Contig64.exe

  • File Path: C:\SysinternalsSuite\Contig64.exe
  • Description: Contig

Hashes

Type Hash
MD5 19E5ECAEEFCD4112BF95B3FF9355D724
SHA1 7CC50334D3A24C766D7B7DE6EC27C2B3C8A25F33
SHA256 339A65F0A372EDABBB2BFBD21C62C6E37A669B3A453E475B4A40B1164176AF98
SHA384 E9E5990B4ABE18EC7209C03D2765FF305ED8FE24AB0F51DD3BFAFE0EF9BBC0108B17740CAC9E192E611653D2E630D6C2
SHA512 66DFFEE732481CDC3F2937517D241B653FBD00E1ACEE07421351693B57763CB6025F875EB66C23AB3F7F42E2F8A9E369882960E1C545F0B7A1929669CED596DD
SSDEEP 6144:pqA8uboBCLpxigfW8fnWT6gAj+sfEGRRDi:pXcBMigf3fnO
IMP F5EBF56C9CE849BC5A8FEBE8DD40CD85
PESHA1 88E9331193910BF27237E313001A1F6BF08D70AB
PE256 5BA1E66D1594C1C5ABE054A0ED490BB1DCD370968A8BEBAE4694AE4E8792426D

Runtime Data

Usage (stdout):


Contig v1.8 - Contig
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals

Contig is a utility that defragments a specified file or files.
Use it to optimize execution of your frequently used files.

Usage:
    C:\SysinternalsSuite\Contig64.exe [-a] [-s] [-q] [-v] <existing file>
or  C:\SysinternalsSuite\Contig64.exe -f [-v] [drive:]
or  C:\SysinternalsSuite\Contig64.exe [-v] [-l] -n <new file> <new file length>

  -a   Analyze fragmentation
  -f   Analyze free space fragmentation
  -l   Set valid data length for quick file creation
       (requires administrator rights)
  -n   Create a new file
  -q   Quiet mode
  -s   Recurse subdirectories
  -v   Verbose
  -nobanner
       Do not display the startup banner and copyright message.

Contig can also analyze and defragment the following NTFS metadata files:
     $Mft
     $LogFile
     $Volume
     $AttrDef
     $Bitmap
     $Boot
     $BadClus
     $Secure
     $UpCase
     $Extend

Loaded Modules:

Path
C:\SysinternalsSuite\Contig64.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 330000010A2C79AED7797BA6AC00010000010A
  • Thumbprint: 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Contig.exe
  • Product Name: Sysinternals Contig
  • Company Name: Sysinternals
  • File Version: 1.8
  • Product Version: 1.8
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2001-2016 Mark Russinovich
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/339a65f0a372edabbb2bfbd21c62c6e37a669b3a453e475b4a40b1164176af98/detection/

Possible Misuse

The following table contains possible examples of Contig64.exe being misused. While Contig64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\Contig64.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.