pskill.exe

  • File Path: C:\SysinternalsSuite\pskill.exe
  • Description: Terminates processes on local or remote systems

Hashes

Type Hash
MD5 8C1772C2D124E80526642BE3FBD2E8F3
SHA1 5368CB7A466D559EB74C53040F719D823CBE4DFC
SHA256 546EC58D0134EA64611E12D7E3A867793E8CB6145AC18745349408A60FC2FABE
SHA384 079B66C5A97FC35FE14CE53C26EF7E426D66A8CF7B30D6F369F03C4D27704A885774072FE097A500AC32AE8EFD4968C2
SHA512 422D53F5766F0F714B8DA4D055D2E76336D1D63FFB3CABF5140DF155C408A2356AFD5D0AC504435048C9E4EF629285225CFE0112AAD1B8DC371B0EDE49245CD3
SSDEEP 3072:F5AT1lpufAVpQwKZwJpqxZUFYvrsjHwDmrs9bOUdxBrc7GrZUFwl4rGORWrLzP2X:3AbpK+YD80/EbUnO43osd6oS
IMP A8C218C69DD393F127B4651B34AD9B66
PESHA1 BB66D5AC3753B6D8F2374024BE7142095B50A03F
PE256 FEEDF19CF1E4F2B34459B46289E431A6497607FF4A2DF45ED95F894CCF175CBC

Runtime Data

Usage (stdout):


PsKill v1.16 - Terminates processes on local or remote systems
Copyright (C) 1999-2016  Mark Russinovich
Sysinternals - www.sysinternals.com

Usage: pskill [-t] [\\computer [-u username [-p password]]] <process ID | name>
     -t    Kill the process and its descendants.
     -u    Specifies optional user name for login to
           remote computer.
     -p    Specifies optional password for user name. If you omit this
           you will be prompted to enter a hidden password.
     -nobanner Do not display the startup banner and copyright message.

Loaded Modules:

Path
C:\SysinternalsSuite\pskill.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 330000010A2C79AED7797BA6AC00010000010A
  • Thumbprint: 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: pkill.exe
  • Product Name: Sysinternals pkill
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 1.16
  • Product Version: 1.16
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 1999-2016 Mark Russinovich
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 2/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/546ec58d0134ea64611e12d7e3a867793e8cb6145ac18745349408a60fc2fabe/detection/

Possible Misuse

The following table contains possible examples of pskill.exe being misused. While pskill.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\pskill.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.