rdrleakdiag.exe

  • File Path: C:\WINDOWS\SysWOW64\rdrleakdiag.exe
  • Description: Microsoft Windows Resource Leak Diagnostic

Hashes

Type Hash
MD5 E2085A5CDC42A0F04BE67A4C00BAE7E8
SHA1 BD6280C660EA076D90D109F7EA895192B845F305
SHA256 8C73FC8EF3A3920033DBD98471659761B401697CD3F1BE743BE650E480876B25
SHA384 0F9D2191B0C190D9909AD2CFD764A2BC6A710DAE152CD3E4082C16C1AD5139A84B0696EC23F366213AF381876A07C0C4
SHA512 08DB2475462FEDF647C71D1B82B2F0A71C1880CF7902715680BB64118FA3924B50CB553CA05846160F7B8A5A341D33224DF5B29545726C005EC4ADAF468829BD
SSDEEP 768:tUdeWNzYB1Le+oRybz2liM/pIR6/Nco2Nd7qzNzP:rOYBEAAiKa6/NI7AP

Signature

  • Status: Signature verified.
  • Serial: 330000023241FB59996DCC4DFF000000000232
  • Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: RdrLeakDiag.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\SysWOW64\rdrleakdiag.exe 40

Possible Misuse

The following table contains possible examples of rdrleakdiag.exe being misused. While rdrleakdiag.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_process_dump_rdrleakdiag.yml title: Process Dump via RdrLeakDiag.exe DRL 1.0
sigma proc_creation_win_process_dump_rdrleakdiag.yml description: Detects a process memory dump performed by RdrLeakDiag.exe DRL 1.0
sigma proc_creation_win_process_dump_rdrleakdiag.yml OriginalFileName: RdrLeakDiag.exe DRL 1.0
sigma proc_creation_win_proc_dump_rdrleakdiag.yml title: RdrLeakDiag Process Dump DRL 1.0
sigma proc_creation_win_proc_dump_rdrleakdiag.yml description: Detects uses of the rdrleakdiag.exe LOLOBIN utility to dump process memory DRL 1.0
sigma proc_creation_win_proc_dump_rdrleakdiag.yml Image\|endswith: '\rdrleakdiag.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.