LoadOrd.exe

  • File Path: C:\SysinternalsSuite\LoadOrd.exe
  • Description: Startup order viewer

Screenshot

LoadOrd.exe

Hashes

Type Hash
MD5 B68843BA92EC1FE57DC259337CDDDBD1
SHA1 06AD9B3B5FB3C1731F405DA9542CDC8906CEA71A
SHA256 AF170DC6241BD5C11F9BCF79CABDCB3C7691F3DA4F989E991B144818DDAD91EA
SHA384 59F8F54660BDB231704602CCD09A334A46BCB506073E0E8AF04186A691598625B2E775965783C523CBDB55D905AA1C54
SHA512 E630E9647B4BEFCCFA0E1D2B42BB134344BD1FE024B8931327DC346FE5BCD29DE652742E90C0ECEF05AC4B066856F22C9204D6F8417339537CE424A2F25D4C8F
SSDEEP 1536:THyqOHf2lF9gK7xsX7BzTjo+Txz9PZrHTN54H6STYSs+RYpcFYqIsWjcdaF1GJfW:TDO5LxoC9PZUFfYS3azGJfOqNEZT
IMP B900DC5AB09E702140C5C289F35FB91F
PESHA1 3737ABC6FF736D385A150ACB5F819E63C49CA714
PE256 240B9B85A9B7144D4E577AD290DC731B19DD399688855662277BCE4D9E2D3EAA

Runtime Data

Window Title:

LoadOrder

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_89e6152f0b32762e File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 File
(RW-) C:\xCyclopedia File
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\Windows\Theme2036293991 Section
\Windows\Theme1324212991 Section

Loaded Modules:

Path
C:\SysinternalsSuite\LoadOrd.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 330000010A2C79AED7797BA6AC00010000010A
  • Thumbprint: 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Loadord
  • Product Name: Sysinternals Loadord
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 1.01
  • Product Version: 1.01
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 1998-2016 Mark Russinovich
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/af170dc6241bd5c11f9bcf79cabdcb3c7691f3da4f989e991b144818ddad91ea/detection/

Possible Misuse

The following table contains possible examples of LoadOrd.exe being misused. While LoadOrd.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\loadOrd.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.