diskext.exe

  • File Path: C:\SysinternalsSuite\diskext.exe
  • Description: Disk extent dumper

Hashes

Type Hash
MD5 A1C53A76195FEC5C6355727A013F1D18
SHA1 08C46DC5ACC20C7130063830C72A9D4975ABB098
SHA256 21AC7976DB678484DC7823E58D5200AABB01DF3556BE54D7DBDB5427D7B87CCD
SHA384 6191418BBF34AFC4286C1DF4F003FF635CD9200DC003525603E36A584146749CDC67F8B4A3F1B677AD1530DFB1598246
SHA512 923C9C2A67EC6E5BE9A211F703513D22DFCCE06AA03B02BB709D10A9E9C9AAB7DCB39E9051DF490C95A5461116C9D7DC1C9C8FE11B25777427B424480552DD95
SSDEEP 6144:K/5XNZtQ+XwSJCqJlEi0G6kSAGLXHXgFRWERxDc3OUK:aN3Q+XwkCElEe6kSjWrU
IMP 5C8C52D61BD68EF4EE11440C7570000C
PESHA1 0BD6F87767397FB45A09306776ABA1FB3A39F3BD
PE256 3E9A7AB665DF6A191F93226DB2F9F9ED3477870805F94A407841FE6D273BF0AA

Runtime Data

Usage (stdout):


DiskExt v1.2 - Disk extent dumper
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

diskext [drive1 [drive2] ...]
    Drive1 and drive2 are drive letters.
    Ommiting drives dumps extents for all drives.
-nobanner
    Do not display the startup banner and copyright message.

Loaded Modules:

Path
C:\SysinternalsSuite\diskext.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000187721772155940C709000000000187
  • Thumbprint: 2485A7AFA98E178CB8F30C9838346B514AEA4769
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: diskext.exe
  • Product Name: Sysinternals diskextent
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 1.2
  • Product Version: 1.2
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2001-2016 Mark Russinovich
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/21ac7976db678484dc7823e58d5200aabb01df3556be54d7dbdb5427d7b87ccd/detection/

Possible Misuse

The following table contains possible examples of diskext.exe being misused. While diskext.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\diskext.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.