du.exe

  • File Path: C:\SysinternalsSuite\du.exe
  • Description: Directory disk usage reporter

Hashes

Type Hash
MD5 6BC5E7F9E1DDA9E1ACF3BE09E08B6D2F
SHA1 08996AD4A9F1868697F71DDC1999372D22DCAE52
SHA256 6A678FCEDFBABA8F6301AAF169F98464AD858D177BA86A2C4CD00134595637B8
SHA384 158ED5687B7C44A6E9AB3C2DD2BD6F2EE776E8ACF38CA21B24B1273ED8459B282F679DA42DFDCFA59AFD8386474418A9
SHA512 62686760ED5B8FDAC2D169D3355B55293727A86763501C5DEA81710DCA111DFD1BE5AB430CEEAB9769FE254549E099118F734858729902A45D8CB304A20BA782
SSDEEP 3072:jbvOwAh3Uovw9aNHjZUFoZkx2++kQKFBxl2mZayJU3:jbzAdzmqmoiBQK435
IMP 90AB07F01670BB30B3F399BD1A4808E2
PESHA1 5B6B9D985BB52598002061F35546EAC9466E5788
PE256 762317FFBC13E3C54126F621001FE65AF5E3CD72A4AF53349934AB0C30B5768D

Runtime Data

Usage (stdout):


DU v1.61 - Directory disk usage reporter
Copyright (C) 2005-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: C:\SysinternalsSuite\du.exe [-c[t]] [-l <levels> | -n | -v] [-u] [-q] <directory>
   -c     Print output as CSV. Use -ct for tab delimiting.
          Use -nobanner to suppress banner.
   -l     Specify subdirectory depth of information (default is one level).
   -n     Do not recurse.
   -q     Quiet.
   -nobanner
          Do not display the startup banner and copyright message.
   -u     Count each instance of a hardlinked file.
   -v     Show size (in KB) of all subdirectories.

CSV output is formatted as:
Path,CurrentFileCount,CurrentFileSize,FileCount,DirectoryCount,DirectorySize,DirectorySizeOnDisk

Usage (stderr):

Processing...

Loaded Modules:

Path
C:\SysinternalsSuite\du.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001797C2E574E52E1CAD6000100000179
  • Thumbprint: 5EAD300DC7E4D637948ECB0ED829A072BD152E17
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: du.exe
  • Product Name: Sysinternals Du
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 1.61
  • Product Version: 1.61
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2005-2016 Mark Russinovich
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/6a678fcedfbaba8f6301aaf169f98464ad858d177ba86a2c4cd00134595637b8/detection/

Possible Misuse

The following table contains possible examples of du.exe being misused. While du.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\du.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.