Volumeid64.exe

  • File Path: C:\SysinternalsSuite\Volumeid64.exe
  • Description: Set disk volume id

Hashes

Type Hash
MD5 81A45F1A91448313B76D2E6D5308AA7A
SHA1 0D615343D5DE03DA03BCE52E11B233093B404083
SHA256 FB0D02EA26BB1E5DF5A07147931CAF1AE3D7D1D9B4D83F168B678E7F3A1C0ECD
SHA384 69C21BAD61010E5CAC9007B588B409BF1BD863E298BEF82C7F1EE564263B8C4BE29297CBD4C776D3B9296561F9909156
SHA512 675662F84DFCBF33311F5830DB70BFF50B6E8A34A4A926DE6369C446EA2B1CF8A63E9C94E5A5C2E1D226248F0361A1698448F82118AC4DE5A92B64D8FDF8815D
SSDEEP 3072:PngbfXWm18pX82lOl7NuT7DLM5Weo5UFs5QM8JwDmtFk1glurXEa:/gbfXWVoRNuT7DkbFsKM1glI
IMP 735AED1002EE8FF1BE0E1DEE668E8B0D
PESHA1 25F38149D750AD699FDA991845E2BD847C664CA4
PE256 65979C4BC056293C65681DC851CC906A9743FED991A6DB5CB95C478EBF737BF7

Runtime Data

Usage (stdout):


VolumeId v2.1 - Set disk volume id
Copyright (C) 1997-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: volumeid [drive:] [Id]
 -nobanner      Do not display the startup banner and copyright message.

Id must be in the following hexadecimal format: xxxx-xxxx

Note: new NTFS volume ids will not appear in directory listings until after the
next reboot.

Loaded Modules:

Path
C:\SysinternalsSuite\Volumeid64.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 330000010A2C79AED7797BA6AC00010000010A
  • Thumbprint: 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: volumeid.exe
  • Product Name: Sysinternals VolumeId
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 2.1
  • Product Version: 2.1
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 1997-2016 Mark Russinovich
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/fb0d02ea26bb1e5df5a07147931caf1ae3d7d1d9b4d83f168b678e7f3a1c0ecd/detection/

Possible Misuse

The following table contains possible examples of Volumeid64.exe being misused. While Volumeid64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\Volumeid64.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.