ntfsinfo64.exe

  • File Path: C:\SysinternalsSuite\ntfsinfo64.exe
  • Description: NTFS Information Dump

Hashes

Type Hash
MD5 C2562DE6FAD25D0529B1FEEF5B15E43F
SHA1 BCED2F1B3B55D319A13A2BFA7B545761E593E971
SHA256 E2837BE10257EE5B1441C7056AA5F92C46FB5AC24D1E4E00FFC0A2D1CFE637BC
SHA384 0961E9543C13A021F56A9AF8B93F7942FB41A0D519579109ED23D22B67183F73622381BC9FE8A261D8569DE959640E93
SHA512 A8E0AC3C84BA76B5BE69D7AED4BCFC5EAFF79757AEA86D4AFF2F4F23574AF8BA14522DD4A80C5FFADF924D9CF98566DCD4AD591B07F691E0DA3235493827B929
SSDEEP 3072:Nz7jCUH0ge+XIr4/WTpGb5GZI8e5UFi9bFF2wDmASGQpHlEJ:57OUHde4eTpGsmMiPkq
IMP 802BA2269625BE056D6E4870E3B6D3FF
PESHA1 312E8BF04FA298DF7745C508ED0CD4AB42B7E170
PE256 E6C3E48C282D432C2EF1C9474CF7647CF17730FE881EB7B9FDC08C52BB1D98AF

Runtime Data

Usage (stdout):


NtfsInfo v1.2 - NTFS Information Dump
Copyright (C) 2005-2016 Mark Russinovich
Sysinternals - www.sysinternals.com


Volume Size
-----------
Volume size            : 40830 MB
Total sectors          : 83621854
Total clusters         : 10452731
Free clusters          : 9807053
Free space             : 38308 MB (93% of drive)

Allocation Size
----------------
Bytes per sector       : 512
Bytes per cluster      : 4096
Bytes per MFT record   : 0
Clusters per MFT record: 0

MFT Information
---------------
MFT size               : 8 MB (0% of drive)
MFT start cluster      : 786432
MFT zone clusters      : 786496 - 837696
MFT zone size          : 200 MB (0% of drive)
MFT mirror start       : 2

Meta-Data files
---------------

Loaded Modules:

Path
C:\SysinternalsSuite\ntfsinfo64.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 330000010A2C79AED7797BA6AC00010000010A
  • Thumbprint: 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: NtfsInfo.exe
  • Product Name: Sysinternals NtfsInfo
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 1.2
  • Product Version: 1.2
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2005-2016 Mark Russinovich
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/e2837be10257ee5b1441c7056aa5f92c46fb5ac24d1e4e00ffc0a2d1cfe637bc/detection/

Possible Misuse

The following table contains possible examples of ntfsinfo64.exe being misused. While ntfsinfo64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\ntfsinfo64.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.