If digiloader1.exe consistently uses 25-50% CPU without any Digi hardware connected, it may be a stuck process or malware.
Solutions:
| Characteristic | Legitimate | Malicious |
|----------------|------------|------------|
| Digital Signature | Valid from Digi International | Missing or invalid |
| File Location | Program Files\Digi | AppData\Roaming, Temp, Windows |
| Process Parent | Digi software (e.g., DigiConfig.exe) | Spawned by cmd.exe, powershell.exe, or script |
| Behavior | Runs < 1 minute, then exits | Runs persistently, high CPU, network connections |
| Network activity | Local UDP broadcasts only | Connections to unknown IPs (e.g., port 4444, 1337) | digiloader1.exe
4.1. File metadata
4.2. Strings and resources
4.3. Imports and libraries
4.4. YARA/sig matching
A: Legitimate versions do not typically autorun. If it starts automatically, check Startup folder (shell:startup) or Task Scheduler. This often indicates malware or a poorly coded tool that installed itself as a service.