Desktops.exe

  • File Path: C:\SysinternalsSuite\Desktops.exe
  • Description: Sysinternals Desktops

Hashes

Type Hash
MD5 1B389656D41D458413FB9E09F42105F5
SHA1 C415D6904AC23599EA53B4F8EE4ACBBA8BFEB0F2
SHA256 5A4605C2BD6E363D92723BF54B0AE2C131EA9741373E66558E42220D2F79BA9C
SHA384 57B24A16DF54C03EB53055D10C574C458D1F42F26E713DB22F377410B567480AF886A5082AE6D1501BC3A825EFA869A2
SHA512 46A340986D6C1B77BA67A366EDFFF2D24419803C3F1177967CBF294AF543729D7F34E93605CDB7A3DCB2E8CC00FB29259FAF968B9F91562A5610C095C30700EA
SSDEEP 1536:GeBT/Xgp1/wARe4wf10R72GRh1DPRtkFnFK/lXpXWFE2Ys+40RjlpRZHl+:GeB7gIB4HKm/lgYs+4ylD+
IMP C8681AF63C4B3BC7041FE674EFEA6DD2
PESHA1 FF51D95F62A70831F77130A3A8D0C735FA41C3CF
PE256 2965267AD382211ED29B66A47874CCDF767F5337B978FFBA160D18EF71306786

Runtime Data

Loaded Modules:

Path
C:\SysinternalsSuite\Desktops.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 330000009D1E8D27AEB8F3D83800010000009D
  • Thumbprint: AC1FD0922A4A2A6E5779ACDD628747C28394B0B9
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Desktops
  • Product Name: Desktops
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 2.0
  • Product Version: 2.0
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2008-2012 Mark Russinovich and Bryce Cogswell
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/5a4605c2bd6e363d92723bf54b0ae2c131ea9741373e66558e42220d2f79ba9c/detection/

Possible Misuse

The following table contains possible examples of Desktops.exe being misused. While Desktops.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma av_webshell.yml - 'VBS/Uxor' # looking for 'VBS/' would also find downloaders and droppers meant for desktops DRL 1.0
sigma av_webshell.yml - 'ASP_' # looking for 'VBS_' would also find downloaders and droppers meant for desktops DRL 1.0
sigma proc_creation_win_false_sysinternalsuite.yml - '\Desktops.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.