streams64.exe

  • File Path: C:\SysinternalsSuite\streams64.exe
  • Description: Reveal NTFS alternate streams.

Hashes

Type Hash
MD5 FF73C9CB2FF29F0AF030224840C1C451
SHA1 62B176DE99D918AA72798314C882CDC95C16BAE9
SHA256 A243C44FE32D9AFAFB7FEC5C6DA2F133BF605563E068A95CC5043DE2D9E50257
SHA384 0E8F4726EB6AD929147E766105B663BA7FB6F90AB7087F0BA6C2DD42079C1FEDD143924F157EFDA09245C1E431B2A1E4
SHA512 0CD8D2F90AD99EC56235A94164212106B38A4F1D95D4FCB41C424CC260879C4BE1B6D5EFB355D4AD92AC5D5B015E11FD62B0F0441D88D1DEE4145BB4FC4828CB
SSDEEP 6144:zWn29Pak9YDL7B1Rn/2HHNw0Qi2Lvm6aS1Nl/DA2OooFEE1ByVFiyiZP0SdO:an4Sku2HHNw0Qi2LvqS1jDXsjdO
IMP C0D5D2F94119736B1DA483C808E6BC48
PESHA1 D836D15A2C051F6A6DAC9349BBDD826EAF5506B6
PE256 F09CBC3E77623D93412AF8B2D4B61406CA6B7ED0BA415D653DE153C9C324A483

Runtime Data

Usage (stdout):


streams v1.60 - Reveal NTFS alternate streams.
Copyright (C) 2005-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: C:\SysinternalsSuite\streams64.exe [-s] [-d] <file or directory>
-s     Recurse subdirectories
-d     Delete streams
-nobanner
       Do not display the startup banner and copyright message.

Loaded Modules:

Path
C:\SysinternalsSuite\streams64.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000187721772155940C709000000000187
  • Thumbprint: 2485A7AFA98E178CB8F30C9838346B514AEA4769
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: streams.exe
  • Product Name: Sysinternals Streams
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 1.60
  • Product Version: 1.60
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2005-2016 Mark Russinovich
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/68
  • VirusTotal Link: https://www.virustotal.com/gui/file/a243c44fe32d9afafb7fec5c6da2f133bf605563e068a95cc5043de2d9e50257/detection/

Possible Misuse

The following table contains possible examples of streams64.exe being misused. While streams64.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\streams64.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.