rdpshell.exe
- Description: RemoteApp Shell
Hashes
Type |
Hash |
MD5 |
CAD5E9513CBD384F1B6045EDEEFF70D2 |
SHA1 |
5DEDE888A55564A90BD1C81F824D025DEE8C5232 |
SHA256 |
176E42EF2008FDCEC0C65E85A0C5FA72B13114507C7DDDEA66CC58F4569DD756 |
SHA384 |
60659B473263A8528BE7F398D96B4943F9F40D140E2978C03DED390E5002AD7D581FF64A6A81465A7C6847DB6EA2BDA3 |
SHA512 |
759897736F3769608F5B1BABE34930EEF1FC20E845DF66C4BB3FE1242C539070B8A1AC155F9008EF9D30449C41ABCA49065359F11417D3067E91B385A96E417A |
SSDEEP |
6144:AQO4sIYcDofOaXoECHz+2rzmk5trop0OrNxOJredVbv9/IEt:AQOZnfOaNCHfzV9oprNxOEdFv9/ |
IMP |
3FCF2D585501C91AC2168DF1C77C03EA |
PESHA1 |
FA1965663C7F5E1EFCF8712D1FF541E2875A08DC |
PE256 |
7F35F73B84A5917FC9DCEA6FDDE9D1BB3AD33B306E623106F73EB3FC9C2B0D93 |
Runtime Data
Loaded Modules:
Path |
C:\Windows\System32\combase.dll |
C:\Windows\System32\KERNEL32.DLL |
C:\Windows\System32\KERNELBASE.dll |
C:\Windows\System32\msvcrt.dll |
C:\Windows\SYSTEM32\ntdll.dll |
C:\Windows\System32\OLE32.dll |
C:\Windows\system32\rdpshell.exe |
C:\Windows\System32\RPCRT4.dll |
C:\Windows\System32\ucrtbase.dll |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266
- Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: rdpshell.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/68
- VirusTotal Link: https://www.virustotal.com/gui/file/176e42ef2008fdcec0c65e85a0c5fa72b13114507c7dddea66cc58f4569dd756/detection/
File Similarity (ssdeep match)
MIT License. Copyright (c) 2020-2021 Strontic.