sync.exe

  • File Path: C:\SysinternalsSuite\sync.exe
  • Description: Flush cached data to disk.

Hashes

Type Hash
MD5 8A13A3E311E2B4EAF8EBE26CA2349A0E
SHA1 0CFF0598EAEFDE1783370CCE39C7A7308BB4786C
SHA256 2CD0A14D50EC5C989627DF57CAFB78F0C43D7BFBCDA1D59F2199E5D6CE053ECD
SHA384 2F4695A27AEB1992E5C7C2584504175B42FF984DBDFB6A11A0C0569E4498D52C394B360FB9CAF232E761D8606C7E59A2
SHA512 CF5B33E6B33D8292B9092D8412957A88153D2F360A65374A2C60C5D90B04C8E23DBD724FED5959E00E70D586BD83A355A2B8DD36DDDDD08C9ECC42CA6CBC5AFE
SSDEEP 6144:NzgiRI26UuxpoPAgAatkZ74JpDwiTZVlPzQ/fsx:NzVRiUuxpoogVtkZ7486dsHsx
IMP AF94C5E77B726CC4352DA35DEBB2E184
PESHA1 AE1DB7ED05EA202447591A49C138D9A4CDC531F3
PE256 7D5AE0242EA9026DDB94144B65B7E65D99416C094A0D4C755EC7EEDE09030120

Runtime Data

Usage (stdout):


Sync v2.2 - Flush cached data to disk.
Copyright (C) 2016 Mark Russinovich
Sysinternals - www.sysinternals.com


usage: sync [-r | drive letters]
   -r   Flush removeable media.
   -e   Eject removeable media.
   -nobanner
       Do not display the startup banner and copyright message.

Specifying explicit drive letters will flush only those drives.


Loaded Modules:

Path
C:\SysinternalsSuite\sync.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000187721772155940C709000000000187
  • Thumbprint: 2485A7AFA98E178CB8F30C9838346B514AEA4769
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Sync.exe
  • Product Name: Sysinternals Sync
  • Company Name: Sysinternals - www.sysinternals.com
  • File Version: 2.2
  • Product Version: 2.2
  • Language: English (United States)
  • Legal Copyright: Copyright (C) 2016 Mark Russinovich
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/2cd0a14d50ec5c989627df57cafb78f0c43d7bfbcda1d59f2199e5d6ce053ecd/detection/

Possible Misuse

The following table contains possible examples of sync.exe being misused. While sync.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_false_sysinternalsuite.yml - '\sync.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.