Volumeid.exe

  • File Path: C:\SysinternalsSuite\Volumeid.exe
  • Description: Set disk volume id

Hashes

Type Hash
MD5 4D867033B27C8A603DE4885B449C4923
SHA1 F1ACE1A241BAB6EFB3C7059A68B6E9BBE258DA83
SHA256 22A2484D7FA799E6E71E310141614884F3BC8DAD8AC749B6F1C475B5398A72F3
SHA384 FFD6EC5AD4E45B4EEB7A27E9FA0634ED70A5019989BF697040265BCA9BA77A505DDF5029DB5A0EED09EE9B9DAE372887
SHA512 B5D6D4A58D8780A43E69964F80525905224FA020C0032E637CD25557097E331F63D156CCEAAACFE1A692CA8CEA8D8BD1B219468B6B8E4827C90FEBE1535A5702
SSDEEP 3072:OgfbRmDIHA98kK2WndTslNac+dA6YdqhsXCNZpp4GIoHZUFozD3zgJwDmr9u76v9:OSCgkKdcg9vCoaoMpcto
IMP 196B8047C609CCADCE7FD294C9A3E6A2
PESHA1 0B5924995412F4C9D5039A1B010C8829CD1CF010
PE256 31E84624B95C81155DA7F11AAB8F86BCB4C80E61439D613448D823FCF3C12644

Runtime Data

Usage (stdout):


VolumeId v2.1 - Set disk volume id
Copyright (C) 1997-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: volumeid [drive:] [Id]
 -nobanner      Do not display the startup banner and copyright message.

Id must be in the following hexadecimal format: xxxx-xxxx

Note: new NTFS volume ids will not appear in directory listings until after the
next reboot.

Loaded Modules:

Path
C:\SysinternalsSuite\Volumeid.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 330000010A2C79AED7797BA6AC00010000010A
  • Thumbprint: 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: volumeid.exe
  • Product Name: Sysinternals VolumeId
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 2.1
  • Product Version: 2.1
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 1997-2016 Mark Russinovich
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/22a2484d7fa799e6e71e310141614884f3bc8dad8ac749b6f1c475b5398a72f3/detection/

Possible Misuse

The following table contains possible examples of Volumeid.exe being misused. While Volumeid.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\Volumeid.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.