resmon.exe

  • File Path: C:\windows\SysWOW64\resmon.exe
  • Description: Resource Monitor

Hashes

Type Hash
MD5 0FB8985E4D0F7D37BC366CFD93B73A52
SHA1 03BA772294D4BF39EB39352DAA2818F28C907B5A
SHA256 3368F84C5C1E52D416AE74615088B6AF101ADF2167B1FB009125BDCD4CA15BF0
SHA384 2F32857147144FD498592B29D56CAB0BE54892431637FDB5744E18C4FE62CFC89C50A16CE74CCE870F80BED1A2121E3A
SHA512 91358DCFD63E2F8FCED842C94606A5D1C309EBD112A9C4CEE2F697DAA0083F1033035323269AE6BD9A64A09D975B837BE96EDCE37E8C2A874C6669176E0EEE67
SSDEEP 1536:ND6xTNBqY3KtrtizIo9plJSs9kYuZJnGZLzOcE6Ls7HXG84PK05Z34g/CO+sH:qTNghtYIo9piswTogiqQKy349

Signature

  • Status: The file C:\windows\SysWOW64\resmon.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: resmon.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.17415 (winblue_r4.141028-1500)
  • Product Version: 6.3.9600.17415
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\perfmon.exe 72
C:\WINDOWS\system32\perfmon.exe 66
C:\WINDOWS\system32\perfmon.exe 46
C:\windows\system32\perfmon.exe 75
C:\Windows\system32\perfmon.exe 68
C:\Windows\system32\perfmon.exe 72
C:\WINDOWS\system32\resmon.exe 94
C:\windows\system32\resmon.exe 93
C:\Windows\system32\resmon.exe 90
C:\Windows\system32\resmon.exe 93
C:\Windows\system32\resmon.exe 93
C:\WINDOWS\system32\resmon.exe 93
C:\WINDOWS\SysWOW64\perfmon.exe 74
C:\WINDOWS\SysWOW64\perfmon.exe 68
C:\Windows\SysWOW64\perfmon.exe 72
C:\windows\SysWOW64\perfmon.exe 68
C:\Windows\SysWOW64\perfmon.exe 72
C:\Windows\SysWOW64\perfmon.exe 66
C:\WINDOWS\SysWOW64\resmon.exe 94
C:\Windows\SysWOW64\resmon.exe 93
C:\Windows\SysWOW64\resmon.exe 96
C:\WINDOWS\SysWOW64\resmon.exe 94
C:\Windows\SysWOW64\resmon.exe 94

Possible Misuse

The following table contains possible examples of resmon.exe being misused. While resmon.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_taskmgr_parent.yml - '\resmon.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.