pskill64.exe

  • File Path: C:\SysinternalsSuite\pskill64.exe
  • Description: Terminates processes on local or remote systems

Hashes

Type Hash
MD5 26EA3E520CB396587D32A7A01AA564BD
SHA1 BC2CB97F09F70BD21225232A41AF6206A62FA182
SHA256 75899C5ACE600406503A937EF550AB0BBD0F6E0188B9E93E206BEB1DFC79BB81
SHA384 06FC67910C6E603D6420D7852D9B324223907CAB01A52C20450766837924E317268DC5E27EA90A0C04138646DDEC0BB6
SHA512 512E1C3731D11D7967302E131E8C40D7DA742DA923B4FC37ED110BBB64728F01E6196E700C284AA620F8132EE0104DAA9FE0890C13818D3B58F3063A2D29A023
SSDEEP 6144:LqeWJ8xTTZUcR8MYwtj1HyhOYUTjdkSBkM7WLaDM:LqeH88wgnWLp
IMP 58AA6F8F658AD459A353E39F79F54808
PESHA1 89F0F57DC21C6D5A0FBF445FD41048E6C4C620BE
PE256 93515FA2C2F581B7E04133BBC63CE0DBFAAC4BFC124D4D4628B78ECEC5FF6258

Runtime Data

Usage (stdout):


PsKill v1.16 - Terminates processes on local or remote systems
Copyright (C) 1999-2016  Mark Russinovich
Sysinternals - www.sysinternals.com

Usage: pskill [-t] [\\computer [-u username [-p password]]] <process ID | name>
     -t    Kill the process and its descendants.
     -u    Specifies optional user name for login to
           remote computer.
     -p    Specifies optional password for user name. If you omit this
           you will be prompted to enter a hidden password.
     -nobanner Do not display the startup banner and copyright message.

Loaded Modules:

Path
C:\SysinternalsSuite\pskill64.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 330000010A2C79AED7797BA6AC00010000010A
  • Thumbprint: 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: pkill.exe
  • Product Name: Sysinternals pkill
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 1.16
  • Product Version: 1.16
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 1999-2016 Mark Russinovich
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 2/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/75899c5ace600406503a937ef550ab0bbd0f6e0188b9e93e206beb1dfc79bb81/detection/

Possible Misuse

The following table contains possible examples of pskill64.exe being misused. While pskill64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\pskill64.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.