DiskView.exe

  • File Path: C:\SysinternalsSuite\DiskView.exe
  • Description: Sysinternals Diskview

Hashes

Type Hash
MD5 16CCD5F530A930D9A03E3E06A6E1EC1B
SHA1 21963AEC7EE0CB808AD25209923BE500CCD5948E
SHA256 D186DAC0A61EB1331D1371C733EC4B1925BAED55F3C17F67EFECE537496050FF
SHA384 43314E9858737AA2BCADF94038B9BFC61ADA2DBA538DB7653647839F97F1B5660E963D597AA53C1728F7F7A70457E49A
SHA512 19B030BD44961FAAB7F318616D7E61F77CABAE7A34DFC4677E87F407967E9EAA319964E29A3E861F21F570F204480C7AC6674A1BAC4E1947AEC7DB606EACE656
SSDEEP 12288:JWxhW1CGbjzjhTwfvY2CHNskW7KWsJV6YwdZ4vXy:JCCjt+vY2CmkW7KBJQYYZEy
IMP 84E4B934930A4A3DE022531392BDCE11
PESHA1 484AA25BB7A4DD045631A46D8DADFFFC4E10CB1D
PE256 FF8B9234A0BCDCB23DEB131BFDB2C0A6F1B07796BD8085D87A725A3506EC21E5

Runtime Data

Child Processes:

DiskView64.exe

Open Handles:

Path Type
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 File
(RW-) C:\xCyclopedia File
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section

Loaded Modules:

Path
C:\SysinternalsSuite\DiskView.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 6101CF3E00000000000F
  • Thumbprint: 9617094A1CFB59AE7C1F7DFDB6739E4E7C40508F
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: DiskView
  • Product Name: DiskView
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 2.40
  • Product Version: 2.40
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2010 Bryce Cogswell
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/d186dac0a61eb1331d1371c733ec4b1925baed55f3c17f67efece537496050ff/detection/

Possible Misuse

The following table contains possible examples of DiskView.exe being misused. While DiskView.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\DiskView.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.