diskext64.exe

  • File Path: C:\SysinternalsSuite\diskext64.exe
  • Description: Disk extent dumper

Hashes

Type Hash
MD5 75C6551BB9220726269B2CFEA22EF623
SHA1 286609569FDD6A61E3B5F893BE137CA8D97F7EF1
SHA256 F916C910116A497D80B443A11A10C4EC12DDFE060F29912E3C913B36FE7C4F2C
SHA384 7BAF1E210D892E482AEB685C0B9097490A508E3303AE31A23B3F64C5B47FBD1A274B88787925F233DC9033BFC2A096D6
SHA512 A4B97BD5EEC94458ADBA7CE7B4EE3CB26CF61EBD38D27EA262B26C85DCAAB0C730FE2A58A1C44C428E1EF478AA8D6DBA2097D533361E2D518D7E9666C4356BF8
SSDEEP 6144:AX2dzIDk63/SnWDSf2w/XgTxEHy3rdL4FwpcE1u8994YcBQHrDLJWhb/ogBjAaZt:42Z63C/XgTxEHy3rdM8cOp99TWR2Xe
IMP 4A4461BA7BA5D8B93AA81FFDAF51D071
PESHA1 E5036E4320041A0EB49496746126C642AC76991A
PE256 D3F8B535E599D562DB1FAB1BE181A6A1E89A7E4A3686FD7903AF43686C205357

Runtime Data

Usage (stdout):


DiskExt v1.2 - Disk extent dumper
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

diskext [drive1 [drive2] ...]
    Drive1 and drive2 are drive letters.
    Ommiting drives dumps extents for all drives.
-nobanner
    Do not display the startup banner and copyright message.


Loaded Modules:

Path
C:\SysinternalsSuite\diskext64.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000187721772155940C709000000000187
  • Thumbprint: 2485A7AFA98E178CB8F30C9838346B514AEA4769
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: diskext.exe
  • Product Name: Sysinternals diskextent
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 1.2
  • Product Version: 1.2
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2001-2016 Mark Russinovich
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/f916c910116a497d80b443a11a10c4ec12ddfe060f29912e3c913b36fe7c4f2c/detection/

Possible Misuse

The following table contains possible examples of diskext64.exe being misused. While diskext64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\diskext64.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.