rdrleakdiag.exe

  • File Path: C:\Windows\SysWOW64\rdrleakdiag.exe
  • Description: Microsoft Windows Resource Leak Diagnostic

Hashes

Type Hash
MD5 269B6F2C3D8253015E649F36754CB197
SHA1 86552617C17A6B9CAC8D992260E2A22034FBB7AA
SHA256 C0A93B823C51E26D4B00FEF2BA8FC7F84ABC096DB29838CF30BBE0CDEE2F90C3
SHA384 23359F935D1388745F402712F66A6DB8F733D75271D89A4E71039FB51B89F9463F65680388167429A75874BFFA1FC8B6
SHA512 E8DBCAA9EDDA99CD1CD68B18B2566774FF9C4FB5DEF6B8D9727D20FD20A881E26290E32E833FF4A55CFB1C1B0CAC631143098DE27BCC3F6545550CDCF7B6ABC1
SSDEEP 768:Gis4jzsXfLI+c7EA3jA5k4/iTNco2N8Yrv+M6:wX+7T3syUiTNhYiM6

Signature

  • Status: Signature verified.
  • Serial: 33000000BCE120FDD27CC8EE930000000000BC
  • Thumbprint: E85459B23C232DB3CB94C7A56D47678F58E8E51E
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: RdrLeakDiag.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.14393.0 (rs1_release.160715-1616)
  • Product Version: 10.0.14393.0
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of rdrleakdiag.exe being misused. While rdrleakdiag.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_process_dump_rdrleakdiag.yml title: Process Dump via RdrLeakDiag.exe DRL 1.0
sigma proc_creation_win_process_dump_rdrleakdiag.yml description: Detects a process memory dump performed by RdrLeakDiag.exe DRL 1.0
sigma proc_creation_win_process_dump_rdrleakdiag.yml OriginalFileName: RdrLeakDiag.exe DRL 1.0
sigma proc_creation_win_proc_dump_rdrleakdiag.yml title: RdrLeakDiag Process Dump DRL 1.0
sigma proc_creation_win_proc_dump_rdrleakdiag.yml description: Detects uses of the rdrleakdiag.exe LOLOBIN utility to dump process memory DRL 1.0
sigma proc_creation_win_proc_dump_rdrleakdiag.yml Image\|endswith: '\rdrleakdiag.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.