rdrleakdiag.exe
- File Path:
C:\Windows\system32\rdrleakdiag.exe - Description: Microsoft Windows Resource Leak Diagnostic
Hashes
| Type | Hash |
|---|---|
| MD5 | 964A196D0F005A3F54F39B3E61D91770 |
| SHA1 | 0ED1D6EC09943BC33CD4AEAA56BAF822989412CA |
| SHA256 | 541A5E886E9D9767E66E8925D9C93C67AE5A01637A1826A6E34FB23CC6587387 |
| SHA384 | C020BF2EB7F6BCA640D4C34B7182CA8C9F98A782A9047689A2F6B68D1C155707D9AEBFA297A90B2B5A58EF022F229663 |
| SHA512 | 7A456759FE49A743FF5ABD389654160C9C718F468012BD096DE20CE92B153643467F3306505044F87F819E2146AB6445072B238649AAC4AF9052113D552399E9 |
| SSDEEP | 768:4TJ1oCGHKPqnUO9/cr50wp/Ub8qQH/2I36oNco2N/pIz:EYKPCrcCowQfr6oN2p |
| IMP | BAE40B14C0B85003690796B449FFD0E2 |
| PESHA1 | 5694B8C1FB5C903D406AE98E304E2A1FB5DBE1EA |
| PE256 | 2D5189991F2C9055970C9B41A16A2D0C184B09FAE0E335D5272BAB05051EA920 |
Signature
- Status: Signature verified.
- Serial:
33000001C422B2F79B793DACB20000000001C4 - Thumbprint:
AE9C1AE54763822EEC42474983D8B635116C8452 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: RdrLeakDiag.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.17763.1 (WinBuild.160101.0800)
- Product Version: 10.0.17763.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/68
- VirusTotal Link: https://www.virustotal.com/gui/file/541a5e886e9d9767e66e8925d9c93c67ae5a01637a1826a6e34fb23cc6587387/detection/
Possible Misuse
The following table contains possible examples of rdrleakdiag.exe being misused. While rdrleakdiag.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | proc_creation_win_process_dump_rdrleakdiag.yml | title: Process Dump via RdrLeakDiag.exe |
DRL 1.0 |
| sigma | proc_creation_win_process_dump_rdrleakdiag.yml | description: Detects a process memory dump performed by RdrLeakDiag.exe |
DRL 1.0 |
| sigma | proc_creation_win_process_dump_rdrleakdiag.yml | OriginalFileName: RdrLeakDiag.exe |
DRL 1.0 |
| sigma | proc_creation_win_proc_dump_rdrleakdiag.yml | title: RdrLeakDiag Process Dump |
DRL 1.0 |
| sigma | proc_creation_win_proc_dump_rdrleakdiag.yml | description: Detects uses of the rdrleakdiag.exe LOLOBIN utility to dump process memory |
DRL 1.0 |
| sigma | proc_creation_win_proc_dump_rdrleakdiag.yml | Image\|endswith: '\rdrleakdiag.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.