pssuspend64.exe

  • File Path: C:\SysinternalsSuite\pssuspend64.exe
  • Description: Process Suspender

Hashes

Type Hash
MD5 FBE9E863C6E46F75BFABA674E3BA0CDA
SHA1 3DFA82B8884D2BBC7B43F6F9787DA51A38FA57B6
SHA256 E93DDD9ED564B7F6532CD5B94CDCE73067D8EBAD8A5CE9373A6F839C7050780F
SHA384 836C7DBC89FCF7CF9A6CD737A3A5451582B3947E1206DD9E366201CEA78E4DDBAC85D4149FF31E7CC70559DD13057C15
SHA512 4F28F1E891A141FB67A9666CC9AB71C1574DC7D7DFC035D6B97A32C25823EE5B0C3AF53841057EAD7980BA4FA34BE8142841B42170915224533064B0BB2E6EE7
SSDEEP 6144:L+OZ+6drT8GHRrY5I4QilZ0UvMl/RTsuzgfQWOHzgXAQ:L+OfY9lZ0+SoUO
IMP A6A32311420CEB9EF8A92CB8745DAB9A
PESHA1 82D8310392CEBF044E934D73D36BC07A70FFA019
PE256 5409597621383AECA8E4BDD26B7386C407BD98FD5D477170503B87CB40B45CEF

Runtime Data

Usage (stdout):


PsSuspend v1.07 - Process Suspender
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals

PsSuspend suspends or resumes processes on a local or remote NT system.

Usage: pssuspend [-r] [\\RemoteComputer [-u Username [-p Password]]] <process Id or name>
     -r    Resume.
     -u    Specifies optional user name for login to
           remote computer.
     -p    Specifies optional password for user name. If you omit this
           you will be prompted to enter a hidden password.
     -nobanner Do not display the startup banner and copyright message.


Loaded Modules:

Path
C:\SysinternalsSuite\pssuspend64.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 330000010A2C79AED7797BA6AC00010000010A
  • Thumbprint: 3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
  • Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: pssuspend.exe
  • Product Name: Sysinternals PsSuspend
  • Company Name: Sysinternals
  • File Version: 1.07
  • Product Version: 1.07
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2001-2016 Mark Russinovich
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/69
  • VirusTotal Link: https://www.virustotal.com/gui/file/e93ddd9ed564b7f6532cd5b94cdce73067d8ebad8a5ce9373a6f839c7050780f/detection/

Possible Misuse

The following table contains possible examples of pssuspend64.exe being misused. While pssuspend64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\pssuspend64.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.