lsattr.exe
- File Path:
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.3\resources\app\git\usr\bin\lsattr.exe
Hashes
Type | Hash |
---|---|
MD5 | 19EAC399FA5FB55B8699DA6F30C03458 |
SHA1 | D6A25FA50E011F6B3370A98C8B420C1AB04D490E |
SHA256 | E2B21B8D9BB26630C56A3E1FF77DD014E96212E49CD637463B061FF5C7BF120A |
SHA384 | 4DFDEECA2F057C28D41C64B89E150B55CE3D89451CDA3C5BEAA05BD16FE35412A28AECA90703AE839D1FB61C8C04ED61 |
SHA512 | A8D66B8C0A380F8D33B2BA370F05C32B820D8CC58CCE4B9E8894AC41EC6CD72623FCE74EFEEE5A6AF4C08B57565FE7F983BA05AB8B27513801EC7853CAD801DE |
SSDEEP | 3072:wlCYI9zQRENfTioHsCnXNcbCojzhpK6eQgmMIpnqEjUNw66Hoq7kLYT:GCYI9ziE9TiUssojzhpamxpqEjcwxoqh |
Runtime Data
Usage (stdout):
Usage: lsattr [-RVadhln] [file]...
List file attributes
-R, --recursive recursively list attributes of directories and their
contents
-V, --version display the program version
-a, --all list all files in directories, including files that
start with '.'
-d, --directory list directories like other files, rather than listing
their contents.
-l, --long print options using long names instead of single
character abbreviations
-n, --no-headers don't print directory headers when recursing
-h, --help this help text
Supported attributes:
'r', 'Readonly': file is read-only, directory is system-marked
'h', 'Hidden': file or directory is hidden
's', 'System': file or directory that the operating system uses
'a', 'Archive': file or directory has the archive marker set
't', 'Temporary': file is being used for temporary storage
'S', 'Sparse': file is sparse
'r', 'Reparse': file or directory that has a reparse point
'c', 'Compressed': file or directory is compressed
'o', 'Offline': the data of a file is moved to offline storage
'n', 'Notindexed': file or directory is not to be indexed by the
content indexing service
'e', 'Encrypted': file is encrypted
'C', 'Casesensitive': directory is handled case sensitive
(Windows 10 1803 or later, local NTFS only,
WSL must be installed)
Usage (stderr):
lsattr: No such file or directory while trying to stat /h
Signature
- Status: Signature verified.
- Serial:
045D8F14A82147641722D4FAFC66BC80
- Thumbprint:
FB713A60A7FA79DFC03CB301CA05D4E8C1BDD431
- Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
- Subject: CN=”GitHub, Inc.”, O=”GitHub, Inc.”, L=San Francisco, S=California, C=US
File Metadata
- Original Filename:
- Product Name:
- Company Name:
- File Version:
- Product Version:
- Language:
- Legal Copyright:
File Similarity (ssdeep match)
File | Score |
---|---|
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.3\resources\app\git\usr\bin\chattr.exe | 66 |
Possible Misuse
The following table contains possible examples of lsattr.exe
being misused. While lsattr.exe
is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
Source | Source File | Example | License |
---|---|---|---|
signature-base | thor-webshells.yar | $s1 = “displaysecinfo("List of Attributes",myshellexec("lsattr -a"));” fullword ascii | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.