Gridinsoft Logo

The winresume.exe (Resume From Hibernate boot application) File Analysis

Updated 2 months ago
Checked by Malaware Check
winresume.exe

Technical Analysis

File Name winresume.exe
File Type
PE32+ executable x86-64, for MS Windows
Scanner Version 1.0.210.174
Database Version 2025-03-12 23:00:44 UTC

Clean File

No threats detected by our scanner

0%
Detection Rate
1,225,800
File Size (bytes)
2025-03-12
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
06f3eefb83aa1bf89fff8a7a63bb4455
SHA1
87a9dcba8cfe4430832d656359fb5b24ab28f568
SHA256
1d47993d380790f92ce8ad370a3d10fdfad7b520ee2b458c396cc9d426da7833
SHA512
c6530592648b508fa3ac10b831b50231e620ee4993f43ef4158ba3d4fb5d680942dffef0530b9f1dfec1c317d8511be89b861d20fa541e4cc6958f806496c2cb

PE Analysis

Basic Information

Image Base 0x00400000
Entry Point 0x00401090
Compilation Time 1993-09-19 07:25:46
Checksum 0x0013362b (Actual: 0x0013362b)
OS Version 0.0
PEiD Signatures PE32+ executable x86-64, for MS Windows
PDB Path winresume.pdb
Digital Signature OK
Imports 0
Exports 0 functions
Resources 5 Resources
Sections 9 Sections

Version Information

CompanyName Microsoft Corporation
FileDescription Resume From Hibernate boot application
FileVersion 10.0.19041.5369 (WinBuild.160101.0800)
InternalName hiberrsm.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename hiberrsm.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.19041.5369
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 993,642 bytes 993,792 bytes 6.51 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ C4A30B00F3C452DEC3C8BC8FB07B699D
TRANSIT 0x000f4000 29 bytes 512 bytes 0.45 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 863D89C1D654B0E7B28D0AE4F3635E62
PAGER32C 0x000f5000 729 bytes 1,024 bytes 4.54 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ CAA30BE9A6C13C1E635C0E462BAFB802
PAGE 0x000f6000 27,932 bytes 28,160 bytes 6.28 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ EFBA71C9CDC0D13B062608041AE9BBF1
.rdata 0x000fd000 126,198 bytes 126,464 bytes 5.31 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E894ECA25A38FEADF1C39FDD383F5355
.data 0x0011c000 237,432 bytes 2,560 bytes 4.18 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 31C100A4E255682532DED51EB457FBAF
.pdata 0x00156000 37,344 bytes 37,376 bytes 6.03 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A7859CBCD06C252BBE616B8668129B6D
.rsrc 0x00160000 11,088 bytes 11,264 bytes 3.61 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E53FC2D12826BDA575772212EBCDF58E
.reloc 0x00163000 2,984 bytes 3,072 bytes 5.40 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 1BDC1F7AC7820F534C70A53AA2B167E8
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 5 (10,636 bytes)
Resource Type Count Total Size Percentage
MUI 1 216 bytes
2%
RT_RCDATA 1 4 bytes
0%
RT_MESSAGETABLE 1 284 bytes
2.7%
RT_VERSION 1 964 bytes
9.1%
RT_HTML 1 9,168 bytes
86.2%

Certificate Chain Analysis

Certificate Information
Product Microsoft® Windows® Operating System
Description Resume From Hibernate boot application
File Version 10.0.19041.5369 (WinBuild.160101.0800)
Original Name hiberrsm.exe
Signing Date 04:42 AM 01/04/2025 (154 days ago)
Verification Status Signed
Signers Microsoft Windows; Microsoft Windows Production PCA 2011; Microsoft Root Certificate Authority 2010
Counter Signers Microsoft Time-Stamp Service; Microsoft Time-Stamp PCA 2010; Microsoft Root Certificate Authority 2010
Internal Name hiberrsm.exe
Copyright © Microsoft Corporation. All rights reserved.
Certificate Chain Summary
Microsoft Windows #1 Primary
Validity Period: 2024-09-12 20:04:07 → 2025-09-11 20:04:07
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 04 A8 82 E6 B8 AC 1C 5D 5F F0 00 00 00 00 04 A8
Microsoft Windows Production PCA 2011 #2 Chain
Validity Period: 2011-10-19 18:41:42 → 2026-10-19 18:51:42
Signature Algorithm: sha256RSA
Serial Number: 61 07 76 56 00 00 00 00 00 08
Microsoft Time-Stamp Service #3 Chain
Validity Period: 2023-12-06 18:45:41 → 2025-03-05 18:45:41
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 01 ED E1 5F CB D5 F7 A5 5D 73 00 01 00 00 01 ED
Microsoft Time-Stamp PCA 2010 #4 Chain
Validity Period: 2021-09-30 18:22:25 → 2030-09-30 18:32:25
Signature Algorithm: sha256RSA
Serial Number: 33 00 00 00 15 C5 E7 6B 9E 02 9B 49 99 00 00 00 00 00 15

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware