pssuspend.exe

  • File Path: C:\SysinternalsSuite\pssuspend.exe
  • Description: Process Suspender

Hashes

Type Hash
MD5 DF3D77D41EF28027B3069D39F9EE9C79
SHA1 0DFCF31AD455ABD48D35B0250B5B03265052FBA6
SHA256 02EC8C37DD946A2CD74673993C2108F12FFF3E82019A1590231C4205CCB2F0D4
SHA384 47307683DC742244B914E4CA9821568FEA77F888F2A3FEC9456A3E5060EC7F97EE881DB13E54EEDD3212B776CAA3CC9B
SHA512 FF9168421EA2E0B56ECE4DF777B1FA3605CBB4AC81D1C81CF2491A5C197BAF67C47BA4D1D767C5C272A8F3CFA46B169234D19B98671FF6AD8F7A092F51E9378D
SSDEEP 3072:K/kvkbvka2pVtwouW9+DZUFIPcpGwDmXsBvpRyAHa0MiZUFw/oPACa337yGTkSEh:K/CkboR5INUR94GhnO6g1Co/
IMP 6E9A261F58F47D82FB85893416A0D9B3
PESHA1 DAFF952FB36E60F334521E118F3A2998D8AB9C2D
PE256 F39BB42710DB502647201A2ACDC05233F07C404845DB63E5A28988E00DF25CC0

Runtime Data

Usage (stdout):


PsSuspend v1.07 - Process Suspender
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals

PsSuspend suspends or resumes processes on a local or remote NT system.

Usage: pssuspend [-r] [\\RemoteComputer [-u Username [-p Password]]] <process Id or name>
     -r    Resume.
     -u    Specifies optional user name for login to
           remote computer.
     -p    Specifies optional password for user name. If you omit this
           you will be prompted to enter a hidden password.
     -nobanner Do not display the startup banner and copyright message.


Loaded Modules:

Path
C:\SysinternalsSuite\pssuspend.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 330000010A2C79AED7797BA6AC00010000010A
  • Thumbprint: 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: pssuspend.exe
  • Product Name: Sysinternals PsSuspend
  • Company Name: Sysinternals
  • File Version: 1.07
  • Product Version: 1.07
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2001-2016 Mark Russinovich
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/02ec8c37dd946a2cd74673993c2108f12fff3e82019a1590231c4205ccb2f0d4/detection/

Possible Misuse

The following table contains possible examples of pssuspend.exe being misused. While pssuspend.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\pssuspend.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.