Contig.exe

  • File Path: C:\SysinternalsSuite\Contig.exe
  • Description: Contig

Hashes

Type Hash
MD5 D2E2FF6862B30338234F8DD8B7D716DD
SHA1 CCFC44ACD22BE0699D734499BD8CAA8E2D2897F7
SHA256 D2FC50B72D4A1470BEBB68B9D4926F5C70FD917075B82C2DF30652EB7D57E94D
SHA384 30DF73225247B0002076E5FE9491014E899558B8CE5A53CD139E53800DF5F1F169CE9A0DA5C76C9557214299262FFEBC
SHA512 2F66F43E039E439282E64C61352EA349AB53B04F9A8007BE0EC7BF01D231ADC4C3ADCD67CC40B01806B9B59F2D215E389167CC508CAF1D217DD9DE1DB443C8BB
SSDEEP 3072:++iVNbY7sfe/tDRsIdgx4A0Q3PPFMp1mdiBF3A8ipk8ZUFSa4R/xnKCKzZevjUxP:++6NbYwi+R/LMp1f32Mh0k7
IMP 1A8A90E9D5CFAAFBE3E8E5923B523CE6
PESHA1 600E3E52F5C7083CF98AF97E156F0442592E7BBE
PE256 33B7BF470E95219C83269AEF77747D335B73C0AFEE9F624BE91F7B9039833082

Runtime Data

Usage (stdout):


Contig v1.8 - Contig
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals

Contig is a utility that defragments a specified file or files.
Use it to optimize execution of your frequently used files.

Usage:
    C:\SysinternalsSuite\Contig.exe [-a] [-s] [-q] [-v] <existing file>
or  C:\SysinternalsSuite\Contig.exe -f [-v] [drive:]
or  C:\SysinternalsSuite\Contig.exe [-v] [-l] -n <new file> <new file length>

  -a   Analyze fragmentation
  -f   Analyze free space fragmentation
  -l   Set valid data length for quick file creation
       (requires administrator rights)
  -n   Create a new file
  -q   Quiet mode
  -s   Recurse subdirectories
  -v   Verbose
  -nobanner
       Do not display the startup banner and copyright message.

Contig can also analyze and defragment the following NTFS metadata files:
     $Mft
     $LogFile
     $Volume
     $AttrDef
     $Bitmap
     $Boot
     $BadClus
     $Secure
     $UpCase
     $Extend


Loaded Modules:

Path
C:\SysinternalsSuite\Contig.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 330000010A2C79AED7797BA6AC00010000010A
  • Thumbprint: 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Contig.exe
  • Product Name: Sysinternals Contig
  • Company Name: Sysinternals
  • File Version: 1.8
  • Product Version: 1.8
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2001-2016 Mark Russinovich
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/d2fc50b72d4a1470bebb68b9d4926f5c70fd917075b82c2df30652eb7d57e94d/detection/

Possible Misuse

The following table contains possible examples of Contig.exe being misused. While Contig.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\Contig.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.