resmon.exe

  • File Path: C:\windows\system32\resmon.exe
  • Description: Resource Monitor

Hashes

Type Hash
MD5 6C6E586C858BFE1DE453921F67AA9206
SHA1 C7744E905331FE56C7619A2423311E16D5F8B976
SHA256 378FCDD22908B063FC8696BCFA25B5544A19C9CCB3B878BC968C690E1F75342E
SHA384 78001F37DD7C6A00E4AEE1CDE4C69E2B661354765152B6CBFC17E8ED7B371706643BEEEC702CE8881B222BDD4F117DC7
SHA512 E865604F44EEB7F44F6A710F99010DD276A34E1AA561092AF2E9EF72793732A0DF62346A6B13152BA99026685F7B83B7751B5099A91BF11586E576AE9AB52958
SSDEEP 1536:sYoZ4NBqY3KtrtizIo9plJSs9kYuZJnGZLzOcE6Ls7HXG84PK05Z34g/CO+sH:yZ4NghtYIo9piswTogiqQKy349

Signature

  • Status: The file C:\windows\system32\resmon.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: resmon.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.17415 (winblue_r4.141028-1500)
  • Product Version: 6.3.9600.17415
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\perfmon.exe 69
C:\WINDOWS\system32\perfmon.exe 71
C:\WINDOWS\system32\perfmon.exe 46
C:\windows\system32\perfmon.exe 79
C:\Windows\system32\perfmon.exe 65
C:\Windows\system32\perfmon.exe 68
C:\WINDOWS\system32\resmon.exe 93
C:\Windows\system32\resmon.exe 91
C:\Windows\system32\resmon.exe 91
C:\Windows\system32\resmon.exe 91
C:\WINDOWS\system32\resmon.exe 94
C:\WINDOWS\SysWOW64\perfmon.exe 72
C:\WINDOWS\SysWOW64\perfmon.exe 69
C:\Windows\SysWOW64\perfmon.exe 74
C:\windows\SysWOW64\perfmon.exe 66
C:\Windows\SysWOW64\perfmon.exe 69
C:\Windows\SysWOW64\perfmon.exe 68
C:\WINDOWS\SysWOW64\resmon.exe 93
C:\windows\SysWOW64\resmon.exe 93
C:\Windows\SysWOW64\resmon.exe 94
C:\Windows\SysWOW64\resmon.exe 93
C:\WINDOWS\SysWOW64\resmon.exe 93
C:\Windows\SysWOW64\resmon.exe 94

Possible Misuse

The following table contains possible examples of resmon.exe being misused. While resmon.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_taskmgr_parent.yml - '\resmon.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.