accesschk.exe
- File Path:
C:\SysinternalsSuite\accesschk.exe
- Description: Reports effective permissions for securable objects
Hashes
Type |
Hash |
MD5 |
2D865B8E72D49CD1D442E1F6D9BC694B |
SHA1 |
018D0E5CEC627F8C7D880D4C67D5A0D236EDD8FE |
SHA256 |
E7289B333BD82CB3B720E8BF8564C4C141BCBE2592F4CDE1DFA7DB124C964C88 |
SHA384 |
6F38906A93214A4E467A386183757E456F07BDC2B17C9459F8C31632DB4E65EB505D565EED581F3D4F150986671735EE |
SHA512 |
B44E5633C38C24C38C9BE4FCCF3A7A72F35697E9E7F7476ECC79EA8B4E2A9E0D9954A66127885D508E78F9CB3C7869211F88E1145981B969FBACF24B2B75FAEB |
SSDEEP |
6144:niOBsOLuduhzO05OX3rvjs23EYkHB9+2in1TnwFJe0I05w3il6P:nRBnLuEx583rvjs2PmYnr25bl6P |
IMP |
E325756A1C6D9DF5A7076A74F05EE8D6 |
PESHA1 |
C59E8906B305413C01E4BE35EE4DD1CF79DE04D5 |
PE256 |
E907FAB75EB7DC6F15F818B8B0197928B4EDF525FEA402B5638DAE56C1B13529 |
Runtime Data
Usage (stdout):
Accesschk v6.12 - Reports effective permissions for securable objects
Copyright (C) 2006-2017 Mark Russinovich
Sysinternals - www.sysinternals.com
usage: accesschk [-s][-e][-u][-r][-w][-n][-v]-[f <account>,...][[-a]|[-k]|[-m]|[-p [-f] [-t]]|[-h][-o [-t <object type>]][-c]|[-d]] [[[-l|-L] [-i]]|[username]] <file, directory, event log, registry key, process, service, object>
-a Name is a Windows account right. Specify '*' as the name to show all
rights assigned to a user. Note that when you specify a specific
right, only groups and accounts directly assigned the right are
displayed.
-c Name is a Windows Service e.g. ssdpsrv. Specify '*' as the
name to show all services and 'scmanager' to check the security
of the Service Control Manager.
-d Only process directories or top level key.
-e Only show explicitly set Integrity Levels (Windows Vista and
higher only).
-f If following -p, shows full process token information including
groups and privileges. Otherwise is a list of comma-separated
accounts to filter from the output.
-h Name is a file or printer share. Specify '*' as the name to show
all shares.
-i Ignore objects with only inherited ACEs when dumping full access
control lists.
-k Name is a Registry key e.g. hklm\software
-l Show full security descriptor. Add -i to ignore inherited ACEs.
Specify upper-case L to have the output format as SDDL.
-m Name is an event log (specify '*' as the name to show all event logs.
-n Show only objects that have no access.
-o Name is an object in the Object Manager namespace (default is root).
To view the contents of a directory, specify the name with a trailing
backslash or add -s. Add -t and an object type (e.g. section) to
see only objects of a specific type.
-p Name is a process name or PID e.g. cmd.exe (specify '*' as the
name to show all processes). Add -f to show full process
token information including groups and privileges. Add -t to show
threads.
-nobanner
Do not display the startup banner and copyright message.
-r Show only objects that have read access.
-s Recurse.
-t Object type filter e.g. "section"
-u Suppress errors.
-v Verbose (includes Windows Vista Integrity Level).
-w Show only objects that have write access.
If you specify a user or group name and path AccessChk will report the
effective permissions for that account; otherwise it will show the effective
access for accounts referenced in the security descriptor.
By default the path name is interpreted as a file system path (use the
"\pipe\" prefix to specify a named pipe path). For each object AccessChk
prints R if the account has read access, W for write access and nothing if
it has neither. The -v switch has AccessChk dump the specific
accesses granted to an account.
Loaded Modules:
Path |
C:\SysinternalsSuite\accesschk.exe |
C:\Windows\SYSTEM32\ntdll.dll |
C:\Windows\System32\wow64.dll |
C:\Windows\System32\wow64cpu.dll |
C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
33000001797C2E574E52E1CAD6000100000179
- Thumbprint:
5EAD300DC7E4D637948ECB0ED829A072BD152E17
- Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: accesschk.exe
- Product Name: Sysinternals AccessChk
- Company Name: Sysinternals - www.sysinternals.com
- File Version: 6.12
- Product Version: 6.12
- Language: English (United States)
- Legal Copyright: Copyright (C) 2006-2017 Mark Russinovich
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/70
- VirusTotal Link: https://www.virustotal.com/gui/file/e7289b333bd82cb3b720e8bf8564c4c141bcbe2592f4cde1dfa7db124c964c88/detection/
File Similarity (ssdeep match)
Possible Misuse
The following table contains possible examples of accesschk.exe
being misused. While accesschk.exe
is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
MIT License. Copyright (c) 2020-2021 Strontic.