rdpshell.exe

File Path: C:\Windows\system32\rdpshell.exe
Description: RemoteApp Shell

Hashes

Type	Hash
MD5	`CAD5E9513CBD384F1B6045EDEEFF70D2`
SHA1	`5DEDE888A55564A90BD1C81F824D025DEE8C5232`
SHA256	`176E42EF2008FDCEC0C65E85A0C5FA72B13114507C7DDDEA66CC58F4569DD756`
SHA384	`60659B473263A8528BE7F398D96B4943F9F40D140E2978C03DED390E5002AD7D581FF64A6A81465A7C6847DB6EA2BDA3`
SHA512	`759897736F3769608F5B1BABE34930EEF1FC20E845DF66C4BB3FE1242C539070B8A1AC155F9008EF9D30449C41ABCA49065359F11417D3067E91B385A96E417A`
SSDEEP	`6144:AQO4sIYcDofOaXoECHz+2rzmk5trop0OrNxOJredVbv9/IEt:AQOZnfOaNCHfzV9oprNxOEdFv9/`
IMP	`3FCF2D585501C91AC2168DF1C77C03EA`
PESHA1	`FA1965663C7F5E1EFCF8712D1FF541E2875A08DC`
PE256	`7F35F73B84A5917FC9DCEA6FDDE9D1BB3AD33B306E623106F73EB3FC9C2B0D93`

Runtime Data

Loaded Modules:

Path
C:\Windows\System32\combase.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\OLE32.dll
C:\Windows\system32\rdpshell.exe
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\ucrtbase.dll

Signature

Status: Signature verified.
Serial: 3300000266BD1580EFA75CD6D3000000000266
Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename: rdpshell.exe.mui
Product Name: Microsoft Windows Operating System
Company Name: Microsoft Corporation
File Version: 10.0.19041.1 (WinBuild.160101.0800)
Product Version: 10.0.19041.1
Language: English (United States)
Legal Copyright: Microsoft Corporation. All rights reserved.
Machine Type: 64-bit

File Scan

VirusTotal Detections: 0/68
VirusTotal Link: https://www.virustotal.com/gui/file/176e42ef2008fdcec0c65e85a0c5fa72b13114507c7dddea66cc58f4569dd756/detection/

File Similarity (ssdeep match)

File	Score
C:\Windows\system32\rdpshell.exe	80
C:\Windows\system32\rdpshell.exe	99

MIT License. Copyright (c) 2020-2021 Strontic.