du64.exe

  • File Path: C:\SysinternalsSuite\du64.exe
  • Description: Directory disk usage reporter

Hashes

Type Hash
MD5 AE61CA4CF1939295F278844B90B877ED
SHA1 E2840EC54A26F5D22FC98CCF47254627B6DA2212
SHA256 599890106C98A11E3493101BC33928792742494EA4A120401C78720152F9D1D9
SHA384 B61BA5349A64B31F59FBD6ADF62887787AAD8FE43BEF8B0E89ABF9D2D84CB14A1E29A9BA3FFE613E5D76AA5CFDE7E1B7
SHA512 EE00FAECA3861E50BE4974D45B4ABFB54EA7A258B6689A8C47F9CC4BD116AEA27CB328231CEC5F83A39A1FDF57876827416CE030DE1605900D9024D7CA2D8A8D
SSDEEP 3072:7Xe0HNl3Z35Bp5pfT27fTPjg8S+f6b5UFejXWH+25N8nABxtlGxY+A:ze0Hb39p5p67fT7RS+1eahr5
IMP FD11D93FA510C776AF465DAD339AB887
PESHA1 D240C5A43096AD955558EDDBCC42C5968B30233A
PE256 66DF56E9B0D54EB5F59E9210A0FC07ED00A9654248019025F232CB84DB45E840

Runtime Data

Usage (stdout):


DU v1.61 - Directory disk usage reporter
Copyright (C) 2005-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: C:\SysinternalsSuite\du64.exe [-c[t]] [-l <levels> | -n | -v] [-u] [-q] <directory>
   -c     Print output as CSV. Use -ct for tab delimiting.
          Use -nobanner to suppress banner.
   -l     Specify subdirectory depth of information (default is one level).
   -n     Do not recurse.
   -q     Quiet.
   -nobanner
          Do not display the startup banner and copyright message.
   -u     Count each instance of a hardlinked file.
   -v     Show size (in KB) of all subdirectories.

CSV output is formatted as:
Path,CurrentFileCount,CurrentFileSize,FileCount,DirectoryCount,DirectorySize,DirectorySizeOnDisk

Usage (stderr):

Processing...

Loaded Modules:

Path
C:\SysinternalsSuite\du64.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001797C2E574E52E1CAD6000100000179
  • Thumbprint: 5EAD300DC7E4D637948ECB0ED829A072BD152E17
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: du.exe
  • Product Name: Sysinternals Du
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 1.61
  • Product Version: 1.61
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2005-2016 Mark Russinovich
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/599890106c98a11e3493101bc33928792742494ea4a120401c78720152f9d1d9/detection/

Possible Misuse

The following table contains possible examples of du64.exe being misused. While du64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\du64.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.