wmplayer.exe

  • File Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
  • Description: Windows Media Player

Hashes

Type Hash
MD5 A7790328035BBFCF041A6D815F9C28DF
SHA1 7EE75C72F50D37B1C69F72F33BA1063E8278B29E
SHA256 6CEE4877B6663FC93E94ECC0489834379D2FAE6C363EB36035D863733AB7C304
SHA384 40F3069354EE025236180121E07F0346BB97586D0D77E90D377286D4EDFDA37DD2F0CDF42DF85D1F6CEBFA41A41926B6
SHA512 125D7E387A90DDE64858A9B82E237233F3262F22F47474714D3A3FAD193D1CD3BF4823E239B967AE73979BF9492DC15B3D57ADBDDF91831E5B6AA6B18906AA09
SSDEEP 3072:l91ZohYkQr0jeLwJr95rJolNAzyP+msVK0Zz:oYQqLwhHrWsOP+5VT
IMP 4C7D471D886B447BB6DF2D2962D0414C
PESHA1 0C53437A9E9AB0504D433D0ECE87F7E82781DA96
PE256 101D1AD2E3D6203C90D64CCF3EF0580AFA6AB578D1B6E89AAD196D56CA790798

Runtime Data

Child Processes:

setup_wm.exe

Loaded Modules:

Path
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002EC6579AD1E670890130000000002EC
  • Thumbprint: F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: wmplayer.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 12.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 12.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/6cee4877b6663fc93e94ecc0489834379d2fae6c363eb36035d863733ab7c304/detection

File Similarity (ssdeep match)

File Score
C:\Program Files (x86)\Windows Media Player\wmpconfig.exe 63
C:\Program Files (x86)\Windows Media Player\wmpconfig.exe 63
C:\Program Files (x86)\Windows Media Player\wmpconfig.exe 63
C:\Program Files (x86)\Windows Media Player\wmplayer.exe 96
C:\Program Files (x86)\Windows Media Player\wmplayer.exe 96
C:\Program Files (x86)\Windows Media Player\wmpshare.exe 66
C:\Program Files (x86)\Windows Media Player\wmpshare.exe 65
C:\Program Files (x86)\Windows Media Player\wmpshare.exe 65
C:\Program Files\Windows Media Player\wmpconfig.exe 63
C:\Program Files\Windows Media Player\wmpconfig.exe 63
C:\Program Files\Windows Media Player\wmpconfig.exe 63
C:\Program Files\Windows Media Player\wmplayer.exe 93
C:\Program Files\Windows Media Player\wmplayer.exe 88
C:\Program Files\Windows Media Player\wmplayer.exe 85
C:\Program Files\Windows Media Player\wmpshare.exe 63
C:\Program Files\Windows Media Player\wmpshare.exe 68
C:\Program Files\Windows Media Player\wmpshare.exe 63

Possible Misuse

The following table contains possible examples of wmplayer.exe being misused. While wmplayer.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_apt_winnti_mal_hk_jan20.yml Image\|endswith: '\wmplayer.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.