wmplayer.exe

  • File Path: C:\Program Files\Windows Media Player\wmplayer.exe
  • Description: Windows Media Player

Hashes

Type Hash
MD5 89DCD2D4C0EC638AADC00D3530E07E1D
SHA1 53DB931EBA71BD6FB14A4B0F4D0E601963C09299
SHA256 C3252A14845280B1A938B4DEF08F04690EA36E4454D0BEBEECC4E31A9C30D742
SHA384 65F16F30336EAD77EFE863E0E2D0924753F37BB2DC513D2BE00EFBFFF11823DE1E1BB65B36E4436F6A85DAA1C015883A
SHA512 BAD5D21A28F69633D13A372DA4C2FA4B9586C30E4B43BEC361FAC1BE6BDED7C49FE684C65F77B60E54346C899E2CFB36FCB291AB3536335D92F3C6AC2AEDEA41
SSDEEP 3072:9IV3QSwkohYkQr0jeLwJr95rJolNAzyP+msVK0Zz:9IV32YQqLwhHrWsOP+5VT
IMP 33E3BA3C576D003915CF7E8CEC099D86
PESHA1 094B11108ECC52B38F92A7888ECE018B0D7FDB78
PE256 AB3115D75F2AC240D4E9309D9670814431B5BB5DC5F4F95BA229E8B4C6731857

Runtime Data

Child Processes:

setup_wm.exe

Loaded Modules:

Path
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\System32\win32u.dll
C:\Windows\System32\WS2_32.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002EC6579AD1E670890130000000002EC
  • Thumbprint: F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: wmplayer.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 12.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 12.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/c3252a14845280b1a938b4def08f04690ea36e4454d0bebeecc4e31a9c30d742/detection

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Windows Media Player\wmpconfig.exe 60
C:\Program Files (x86)\Windows Media Player\wmpconfig.exe 60
C:\Program Files (x86)\Windows Media Player\wmpconfig.exe 63
C:\Program Files (x86)\Windows Media Player\wmplayer.exe 85
C:\Program Files (x86)\Windows Media Player\wmplayer.exe 88
C:\Program Files (x86)\Windows Media Player\wmplayer.exe 85
C:\Program Files (x86)\Windows Media Player\wmpshare.exe 63
C:\Program Files (x86)\Windows Media Player\wmpshare.exe 66
C:\Program Files (x86)\Windows Media Player\wmpshare.exe 60
C:\Program Files\Windows Media Player\wmpconfig.exe 60
C:\Program Files\Windows Media Player\wmpconfig.exe 60
C:\Program Files\Windows Media Player\wmpconfig.exe 60
C:\Program Files\Windows Media Player\wmplayer.exe 83
C:\Program Files\Windows Media Player\wmplayer.exe 94
C:\Program Files\Windows Media Player\wmpshare.exe 61
C:\Program Files\Windows Media Player\wmpshare.exe 63
C:\Program Files\Windows Media Player\wmpshare.exe 58

Possible Misuse

The following table contains possible examples of wmplayer.exe being misused. While wmplayer.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_apt_winnti_mal_hk_jan20.yml Image\|endswith: '\wmplayer.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.