pipelist64.exe

  • File Path: C:\SysinternalsSuite\pipelist64.exe
  • Description: Lists open named pipes

Hashes

Type Hash
MD5 E794CA9CC2AF5F555CA573ACE7FBDE00
SHA1 9F7CD59B08E2A4F810C68745A26B633C685BD7DE
SHA256 C7C3E2E7B729891141F5A7CB172390E57072783187EDC92DB95D4B7B7FE8CC4C
SHA384 36422B4DB94959C10BCADC442E5B69375ECD8AA900EAEF53527D028713A9239BDDD342746B8C7CC953D338885E2CD2E3
SHA512 7DE6E6B81DF65DED8C2779051E5A677DE0E6DB390AE1EA3ABB5C9DEFFC3F7A3A54012C88E2573C83F4D3C83E54210126B4BC95127DD2CE4BD970EE818B77B1F1
SSDEEP 6144:EXaCBWflr+fDPiOOQ14h0WRKIqLZRto+hLhLlw7X8A0YfvaJXW7gUNBhtBxLVug:EKcCEfDkRKIqLZRto+hFl0XZH7HLl
IMP D5B082CBCA031E53C7146B44DC0A7B06
PESHA1 8D2F71049D00FFBEF530E0033993DD556E325D81
PE256 4B69DA4AE6485B94E70FC8DF91B9724E567C3F44A7CA7EBFEF838C6DABB7973B

Runtime Data

Usage (stdout):


PipeList v1.02 - Lists open named pipes
Copyright (C) 2005-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

Pipe Name                                    Instances       Max Instances
---------                                    ---------       -------------
InitShutdown                                      3               -1      
lsass                                             4               -1      
ntsvcs                                            3               -1      
scerpc                                            3               -1      
Winsock2\CatalogChangeListener-298-0              1                1      
Winsock2\CatalogChangeListener-34c-0              1                1      
epmapper                                          3               -1      
Winsock2\CatalogChangeListener-258-0              1                1      
LSM_API_service                                   3               -1      
Winsock2\CatalogChangeListener-308-0              1                1      
eventlog                                          3               -1      
Winsock2\CatalogChangeListener-428-0              1                1      
TermSrv_API_service                               3               -1      
Ctx_WinStation_API_service                        3               -1      
wkssvc                                            4               -1      
atsvc                                             3               -1      
spoolss                                           3               -1      
SessEnvPublicRpc                                  3               -1      
Winsock2\CatalogChangeListener-618-0              1                1      
Winsock2\CatalogChangeListener-3c8-0              1                1      
Winsock2\CatalogChangeListener-438-0              1                1      
trkwks                                            3               -1      
srvsvc                                            4               -1      
Winsock2\CatalogChangeListener-868-0              1                1      
Winsock2\CatalogChangeListener-284-0              1                1      
TSVCPIPE-24ab4aa6-7fe0-4229-9ebe-a6792d481794          7               -1      
PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER            1               -1      
PowerShellISEPipeName_1_66bbfac3-9929-4d37-87c5-3455013cdf68          1               -1      
PSHost.132455098211545351.676.DefaultAppDomain.powershell_ise          1                1      
efsrpc                                            3               -1      

Loaded Modules:

Path
C:\SysinternalsSuite\pipelist64.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000187721772155940C709000000000187
  • Thumbprint: 2485A7AFA98E178CB8F30C9838346B514AEA4769
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: pipelist.exe
  • Product Name: Sysinternals PipeList
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 1.02
  • Product Version: 1.02
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2005-2016 Mark Russinovich
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/c7c3e2e7b729891141f5a7cb172390e57072783187edc92db95d4b7b7fe8cc4c/detection/

Possible Misuse

The following table contains possible examples of pipelist64.exe being misused. While pipelist64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\pipelist64.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.