ntfsinfo.exe

  • File Path: C:\SysinternalsSuite\ntfsinfo.exe
  • Description: NTFS Information Dump

Hashes

Type Hash
MD5 8F5C0A6E54D4590B803EFF01BE0394C1
SHA1 D6ED4287B278C9325924054E4C83EBAA884587CA
SHA256 A0D29465C4EF4B6C7E146545B50228E5C08AB8888980577F907058757BDAE6DE
SHA384 6DA5967E2C6F56AF694179686150779BD4930A6EDE833E768792AC82DD5B0566ADD70189FCCFAD83F2875726102A88DB
SHA512 83B61A3C725E230913FE089C76B50CBCCE7A933A20857DA9C0D9467161FF80C5108040175CBA90105E7852983D9391074A3445B756518540A6F39A19C51BC607
SSDEEP 3072:LTA1oiyclh4NWZUFy13JwjhwDmBc6hZ/Eg:OyuKbycWa
IMP 2115F05A06B763DCDD0A46576982562E
PESHA1 E4BD67F452D37DED4C45F712558A258018B982BA
PE256 9DA4631C3AAAA12BCB69B67D23A5F3BCEA1A18D1389A632814C29D5435C47BED

Runtime Data

Usage (stdout):


NtfsInfo v1.2 - NTFS Information Dump
Copyright (C) 2005-2016 Mark Russinovich
Sysinternals - www.sysinternals.com


Volume Size
-----------
Volume size            : 40830 MB
Total sectors          : 83621854
Total clusters         : 10452731
Free clusters          : 9807053
Free space             : 38308 MB (93% of drive)

Allocation Size
----------------
Bytes per sector       : 512
Bytes per cluster      : 4096
Bytes per MFT record   : 0
Clusters per MFT record: 0

MFT Information
---------------
MFT size               : 8 MB (0% of drive)
MFT start cluster      : 786432
MFT zone clusters      : 786496 - 837696
MFT zone size          : 200 MB (0% of drive)
MFT mirror start       : 2

Meta-Data files
---------------

Loaded Modules:

Path
C:\SysinternalsSuite\ntfsinfo.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 330000010A2C79AED7797BA6AC00010000010A
  • Thumbprint: 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: NtfsInfo.exe
  • Product Name: Sysinternals NtfsInfo
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 1.2
  • Product Version: 1.2
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2005-2016 Mark Russinovich
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/66
  • VirusTotal Link: https://www.virustotal.com/gui/file/a0d29465c4ef4b6c7e146545b50228e5c08ab8888980577f907058757bdae6de/detection/

Possible Misuse

The following table contains possible examples of ntfsinfo.exe being misused. While ntfsinfo.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\ntfsinfo.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.