user.exe

  • File Path: C:\WINDOWS\SysWOW64\user.exe
  • Description: User

Hashes

Type Hash
MD5 F2B8054852D423E4C0627251EA32EBAA
SHA1 613DA9AD9BE2F25CB2F07568E72C0C8B2A8D96C5
SHA256 D0C0840941EC828BD0413F70622DE1832DC16FC40CBE948CC788D84537DED0F7
SHA384 BBE95A12C7F8D350B966136AF7F9044245E305E220377387DF8507449AAA75BB8CD10E933529F6CC6F5D1F3AABD9C216
SHA512 88019AC1EA314981161EB29A9CCE71F34DCAFA13DBE0F075B28A0D6B384A40FD085EEA1103DD6DC494C9EAFE38C2069D98AD7067921F21E09AE8BF0416D26D89
SSDEEP 24:eNGScb+wdITr8BAACAMg5a5Rb+IoTiIZW0gNNtl2Si35WWdPPYPNx:aipdIPILCA7an+IoOIZWjXtno5WwHg
PESHA1 36A44865DDB1AF92B1CD5CAB4CE10FF6267AA7D3
PE256 F9D2173E2196733D7948A5A1B2C2E2E9A523011F0662DF317020370BAF2AE95C

Runtime Data

Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\System32\wow64base.dll
C:\WINDOWS\System32\wow64con.dll
C:\WINDOWS\System32\wow64cpu.dll
C:\WINDOWS\System32\wow64win.dll
C:\WINDOWS\SysWOW64\user.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: User.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/d0c0840941ec828bd0413f70622de1832dc16fc40cbe948cc788d84537ded0f7/detection

File Similarity (ssdeep match)

File Score
C:\Windows\system32\advapi32res.dll 43
C:\Windows\system32\asferror.dll 49
C:\Windows\system32\blbres.dll 43
C:\Windows\system32\bridgeres.dll 44
C:\Windows\system32\comres.dll 43
C:\Windows\system32\DMAppsRes.dll 44
C:\Windows\system32\dmdskres.dll 49
C:\Windows\system32\dmdskres2.dll 46
C:\Windows\system32\ETWCoreUIComponentsResources.dll 38
C:\Windows\system32\icmp.dll 46
C:\Windows\system32\imageres.dll 44
C:\Windows\system32\imagesp1.dll 46
C:\Windows\system32\iologmsg.dll 41
C:\Windows\system32\lltdres.dll 46
C:\Windows\system32\MapControlStringsRes.dll 43
C:\Windows\system32\Microsoft-WindowsPhone-SEManagementProvider.dll 41
C:\Windows\system32\moricons.dll 49
C:\Windows\system32\msafd.dll 44
C:\Windows\system32\msprivs.dll 49
C:\Windows\system32\neth.dll 46
C:\Windows\system32\netmsg.dll 44
C:\Windows\system32\normaliz.dll 41
C:\Windows\system32\PhoneServiceRes.dll 47
C:\Windows\system32\PhoneutilRes.dll 43
C:\Windows\system32\qedwipes.dll 44
C:\Windows\system32\rnr20.dll 46
C:\Windows\system32\SensorsCpl.dll 40
C:\Windows\system32\SyncRes.dll 43
C:\Windows\system32\tapiui.dll 47
C:\Windows\system32\TelephonyInteractiveUserRes.dll 43
C:\Windows\system32\TpmCertResources.dll 40
C:\Windows\system32\wbem\WmiApRes.dll 43
C:\Windows\system32\WindowsPowerShell\v1.0\pwrshmsg.dll 43
C:\Windows\system32\winrsmgr.dll 44
C:\Windows\system32\wmerror.dll 40
C:\Windows\system32\wmploc.DLL 44
C:\Windows\system32\XAudio2_8.dll 43
C:\Windows\SysWOW64\advapi32res.dll 44
C:\Windows\SysWOW64\asferror.dll 47
C:\Windows\SysWOW64\comres.dll 43
C:\Windows\SysWOW64\DMAppsRes.dll 46
C:\Windows\SysWOW64\dmdskres.dll 49
C:\Windows\SysWOW64\dmdskres2.dll 44
C:\Windows\SysWOW64\ETWCoreUIComponentsResources.dll 36
C:\Windows\SysWOW64\icmp.dll 50
C:\Windows\SysWOW64\imageres.dll 44
C:\Windows\SysWOW64\imagesp1.dll 46
C:\Windows\SysWOW64\iologmsg.dll 40
C:\Windows\SysWOW64\MapControlStringsRes.dll 41
C:\Windows\SysWOW64\moricons.dll 47
C:\Windows\SysWOW64\msafd.dll 46
C:\Windows\SysWOW64\mscpx32r.dLL 47
C:\Windows\SysWOW64\msorc32r.dll 41
C:\Windows\SysWOW64\neth.dll 49
C:\Windows\SysWOW64\netmsg.dll 43
C:\Windows\SysWOW64\normaliz.dll 43
C:\Windows\SysWOW64\PhoneutilRes.dll 41
C:\Windows\SysWOW64\qedwipes.dll 43
C:\Windows\SysWOW64\rnr20.dll 46
C:\Windows\SysWOW64\SensorsCpl.dll 44
C:\Windows\SysWOW64\SyncRes.dll 43
C:\Windows\SysWOW64\tapiui.dll 46
C:\Windows\SysWOW64\TpmCertResources.dll 41
C:\windows\SysWOW64\user.exe 46
C:\WINDOWS\SysWOW64\user.exe 58
C:\Windows\SysWOW64\user.exe 49
C:\Windows\SysWOW64\user.exe 50
C:\Windows\SysWOW64\user.exe 55
C:\Windows\SysWOW64\user.exe 58
C:\Windows\SysWOW64\user.exe 47
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshmsg.dll 44
C:\Windows\SysWOW64\winrsmgr.dll 47
C:\Windows\SysWOW64\wmerror.dll 41
C:\Windows\SysWOW64\wmploc.DLL 44
C:\Windows\SysWOW64\XAudio2_8.dll 43

MIT License. Copyright (c) 2020-2021 Strontic.